Legals

Privacy Policy

Personr Pty Ltd processes personal data in the course of service provision to its Clients according to their instructions. 

The client is the Controller that determines the purpose of data processing, exercises control over the User’s personal data, and stipulates the retention period of the User’s data according to its purposes. Personr Pty Ltd, in turn, is a Processor that conducts only those data processing activities that the client requests. 

For clarity, Personr Pty Ltd performs remote identity verification procedures for the client as part of service provision. Before passing such procedures, the User consents to such processing or is properly notified by the client in line with the client’s Privacy Policy.

When developing and improving Services as a matter of public interest and other cases specified in this Privacy Notice, Personr Pty Ltd is the Controller of Users' personal data.

Scope

This Privacy Notice outlines how we collect and process personal data, commit to protecting your information, and provide the framework through which effective management of data protection matters can be achieved while providing our Services. 

This Privacy Notice does not cover how Personr Pty Ltd Clients may treat Users' personal data. Clients provide this information in their privacy statements which are not subject to Personr Pty Ltd's control.

Definitions

Agreement -The Service Provider Agreement concluded with each Client, its annexes and appendices;

Client -The legal entity to which Personr Pty Ltd provides Services under the Agreement;

Service(s) -The personal identity verification service and connected services provided by Personr Pty Ltd;


Data Controller, or Controller -The Client where it, alone or jointly with others, determines the purposes and means of the processing of personal data by written instruction for processing activities given to Personr Pty Ltd;
Data Processor, or Processor -Personr Pty Ltd where it processes personal data on behalf of a Data Controller;

Third-Party Processors -Processors authorised to exercise certain processing activities under the direct authority of Personr Pty Ltd;

Data Providers -Third-party service providers or public authorities used to collect additional information necessary for the provision of the Services;
Data Subject -Any individual (hereafter - User) whose personal data Personr Pty Ltd may process on behalf of the Controller (the Client’s customers);

Personal data -Any information relating to an identified or identifiable Data Subject;

Special categories of personal data -Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning health or data concerning a natural person's sex life or sexual orientation;

Data concerning health -Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

Filing system -Any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised, or dispersed on a functional or geographical basis used for service provision;

User -Any individual in respect of whom the identity verification procedure (or any of its elements) is performed as part of the Services provided to a Client (may be referred to as ‘you’ in this Notice);

Website -personr.co, enterprise.personr.co;

Processing -Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Personal data breach -A breach of data security leading to unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed;Consent -Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of their personal data;

Livechat -A system that allows Users to have a real-time interaction with Personr Pty Ltd’s support team in a chatbox on the Website page in the browser;
Customer due diligence procedure -The process and rules established by the Client in line with applicable regulations, including the requirements for identifying its customers, related risks and checking they are who they say they are (may be referred to as ‘KYC’ in this Notice);

AML/CFT -Anti-Money Laundering / Combating the Financing of Terrorism legal rules and standards as envisaged in FATF recommendations, EU regulations, and national legislation;

Politically Exposed Persons (PEPs) -Individuals who are or have been entrusted with prominent public functions (e.g., heads of state or government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials), as well as their relatives and close associates;

CCPA -The California Consumer Privacy Act of 2018, Civil Code sections 1798.100.

Principles of personal data processing that Personr Pty Ltd adheres to

Personr Pty Ltd adheres to the principles of personal data protection as envisaged in the EU GDPR, UK GDPR, AU Privacy Act 1988 and CCPA.

In accordance with these principles, Personr Pty Ltd assists the Controller in ensuring that the User’s personal data is:

  • Processed fairly and lawfully and in a transparent manner in relation to the Data Subject;
  • Processed for specified, explicit, and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • Kept accurate and up to date;
  • Retained in a form permitting identification of Data Subjects for no longer than is necessary for the purposes for which they are processed;
  • Processed in a manner that ensures their appropriate security;


Purposes of personal data processing

Performance of the Agreement -

While serving Clients, Personr Pty Ltd mainly processes your data as a Processor for the Client's benefit. Personr Pty Ltd processes personal data for the performance of the Agreements, including indicated services, obligations arising from the Agreement, and related rights, as well as for the execution of rights and fulfilment of obligations deriving from legal acts and processing Users' requests.

