DVS Privacy Statement

This DVS Privacy Statement explains how Narpyn Law & Conveyancing collects, uses, discloses, stores and manages information obtained for the purpose of using the Commonwealth Document Verification Service. 

This statement should be read together with our general privacy policy and any separate Verification of Identity, DVS consent form or Gateway Provider privacy notice provided to you. 

1. What is the DVS?

a) The Document Verification Service or DVS is a Commonwealth identity verification service administered by the Attorney-General’s Department. 

b) The DVS allows details from certain government-issued identity documents to be checked electronically against records held by the relevant document issuing authority. The DVS returns a verification response, such as whether the information provided matches, does not match, partially matches, or cannot be verified. 

c) The DVS does not, by itself, prove that the person presenting an identity document is the true holder of that document. It confirms whether the document details submitted match government records. 

d) Information about the operation and management of the DVS Hub by the Commonwealth Framework Administrator is available from the Attorney-General’s Department and the IDMatch website, including at: 
https://www.idmatch.gov.au/resources/privacy-statement-identity-verification-services

2. Why we use the DVS

We may use the DVS to assist us to verify your identity and, where applicable, your authority, capacity or entitlement to: 

a) instruct us; 

b) sign legal or conveyancing documents; 

c) deal with property; 

d) deal with funds; 

e) complete a transaction; 

f) comply with legal, professional, conveyancing, lender or electronic lodgement requirements; 

g) reduce fraud, identity theft and cyber-security risk; and 

h) satisfy our risk management and client due diligence procedures. 

3. Information we may collect

For DVS and Verification of Identity purposes, we may collect information including: 

a) your full name; 

b) date of birth; 

c) residential address; 

d) contact details; 

e) identity document type; 

f) identity document number; 

g) document expiry date; 

h) document issue date; 

i) document issuing authority; 

j) images or copies of identity documents; 

k) DVS verification result or response code; 

l) records of your consent; 

m) audit records relating to the verification request; and 

n) any other information reasonably required to complete identity verification. 

o) Identity documents may include passports, driver licences, Medicare cards, birth certificates, citizenship documents, ImmiCards, change of name certificates, marriage certificates or other documents capable of being checked through the DVS. 

p) If our Gateway Provider or identity verification provider uses facial matching, selfie capture, liveness detection or similar technology, additional information may be collected by that provider, including facial images, video images, liveness check information or biometric-related information. Any such collection will be addressed in the relevant provider’s privacy notice or consent process. 

4. How we collect DVS information

We may collect DVS information: 

a) directly from you; 

b) from a person authorised to act on your behalf; 

c) through our electronic Verification of Identity process; 

d) through a Gateway Provider or identity verification provider; 

e) from documents you provide to us; 

f) through electronic conveyancing, settlement or lodgement platforms; or 

g) from other persons involved in your matter, where authorised or required. 

h) Before we request a DVS check, we will seek your express consent, unless an applicable law permits or requires otherwise. 

5. Express consent

Before using the DVS, we will provide you with information about: 

a) how we will use the DVS; 

b) what legal obligations apply to the collection of your identification information; 

c) your rights in relation to the collection; 

d) the consequences of declining consent; 

e) where to obtain information about privacy complaints; and 

f) where to obtain information about the operation and management of the DVS Hub. 

g) By providing DVS consent, you authorise us and any Gateway Provider or identity verification provider used by us to collect, use and disclose your identification information for the purpose of requesting and receiving a DVS verification result. 

6. How we use DVS information

We use DVS information only for identity verification and directly related purposes, including: 

a) verifying whether your identity document details match government records; 

b) confirming your identity, authority, capacity or entitlement; 

c) managing your legal matter or conveyancing transaction; 

d) complying with legal, professional, lender, conveyancing and electronic lodgement obligations; 

e) assessing and managing fraud, identity theft and transaction risk; 

f) maintaining audit and compliance records; 

g) responding to complaints, disputes, investigations or regulatory enquiries; and 

h) complying with our legal and professional obligations. 

i) We do not use DVS information for unrelated marketing, behavioural tracking, profiling, market research or advertising. 

7. Disclosure of DVS information

We may disclose DVS information to the extent reasonably necessary to: 

a) the Gateway Provider or identity verification provider used to complete the DVS check; 

b) the DVS Hub; 

c) the relevant document issuing authority or data holding agency; 

d) electronic lodgement network operators; 

e) electronic settlement platform providers; 

f) financial institutions, lenders or mortgagees; 

g) regulators, courts, tribunals or law enforcement agencies where required or authorised by law; 

h) insurers, auditors or professional advisers; 

i) other parties involved in your matter or transaction, where necessary and authorised; and 

j) service providers who assist us with secure storage, matter management, document management or cyber-security. 

k) Where we use a Gateway Provider, that provider may have its own privacy policy, consent process and complaints procedure. 

