Signicat Connect Privacy Statement

At Signicat, we value your privacy. The main section of this privacy statement describes which personal data Signicat collects from you, how Signicat processes such personal data, and why Signicat collects the personal data in connection with Signicat's provision of products. 

Signicat is an electronic identity services provider who enables connection and interaction between organizations and their customers through verified digital identities. Signicat is a private company registered in Norway with organization number 989 584 022 and its registered main office located at Gryta 2A, 7010 Trondheim Norway. Please direct any questions or requests to privacy@signicat.com or the channels provided for at www.signicat.com.

Please refer to the product-specific descriptions below that set out any deviations from these main principles or for further details on our processing or collection of personal data for each product.

Please note that Signicat acts as a processor for most of the personal data we process, whereas Signicat's customer is the controller. Signicat has signed data processing agreements with customers acting as controllers to secure your privacy. In cases where you, as an end user, have questions about how personal data is processed, the controller must be contacted. 

Signicat Connect

Signicat Connect family of products consists of the following products: Signicat MobileID In-App, MobileID App, SCID (SignicatID), SMS OTP, Email OTP and Password.

In all Connect products, Signicat act as a data processor on behalf of our customer (company). End users are managed by the merchant company that acts as a data controller. When an authentication transaction is performed, logs are created for different purposes and with different retention times. For a Connect authentication, logs are never kept more than 12 months before they are permanently deleted.

Purpose and processing

The controllers and responsible entities for such content are Signicat's respective customers. As the data processor, Signicat signs a data processor agreement with the client as data controller. The data processor agreement establishes the frameworks for Signicat's personal data processing activities. The specific security measures and deletion deadline for processing will be established in each individual data processor agreement.

The purpose of Signicat Connect is to authenticate users by either using public eID schemes or by using Signicat in-house built authentication methods. The following personal information will be processed for end users of the controller:

  • Person name
  • National ID
  • Email address
  • Mobile phone number
  • Date of birth
  • Physical address
  • IP address
  • Client meta information
  • Digital certificate number
  • Nationality
  • Sex
  • Age
  • Personal ID
  • Device ID
  • Role
  • Employer
  • Position
  • Device type
  • User ID
  • User agent
  • User pattern
  • User name

3rd party eID providers offer different sets of end users data and the subject list above will differ somewhat between eID vendors provided data.

Get in touch

Want to talk to us about what we do, or need some additional information? Don’t hesitate to get in touch.