Date: 23 October 2023
1 Introduction and applicability
ConnectID Pty Ltd (we, us or our) understands that privacy is important. This policy sets out how we handle personal information in respect of our operation and governance of the “ConnectID” digital identity platform (ConnectID) and the ConnectID website accessible at www.connectid.com.au.
ConnectID facilitates third party “Data Providers” (such as banks, utility providers or government entities) to share identity information with “Relying Parties” (such as e-commerce retailers or other service providers) where the relevant individual has consented to that sharing of identity information.
2 Collection of personal information in respect of ConnectID
2.1 Entity Users
The personal information we collect in respect of ConnectID is primarily information of or about staff or personnel of organisations who are accredited Participants in ConnectID, that is, Data Providers and Relying Parties (ie Entity Users).
If you are an Entity User, we may collect personal information about you when we deal with each other in connection with ConnectID, including when:
- you register or apply for access to any part of ConnectID;
- you access or use any part of ConnectID;
- you visit the ConnectID website or other websites operated or provided by us;
- you subscribe to our mailing list;
- you communicate with us by any method, such as telephone, email, messaging systems, collaboration or project management tools or in person; or
- you communicate with other Participants or Users through ConnectID,
and otherwise as notified to you from time to time, including in any collection notice.
2.2 General public using our website
In addition to Entity Users, we may also collect information about individuals who visit our website, such as when you complete the website contact form or create an account.
2.3 Information collected
The type of personal information we collect varies depending on the nature of your interaction with us, but may, for example, include your name, business contact details (including email, phone number and address), as well as login and access credentials. We also collect information about your access and use of ConnectID and/or the ConnectID website, as referred to further below.
If you are a sole trader seeking participation in ConnectID, we may also collect other information about you and your business, including billing and bank account details and information relating to you and your business' background and eligibility to participate in ConnectID.
In addition to Entity Users, as part of our governance of ConnectID and accreditation of Participants, we may collect information about other employees, directors and officers of organisations who are Participants in ConnectID. This information may include information in connection with beneficial ownership, sanctions, “Politically Exposed Persons” (PEP) and “Foreign Account Tax Compliance Act (FACTA) and criminal record checks. In some instances, this may include sensitive information, such as information regarding political associations, professional associations or criminal records. You consent to these collections.
In this instance, and also on other occasions including when we require your contact details in connection with the operation of the service, we may collect information about you from a third party, including from your colleagues, from other Participants in ConnectID, from publicly available sources (such as business social media services, like LinkedIn) or from service providers and contractors that perform services for us in connection with our business.
Similarly, where you provide us information about another individual, we rely on you to inform that individual that you are providing their personal information to us and to advise them that they can view this policy via our website to see how we handle their information (refer to our contact details below).
We may combine information that we hold about you with other information collected from or held by others (including our related entities, service providers and contractors). We do so as part of our normal business operations.
We generally do not permit people to deal with us anonymously or using a pseudonym other. If you do not provide us with your personal information, we may not be able to deal with you.
3 Our platform and website
ConnectID and the ConnectID website may automatically collect information when you access or use any part of the ConnectID platform or website, including:
- your IP address;
- the date, time and duration of your access;
- the parts of the ConnectID platform or website that you accessed;
- your actions on the ConnectID platform or website and associated navigation patterns; and
- the system you are using to access the ConnectID platform or website.
Most browsers and systems are set by default to accept Cookies. However, if you do not wish to receive any Cookies you may set your browser to either prompt you whether you wish to accept Cookies on a particular site, or by default reject Cookies.
Please note that rejecting Cookies may mean that some or all of the functions on our websites may not be available to you.
We may also collect information about your use of our website and ConnectID, including by using third party services, such as Google Analytics. For further information about how Google Analytics works please refer to the following link “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/).
