Last Modified: February 22, 2024

Welcome to Incode Technologies, Inc. (“Incode,” “we,” “our” and “us”). Please read this Privacy Notice to learn about who we are, how we collect, disclose and use your personal data and how you can exercise your privacy rights.

You may print a copy of this Privacy Notice directly from your browser. If you have a disability, you may access this Privacy Notice in an alternative format by contacting us at dataprotection@incode.com.

If you have any questions or concerns about our use of your personal data, then please contact us using the contact details provided at the bottom of this Privacy Notice.

Quick Links

  1. What does Incode do?
  2. What does this Privacy Notice cover?
  3. Sources of personal data
  4. What personal data does Incode collect and why does Incode collect it?
  5. How does Incode disclose personal data?
  6. Cookies and other similar technologies
  7. Your choices
  8. Data security
  9. Data retention
  10. Personal data of children
  11. Additional information for Illinois residents
  12. Additional information for California residents
  13. Additional information for Nevada residents
  14. Additional information for European residents
  15. Additional information for Australian residents
  16. Transfers of personal data
  17. Changes to this Privacy Notice
  18. Contact information

1. What does Incode do?

Incode is headquartered in the United States and has offices and group companies located around the world. Incode provides Incode Omni, an end-to-end identity platform that offers a frictionless customer experience at every point of contact across multiple channels. Incode Omni is deployed on third-party websites or mobile applications that belong to our customers (“Customers”) and allows our Customers to securely verify the identity of their customers or users (“Users”). You can find more information about us and Incode Omni here. Incode also offers IncodeID, a direct-to-consumer, frictionless identity verification platform that allows IncodeID users to verify their identity with companies that accept IncodeID.

2. What does this Privacy Notice cover?

This Privacy Notice covers our collection, use and disclosure of personal data that we gather in the usual course of business, for example, through our website at incode.com, including its subdomains such as docs.incode.com (the “Website”), when you access or use IncodeID or Incode Omni (the “Products”), through responses to surveys or questionnaires, when you send us an email or otherwise contact us or at offline locations and events (all together, the “Services”). In such case, we act as a data controller of your personal data.

Please note that we also act as a processor when providing identity verification services to certain of our Customers. This Privacy Notice does not apply to the personal data that we process as a data processor on behalf of our Customers in the course of providing Incode Omni. In those cases, we invite you to contact the relevant company or organization if you have any questions about their privacy practices.

We may provide you with additional privacy notices depending on how you interact with us and depending on the type of personal data we collect.

3. Sources of personal data

We may obtain your personal data from the following sources:

  • Directly from you, such as when you use or access the Services, communicate or transact through the Website, or submit personal data online in connection with the Services.
  • Our vendors, such as when our vendors provide us personal data related to you in the process of providing us their services.
  • Cookies and other similar technologies, such as when you visit the Website, which may have first- and third-party tools (e.g., cookies) that help facilitate and personalize your visit to the Website or to other online services. For more information, see the section titled “Cookies and other similar technologies.”
  • External sources, such as from publicly available government records and our business partners, in connection with co-marketing or other joint marketing campaigns. This does not include our vendors.

4. What personal data does Incode collect and why does Incode collect it?

The personal data we collect depends on the context of your interactions with Incode and the choices you make (including your privacy settings), the products and features you use, your location and applicable law. The chart below details our current practices and our practices for the 12 months preceding the Last Modified date. Note that the specific pieces of personal data we have collected about you may vary depending on the nature of your interactions with us and may not include all of the examples below.

