Signicat Connect Privacy Statement

At Signicat, we value your privacy. The main section of this privacy statement describes which personal data Signicat collects from you, how Signicat process such personal data, and why Signicat collects the personal data in connection with Signicat's provision of products.

Signicat is an electronic identity services provider who enables connection and interaction between organizations and their customers through verified digital identities. Signicat is a private company registered in Norway with organization number 989 584 022 and its registered main office at Gryta 2A, 7010 Trondheim Norway. Please direct any questions or requests to privacy@signicat.com or the channels provided for at www.signicat.com.

Please refer to the product-specific descriptions below that sets out any deviations from these main principles or further details on our processing or collection of personal data for each product.

Please note that Signicat acts as a processor for most of the personal data we process, whereas Signicat's customer is the controller. Signicat has entered into data processing agreements with all such customers that secures your privacy. In cases where you as an end user have questions about processing personal data, the controller must be contacted.

This privacy statement only describes the collection and processing of personal data that Signicat is the controller for, meaning the personal data that Signicat determine why and how we process. The description of the processing of personal data for which Signicat's customers acts as controller can be found in their respective privacy policies.

 

Signicat Connect

Signicat Connect family of products consists of the following products: Signicat MobileID In-App, MobileID App, SCID (SignicatID), SMS OTP, Email OTP and Password. 

In all Connect products, Signicat act as a data processor on behalf of our customer (company). End users are managed by the merchant company that acts as a data controller. Signicat does not store any user data permanently except audit logs necessary to comply with regulations. 

 

Purpose and processing

The controllers and responsible entities for such content are Signicat's respective customers. As the data processor, Signicat signs a data processor agreement with the client as data controller. The data processor agreement establishes the frameworks for Signicat`s personal data processing activities. The specific security measures and deletion deadline for processing will be established in each individual data processor agreement.

The purpose of Signicat Connect is to authenticate users by either using public eID schemes or by using Signicat in-house built authentication methods. The following personal information will be processed for end users of the controller:

  • Person name
  • National ID
  • Email address
  • Mobile phone number
  • Date of birth
  • Physical address
  • IP address
  • Client meta information
  • Digital certificate number
  • Nationality
  • Sex
  • Age
  • Personal ID
  • Device ID
  • Role
  • Employer
  • Position
  • Device type
  • User ID
  • User agent
  • User pattern
  • User name

3rd party eID providers offer different sets of end users data and the subject list above will differ somewhat between eID vendors provided data.

 

Signicat MobileID

Application Description

The Application offers a simple way to use strong two-factor authentication and works with service providers or merchants (“Providers”) that have chosen to enable the Application for their users. When you log into your Provider, the MobileID app will automatically be started. Depending on your Provider’s security requirements, you will only have to provide a fingerprint or facial image on the mobile device to authenticate. No password is needed. Through the MobileID Application, Providers can leverage fingerprint and facial recognition technology to provide the best user experience currently available, while still maintaining the security needed to perform transactions and other sensitive actions.

 

What information does the Application obtain and how is it used?

User provided information

When you register the Application with a Provider, you will have to use
a. PIN code

and optionally,

b. fingerprint
c. facial image

depending on user preferences and device capabilities. None of the User Provided information in (a), (b), or (c) leaves the device that the Application is installed on. Biometric information provided by the user in the optional steps (b) and (c) is handled by the device’s operating system and the Application does not receive, store, or process any of this data in whole or in part. None of the information in a), b) or c) can be viewed or accessed by your Provider.

Automatically collected information

The Application collects certain information automatically. Here is a complete list of all data collected in the Application automatically.

a. The IP address of your mobile device.
b. The type and version of Internet browser that your device uses.
c. Risk attributes related to the integrity of your device.
d. The unique device ID created by the Application for your device.
e. The manufacturer of the device that you use.
f. The model of the device that you use.
g. The Operating System (OS) of your device.
h. The version of the Operating System (OS) of your device.

The information in a) to h) is collected and stored by Signicat for audit purposes only. The information in d) to h) is shared with your Provider.

Does the application collect precise real-time location information of the device?

This Application does not collect precise information about the location of your mobile device.

Do third parties see and/ or have access to information obtained by the application?

Third parties do not have access to information obtained by the Application.

What are my opt-out rights?

You may stop all collection of information by the Application by uninstalling the Application. You may use the standard uninstall processes that may be available on your mobile device or via the mobile application marketplace or network.

Data retention policy, managing your information

The Application will retain User Provided Information for as long as you have the Application installed on your device. If you would like us to delete User Provided Information that you have provided via the Application, please go to the “Settings” menu, choose “Remove all connections” and then uninstall the Application from your device. The Application will retain Automatically Collected Information for up to one year, even when you uninstall the Application. After one year, the Application may store Automatically Collected Information in an aggregated form. If you would like us to delete Automatically Collected Information, please contact us via email at privacy@signicat.com. You also you need to contact your Provider and request deletion of Automatically Collected Information.

Children

We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at privacy@signicat.com. We will delete such information from our records within a reasonable timeframe.

Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need access to the information in question in order to operate, develop, or improve our Application. Please be aware that, although we endeavor to provide reasonable security for the information we process and maintain, no security system can prevent all potential security breaches.

Changes

This Privacy Policy may be updated from time to time for any reason. You can find the latest Privacy Policy at this address: https://www.signicat.com/products/mobileid/privacy/. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

Your consent

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. “Processing” means using cookies on a computer/ handheld device or using or altering information in any way, including, but not limited to, collecting, storing, deleting, using, combining, and disclosing information. All of these activities will take place in Norway.

Contact us

If you have any questions regarding privacy while using the Application or have questions about our practices, please contact us via email at privacy@signicat.com.

Get in touch

Want to talk to us about what we do, or need some additional information? Don’t hesitate to get in touch.