This Privacy Notice does not cover how Personr Pty Ltd Clients may treat Users' personal data. Clients provide this information in their privacy statements which are not subject to Personr Pty Ltd's control.

Personr Pty Ltd collects and further processes Users' data for the Client, which may include matters of compliance with applicable AML/CFT and/or other laws and regulations and/or the Client's internal customer due diligence procedures. Once personal data is no longer necessary for the relevant purpose, Personr Pty Ltd erases it from its servers upon the Client's written instruction without leaving any backup copies after transferring it to the Client.

Other purposes -

We may process your data for purposes that serve Personr Pty Ltd's legitimate interests, which include the following purposes:

  • Where it’s not prohibited by applicable laws and provided we have permission from our Clients, we may process some personal data, including biometrics, to develop and improve identity verification services to prevent and detect fraud and other illicit activity as part of substantial public interest via machine learning. For more information, please refer to Provision 5 (Service Development);
  • Given the nature of our Services, we are to detect and prevent criminal activity, fraud, and money laundering by checking the provided User data against records of confirmed or suspected illegal activity, fraud or money laundering. If any sign of this appears, we will inform our Clients of this. For more information, please refer to Provision 5 (Fraud detection);
  • In connection with the purpose above, we may also conduct profiling, statistical analysis, and analytics in AML/CFT tendency, fraud detection, and prevention. The System may aggregate the User's data with other Users' data to generate reports and charts our Clients may use when assuming the risk likelihood associated with specific characteristics;
  • We sometimes may be obliged to process or retain all or part of personal data for the establishment, exercise, or defence of legal claims;
  • We process some personal data while adhering to the principles of personal data handling, namely lawfulness and accountability, by obtaining the legal basis for processing specific personal data concerning certain Users, as required under laws applicable to such Users. Obtaining and maintaining records that we have obtained on such a legal basis is essential to prove that we comply and adhere to our legal obligations outside and in the European Union and the United Kingdom.


Data processing activities

Personr Pty Ltd provides multiple types of automated processing, including, but not limited to, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination (if so legally binding), or otherwise making available, alignment or combination, restriction, erasure or destruction.

Document сheck -

For fraud detection, Personr Pty Ltd subjects personal data from photos and scanned copies of documents to automated reading and verification of authenticity by conducting different checks, such as completeness of records, screenshots detection, or cross-checking of all data from all submitted documents (e.g., name, date, and place of birth, signature). We also check the document's security features, including the embedded security chip, machine-readable zone (MRZ), barcodes, QR codes and other security components used for genuine data validation. The Personr Pty Ltd system analyses the results of the above to make an inference regarding the document’s trustworthiness.

Biometric processing methods -

Personr Pty Ltd may process biometrics to verify whether provided facial images are likely to match depending on the service chosen by a particular Client. The processing of biometrics means extracting facial features from uploaded or recorded facial images on government-issued identity documents submitted by the User and comparing them. We store this biometric data for a period our Client instructs.

There are several reasons why Clients ask for such biometrics processing. Generally, Clients may wish to check whether an identity document genuinely belongs to the User by comparing a provided facial image to the facial image contained in the identity document.

In addition, Clients may ask us to check whether a User is alive and genuine. To do this, we use our Liveness check to determine if the User isn’t holding a mobile phone, showing any signs of constraint, or attempting to defraud the system using emulators, static images, or ‘deep fakes’. 

As a rule, the User is prompted to blink, smile, or move their device while passing Liveness. During such checks, we may also detect signs of fraud or other spoofing attacks by comparing the User's facial features to those of known masks. 

Simultaneously, we may also check whether the User may be generating multiple identities by inspecting whether we have previously verified him/her on behalf of a particular Client. 

To determine if the User is known to a specific Client, we compare the User's facial image to the facial images of other Users previously verified on behalf of that particular Client.

When required by the Client, we assist in the authentication process. For this, the Client may ask the User to pass liveness. During this process, the User’s face is recognised, and the result is compared with the biometric data records of the said User obtained previously.

For each authentication attempt, we will compare the new liveness facial image with the biometrics of the said User obtained previously.

Data validation -

These data validation checks enable Clients to verify data against databases of third-party data providers and detect whether the User is involved in illicit activities, money laundering or terrorism financing. 

