RatifyID’s Privacy Notice

Last Updated: [8th September 2023]

1. Introduction

Welcome to RatifyID (“we,” “our,” or “us”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Notice explains how we collect, use, share, and protect your personal information when you interact with us through our website, products, services, or other channels. Please take a moment to review this notice to understand your rights and choices regarding your data.

2. Information We Collect

We may collect and hold the following types of personal information and sensitive information:

• Name
• Address
• Email
• Phone number
• Date of birth
• Nationality
• Government-related identifiers (e.g., license, passport)
• Fraud indicators
• Information from scanned ID documents or facial images
• Biometric data (used only for authentication)
• Device and web log information
• Behavioural data related to app usage
• Any other data necessary for your interactions with us

3. How We Use Your Information

Personal and Sensitive information

We use personal and sensitive information depending on your relationship with us and the services you require. This includes:

• Enabling website and app access
• Providing verification services
• Preventing fraud
• Enhancing user experience (using non-personal data for algorithm training)
• Improving systems and aiding fraud detection (without using behavioural data for training or selling)
• Sending service-related messages
• Legal compliance and dispute resolution
• Authenticating and storing biometrics (until consent revocation)

Providing Verification Services for Our Relying Partners

In delivering verification services for our relying partners, your personal data may be collected from them or another source. We maintain transparency by informing you of:

• Name of the Relying partner or individual: You will be informed of the source from which your personal information is requested.
• Purpose of Disclosure: We will clearly communicate the purpose for which your information is being disclosed to us. This information is essential to maintain transparency and trust in our data collection practices.

Rest assured that we handle the personal information obtained from these sources with the same level of care and security as any other data we collect, as outlined in RatifyIDPrivacy Policy.

Biometric Data Collection and Disclosure

We follow TDIF (Trusted Digital Id Framework) guidelines to protect privacy and security.

1. Obtain express consent before collecting, using, or disclosing biometric information.
2. Biometric data is used solely for authentication and is destroyed when consent is revoked.
3. Maintain records of biometric data destruction.
4. We do not perform one-to-many matching with biometric data.

Other Circumstances for Disclosure

1. Business Transactions: In mergers, acquisitions, or asset sales, your data may be transferred with notice.
2. Detecting and investigating digital id fraud or fraudulent activity.
3. Law Enforcement: We may disclose information as required by law or valid public authority requests.
4. Other Legal Requirements: When necessary to comply with legal obligations, protect rights, safety, prevent wrongdoing, or liability.

This summary provides a concise overview of how we use and protect your information. For more details, please refer to our full Privacy Policy.

4. To whom do we disclose your personal information?

We may share personal information (excluding sensitive or biometric data) for the following purposes:

• With companies within Makesure Consulting Pty Ltd.
• With our clients and third parties when verifying your identity is necessary to access their products/services. We do not sell your data.
• With our employees and contractors for product management and service provision.
• With third-party suppliers and service providers for document verification and website/business operation.
• With specific third parties authorized by you.
• For legal compliance, including court orders, investigations, regulatory bodies, law enforcement, and insurance claims as required or permitted by law.

5. Overseas transfer of personal and sensitive information

We may share your information with overseas recipients for specific purposes. Our website developers in Romania have access to personal data but adhere to contract obligations, the Privacy Act 1988 (Cth), and Australian Privacy Principles.

Furthermore, personal information won’t be transferred or stored overseas; it remains in Australia, including backups. Data stays within Ratify ID servers, strictly controlled by RatifyID to restrict access as needed.

6. Security

We take the security of your personal information seriously and have implemented reasonable measures to protect it.

RatifyID undertakes the following actions:

Sensitivity of Personal Information

• We categorize the personal data we collect into sensitivity levels, differentiating between various types of information, including personal, sensitive, and biometric data, for instance.
• We employ enhanced security measures for extremely sensitive data, encompassing encryption, access controls, and routine security evaluations.
• We carry out privacy impact assessments to assess and mitigate the risks associated with the handling of sensitive information.
• We provide our staff with training to ensure they can identify and manage sensitive information correctly.

Possible Adverse Consequences

• We perform an extensive risk evaluation to pinpoint potential negative outcomes for individuals, including risks like identity theft, financial loss, or harm to one’s reputation.
• We create incident response protocols to swiftly manage potential negative outcomes should a data breach occur.
• We introduce supplementary security measures, such as intrusion detection systems and continuous real-time monitoring, for data that presents an elevated risk of detrimental consequences.
• We consistently assess and revise our risk assessment in response to evolving circumstances and emerging threats.

Special Needs of Individuals

• We present alternative avenues for individuals to grant consent or assert their privacy rights, such as chat support.

7. RatifyID Privacy Policy

Please refer to our Privacy Policy for details on accessing and correcting your information, obtaining consent, the procedure for filing privacy-related complaints, and the storage of information.

8. Cookies and Similar Technologies

We use cookies and similar technologies to enhance your online experience. You can manage your cookie preferences through your browser settings.

9. Updates to this Privacy Notice

We may update this Privacy Notice from time to time. The latest version will be posted on our website with the revision date.

10. Contact Us

If you have questions, concerns, or requests related to your privacy, please contact us at:

Privacy Officer
Email: privacy@ratifyid.com
Address: 5/26-36 High Street Northcote Vic 3070
Effective Date: 23 May 2023

Date of Last Revision: 8th September 2023