Your Privacy

The NightKey technology is protected by patents granted to NightKey's parent company Entry Data P/L in Autralia, New Zealand, Singapore, South Africa, Hong Kong and the United Kingdom. These patents grant Entry Data P/L intellectual property according to the terms of the patent grants in each jurisdiction. In each jurisdiction the patent runs from 27 February 2007. NightKey has patent pending applications in numerous other countries including Europe, China and the USA.

Individuals or companies wishing to use or license the use of NightKey technology in their country or business are welcome to contact NightKey managing director Mario Madaffari at mariom@nightkey.com.au to discuss.

Privacy Statement

NightKey® treats the protection of personal information as a key responsibility and is committed to ensuring that patrons’ privacy is afforded the highest levels of protection. This Privacy Statement sets out how we handle personal information.
NightKey® is a business unit of EntryData Pty Ltd ACN 098 160 144. This document sets out our information handling policies to ensure that you are aware of, and understand, how your information is collected, used, disclosed and stored and what rights you have in relation to it.

About NightKey’s Services

NightKey® provides identity verification and entry authorisation services to businesses around Australia that subscribe to the NightKey® system (Venues), such as night clubs and hotels. Venues use fixed and handheld terminals provided by NightKey® to record and verify patrons’ identities when they enter their premises and to ensure that such patrons have not been previously banned from entering their venues. This assists Venues in ensuring that they provide patrons with safe and secure environments primarily by deterring individuals who intend to engage in inappropriate or illegal activities from entering their premises. The information collected through NightKey® terminals is stored by NightKey® on a central server. If, when entering a Venue, you do not wish to enrol on the NightKey® system, you may experience longer waiting times in queues or possible denied entry.

How we collect your information

In almost all cases, information we collect about you is collected through NightKey® terminals and NightKey® server interface programs used by Venues.
From time-to-time, there may be other occasions on which we collect information about you via other means; for example, when you correspond directly with us via NightKey’s website at www.nightkey.com.au.

Kinds of information we collect

When you complete an enrolment or entry process at a Venue using a NightKey terminal, we will collect the information you provide through the terminal. Generally, this will include:
• FingerPIN – When you opt to use the “fast access” feature on the NightKey terminal as your primary method of identification, the terminal will scan your fingerprint and instantly formulate a unique 300 digit binary number (eg. 011010110001…) to represent your fingerprint (this number is calculated based on distances between various ridge and meridian points on your fingerprint). The resulting number is called a FingerPIN. The NightKey terminal only stores the scanned image of your fingerprint momentarily (a few seconds at most) whilst the FingerPIN is being formulated. As soon as the FingerPIN is calculated, the NightKey terminal automatically and permanently deletes your fingerprint image. The terminal does not keep an image of your fingerprint and it is not possible to reverse engineer your fingerprint from your FingerPIN.
• Identifying information – When you enrol for the first time on a NightKey terminal, you will be asked to provide some form of ID which will be scanned. If you provide another form of ID, relevant information (generally, your name, date of birth and gender) will be recorded in the terminal by a Venue staff member.
• Photograph and audio visual footage – When you enrol for the first time on a NightKey terminal, your photo is taken by a camera in the terminal and stored with your name, date of birth etc. The camera also takes an audio visual clip of approximately 5 seconds in length while you are enrolling and any time you interact with a Nightkey terminal.
Venues are able to maintain on the NightKey server a “Banned Persons” database which they use to help them identify patrons that they have previously prohibited from entering their premises. The types of information that are recorded on this database include the patron’s name, photo, date of birth, scanned ID, the reasons for which they have been banned and event summaries of the circumstances surrounding their ejection from the Venue.
We may hold other information about you that we have received or generated in the course of our day-to-day business activities, such as details contained in correspondence we have received from you.

How we use your information

We use personal information contained on the NightKey® system for the following purposes:
• to provide identity verification and entry authorisation services to Venues;
• to assist Venues to identify any individuals engaging in antisocial or illegal activities;
• photos taken at the time of enrolment are used for the purpose of verifying that a person who presented a photo ID matched the photo contained on the ID should the need to do so at a later date arise;
• for internal purposes, such as procedural assessments, risk management, product and service reviews, staff training and accounting.

