VerifiMe Portal - Privacy Policy

VerifiMe portal - Privacy policy

6th December 2023

VerifiMe is a Greengate Fintech Holdings Pty Ltd ACN 664 286 515 (Greengate) software as a service /platform that provides a solution that enables customers to share their personal or organisational identity in real-time and businesses to verify the user’s identity attributes against their rules also in real-time. With VerifiMe service providers can be confident that the digital persona is a verified person and so too is the organisation and its beneficial holders. Whilst customers can control sharing their or their organisations' personal data in a safe and secure way while accessing their service providers without having to continually share this personal information and expose themselves and the service provider to risk. VerifiMe tokenises this identity enabling digital trust between businesses and individuals at every transaction that requires identity verification or personal data sharing whether now or in the future. The protection of personal data is VerifMe’s priority.  Privacy and control of your identity is a fundamental right that must be preserved.

As an Australian company, Greengate is bound by Australian legislation and regulators.

This privacy policy aims to describe our commitments regarding the collection, use, and disclosure of your personal data when you use our site, application, and services, and to inform you about your privacy rights. This policy doesn’t apply to sites and services offered by third parties and for which VerifiMe may act as a subcontractor. In this situation, we recommend you read their sites' privacy policy. 

This policy may change over time to reflect changes in our site, our application, and our services, as well as legislation or recommendations of judicial authorities. Therefore, you are advised to consult this privacy policy periodically for any changes. 

Changes will be effective as of the date of posting.

In the context of its core service identity verification and sharing, the data collected is processed by VerifiMe a brand owned by Greengate an Australian registered company.

What data is collected?

VerifiMe collects various personal information that you provide directly via the VerifiMe and that is strictly limited and relevant to the purposes for which it is processed.   

In accordance with the terms of use, you give express permission for that information to be processed and stored.  However, you can stop consenting at any time. Furthermore, you are not legally obliged to provide us with your personal data. However, without it, we will not be able to verify your identity and therefore the service will be limited.

The personal data that may be processed.

Data allowing the identification of the user: 

  • Name 

  • Last name 

  • First name(s)

  • Date of birth 

  • Country of birth 

  • Place of birth 

  • Nationality

  • Address

  • User's photographs of any documents  

  • Video taken by the user for dynamic facial recognition 

  • E-mail address 

  • any other information that is readable on the identity document provided for your verification 

Data allowing the identification of the identity document held by the user:

  • Document number

  • Authority issuing the document 

  • Date of issuance of the document 

  • Expiration date of the document 

  • Document number allowing to certify the authenticity of the document 

  • Type of document 

  • Entity issuing the document 

  • Country issuing the document 

Data allowing identification of an organisation : 

  • Name of the service provider 

  • Organisation number

  • Organsiation address

  • Beneficiaries, controllers of an organisation  

  • Data related to the user's consent to VerifiMe processing:

  • Consent to the processing of their personal data 

Navigation data: cookies and IP address when authorised by the user. 

Data allowing the identification of the user via the contact form: 

  • Last name 

  • First name 

  • E-mail address 

  • Telephone number

Why is data collected?

The VerifiMe platform collects your personal data only to the extent necessary for the purposes for which they are processed.

VerifiMe's main activity is to verify the identity of users by collecting the user's identification information so this can be shared securely and efficiently. The user's consent is required to collect their information and perform an identity check. Nevertheless, the user has the right to refuse it but VerfifMe will be unable to provide its services. 

VerifiMe offers a re-authentication service. Once the identity has been verified and integrated into the platform, VerifMe issues a reusable digital identity without storing/exposing the user’s personal data. The user's identification data is encrypted in a way that they cannot be exploited and stored offline in a highly secure environment.

For the purpose of identity fraud prevention, the processing of your data is also motivated by VerifiMe ensuring the security and trust of its users, and to comply with legal requirements. In addition, an evidence file containing all the data used to validate the digital identity is kept for legal/audit reasons.

The contact form on www.verifime.com allows you to make a complaint, ask a question or answer a message. Through this form, data can be processed to establish a commercial relationship with users or to receive feedback on our services. Its use is based on the consent of its users, and the legitimate interest of VerifiMe in managing its services. VerifiMe may also process data related to the use of its platform, such as connection data or IP address, to respond to requests for assistance made by users. 

