Privacy Policy

Scantek considers itself an Australian Privacy Principle (APP) entity and as such is committed to complying with The Privacy Act 1988.

Your privacy is important to Scantek Solutions Pty Ltd (“Scantek”). Scantek is committed to protecting your privacy, safeguarding your personal information and having ongoing practices and policies in place to ensure the management of personal information occurs in a secure manner that is acknowledged in an open and transparent way.

The purpose of this Privacy Policy (Policy) is to: 

  1. inform you about the types of personal information we collect, hold, use and disclose;
  2. explain how we collect, use and hold personal information, and to whom we may disclose personal information; and
  3. what you can do if you have concerns about this Policy or your privacy. 

Scantek considers itself an Australian Privacy Principle (APP) entity and as such is committed to handling personal information in accordance with applicable privacy laws and complying with The Privacy Act 1988 and the ACC Act 2002. Scantek is committed to the implementation of practices, procedures and systems that ensure compliance with the Australian Privacy Principles and all relevant registered APP codes.

Collection and Use of Personal Information

Personal information is data that can be used to identify or contact a single person or information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Scantek generally collects personal information under three scenarios:

  1. Information from Scantek’s clients and potential clients (Clients) and their approved agents (including Client employees) for the purposes of establishing and maintaining a contractual arrangement with the Client and providing services to the Client;
  2. Information from individuals whose identity is being verified (Users) by Scantek, generally on behalf of a Client; and
  3. Contact information for a User collected from a Client in order to facilitate the verification of identity (VOI).

You may be asked to provide your personal information anytime you are in contact with Scantek or a Scantek affiliated company. Scantek and its affiliates may share this personal information with each other and use it, as long as the sharing and use are consistent with this Privacy Policy, the Privacy Act and the Australian Privacy Principles.

Scantek may de-identify and combine your information with other information to provide and improve our products, services, content, and advertising strategies. We will not use your personal information to directly market to you.

You are not required to provide the personal information that we have requested but, if you choose not to do so Scantek, our affiliates, and if applicable, Clients may not be able to provide you with our products or services or respond to any queries you may have.

If you are required to do a VOI by a Client and do not wish to provide the required personal information to Scantek, you should contact the Client to use an alternate method of VOI.

Under the Privacy Act biometric information as described below is sensitive information and will only be collected with your consent, and will only be retained as permitted by law, in limited circumstances and using a high level of protection.

Set out below are some examples of the types of personal information Scantek may collect and how we may use it.

What personal information we collect and how we collect it

Scantek Client Information

  • When you create a Scantek account, register your products,, purchase a product, download a software update, contact us or participate in an online survey, we may collect a variety of information, including your name, mailing, residential and business address, phone number, email address(es), and contact preferences.
  • We may collect financial or payment method information to process payment for any purchases made and to protect against or identify possible fraudulent transactions, and otherwise as needed to manage our business.

User Information

  • We will collect your contact information from the Client who has requested your VOI, to initiate the VOI. All other personal information about you will be collected from you, or during the verification process with your consent.
  • Scantek collects your personal information as required to perform the VOI requested by the Client. This personal information will generally include full name, gender, date of birth, the type(s) of identification document(s) provided and their identification numbers
  • Scantek collects images of the scanned and/or uploaded identification documents that includes any photographic image contained on the document.
  • Scantek collects this information from Passports, both foreign and domestic, Australian Drivers Licences (or those issued under the laws of another country), Proof of Age Cards, Medicare Cards, Birth Certificates, and any other document presented or provided to Scantek by you. 
  • The image of any identification document provided by you may contain personal information not required for the VOI. Any information not required for the VOI is not recorded anywhere outside the image and is held only for as long as the image is required to be held. 
  • To verify your identity Scantek must capture an image of you to compare with the images on identification documents you have provided. Your image is biometric information and therefore sensitive information under the Privacy Act and the Australian Privacy Principles and is treated accordingly. Sensitive information can only be collected when it is required for the purpose of verifying your identity and with your consent.
  • During a remote VOI you will also be asked to perform a number of actions which are a necessary part of a liveness check (to lessen the risk posed by deep fakes and other deliberate attempts to fool the VOI). The information captured during this process includes biometric information, which will only be collected with your consent and only be held for as long as it is required to be held for the Client or Scantek’s regulatory or verification requirements.
  • Scantek does not disclose, use or adopt government identifiers except where the use and disclosure of the identifier is necessary to perform the VOI requested by the Client.
  • The VOI process is likely to require some of your document details to be verified by checking them against a government document verification service (DVS) or issuing authority. The information returned from the DVS or issuing authority may include additional personal and sensitive information (unsolicited information). This and any other unsolicited personal information will not be recorded other than in the form it was received and will be deleted as soon as practical.
  • Depending on the products or services being provided or the reason for your interaction with us, other verification checks may be required from third-party suppliers and public sources, including but not limited to providers of criminal checks, law enforcement agencies, government and statutory authorities, banks and financial institutions, regulatory and licensing bodies, credit agencies and education providers. You will be notified if we will be performing additional verification checks and we will obtain your consent if there is a possibility that unsolicited personal information may be provided to us in the process.

