Privacy Policy

easyAML considers itself an Australian Privacy Principle (APP) entity and as such is committed to handling personal information in accordance with applicable privacy laws and complying with The Privacy Act 1988 and the ACC Act 2002, and to the implementation of practices, procedures and systems that ensure compliance with the Australian Privacy Principles and all relevant registered APP codes.

Collection and Use or Personal Information

Personal information is data that can be used to identify or contact a single person, or information or an opinion about an identified individual, or an individual who is reasonably identifiable.

easyAML generally collects personal information under three scenarios:

1. Information from easyAML’s clients and potential clients (Clients) and their approved agents (including Client employees) for the purposes of establishing and maintaining a contractual arrangement with the Client and providing services to the Client;
2. Information from individuals whose identity is being captured and/or verified (Users) by easyAML, generally on behalf of a Client; and
3. Contact information for a User collected from a Client in order to facilitate the verification of identity (VOI).

This Privacy Policy is for anyone who is concerned or requires information about easyAML’s Privacy Policy and covers personal information collected under all three scenarios. For ease of reading, abbreviated Privacy Policies containing information pertinent to VOI Users and Venue Entry Patrons are available on our website.

What personal information we collect and how we collect it.

Client Information

• easyAML collects your personal information when we have contact with you in relation to our services, you make an inquiry on our website, you enter into a contract with us, participate in an online survey or any other circumstance where we may need to contact you. This personal information may include your name, mailing, residential and business address, phone number, email address(es), and contact preferences.
• We may collect financial or payment method information to process payment for any purchases made and to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business.

User Information - Venue Entry Patrons

• easyAML collects your personal information and analyses it on behalf of our Client. This personal information will generally include full name, gender, date of birth, the type(s) of identification document(s) provided and their identification numbers.
• We collect this information from Passports, both foreign and domestic, Australian Drivers Licences (or those issued under the laws of another country), Proof of Age Cards, Medicare Cards, Birth Certificates, and any other document presented or provided by you, on entry to our Client venue.
• We collect images of the scanned and/or uploaded identification documents which will include any photographic image contained in the document.
• The image of any identification document provided by you may contain personal information not required for the verification. Any information not required for the verification is not recorded anywhere outside the image and is held only for as long as the image is required to be held.
• To verify your identity we must capture an image of you to compare with the images on identification documents you have provided. Your image is biometric information and therefore sensitive information under the Privacy Act and the Australian Privacy Principles and is treated accordingly.
• We do not disclose, use or adopt government identifiers of Venue Entry Patrons.

User Information - other Users

• easyAML collects your contact information from the Client who has requested your VOI, to initiate the VOI. All other personal information about you will be collected from you through the verification process with your consent.
• We collect your personal information as required to perform the VOI requested by the Client. This personal information will generally include full name, gender, date of birth, the type(s) of identification document(s) provided and their identification numbers.
• We collect this information from Passports, both foreign and domestic, Australian Drivers Licences (or those issued under the laws of another country), Proof of Age Cards, Medicare Cards, Birth Certificates, and any other document presented or provided to easyAML by you.
• We collect images of the scanned and/or uploaded identification documents which will include any photographic image contained in the document.
• The image of any identification document provided by you may contain personal information not required for the VOI. Any information not required for the VOI is not recorded anywhere outside the image and is held only for as long as the image is required to be held.
• To verify your identity we must capture an image of you to compare with the images on identification documents you have provided. Your image is biometric information and therefore sensitive information under the Privacy Act and the Australian Privacy Principles and is treated accordingly. Sensitive information can only be collected when it is required for the purpose of verifying your identity and with your consent.
• During a remote VOI you will also be asked to perform a number of actions which are a necessary part of a liveness check (to lessen the risk posed by deep fakes and other deliberate attempts to fool the VOI). The information captured during this process includes biometric information, which will only be collected with your consent and only be held for as long as it is required to be held for the Client or our regulatory or verification requirements.
• We do not disclose, use or adopt government identifiers except where the use and disclosure of the identifier is necessary to perform the VOI requested by the Client.
• The VOI process is likely to require some of your document details to be verified by checking them against a government document verification service (DVS) or issuing authority. The information returned from the DVS or issuing authority may include additional personal and sensitive information (unsolicited information). This and any other unsolicited personal information will not be recorded other than in the form it was received and will be deleted as soon as practical.
• Depending on the products or services being provided by our Client, other verification checks may be required from third-party suppliers and public sources, including but not limited to providers of criminal checks, law enforcement agencies, government and statutory authorities, banks and financial institutions, regulatory and licensing bodies, credit agencies and education providers. You will be notified if we will be performing these additional verification checks and we will obtain your consent if there is a possibility that unsolicited personal information may be provided to us in the process.