To do this, we will check the data extracted from the uploaded documents or provided by the User against a database of third-party data providers. The data providers we may use depend on the Client’s needs and the User’s location and may include ID registers, proof of address checks, the Social Security Administration and other government or commercial sources and databases, consumer credit agencies, PEP lists, global and country-specific sanctions lists, and adverse media sources.

Throughout the course of the Client’s relationship with the User, we may assist the Client in periodically screening the User’s data against databases to help prevent, detect, and investigate fraud and money laundering.

Know Your Business or KYB check -

If the Client subscribes to the KYB check, it requires us to verify the existence, details, ownership, and control structure (e.g., ultimate beneficial owner(s)) of a legal entity through analysis of corporate documents and review of corporate registries, where available.

Fraud detection -

Personr Pty Ltd implements a fraud detection and control network based on the anti-fraud checks required by our Clients and those included in our Services by default (e.g., Photoshop use or risk triggers calculation). 

Such checks require collecting, analysing, and re-using recorded User data.

Generally, Personr Pty Ltd verifies whether the User’s attributes—geolocation (IP address), device signature (operating system and camera name), email address, or mobile phone—have previously been involved in or related to any fraudulent activity or may currently signal suspicious behaviour patterns and otherwise point out that the User is fake.

At the Client’s order, we may check information with our Data Providers on AML/CFT regulations requirements, such as screening through adverse media mentions match or checking for residency in high-risk countries. 

Besides, we check whether the User creates multiple identities by inspecting whether we have previously verified a User on behalf of a particular Client using biometric data comparison techniques.

All these checks are designed to help us and Clients assess the likelihood of customer trustworthiness, flag potentially fraudulent activities and assign a relevant risk score when the Client needs to acknowledge cases when Users generate multiple identities, compromise their data, or manipulate device or network information. 

The Client may consult with the fraud detection and control network on the fraud-related level of risk of the User under the onboarding process without accessing any personal data.

Automated decision-making relief and checks -

We conduct identity verification checks on behalf of the Client, however, we do not make any final decisions. Our role is to provide the Client with reports containing information about the identity verification process and results (with the reasoning behind them reflecting the level of fraud or another risk if any. 

The reasons are derived from the work of our system and its algorithms, including those based on a symbiosis of machine learning models and intervention. The final decision on User onboarding is made by a human on the Client’s side when the checks' result is transmitted to the particular Client. 

The Clients consider this information while deciding to accept or decline a User application, request further checks, or continue to service that User following their risk assessment and investigations.

Personr Pty Ltd checks may be fully automated due to simplicity, using machine learning, or the Client's request. 

When Clients use check results to make final decisions regarding Users undergoing verification, the final decision-making process may or may not be automated by the Client. 

When the Client makes automated decisions, including those based on our check results, they shall inform you of the legal grounds and, if necessary, obtain your consent. Any User can appeal automated decisions by going through the methods provided on the Client's side.

When you've passed verification successfully -

All required checks have been successfully completed. This means that the data you've provided is genuine and compliant with the requirements of the particular Client and approved by them. Now you are allowed to use the service for which you were passing the verification process.

When you cannot pass verification successfully -

Some of the checks need to be more precise. It means that some of the data provided by Users do not comply with the Client's requirements by posing some risk or seeming potentially suspicious or fraudulent (e.g., the device you took the photo from is different from that you passed the whole verification process or the data presented are inconsistent). 

In this case, we return results to the Client for further consideration by tagging them with the relevant theme (e.g., 'WRONG_ADDRESS' or 'INCOMPLETE_DOCUMENT'). Then, the service for which you passed the verification check will consider and evaluate the results and ask for additional information from you to clarify your application. 

The Client may reject or freeze your application following its risk procedures or other internal policies.

Service development -

Our Clients use our services to detect whether a real person is passing the identity verification process, as well as any impersonation or spoofing attempts, to prevent money laundering, terrorist financing, fraud, and other activities that are considered a matter of public interest. That is why we, as a service provider, are responsible for providing the highest quality services. For this reason, where we have the authorisation of our Clients, and it is not prohibited by applicable law, we as a data controller use personal data to develop and improve our services by building and enhancing algorithms and developing and testing new verification options, products and services to verify a User's identity better and detect fraud.

