Data Policy

1.

Collection

We collect personal information necessary for our business from government and non-government third party data sources that are accessible in accordance with privacy and other laws. The nature of our business does not lend itself to direct collection from individuals themselves. We seek assurances from all our data sources that the information has been collected and is held in accordance with applicable privacy laws and specifically that individuals concerned have been notified about the likely uses of the information (including disclosure to us). The types of information we collect include name, address and contact details. For identity verification purposes, we also collect date of birth, drivers licence particulars, and vehicle registration information. We confirm a match against name, address and date of birth and other required elements, for identity verification purposes where permitted by law.

2.

Use and disclosure

Our customers include providers who use our services to verify the identity of their customers to help them fulfil legal obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2009 (AML/CFT) legislation and/or to meet organisational requirement. Providers, or ‘reporting entities’, include entities that provide one or more designated services as defined in the AML/CFT.

3.

Data quality

We take a number of steps to ensure that the personal information we use or disclose is accurate, complete and up-to-date, although in some cases we are constrained by an obligation not to alter data without consulting the data source.

4.

Data security

We have security systems and programs in place to seek to ensure that the information we hold, including personal information, is protected from misuse and loss and from unauthorised access, modification or disclosure.

Our policies are designed to ensure that all information is secure both in our own databases and when our customers are accessing it. Access to our systems is monitored electronically, providing an auditable record of who, what and when data was accessed.

5.

Access and correction

Individuals may request access to any personal information about themselves held in our databases. Requests must be made in writing to our privacy officer with sufficient identification provided, to ensure that we do not give out your details to someone else. If an individual requests correction of their personal information and we can establish that it is not accurate, complete or up-to-date, we will correct it.

In some cases, requests for correction will need to be referred back to the source of the information, to ensure that any inaccuracies do not simply re-appear when we next receive updates.

6.

Data retention and disposal

Data from third party sources, once it has been used to create or updated the data provided, it is either deleted or returned to the source as agreed with the source. Data in the various databases is continually updated but is otherwise held for as long as required in relation to the particular products that draw on those databases. Customer data files are held for limited periods agreed with the customer for the explicit purpose of providing the service, after which the original customer data file and related output files will be deleted.

The customer has the ability to delete or advise us to delete data at any time. When data is deleted it is permanently and irrevocably destroyed. This applies to any backup copies of databases.

7.

Compliance

Violations of our policies can lead to civil and criminal liability. As a result, violations will be thoroughly investigated and may result in disciplinary action up to, and including, termination of the relationship between Contacts Plus and the entity in violation of policy. Any action thus taken does not preclude the pursuit of criminal and/or civil prosecution.