SevisWallet Privacy Policy
Your privacy and data protection in Papua New Guinea's digital wallet
Effective Date: 01 November 2025
Security First
End-to-end encryption and multi-factor authentication
Transparency
Clear disclosure of data collection and usage
Your Control
Full rights to access, correct, and delete your data
Data Minimization
We collect only what's necessary
Introduction
SevisWallet functions as a secure digital wallet enabling access to verified government digital identity (Sevis Pass) and associated services. We are committed to protecting your privacy and ensuring compliance with Papua New Guinea legislation including:
- The Constitution of Papua New Guinea (Section 49)
- Digital Government Act 2022
- National Data Governance & Data Protection Policy 2024
- APEC Cross-Border Privacy Guidelines
- OECD Privacy Principles
Information We Collect
Personal Information
- Name, date of birth, national ID number
- Email address and phone number
- Biometric data (face scan, fingerprints) - classified as highly sensitive, requiring informed, explicit, voluntary consent
Technical Information
- Device type, operating system, app version
- Usage analytics
- IP address and location data (if enabled)
Transaction Data
- Digital credentials
- Wallet transactions
- Service usage history
Once Only Principle: Data is captured only once at source per National Data Governance & Data Protection Policy 2024, stored in the Central Electronic Data Repository (Digital Government Act 2022, Section 28).
How We Use Your Data
We use your information for the following purposes:
- Identity verification and authentication for government services
- Secure wallet functions including credential storage and presentation
- App performance improvement and user experience enhancement through analytics
- Legal compliance and government regulation adherence
Processing occurs fairly, lawfully, and transparently, with pseudonymization or anonymization applied where appropriate. Automated processing (including AI in biometric verification) adheres to OECD AI principles emphasizing fairness, robustness, and human rights respect.
Data Sharing & Disclosure
SevisWallet does not sell your personal information.
Data sharing occurs only with:
- Authorized government agencies via Secure Data Exchange Platform (Digital Government Act 2022, Section 31)
- Contracted third-party service providers under strict data processing agreements
- Legal requirements, public safety protection, or breach response with prompt individual notification
Cross-border data flows comply with data sovereignty principles using APEC-aligned mechanisms. Biometric data sharing requires explicit consent and necessary safeguards.
Data Security
Our security measures include:
- End-to-end encryption at rest and in transit
- Secure authentication (PINs, biometrics, multi-factor authentication, OTPs)
- AWS cloud storage with international security standards compliance and PNG data localization where feasible
- Regular security audits, vulnerability monitoring, threat intelligence, incident response, and breach notification protocols
- Least privilege access principles with continuous unauthorized access prevention monitoring
Your Rights
As a user, you have the right to:
- Access and review your personal SevisWallet data
- Request updates or corrections to your information
- Request deletion and associated data removal (right to be forgotten) where legally permitted
- Object to processing, withdraw consent (especially for biometrics), and request structured data portability
- Receive breach notifications
- Contact support with privacy questions or complaints, receiving prompt responses
Exercise these rights through the app or the designated Data Protection Authority (once established).
Children's Privacy
SevisWallet is intended for users aged 18 and over. We do not knowingly collect data from minors. Any data involving children requires explicit parental or guardian consent with enhanced safeguards as special sensitive data.
Third-Party Development & Publication
Developer
TECH5 (temporary publisher)
Data Controller
SevisPNG, Department of Information and Communications Technology
Data Location
Papua New Guinea-based systems
TECH5 functions solely as a technical service provider following SevisPNG's written instructions, not determining processing purposes or means, nor using, sharing, or retaining data independently. Future App Store/Play Store transfer to SevisPNG will maintain this existing policy.
Third-Party Compliance
Technical operators like TECH5 must comply with SevisPNG data protection and cybersecurity standards including encryption, secure transmission, and controlled access. Periodic audits verify continued compliance.
Policy Updates
This policy may be updated periodically to reflect legal, technological, or service changes aligned with National Data Governance & Data Protection Policy 2024 review mechanisms. Changes will appear in-app and on sevis.gov.pg with notice for material modifications affecting your rights or data handling.
Contact Information
Data Controller
SevisPNG
Department of Information and Communications Technology
Waigani, Port Moresby, Papua New Guinea
Email: support@sevis.gov.pg
Website: sevis.gov.pg
Technical Operator/Service Provider
TECH5 SA
c/o SYNERGIX S.A., succursale de Genève
Rue de Neuchâtel 8, 1201 Geneva, Switzerland
Email: info@tech5-sa.com
Data protection inquiries or complaints may be directed to the forthcoming Data Protection Authority; interim inquiries should be directed to DICT.