National Centre for Information Technology (we, us, our) is the national agency responsible for providing digital services in the Maldives. The eFaas (Service) is the digital identity management platform for citizens and residents of Maldives (you, your), to manage Your online digital identity. This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights.
We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
We collect personal information from the following sources:
We will collect personal information directly from you when you use the eFaas service to:
We will record information about your device and system interactions when you use the eFaas service to:
Information Collected from Third Parties We collect your personal information from government authorities to verify and validate the identity information you provide to register your eFaas or to increase your identity strength level. For example, we will verify:
The eFaas identity management system is connected to various authoritative registers within the government which stores your personal information.
This data is not stored in eFaas and is only shared with digital services with Your consent.
For example, we collect:
We collect and verify your personal information when you use the Service, including when you choose to:
Personal information is information that identifies you or is reasonably capable of identifying you. This may include:
When we have validated your identity documents, we will keep a record of:
Biometric matching refers to the use of a Face Verification Service to electronically compare your personal information and facial image against a specific government record to verify your identity. We need your consent to do this.
Biometric matching is used in eFaas for verification and for authentication only. You will be able to Verify biometrically, using face matching, that the eFaas belongs to you, during or any time after registration of your eFaas. When logging in to eFaas mobile app, biometric face matching is used as part of Multi-factor Authentication.
The Face Verification Service can measure the biometric information of your facial image. This means measurements or calculations about your physical appearance. These calculations or measurements are not stored.
Pictures and videos taken during facial recognition are stored in NCIT, for the purpose of verification and authentication.
The retention period for this data is 5 years. After this period, it is securely deleted.
Facial data captured during verification and authentication is not shared with other entities or organizations.
If you use your fingerprint or facial image as a secure login method on your device, this biometric function is restricted to the device used to access your apps and personal information stored on your device. We do not record or store your fingerprints or facial images used to access your device during registration or authentication processes.
We may de-identify your personal information, to compile reports and analyse statistical data related to using the eFaas services. We will use this data to understand users across the community and to enhance the eFaas service, but no individual will be reasonably identifiable.
We will use and disclose your personal information for the purpose of verifying, validating or authenticating your identity and ensure the operation of the eFaas service. We will not share your personal information without your consent with:
When you consent, the information is shared for the purpose of:
We will not use or disclose your personal information for any other purpose unless:
You can access and update certain information we hold about you, through your eFaas account or by asking us.
We will take reasonable steps to correct personal information that we hold about you when you ask us to. We want to ensure the
information we hold is accurate, up to date, complete, relevant and not misleading.
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the
top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy, You can contact us by email: [email protected]