Integrated Identity understands that your privacy is important to you. We respect and value the privacy of everyone who uses our Consumer App and Business Platform (“Our Product”) and visits integratedidentity.techemy.co (“Our Website”), and will only collect and use Personal Information in ways that are described here, and in a way that is consistent with our obligations and your rights under the laws applicable to your Personal Information.

This policy aims to explain what data we collect, how that data is processed and the choices you have regarding the use of, access to and how to update or correct your Personal Information. Please contact us at [email protected] for any queries, or to enforce the rights you may have under any applicable law.

If you are based in the European Economic Area during your interactions with us (other than solely for travel purposes), the laws in those countries require us to provide you with additional information about our processing activities. We have included this information in Appendix A.

Scope

In this Policy, the following terms shall have the corresponding meanings:

“Account” means an account required to access and/or use certain areas and features of our App or Platform.

“Application” or “App” means the Integrated Identity mobile application which allows customers to monitor and protect their identity.

“Platform” means the Integrated Identity Platform which allows businesses to verify customer identity.

“Personal Information” means any information relating to an identified or identifiable individual. It includes information that you have provided to us or was collected by us from other sources. It may include details such as your name and address, age and gender, personal financial records, identification numbers including your Social Insurance Number and personal references, to the extent permitted by local laws.

“Direct Marketing” means our communications with you including through mail, telemarketing or email, using your contact information, to inform you about products and services that we think may be of interest and value to you. This does not include communications regarding products or services that you currently have, including improved ways to use the products, or additional features of the products as well as transactional information.

“Cookie” means a small text file placed on your computer or device when you visit certain parts of our Website.

“Analytics” means the systematic computational analysis of data or statistics.

“Subject Access Request” means a request to exercise any of the rights set out in the “What are your rights as a consumer?” section below.

Information about us

Our Product and Our Website are owned and operated by Integrated Identity Limited, registered in New Zealand under company number 7821796, with the registered address of 15 Sale Street, Auckland Central, Auckland 1010, New Zealand.

Why is this Privacy Policy important?

This Privacy Policy applies to your use of Our Product and Our Website. It may contain links to other websites. Please note that we do not accept any responsibility or liability for how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

What data does Integrated Identity collect?

Data collected from the Business Platform:

  • Business Name
  • Domain Name
  • Postal address
  • Contact Information
  • Primary Contact Name
  • Primary Contact Email
  • Business User Email
  • Business User Full Name
  • Business User Mobile Number
  • Billing Email Address
  • Operations Email Address
  • Security Email Address
  • Data Officer Email
  • Contact Number
  • Payment Transaction Log
  • VAT Number

Data Collected from Third Party Services:

  • IP Addresses
  • Timestamp from previous login
  • Customer Operating System
  • Browser Type
  • VAT Number
  • Device Type
  • Geographic Location
  • Business User’s Mobile Number

We do not collect any biometric data. We process your fingerprint through your device and do not store or process it on our Product.

How does Integrated Identity use your personal information?

Your personal data may be used for the following purposes:

  • Enabling Businesses to access Customer Information to verify and authenticate Customer identity
  • Communicating with you. This may include responding to emails from you;
  • Supplying you with information by our newsletter;
  • Updating you on the progress of Integrated Identity products;
  • Providing customer support
  • Assisting existing customers with tailor made support based on previous requests.
  • To monitor certain activities to ensure service quality, compliance with procedures, terms of use and policies, and to combat fraud.
  • In connection with legal or regulatory obligations, for example, to comply with our regulatory requirements which may include disclosing your personal information to third parties, the court service, and/or regulators or law enforcement agencies.

What are your rights as a consumer?

You have the following rights under laws which may be applicable to your Personal Information, which we will always work to uphold:

  1. The Right to be Informed. You have a right to be fully informed about our collection and use of your personal information. This Privacy Policy should tell you everything you need to know, but you can always contact us at [email protected] to find out more or to ask any questions.
  2. The Right to Access. You may request for us to provide you with a copy of your processed personal information.
  3. The Right to Rectification. You may request for us to rectify any incorrect, inaccurate or incomplete personal information we may have.
  4. Where processing is based on consent, the right to withdraw your consent so that we stop that particular processing.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the data protection regulator in your country.

