Privacy Policy

Last Updated: 07 Feb 2024

Thank you for using BiodeTIME. We are committed to protecting your privacy and safeguarding your personal information. We understand the importance of keeping personal information private and secure. This Privacy Policy outlines how we collect, use, share, and protect your data when you use our services.

This Policy forms part of and is subject to our Terms of Use.  

Developer Information and Privacy Contact

• BiodeTIME - Biode Pty Ltd (ABN 70 647 561 082) ("we", "us" or the "Company")
• Unit 9, 43 Station Avenue, Darra QLD 4076, Australia
• Email: devteam@biode.com.au
• Phone: 1300 605 036

For any inquiries regarding your privacy or this Privacy Policy, please contact our Privacy Point of Contact at the provided email or phone number.

The Australian Privacy Principles 

We will treat all personal information in accordance with any and all obligations that are binding upon us under the Privacy Act 1988 (Cth) ("Privacy Act"). The Privacy Act lays down 13 key principles in relation to the collection and treatment of personal information, which are called the "Australian Privacy Principles" ("APP").

Types of Data Collected

Personal information held by the Company may include information that may be used to personally identify individuals, such as but not limited to:

• Face Data
• Name and date of birth
• Mobile phone number
• Email address
• any combination of images obtained while using our products or services
• preferences and password / PIN for using our products or services and your computer and connection information and
• any information that you otherwise share with us.

Location Information:

• GPS data
• Geolocation information, including time and date.

Biometric Information:

• Facial recognition data

We will treat all biometric data collected in line with the Biometrics Institute's privacy guidelines.

Biode's face algorithms are trained using diverse biometric databases to ensure usability - I.e. accurately identifying people of different races, genders, ages, and ethnicities.

Photos and Videos

BiodeTIME may request access to your device's camera to capture and store photos which will used as part of your user record. Videos are captured and processed for biometric identification. The video data is not retained after processing.

This data is used solely for the intended functionality within the app and is not shared with any third parties unless explicitly stated in this Privacy Policy.

We do not access your camera or collect photos/videos without your explicit consent or outside the scope of the app's functionalities. You can manage and revoke access to the camera through your device settings at any time. Revoking access to the camera will significantly reduce the functionality of the app and biometric identification cannot occur. 

By using BiodeTIME, you consent to the collection and usage of photos or videos as described in this Privacy Policy.

Transaction Information:

Biode will be collecting transaction log data, which includes the functionality of recording each transaction's timestamp, request headers and metadata, the output of any biometric liveness results, anti-spoof results, verification results, ISO compliance results, and at the customers’ discretion, any combination of photos from the transactions – e.g. every photo, last photo, or no photo at all etc.

How we may collect Information

The Personal Information is collected whenever an authorised operator or user of the customer’s BiodeTIME account creates, edits or updates a user’s profile via the operator or user 's device (web, Android, iOS).

The Location, Face Data (Optional), Photo and Video, and Transaction information is collected whenever a user attempts to perform an activity via the user 's device (web, Android, iOS), do a biometric liveness check, ISO compliance check, or verification check as the authorised user of a customer’s account - this data is securely stored on our servers, which also host the BiodeTIME website and face matching service. No Personal Information (including Face Data) is stored on the mobile device.

How we use the Information that we collect

We collect and use the above-mentioned data to:

• Identifying the person using facial recognition data (Optional - A User ID and PIN can be used instead)
• Provide and improve our services.
• Customise user experience.
• Communicate with users.
• Ensure app functionality.
• Analyse app usage and performance.
• Comply with legal obligations.

The data we collect is purely for the purpose of providing the BiodeTIME service, which may include matching a source biometric template of an individual provided by the customer against a live image captured by us via the user's device (web, Android, iOS). The data is collected to confirm the details of the transaction and for quality and support purposes in the event of biometric matching errors.

The transaction log data is stored in a SQL database.

Only the customer’s-authorised users who have direct access to the BiodeTIME platform can access the information. 

IP addresses

We may also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers or devices on the internet to uniquely identify them within the global network. The Company collects and manages IP addresses as part of the service of providing internet session management and for security purposes. The Company may also collect and use web logs, computer, location, connection information and technical data (which may include IP address, the types of devices you are using to access the platform, device attributes, browser type, language and operating system) for security purposes and to help prevent and detect any misuse of, or fraudulent activities involving this platform.

Cookies

We may use "cookies" to help personalise your online experience. A cookie is a text file or a packet of information that is placed on the user’s device by a web page server to identify and interact more effectively with the user’s device. There are two types of cookies that we may use: a persistent cookie and a session cookie. A persistent cookie is entered by the user’s web browser into the "Cookies" folder on the user’s device and remains in that folder after the browser is closed, and may be used by the browser on subsequent visits. A session cookie is held temporarily in the user’s device memory and disappears after the browser is closed or the device is shut down. Cookies cannot be used to run programs. Cookies are uniquely assigned to each user and can only be read by a web server in the domain that issued the cookie to the end user. In some cases, cookies may collect and store personal information about the user. The Company extends the same privacy protection to the users data or Personal Information, whether gathered via cookies or from other sources.

The user can configure their internet browser to accept all cookies, reject all cookies or notify them when a cookie is sent. Most web browsers automatically accept cookies, but the user can usually modify their browser settings to decline cookies if they prefer. If a user chooses to decline cookies, they may not be able to fully experience the interactive features of our products.