How we disclose your information

NightKey® only discloses your information in very limited circumstances and, when it does so, only provides parts of your information that are necessary for the recipient’s purposes. This will generally only occur in the following situations:
• When you re-enter a Venue at which you have enrolled on the NightKey® system – For example, if you enrol on the system at a Venue and choose to have a FingerPIN allocated to you, each time you subsequently visit the Venue you will be asked to identify yourself by having your fingerprint scanned. The NightKey® system will then automatically provide your first name (but no other details) to the Venue staff member operating the NightKey® terminal.
• If an individual attempts to enter a Venue from which he or she has been banned – The NightKey® system will automatically notify the Venue staff member operating the NightKey® terminal of this as well as his or her name, date of birth, the reasons for being banned and event summaries of the circumstances surrounding his or her ejection from the premises. In only this case a copy of your licence will be retrieved from the data base to confirm the identity of the banned patron in case identity is disputed.
• When a Venue turns its NightKey® terminal on, the Banned Persons database relating to that Venue will automatically be sent to that terminal to enable the Venue to identify persons listed on its banned database.We do not share information between Venues. For example, if you enrol on the NightKey® system at Venue A and then subsequently visit Venue B, you will be required to re-register on the NightKey® system at Venue B as we will not reveal any information collected at Venue A to Venue B. The same applies in relation to information contained on Banned Persons databases.
• When a venue at which you are enrolled on the NightKey® system wishes to view your information - Senior Staff at Venues (Managers) have access to limited information about patrons who have enrolled on the NightKey® system at their venue. This enables them to, for example, place a ban on entry for a particular patron who was ejected from their venue.
We do not share information between venues, under any circumstances, sell or otherwise trade in your personal information. Generally, NightKey® will not disclose your personal information to any of its contractors or service providers. However, circumstances may arise where this is necessary at some point in the future. Should such circumstances arise, we will ensure that strict contractual measures are in place requiring the recipient to protect the privacy of your information, to only use the information for the purposes of their engagement and to destroy any copies of the information once their engagement is complete.
We may also disclose a person’s personal information where we are legally required to do so (such as under a court order) or where the Police inform us that they are investigating a particular individual and request information from us about that individual to assist them with their inquiries (in which case we will only provide details after making a record of the name and badge number of the police officer to whom the information is provided).

How we secure your information

We hold all of your personal information in a secure manner to ensure that it is protected from unauthorised access, modification and disclosure.
Our electronic databases are stored on a central server in a secure location which provides top-level physical security.
Security measures regarding electronic records meet highest industry standards and include 1024 bit and 128 bit encryption, biometric verification for terminal access, usernames and passwords, firewalls and audit-trails. Access to electronic records is strictly limited to staff whose tasks require access, such as senior managers and security officers.
When records containing personal information are no longer needed, we ensure those records are destroyed securely; for example, we degauss (ie. demagnetise) electronic records so that information contained in them cannot be retrieved.

Complaints

If you are not satisfied with how we handle your personal information, you can lodge a complaint in writing with our Privacy Officer. Your complaint will be treated confidentially. Our Privacy Officer will contact you within 14 days to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in an appropriate manner with which you are satisfied. You may contact our Privacy Officer to enquire about the progress, or any other aspect, of your complaint at any time.

Removing your information

If you have enrolled on the NightKey® system, you may request for your information to be deleted at any time by visiting our website at www.nightkey.com.au and following the prompts. Once your details are deleted, they will be stored in an archives database for 30 days in case we need to retrieve the information for any reason. After 30 days, the details will be automatically deleted. Please note that to regain entry to any NightKey® venue which you have requested deletion from will require you to fully enrol again. Please note that if you have been banned from a NightKey venue then your details will not be deleted until such time as the ban has expired.

Accessing your information

You may request access to the personal information we hold about you by sending a written request to our Privacy Officer. You do not need to provide a reason for your request. Once our Privacy Officer has verified your identity, we will provide you with a print-out of information we hold about you within 14 days. Generally, we do not charge any fees for providing access; however, fees may be charged in special circumstances on a cost-recovery basis.
In rare circumstances, we may not be able to provide you with access to your information. This may occur where, for example, we are required by law to withhold the information, it relates to legal proceedings or would affect negotiations we are holding with you. If we are unable to provide you with access, we will provide reasons for this and consider whether the use of an intermediary would be appropriate to provide you with an explanation of your personal information.

Correcting your information

If your personal information is out-of-date or incorrect, you may inform us of this in writing and we will correct it for you. There is the ability to correct or amend your personal information through visiting our website at www.nightkey.com.au. In the unlikely event that we disagree about the accuracy of the information and are unable to change it, you may provide us with a statement indicating that you dispute its accuracy and we will associate the statement with your information in such a manner that it will be brought to the attention of each person who subsequently uses the information.

Changes to this policy

Due to changing business circumstances, we may need to make changes to this policy from time to time. However, we will endeavour to ensure that any such changes do not reduce your overall level of privacy protection. Any amended or new policy will be published on our website. Any actions that we have taken before the changes will continue to be regulated by the policy that existed before the changes were made. Persons enrolled in the NightKey® database will not be directly notified when changes to the NightKey® Privacy Policy are made, so please be sure to check our web site at www.nightkey.com.au for the latest version. If you do not approve of the terms of any new policy, you will be able to remove your details from the NightKey® system at any time (see above).

Further information

If you have any queries or requests in relation to this policy, please contact our Privacy Officer whose current contact details are available at www.nightkey.com.au
This policy commenced on: 10 September 2008
Print this document