Who has access to your personal information?

Sharing within the Integrated Identity group:

We may share your Personal Information within the Integrated Identity group for sales and marketing purposes, for legal and regulatory purposes, to manage business risks, to perform analytics, to ensure we have correct or up-to-date information about you (such as your current address or date of birth) and to better manage your relationship with us.

Sub-contractors and agents:

We may use affiliates or other companies to provide services on our behalf such as data processing, account administration, fraud prevention and detection, analytics and marketing. Such companies will be given only the Personal Information needed to perform those services and we do not authorise them to use or disclose Personal Information for their own marketing or other purposes. We have contracts in place holding these companies to the same standards of confidentiality by which we are governed. The table below provides a brief overview of what each third party service does with your data.

Service
Keesing Technologies

Purpose
Verifies the authenticity of passport and driving license information on Our Platform.

Service
Storj, MongoDB

Purpose
Stores all uploaded consumer documents from Our Platform.

Service
Amazon Cognito

Purpose
Uses your mobile number for our multifactor authentication.

Service
Stripe, Alipay

Purpose
Uses your credit card or debit card number, or bank account information), purchase amount, date of purchase, and payment method to process your payments on Our Business Platform.

Service
Coinpayments

Purpose
Uses your full name and email address, to process cryptocurrency payments.

Service
SendinBlue

Purpose
Uses your email address to get in contact with you and send you our monthly newsletter.

Service
Quarderno

Purpose
Uses your VAT number to calculate your tax rate accurately.

Service
Livechat, Botengine

Purpose
Uses your full name, email addresses and device type, operating system type and application version to deliver quick and efficient customer service support.

Service
Pipedrive

Purpose
Uses your full name, email address, mailing address, mobile phone number, and credit card (or other billing information) and geographic area to manage sales customer relationships.

Service
Oneflow

Purpose
Uses full name, email address, phone number, title, workplace and unique identity number to verify identity.

Service
Upcloud

Purpose
Encrypts and stores all user documents from the App.

Sharing with other third parties:

Personal Information may be provided to third parties, including anti-fraud organisations, legal, regulatory or law enforcement authorities in cases of suspected criminal activity or contravention of law, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of governments, regulatory authorities or other self-regulatory organizations, or to comply with a court order or for the protection of our assets (for example, collection of overdue accounts).

How does Integrated Identity comply with data protection laws?

We have a simple but secure compliance framework.

  1. All our providers are compliant with applicable data protection laws,
  2. Our product is made with privacy by design in mind and
  3. We have Data Protection Agreements (“DPAs”) to ensure that our third party vendors manage your data in a compliant manner.

To ensure you get the best security possible:

  1. All personal data is encrypted from end to end using state-of-the-art cryptography. Integrated Identity cannot view your data without your consent.
  2. We utilise decentralised storage of encrypted documents
  3. Our Product is security and privacy by design centric. It is embedded into the entire software development lifecycle.
  4. Our Product requires multi-factor authentication and does not require a password which can be easily forgotten or misplaced

How long will personal information be kept?

We will not keep your personal data for any longer than is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. If you are a customer and you want to enforce your right to be forgotten, we will delete all your data from our systems within one month. We will also notify all businesses to delete your information within one month of receiving your request.

If you subscribe to our newsletter, your name and email address will be kept in our database unless you choose to opt out of receiving our newsletter. If you opt out, your personal data will be removed within one month.

How secure is my personal information?

Integrated Identity is committed to protecting your personal information. The personal information you provide is stored in secure servers with limited access. However, as no method of transmission or storage is 100% secure, we cannot guarantee its absolute security. Where we have given you (or where you have chosen) a password which enables you to access our Business Platform you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of. We ask you not to share a password with anyone.

Does anyone else have access to my personal information?

We will not share any of your personal data with any third parties other than as described in this Privacy Policy.

How can you make a subject access request?

All Subject Access Requests should be made in writing and sent to our email address. In most cases there will be no charge for a Subject Access Request unless the request is unduly complicated or if there are repetitive requests. This is charged to satisfy administration costs.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

We will respond to your subject access request within 14 working days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

Right to opt out of marketing

If you prefer not to receive our Direct Marketing communications, you can have your name deleted from our Direct Marketing lists by clicking the unsubscribe link in the footer of the email that you receive, by contacting us as set out in the Get In Touch section below.

