Signicat MobileID Privacy Statement
This Privacy Statement governs your use of the software application MobileID (“Application”) for mobile devices that was created by Signicat AS, a private company registered in Norway under organization number NO989584022, with its registered main office at Beddingen 16, 7042 Trondheim, Norway. This Privacy Statement is defined to ensure demonstrable compliance with legislative requirements, including EU Regulation 2016/679 (GDPR) and transparency of personal data processing for both Signicat’s customers, data subjects and data protection authorities.
Application Description
The Application offers a simple way to use strong two-factor authentication and works with service providers or merchants (“Providers”) that have chosen to enable the Application for their users. When you log into your Provider, the MobileID app will automatically be started. Depending on your Provider’s security requirements, you will only have to provide a fingerprint or facial image on the mobile device to authenticate. No password is needed. Through the MobileID Application, Providers can leverage fingerprint and facial recognition technology to provide the best user experience currently available, while still maintaining the security needed to perform transactions and other sensitive actions.
What information does the Application obtain and how is it used?
User provided information
When you register the Application with a Provider, you will have to use
a. PIN code
and optionally,
b. fingerprint
c. facial image
depending on user preferences and device capabilities. None of the User Provided information in (a), (b), or (c) leaves the device that the Application is installed on. Biometric information provided by the user in the optional steps (b) and (c) is handled by the device’s operating system and the Application does not receive, store, or process any of this data in whole or in part. None of the information in a), b) or c) can be viewed or accessed by your Provider.
Automatically collected information
The Application collects certain information automatically. Here is a complete list of all data collected in the Application automatically.
a. The IP address of your mobile device.
b. The type and version of Internet browser that your device uses.
c. Risk attributes related to the integrity of your device.
d. The unique device ID created by the Application for your device.
e. The manufacturer of the device that you use.
f. The model of the device that you use.
g. The Operating System (OS) of your device.
h. The version of the Operating System (OS) of your device.
The information in a) to h) is collected and stored by Signicat for audit purposes only. The information in d) to h) is shared with your Provider.
Does the application collect precise real-time location information of the device?
This Application does not collect precise information about the location of your mobile device.
Do third parties see and/ or have access to information obtained by the application?
Third parties do not have access to information obtained by the Application.
What are my opt-out rights?
You may stop all collection of information by the Application by uninstalling the Application. You may use the standard uninstall processes that may be available on your mobile device or via the mobile application marketplace or network.
Data retention policy, managing your information
The Application will retain User Provided Information for as long as you have the Application installed on your device. If you would like us to delete User Provided Information that you have provided via the Application, please go to the “Settings” menu, choose “Remove all connections” and then uninstall the Application from your device. The Application will retain Automatically Collected Information for up to one year, even when you uninstall the Application. After one year, the Application may store Automatically Collected Information in an aggregated form. If you would like us to delete Automatically Collected Information, please contact us via email at privacy@signicat.com. You also you need to contact your Provider and request deletion of Automatically Collected Information.
Children
We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at privacy@signicat.com. We will delete such information from our records within a reasonable timeframe.
Security
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need access to the information in question in order to operate, develop, or improve our Application. Please be aware that, although we endeavor to provide reasonable security for the information we process and maintain, no security system can prevent all potential security breaches.
Changes
This Privacy Statement may be updated from time to time for any reason. You can find the latest Privacy Statement at this address: https://www.signicat.com/about/signicat-mobileid-privacy-statement You are advised to consult this Privacy Statement regularly for any changes, as continued use is deemed approval of all changes.
Your consent
By using the Application, you are consenting to our processing of your information as set forth in this Privacy Statement now and as amended by us. “Processing” means using cookies on a computer/ handheld device or using or altering information in any way, including, but not limited to, collecting, storing, deleting, using, combining, and disclosing information. All of these activities will take place in Norway.
Contact us
If you have any questions regarding privacy while using the Application or have questions about our practices, please contact us via email at privacy@signicat.com.