Signicat MitID Privacy Statement

At Signicat, we value your privacy. The main section of this privacy statement describes which personal data Signicat collects from you, how Signicat processes such personal data, and why Signicat collects the personal data in connection with Signicat's provision of products.

Signicat is a certified MitID broker. The MitID broker role is to act as an intermediary between the core MitID infrastructure owned by the Danish Agency for Digitisation, Danish banks and MitID service providers. As a broker, Signicat offers MitID trust services on top of the core MitID infrastructure.

There are five actors in the MitID ecosystem, as shown in the diagram below.

mitit-parties

Purpose and processing

In most cases, Signicat acts as a Data Processor for the personal data we process, whereas Signicat's customer is the Data Controller. Signicat has signed data processing agreements with customers acting as Data Controllers to secure your privacy.

In cases where you, as an end-user and Data Subject, have questions about how personal data is processed, the Data Controller must be contacted.

Using MitID for authentication and/or electronic signing, in some use cases Signicat acts as Data Controller.

Signicat is a certified MitID broker and acts as an intermediary between the service provider and the MitID core system. MitID is jointly owned by the Danish Agency for Digitisation and the Danish banks.

All personal data on MitID ID Subjects are defined by the owners and collected during the registration process and usage. Citizens are referred to as ID Subject in the MitID framework. The ID Subjects consent to the terms and conditions for MitID when they register and activate MitID.

The data flow between the ID Subject via the Service Provider and Signicat as a MitID broker to the MitID provider operating the MitID core system includes the following personal data:

  • Name
  • Age
  • CPR number (if consent is given)

In addition, the following technical data is included in the data flow:

  • IP address
  • User agent data, such as browser type
  • Geolocation

MitID is regulated by law – Lov om MitID og NemLog-in – which entitles Signicat as a MitID Broker to collect, receive and control personal information from the ID Subject and the MitID core system.


Relevance of data

We only control data which is relevant and necessary to provide a secure and easy authentication or electronic signing with MitID.

Use and Transfer of Data

Your personal data will only be used for the purpose for which they were collected and we will not disclose data to third parties other than the MitID core system, the MitID service provider using Signicat as a MitID broker, or if you give your consent.

To be able to deliver the service, Signicat engages a hosting provider. Your personal data will be processed by this hosting provider according to instructions from Signicat as Data Controller within the EEA.

We may also disclose your personal data to authorities if there is a legal basis in law, regulation or after order from a public authority.

Security

We have adopted internal information security policies that contain instructions and controls protecting your personal data from being destroyed, lost or altered.

We have controls to protect against unauthorized disclosure and access. More information about our security and compliance work can be found at https://www.signicat.com/en/security-trust and https://www.signicat.com/en/certifications-and-compliance.

Get in touch

Want to talk to us about what we do, or need some additional information? Don’t hesitate to get in touch.