This is the LoginID Privacy Statement for consumer, customer,
supplier and business partner data, where this information relates
to an individual. This Privacy Statement provides information on the
processing of personal data by LoginID, hereafter LoginID, we or us.
In this Privacy Statement we describe who we are, how and for which
purposes we process your personal data, how you can exercise your
privacy rights and all other information that may be relevant to
you.
We did our best to provide you with all information in a clear and
readable format. However, if you have any questions about our use of
your personal data after reading this Privacy Statement, you can of
course always contact us through the contact details provided below.
This Privacy Statement may be changed over time. The most up-to-date
Privacy Statement is published on our website. This Privacy
Statement applies from September 1, 2020. The last modifications to
this Privacy Statement were made on September 1, 2020.
2. WHEN DOES THIS PRIVACY STATEMENT APPLY?
This Privacy Statement is applicable to the processing by LoginID of
all personal data of business clients and their end-users. LoginID’s
Business Clients are our affiliated partners (merchants,
applications, and websites), resellers, and agents that have
integrated with the LoginID service. This Privacy Statement does not
address the processing of personal data of applicants or employees
in the context of their employment relationship with LoginID.
It is LoginID ’s policy to comply with the privacy legislation
within each jurisdiction in which we operate. Sometimes the privacy
legislation and/or an individual’s right to privacy are different
from one jurisdiction to another. This Privacy Policy has a limited
scope and application. Consequently, the rights and obligations
contained in this Privacy Policy may not be available to all
individuals or in all jurisdictions. If you are unsure if or how
this Privacy Policy applies to you, please contact our Privacy
Officer for more information.
3. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
LoginID is either a data controller or a data processor for the
processing of all personal data that fall within the scope of this
Privacy Statement. More information on what our specific data
protection role is in relation to our processing activities can be
found below, under Section 4 “For which purposes do we process your
personal 2 data?”. This Privacy Statement provides information on
what personal data are collected and used (processed) by LoginID and
for what purpose, and to which persons or entities the data will or
may be provided. LoginID will not share your personal data with
external parties, unless specifically requested by the responsible
business client or the data subject, or otherwise to comply with a
legal obligation.
4. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
4.1 When you make use of the LoginID service
When you use the LoginID service, whether as a developer or as an
end-user of one of our business clients, we will process your
personal data. Through our authentication process, we process your
personal data to create your credentials, so that you can always
authenticate yourself on the LoginID service. Once verified, we
store and manage your personal data so that it is secure and readily
accessible, and retrieved at your request or at request of our
business clients.
When you use the LoginID service, whether as a developer or as an
end-user of one of our business clients, we will process your
personal data. Through our authentication process, we process your
personal data to create your credentials, so that you can always
authenticate yourself on the LoginID service. Once verified, we
store and manage your personal data so that it is secure and readily
accessible, and retrieved at your request or at request of our
business clients. As part of our continuing efforts to manage and
maintain our business operations including investigating and
resolving incidents, and securing the integrity of the LoginID
service, we may monitor, and log the interactions of developers and
administrators.
(a) Client device verification and authentication
In order for you to use the LoginID service, we process your
personal data to verify your device. The one-time verification
process creates the credentials through which you and our customers
authenticate themselves when using the platform(s) and/or service(s)
of our business clients who have integrated with the LoginID
service. For these processing activities, our business clients are
the data controller and LoginID is the data processor.
Client device verification and authentication relies on Strong
Customer Authentication (SCA), based on the FIDO protocols, which
uses standard public key cryptography technologies to provide
stronger and more effective authentication. When using the LoginID
service for the first time, we need you to register your device with
the online service that you want to log in to and unlock the FIDO
authenticator by presenting your local device with a biometric (such
as your fingerprint, facial recognition, or iris scanning). The
device will create a public/private key pair that is unique to (i)
your device, (ii) the business client’s online service and (iii)
your account (with that service). The public key is stored with
LoginID while your private key (including any biometric information)
never leaves your device.
For these purposes, we process your username, e-mail address,
IP-address and FIDO public key. For administrators and developers of
our business clients, LoginID processes the same categories of
personal data in addition to e-mail address and country of business.
The legal basis for this processing activity is the performance of a
contract.
(b) Data management, storage, and collection
We manage and store your personal data on behalf of and according to
the instructions of our business clients. LoginID ensures that your
personal data is both accessible, reliable, and can be retrieved at
your request or at request of our business clients.
For these purposes, we process the personal data provided to us by
you and those personal data provided by our business clients. This
processing is limited to your username, e-mail address, IP-address,
and FIDO public key.
The legal basis for this processing activity is the performance of a
contract.
(c) Monitoring and logging
To ensure the security of your personal data and compliance the
Terms and Conditions of our service, we monitor the behaviour of
developers and administrators of our partnered business clients. The
log data that we collect works as a forensic trail and allows us to
respond to incidents quickly and resolve them effectively. This
processing activity allows us to monitor administrator interactions
around dashboard-related activities.
For this purpose, we may process personal data such as the
administrator username, activity timestamp, user roles, and
generated errors (if any). The legal basis for this processing
activity is our legitimate interest.
