GBG PLC (‘GBG’) acquired Verifi Identity Services (‘Verifi’) in 2022. Verifi is the owner of the identity verification software Cloudcheck.
- whilst you are using the Verifi website www.gbg-cloudcheck.com
- in connection with our products and services.
GBG take the protection and security of your personal information very seriously and this policy sets out our responsibilities under the Privacy Act 2020 (‘New Zealand Privacy Act’) and the Australian Privacy Act (1988) (‘Australian Privacy Act”), and other applicable laws relating to the processing and security of personal information. We refer to the New Zealand Information Privacy Principles as the IPPs and the Australian Privacy Principles as the APPs. Together we refer to the New Zealand Privacy Act and Australian Privacy Act as ‘the applicable data protection laws’. Where your personal information is transferred overseas, it will be treated in accordance with New Zealand and Australian laws at a minimum.
GBG has offices in 22 locations, and our registered head office is located within the United Kingdom.
GB Group Plc, The Foundation, Herons Way, Chester Business Park, Chester, United Kingdom CH4 9GB
Company Registration Number: 02415211
If you have any questions about how your personal information is used by GBG, please email us at firstname.lastname@example.org or call +64 9 953 8333 . For more detailed information about GBG, please visit our website at www.gbgplc.com .
This policy was last updated on 15 February 2023
Verifi Identity Services Limited is a registered New Zealand business NZBN 9429030806313.
Cookies and Statistical Information
We collect statistical information about visitors to our websites such as the number of visitors, pages viewed, types of transactions conducted, time online and documents downloaded. This information is used to evaluate and improve the performance of our websites. Other than statistical information, we do not collect any information about you through our website unless you provide the information to us.
When cookies are used on our websites, they are used to collect the statistical information referred to above in addition to allowing you to access your account online. When you access your account on-line a cookie will be created which uniquely identifies your computer and your username and password. This means that you do not have to re-enter those details each time you want to access your account online.
Most internet browsers are set up to accept cookies. If you do not wish to receive cookies, you may be able to change the settings of your browser to refuse all cookies or to have your computer notify you each time a cookie is sent to it, and thereby give yourself the choice whether to accept it or not. If you reject all cookies, you will be unable to access your account online. You can also delete cookies from your computer after they have been created.
Cloudcheck is an electronic identity verification tool that performs identity using biometric checks, bank account details, document fraud checks, Australian, New Zealand and international data sources and global watchlists.
What personal information does Cloudcheck collect and why?
GBG may collect information from you in the following circumstances:
- As the representative of one of our business users
- As the individual undertaking identity verification
Business users of Cloudcheck
In order to provide you with access to the product and to provide support to you under our contract with your organisation, GBG is required to collect the following information from you:
- Email address
- Telephone Number
- Company registration details
- Company ownership details
- Reason for requiring the service
- Compliance with the AU/NZ Privacy Acts
- Location of staff & servers
How we use your personal information
We use these details in order to provide you with access to Cloudcheck and to retain appropriate audit logs of activity within the system. The above information will be held by GBG until the conclusion of the arrangements between the organisation and GBG, or until we are advised you no longer require access to the product.
Accuracy of your personal information
You can request an amendment to your personal information at any time by requesting your account manager to do so by emailing email@example.com
Individuals undertaking identity verification
GBG provides online identity verification and fraud detection solutions to businesses to assist them to onboard their customers. If you apply for a product or service with any of our customers, we will collect information about you (from you and/or from our customer) in order to verify your identity. In order to do this we will need to provide your information to our data partners to confirm your details.
To verify your identity, we are required to collect a variety of information from you including some or all of the following, your:
- Identity document information
- Email address
- Mobile phone number
- IP address
- Device information
- Images of your face and ID document
This information is processed by our products and you should refer to the relevant section of this privacy notice to understand any potential international transfers of your data.
You need not give us any of the personal information requested by GBG. However, without that information GBG will not be able to verify your identity to provide you with any other services, information or assistance you have sought.
How we use your personal information
The information requested in any identity verification transaction is required to enable us to provide a service to you and the reporting entity whom you are establishing a relationship with. That information, together with the information collected and maintained by GBG during the identity verification process, is used to provide the services to you and to audit the success of any such services.
Your information will be held for a period of time in order to support our customers onboarding processes. That timeframe is negotiated between GBG and it’s business users depending on their requirements.
Who will we share your data with and why?
We will always disclose your personal information and identify verification to our business users, with whom you apply for a product or service.
We will need to provide some of your personal information to the third-party service providers we use to help us provide our services e.g. credit reporting bodies, government agencies, external data storage providers etc. We may also disclose your personal information to our affiliates and related companies in order to undertake our normal business practices.
If we provide your personal information to any of these entities, we will always require them to manage it in accordance with the relevant data protection laws. We may also provide your information to third parties if we are required to do so by law or under some unusual circumstances which are permitted under the Privacy Act 2020 in New Zealand and Privacy Act 1988 in Australia.
Accuracy of your personal information
The information that GBG holds on you is a record of an identity verification at a point in time. Whilst it is unlikely we would amend that information, should you have any queries in relation to that data you can email us firstname.lastname@example.org
We may pass any correction request to our customer or such other third party which collected the information from you.