Category of personal dataPurposes for collection, use and disclosure
Identifiers, such as a real name, postal address, unique personal identifier (e.g., logins and passwords, including passwords or access codes to business partner platforms or services, if a business partner platform has already been set out for your organization), online identifier, email address, account name, IP address, device identifiers or other similar identifiers.To provide services you ask for, including operating and maintaining our Services, providing customer service and technical support. For quality, safety and internal research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues and developing new or enhanced products and service offerings. To promote and offer our Products, and those of our selected partners, through co-branded service offerings and joint marketing. To understand your preferences, make recommendations, and deliver personalized offers and communications.
Personal records, such as signature, telephone number or financial information.To provide services you ask for, including operating and maintaining our Services, providing customer service and technical support. For quality, safety and internal research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues and developing new or enhanced products and service offerings. To promote and offer our Products, and those of our selected partners, through co-branded service offerings and joint marketing.
Demographic data/characteristics of protected classifications, including age, nationality and gender.To provide services you ask for, including operating and maintaining our Services, providing customer service and technical support. For quality, safety and internal research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues and developing new or enhanced products and service offerings. To promote and offer our Products, and those of our selected partners, through co-branded service offerings and joint marketing.
Commercial information, including purchasing history.To provide services you ask for, including operating and maintaining our Services, providing customer service and technical support. For quality, safety and internal research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues and developing new or enhanced products and service offerings. To promote and offer our Products, and those of our selected partners, through co-branded service offerings and joint marketing. To understand your preferences, make recommendations, and deliver personalized offers and communications.
Internet or other electronic network activity information, including how you interact with our Website, search history or other Website analytics information.To provide services you ask for, including operating and maintaining our Services, providing customer service and technical support. For quality, safety and internal research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues and developing new or enhanced products and service offerings. To promote and offer our Products, and those of our selected partners, through co-branded service offerings and joint marketing. To understand your preferences, make recommendations, and deliver personalized offers and communications.
Geolocation data.For quality, safety and internal research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues and developing new or enhanced products and service offerings. To understand your preferences, make recommendations, and deliver personalized offers and communications.
Sensory data, including audio, electronic, visual or similar information (e.g., photos, videos or recordings of you and your environment).To provide services you ask for, including operating and maintaining our Services, providing customer service and technical support. For quality, safety and internal research, including evaluating how our Services perform, repairing or improving the quality of our Services, tracking and responding to quality and security issues and developing new or enhanced products and service offerings.
Professional or employment-related information.To provide services you ask for, including providing customer service and scheduling demos.
Sensitive personal data, including information from government-issued identification (e.g., social security number, driver’s license, state identification card or passport number) and biometric information (e.g., faceprints, including facial mapping and scans of digitized images; and fingerprints, including scans of digitized images).To provide services you ask for, including operating and maintaining our Products.

We may also collect, use or disclose all categories of personal data described above for other purposes authorized by applicable laws, including:

  • To help prevent the loss of life or serious injury or to protect the personal safety of Incode personnel, users of our Services, visitors or the public;
  • To detect, investigate, prevent or otherwise address fraud or other security and integrity issues;
  • As part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or at transfer, divestiture or sale of all or a portion of our business or assets;
  • To operate and maintain the security and integrity of our Services; and
  • To protect our rights or property, our affiliates or others including by enforcing our agreements, terms and policies.

If you are a User of our Products, you will be able to voluntarily provide your personal data, including biometric information, to verify your identity, authenticate your information and prevent fraud when you use our Customers’ websites or mobile applications. We collect your personal data through the photographic function in the applicable hardware, in each case when you initiate the capturing of a photograph, and/or when and if you manually include it.

Solely when we provide Incode Omni to our Customers, we may (as required by the Customer) disclose the personal data on your government-issued ID) and your biometric information (specifically, your faceprint) for the sole purpose of verifying your identity against the official source of your ID to obtain a YES/NO answer (i.e. you are or are not in the official database). As of the date of this Privacy Notice, we may share personal data with official sources in Mexico.


We may create aggregated data from the personal data we collect We may use such aggregated data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business.

5. How does Incode disclose personal data?

We will not share opt-in consent or phone numbers with any affiliated businesses or third parties.

We may disclose your personal data to the categories of recipients listed in this section.

Service providers: These vendors help us provide the Services or perform business functions on our behalf. These vendors will only process your personal data for purposes described in this Privacy Notice. They include:

  • Hosting, technology and communication providers.
  • Security and fraud prevention consultants.
  • Support and customer service vendors.