Our regulatory obligations require that we track and record, in some form, the multiple “journeys” through our platform, which requires cookies. Our use of cookies are discussed further below.

How we use your personal information

In broad terms, we collect, use and hold your personal information if we have a valid lawful reason to do so, and so that we can:

• If you are a Client or potential client of easyAML:
  • Contact, communicate and conduct business with you;
  • To keep you posted on easyAML’s latest product announcements, software updates, and upcoming events. If you don’t want to be on our mailing list, you can unsubscribe at the bottom of any email we send to you, or you can write to us at http://www.easyAML.com.au/contact requesting that we remove you from our mailing list.
  • To send important notices, such as changes to our terms, conditions, and policies. Because this information is important to your interaction with easyAML, you may not opt out of receiving these communications.
  • For internal purposes such as auditing, data analysis, and research to improve easyAML’s products, services, and customer communications.

• If you are a Venue Entry Patron:
  • Patrons of licensed venues, which are easyAML’s Clients, consent to, and provide the identity document for, the collection of personal information from the identity document when they enter the venue.
  • If a patron participates in violent, immoral, anti-social or illegal behaviour, they may be banned from the venue and this ban will generally be communicated to all Client venues. Those venues may then use this information to decide whether they wish to let a “banned” patron into their venue.

• If you are a User (subject of a VOI) other than a Venue Entry Patron:
  • Verify your identity as part, or all, of the service we provide to the Client who requested your VOI; and/or
  • For a specific purpose that you have given consent for us to process your personal information for.

• In general:
  • Minimise risks and protect against fraud, misuse or loss of data and personal information, and to improve our services, including through the training of machine learning models.
  • Comply with laws, obligations or provide assistance to regulatory, government and law enforcement authorities.

When we may share your information

• easyAML shares sufficient personal information about users with the requesting Client to enable them to meet the legal or other obligation for which they requested the VOI, this information is provided to the Client via our secure portal or secure API call.
• We may share limited personal information of a User with the requesting Client to identify you or your VOI so that we may respond to a Client’s enquiry about your VOI.
• With a User’s consent and in order to use the services they have agreed with the Client, we may be required to provide information to governing bodies such as Anti-Money Laundering (AML), Australian Criminal Intelligence Commission (ACIC) or Visa Entitlement Verification Online system (VEVO).
• If compelled by law, we may disclose your information, including personal information:
  • In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
  • When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to maintain optimal operation of the system; to comply with applicable law or cooperate with law enforcement; or to enforce our terms and conditions or other agreements or policies.

• In the event of a reorganisation, merger, or sale of easyAML we may transfer any and all personal information we collect to the relevant third party.

In limited circumstances we may send personal information to overseas recipients

Generally easyAML keeps all personal information on third-party encrypted and secure servers within Australia.

There are two circumstances where personal information may be disclosed to or viewed by an overseas recipient:

• If the VOI being requested requires the verification of information by an overseas entity such as verification of a visa or other document not possible to verify through an Australian document verification service, this will only be done with your consent.
• In the unusual circumstance where the Client who has requested a VOI has staff involved in their processes who are working overseas. The Australian Document Verification Service only allows access to their services from within Australia except where an application for an exemption is made. These applications are made and approved by the DVS on a case-by-case basis.

Unsolicited personal information and de-identification

• We solicit and retain only personal information required to achieve accurate execution of our business activities and functions. Should we receive unsolicited personal information that information is destroyed immediately upon detection.
• We will de-identify personal information collected and stored where it is appropriate and practicable to do so.

Protection and Integrity of Personal Information

easyAML uses a number of techniques including encryption, password protection, access limitations and intrusion detection to protect your data. We also take physical and electronic security measures to safeguard personal information from loss, misuse, unauthorised access, modification or disclosure.

We use digital certificates to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure in the following ways:

• easyAML’s certificates are to be used for approved purposes only and are not permitted to be distributed beyond our secure network.
• All easyAML certificates are only installed on our secure infrastructure.
• All passwords used to access easyAML’s digital certificates are stored securely and inaccordance with our Password policy.

We also keep your personal information secure through:

• Systems and processes which are designed to deliver security for personal information;
• Policies and management oversight of security and staff security awareness training and policies in relation to security;
• Physical control and security of premises and equipment and electronic documents and secure document disposal;
• Platform security including auditing and testing of the platform.

Integrity and Retention of Personal Information

easyAML takes reasonable steps to ensure as far as possible that the personal information it collects is accurate and complete as at the date it was provided. VOI is transactional in nature and the personal information provided is not stored to be used in the future. We have no use for, or ability to, maintain up-to-date information.

We will retain your personal information for the period necessary to fulfil the purpose for which the personal information was provided, and no longer than is allowed by regulations.

