You are currently using an outdated browser. For the best viewing experience, please upgrade your browser here.

VIX Verify International Privacy Policy – EEA

Date: 23 May 2018

VIX Verify International Pty Ltd ABN 54 165 074 395 (VIX Verify) is a private identity verification services provider and a gateway service provider for the Commonwealth Document Verification Service.

VIX Verify is committed to complying with European data protection legislation including the General Data Protection Regulation (GDPR). It understands the importance of protecting the privacy of individuals. This Privacy Policy, therefore, sets out:

  • VIX Verify’s procedures in relation to the collection, use, disclosure, storage and protection of information that VIX Verify collects from or about individuals residing in the European Union (personal information); and
  • the rights of those individuals to seek access to and correction of personal information which VIX Verify holds about them.

At VIX Verify, we collect and process personal information in a number of ways.  To help you find the information that is most relevant to your situation, we have separated our policy into a number of sections.  Please click on the heading below that is appropriate for your situation to find out more.

Section 1 – General Information;

Section 2 –  Visitors;

Section 3 – Customers;

Section 4 – Verification Subjects;

Section 5 – Your rights under the GDPR; and

Section 6 – Additional Information.

If you would like VIX Verify to send you a MS Word or PDF copy of this Privacy Policy (at no charge), please use the contact details at the end of this Privacy Policy to request a copy. If you require a copy of this Privacy Policy in a different format, VIX Verify will use its reasonable efforts to comply with your request. If VIX Verify cannot supply a copy of the Privacy Policy in the format you have requested, VIX Verify will contact you to discuss your requirements and attempt to identify and agree an alternative format in which the copy of the Privacy Policy can be provided to you.

VIX Verify welcomes your comments on this Privacy Policy. If you would like to make a comment, you should contact VIX Verify using the contact details set out in the section 1.1 of this Privacy Policy.

1. GENERAL INFORMATION

1.1 Identity and Contact Details of Data Controller and its representative in the EU

VIX Verify is a registered data controller under the terms of the Data Protection Act in the United Kingdom. VIX Verify’s registration number is ZA215360. VIX Verify’s registration and notification of its uses of personal data can be viewed as part of the Public Register of Data Controllers maintained by the Information Commissioner’s Office at https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/

If you have any queries regarding this policy or complaints about our use of Your Data, please contact our Privacy Officer using the details below and we will do our best to deal with your complaint or query as soon as possible.

The Data Protection Officer
VIX Verify Pty Ltd
PO Box 4863
Sydney NSW 2001
AUSTRALIA
e-mail: info@vixverify.com

1.2 Transfer of Personal Information outside the EEA

VIX Verify is an Australian organisation and you should be aware that, by submitting your personal information to us, that information will be stored and processed in Australia. In certain circumstances, it may also be processed by other organisations in our group in New Zealand, Singapore and South Africa.

We may also need to transfer personal information outside the EEA if the Customer provides verification information from a country outside the EEA. In this instance, personal information will be transferred by VIX Verify to the country from which the verification information provided by the Customer originates. Therefore, given the possible scope of Customers, it is possible that VIX Verify may transfer personal information of a Customer to a country which does not provide the same level of protection of personal information as is applicable within the EEA.

2. VISITORS

A Visitor is a person who visits VIX Verify’s website or otherwise contacts VIX Verify but to whom VIX Verify does not provide any goods or services or who does not undertake a trial of any products or services provided by VIX Verify (Visitor).

This section is divided into the following subsections:

  • How VIX Verify collects personal information from Visitors;
  • What personal information VIX Verify collects;
  • Why VIX Verify collects personal information;
  • Who VIX Verify shares your personal information with;
  • International transfers of personal information; and
  • Disposal or destruction of personal information.

2.1 How VIX Verify collects personal information from Visitors

VIX Verify collects personal information of Visitors in the following ways:

          a. when the Visitor submits their information to us using the “get in touch” section of our website.
          b. when the Visitor emails us or telephones us;
          c. through the use of cookies and other analytical tools when a Visitor uses our website; and
          d. (in relation to Prospects) from publicly available sources such as LinkedIn or Companies House.