Please note that in connection with the Incode Omni and Incode ID services, we may disclose your personal data to vendors such as identity verification and fraud detection agencies to help us verify your identity, gather background information about you and protect our Customers against fraud. We do so solely at the direction and on behalf of our Customers and we do not retain any personal data we receive from such agencies for our own purposes. Please contact the relevant Customer if you have any questions about the disclosure of your personal data.

Analytics partners: These parties provide analytics on web traffic or usage of the Website. They include:

  • Companies that track how users found or were referred to the Website.
  • Companies that track how users use and interact with the Website.

Business partners: These parties collaborate with us in offering various services. They include:

  • Businesses that you have a relationship with.
  • Companies that we partner with to offer joint offerings or opportunities.

Legal obligations: We may disclose any personal data that we collect when required or permitted by law, such as to law enforcement agencies, courts, regulatory agencies and others, including to comply with valid legal process.

Business transfers: Your personal data may be transferred to a third party (and their agents and advisers) if we undergo a merger, acquisition, bankruptcy, financing, dissolution, transfer, divestiture, sale of all or a portion of our business or assets or other transaction in which that third party assumes control of our business (in whole or in part).

Consent: We may disclose your personal data with others if we have obtained your consent to such disclosure, including where you specifically authorize or direct us to disclose your personal data to our business partners.

6. Cookies and other similar technologies

Incode and our vendors may use cookies and other similar technologies, such as pixels, tags, web beacons and trackers (collectively, “Cookies”) on the Website. We may use Cookies for several purposes, including to:

  • Store information to help the Website function properly,
  • Help you access and navigate the Website more efficiently,
  • Enable our servers to recognize your login information and preferences so that you do not need to enter the same information each time you visit the Website,
  • Tell us how and when you visit and use our Services, including collecting information about which pages on our Website you viewed or links you clicked and how you interacted with our content during your visit or over multiple visits,
  • Customizing your browsing experience by showing you information more likely to be relevant to you, and
  • Delivering and customizing advertisements and tracking advertising campaigns.

We may use third-party technologies (such as the Meta Pixel and Hotjar) in connection with your activity on the Website, including for advertising purposes and to analyze your interactions and experiences with the Website, and including the features you engage with, how you navigate, and your click/touch, movement, scroll and keystroke activity. These technology companies and advertisers may use, store, or access cookies and other tracking technologies to collect or receive information from the Website and elsewhere on the internet. To change your privacy and advertising settings with Meta, log in to your Meta account and navigate to your account settings.

We may also use certain web analytics services, such as Google Analytics, to help analyze how people use our Website. We use this information to implement Google advertising features such as dynamic remarketing, interest-based advertising and demographics and interests reporting. For more information on how Google Analytics uses the data it collects, visit: google.com/policies/privacy/partners. To opt-out of Google Analytics, visit: tools.google.com/dlpage/gaoptout. To adjust your Google advertising settings, visit: adssettings.google.com.

You may be able to opt-out of certain interest-based advertising using the settings on your browser or mobile device. In addition, to opt-out of interest-based advertising from companies that participate in the Digital Advertising Alliance or European Interactive Digital Advertising Alliance opt-out programs, please visit: youradchoices.com/control and youronlinechoices.eu.

Please note that we or other parties may collect personal data about your online activities over time and across different devices and online websites when you use the Website.

Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our Website does not currently respond to browser DNT signals. Instead, you can use the range of tools described above to control data collection and use.

7. Your choices

You have the right to opt-out of marketing communications we send you at any time. You can stop receiving marketing communications by following the unsubscribe instructions in emails that you receive. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please email us at dataprotection@incode.com contact us using the contact details provided under the “Contact information” heading below.