International Transfers of personal data
In some circumstances there may be an international transfer of your personal data. This may occur where our data partners are located overseas, and also where our internal business processes require an overseas transfer.
In accordance with the relevant data protection laws, your information will only be transferred to an overseas entity where that entity is either:
- Subject to comparable data protection laws; or
- We have an arrangement in place that requires the recipient to provide an adequate level of protection to your information.
GBG maintains records of all transactions made through the identity verification process, including the sources used to verify your identity and whether the verification was successful. GBG will retain information it receives from customers and business users for a period of 7 days for auditing and error checking purposes. Following this 7-day period, GBG will automatically and securely remove the data from its systems.
GBG’s customers access IDscan products and services to prevent and detect fraud. Using a combination of automated document recognition, digital tampering detection, advanced face-matching technologies and real-time online support from trained document examiners, our clients are able to on-board individuals while improving customer experience, fighting fraud and meeting compliance obligations.
What personal information GBG holds and why
IDscan obtains a copy of your identification document. Where GBG provides a hosted cloud storage solution to our clients, we hold your identity documents (IDs). We hold this data in order to provide our services, including storage, support and maintenance.
Purpose and legal basis for processing
Our purposes for processing your data in connection with IDscan are: (i) to provide support services to our clients who use IDscan to verify your identity and to conduct maintenance and testing of our IDscan systems (in accordance with APP 3.2, which allows us to collect personal information when it is reasonably necessary for one or more of GBG’s functions or activities and IPP 1 which allows us to collect information for a lawful purpose connected with one of our functions or activities where the collection of the information is necessary for that purpose); and (ii) to train the IDscan document recognition engine to recognise underperforming or unrecognised documents (with your consent).
For our New Zealand customers, IDscan is hosted from Australia. For any New Zealand customers there will be a data transfer from New Zealand to Australia of personal information. PII from our New Zealand customers will generally be stored in Australia, unless product support is required.
If product support is required, this will be provided by our team based in the United Kingdom and Malaysia and our technical and support teams in Turkey. Should they be required to access or view any identification documents, this is considered to be a transfer of data to the United Kingdom, Malaysia or Turkey in order to facilitate that support.
Where there is an international data transfer to our Australian, United Kingdom, Malaysian or Turkey offices, your personal information will be handled in accordance with the relevant data protection laws (at a minimum) in relation to the collection, use, disclosure, storage and destruction or de-identification of personal information.
IDs captured by GBG IDscan will be retained until the earlier of the following events occurs (the ‘Retention Period’):
the ID is no longer in circulation and is no longer accepted as a valid identification document; orwe no longer need it for any purpose for which it may be used or disclosed by us in accordance with the APPs or IPPs (as applicable), or for such longer period as may be required under any applicable law.
At the end of the Retention Period, we will take reasonable steps to destroy or de-identify the ID.
Your rights under Australian and New Zealand Privacy Laws
As an individual, you have rights regarding the processing of your personal information, these are:
- The right to transparency – you have the right to know why your personal information is being collected, how it will be used and who it will be disclosed to.
- The right of anonymity/pseudonymity – you have the right not to identify yourself, or the right to use a pseudonym in certain circumstances if the Australian Privacy Act applies.
- The right to access your personal information – you have a right to know what personal information GBG hold on you.
- The right to opt out – you have the right to stop receiving unwanted direct marketing.
- The right to correction – you have the right to ask us to correct any information you believe is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- The right to complain about a breach by us of the applicable Privacy Act if you think we’ve mishandled your personal information (see ‘How to contact us if you’re not happy’ and ‘Your right to lodge a complaint with the Supervisory Authority’ below).
Please keep in mind that some of these rights are subject to an internal assessment that one of the grounds set out in the applicable Privacy Act is satisfied.
You can send these requests to email@example.com or by calling us on:
New Zealand: 0800 2VERIFI (0800 283743)
Australia: 1300 849 290
International / NZ: +64 9 953 8333
We will always aim to provide you with access within 30 days (if the Australian Privacy Act applies) or within 20 working days (if the New Zealand Privacy Act applies) but in some cases, it may take longer. If GBG are unable to comply with your request, we will provide you with an explanation.
There is no fee for requesting access to your information, although GBG may charge you the reasonable cost of processing your request.
How to contact us if you're not happy
We appreciate that at GBG we may not always get things right and it is regrettable for us as an organisation when we receive a complaint. We take all complaints seriously and can assure you we will do our best to deliver a satisfactory outcome. If you do wish to complain about how your personal information is used by GBG then please write to us at firstname.lastname@example.org
GBG will investigate and respond within 10 working days of receipt of your complaint. This allows us time to investigate your complaint thoroughly.
Your right to lodge a complaint with the Supervisory Authority
Where you believe that GBG have not taken our responsibilities with your personal information seriously, you have the right to complain to the applicable Supervisory Authority. We ask that you first raise your concerns with us and give us 30 days to satisfactorily resolve your complaint as required by the New Zealand Privacy Act/IPPs. Should we be unable to resolve in the first instance, you can then escalate to the Supervisory Authority as follows:
Office of the Privacy Commissioner, PO Box 10094, Wellington 6143, New Zealand
Telephone number: 0800 803 909
Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001, Australia
Telephone number: 1300 363 992