Select another region to view local content

You are on the New Zealand website
New Zealand
Australia
United Kingdom
Primary Logo

APLYiD Privacy Policy

Last updated 25/09/2025

1. Privacy Policy Overview

APLYiD (APLYiD, we) uses electronic biometric identification technology to enable APLYiD’s business customers (Customers) to verify the identity of their own users (Applicants). We call this our ‘Service’. Our Customers verify Applicants for legal and regulatory compliance purposes. The APLYiD entity responsible for data collection, use and sharing will depend on the location of the Customer, as set out in the table below.

AplyID Entities

This Policy applies to the use, collection and disclosure of information or data relating to Applicants and other data subjects (Personal Information) that is submitted to or collected:

  • by APLYiD’s web application (App) or website www.aplyid.com (Website) in connection with the Service; or

  • in the course of making available, providing or evaluation the Service.

We may sometimes need to modify or even replace this Policy. Please check the Privacy Policy page at the Website regularly for changes, though we will also try to notify Customers via the Service of any changes if these might impact use of the Service or the treatment of your Personal Information.

2. Collection of Personal Information

Applicants

Because we verify Applicants’ identities as part of the Service, Applicants will need to disclose Personal Information to us and our service providers.

If you are an Applicant, we may collect and process your Personal Information on behalf of and according to the instructions provided by our Customers, who use the Service to verify your identity. The Personal Information we may collect or hold about you on behalf of our Customers includes:

  • full name;

  • gender;

  • address;

  • email address;

  • telephone number and other contact details;

  • date and place of birth;

  • national and governmental identification information, such as your drivers’ licence number and class,

  • Medicare number, state or national ID card number, passport number, and birth or marriage certificate number;

  • other information identifiable from scanned ID documents you provide, such as your organ donor status or photographs of your face;

  • biometric information, created from video footage or photographs of your face;

  • information obtained from sanctions’ lists, politically exposed persons’ lists, monitoring services,screening services, fraud-prevention services and document verification services;

  • device ID, device type, geo-location information, connection information, IP address and standard web log information;

  • any additional information relating to you that you provide to us directly through our Website or App or indirectly through your use of our Website or App or online presence or through other websites or accounts from which you permit us to collect information;

  • information you provide to us through customer surveys; and

  • any other personal information that may be required to facilitate your dealings with us.

The Personal Information we collect differs from person to person depending on the type of identity documentation verified.

Other Data

If you visit the Website or use the App not as an Applicant, or you are a Customer or an employee of a

Customer, the Personal Information we may collect or hold about you includes:

  • full name;

  • email address;

  • telephone number;

  • payment details (via our payment processor);

  • username and password; and

  • the business or company you represent or work for.

We collect your Personal Information when you:

  • request us to act on your behalf via the Website or App;

  • provide information about a service issue or otherwise contact us;

  • visit our Website;

  • register to use the Service as a Customer.

Information from minors

Our Website and Services are not directed at children. We do not knowingly collect, use or share Personal Information about children under the age of 18. If you are an Applicant and we discover you are under 18 we will end the identity journey at that point.

Reasons for collecting Personal Information

We only collect and process Personal Information if necessary for to provide the Service to our Customers and to analyse our Service to understand how we may improve it.

Grounds for use of Personal Information

We rely on the following legal bases when using your Personal Information:

1. As an Applicant

a) Consent

If you are an Applicant, we will only use your biometric data to verify your identity on behalf of the Customer using the Service if you have provided your explicit consent (which we may collect on behalf of the Customer).

b) On behalf of our Customers

If you are an Applicant we will process your personal data (non-biometric) in accordance with our role as service provider to our Customers. And our Customers are likely to be processing your personal data either as necessary to perform a contract with you or for their legitimate interests, provided those interests are not outweighed by your rights.

2. As a representative of our Customers or as a prospect

We use Personal Information when it is necessary to perform a contract , or where asked to take steps prior to entering into a contract with us, in particular:

  • If you are a sole trader, to provide you with the Service and any other service(s) you expressly require or authorise, including to verify identification documents against their originating official database;

  • to provide online services (access to our Website and App);

  • to provide customer service assistance; and

  • to provide support for an account.

