Skip to Content Skip to Navigation
FAQs & Contact

Date: 4 December 2023

1 Introduction and applicability

ConnectID Pty Ltd (we, us or our) understands that privacy is important. This policy sets out how we handle personal information in respect of our operation and governance of the “ConnectID” digital identity platform (ConnectID) and the ConnectID website accessible at www.connectid.com.au.

ConnectID facilitates third party “Data Providers” (such as banks, utility providers or government entities) to share identity information with “Relying Parties” (such as e-commerce retailers or other service providers) where the relevant individual has consented to that sharing of identity information.

Importantly, this transfer occurs directly between the relevant Data Provider and Relying Party, and we do not access nor handle the shared identity information. Further, each Data Provider and Relying Party are required under the rules that govern their participation in ConnectID to have their own privacy policy that applies to their participation in ConnectID.

Consequently, this privacy policy does not apply in respect of any Data Provider’s or Relying Party’s handling of personal information, including any shared identity information.  Please refer to the websites of relevant Data Providers or Relying Parties for their privacy policies which will explain how they handle your personal information in connection with ConnectID.

Further, we note that this privacy policy does not apply in relation to our general business, organisational or administrative activities, such as recruitment, employee and supplier activities and our handling of associated personal information. Instead, the Australia Payments Plus privacy policy available at https://www.auspayplus.com.au/privacy-policy applies to these activities.

2  Collection of personal information in respect of ConnectID

2.1         Entity Users

The personal information we collect in respect of ConnectID is primarily information of or about staff or personnel of organisations who are accredited Participants in ConnectID, that is, Data Providers and Relying Parties (ie Entity Users).

If you are an Entity User, we may collect personal information about you when we deal with each other in connection with ConnectID, including when:

  • you register or apply for access to any part of ConnectID;
  • you access or use any part of ConnectID;
  • you visit the ConnectID website or other websites operated or provided by us;
  • you subscribe to our mailing list;
  • you communicate with us by any method, such as telephone, email, messaging systems, collaboration or project management tools or in person; or
  • you communicate with other Participants or Users through ConnectID,

and otherwise as notified to you from time to time, including in any collection notice.

2.2         General public using our website

In addition to Entity Users, we may also collect information about individuals who visit our website, such as when you complete the website contact form or create an account.

2.3         Information collected

The type of personal information we collect varies depending on the nature of your interaction with us, but may, for example, include your name, business contact details (including email, phone number and address), as well as login and access credentials. We also collect information about your access and use of ConnectID and/or the ConnectID website, as referred to further below.

If you are a sole trader seeking participation in ConnectID, we may also collect other information about you and your business, including billing and bank account details and information relating to your and your business’ background and eligibility to participate in ConnectID.

In addition to Entity Users, as part of our governance of ConnectID and accreditation of Participants, we may collect information about other employees, directors and officers of organisations who are Participants in ConnectID. This information may include information in connection with beneficial ownership, sanctions, “Politically Exposed Persons” (PEP) and “Foreign Account Tax Compliance Act (FACTA) and criminal record checks. In some instances, this may include sensitive information, such as information regarding political associations, professional associations or criminal records. You consent to these collections.

In this instance, and also on other occasions including when we require your contact details in connection with the operation of the service, we may collect information about you from a third party, including from your colleagues, from other Participants in ConnectID, from publicly available sources (such as business social media services, like LinkedIn) or from service providers and contractors that perform services for us in connection with our business.

Similarly, where you provide us information about another individual, we rely on you to inform that individual that you are providing their personal information to us and to advise them that they can view this policy via our website to see how we handle their information (refer to our contact details below).

We may also collect information through automated means, including through our ConnectID platform and website and other methods contemplated further by this privacy policy.

We may combine information that we hold about you with other information collected from or held by others (including our related entities, service providers and contractors). We do so as part of our normal business operations.

We generally do not permit people to deal with us anonymously or using a pseudonym other. If you do not provide us with your personal information, we may not be able to deal with you.

3 Our platform and website

ConnectID and the ConnectID website may automatically collect information when you access or use any part of the ConnectID platform or website, including:

  • your IP address;
  • the date, time and duration of your access;
  • the parts of the ConnectID platform or website that you accessed;
  • your actions on the ConnectID platform or website and associated navigation patterns; and
  • the system you are using to access the ConnectID platform or website.

Consistent with the above, your personal information may be collected through the use of cookies, identifiers or similar technologies used to collected data (Cookies). These are small files placed on your mobile device or computer by our websites or systems which automatically collect information about you without you providing that information to us directly. We may also send session numbers and keys as Cookies to help enhance the security of your session and connection to ConnectID and our website.

Most browsers and systems are set by default to accept Cookies. However, if you do not wish to receive any Cookies you may set your browser to either prompt you whether you wish to accept Cookies on a particular site, or by default reject Cookies.

Please note that rejecting Cookies may mean that some or all of the functions on our websites may not be available to you.

We may also collect information about your use of our website and ConnectID, including by using third party services, such as Google Analytics. For further information about how Google Analytics works please refer to the following link  “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/).

As outlined in the introduction section above, ConnectID does not receive the shared identity information that is exchanged directly between the relevant Data Provider and Relying Party. However, ConnectID does receive and retain metadata (ie data about data) related to the transactions that occur between Data Providers and Relying Parties for purposes of administering, operating and governing ConnectID and various other purposes, including compliance with law and regulatory requirements. For example, this metadata may be used to verify that an identity transaction has been successfully completed.  This metadata as it is received by ConnectID is not personal information and does not include the identity information. In circumstances where metadata is not personal information, its use and disclosure by us is not governed by this privacy policy.

