Signicat is an electronic identity services provider who enables connection and interaction between organizations and their customers through verified digital identities. Signicat is a private company registered in Norway with organization number 989 584 022 and its registered main office at Gryta 2A, 7010 Trondheim Norway. Please direct any questions or requests to email@example.com or the channels provided for at www.signicat.com.
Please refer to the product-specific descriptions below that sets out any deviations from these main principles or further details on our processing or collection of personal data for each product.
Please note that Signicat acts as a processor for most of the personal data we process, whereas Signicat's customer is the controller. Signicat has entered into data processing agreements with all such customers that secures your privacy. In cases where you as an end user have questions about processing personal data, the controller must be contacted.
This privacy statement only describes the collection and processing of personal data that Signicat is the controller for, meaning the personal data that Signicat determine why and how we process. The description of the processing of personal data for which Signicat's customers acts as controller can be found in their respective privacy policies.
Signicat Connect family of products consists of the following products: Signicat MobileID In-App, MobileID App, SCID (SignicatID), SMS OTP, Email OTP and Password.
In all Connect products, Signicat act as a data processor on behalf of our customer (company). End users are managed by the merchant company that acts as a data controller. Signicat does not store any user data permanently except audit logs necessary to comply with regulations.
The controllers and responsible entities for such content are Signicat's respective customers. As the data processor, Signicat signs a data processor agreement with the client as data controller. The data processor agreement establishes the frameworks for Signicat`s personal data processing activities. The specific security measures and deletion deadline for processing will be established in each individual data processor agreement.
The purpose of Signicat Connect is to authenticate users by either using public eID schemes or by using Signicat in-house built authentication methods. The following personal information will be processed for end users of the controller:
3rd party eID providers offer different sets of end users data and the subject list above will differ somewhat between eID vendors provided data.
The Application offers a simple way to use strong two-factor authentication and works with service providers or merchants (“Providers”) that have chosen to enable the Application for their users. When you log into your Provider, the MobileID app will automatically be started. Depending on your Provider’s security requirements, you will only have to provide a fingerprint or facial image on the mobile device to authenticate. No password is needed. Through the MobileID Application, Providers can leverage fingerprint and facial recognition technology to provide the best user experience currently available, while still maintaining the security needed to perform transactions and other sensitive actions.
When you register the Application with a Provider, you will have to use
a. PIN code
c. facial image
depending on user preferences and device capabilities. None of the User Provided information in (a), (b), or (c) leaves the device that the Application is installed on. Biometric information provided by the user in the optional steps (b) and (c) is handled by the device’s operating system and the Application does not receive, store, or process any of this data in whole or in part. None of the information in a), b) or c) can be viewed or accessed by your Provider.
The Application collects certain information automatically. Here is a complete list of all data collected in the Application automatically.
a. The IP address of your mobile device.
b. The type and version of Internet browser that your device uses.
c. Risk attributes related to the integrity of your device.
d. The unique device ID created by the Application for your device.
e. The manufacturer of the device that you use.
f. The model of the device that you use.
g. The Operating System (OS) of your device.
h. The version of the Operating System (OS) of your device.
The information in a) to h) is collected and stored by Signicat for audit purposes only. The information in d) to h) is shared with your Provider.
This Application does not collect precise information about the location of your mobile device.
Third parties do not have access to information obtained by the Application.
You may stop all collection of information by the Application by uninstalling the Application. You may use the standard uninstall processes that may be available on your mobile device or via the mobile application marketplace or network.
The Application will retain User Provided Information for as long as you have the Application installed on your device. If you would like us to delete User Provided Information that you have provided via the Application, please go to the “Settings” menu, choose “Remove all connections” and then uninstall the Application from your device. The Application will retain Automatically Collected Information for up to one year, even when you uninstall the Application. After one year, the Application may store Automatically Collected Information in an aggregated form. If you would like us to delete Automatically Collected Information, please contact us via email at firstname.lastname@example.org. You also you need to contact your Provider and request deletion of Automatically Collected Information.
We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at email@example.com. We will delete such information from our records within a reasonable timeframe.
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need access to the information in question in order to operate, develop, or improve our Application. Please be aware that, although we endeavor to provide reasonable security for the information we process and maintain, no security system can prevent all potential security breaches.
If you have any questions regarding privacy while using the Application or have questions about our practices, please contact us via email at firstname.lastname@example.org.