eFaas - Privacy Policy

Last Updated: 09th May 2023

Purpose

National Centre for Information Technology (we, us, our) is the national agency responsible for providing digital services in the Maldives. The eFaas (Service) is the digital identity management platform for citizens and residents of Maldives (you, your), to manage Your online digital identity. This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

How we collect personal information

We collect personal information from the following sources:

directly from you
indirectly from you
from third parties.

Information Collected Directly from you

We will collect personal information directly from you when you use the eFaas service to:

register for your eFaas account
increase the identity strength associated with your eFaas account
update your personal information.

If you do not consent to provide or share your personal information, you will not be able to create an eFaas account.

Information Collected Indirectly from you

We will record information about your device and system interactions when you use the eFaas service to:

manage your eFaas
monitor application use and system performance
investigate and verify the operation of the eFaas services.

Information Collected from Third Parties

Information Collected from Third Parties We collect your personal information from government authorities to verify and validate the identity information you provide to register your eFaas or to increase your identity strength level. For example, we will verify:

ID number and associated personal data with the records from Department of National Registrations for citizens
Employment records with the data of Ministry of Economic Development for Work permit holders
For residents with long-term visas, your visa related information from Maldives Immigration.

The eFaas identity management system is connected to various authoritative registers within the government which stores your personal information. This data is not stored in eFaas and is only shared with digital services with Your consent. For example, we collect:

Driver’s license records from Ministry of Transport & Civil Aviation to provide the digital driver's license service.

Types of Information We collect, hold and use

Personal information

We collect and verify your personal information when you use the Service, including when you choose to:

register for eFaas
increase the identity strength associated with your eFaas account
update your personal information.

Personal information is information that identifies you or is reasonably capable of identifying you. This may include:

date of birth
address
contact details, including email address and phone number
details contained in Department of National Registration, Ministry of Economic Development, Maldives Immigration; issued identity documents, such as, but not limited to:
- the type of document
- document issuer
- document numbers
- effective dates
- photographic images of you
- signatures
biometric images of your face (see Biometric matching for further details).

When we have validated your identity documents, we will keep a record of:

the document type used
the information that was verified
your consent
the result of the document verification outcome.

We also collect personal information about your system use to:

confirm your identity
compile statistics and reports to enhance our systems and services
identify and respond to issues that indicate authentication integrity risks
detect, manage and investigate fraudulent activity which may lead to criminal prosecution.

Personal information about your system use that will be logged includes:

information about your device and browser, such as your operating system and user session
your internet provider number (IP address)
the date and time of your use of the authentication service
successful and unsuccessful attempts at authenticating.

We may share this information with other agencies, if we are authorized or required to by law.

Biometric matching

Biometric matching refers to the use of a Face Verification Service to electronically compare your personal information and facial image against a specific government record to verify your identity. We need your consent to do this.

Biometric matching is used in eFaas for verification and for authentication only. You will be able to Verify biometrically, using face matching, that the eFaas belongs to you, during or any time after registration of your eFaas. When logging in to eFaas mobile app, biometric face matching is used as part of Multi-factor Authentication.

The Face Verification Service can measure the biometric information of your facial image. This means measurements or calculations about your physical appearance. These calculations or measurements are not stored.

Pictures and videos taken during facial recognition are stored with the face verification service vendor, who provides facial recognition service for eFaas for the purpose of verification and authentication.

The retention period for this data is 5 years. After this period, it is securely deleted.

Facial data captured during verification and authentication is not shared with other entities or organizations.

If you use your fingerprint or facial image as a secure login method on your device, this biometric function is restricted to the device used to access your apps and personal information stored on your device. We do not record or store your fingerprints or facial images used to access your device during registration or authentication processes.

Unidentified information

We may de-identify your personal information, to compile reports and analyse statistical data related to using the eFaas services. We will use this data to understand users across the community and to enhance the eFaas service, but no individual will be reasonably identifiable.

Information we use and disclose

We will use and disclose your personal information for the purpose of verifying, validating or authenticating your identity and ensure the operation of the eFaas service. We will not share your personal information without your consent with:

third parties
the online services you attempt to access.

When you consent, the information is shared for the purpose of:

verifying your identity
authenticating your identity
confirming the outcome of any authentication attempts
and providing your personal information required for a digital service.

We will not use or disclose your personal information for any other purpose unless:

you have consented, or
we are required or authorised to do so under Maldivian law or a court/tribunal order.

We will not use or disclose personal information for direct marketing.

How you can access or correct personal information held about you

You can access and update certain information we hold about you, through your eFaas account or by asking us.

We will take reasonable steps to correct personal information that we hold about you when you ask us to. We want to ensure the information we hold is accurate, up to date, complete, relevant and not misleading.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us by email: [email protected]