We do this in two ways. We deploy a system of recognising specific patterns in the information and making predictions about new data sets based on those patterns by training our computers or so-called 'machine learning.’ Machine learning helps create models based on the information provided by the Users, such as signs of potential fake data, and selects the best models to be integrated into our system. 

The development of services also includes continuous improvement and assessment. We review our service delivery methods to ensure that we comply with Clients’ requirements and work appropriately by testing and correcting new features and functions. 


Types of personal data processed by Personr Pty Ltd

We may collect and further process the following personal data of Users depending on the particular Service being provided to the Client:

  • Categories of personal data
  • Examples
  • General personal data
  • Full name, sex, personal identification code or number, date of birth, legal capacity, nationality and citizenship, location (street, city, country, and postcode).
  • Identity document data
  • Document type, issuing country, number, expiry date, MRZ, information embedded into document barcodes (may vary depending on the document), security features.
  • Facial image data
  • Photos of the face (including selfie images) and photos or scans of the face on the identification document, videos, and sound recordings.
  • Biometrical data
  • Facial features.
  • Banking details
  • Cardholder name, expiry date, first 6 and last 4 digits of the card number.
  • Contact details
  • Address, e-mail address, and phone number.
  • Technical data
  • Information regarding the date, time, and activity in the Services; IP address and domain name; software and hardware attributes (e.g., camera name and type); general geographic location (e.g., city, country) from User’s device.
  • Geolocation data
  • IP address

Terms of Service

These terms and conditions (the "Terms and Conditions") govern the use of https://www.personr.co (the "Site"). This Site is owned and operated by Personr Pty Ltd. This Site is a regulatory technology (regtech) platform. By using this Site, you indicate that you have read and understand these Terms and Conditions and agree to abide by them at all times.

Intellectual Property
All content published and made available on our Site is the property of Personr Pty Ltd and the Site's creators. This includes, but is not limited to images, text, logos, documents, downloadable files and anything that contributes to the composition of our Site.

Acceptable Use
As a user of our Site, you agree to use our Site legally, not to use our Site for illegal purposes, and not to: Harass or mistreat other users of our Site; Violate the rights of other users of our Site; Violate the intellectual property rights of the Site owners or any third party to the Site; Hack into the account of another user of the Site; Act in any way that could be considered fraudulent; or Post any material that may be deemed inappropriate or offensive. If we believe you are using our Site illegally or in a manner that violates these Terms and Conditions, we reserve the right to limit, suspend or terminate your access to our Site. We also reserve the right to take any legal steps necessary to prevent you from accessing our Site.

Accounts
When you create an account on our Site, you agree to the following: You are solely responsible for your account and the security and privacy of your account, including passwords or sensitive information attached to that account; and All personal information you provide to us through your account is up to date, accurate, and truthful and that you will update your personal information if it changes. We reserve the right to suspend or terminate your account if you are using our Site illegally or if you violate these Terms and Conditions.

Sale of Services
These Terms and Conditions govern the sale of services available on our Site. The following services are available on our Site: Personr Enterprise. The services will be paid for in full when the services are ordered. These Terms and Conditions apply to all the services that are displayed on our Site at the time you access it. All information, descriptions, or images that we provide about our services are as accurate as possible. However, we are not legally bound by such information, descriptions, or images as we cannot guarantee the accuracy of all services we provide. You agree to purchase services from our Site at your own risk. We reserve the right to modify, reject or cancel your order whenever it becomes necessary. If we cancel your order and have already processed your payment, we will give you a refund equal to the amount you paid. You agree that it is your responsibility to monitor your payment instrument to verify receipt of any refund.

Subscriptions
Your subscription automatically renews and you will be automatically billed until we receive notification that you want to cancel the subscription.To cancel your subscription, please follow these steps: Users must let the company know 31-days or one month prior, whichever is longer, if they wish to cancel services.

Payments
We accept the following payment methods on our Site: Credit and Debit Cards. When you provide us with your payment information, you authorise our use of and access to the payment instrument you have chosen to use. By providing us with your payment information, you authorise us to charge the amount due to this payment instrument.If we believe your payment has violated any law or these Terms and Conditions, we reserve the right to cancel or reverse your transaction.