2.2 What personal information VIX Verify collects

When the Website visitor uses the ‘get in touch’ function, VIX Verify collects the Visitor’s name, organisation name, email address, telephone number and region.  We may also collect other personal information that the Visitor voluntarily submits to us when they complete the online enquiry form on our website.

When a Visitor emails us, VIX Verify collects the Visitor’s name, email address and phone number. We also keep a copy of their email which may contain other personal information the Visitor provides to VIX Verify.

When VIX Verify identifies a Prospect, we collect the Prospect’s name, email address and telephone number.

2.3 Why VIX Verify collects personal information from Visitors

The personal information collected by VIX Verify will be used predominantly to respond to the Visitor’s query or request. The legal basis for the processing is, therefore, that the processing is necessary for the purposes of the legitimate interests of VIX Verify to respond to its customers’ or prospective customers’ queries.

VIX Verify may also use Visitor Personal Information to keep the Visitor informed of any activities undertaken by VIX Verify which we believe may be of interest to the Visitor and this use may include sending email and postal marketing from time to time.  VIX Verify will only ever use personal information in this way when we have obtained your consent in accordance with the GDPR.

VIX Verify does not attempt to identify a Visitor when the Visitor is accessing the website or otherwise contacting VIX Verify. Where possible, VIX Verify’s systems will allow a Visitor to communicate with VIX Verify on an anonymous basis or by using a pseudonym. The provision of personal information through the website or other means of communication is, therefore, entirely voluntary.   Please note, however, that it may be difficult for us to fully respond to your query or enquiry without certain contact details.

2.4 Who VIX Verify shares personal information with

Please note that we may on occasion be required to share your information with the following categories of recipients:

  • VIX Verify offices and branches. A full list of all of the entities within the VIX Verify group is listed on our website.
  • Third parties who provide services to us. For example, we use a third party hosted Customer Relationship Manager software to store and manage some of our personal data. A full list of all our third party service providers is available on request.

We have taken steps to ensure that all such entities keep Your Data confidential and secure and only use it for the purposes that we have specified and have informed you of.  Our service providers are subject to data processing agreements which are, or are in the process of being updated to become, compliant with the requirements set out in the GDPR.

In relation to any other category of recipient not listed above, we will only disclose your information in the following circumstances:

  • where you have given your consent;
  • where we are required to do so by law or enforceable request by a regulatory body;
  • where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • if we sell our company, go out of business, or merge with another company

2.5 International Transfers

In certain circumstances, we may transfer the personal information of Visitors to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the GDPR.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

          a. VIX Verify Group Companies in Australia, New Zealand, Singapore and South Africa.
As set out under 1.2 above, VIX Verify is an Australian organisation and you should be aware that, by submitting your personal information to us, that information will be stored and processed in Australia. In certain circumstances, it may also be processed by other organisations in our group in New Zealand, Singapore and South Africa.  We have organisation and technical measures in place to ensure that all personal information handled by our staff in any of our offices is processed in accordance with the requirements of the GDPR. These measures include encryption of data and robust information security practices and all of our staff are trained in GDPR compliance requirements.
The European Commission has also ruled that New Zealand offers adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR.
          b. Third party service providers in the United States
Some of our third party service providers are located in the United States.  By submitting personal information to us, that information may, therefore, be transferred to the United States.  We ensure that all third party service providers located in the United States participate in and certify their compliance with the EU-U.S. Privacy Shield Framework Transfers of personal information to those service providers in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR.  To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.

2.6 Disposal or destruction of personal information

VIX Verify will delete all personal information of our Visitors after five years except in those cases where VIX Verify is legally required to keep the personal information for a longer period.  In this instance, the personal information will be deleted as soon as VIX Verify is no longer legally required to keep it.