Our regulatory obligations require that we track and record, in some form, the multiple “journeys” through our platform, which requires cookies. Our use of cookies are discussed further below.

How we use your personal information

In broad terms, we collect, use and hold your personal information if we have a valid lawful reason to do so, and so that we can:

  • If you are a Client or potential client of Scantek:
    • Contact, communicate and conduct business with you; and/or
    • Manage and improve our services and business.
  • If you are a User (subject of a VOI):
    • Verify your identity as part, or all, of the service we provide to the Client who requested your VOI; and/or
    • For a specific purpose that you have given consent for us to process your personal information for.
  • In general:
    • Minimise risks and protect against fraud, misuse or loss of data and personal information.
    • Comply with laws, obligations or provide assistance to regulatory, government and law enforcement authorities.

Below are some more specific examples of how we may use your personal information:

Scantek Client Information

  • The personal information we collect allows us to keep you posted on Scantek’s latest product announcements, software updates, and upcoming events. If you don’t want to be on our mailing list, you can unsubscribe at the bottom of any email we send to you, or you can write to us at http://www.scantek.com.au/contact requesting that we remove you from our mailing list.
  • From time to time, we may use your personal information to send important notices, such as communications about purchases and changes to our terms, conditions, and policies. Because this information is important to your interaction with Scantek, you may not opt-out of receiving these communications.
  • We use personal information to help us create, develop, operate, deliver, and improve our products, services, content and advertising, and for loss prevention and anti-fraud purposes.
  • We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Scantek’s products, services, and customer communications.
  • We may also use personal information for internal purposes such as auditing, data analysis, and research to improve Scantek’s products, services, and customer communications.

User Information

  • We share sufficient of your personal information with the requesting Client to enable them to meet the legal or other obligation for which they requested the VOI, this information is provided via Scantek’s secure portal.
  • We may share limited personal information with the requesting Client to identify you or your VOI so that we may respond to a Client’s enquiry about your VOI.
  • With your Consent and in order to use the services you have agreed with the Client, we may be required to provide your information to governing bodies such as Anti-Money Laundering (AML) or Australian Criminal Intelligence Commission (ACIC).

Users (patrons) of licensed venues using Scantek’s patron management system

  • Patrons of licensed venues which are Scantek’s Clients consent to, and provide the identity document for, the collection of personal information from an identity document when they enter the venue.
  • If a patron participates in violent, immoral, anti-social or illegal behaviour, they may be banned from the venue and this ban will generally be communicated to all Client venues. Those venues may then use this information to decide whether they wish to let a “banned” patron into their venue.

If compelled by law, Scantek may disclose your information, including personal information

  • In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
  • When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to maintain optimal operation of the system; to comply with applicable law or cooperate with law enforcement; or to enforce our terms and conditions or other agreements or policies.
  • In the event of a reorganisation, merger, or sale we may transfer any and all personal information we collect to the relevant third party.

Sending personal information to overseas recipients

Generally, Scantek keeps all personal information on third-party encrypted and secure servers within Australia. 