8. Data security

We seek to protect your personal data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of personal data and how we are processing that personal data. You should also help protect your personal data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other personal data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

9. Data retention

We retain personal data about you for as long as necessary for the purpose(s) for which it has been collected and in accordance with applicable laws and regulations. For example, we will retain your personal data for as long as you have an open account with us or as otherwise necessary to provide you with our Services. In some cases we retain personal data for longer when we have an ongoing legitimate need to do so, (for example to comply with our legal, tax or accounting obligations, resolve disputes or collect fees owed), or where it is otherwise permitted or required by applicable law, rule or regulation. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as whether your personal data is reasonably necessary to manage our operations, to manage your relationship with us or to satisfy another purpose for which we collected the personal data; whether your personal data is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which we collected the personal data; whether the personal data is reasonably required to protect or defend our rights or property; or whether we are otherwise required or permitted to keep your personal data by applicable laws or regulations (including, e.g., in Illinois (3years) and Texas (1 year). Where personal data is used for more than one purpose, we may retain it until the purpose with the latest period expires.

10. Personal data of children

We do not knowingly collect or solicit personal data about children under 18 years of age; if you are a child under the age of 18, please do not attempt to register for or otherwise use the Services or send us any personal data. If we learn we have collected personal data from a child under 18 years of age, we will delete that personal data in accordance with applicable law. If you believe that a child under 18 years of age may have provided personal data to us, please contact us at dataprotection@incode.com.

11. Additional information for Illinois residents

If you are an Illinois resident from whom we have collected biometric information, we may retain your biometric information only until the first of the following occurs, unless otherwise required by law or our contracts with Customers: (i) the initial purpose for collecting such biometric information has been satisfied; or (ii) 3 years after your last interaction with the Incode Omnior Incode ID, in accordance with Illinois law.

12. Additional information for California residents

If you are a California resident that uses our Products or interact with us in an individual or household capacity, the following information also applies to you and supplements the information contained in this Privacy Notice. In the event of any conflict between this section and our Privacy Notice above, this section shall govern for California residents.

References to “personal data” in this section are equivalent to “personal information” as defined by California law.

  1. The California Consumer Privacy Act (“CCPA”)

Your privacy rights. Under the CCPA, California residents have the following rights:

  • Right to Access/Know: You have the right to request that we disclose to you the following personal data:
    • The categories and specific pieces of personal data we have collected about you in the last 12 months.
    • The categories of sources from which we collect personal data.
    • The business or commercial purposes for collecting, using, sharing or selling personal data.
    • The categories of personal data we have disclosed about you for a business purpose and the categories of recipients to which it was disclosed.
    • The categories of personal data we sold or shared about you and the categories of third parties to which each category of personal data was sold or shared.
  • Right to Delete: You have the right to request that we delete your personal data that we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request that we correct any inaccurate personal data we have collected about you. We may request documentation from you in connection with your request. Upon receipt of a verifiable request to correct inaccurate personal data, we will use commercially reasonable efforts to correct the personal data.
  • Your Opt-Out Rights: We sell and share personal data for valuable consideration (not in exchange for money). This personal data is primarily collected via our use of Cookies. We share this personal data with our advertising partners and analytics vendors to assist with our cross-context behavioral advertising efforts. We sell and share the following categories of personal data described in Section 4 above:
    • Identifiers,
    • Internet or other electronic network activity information, and
    • Geolocation data.
  • You may opt out of the sale and sharing of your personal data via Cookies through our Cookie preference center by clicking on the “Do Not Sell or Share My Personal Information” link in the footer of our Website. Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
  • Exercising your rights. To exercise the rights to access/know, delete, and/or correct, you or an agent you authorize to act on your behalf must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. We may not respond to requests that do not meet these criteria. We will only use personal data provided in a request to verify your identity and complete your request. You do not need an account with Incode to submit a request.

We will work to respond to your valid request within 45 days of receipt. We will not charge you a fee for making a request unless your request is excessive, repetitive or manifestly unfounded.

You may submit a request using the following methods:

Call us at: +1 650 446 3444
Email us at: dataprotection@incode.com

Note that you must provide your authorized agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your authorized agent when they make a request on your behalf.