3. CUSTOMERS

A Customer is the representative of an organisation to whom VIX Verify provides identity verification products or services.

VIX Verify’s identity verification service is a service which verifies the identity of a third party (Verification Subject) thereby allowing the Customer or the Customer’s organisation to prove that the Verification Subject is who they say they are including to allow the Verification Subject to electronically present himself or herself to a trusted independent entity with whom the Customer or the Customer’s organisation may already have a relationship.

This section is divided into the following sub-sections:

  • How VIX Verify collects personal information of Customers;
  • What personal information VIX Verify collects;
  • Why VIX Verify collects personal information;
  • How VIX Verify uses personal information of a Customer;
  • Access to personal information;
  • Disposal or destruction of personal information.

3.1 How VIX Verify collects personal information of Customers

VIX Verify will collect information either directly from each Customer or from other representatives of the Customer’s organisation during our customer on-boarding process.

3.2 What personal information VIX Verify collects

VIX Verify collects the following information about Customers:

          a. Name;
          b. Phone number;
          c. Email address;
          c. Company name;
          d. Company registration details.

Additional information may be required depending on the services which the Customer wishes to acquire from VIX Verify and VIX Verify will notify the Customer of the requirement to collect this additional information.

Some of the personal information VIX Verify collects is obtained from publicly available sources such as Companies House, the Information Commissioner’s Office and the Customer’s website

3.3 Why VIX Verify collects personal information

VIX Verify collects personal information of Customers:

          a. to provide identity verification services to the Customers;
          b. in order to carry out our own due diligence checks on our Customers;
          c. for the purposes of communicating with the Customer;
          d. for the purpose of providing information to specific organisations with whom the Customer has authorised VIX Verify to communicate;
          e. to provide services related to the services and purposes described above; and
          f. to manage the Customer relationship and provide support.
          g. to keep the Customer informed of any activities undertaken by VIX Verify which we believe may be of interest to the Customer and this use may include sending email and postal marketing from time to time.

The legal basis for VIX Verify processing the personal information of Customers (other than in relation to marketing) is, therefore, that it is necessary in order to perform a contract or necessary for compliance with a legal obligation to which we are subject.

VIX Verify will only ever use personal information for marketing purposes when we have obtained your consent in accordance with the GDPR.

The personal information that VIX Verify collects is a contractual requirement and VIX Verify will not be able provide the services if the information is not provided, other than as set out below.

Where possible, VIX Verify’s systems will allow a Customer who wishes to communicate with VIX Verify on an anonymous basis or by using a pseudonym. However, it will not be possible for a Customer to communicate with VIX Verify on an anonymous basis or using a pseudonym if the Customer requires assistance in relation to its account or the information which it has provided to VIX Verify for the purposes of establishing or using its account.

3.4 Who VIX Verify shares Customer personal information with

Please note that we may on occasion be required to share your information with the following categories of recipients:

          a. VIX Verify offices and branches and our associated firms. A full list of all of the entities within the VIX Verify group is listed on our website
          b. Third parties who provide services to us. For example, we use a third party hosted Customer Relationship Manager software to store and manage some of our personal data. A full list of all our third party service providers is available on request.
          c. Third parties whom the Customer has authorised VIX Verify to contact or provide the personal information for the purposes of providing the verification service to the Customer.

We have taken steps to ensure that all such entities keep Your Data confidential and secure and only use it for the purposes that we have specified and have informed you of.  Our service providers are subject to data processing agreements which are, or are in the process of being updated to become, compliant with the requirements set out in the GDPR. Further details regarding any third parties who are located outside the EEA are set out in paragraph 5 below.

