Privacy & Data Security

How is my personal information protected when verifying my investment profile with Canvas?

Canvas takes data security seriously. We are committed to safeguarding your privacy and ensuring that you can access our platform without worrying about the security of your personal information. We partner with two companies that handle your Personally Identifiable Information (PII). These are:

Vixverify / GreenID

VIX VERIFY INTERNATIONAL PTY LTD (ABN 165 074 395), is a private identity verification services provider and a gateway service provider for the  Commonwealth Document Verification Service. Vixverify or GreenID is the 3rd party ID verification service Canvas utilises, as we do not hold client identification details (such as Medicare / Drivers License / Passport etc) on our Canvas server. GreenID data security measures includes the below excerpts from their website:
http://www.vixverify.com/news-resources-2/#privacy_policy

Formstack

Formstack Forms (Formstack, LLC) is a private workplace productivity solution tool that Canvas utilises to capture data for client operations. The data privacy and security for Formstack can be found on their website:
https://www.formstack.com/data-security#GlobalPrivacy  

Campaign Monitor

Campaign Monitor is an email marketing software that Canvas utilises to send out messages and emails for client operations. The data privacy and security for Campaign Monitor includes the below excerpts from their website:
https://www.campaignmonitor.com/trust/security/

Data security and storage

Vixverify / GreenID

All personal information held by Vixverify is protected from unauthorised access through the use of secure passwords and user logons and other forms of biometric verification.

Vixverify stores all personal information that it collects securely in a manner that is sufficient to prevent misuse and loss, unauthorised access, modification or disclosure of personal information. Vixverify maintains a high level of data security by implementing:

  • physical security to prevent unauthorised entry to our premises, by installing systems to detect unauthorised access and secure containers for storing paper-based personal information;
  • computer and network security to protect computer systems and networks for storing, processing and transmitting personal information;
  • communications security to protect communications via data transmission and to prevent unauthorised intrusion into our computer network; and
  • personnel security, through Vixverify’s personnel security measures and background checking procedures to limit access to personal information only by authorised staff and for only approved purposes.

Formstack

Formstack uses AWS in the United States as its external security hosting provider. AWS meets System and Organization (SOC) standards verified by independent third-party examination reports demonstrating how the provider achieves key compliance controls and objectives. Please see the following website for further details on AWS compliance:
https://aws.amazon.com/compliance/programs/

All submission data to Formstack is disk encrypted under AES-256 and data in transit is protected by TLS >=1.2 to provide end-to-end communication security.

Campaign Monitor

Campaign Monitor stores data in a US-based data centre and it uses multiple data processing locations including USA, Australia and Germany. Campaign Monitor also uses CloudFront at strategic AWS edge and regional locations as an external content delivery network for faster content caching. More on Amazon’s CloudFront can be found here:
https://aws.amazon.com/cloudfront/features/      

Physical controls are also implemented to prevent unauthorised access to, or disclosure of, customer data. The data centres are monitored 24×7 for all aspects of operational security and performance. They are also equipped with state-of-the-art security such as biometrics, sensors for intrusion detection, keycards, and around-the-clock interior and exterior surveillance.      

The application of Campaign Monitor has been designed with focus on security by leveraging OWASP-aligned security principles for software engineering, encryption technologies and security assurance.

PII Security

Vixverify

Users can contact Vixverify to address any concerns that they have about their personal information.

If you would like access to the personal information which Vixverify holds about you or a person whom you are authorised to represent, please contact Vixverify using the contact details set out in the Contact Details section of this Privacy Policy. Your request should specify the format in which you wish to be provided the personal information (for example, in person, by email, by telephone, hard copy or other electronic record). This application is free of charge. However, Vixverify may make a reasonable charge for providing access to you. If Vixverify wishes to charge you to access the personal information, Vixverify will notify you of this charge prior to giving you access to the personal information.

Formstack

To comply with privacy practices globally, Formstack is committed to continued Forms compliance with GDPR, PIPEDA, and other privacy regulations and laws:

https://www.formstack.com/features/gdpr-compliant-forms