There are two circumstances where personal information may be disclosed to or viewed by an overseas recipient:

  • If the VOI being requested requires the verification of information by an overseas entity such as verification of a visa or other document not possible to verify through an Australian document verification service, this will only be done with your consent.
  • In the unusual circumstance where the Client who has requested a VOI has staff involved in their processes who are working overseas. The Australian Document Verification Service only allows access to their services from within Australia except where an application for an exemption is made. These applications are made and approved by the DVS on a case-by-case basis.

Information Relevant to Scantek Business Activities

  • We solicit and retain only personal information required to achieve accurate execution of Scantek’s business activities and functions. Should Scantek receive unsolicited personal information that information is destroyed immediately upon detection. 
  • We will de-identify personal information collected and stored where it is appropriate and practicable to do so.

Nationally Coordinated Criminal History Check (NCCHC)

If you are consenting to a Nationally Coordinated Criminal History Check, the information regarding privacy is located in a separate document PC.82 – NCCHC – Privacy Policy. You can access this by clicking here: https://docs.google.com/document/d/1mt_amZ3TiKDc8RUG-iLAv1Hhdw1wx7MdI6NnWoMOSOI/edit?usp=sharing

Protection and Integrity of Personal Information

Scantek takes the security of your personal information very seriously. Scantek uses a number of techniques including encryption, password protection, access limitations and intrusion detection to protect your data. Scantek also takes physical and electronic security measures to safeguard personal information from loss, misuse, unauthorised access, modification or disclosure.

Please be aware that your information may be transferred to, stored, and processed by our servers. By using our Services, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this privacy policy.

Scantek aims to ensure the availability of continuity plans, backup procedures, proactive vulnerability identification and mitigation, defence against malicious activities, system access control, incident management and reporting.  Security awareness training is training that has been conducted for all Scantek staff members regarding the protection of information and physical assets. 

Scantek uses digital certificates to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure in the following ways:

  • Scantek’s certificates are to be used for approved purposes only and are not permitted to be distributed beyond Scantek’s secure network
  • All Scantek certificates are only to be installed on Scantek’s secure infrastructure
  • All passwords used to access Scantek’s digital certificates are to be stored securely and in accordance with the Password policy

Scantek also uses the following approaches to keep your personal information secure:

  • Scantek’s systems and processes are designed to deliver security for personal information;
  • Policies and management oversight of security and staff security awareness training and policies in relation to security;
  • Physical control and security of premises and equipment and electronic documents and secure document disposal;
  • Platform security including auditing and testing of the platform.

Integrity and Retention of Personal Information

Scantek takes reasonable steps to ensure as far as possible that the personal information it collects is accurate and complete as at the date it was provided. VOI is transactional in nature and the personal information provided is not stored to be used in the future. Scantek has no use or ability to maintain up-to-date information.

We will retain your personal information for the period necessary to fulfil the purpose for which the personal information was provided.

Any individual who wishes to request knowledge of the personal information that is relevant to that person, or wishes to ensure the accuracy of such information, may do so in the following ways. All such requests are free of charge.

Personal information held from a VOI is held on behalf of the Client who requested the VOI. In relation to this information any requests must be directed to the Client who will contact Scantek on your behalf, if necessary.

By phone to Scantek on 1300 552 106 Via the Scantek website.

If for some reason such access is not granted, a written reason will be provided.

Request for Correction of Personal Information

Requests for access to and correction of any recorded data deemed personal information may be made in writing via the Scantek website

Correction of personal information may not be possible once a VOI is completed as this information has been used to verify your identity. During the VOI you will be presented with the opportunity to correct any data our system has not properly recorded from your identity document. If the incorrect data is sent to the DVS or other issuing authority then the VOI may not complete, and the verification may be invalid (or not complete) and need to be resubmitted.

If correction to personal information should be refused, Scantek will respond in written form as to the reasons for denial of the correction along with the appropriate avenue for complaint. In this case should an individual request a statement be associated with that information, such a statement may be recorded and associated with the applicable data.

How long will we keep your personal information?

We will keep your information for as long as you are a Client or pursuant to our legal obligations. For example, Australian criminal history checks are deleted after 12 months and identity documents provided when ordering one of those checks must be kept for 12 months and deleted within 15 months.