Finally, VerifiMe may act as a subcontractor for service providers. In this case, the transmission of users' personal data is motivated by the performance of its contracts, in accordance with its Privacy Policy, mission and Australian legal/regulator requirements. 

Who are the recipients of this data?

When a user intends to authenticate himself with a service provider, the data available on the identity document provided by the user can be transmitted to the service provider. 

Still, some businesses may require other information available on the identity document provided by the user when verifying their identity. The transmission of this information is only completed on request and offline from the VerifiMe portal.

No personal data collected will be transmitted to commercial actors without your consent.

Only persons authorized to access personal data and who have received the necessary training in the protection of personal data have access to the processing of such data for remote identity verification. 

In the case of assistance sent via the contact form, only persons authorised to access personal data have access to the processing of such data. 

All our servers on which your data is stored and those of the service providers used to exchange and store this data are located in Australia. However, if a transfer of data would take place in a third country, VerifiMe undertakes and ensures that the necessary data protection measures are put in place and comply with the provisions of the Australian Privacy standards, and Individual Liberties Act.   

How is the data stored?

VerifiMe commits to "implement all appropriate technical and organizational measures to ensure a level of security appropriate to the risk". 

In doing so, VerifiMe does not make any copy of documents and media that may contain personal data entrusted to it other than in the strict context of the execution of its customer contracts. Unless otherwise stipulated in the customer contract, VerifiMe will not use or exploit documents and media that may contain personal data for purposes other than those specified in the contract. 

VerifiMe takes all measures to prevent any breach of personal data, including unauthorised access, destruction, loss, alteration, unauthorized disclosure, or misuse of personal data. Your personal data is stored on our servers and is subject to strict protection. 

VerifiMe implements all measures to ensure that the system it deploys at its customers' premises and the data processed are protected against external intrusions. 

How long will your data be kept?

The platform will retain your personal data only as long as necessary for the purposes set in this Privacy Policy. VerifiMe will retain and use your personal data to the extent necessary to comply with its legal obligations, resolve disputes and enforce its legal agreements and policies. 

An account is suspended after seven years of inactivity and its data is completely deleted. 

Data that may be transmitted to a service provider permissioned by a user if requested as part of a service providers audit. 

All documents collected and data for verification is held offline and in an evidence file this is an audit trail allowing the service provider or their appointed representatives in the case of legal dispute to verify the data used to validate a remote identity. It contains all the data used to validate the digital identity (such as passports, driving licences, company/trust deeds, email address etc...). The evidence file is protected to the highest standards. It is kept on a secure server designed for this purpose and respects the security standards for archiving servers for this type of information. Accessible only in case of legal dispute or audit request.  

What are your rights? 

You as a user of VerifiMe can exercise your rights on your personal data, your rights are:

  • you can have access to this data, as well as information on the purpose processing. 

  • you can withdraw your consent at any time when the processing of your personal data is based on it. You also have the right to object to any processing of your personal data. 

  • you can ask VerifiMe to rectify, complete or update information about you if there are errors or inaccuracies, or if you notice the presence of data whose collection, use, or storage is prohibited. It applies to the authentication account. However, this right is not absolute.  When using our services, an evidence file is created containing all the data used to validate the digital identity. This file cannot be modified, completed, or updated for auditing purposes and for preservation in cases of legal disputes. 

  • you can ask VerifiMe to erase your personal data, which will then be deleted at the latest 3 business days (Sydney,NSW) after your request. However, in some cases, it cannot be deleted: if it is necessary for the performance of a legal obligation (such as a contract), or if legal retention and archiving periods prevent it. 

  • You can receive all the personal data you have provided to us and to transfer them to another controller without being objected to.

For any questions related to this Privacy Policy or for any complaints about the protection of your data, you can contact Greengate’s Privacy Office on privacy@verifime.com

If, after having contacted us, you feel that your rights regarding your personal data are still not respected, you can send a complaint with the Australian Governments Office of the Australian Information Commissioner for more information go to -

https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us