  1. California Shine the Light Law

California law permits customers in California to request certain details about how their personal data is shared with third parties, and in some cases affiliates, if personal data is shared for those third parties’ or affiliates’ own direct marketing purposes. We do not share personal data with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. Californians may request information about our personal data sharing by contacting us at dataprotection@incode.com or by sending a letter to:

Incode Technologies, Inc.
221 Main Street, Suite 520
San Francisco, CA 94105

Any such request must include your name and “California Shine the Light Privacy Rights Request” in the first line of the description and, if sent by mail, must include your street address, city, state, and zip code.

Please note that “Shine the Light” rights and CCPA rights are granted by different laws and must be exercised separately.

13. Additional information for Nevada residents

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal data to third parties. You can exercise this right by contacting us at dataprotection@incode.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal data as sales are defined in Nevada Revised Statutes Chapter 603A.

14. Additional information for European residents

If you are a resident of the European Union (“EU”), United Kingdom (“UK”), Lichtenstein, Switzerland, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”), the UK GDPR and other European privacy laws with respect to your personal data, as outlined below. If there are any conflicts between this this section and any other provision of this Privacy Notice, this section shall govern for European residents. If you have any questions about this section or whether any of the following applies to you, please contact us at dataprotection@incode.com.

If you are a resident in the European Economic Area (“EEA”), UK or Switzerland, the controller of your personal data (excluding the processing performed on behalf of our Customers) is Incode Technologies, Inc.

  1. Legal basis for processing personal data

We will only process your personal data if we have a legal basis for doing so. The legal basis on which we rely depend on the personal data concerned and the specific context in which we collect it. Generally, we rely on the following legal bases:

Contractual Necessity: We process your personal data as a matter of “contractual necessity,” meaning that we need to process the data to perform a contract with you, such as to provide you with the Services through our Customers’ applications and/or websites. When we process personal data due to contractual necessity, failure to provide such personal data will result in your inability to use some or all portions of the Services that require such personal data.

Legitimate Interest: We may also process your personal data when we believe it furthers the legitimate interest of us or other parties and such interest is not overridden by your data protection interests or fundamental rights and freedoms. Examples of these legitimate interests include:

  • Providing, customizing and improving the Services;
  • Corresponding with you;
  • Promoting our Services; and
  • Maintaining the security of our Services.

We may have other legitimate interests and if applicable, we will make clear to you at the relevant time what those legitimate interests are.

Consent: In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such personal data. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection.

Legal Obligation: From time to time we may also need to process personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

  1. European data subject rights

European residents have certain rights with respect to your personal data, including those set forth below. For more information about these rights, or to submit a request, please email us at dataprotection@incode.com. Please note that we will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

  • Access: You can request more information about the personal data we hold about you and request a copy of such personal data.
  • Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such personal data.
  • Erasure: You can request that we erase some or all of your personal data from our systems.
  • Restriction of Processing: You can ask us to restrict further processing of your personal data.
  • Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes, such as for direct marketing purposes.
  • Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such personal data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to lodge a complaint about Incode’s practices with respect to your personal data with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
  1. Transfers of personal data

Incode is a United States company with service providers located in the United States and other countries. This means that your personal data may be transferred to, and processed in, countries other than the country in which you are located. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Notice and applicable data protection laws. If you are located in the EEA, UK or Switzerland, these safeguards include transferring your personal data to a country that applicable authorities have determined provides an adequate level of protection for personal data, or by implementing the Standard Contractual Clauses with our Customers, service providers and partners. If you wish to obtain a copy of our Standard Contractual Clauses, please contact us by sending an email to dataprotection@incode.com. By accessing and/or using our Services, you agree to the processing of your personal data in the jurisdiction in which we operate.

15. Additional information for Australian residents

If you reside in Australia or are using our services or interacting with Incode in Australia, the following applies to you. This section supplements, supersedes and extends the scope of this Privacy Notice generally. The remaining sections of this Privacy Notice, other than those sections which are expressly limited to foreign jurisdictions outside of Australia or are inconsistent with the specifics of this section, also apply to you and you should consider this Privacy Notice in full for full details of how we manage your personal data, including the kinds of personal data we collect, how we collect your personal data and the purposes for which your personal data is collected, held, used and disclosed.