You are entitled to know and confirm the accuracy of all your personal information recorded by easyAML and all such requests will be addressed free of charge.

However, personal information from a VOI is held on behalf of the Client who requested the VOI and any requests in relation to this information must be directed to the Client. The Client will contact easyAML on your behalf, if necessary.

If for some reason such access is not granted, a written reason will be provided.

Request for Correction of Personal Information

Correction of personal information may not be possible once a VOI is completed as this information has been used to verify your identity. During the VOI you will be presented with the opportunity to correct any data our system has not properly recorded from your identity document. If the incorrect data is sent to the DVS or other issuing authority then the VOI may not complete, and the verification may be invalid (or not complete) and need to be resubmitted.

If we cannot correct personal information as requested, easyAML will respond in written form as to the reasons for denial of the correction along with the appropriate avenue for complaint. In this case should an individual request a statement be associated with that information, such a statement may be recorded and associated with the applicable data.

How long we keep your personal information

We aim to keep your information for only as long as we need it. Factors that may influence for how long we may keep your data include:

• Fulfilling our legal or regulatory obligations, and our Client’s legal or regulatory obligations;
• Responding to a question or complaint; or
• Being unable to delete the data for technical reasons.

There are specific retention requirements in relation to personal information provided by Venue Entry Patrons.

• easyAML only indefinitely retains gathered personal information from patrons who have received long-term “bans” from licensed venues that are Clients.
• We use best endeavours to delete all personal information gathered from patrons who have not received a ban within 30 days from collection unless otherwise required by a government or statutory body.

General Privacy Related Information

Collection and Use of Non-Personal Information

easyAML also collects data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

• We may collect information such as occupation, language, post code, area code, unique device identifier, location, IP location and the time zone where a easyAML product is used so that we can better understand customer behaviour and improve our products, services, and advertising.
• We may collect information regarding customer activities on our website, and from our products and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our products, and services are of most interest. Aggregated data is considered non-personal information for the purposes of this Privacy Policy. If we combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined.
• To provide location-based services on easyAML products, easyAML and our affiliates and licensees may collect, use, and share precise location data, including the real-time geographic location of the VOI.

Cookies and Other Technologies

easyAML’s website, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our website people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non-personal information. However, to the extent that Internet Protocol (IP) residential histories or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non- personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

We and our affiliates also use cookies and other technologies to remember personal information when you use our website, online services, and applications. Our goal in these cases is to make your experience with easyAML more convenient and personal.

Most browsers automatically accept cookies, but you can usually modify your browser setting to disable cookies. Please note that certain features of the easyAML website will not be available once cookies are disabled.

As is true of most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) residential histories, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, and to gather demographic information about our user base as a whole.

Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

We may use non-personalized information to monitor activity that deviates from the norm using Security Information and Event Management (SIEM) tools and takes appropriate action as part of our security and cyber crimes prevention processes.

Complaints

To exercise your rights under this Privacy Policy, or applicable law, or if you have a dispute regarding an individual’s Personal information, you may do so by:

● Calling us on 1300 552 106

● or via the easyAML website contact page

We aim to respond to your dispute within 30 days. We take all complaints seriously and are committed to a quick and fair resolution. Individuals making complaints or enquiries will be afforded the right to anonymity where it is practicable to do so, however we may require certain information to confirm your identity.

If you are not satisfied with how we deal with your query or complaint, you may contact the Office of the Australian Information Commissioner (OAIC) by:

• calling their Privacy Hotline on 1300 363 992
• visiting the OAIC website.

Children

easyAML does not knowingly collect personal information from children under 13. If we learn that we have collected the personal information of a child under 13 without first receiving verifiable parental consent we will take steps to delete the information as soon as possible.

Privacy Questions

If you have any questions or concerns about easyAML’s Privacy Policy or data processing or if you would like to make a complaint about a possible breach of local privacy laws, please contact us.

We may update our Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy

You may be asked to provide your personal information anytime you are in contact with easyAML or a easyAML affiliated company. easyAML and its affiliates may share this personal information with each other and use it, as long as the sharing and use are consistent with this Privacy Policy, the Privacy Act and the Australian Privacy Principles.

Our Company Wide Commitment to Your Privacy

Verification of Identity is easyAML’s business, handling all personal information securely and in accordance with the Privacy Act is essential to that business.

Every new easyAML employee undertakes mandatory training in the identification and handling of personal information. Protection of personal information is discussed regularly in team and company-wide meetings, and considered when making any business decision.

Our Clients are contractually required to comply with the requirements of the Privacy Act, to comply with the privacy and other requirements of the Australian Document Verification Service (if applicable) and to protect any personal information they receive. Our affiliates are required to apply the same privacy policies as easyAML, where applicable.