The ConnectID platform and website may contain links or connections to websites or third party systems. Such websites and third party systems are not governed by this privacy policy.

4 The purposes for which we collect, hold, use and disclose your personal information

We collect, hold, use and disclose your personal information for the purposes of carrying out our functions and activities, including:

  • administration, operation and governance of ConnectID, the ConnectID website and related products and services, including discharge of our and our related bodies corporate’s powers and responsibilities in relation to the same;
  • to assess your or your related or your entity’s eligibility or suitability to participate in ConnectID;
  • fraud detection and risk management;
  • monitoring and assessing compliance by you and your entity with the rules and requirements governing participation in ConnectID;
  • verification of your identity or to authenticate you to access ConnectID, the ConnectID website or related products or services;
  • providing you or your entity with documents and information relevant to your or your entity’s participation in the ConnectID;
  • providing you or your entity with information about, or delivery of, our products or services or such services ancillary to or necessary for those products or services;
  • providing you or your entity with information promoting our products and services, if you or your entity chooses to receive that information, such as by subscribing to our mailing or contact lists;
  • administration of our business, including business analytics, record keeping or similar purposes;
  • to meet any obligations or exercise any rights we or our related bodies corporate have under law or the “Trusted Digital Identity Framework” administered by the federal government;
  • statistical or other analytical or research purposes, including for product development and enhancement; and
  • maintenance and development of business systems and infrastructure, including monitoring performance, testing and upgrading of these systems,

(each a Purpose). For clarity, references to “your entity” are references to the entity at which you are engaged or employed where you are a User of ConnectID.

The Purposes outlined above are in addition to any purposes for which the relevant personal information was collected, including as may be set out in any collection statement, for related purposes which we consider come within your expectations or are contemplated by this policy, purposes which you otherwise consent, and purposes as otherwise permitted or required by law.

We may also anonymise, de-identify or aggregate your personal information. For example, we may do this to help protect your privacy in the context of the conduct of any analytics activity. Where information has been anonymised or de-identified such that it no longer constitutes personal information, it is no longer governed by this privacy policy.

5 Sharing your personal information

We may disclose your personal information to other entities within our corporate group in the context of our shared or related interests, activities and operations.

We may disclose information to third party service providers, who help us or entities in our corporate group to conduct business. Such third party service providers may include technology providers, for example those who host or provide services in respect of ConnectID or the ConnectID website, and insurance providers. Where information is shared with these third parties, we require that such third parties observe the confidential nature of such information and are prohibited from using any or all of this information beyond what we permit them to do.

Some of our third party related service providers including our hosting providers are located overseas. Given the number of third party service providers, it is not practical to list all of the countries in which they are located, however parts of ConnectID are hosted in Singapore and are supported from the United Kingdom, and your personal information may be disclosed to and stored in those locations in connection with our interactions those third parties and related entities. These hosting service providers include Amazon Web Services and Raidiam Services Ltd.

We may also disclose your personal information:

  • to other third parties as consented to by you or as permitted or required by law or in response to a lawful request by any government, regulatory body or enforcement agency;
  • to other Participants in ConnectID;
  • in connection with the investigation of a potential unlawful activity; and
  • to entities involved in connection with a potential or actual corporate merger, consolidation, restructuring, the sale of substantially all of our interests and/or assets, or other corporate change requiring the transfer of assets, including during the course of any due diligence process, to the purchaser or surviving entity.

6 Accessing and correcting your personal information

You can request access to the personal information we hold in a record about you. Your request must be in writing and we may ask for proof of identity. We will respond to your request within 30 days of the request being received. If it is not possible for us to provide you with access as requested, we will let you know.

If you think that any personal information we hold about you is not accurate, complete or up-to-date, you may ask us to amend your details. We will take reasonable steps to amend your personal information as you direct, unless we reasonably consider that your information is already accurate, complete and up-to-date, in which case we will let you know.

7 Protecting your personal information

We understand the need to protect your personal information. We have put in place security measures designed to protect your personal information from misuse or loss, and from unauthorised access, modification or disclosure. This includes the use of technologies and processes such as access control procedures, network firewalls and physical security to protect the privacy of your personal information. We also require any service providers to whom we disclose your information for storage to also implement various security controls.

We primarily store information with reputable third-party data storage and hosting providers in Australia and Singapore.

8 Change of policy

We may vary our information handling practices and modify or amend this privacy policy from time to time.  We will notify you of these changes by publishing them at: connectid.com.au.

9 Contact information

If you have any queries or complaints with regards to our handling of your personal information, please contact us by writing to our Privacy Officer at Level 1, 255 George St, Sydney NSW 2000 or by email at privacy@auspayplus.com.au.

If you make a complaint, we will endeavour to respond to it as soon as possible. If you are dissatisfied with our response, you have the right to make a complaint to the Office of the Australian Information Commissioner by phoning 1300 363 992 or by emailing enquiries@oaic.gov.au.

Finally, we note that should you have any concerns regarding the activities of any Data Provider or Relying Party or any related consent in respect of sharing identity information, you should contact the relevant Data Provider or Relying Party. The contact details of these entities should be specified within their privacy policy available on their website.