This document sets out the data retention policies of Verifi Identity Service Limited (“Verifi”) in respect of information received from a Reporting Entity (“Reporting Entity”), customers (“Customers”) of a Reporting Entity and from verification data providers (“Data Providers”) in order to electronically verify the identity of the customer.
Verifi will obtain information from Data Providers in accordance with Verifi’s agreement with the Data Providers. Verifi will use this data to verify the information provided by a Customer. Subsequent to the verification process, Verifi will not retain any data provided by the Data Provider unless authorised to do so by the Data Provider.
Verifi will collect information from Customers on behalf of Reporting Entities. Verifi may use this information to query Data Providers and verify the information against data provided by Data Providers. The comparison may be done by Verifi or the Data Provider.
Verifi will provide a copy of the information obtained from a Customer on behalf of a Reporting Entity to the Reporting Entity as part of the identity verification report.
Verifi will retain information collected from Customers for a period of 7 business days for auditing and error checking purposes. Following this 7-day period, Verifi will automatically and securely remove the data from its systems.
Verifi will collect Customer information from Reporting Entities. Verifi may use this information to query Data Providers and verify the information against data provided by Data Providers. The comparison may be done by Verifi or the Data Provider.
Verifi will retain information collected from the Reporting Entity for a period of 7 days for auditing and error checking purposes. Following this 7-day period, Verifi will automatically and securely remove the data from its systems.
The Privacy Act 1993 (Act) controls how “agencies” collect, use, disclose, store and give access to personal information. Personal information is information about identifiable, living people. The Act includes 12 Privacy Principles (PPs) regulating the collection, security, storage, use and disclosure of personal information. These principles represent the minimum standards of privacy protection policy that must be adopted.
The provisions in the Act apply to ‘agencies’.
Verifi Identity Services Limited (“Verifi”) is considered an agency for the purposes of the Act as it will collect personal information from customers whose identity is being verified by a reporting entity using Verifi’s services.
The Act protects personal information. This is information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from the information. Personal information includes credit card details, information gathered on websites and mobile telephone numbers linked to user names and mailing lists.
There are 12 PPs set out in the Act. They set the baseline standards for privacy protection.
The following is a brief outline of the PPs. Details about each PP is set out below.
Principle 1, Principle 2, Principle 3 and Principle 4 govern the collection of personal information. This includes the reasons why personal information may be collected, where it may be collected from, and how it is collected.
Principle 5 governs the way personal information is stored. It is designed to protect personal information from unauthorised use or disclosure.
Principle 6 gives individuals the right to access information about themselves.
Principle 7 gives individuals the right to correct information about themselves.
Principle 8 and Principle 9, Principle 10 and Principle 11 place restrictions on how people and organisations can use or disclose personal information. These include ensuring information is accurate and up-to-date, and that it isn’t improperly disclosed.
Principle 12 governs how “unique identifiers” – such as IRD numbers, bank client numbers, driver’s licence and passport numbers – can be used.
Verifi as an agency must not collect personal information unless:
Verifi must collect the information directly from the individual concerned. There are a number of exemptions to this requirement, e.g. where the information is publicly available, or the individual concerned has authorised Verifi to collect the information from a third party.
Where Verifi collects personal information directly from the individual concerned, Verifi should take such steps as are, in the circumstances, reasonable to ensure that the individual concerned is aware of—
Personal information shall not be collected by Verifi:
Verifi must ensure—
Verifi must provide individuals with access to and a copy of their personal information on request. This includes information collected from third parties, information received unsolicited and subsequently kept in records held, and opinions recorded about an individual.
Verifi must also incorporate processes for the correction of information on the request of an individual or if there is some disagreement as to the correction, allow a statement to be associated with the information noting that the individual desires a correction.
Verifi may not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date, complete, relevant, and not misleading.
Verifi should not keep information for longer than is required for the purposes for which the information may lawfully be used.
Where Verifi holds personal information that was obtained in connection with one purpose it shall not use the information for any other purpose except in the circumstances set out in the Act.
Where Verifi holds personal information it shall not disclose the information to a person or body or agency except in the circumstances set out in the Act.
Verifi shall not assign a unique identifier to an individual unless the assignment of that identifier is necessary to carry out any one or more of its functions efficiently.
Verifi shall not assign to an individual a unique identifier that, to that agency's knowledge, has been assigned to that individual by another agency, unless Verifi and the other agency are associated persons.
Where Verifi assigns unique identifiers to individuals it shall take all reasonable steps to ensure that unique identifiers are assigned only to individuals whose identity is clearly established.