In relation to any other category of recipient not listed above, we will only disclose your information in the following circumstances:

  • where you have given your consent;
  • where we are required to do so by law or enforceable request by a regulatory body;
  • where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights; and
  • if we sell our company, go out of business, or merge with another company

3.5 International Transfers

In certain circumstances, we may transfer the personal information of Customers to countries outside the EEA, which may not adhere to the same levels of data protection to which countries within the EEA are subject.  Any such transfers are, at all times, made in accordance with the GDPR.  Details of the circumstances and mechanisms in place to ensure compliance are set out below:

          a. VIX Verify Group Companies in Australia, New Zealand, Singapore and South Africa
As set out under 1.2 above, VIX Verify is an Australian organisation and you should be aware that, by submitting your personal information to us, that information will be stored and processed in Australia. In certain circumstances, it may also be processed by other organisations in our group in New Zealand, Singapore and South Africa.  We have organisation and technical measures in place to ensure that all personal information handled by our staff in any of our offices is processed in accordance with the requirements of the GDPR. These measures include encryption of data and robust information security practices and all of our staff are trained in GDPR compliance requirements.
The European Commission has also ruled that New Zealand offers adequate levels of data protection in their domestic legislation and transfers to these jurisdictions are, therefore, permitted under the GDPR.
          b. Third party service providers in the United States
Some of our third party service providers are located in the United States.  By submitting personal information to us, that information may, therefore, be transferred to the United States.  We ensure that all third party service providers located in the United States participate in and certify their compliance with the EU-U.S. Privacy Shield Framework Transfers of personal information to those service providers in the United States are therefore made subject to appropriate safeguards in accordance with the GDPR.  To learn more about the Privacy Shield Frameworks, visit the U.S. Department of Commerce’s Privacy Shield website: https://www.privacyshield.gov/welcome.

3.6 Access to personal information

Customers may access all the personal information they have provided to VIX Verify or which VIX Verify has collected and may update or delete it except in those cases where VIX Verify or an organisation to which VIX Verify has provided the personal information as part of VIX Verify’s provision of the verification services is required to maintain a record. This includes retention of records for compliance with Anti-Money Laundering legislation or other laws or regulations.

3.7 Disposal or destruction of personal information

VIX Verify will delete all personal information on conclusion of the Customer’s arrangements with VIX Verify except where it is legally required to keep the personal information for a longer period.  In this instance, the personal information will be deleted as soon as VIX Verify is no longer legally required to keep it.

4. VERIFICATION SUBJECT

A Verification Subject is an individual who a customer of VIX Verify wishes to identify using our identity verification services.

Please note that VIX Verify processes the personal information of Verification Subjects on behalf of the customer and the customer is the Data Controller in relation to such data.  Verification Subjects should contact the organisation who has requested the personal information is submitted to VIX Verify for further information on how that organisation uses the information we provide to them.

All personal information relating to Verification Subjects based in Europe is hosted on VIX Verify’s servers in the EEA and is not transferred to Australia or any other VIX Verify office.

5. YOUR RIGHTS UNDER THE GDPR

Under the GDPR, you will have the following rights in relation to how we process the personal information VIX Verify hold about you (Your Data):

          a. Right to request access – you may obtain confirmation from us as to whether or not Your Data is being processed and, where that is the case, access to personal information we hold about you.
          b. Right to rectification – you have the right to obtain rectification of inaccurate personal data we hold concerning you.
          c. Right to erasure – you have the right to obtain the erasure of personal information we hold about you without undue delay in certain circumstances.
          d. Right to restriction of processing or to object to processing – you may require us to restrict the processing we carry out on personal information we hold about you in certain circumstances or to object to us processing Your Data.
          e. Right to data portability – you have the right to receive a copy of personal information we hold about you in a structured, commonly used and machine-readable format.
          f. Right to withdraw consent – where you have provided your consent to us processing personal information we hold about you in a certain way, you have the right to withdraw your consent at any time. This can be done by contacting us using the contact details set out in paragraph 1 above.
          g. Right to lodge a complaint – you may lodge a complaint with any supervisory authority in the EU. The supervisory authority for the United Kingdom is the Information Commissioner’s Office whose contact details can be found on their website https://ico.org.uk/global/contact-us/
We will not charge you a fee if you wish to exercise any of your rights, except where we are permitted to do so by the GDPR.
For further information on your rights, please see the Information Commissioner’s website https://ico.org.uk

6. ADDITIONAL INFORMATION

This section is divided into the following subsections:

  • Unsolicited personal information;
  • Website analysis;
  • Cookies;
  • Data security and data storage;
  • Government related identifiers;
  • Changes to Privacy Policy.