Refunds
Refunds for Services. We provide refunds for services sold on our Site as follows: The services will be fully refunded if a customer is not happy within 14-days of using the service. This does not apply to custom enterprise pricing or early access plans.

Fair Use Policy
On certain plans, the Personr Enterprise platform allows for unlimited verifications of individuals subject to our fair use policy. You must be responsible with your use of the service, if you behave recklessly or irresponsibly in using the service, or if your actions endanger any person, or the integrity or security of the platform, this will be considered a breach under this Fair Use Policy.

Personr Pty Ltd considers the use of the service unreasonable if it is used in a manner which is other than it was intended for. Examples include but are not limited to: using the service for fraudulent purposes; using the service for the purpose of resale (unless we have granted you written permission to do so); abnormal or excessive use of the service or using the service for the purposes ofarbitrage.

The term 'UnlimitID' means that the number of verifications a customer performs is not usually limited by a set quota. However, this does not imply the amount of verifications or data stored is infinite. The purpose behind Personr offering an unlimited solution, is to provide peace of mind for our customers who don’t want to worry about certain quotas.

If we find your use of the service to be considered extreme, or within the top 7th percentile of our customer base, or abusive (which will be determined at our sole discretion), we may: request you reduce your usage; change your plan or open custom enterprise pricing negotiations or terminate your service.

Consumer Protection Law
Where the Australian Consumer Law, Schedule 2 of the Competition and Consumer Act 2010, or any other consumer protection legislation in your jurisdiction applies and cannot be excluded, these Terms and Conditions will not limit your legal rights and remedies under that legislation. These Terms and Conditions will be read subject to the mandatory provisions of that legislation. If there is a conflict between these Terms and Conditions and that legislation, the mandatory provisions of the legislation will apply.

Links to Other Websites
Our Site contains links to third party websites or services that we do not own or control. We are not responsible for the content, policies, or practices of any third party website or service linked to on our Site. It is your responsibility to read the terms and conditions and privacy policies of these third party websites before using these sites.

Limitation of Liability
Personr Pty Ltd and our directors, officers, agents, employees, subsidiaries, and affiliates will not be liable for any actions, claims, losses, damages, liabilities and expenses including legal fees from your use of the Site.

Indemnity
Except where prohibited by law, by using this Site you indemnify and hold harmless Personr Pty Ltd and our directors, officers, agents, employees, subsidiaries, and affiliates from any actions, claims, losses, damages, liabilities and expenses including legal fees arising out of your use of our Site or your violation of these Terms and Conditions.

Applicable Law
These Terms and Conditions are governed by the laws of the State of Western Australia.

Severability
If at any time any of the provisions set forth in these Terms and Conditions are found to be inconsistent or invalid under applicable laws, those provisions will be deemed void and will be removed from these Terms and Conditions. All other provisions will not be affected by the removal and the rest of these Terms and Conditions will still be considered valid.

Changes
These Terms and Conditions may be amended from time to time in order to maintain compliance with the law and to reflect any changes to the way we operate our Site and the way we expect users to behave on our Site. We will notify users by email of changes to these Terms and Conditions or post a notice on our Site.

Terms of Service

Early Access Referral Incentive | Nov22 - Feb23
Members of the early access community may refer other companies to signup onto the early access program and use Personr Enterprise. When you have referred another business, contact us with their email and company name.

These terms and conditions (the "Terms and Conditions") govern the use of
https://www.personr.coand https://enterprise.personr.co
(the "Site"). This Site is owned and operated by Personr Pty Ltd. This Site is a regulatory technology (regtech), identity verification platform. By using this Site, you indicate that you have read and understand these Terms and Conditions and agree to abide by them at all times.

We offer to provide an eftpos gift card to when Yyou refer to Us in accordance with the terms and conditions set out in this document (Referral Agreement).

A business becomes a Referred Customer when:
(a) the existing customer informs us of the new customer's email and company name; (b) the new customer has paid their first invoice; and
(c) the existing customer is not behind on invoice payments.

The Referral Credit is defined as:
(a) the sum of a $50.00 AUD eftpos/online gift card per Referred Customer and existing customer.