This document is provided for archival purposes only.
Last Updated: 9 December 2021
Your Privacy Matters
MATTR is built and operated as a privacy-first company. Enhancement of privacy and trust in digital transactions are fundamental to the software we develop. We aim to support entities participating in the growing eco-system of privacy-preserving verifiable data transactions. We do not sell, rent or otherwise monetise personal information that we process on our customers’ behalf.
- we provide Services to our customers through our software-as-a-service platform (e.g., when we issue or verify credentials)
- we provide other Services to our customers (such as training or seminars), or
- we provide access to or use of our Materials, such as apps, SDKs, and the content, materials, software, data, documents (etc.) we make available to allow use of our Services.
(For a full definition of all of our Services and Materials, see our Customer Agreement, which may be updated from time to time).
Who we are
- When we say “our”, “we”, or “us”, we mean MATTR Limited (MATTR). Our offices are in New Zealand, but we operate globally. We provide easy-to use Services and Materials to improve trust and privacy in digital interactions.
- We collect, use and share personal information in accordance with the Privacy Act 2020 (NZ) (Privacy Act).
- If a customer accesses or uses our Services or Materials in the European Economic Area or the United Kingdom (EEA), or in relation to any natural person who is identified or identifiable and in the EEA, the MATTR Data Processing Terms apply to how we process that personal data.
- For clarity, when we refer to "you" or "your" we mean an individual whose personal information is processed using our Services or who accesses the Materials on behalf of a customer.
Our principles of data protection
- Our approach to privacy and data protection is built around four key principles. They’re at the heart of everything we do relating to personal information.
- Transparency: We take a human approach to how we process personal information by being open, honest and transparent.
- Security: We champion industry leading approaches to securing the personal information entrusted to us.
- Stewardship: We accept the responsibility that comes with processing personal information.
- Data minimisation: We are continuously working to minimise the personal information that we collect and develop more privacy preserving features.
Types of personal data we collect
- When we say “personal information” we mean identifiable information about you that we collect when our customers access or use our Services or Materials. Examples of personal information include name, email address, phone number, bank account details, identifiable support queries and community comments, and so on.
- You or our customers may disclose some of this personal information to us optionally, or we may need it to provide the Services (for example, payment information).
How we collect personal information
- We collect personal information that we need to provide our customers with our Services or Materials, and any information you provide to us optionally. The way we collect this personal information can be broadly categorised into the following:
- Information you provide to us directly: For example, if you use the Sign-Up feature on our website to get access to our Services for an organisation you represent (including during a trial period or on a preview basis), we may ask you for your name, organisation, payment information, and email so that we can correctly assess your application and discuss your requirements (if applicable). You may also provide us with similar contact information if you contact us for support, participate in community forums, join us on social media, or take part in training and events. If you don’t want to provide us with such personal information, it may mean that we cannot provide you with certain Services or Materials.
- Information we collect from third parties: We usually collect personal information directly from you or from our customer. Our customer may be an agency that you have a direct relationship with (like an educational institution or government department) or its service provider. Sometimes we collect personal information about you from other sources, such as publicly available materials or trusted third parties (such as research partners or the issuer of a credential that you hold and that our Service is being used to verify). We may also collect and use this personal information to better inform, personalise and improve our Services.
How we use your personal information
- Communicate with you. This may include:
- providing you with information you’ve requested from us (like training or education materials) or information we are required to send to you;
- operational communications, like changes to our Services, security updates, or assistance with using our Services;
- marketing communications (about us or another product or Service we think you might be interested in) if you have opted in with your marketing preferences (including by tracking your use of, and interaction with, our website and marketing emails); or
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
- Support you: This may include assisting with the resolution of technical support issues or other issues relating our Services, whether by email, in-app support or otherwise.
- Enhance our Services and develop new ones: Such as providing new or improved tools and optimising user experiences.
- Protect our Services and Materials: So that we can detect and prevent any fraudulent or malicious activity, and make sure that everyone is using our Services fairly and in accordance with any applicable terms and conditions.
- Comply with legal requirements: To comply with applicable laws, regulations or legal processes, demonstrate such compliance, or to exercise, establish or defend our legal rights.
How we minimise the sharing of your personal information
- Where we collect personal information, we’ll only disclose it as reasonably required:
- to the extent that such disclosure is necessary for us to use the personal information for the purpose it was collected
- to regulators, law enforcement bodies, government agencies, courts or other third parties if required to comply with applicable laws, regulations or legal processes, demonstrate such compliance, or to exercise, establish or defend our legal rights (but we’ll try to notify you about these kinds of disclosures if possible)
- to prevent, detect, or investigate security concerns, including fraud
- where you are a customer representative, to an actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business, or
- with your consent.
International Transfers of your personal information
- When we do share your personal information, it may be transferred to, and processed in, a country different to where you a located. These countries may have laws that are different to what you are accustomed to. Where this is the case, we put comparable safeguards in place to ensure your personal information remains protected.
- For individuals in the European Economic Area (EEA), or in relation to any natural person who is identified or identifiable and in the EEA, this means that your data may be transferred outside of the EEA in accordance with the MATTR Data Processing Terms. For further information, please contact us using the details set out in the “How to contact us” section below.
- Security is a priority for us when it comes to your personal information. We’re committed to protecting your personal information and have appropriate technical and organisational measures in place to protect your personal information. For more information about the security of your personal information, you can contact us.
- The length of time we keep your personal information depends on the type of personal information and whether we have an ongoing business need to retain it (for example, to provide a requested Service to our customer or to comply with applicable legal or tax requirements). We’ll retain personal information only for as long as is necessary.
- It’s your personal information and you have rights, including to:
- know what personal information we hold about you;
- access the personal information we hold about you; and
- request a correction of the personal information.
- You can exercise these rights, and any other rights you may have under applicable data protection and privacy laws, at any time by making a request to us. If you’re not happy with how we are collecting, using or disclosing your personal information, please let us know by contacting us. Your requests may be subject to certain conditions or grounds for refusal, as set out in the Privacy Act or under applicable data protection and privacy laws. We will review and investigate your complaint and try to get back to you within a reasonable timeframe. You can also request investigation by the New Zealand Privacy Commissioner at any time during or after raising a complaint with us.
How to contact us
- As a technology company, we prefer to communicate with you by email – this ensures that you’re put in contact with the right person, in the right location, and in accordance with any regulatory timeframes.