Privacy Policy

Privacy Policy 

Effective Date: 19/11/2024 
 
 

Who We Are 

Welcome to One Click Services. We provide Application Programming Interfaces (APIs) relating to identity checks that enable businesses to integrate and enhance their services. Our website address is: https://oneclickservices.com.au. 
 

We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988, the TFN act 2015, and the Identity Verification Services Act (IVS) 2023 – ensuring that personal information processed through our APIs is handled securely and transparently. 

Personal Information We Collect 

Through the use of our APIs and related services, we may collect and process the following types of personal information: 

• Data provided by client systems to our APIs for processing (e.g., name, dob, document type, document expiry, passport image (NFC), transactional data). 

• Technical data such as API request metadata (e.g., IP addresses, request timestamps, and API keys). 

• Contact details of our clients and their authorized representatives for account management (e.g., email addresses, names). 

• Logs and analytics data to monitor API usage and ensure operational efficiency. 

 
We do not collect or store any sensitive document details such as card numbers or certificate numbers, only if the transaction was a success or failure.  
 

How We Collect Personal Information 

We collect personal information in the following ways: 

• Directly from our client companies when they use our APIs or contact us for support. 

• Automatically from API requests, including metadata generated during interactions. 

• From user interactions on our website or customer portals. 
   

Purpose of Collecting Personal Information 

We collect and use personal information to: 

• Enable the secure and efficient operation of our APIs and related services. 

• Provide technical support and account management to our clients. 

• Monitor API performance, detect fraud, and maintain operational security. 

• Comply with legal and regulatory requirements. 

Disclosure of Personal Information 

Your data is your data and we, nor any third party required for the service, will ever use it in a way not directly stated. Data is only disclosed to those necessary to provide the service. 

• to document issuers or official record holders via third party systems for the purpose of confirming your identity 

• to the business leveraging the API for the purpose of its service 

• to Microsoft’s Azure who assist in operating our APIs and services 

• when required by law or regulatory bodies to comply with legal obligations.  

Data Retention 

• Data processed through our APIs is retained only as long as necessary to fulfill its purpose or comply with legal obligations. 

• Document details extracted from e-passports; including name, date of birth, expiry, and biometric data, is removed when the invitation token expires (generally around 7 days).  

• API request logs, including metadata, are stored securely for operational and auditing purposes for up to 7 years. 

Your Rights 

As an API provider, we typically act as a processor for data provided by our clients. However, individuals whose data is processed through our APIs have the following rights: 

1. Access: Request information about data processed through our APIs. 

2. Correction: Request corrections to inaccurate or incomplete data. 

3. Deletion: Request deletion of data, subject to legal and operational requirements. 

Requests can be directed to the client company that owns the data, or to us directly for technical support. We will assist within the bounds of our role as a processor. 

How We Protect Your Data 

We employ robust security measures, following the Information Security Manual (ISM) to protect data processed through our APIs: 

• Encryption of data in transit and at rest using industry-standard protocols. 

• Secure access controls to restrict unauthorized access. 

• Regular security audits and vulnerability testing. 

Cookies and Tracking 

While our primary focus is API services, our website may use cookies for: 

• Authentication and session management. 

• Tracking website traffic and performance analytics. 

You can manage cookies through your browser settings. Note that disabling cookies may impact website functionality. 

Client Responsibilities 

Clients leveraging our APIs are responsible for: 

• Ensuring that personal information provided to our APIs complies with all relevant privacy laws and regulations. 

• Providing notices and obtaining appropriate consents from individuals whose data is processed via our APIs. 

Complaints and Contact Information 

If you believe we have breached the APPs or mishandled personal information processed through our APIs, please contact us: 

• https://oneclickservices.com.au/contact-us

We will investigate and respond to your complaint within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC). 

Changes to This Policy 

We may update this policy periodically to reflect changes in laws, services, or practices. Updates will be published on this page with a revised “Last Updated” date. 

Accessibility of This Policy 

This policy is available free of charge. If you require it in an alternative format, please contact us.