3. Legal obligation

We use Personal Information to comply with our legal obligations, which, depending on local laws, may include responding to legal processes or complying with or as required by any applicable law or the governmental or regulatory requirements of any relevant jurisdiction.

4. Legitimate interest

We use Personal Information when it is necessary for our legitimate interests. In these cases, we perform relevant legitimate interests balancing tests to ensure that we have considered and weighed any privacy impact in relation to the interest in question. In particular, we may use Personal Information to:

  • better understand Customer’s needs, diagnose problems, analyse trends, and improve the features and usability of the Service;

  • deal with requests, enquiries and complaints and facilitating other customer services;

  • keep the Service safe and secure;

  • manage our relationship with Customers or Applicants;

  • monitor compliance with our policies and standards;

  • ensure security of our communications and other systems;

  • detect and prevent security threats, fraud or other criminal or malicious activities; and

  • exercise or defend our legal rights or comply with court orders.

There is no obligation to provide APLYiD with any Personal Information requested by us. However, due to the

nature of the Service, if the information required is not provided, we will be unable to provide the Service to our Customer and if you are an Applicant you may need to verify your identity in a different way.

3. Disclosure of Personal Information

General

We may disclose Personal Information to:

  • the Customer who is using the Service to verify that identity, for the purpose of providing the Service to that Customer (if you are an Applicant);

  • our service providers to facilitate the provision of our Services to our Customers. These might include fraud prevention services, screening services and databases of sanctioned and politically exposed persons (PEPs). We have agreements with our service providers that require them to: (a) use Personal Information solely for the purpose of enabling us to provide our Services (Purpose); (b) not hold Personal Information for longer than is necessary for the Purpose; and (c) otherwise comply with applicable data protection and privacy laws;

  • our hosting providers AWS as described in this Privacy Policy;

  • providers of third-party services that we make available = via the Website or the App. Some of these third-party service providers may be located in other countries. These third-party service providers will process Personal Information according to their own privacy policies, which we recommend are reviewed.

In exceptional circumstances, we may share Personal Information with another party if we believe it is reasonably necessary to: (a) comply with any applicable law, legal process or governmental request; (b) enforce our agreements, policies and terms of service; (c) protect the security or integrity of our Service or Website; (d) as part of a sale of all or a majority our assets to a purchaser of our business; or (e) protect the security or integrity of our Service or Website; or (d) protect us, our Customers, or the public from harm or illegal activities.

The DVS Service – a verification check operated by the Australian government

In using our App Applicants confirm that they are authorised to provide their identity details to us. We will use Applicant’s identity details to verify an Applicant’s identity and provide confidence in that verification to our Customers.

If the verification check is in respect of an Australian Customer or the Customer has enabled the DVS Service, Personal Information will be sent to the Australian DVS to match against records held by Commonwealth or state bodies (e.g. the passport office, the appropriate state driver licence authority or another relevant Commonwealth or state body that the Applicant’ data).

Our check to the Australian DVS will be made via our service provider Datazoo.

Applicants give express consent to the collection, use and disclosure of your personal information that you have provided to us.

Please note the following:

a) We will use the DVS to verify an Applicant’s identity matches the records held at Commonwealth or state level;

b) We must comply with our access agreements with the Attorney General’s office and also the Privacy Act;

c) Applicants rights are set out in this Privacy Policy, including the right to access your data, correct inaccurate data, complain about our processing to OAIC and withdraw your consent;

d) If an Applicant does not consent then we cannot verify their identity. This may mean our Customer has to try to verify their identity using another method;

e) Our contact details are at the end of this Privacy Policy; and

f) You can visit idmatch.gov.au for more information about the DVS service.

4. Overseas Transfers of Personal Information

If you are based in Australia or New Zealand we store and process your Personal Information in the AWS data centre in Sydney, NSW. Our service providers also process your Personal Information in Australia or New Zealand.

If you are based in the UK or Europe we store and process your Personal Information in the AWS data centre in Dublin, Ireland. If there is an issue with our Service then your data may be accessed by our engineers based in New Zealand. You have protection for this data transfer under the European Commission’s Standard Contractual Clauses and also the UK’s Privacy Addendum.