Verifi shall not require an individual to disclose any unique identifier assigned to that individual unless the disclosure is for one of the purposes in connection with which that unique identifier was assigned or for a purpose that is directly related to one of those purposes.
The Act requires every agency to have a privacy officer whose responsibilities include:
The board of Verifi may at its absolute discretion appoint or employ any person to be the Privacy Officer of the company. The Privacy Officer would be the first point of contact in Verifi when privacy issues arise either internally or externally.
Until determined otherwise by the board, the General Counsel of Verifi is appointed as the Privacy Officer.
Verifi will review this policy annually and will update it, when required, between review dates to reflect legislative or regulatory changes.
This policy is supported by further procedures and operational arrangements.
The policy will be communicated to all new members of staff by during induction training sessions.
A breach of this policy will be considered as professional misconduct and will be liable for disciplinary penalties. This could potentially include immediate dismissal and legal action.
This Privacy Statement explains how the Verifi Identity Services Limited (“Verifi”) collects, maintains, uses and discloses your personal information. It also provides some detail about the rights that customers have in respect of their personal information.Personal Information
You provide Verifi with your personal information when you ask for information about Verifi’s services, when you access and use this and other Verifi websites and/or when you use a Verifi service to verify your identity. When verifying your identity, Verifi may also collect information about you from publicly available sources such as company registers.
If you give us personal information about another person, you represent that you are authorised to do so and agree to inform that person who we are, that we will use and disclose that information for the relevant purposes set out below and that they can access the information we hold about them.
Verifi maintains records of all transactions made through the identity verification process, including the sources used to verify your identity and whether the verification was successful. In addition, information may be retained in accordance with our data retention policy.
We collect information to identify and verify you. Your personal information will be treated strictly in accordance with the Privacy Principles in the Privacy Act 1993. In addition, Verifi’s current policies require us to discard your personal information within a specified timeframe following the identity verification transaction.
In using our services you authorize us to pass on any personal information that you provide to us to the reporting entity who is using, or who has referred you to use, our identity verification service.Verifi Websites – Statistical Information and Cookies
We collect statistical information about visitors to our websites such as the number of visitors, pages viewed, types of transactions conducted, time online and documents downloaded. This information is used to evaluate and improve the performance of our websites. Other than statistical information, we do not collect any information about you through our website unless you provide the information to us.
When cookies are used on our websites, they are used to collect the statistical information referred to above in addition to allowing you to access your account online. When you access your account on-line a cookie will be created which uniquely identifies your computer and your username and password. This means that you do not have to re-enter those details each time you want to access your account online.
Most internet browsers are set up to accept cookies. If you do not wish to receive cookies, you may be able to change the settings of your browser to refuse all cookies or to have your computer notify you each time a cookie is sent to it, and thereby give yourself the choice whether to accept it or not. If you reject all cookies, you will be unable to access your account online. You can also delete cookies from your computer after they have been created.Use of the Information by Verifi
The information requested in any identity verification transaction initiated by customers is required to enable us to provide a service to you and the reporting entity whom you are establishing a relationship with. That information, together with the information collected and maintained by Verifi during the identity verification process, is used to provide the services to you and to audit the success of any such services.Verifi may disclose your personal information to:
Verifi takes all reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure.
What are your rights?
You need not give us any of the personal information requested by Verifi. However, without that information Verifi will not be able to verify your identity to provide you with any other services, information or assistance you have sought.
Should you have any questions or complaint about your privacy, please contact us. If a complaint is not resolved by Verifi to your satisfaction, you may complain to the Privacy Commissioner.
Access to Information by Customers
Customers can gain access to any information Verifi holds about them by emailing . We will process your request usually within 14 days. If your request is complex, more time may be needed in which case we will advise you of the extra time required.
There is no fee for requesting access to your information, although Verifi may charge you the reasonable cost of processing your request.
In some circumstances the law may allow Verifi to deny you access. In such a case we will explain to you the reason for refusing access.
Correction of Information
You may ask us at any time to correct personal information held by Verifi about you, and which you believe is inaccurate. Should we disagree with you as to the accuracy of the information, you may request that we attach a statement to that information noting that you consider it inaccurate or incomplete.
By accessing this website or by submitting an application to verify your identity, you consent to Verifi collecting, maintaining, using and disclosing personal information about you and provided by you or by another person as described above.
Amendments to this Privacy Statement
Verifi may make changes to this Privacy Statement from time to time for any reason. This Privacy Statement is dated 29 July 2019.