We aim to keep your information for only as long as we need it. Factors that may influence for how long we may keep your data include:

  • Fulfilling our legal or regulatory obligations, and our Client’s legal or regulatory obligations;
  • Responding to a question or complaint; or 
  • Being unable to delete the data for technical reasons.

There are specific retention requirements in relation to personal information provided by patrons of licensed venues. Patrons are notified of the requirement to check identity documents, and the collecting and holding of personal information. The patron provides their identity document for the purpose of scanning it, as a condition of entry to a venue.

Patrons of licensed venues whose information is retained indefinitely

  • Scantek only indefinitely retains gathered personal information from patrons who have received long-term “bans” from licensed venues that are Clients.

Patrons of licensed venues whose information is retained for less than 30 days

  • Scantek uses best endeavours to delete all personal information gathered from patrons who have not received a ban within 30 days from collection unless otherwise required by a government or statutory body.

Collection and Use of Non-Personal Information

We also collect data in a form that does not, on its own, permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:

  • We may collect information such as occupation, language, post code, area code, unique device identifier, location, IP location and the time zone where a Scantek product is used so that we can better understand customer behaviour and improve our products, services, and advertising. 
  • We may collect information regarding customer activities on our website, and from our products and services. This information is aggregated and used to help us provide more useful information to our customers and to understand which parts of our products, and services are of most interest. Aggregated data is considered non- personal information for the purposes of this Privacy Policy. If we do combine non-personal information with personal information the combined information will be treated as personal information for as long as it remains combined. 
  • To provide location-based services on Scantek products, Scantek and our affiliates and licensees may collect, use, and share precise location data, including the real-time geographic location of the VOI.

Cookies and Other Technologies

Scantek’s website, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, tell us which parts of our website people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non-personal information. However, to the extent that Internet Protocol (IP) residential histories or similar identifiers are considered personal information by local law, we also treat these identifiers as personal information. Similarly, to the extent that non- personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Policy.

Scantek and our affiliates also use cookies and other technologies to remember personal information when you use our website, online services, and applications. Our goal in these cases is to make your experience with Scantek more convenient and personal.

Most browsers automatically accept cookies, but you can usually modify your browser setting to disable cookies. Please note that certain features of the Scantek website will not be available once cookies are disabled.

As is true of most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) residential histories, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data. 

We use this information to understand and analyse trends, to administer the site, to learn about user behaviour on the site, and to gather demographic information about our user base as a whole.  

Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

Scantek may use non-personalized information to monitor activity that deviates from the norm using Security Information and Event Management (SIEM) tools and takes appropriate action as part of our security and cyber crimes prevention processes.

Disclosure to Third Parties

At times Scantek may make certain personal information available to affiliates that work with Scantek to provide products and services, or that help Scantek market to customers. Personal information will only be shared by Scantek to provide or improve our products and services; it will not be shared with third parties for their marketing purposes.

Complaints

We will aim to respond to your request or complaint promptly. We take all complaints seriously and are committed to a quick and fair resolution.

Complaints may be directed by phone to Scantek on 1300 552 106 or via the Scantek website.

Individuals making complaints or enquiries will be afforded the right to anonymity where it is practicable to do so.

Children

We do not knowingly collect personal information from children under 13. If we learn that we have collected the personal information of a child under 13 without first receiving verifiable parental consent we will take steps to delete the information as soon as possible.

Our Companywide Commitment to Your Privacy

Verification of Identity is Scantek’s business, securely handling all personal information securely and in accordance with the Privacy Act is essential to that business.

Every new Scantek employee undertakes mandatory training in the identification and handling of personal information. Protection of personal information is discussed regularly in team and company-wide meetings, and considered when making any business decision.

Our Clients are contractually required to comply with the requirements of the Privacy Act, to comply with the privacy and other requirements of the Australian Document Verification Service (if applicable) and to protect any personal information they receive. Our affiliates are required to apply the same privacy policies as Scantek, where applicable.

Privacy Questions

If you have any questions or concerns about Scantek’s Privacy Policy or data processing or if you would like to make a complaint about a possible breach of local privacy laws, please contact us.

Scantek may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.