← Changelog

This is an archived version of the Privacy Statement, effective December 16th, 2025 to April 14th, 2026. The current version is at bndry.net/legals/privacy-statement.

Effective: December 16th, 2025 to April 14th, 2026

Privacy Statement

Last Updated: December 16th 2025

Introduction

This statement provides a high-level overview of privacy practices for website visitors. For comprehensive details regarding legal bases, data sharing, and full rights, refer to the complete Privacy Policy at https://www.identitii.com/legal/governance.

Who we are

Identitii Limited. Registered Address: C/- Boardroom Pty Limited, Level 8, 210 George Street, Sydney NSW 2000. Contact number: +61 2 8806 0438. Identitii Limited (ABN 83 603 107 044) and wholly owned subsidiaries.

This Privacy Statement applies to Identitii Limited and BNDRY Pty Ltd (ABN 49 678 808 449). It summarises privacy practices for website visitors and other social media channels, explaining personal data handling in compliance with the Privacy Act 1988 (Cth) and the General Data Protection Regulation (GDPR). For customers, contractual data processing terms apply. For employees, contractors, or other stakeholders, the full Privacy Policy is available at https://www.identitii.com/legal/privacy-statement.

Privacy policies of other websites

The website contains links to external sites. BNDRY is not responsible for their privacy practices, and users should review their respective privacy policies.

Your personal information

What personal data we collect

BNDRY adheres to data minimisation principles, collecting only personal data necessary for specified purposes. Data is gathered for clear, legitimate reasons and not used contradictorily to those purposes. Regular reviews ensure data remains relevant and limited to intended use, with collection methods designed to prevent unnecessary or excessive information gathering.

The organisation commits to maintaining accurate and current personal data. Data validation occurs at collection points, with regular reviews ensuring accuracy. Individuals may request updates or corrections by contacting privacy@bndry.net, with all requests handled promptly. Data integrity is maintained through technical and organisational measures, including validation checks within data entry systems.

Personal data collected includes:

  • Contact details (name, address, email, phone number, job title)
  • Employment information (history, professional qualifications)
  • Device details (IP address, browser, operating system – with consent)
  • Cookie data (strictly necessary, analytics, marketing, session, persistent)
  • Marketing preferences (subscriptions, engagement with marketing emails)
  • Customer support interactions (queries, emails)
  • Social media engagement (profile details, interactions, shared content, demographics, and device information)
  • Feedback, complaints, and survey responses

How we collect personal data

Data collection occurs directly through website visits, form submissions, surveys, customer support interactions, social media, and marketing engagement. Indirect collection happens from business partners, affiliates, and public sources.

Cookies enhance functionality and improve user experience. Upon visiting the website, cookie preferences can be managed through a consent banner. Cookies may be disabled via browser settings, though this may affect website functionality. Except for strictly necessary cookies recording user choices, no cookies activate until clear, affirmative selection occurs.

Cookie types:

  • Necessary: Essential for proper website function, enabling security features and site navigation.
  • Functional: Enhance usability by remembering preferences and customisations, such as language settings.
  • Analytics: Collect anonymous user interaction and website performance data to improve experience.
  • Performance: Monitor and optimise website performance, ensuring fast load times and smooth navigation.
  • Advertisement: Track browsing behaviour to deliver personalised ads and limit ad frequency.

Why we collect personal data and our legal basis

  • Investor relations – Legitimate interest (GDPR Article 6(1)(f)).
  • Recruitment – Legitimate interest (GDPR Article 6(1)(f)).
  • Regulatory compliance – To meet legal obligations (GDPR Article 6(1)(c)).
  • Security operations – Legitimate interest (GDPR Article 6(1)(f)).
  • Service provision – To fulfil contractual obligations (GDPR Article 6(1)(b)).
  • Website analytics and marketing communications – With user consent (GDPR Article 6(1)(a)).

For sensitive personal data collection, reliance is placed on GDPR Article 9(2)(a), requiring explicit consent, unless another exception under Articles 9(2)(b)–(j) applies. Processing may occur where necessary for employment, legal claims, or substantial public interest as defined under relevant law.