4 The purposes for which we collect, hold, use and disclose your personal information
We collect, hold, use and disclose your personal information for the purposes of carrying out our functions and activities, including:
- administration, operation and governance of ConnectID, the ConnectID website and related products and services, including discharge of our and our related bodies corporate’s powers and responsibilities in relation to the same;
- to assess your or your related or your entity’s eligibility or suitability to participate in ConnectID;
- fraud detection and risk management;
- monitoring and assessing compliance by you and your entity with the rules and requirements governing participation in ConnectID;
- verification of your identity or to authenticate you to access ConnectID, the ConnectID website or related products or services;
- providing you or your entity with documents and information relevant to your or your entity’s participation in the ConnectID;
- providing you or your entity with information about, or delivery of, our products or services or such services ancillary to or necessary for those products or services;
- providing you or your entity with information promoting our products and services, if you or your entity chooses to receive that information, such as by subscribing to our mailing or contact lists;
- administration of our business, including business analytics, record keeping or similar purposes;
- to meet any obligations or exercise any rights we or our related bodies corporate have under law or the “Trusted Digital Identity Framework” administered by the federal government;
- statistical or other analytical or research purposes, including for product development and enhancement; and
- maintenance and development of business systems and infrastructure, including monitoring performance, testing and upgrading of these systems,
(each a Purpose). For clarity, references to “your entity” are references to the entity at which you are engaged or employed where you are a User of ConnectID.
The Purposes outlined above are in addition to any purposes for which the relevant personal information was collected, including as may be set out in any collection statement, for related purposes which we consider come within your expectations or are contemplated by this policy, purposes which you otherwise consent, and purposes as otherwise permitted or required by law.
5 Sharing your personal information
We may disclose your personal information to other entities within our corporate group in the context of our shared or related interests, activities and operations.
We may disclose information to third party service providers, who help us or entities in our corporate group to conduct business. Such third party service providers may include technology providers, for example those who host or provide services in respect of ConnectID or the ConnectID website, and insurance providers. Where information is shared with these third parties, we require that such third parties observe the confidential nature of such information and are prohibited from using any or all of this information beyond what we permit them to do.
Some of our third party related service providers including our hosting providers are located overseas. Given the number of third party service providers, it is not practical to list all of the countries in which they are located, however parts of ConnectID are hosted in Singapore and are supported from the United Kingdom, and your personal information may be disclosed to and stored in those locations in connection with our interactions those third parties and related entities. These hosting service providers include Amazon Web Services and Raidiam Services Ltd.
We may also disclose your personal information:
- to other third parties as consented to by you or as permitted or required by law or in response to a lawful request by any government, regulatory body or enforcement agency;
- to other Participants in ConnectID;
- in connection with the investigation of a potential unlawful activity; and
- to entities involved in connection with a potential or actual corporate merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets, or other corporate change requiring the transfer of assets, including during the course of any due diligence process, to the purchaser or surviving entity.
6 Accessing and correcting your personal information
You can request access to the personal information we hold in a record about you. Your request must be in writing and we may ask for proof of identity. We may charge a fee for the staff time and any expenses incurred to respond to your request and provide the requested information to you. If it is not possible for us to provide you with access as requested, we will let you know.
If you think that any personal information we hold about you is not accurate, complete or up-to- date, you may ask us to amend your details. We will take reasonable steps to amend your personal information as you direct, unless we reasonably consider that your information is already accurate, complete and up-to-date, in which case we will let you know.
7 Protecting your personal information
We understand the need to protect your personal information. We have put in place security measures designed to protect your personal information from misuse or loss, and from unauthorised access, modification or disclosure. This includes the use of technologies and processes such as access control procedures, network firewalls and physical security to protect the privacy of your personal information. We also require any service providers to whom we disclose your information for storage to also implement various security controls.
We primarily store information with reputable third-party data storage and hosting providers in Australia and Singapore.
8 Change of policy
9 Contact information
If you have any queries or complaints with regards to our handling of your personal information, please contact us by writing to our Privacy Officer at Level 1, 255 George St, Sydney NSW 2000 or by email at email@example.com.
If you make a complaint, we will endeavour to respond to it as soon as possible. If you are dissatisfied with our response, you have the right to make a complaint to the Office of the Australian Information Commissioner by phoning 1300 363 992 or by emailing firstname.lastname@example.org.