A. Are we a data controller or data processor?

Some privacy regimes that we are subject to distinguish how we may collect, use and disclose your personal data depending on whether we are classified as a “data processor” or “data controller.” Under these regimes, we act as a processor when providing identity verification services to our Customers. The “data processor” and “data controller” distinction is not relevant to you to the extent Australian privacy law applies and we have obligations to you with respect the personal data we hold about you, even when acting as a “data processor.” The “data processor” section below explains how we collect and process personal data as data processors on behalf of our Customers in the course of providing our Services. However, these practices are dependent on, and connected with, the data collection and use practices of our Customers.

B. Information we collect as a Data Processor

In certain instances where you use the Incode Omni, we are acting as a data processor on behalf of our Customers for the purposes of certain applicable privacy laws. In these circumstances, there is no difference in the manner of how we collect your personal data, the type of personal data collected or the third parties to whom we may disclose personal data collected to. You should refer to the sections titled “What personal data does Incode collect and why does Incode collect it?” and “How does Incode disclose personal data?” for information regarding what personal data we collect and how we collect and disclose personal data, respectively, when acting as data processors on behalf of our Customers.

The purpose for which we collect your personal data when using Incode Omni remains to verify your identity, authenticate your information and prevent fraud when you use our Customers’ websites or mobile applications. When we act as data processors, exactly how and to what extent Incode Omni is applied or operated may be subject to our Customer’s instructions or control. When acting as a data processor, the personal data that you input into Incode Omni may also be collected by, or held at the direction of, our Customers. Our Customers will use and disclose such personal data in accordance with their own privacy practices and obligations and in accordance with applicable law. We invite you to contact or refer to the relevant Customer if you need any further information regarding the privacy practices of our Customers.

While your use of Incode Omni is always voluntary and subject to your consent, we note that our Customers may be required by law to verify your identity to certain prescribed standards prior to offering services to you. For further information regarding your personal data in those cases beyond the details herein included regarding Incode’s activity, we invite you to contact the relevant company or organization if you have any questions about their privacy practices. In all other cases, we act as a data controller of your personal data for the purposes of applicable privacy law.

C. Your rights under Australian privacy law

You are entitled to access the personal data we hold about you and may request that we correct any errors in the personal data we hold. If you would like to access or correct your personal data held by us, please contact us at:

We will take reasonable steps to allow you to access your personal data unless reasonable circumstances exist that would prohibit us from doing so.

We will correct your personal data where we are satisfied that the personal data is inaccurate, out of date, incomplete, irrelevant or misleading. If we correct any personal data that we have disclosed to third parties we will take reasonable steps to notify those parties of the change or update. You accept that, following a request to correct your personal data, we may be required to take reasonable steps to verify your identity or the personal data, which may include confirmation with third parties.

If you are concerned that we may have breached the Australian Privacy Principles, please contact us immediately at the contact details set out above. We will undertake a reasonable and expeditious assessment of the concern and suggest relevant resolution processes. This process will be completed as soon as practicable and in any event within 30 days. If you are unsatisfied with our response to, or resolution of, your complaint you may choose to contact the Office of the Australian Information Commissioner at their website www.oaic.gov.au.

D. Direct marketing in Australia

Where we use your personal data to send you marketing and promotional information you will be provided with the opportunity to opt-out of receiving such information. Unless you exercise your right to opt-out of such communication, you will be taken to have consented to receive similar information and communications in the future.

16. Changes to this Privacy Notice

We may update this Privacy Notice from time to time, and, in some cases, we may provide you with additional notice at our discretion. You can see when this Privacy Notice was last updated by checking the “Last Modified” date displayed at the top of this Privacy Notice.

17. Contact information

If you have any questions or comments about this Privacy Notice, the ways in which we collect and use your personal data or your choices and rights regarding such collection and use, please do not hesitate to contact us at: