Data Protection
VerifiMe, a GreenGate Fintech Holdings Pty Ltd software product
Date: 20/12/23
VerifiMe a GreenGate Fintech Holdings Pty Ltd -ABN 97 664 286 515 software product
VerifiMe allows a customer to share verified states whether identity of them personally or entities they control. VerifiMe utilizes advanced technology that checks government databases both locally and internationally to verify the authenticity and accuracy of documents and information provided by users.
With VerifiMe, reliance on traditional, time-consuming processing and often risky re-exposure of customer personal identifiable information is no longer an issue. VerifiMe swiftly validates a range of document types, such as identification cards, passports, driving licenses, visas, certificates, and more, one. It creates a verified state that can then be updated and managed from which service providers can be permissioned to the verified state.
We take data security extremely seriously, and all information handled through VerifiMe is stored and transmitted using state-of-the-art encryption methods. Our platform adheres to stringent privacy and data protection protocols to safeguard both your clients' and your organization's sensitive information.
By integrating VerifiMe into your workflow, you can vastly improve efficiency, reduce the costs associated with manual checks, and enhance the security and accuracy of your document and information verification processes.
The following terms relate to use of the platform by a Controller who, on authority, may operate a VerifiMe account on behalf of an individual/organisation.
1. Definitions:
• "Controller" refers to the natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data.
• "Data Protection Officer" (DPO) refers to the person designated by the Controller to monitor and ensure compliance with data protection laws.
2. Purpose of Processing:
• The Controller is responsible for ensuring that personal data is processed lawfully, fairly, and transparently for specified purposes.
• Personal data may include but is not limited to names, contact information, financial data, or any other information that allows the identification or contact of an individual.
3. Legal Basis for Processing:
• The Controller shall ensure that a valid legal basis, as defined in relevant data protection laws, exists for the processing of personal data.
• Such legal basis may include the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, or legitimate interests pursued by the Controller or a third party.
4. Data Subject Rights:
• The Controller shall respect and uphold the rights of data subjects, including but not limited to the right to access, rectify, erase, restrict processing, data portability, and object to the processing of their personal data.
• The Data Protection Officer shall be responsible for handling data subject requests and ensuring their effective implementation.
5. Data Minimization:
• The Controller shall ensure that personal data collected is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
• The Controller shall not retain personal data for longer than necessary and shall establish appropriate retention periods.
6. Data Security Measures:
• The Controller shall implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, protecting it from unauthorized access, disclosure, alteration, or destruction.
• These measures may include encryption, access controls, regular data backups, and staff training to raise awareness on data protection.
7. Data Transfers:
• The Controller shall only transfer personal data to third parties or international organizations that provide sufficient guarantees of data protection, ensuring compliance with applicable laws and regulations.
• Necessary safeguards, such as standard contractual clauses or binding corporate rules, shall be implemented for such transfers.
8. Data Breach Notification:
• In the event of a data breach that poses a risk to the rights and freedoms of data subjects, the Controller shall promptly notify the relevant supervisory authority and affected data subjects as required by applicable data protection laws.
• The Controller shall maintain comprehensive records of all personal data breaches, including their effects and the remedial measures taken.
9. Subprocessors:
• The Controller shall only engage subprocessors compliant with data protection laws and ensures they provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to protect personal data.
10. Cooperation with Supervisory Authorities:
• The Controller shall cooperate with and respond to requests and inquiries from supervisory authorities and provide them with all necessary information to ensure compliance with data protection laws.
11. Data Protection Impact Assessments (DPIAs):
• The Controller shall conduct DPIAs where processing operations are likely to result in a high risk to the rights and freedoms of data subjects and take appropriate measures to mitigate those risks.
12. Review and Audit:
• The Controller shall regularly review and audit its data protection practices and procedures to ensure compliance with applicable laws and regulations.
• Internal or external audits may be conducted periodically to assess the effectiveness of data protection measures and identify areas for improvement.
13. Updates to the Controller Data Protection Terms:
• The Controller shall review and update these Data Protection Terms as necessary to reflect changes in applicable regulations or the organization's processing activities.
• Data subjects and supervisory authorities shall be appropriately informed of any material changes.