Last updated: April 14th, 2026

Privacy Statement

This statement provides an overview of our privacy practices for website visitors. Detailed information about legal bases, data sharing, and your rights is available in the full Privacy Policy at identitii.com/legal/governance. Identity verification details are at bndry.net/legals/identity-verification.

Organisation

Identitii Limited (ABN 83 603 107 044) and its subsidiaries, including BNDRY Pty Ltd (ABN 49 678 808 449), comply with the Privacy Act 1988 (Cth) and the GDPR.

Registered address: C/- Boardroom Pty Limited, Level 8, 210 George Street, Sydney NSW 2000
Phone: +61 2 8806 0438

Personal Information We Collect

BNDRY follows data minimisation principles, collecting only what is necessary for specified purposes. Information collected may include:

  • Contact information (name, address, email, phone, job title)
  • Employment history and professional qualifications
  • Government identification documents (driver's licence, passport, visa, birth certificate, Medicare card)
  • Device details (IP address, browser, operating system)
  • Cookie data (necessary, analytics, marketing, session, persistent)
  • Marketing preferences
  • Customer support interactions
  • Social media engagement
  • Feedback and survey responses

Data is collected directly through website visits, forms, surveys, support channels, and social media. Indirect collection occurs from business partners, affiliates, and public sources.

Cookies

We use the following cookie types:

  • Necessary: Security and navigation functionality
  • Functional: Preference and customisation memory
  • Analytics: Anonymous user interaction data
  • Performance: Load time and navigation optimisation
  • Advertisement: Browsing behaviour tracking for personalised ads

You may manage cookies through the consent banner or your browser settings, though disabling some may affect functionality.

How We Use Your Information

We use personal information for:

  • Service provision and improvement
  • User communication
  • Website traffic analysis
  • Marketing communications (with consent)
  • Legal and regulatory obligation fulfilment
  • Team recruitment
  • Information asset protection
  • Investor communication
  • Security enhancement through automated decision-making

Legal Bases for Processing

Processing occurs under the following bases:

  • Identity verification: AML/CTF obligations and applicable privacy laws
  • Investor relations: Legitimate interest
  • Recruitment: Legitimate interest
  • Regulatory compliance: Legal obligation
  • Security operations: Legitimate interest
  • Service provision: Contractual fulfilment
  • Analytics and marketing: User consent

Data Storage and Transfer

Data is stored primarily in Australia and the United States, with some processing in the European Union and Philippines. International transfers use Australian Government whitelists, EU adequacy decisions, or Standard Contractual Clauses with Transfer Impact Assessments.

Data Disclosure

Personal data may be shared with:

  • Employees, officers, and authorised contractors
  • Third-party service providers (marketing, hosting, analytics)
  • Data subjects upon request
  • Government agencies when legally required or to prevent serious harm
  • Potential business purchasers under confidentiality obligations

Our subprocessor list is available at trust.bndry.net/subprocessors.

Automated Decision-Making

Automated decision-making supports fraud detection, security monitoring, and access management. Human involvement is ensured through trained personnel review, escalation protocols, and documented outcomes.

Security

We implement encryption (TLS 1.2+ in transit, AES-256 at rest), least privilege access with multi-factor authentication, firewalls with intrusion detection, secure coding practices, regular testing, and vendor due diligence. Mandatory employee cybersecurity training occurs upon hire and annually.

Data Breach Response

Suspected breaches trigger immediate containment and risk mitigation. Eligible data breaches likely causing serious harm require notification of affected individuals as soon as practicable and relevant supervisory authorities within 72 hours.

Data Retention

Personal data is retained only as long as necessary for intended purposes or as required by law. Unused data is securely deleted, anonymised, or de-identified, in accordance with APP 11.2 and GDPR Article 5(1)(e).

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Request erasure under certain conditions
  • Restrict processing
  • Object to processing based on legitimate interests or direct marketing
  • Data portability in machine-readable format
  • Challenge automated decision-making and request human intervention
  • Lodge complaints with Identitii or supervisory authorities

To exercise your rights, contact privacy@bndry.net or write to C/- Boardroom Pty Limited, Level 8, 210 George Street, Sydney NSW 2000. We respond within 30 days.

Complaints

Initial complaints should be directed to privacy@bndry.net. Escalation options include:

Policy Updates

This Privacy Statement is updated regularly. Material updates are communicated via the website.