6.1 Unsolicited personal information

There may be situations in which VIX Verify receives personal information about a person even though VIX Verify has not requested any personal information about an individual or has not requested the particular information which has been received about an individual (unsolicited personal information).

If VIX Verify receives any unsolicited personal information, it will, within a reasonable period of receipt of the unsolicited personal information, review the unsolicited personal information to determine if it is reasonably necessary for its functions. If it is, VIX Verify will handle the information in the same way as it handles the information we collect from a person. If VIX Verify does not need the information, VIX Verify will destroy the information or de-identify it.

6.2 Website Analysis

VIX Verify’s web server collects information on the usage patterns of people visiting VIX Verify’s website. The information is collected each time a user visits VIX Verify’s website. Except in relation to a Trial User, it is not used to identify browsing activities of any Customer but is collected for statistical purposes. The information collected consists of:

          a. the date and time of visits;
          b. number of users who visit the website;
          c. traffic patterns and pages viewed.

This data will be used to research VIX Verify’s website and product and to evaluate, develop and improve its usability. The legal basis for the processing of such information is that it is required for the purposes of the legitimate interests of VIX Verify in order to improve our website performance.

6.3 Cookies

VIX Verify’s website uses session-based cookies to keep Customers and Trial Users logged in during a session. These cookies are required in order for our website to function and our legal basis for processing the personal information that the cookie collects is that is necessary for the legitimate interests of VIX Verify to provide a functioning website. No other cookies or trackers are used.

6.4 Disclosure of personal information by VIX Verify

VIX Verify will not disclose information that identifies an individual, or enables an individual to be identified except as:

          a. specified in this Privacy Policy;
          b. authorised by the individual;
          c. as required under applicable laws; or
          d. as directed by courts, tribunals or other bodies having authority over VIX Verify.

6.5 Data security and storage

All personal information held by VIX Verify is protected from unauthorised access through the use of secure passwords and user logons.

VIX Verify stores all personal information that it collects securely in a manner that is sufficient to prevent misuse and loss, unauthorised access, modification or disclosure of personal information. VIX Verify maintains a high level of data security by implementing:

          a. physical security to prevent unauthorised entry to our premises, by installing systems to detect unauthorised access and secure containers for storing paper-based personal information;
          b. computer and network security to protect computer systems and networks for storing, processing and transmitting personal information;
          c. communications security to protect communications via data transmission and to prevent unauthorised intrusion into our computer network;
          d. personnel security, through VIX Verify’s personnel security measures and background checking procedures to limit access to personal information only by authorised staff and for only approved purposes.

6.6 Government related identifiers

VIX Verify does not use or disclose any government identifier or identifier (such as passport numbers or driving licence details) issued by another person.

6.7 Changes to this Privacy Policy

VIX Verify reserves the right to change this Privacy Policy as required to maintain compliance with the GDPR and other applicable laws, to comply with changes in technology or to facilitate changes in its business. VIX Verify will, if possible, give prior notice of its intention to change this Privacy Policy. If VIX Verify considers it necessary, it will consult with the Information Commissioners Office or other appropriate government representatives and other representative groups before implementing any change to this Privacy Policy. However, there may be circumstances where VIX Verify considers that prior notice or prior consultation is not required or where it is not possible for VIX Verify to give prior notice of a change to this Privacy Policy or undertake consultation before changing this Privacy Policy.

When this Privacy Policy is updated, those updates will appear on this page. VIX Verify will ensure that changes to this Privacy Policy are identified in each update. VIX Verify will also ensure that prior versions of the Privacy Policy can be accessed.

© 2018 VIX Verify Pty. Ltd. All rights reserved.