Why we use cookies

Our solution uses cookies in order to:

• remember the user’s preferences for using our solution;
• recognise users as logged in while they remain so. This avoids the users from having to log in again every time they visit a new page;
• remember details of data that users choose to submit to us (eg. images).

Many of these cookies are removed or cleared when users log out, but some may remain so that the user’s preferences are remembered for future sessions.

Data Sharing

In order to deliver the products/services required or for any other purpose set out in this Policy, the

Company may disclose Personal Information to organisations outside the Company. Personal Information may be disclosed to these organisations only in relation to our solution, and the Company takes reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your Personal Information. These organisations may carry out or provide:

• customer support enquiries;
• information technology services; and
• platform usage analysis.

In addition, we may disclose Personal Information to:

• a user’s authorised representatives or legal advisers (when requested by the user to do so);
• identity data validation providers;
• government and regulatory authorities and other organisations, as required or authorised by law;
• our IT service providers, payment system operators, data storage, webhosting and server providers, security vendors and maintenance or problem-solving providers;
• persons the user may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances;
• the police or other appropriate persons where user communication suggests possible illegal activity or harm to others.

Secure Data Handling

We are committed to maintaining the confidentiality of the information provided to us, and we will take all reasonable precautions to protect information from unauthorised use or alteration.

Information we collect is stored in an SQL database in our BiodeTIME datacentres in Australia. We employ industry-standard security measures to protect personal and sensitive user data against unauthorised access, alteration, disclosure, or destruction.

Data Retention and Deletion

User Data (excluding Face Data)

We retain user data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law. At the end of any retention period, user data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).  In some circumstances, users can ask us to delete their data by contacting our Privacy Point of Contact.

Face Data

We retain Face Data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Users can ask for their Face Data to be deleted. Face Data will be removed as per the following:

1. The user has contacted Biode's Privacy Point of Contact and requested their Face Data to be deleted. This will result in an authorised operator of Biode manually deleting the Face Data.
2. The user requests their employer to remove their Face Data. This will result in an authorised operator of the employer manually deleting the Face Data.
3. The user is deactivated by the employer. Deactivation automatically deletes the user's Face Data.
4. The user is inactive for a period of 1 year.
5. The user's employer's subscription has been suspended / cancelled for longer than 3 months.

In some cases, we may refuse to delete a user’s Personal Information that we hold about them. This may include circumstances where doing so would:

• be unlawful (e.g., where a record that contains personal information about users is subject to a claim for legal professional privilege by one of our contractual counterparties, or 

• contravene the rights or obligations of our customer (e.g. where a record that contains personal information about users is subject to mandatory record-keeping obligations of our customer).

If we refuse to delete a user’s Personal Information, we will provide them with reasons for our refusal.

We cannot guarantee the security of any information that is transmitted to or by us over the internet. The transmission and exchange of information is carried out at the user’s own risk.

Likewise, we take all reasonable measures to ensure the security of hard-copy information. 

Consent

By using BiodeTIME, you consent to the collection, use, and sharing of your personal and sensitive data as described in this Privacy Policy.

Contacting us about privacy

If users would like more information about the way we manage personal information that we hold about them, or are concerned that we may have breached users privacy, please contact us by email to devteam@biode.com.au or by post.

Access to users personal information 

In most cases, users may have access to personal information that we hold about them. We will handle requests for access to users' personal information in accordance with the Australian Privacy Principles.

All requests for access to user’s Personal Information must be directed to the Privacy Officer by email using the email address provided above or by writing to us at our postal address. We will deal with all requests for access to Personal Information as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given. We may charge users a fee for access if a cost is incurred by us in order to retrieve user’s information, but in no case will we charge users a fee for user’s application for access. 

In some cases, we may refuse to give users access to personal information that we hold about them.

This may include circumstances where giving users access would:

• be unlawful (e.g., where a record that contains personal information about users is subject to a claim for legal professional privilege by one of our contractual counterparties);
• have an unreasonable impact on another person’s privacy; or 
• prejudice an investigation of unlawful activity.

We may also refuse access where the Personal Information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings.

If we refuse to give users access, we will provide them with reasons for our refusal.

Correcting a user’s personal information 

We will amend any Personal Information about users that is held by us and that is inaccurate, incomplete or out of date if users request us to do so. If we disagree with a user’s view about the accuracy, completeness or currency of a record of a user’s personal information that is held by us, and users ask us to associate with that record a statement that users have a contrary view, we will take reasonable steps to do so.

Complaints

If users have a complaint about the way in which we have handled any privacy issue, including users' request for access or correction of their personal information, users should contact us. Our contact details are set out above.

We will consider a user's complaint and determine whether it requires further investigation. We will notify users of the outcome of this investigation and any subsequent internal investigation.

If users remain unsatisfied with the way in which we have handled a privacy issue, users may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available. 

Keeping users information up-to-date

To ensure that users personal information is accurate and up to date, please promptly advise us of any changes to users information by contacting our data protection officer by email at devteam@biode.com.au or by post.

Changes to this Privacy Policy 

From time to time, it may be necessary for us to revise this Privacy Policy. Any changes will be in accordance with any applicable requirements under the Privacy Act and the Australian Privacy Principles. We may notify users about changes to this Privacy Policy by posting an updated version on this platform with a revised "Last Updated" date.