Who handles the privacy policy for the data collected?

easyAML handles this as the platform - it is the entity collecting the customer's personal information for verification purposes, so their are privacy obligations with easyAML. The customer's end clients are notified of easyAML's involvement through the VOI flow consent step.

What this means in practice:

• easyAML's Privacy Policy and Collection Notice governs how customer data is collected, used and stored within the platform.
• The firm using easyAML still has its own privacy policy obligations for the broader customer relationship (engagement, billing, communications) - easyAML's privacy policy doesn't displace the firm's.
• Data subject requests (access, correction, deletion) can come to either easyAML or the firm; both have obligations under the Australian Privacy Principles to respond appropriately.

For customers being challenged by their clients about why personal data is being collected and how it's used, easyAML provides standard customer-facing privacy notices that can be included in engagement letters or onboarding communications. The customer success team has these templates. We also recommended using AUSTRAC resources such Why you might be asked for ID and the AUSTRAC Customer Poster.

Related articles

• What do the easyAML agreement clauses 3.4, 3.5 and 15.9 mean?
• What external parties do we need to engage for AML/CTF readiness?
• Where is easyAML data hosted?
• Where is data hosting addressed in my easyAML agreement?