5. Using Personal Information

We understand the importance of using Personal Information in a responsible and secure manner. We will only use Personal Information to:

• verify identification documents against their originating official database or against a credit bureau database;

• check your data against third party databases, for example if on a sanctions list, are a politically exposed person or if there are indicators of fraud;

• send Personal Information to our Customer (e.g. solicitor, bank) who will be relying on your verified identification to meet its legal requirements;

• deal with requests, enquiries, complaints and facilitate other customer services;

• contact you about your account and provide support;

• comply with any legal, government or regulatory obligations;

• provide the Service and any other service(s) you expressly required or authorised;

• better understand Customer or Applicant needs, diagnose problems, analyse trends, improve the features and usability of the Service (when we do this, we only use aggregated information that does not identify you personally); and

• keep the Service safe and secure.

We will never sell Personal Information to anyone.

6. Storage and Security of Personal Information

We have put in place measures to ensure the security of the Personal Information we collect and store. Our servers use encryption in transit and at rest, using at least the minimum industry standards.

We strive to protect your Personal Information against unauthorised disclosure or access, including using network and database security measures, but we cannot guarantee the security of any information we collect and store.

Anyone with an account with us, must prevent unauthorised access to that account and Personal Information by selecting and protecting the password or other sign-on mechanism appropriately and limiting access to computers or devices by signing off after finishing accessing an account.

Applicants

If you are an Applicant, we will store your Personal Information securely in our portal on behalf of our Customers.

Some Customers only require us to store Personal Information for less than 7 days but some Customers ask us to store Personal Information for longer so that we can perform ongoing anti-money laundering, fraud, screening and monitoring services for the Customer.

The Customer can delete Personal Information once it no longer needs us to store it. Following the deletion of Personal Information by Customers, we retain some non-identifiable information and this information will remain archived until such time as the Customer who requested the identity verification instructs us to destroy or return such data to them.

You (as an Applicant or Other Data Subject) can ask the relevant Customer to access, update or delete your Personal Information in accordance with your rights at law. Our Customers who use the Service to verify identity are responsible for their own compliance with applicable data protection and privacy laws with respect to their collection, storage and use of Personal Information.

Other Data Subjects (Non-Applicants)

If you are not an Applicant, we will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for. Depending on the applicable purposes of the processing, we will store your Personal Information for as long as in at least one of the following cases:

  • if you are a representative of a Customer we will generally store it for the duration of the Customerncontract and possibly up until the lapse of the claims limitation period (generally three years);

  • if you are a prospect we will generally store your Personal Information until we no longer need it; and

  • otherwise we will store it for only as long as we need up to any retention periods mandated by applicable laws.

7. Privacy Officer

APLYiD has appointed a Privacy Officer who can be contacted at privacy@aplyid.com. For any questions about the content and subject matter of this policy, if an Applicant or Other Data Subject wishes to request access, correction or deletion of Personal Information, to withdraw consent or object to us processing

Personal Information, or for further information about how we use your Personal Information, please contact our Privacy Officer and we will do our best to respond as soon as possible.

If you live/reside in the United Kingdom, the data controller is Aply UK Limited (company number 13510349).

8. Your Rights As An Applicant Or Other Data Subject

If as an Applicant you receive a verification link from a Customer to verify your identity, you can (and should) review your information during the identification verification process and correct any errors that might have occurred as the information has been extracted from the identification documentation you submitted to the Service. If you have completed the identification verification process with the incorrect information, you should inform the Customer who can action a correction for you, which may be by sending you another verification link. You may also supplement any incomplete Personal Information we have, taking into account the purposes of the processing. Any supplementary Personal Information will need to be provided directly to the Customer.

In certain circumstances, by law, as an Applicant of Other Data Subject you may have the right to:

  • request access to the Personal Information that we hold about you;

  • request correction or deletion of the Personal Information that we hold about you;

  • object to us processing your Personal Information or ask us to restrict our processing of your

Personal Information;

  • withdraw your consent to us processing your Personal Information;

  • receive a copy of the Personal Information we hold about you in a structured, commonly used, and machine-readable form; and

  • make a complaint with the relevant data protection authority.