Cookies policy

We use cookies on the websites. To find out more about how we use cookies, please see our Cookies Policy.

Get in touch

To contact us about any concerns you may have about your personal data and data protection or to make a subject access request, please contact us at [email protected]

Privacy policy amendments

We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be immediately posted on Our Website and Product. You may be required to consent to the new privacy policy. We recommend that you check this page regularly to stay updated.

APPENDIX A: European Appendix

This Appendix applies if you are based in the European Economic Area (the EEA) during your interactions with us (other than solely for travel purposes).

It sets out the additional information that we are required to provide you under European data protection law (EU DP Law), including information about rights that you have in relation to your Personal Information that we handle.

Why we collect your data, and who we disclose it to

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. You can find an explanation of each the grounds relied upon by clicking here.

Processing Activity

Enabling Businesses to access Customer Information to verify and authenticate Customer identity

Use bases

  • Contract performance
  • Consent
  • Legitimate interests (to enable us to perform our obligations and provide our services to you)
Processing Activity

Communicating with you. This may include responding to emails from you

Use bases

  • Contract performance
  • Consent
  • Legitimate interests (to enable us to perform our obligations and provide our services to you; to notify you about changes to our services)
Processing Activity

Supplying you with information by our newsletter

Use bases

  • Legitimate interests (to keep you updated with news in relation to our products and services)
Processing Activity

Updating you on the progress of Integrated Identity products

Use bases

  • Legitimate interests (to keep you updated with news in relation to our products and services)
Processing Activity

Providing customer support and pursuing sales leads

Use bases

  • Contract performance
  • Consent
  • Legitimate interests (to enable us to perform our obligations and provide our services to you)
Processing Activity

Assisting existing customers with tailor-made support based on previous requests

Use bases

  • Contract performance
  • Consent
  • Legitimate interests (to enable us to perform our obligations and provide our services to you)
Processing Activity

To monitor certain activities to ensure service quality, compliance with procedures, terms of use and policies, and to combat fraud

Use bases

  • Contract performance
  • Legal obligations
  • Legal claims
  • Legitimate interests (to ensure the quality and legality of our services)
Processing Activity

In connection with legal or regulatory obligations, for example, to comply with our regulatory requirements which may include disclosing your personal information to third parties, the court service, and/or regulators or law enforcement agencies

Use bases

  • Legal obligations
  • Legal claims
  • Legitimate interests (to ensure the quality and legality of our services)

Use Bases

These are the principal legal grounds that justify our use of your information:

Consent:

where you have consented to our use of your information (you will have been presented with consent language in relation to any such use and may withdraw your consent contacting us as set out in the Get In Touch section of the main Privacy Policy).

Contract performance:

where your information is necessary to enter into or perform our contract with you.

Legal obligation:

where we need to use your information to comply with our legal obligations.

Legitimate interests:

where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims:

where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

Export outside the EEA

Your Personal Information may be accessed by staff, suppliers or other persons in, transferred to, and/or stored at, a destination outside the EEA in which data protection laws may be of a lower standard than in the EEA.

Where we transfer Personal Information from inside the EEA to outside the EEA, we may be required to take specific additional measures to safeguard the relevant Personal Information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export Personal Information to these jurisdictions. In countries which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable EU DP Law.

Please contact us as set out in the Get In Touch section of this Privacy Policy if you would like to see a copy of the specific safeguards applied to the export of your Personal Information.

Your additional rights

Under EU DP Law, you may have the following rights in relation to your Personal Information—some of which may be additional to those to those set out in the main Privacy Policy. Under certain conditions, you may have the right to:

  1. The Right to Data Portability. If you have provided personal data to us directly, and we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases;
  2. The right to Erasure. You may request for us to delete any Personal Information we no longer have a lawful ground to use;
  3. The right to object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights;
  4. The right to object to Direct Marketing; and
  5. The right to restrict how we use your information whilst a complaint is being investigated.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the data protection regulator in your EU country (listed here http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 ), or in the country where Integrated Identity’s EU Representative is located.