ThisIsMe considers the protection of registrants’ personal information as paramount. It is predominantly for this reason that ThisIsMe was established, in order to protect individuals from unauthorised access to and use of their personal, identifiable information.
In order to protect registrants and partner merchants against the unauthorised usage, retention or storage of personal information, ThisIsMe makes use of a consent-driven process in all instances where consent is required and when user data is transferred. Certain information can be obtained by a requesting party without the express consent of the individual, but this is limited to the bare minimum. Should consent to view and or store information be required when accessing a client’s information, ThisIsMe will suspend the release of data until the user themselves have provided their express consent using one of the integrated tools available within the ThisIsMe platform. These include, but are not limited to:
- Consent provided via the “My Requests” section of a ThisIsMe user’s logged-in profile.
- Consent via response to SMS based requests where the user has responded in the affirmative.
- Consent via response to an email request in which the user has supplied express consent post login.
- Consent via USSD process (whether user or network initiated).
- Consent via the provision of a security PIN as selected by the user post login.
- Telephonic consent provided during telephonic interactions.
Furthermore, ThisIsMe has strict internal policies in place regarding the provision and handling of user data. These policies cover the following areas:
- Paper Records
- Retaining personal information
- Email and Personal Productivity Software
- Remote Access
- Laptops and Other Mobile Storage Devices (incl. Mobile Phones, PDAs, USB memory sticks, External Hard Drives, etc.)
- Using wireless networks
- Data transfers and encryption
- Appropriate Access and Audit Trail Monitoring
- Disposal of paper and media
- Disaster recovery
In addition to this, ThisIsMe encrypts all user data using bank-grade encryption techniques. In cases where consent to view user data is required, only an affirmative response from the user, via the communication methods listed above will unlock the users’ data and allow it to be decrypted.