If you wish to exercise any of these rights, please email our Privacy Officer or the Customer for which we are holding your data. We may not be able to provide your personal information if it has already been deleted from our systems.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information or to exercise any of your other rights. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. To speed up our response, we may also contact you to ask you for further information in relation to your request.

We will not generally charge you a fee for exercising your legal rights. However, we may charge a reasonable fee for making information available to you in accordance with your request where the law allows (for example if there is significant work involved).

We try to respond to all legitimate requests within four weeks. Occasionally it may take us longer to respond if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

In some circumstances, the law may allow us to deny you access to the Personal Information we hold about you. In such a case we will explain to you the reason for refusing access.

If you disagree with the way we process your Personal Information, you also a have right to lodge a complaint with the relevant body. In the UK this is the Information Commissioner (ICO) and in Australia this is the Office of the Australian Information Commission (OAIC) and in New Zealand, this is the Office of the Privacy Commission (OPC). You can contact the ICO using information available the OAIC here and the OPC here. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or OAIC so please contact us in the first instance.

9. Log Data

As a visitor the Website, we collect information that your browser sends to us (Log Data). Log Data may include information such as your computer’s Internet Protocol (IP) address, browser version, pages of our

Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics. The Log Data is a type of Personal Information.

10. Cookie Notice

We may use cookies, tracking pixels and other related technologies containing information that can identify the computer, smartphone or other web–enabled device that a visitor is using. As a visitor, you may access and change your cookie preferences at any time by clicking the icon at the bottom left corner on the Website.

What are cookies?

A cookie is a very small text document, which often includes an anonymous unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server. Find out more about the use of cookies on www.allaboutcookies.org.

We also use other forms of technology (as mentioned above), which serve a similar purpose to cookies and which allow us to monitor and improve our Website and email communications. When we talk about cookies in this Cookie Notice, this term includes these similar technologies.

What cookies do we use and what information do they collect?

We may use the information generated by cookies, tracking pixels and other related technologies for the following purposes:

  • Analytical (statistical) – we use these cookies to track traffic patterns to and from the Website, including information like the pages you visit, and features you use, the time you spend on the different parts or features of the Website, the date, time, and length of your use of the Website, as well as track your responses to ads and emails

  • Advertising (marketing)– we use these cookies to ensure advertising is being shown to the most appropriate person and limit the frequency of display for certain ad formats; and

  • Necessary – these cookies are required to enable the core functionality of services provided via the Website, i.e. they enable you to enter the Website, and use certain services without having to log in each time, and to visit and to visit Customer-only areas of the Website. The website cannot function properly without these cookies.

Third parties

Your use of the Website may result in some cookies being stored that are not controlled by us. This may occur when a part of the Website you are visiting makes use of a third-party analytics or marketing automation/management tool or includes content displayed from a third-party website, for example, Google or Facebook. You should review the privacy and cookie policies of these services to find out how these third parties use cookies and whether your cookie data will be transferred to a third country.

Information on the third parties that place cookies on the Website can be found by clicking the icon at the bottom left corner on the Website.

Your consent

When you visit the Website for the first time, you may be asked to accept or decline cookies. You can manage or reset cookies on the Website by clicking the icon at the bottom left corner on the Website, or through your browser settings. Each browser is different, so check the “Help” menu of your browser to learn about how to change your cookie preferences. You do not need to have cookies turned on to use the Website in general, but cookies are often used to enable and improve functions on the Website. If you choose to switch certain cookies off, it may affect how the Website works and you may not be able to access all or parts of the Website. We can use Necessary cookies without your consent. We may use other types of cookies only with your consent.

How do you manage these technologies?

We keep information collected from cookies for a maximum of 24 months.

11. Links to Other Sites

Our Service may contain links to other websites. If you click on a third-party link, you will be directed to that site. We strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Contact Us

If you have any question or suggestions about our Privacy Policy, can be referred to our Privacy Officer at privacy@aplyid.com.

APLYiD Privacy Policy | APLYiD