8. Government-related identifiers

a) DVS information may include government-related identifiers, such as passport numbers, driver licence numbers, Medicare numbers or birth certificate numbers. 

b) We will only use or disclose government-related identifiers where reasonably necessary to verify your identity, authority, capacity or entitlement, to conduct your matter, to comply with our legal or professional obligations, or where otherwise permitted or required by law. 

9. Consequences of declining DVS consent

You may decline to consent to use of the DVS. 

a) If you do not provide consent, or if your identity, authority, capacity or entitlement cannot be verified to our reasonable satisfaction, we may be unable to: 

b) act for you; 

c) continue acting for you; 

d) accept instructions; 

e) deal with funds; 

f) lodge documents; 

g) complete settlement; 

h) complete a transaction; 

i) satisfy lender or electronic conveyancing requirements; or 

j) provide some or all of the legal services requested. 

k) Where appropriate, we may discuss whether another method of identity verification is available. 

10. DVS results

The DVS may return a result indicating that information: 

a) matches; 

b) does not match; 

c) partially matches; 

d) cannot be verified because of a technical error; or 

e) cannot be used because the document is expired, invalid or otherwise unsuitable. 

f) A mismatch does not necessarily mean that fraud has occurred. It may result from an error, outdated record, name variation, document issue, expired document or incorrect data entry. 

g) If a DVS result suggests that information may be inaccurate, we may request further information or ask you to provide another identity document. 

11. Security of DVS information

We take reasonable steps to protect DVS information from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure. These steps may include: 

a)secure electronic document management systems; 

b) access controls; 

c) password and authentication controls; 

d) encryption or secure transmission where available; 

e) restricted staff access on a need-to-know basis; 

f) staff confidentiality obligations; 

g) cyber-security controls; 

h) secure deletion or destruction procedures; 

i) incident response procedures; and 

j) due diligence on relevant service providers. 

12. Retention and deletion

We retain DVS information only for as long as reasonably required for: 

a) your matter; 

b) legal and professional obligations; 

c) conveyancing and electronic lodgement requirements; 

d) audit and compliance purposes; 

e) insurance and risk management; 

f) fraud prevention; 

g) dispute resolution; 

h) regulatory enquiries; and 

i) file retention obligations. 

Where we no longer require DVS information, and are not legally or professionally required to retain it, we will take reasonable steps to securely delete, destroy or de-identify it. 

We do not retain DVS information for unrelated purposes. 

13. Unsolicited information

a)If we receive identification information that we did not request and do not require, we will assess whether it is reasonably necessary for our functions or activities. 

b) If it is not required and we are not legally or professionally required to retain it, we will take reasonable steps to securely destroy or de-identify it. 

14. Overseas disclosure

a) We do not ordinarily disclose DVS information overseas. 

b) If DVS information is to be accessed or handled by a person outside Australia, we will take reasonable steps to ensure that appropriate privacy and security protections apply, unless an exception under applicable privacy laws applies. 

15. Access and correction

a) You may request access to personal information we hold about you, including DVS-related information, subject to applicable legal limitations. 

b) You may also request correction of personal information if you consider it to be inaccurate, out of date, incomplete, irrelevant or misleading. 

c) If the information requiring correction is held by the document issuing authority, you may need to contact that authority directly. We cannot amend government records held by document issuing authorities. 

16. Privacy complaints

If you have a complaint about how we collect, use, disclose, store or manage DVS information, you may contact us using the details below. 

Privacy Officer Narpyn Law & Conveyancing 1/2 Barnesby Drive, Albany WA 6330 Australia Email: sarah@nplaw.com.au Telephone: 08 6156 4358 

We will assess and respond to privacy complaints within a reasonable time. 

If you are not satisfied with our response, you may be able to make a complaint to the Office of the Australian Information Commissioner. 

Office of the Australian Information Commissioner Website: https://www.oaic.gov.au Telephone: 1300 363 992 

If a Gateway Provider or identity verification provider was involved, that provider may also have its own complaints process. 

17. Changes to this statement

We may update this DVS Privacy Statement from time to time to reflect changes in law, professional obligations, DVS requirements, technology, Gateway Provider arrangements or our internal procedures. 

The current version will be available on request or through our usual client communication channels.