Where we store your data

Data is stored primarily in Australia and the United States, with some processing in the European Union and the Philippines. Where data transfers outside Australia or the EEA, mechanisms such as the Australian Government whitelist, European Commission adequacy decisions, or Standard Contractual Clauses (SCCs) are relied upon. Where SCCs are used, Transfer Impact Assessments (TIAs) are conducted to evaluate the legal and operational environment in destination countries.

How we use and disclose personal data

Personal data is used to: provide and improve services; communicate with users; analyse website traffic; send marketing communications (with consent); fulfil legal and regulatory obligations; recruit team members; protect information assets; communicate with investors; enhance security and compliance through automated decision-making (ADM).

ADM is employed for fraud detection, security monitoring, and access management. Personal data is processed for these purposes based on legitimate interests (security and fraud prevention), legal obligations, and contractual necessity. Meaningful human involvement is ensured in all automated decision-making processes that may significantly affect individuals. This includes review by trained personnel, escalation to a privacy or risk officer if concerns arise, and documented outcomes ensuring fairness, transparency, and accountability.

Personal data is disclosed to: employees, officers, and authorised contractors; third-party service providers (e.g., marketing, hosting, analytics); data subjects, upon request; government agencies and authorities when legally required or to prevent serious harm; potential purchasers in events of business sale, transfer, or change of control, under confidentiality obligations and as permitted by law. For a list of third-party sub-processors, visit https://trust.bndry.net.

How we protect your data

Security controls

Technical and organisational measures protect personal information, including encryption (TLS 1.2+ in transit, AES-256 at rest), least privilege access with MFA, and firewalls with intrusion detection and prevention systems. Secure coding practices, regular security testing, and vendor due diligence strengthen security further. Employees receive mandatory cybersecurity training upon hiring and annually, with strict incident reporting protocols.

Compliance and monitoring

Internal and third-party security audits, annual risk assessments, and compliance with the Australian Privacy Act 1988, APPs, GDPR, and relevant security frameworks such as ISO 27001 and SOC 2 are conducted. Continuous security monitoring, penetration testing, and automated threat detection help identify and mitigate risks.

Data breach response

When a data breach is suspected, immediate action is taken to contain and mitigate it. The incident is assessed to determine if it qualifies as an eligible data breach likely to cause serious harm. If required, affected individuals are notified as soon as practicable, and the relevant supervisory authority is informed within 72 hours. If direct notification is impractical, public notice is published. Post-incident review analyses root cause, implements corrective actions, and reports findings to senior management and regulators if necessary.

How long we retain your data

Personal data is retained only as long as necessary for intended purpose or as required by law. When no longer needed, data is securely deleted, anonymised, or de-identified. This approach aligns with obligations under Australian Privacy Principle (APP) 11.2 and GDPR Article 5(1)(e), requiring reasonable steps to destroy or de-identify personal information when no longer needed for collection purposes or as otherwise required by law.

Your data protection rights

Identitii ensures individuals are informed of their rights under relevant privacy laws. Rights include:

  • Right to access – Request confirmation of data processing and access to that data.
  • Right to rectification – Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Right to Be Forgotten) – Request deletion of personal data under certain conditions.
  • Right to restrict processing – Request temporary halt to data processing under specific circumstances.
  • Right to object to processing – Object to processing based on legitimate interests or for direct marketing.
  • Right to data portability – Request machine-readable copy of data or transfer to another organisation.
  • Right to challenge automated decision-making and profiling – Contest decisions made solely by automated processes and request human intervention.
  • Right to notification of rectification, erasure, or restriction – Be informed when data is corrected, erased, or processing is restricted.
  • Right to lodge a complaint – Submit complaints to Identitii or a supervisory authority if rights were violated.
  • Right to sue for serious invasions of privacy – Take legal action under Australian law for serious breaches involving personal information.

How to exercise your rights

To exercise rights, contact privacy@bndry.net or mail C/- Boardroom Pty Limited, Level 8, 210 George Street, Sydney NSW 2000. Responses are provided within 30 days. If requests are denied, written explanations are provided.

Lodging a complaint

If personal data has not been handled appropriately, lodge a complaint at privacy@bndry.net or by mail. If unsatisfied, escalate to:

Changes to our privacy policy

This Privacy Statement is updated regularly. Changes will be published on the website, and material updates will be communicated via the website.