This policy was last updated on 29th September 2021.
1. General information and contact details
Obii Group Pty Ltd ("Obii", "we", "us" or "our") take the protection and security of your personal data very seriously. This privacy notice sets out the personal information we collect and process about you through our products and services, the purposes of the processing and how you can exercise your privacy rights.
You may be reading this notice because of a link provided by one of our third-party data suppliers, one of our customers, or you simply want more information on processing in relation to our products and services.
Where we collect personal information from you directly, for example, through our website or because you have applied for a job with us, please see our Website Privacy Notice.
Our customers and data suppliers will have a lawful reason for processing your data and may have a separate relationship with you. They are separately required to provide you with information (for example through their own privacy notice) about how they collect and process your data.
Obii is located in Sydney Australia, Our Company Registration Number (ACN) is: 653 050 321
If you have any questions about how we use your personal data, please contact our Data Protection Officer by email at firstname.lastname@example.org
We review this privacy notice on an annual basis, sooner if changes to regulation require it or we change the way we process personal data.
Obii is an Australian organisation who create data & technology. Typically, customers use our technology so they can verify the information that you give to them about yourself. We do this by you providing us with consent, matching third party reference data (which we receive from data suppliers) against the data you give about yourself to our customers. This still sounds complex, so an example is often the easiest way to explain;
You are going to open a bank account
In order to open the bank account, the bank (our customer) needs to verify you are who you say you are. This is for a number of reasons, such as for the bank to comply with Legislation and/or regulation such as Credit code, anti-money laundering regulations or combatting fraud purposes.
The bank and/or Obii collects personal data from you and passes this to Obii s technology to process (via our products and services).
As part of this processing, we may match the personal data you provided against third party data (from our data suppliers), such as data belonging to Credit Reference Agencies or public sources, such as the voters register.
We may also collect your selfie photo and identity documents to verify that the person carrying out the journey is the same as those in the identity documents.
Matching your personal data may be done in 2 ways:
a) Obii host a copy of this personal data that we receive from data suppliers; and, or
b) Obii access personal data via a web service, which means our data suppliers holds the database and we securely send them your personal data to match against the records they hold. They then return the result to Obii.
We pass a result back to the bank (our customer) on whether we could match your input data against the third party data.
Our customer then decides how they will respond to you, e.g. open your bank account, decline your request etc.
Obii does not have visibility on, nor can we influence how our customer responds to you.
More examples are included in the table below describing why we collect your personal data.
Our Personal Data Protection Policy governs the use and storage of your data. You can see our Personal Data Protection Policy.
Obii is a Controller of the personal data you (data subject) provide us. We are accredited with the Australian Consumer Data Right and ISO27001 the highest international standard.
We collect the following types of personal data broadly categorised from you:
Name, Addresses, Date of Birth, Email, Phone number, identity documents, images of you, Device, Cookies, device id, IP address, geocode
Banking, Utility, Telecommunication information
Credit information held by Credit Reporting Agencies
We need your personal data in order to provide you with the following services:
Why we collect your personal data depends on the services we provide.
Managing your Account and providing you with services
To provide services to you, we need to know it's actually you. We do this to support the products and services we offer to make things you are doing much easier.
Consumer Data Right (CDR)
Please refer to our CDR policy. You provide us with consent.
The CDR gives you control about the data that you share that originates from your Bank, Utility or Telco companies. This is often referred to as CDR, Open Banking and/or Open Data. We prefer to use the term Open Data.
It helps you send your data to other companies with your full consent, knowledge and control in a secure way. The intention is that you can help your day to life, find the best products, prices, suitable and to help switch to new products and services.
You have control over who you can share your data with.
We can capture and verify your identity globally, making it easier for you to transact online. What this includes depends on the organisation you are engaging with. For example, we can verify the authenticity of your identity documents or check if you are over a particular age if you want to access a service which has age restrictions. Our customers do this because many of them must meet regulatory requirements and prevent fraud, so we help them to meet their requirements, with you in our mind, to make things as simple and easy as possible.
We help our Customers get approved for the right lending. Your credit information and score is a critical component in getting the credit you seek. For example: We use you Access Seeker credit information to assist you in the process of Credit.
Fraud & Compliance Management
We help our Customers reduce fraud which benefits you by ensuring you get the best price, your identity is protected, and you receive goods and services you order. With each online order companies must make a decision whether to ship or decline it. To give you an example, Mary Christmas placed a large food order on the last shipping day before Christmas. Her name triggered fraud indicators: due to her name and timing, the retailer would have normally declined the order. However, the retailer used our service to determine that Mary Christmas was a legitimate customer. Mary Christmas's goods were dispatched and she/her family got to enjoy a lovely Christmas lunch.
Your personal data is processed in Sydney and Melbourne located in Australia. Hosting and storage of your data takes place in Microsoft Azure which is located in Australia. No third party providers have access to your data, unless specifically required by law.
Obii is governed under several Australian laws, we are required to keep your documents the period in which you provide consent as part of our products and/or services or our legal obligation.
After this period, your personal data will be de-identified and irreversibly destroyed.
Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted. Please contact us through email@example.com.
In the event that you wish to complain about how we have handled your personal data, please contact Data Protection Officer at firstname.lastname@example.org or in writing at PO Box H197, Australia Square NSW 1215. Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the Privacy Act you may complain to the Office of the Australian Information Commissioner (OAIC) about the way we handle your personal information.
Please note the OAIC requires any complaint must first be made to the respondent organisation.
The law also allows 30 days for the respondent organisation to deal with the complaint before a person may make a complaint to the OAIC.
The Commissioner can be contacted at:
Office of Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992