Privacy Statement
Version 1.7
16-08-2024
Table of contents
- 1. Introduction
- 2. Who are we?
- 3. Which personal data do we process?
- 4. How and for what purpose do we use your data?
- 5. Lawfulness of processing
- 6. Storage period of the data
- 7. Data security
- 8. Your rights
- 9. Recipients of your personal data
- 10. Questions
- 11. Revisions
- 12. Dutch Data Protection Authority
1. Introduction
This Privacy Statement is relevant for visitors of our website and (future) users of Vidua. We highly value your ease and convenience while making use of Vidua and in order to provide optimal security we handle your personal data with utmost care, integrity and transparency. With this Privacy Statement we would like to inform you about which data we collect, how we collect your data (directly or indirectly), why we collect your data (for which purposes), on the basis of which principles (lawfulness) and how we further handle your data.
2. Who are we?
Cleverbase ID B.V. (hereafter: Vidua or We), an ETSI/eIDAS accredited Qualified Trust Service Provider under the supervision of Radiocommunications Agency. We are located at Maanweg 174, 2516 AB in Hague, the Netherlands, and registered in the Chamber of Commerce (Kamer van Koophandel), registration number 67419925. Vidua also is the brand name and trademark under which We deliver the services to you as a user.
3. Which personal data do we process?
We process the following personal data in order to offer our products and services:
- Identification details
- Personalia: name, date of birth, place of birth, gender, nationality.
- Details of means of identification: Date of issue, Date of expiration, Document number, Authority, Document issuer, Document type.
- Video recording and static image.
- Contact details: name, email address and phone number.
- Technical details: IP address, login details, language settings and operating system of the used device.
- User details: your username, which is always a self-selected email address.
3.1 Processing of personal numbers
Vidua has no ground to process your personal number (BSN or other national personal numbers) and prevents unwanted processing of personal numbers as much as possible. Depending on the nationality and the model, a personal number can be found on the front and / or back side of the plastic card. Please mask the personal number in these places before taking a photo of the document in the Vidua app, for example with opaque tape. For some models, the personal number is also located in the MRZ (= Machine Readable Zone), the two lines of text at the bottom of the plastic card or the three lines of text on the back. This entire MRZ code must be readable when the document is being photographed with the Vidua app. We mask the MRZ with an overlay, so that we do not save it. After the photo, we ask you to also mask the personal number in the MRZ, because we cannot mask it during the video.
4. How and for what purpose do we use your data?
-
Visitor data website
General visitor data are used to show, maintain and improve the website as well as possible. We analyze how many visitors our website receives, which web pages are visited and where the visitors come from.
-
Contact with Vidua
As soon as you contact Vidua, we collect the following data:
- Contact details
- Identity details
To ensure the best service, we use your contact details to communicate with you. If you are a registered client at Vidua and you need support with the use of a service, then we might ask you for additional identity details.
-
Usage of Vidua
Vidua collects the following data:
- Technical details
- Identity details
We use this data to properly protect our organisation and to guarantee user-friendliness. We do this with i.e. tests, handling incidents, problem solving, technical support and reporting
-
Applying for a job at Vidua
Vidua collects the following data as part of the processing of job applications.
- Identity details: name, date of birth, information from CV
- Contact details
We use this data to be able to properly carry out the application procedure.
4.1 Registration at Vidua
We collect the following data:
- Identity details
- Technical details
- Contact details (name, emailadres)
To register you as a new client, we use your identity and contact details to lawfully and correctly determine and confirm your identity. We need the above mentioned data to comply with Dutch Identification legislation. We use technical details to maintain and optimize the registration process.
4.2 Mobile application use
We collect the IP address to make statistical analyzes about the use of the Vidua app using Firebase Analytics. The last eight numbers of the IP address are masked and no other personal data is shared. Vidua has concluded a data processing agreement with Firebase Analytics and does not use other statistical analysis services for application use in combination with Firebase Analytics.
Since we like to help everyone to register with Vidua, customer service can contact you by email (one time) if you have not yet completed your registration attempt, but can still complete it.
4.3 Signing with Vidua
Vidua shares the following data with the (third party) signature application used by you for the signing process:
- Signing certificate
- Public key
- Full name end-user
These details are needed by your (third party) signature application, so you can use Signing with Vidua.
4.4 Identity Federation by Vidua
Vidua creates, stores and shares the following data:
- The identity attributes that you have consented to share.
- A consent statement signed by you stating that you consent to sharing your personal data with the requesting third party. The consent contains information on which data you share with whom and for what purpose.
These details are used for sharing certain identity attributes with requesting third parties, so you can make use of Identity Federation by Vidua.
5. Lawfulness of processing
Organisations are only allowed to process personal data if they have a basis for doing so. The General Data Protection Regulation (GDPR) lists six possible lawful bases. We use four of these bases for our various processing operations:
- Permission: to lawfully secure your identity and to get in touch with you at your request.
- Contractual agreement: when you, as a customer, purchase our products and/or services or would like to do so, and we must process your personal data to be able to do so. We also use this basis to provide you with the necessary information concerning using Vidua.
- Legal obligation: if we receive a legitimate claim to provide data to a competent authority. We are also legally obliged to keep personal data in our financial records in accordance with tax legislation.
- Legitimate interest: we use this basis for processing the application and carrying out the application procedure.
6. Storage period of the data
We do not store your personal data for longer than strictly necessary for the purpose for which we obtained it. We base this assessment on the type of personal data, the product or service for which we have obtained the data, and what you, as the data subject, can reasonably expect as a retention period.
For the personal data that are processed to lawfully determine and confirm your identification, we use a retention period of maximum ten years: we store your personal data for as long as your certificate is valid, maximum three years, and on top of that seven more years based on legislation after the expiration date of the certificate.
7. Data security
We do everything to offer optimal data security and to secure your personal data against loss and illegitimate usage. All employees of Vidua who have knowledge of personal data in the context of their duties are obliged to maintain confidentiality. Your personal data will only be shared with third parties in case of necessity with regard to above mentioned purposes. Vidua has been evaluated by an independent auditor and is ISO27001 certified. ISO27001 is the standard for information security.
8. Your rights
Based on the General Data Protection Regulation, you are entitled to the following rights:
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
In case you would like to know which of your personal data We process and for which purposes, or in case you would like to invoke one of the above mentioned rights, please get in touch with us via klantenservice@vidua.nl. We will inform you as soon as possible about your request.
9. Recipients of your personal data
The following persons and/or authorities possibly have access to your personal data:
- Employees of Vidua that are assigned to or managing responsibilities related to the processing of personal data or the people that are involved in doing so;
- (Sub)Processors that are involved by Vidua in order to execute specific tasks with regard to her provision of services;
- Governmental bodies, such as police and justice, for as far as necessary to comply with applicable norms and legislation.
10. Questions
In case of any questions related to the way we handle your privacy or in case you would like to invoke one or more of your rights as mentioned above, please get in touch with us via email klantenservice@vidua.nl, via post “Maanweg 174, 2516 AB Hague, the Netherlands” or via phone: +31 70 820 96 80.
11. Revisions
We are entitled to revise our Privacy Statement at any given moment. We will announce this revision via our website. In case we want to radically change the underlying principles, we will actively reach out to you.
12. Dutch Data Protection Authority
We would like to support you in case you have a complaint regarding the processing of your personal data. Based on privacy legislation, you can file a complaint with the Dutch Data Protection Authority about the processing of your personal data. This is possible via the website of the Dutch Data Protection Authority: https://www.autoriteitpersoonsgegevens.nl/en.