This document is provided for archival purposes only.
Last Updated: 15 September 2020
You can find more information about the Act and your rights at www.privacy.org.nz.
When we say “our,” “we,” or “us,” we are talking about MATTR Limited (MATTR). When we say “you” or “your” we are referring to you, the end-user of the Mobile Wallet.
We may collect data from you either through our interactions with you directly, or through your use of the Mobile Wallet. The information we collect depends on the context of your interactions and the choices you make, including your choice of privacy settings and features you use.
The Mobile Wallet is designed to enable you to obtain, store, and share digital credentials – a little bit like a ‘digital card holder’ for credentials that might otherwise be presented in a physical or less trustworthy digital format.
Personal information we DO NOT collect
The Mobile Wallet is designed to advance privacy and security. We seek to minimise the personal information we collect in every aspect of the design.
- Mobile Wallet
The Mobile Wallet is stored on your device only – not on MATTR (or other) servers. This means that we do NOT collect any person information related to that use – for example we do not collect location, credential, or log analytic data. That data stays on your device.
We recommend that Mobile Wallet users read the privacy policies of the entities they interact with through the Mobile Wallet (for example, issuers of credentials).
Personal Information we DO collect
Entities you interact with in the Mobile Wallet may use the Platform. Under the preview offering, the Platform data is stored on our servers. This means we collect a record of the transactions that pass through the Platform. Depending on who you interact with in your Mobile Wallet, this may include credentials related to you. For example, if you are issued a credential by an entity that uses the Platform to issue it, we may collect that information in order to provide the Platform functionality, including backup. The information is encrypted, and we take reasonable steps to secure it. We do not share it outside of MATTR without user consent, nor do we sell it.
Our products are designed to increase privacy and security. We are continuously working towards the end-goal of minimising (and where possible, eliminating) the personal information we collect on the Platform. The less personal information we collect, the better! We aim to continue to minimise the amount of personal data we collect, and we will update you as appropriate.
How we use and disclose the personal information we collect
We use and may sometimes disclose the information we collect to carefully selected and trusted organisations solely for the purpose of:
- enabling the product to function as intended, which includes updating, securing, and troubleshooting, as well as providing support,
- improving and developing the product,
- complying with any applicable laws, regulations, industry requirements, court or authority, or any applicable stock exchange listing rules, and
- fulfilling any other purpose that you have requested or consented to.
- We do not use or disclose any information for a purpose not listed above, and we do not sell your information.
How you can access your personal information
- Mobile Wallet:
You can access your personal information via the user interface. If you have further questions or something seems to be missing, you will need to contact entity that issued you your credential or the entity(s) you provided credentials to as appropriate.
If you delete you Mobile Wallet, all its data will be deleted – including the credentials stored within it. However, the information may not be deleted by the original issuer or relying parties. You will need to contact those parties.
If the Platform stores information about you, you are entitled to access your personal information (subject to payment of any applicable fees and provided it is readily retrievable). You may also ask us to confirm whether we hold particular information. These rights may be subject to certain conditions or grounds for refusal, as set out in the Act. If you want to exercise any of the above rights, please email us at firstname.lastname@example.org. You will need to confirm your identity and set out the details of your request (for example, the personal information you would like to access, or the correction you are requesting).
How long we keep your personal information
We will retain your personal information only for as long as is necessary (for the purposes for which it was collected) and as otherwise required by law.
Protecting your personal information
We will take reasonable steps to protect your personal information from loss, disclosure, or unauthorised use. If a privacy breach occurs, we will communicate with you and all relevant parties as soon as possible, and report all serious incidents to the Privacy Commissioner. We will take appropriate steps to minimise the harm of the incident.
Privacy queries and complaints
A. What is personal information?
Personal information is any data that relates to an individual. When collected together, otherwise unidentifiable pieces of information can lead to the identification of a particular person – meaning this also constitutes personal information. Examples of personal information include name, home address, an email address, or an identification number, such as a driver’s licence number.
B. What is not personal information?
Information that has been irreversibly de-identified (anonymised information) is not personal information. In addition, personal information does not include public information, such as a company registration number or company email address (eg. email@example.com).