(d) To manage, maintain and develop the LoginID service and business
operations
We process your personal data in order to assess, analyse and
improve the LoginID service. We use aggregated personal data to
analyse how users interact with the service and the features it
provides, so that we may adjust and improve our products and
services accordingly. By analysing this aggregated personal data, we
can calculate certain values such as the percentage of end-users
authenticating themselves with biometrics versus username and
password, or the percentage of end-users use their desktop versus
device.
For this purpose, we may process personal data such as IP-address,
particular authentication factors used (such as SMS, biometric,
username and password), browser, device information, and geolocation
of your network.
The legal basis for this processing activity is legitimate interest.
4.2 When you interact with LoginID (online or offline)
If you get in touch with us via info@loginid.io on the LoginID
website, we will use your personal data in order to reply to and
answer your question. For this purpose, we process your name,
contact details, your correspondence with us your question and all
other personal data which are necessary to answer your question.
We are active on social media platforms like LinkedIn and Telegram.
When you contact us through these channels, we will assume your
consent to the collection, use and disclosure of your personal
information for the purposes related to answering your questions and
responding to your messages. We process your personal data
accordingly, including your (user)name, email address, and the
personal data you have included in your message.
The legal basis for this processing activity is consent.
4.3 For the management and improvement of our internal business
operations
LoginID collects personal information to enable us to manage,
maintain and develop our business and operations, including:
● to establish, maintain and manage our relationship with you so
that we may provide you with, or receive from you, the products and
services that have been requested (for example, we will use your
personal information to establish your identity and credentials so
that we may provide you with the products and services that you have
requested);
● to review the products and services that we provide to you so that
we may understand your requirements for our products and services
and so that we may work to improve our products and services;
● to review the products and services that we obtain from you so
that we may work with you and so that you may understand our
requirements for such products and services;
● to comply with your requests (for example, if you prefer to be
contacted at a business or residential telephone number and advise
us of your preference, we will use this information to contact you
at that number);
● to protect us against error, fraud, theft and damage to our goods
and property;
● to enable us to undertake our environmental, health and safety
activities, including incident planning, response and investigation;
● and any other reasonable purpose to which you consent.
4.4 To comply with the law
In some cases, we process your personal data to comply with laws and
regulations. This could, for example, be the case where tax or
business conduct related obligations apply. In order to comply with
relevant laws and regulations, we may need to disclose your personal
data to government institutions or supervisory authorities.
The categories of personal data processed for this purpose depends
on the legal obligation and we will limit the processing of the
personal data to what is strictly necessary to comply with that
obligation.
5. Cookies
We also collect information through the use of cookies. Cookies are
small files of information which save and retrieve information about
your visit to this website – for example, how you entered our site,
how you navigated through the site, and what information was of
interest to you.
6. WHO HAS ACCESS TO YOUR PERSONAL DATA?
6.1 Access to your personal data within LoginID
As a global organisation, data we collect may be transferred
internationally throughout our worldwide organisation. Our employees
are authorised to access personal data only to the extent necessary
to serve the applicable purpose and to perform their jobs.
6.2 Access to your personal data by third parties
The following third parties might have access to your personal data
for the purpose of provisioning of their products or services to us:
● Amazon Web Services (AWS) – hosting and storage services
● Pipedrive – customer relationship management
● Mailchimp – integrated marketing platform for small businesses
● Google Analytics - statistics and analytics service
● Crisp - customer messaging platform
When third parties are given access to your personal data, we will
take the required contractual, technical and organisational measures
to ensure that your personal data are only processed to the extent
that such processing is necessary. The third parties will only
process your personal data in accordance with applicable law.
If your personal data are transferred to a recipient in a country
that does not provide an adequate level of protection for personal
data, we will take measures to ensure that your personal data are
adequately protected, such as entering into EU Standard Contractual
Clauses with these recipients.
In other cases, your personal data will not be supplied to third
parties, except where required by law.
6.3 The use of your personal data by data (sub-)processors
When a third party processes your personal data solely following
LoginID instructions, it acts as a data (sub-)processor. We enter
into an agreement with such a data processor for the processing of
personal data. In this agreement we include obligations to ensure
that your personal data are processed by the data processor solely
to provide services to us.
7. HOW ARE YOUR PERSONAL DATA SECURED?
LoginID has taken adequate safeguards to ensure the confidentiality
and security of your personal data. We have implemented appropriate
technical, physical and organisational measures to protect personal
data against accidental or unlawful destruction or accidental loss,
damage, alteration, unauthorised disclosure or access as well as all
other forms of unlawful processing (including, but not limited to,
unnecessary collection) or further processing. Examples are IT
security policies, staff training and secure servers.
8. HOW LONG ARE YOUR PERSONAL DATA RETAINED?
Your personal data will be removed or made anonymous when your
personal data is no longer necessary for the purposes for which
these personal data are processed. However, LoginID’s role as a
processor means that the applicable retention periods are determined
by our business clients.
9. HOW CAN YOU EXERCISE YOUR PRIVACY RIGHTS?
You have the right to request access to an overview of your personal
data, and, under certain conditions, rectification and/or erasure of
personal data. In addition, you may also have the right of
restriction of processing concerning your personal data, the right
to object to processing as well as the right to data portability.
To invoke your right of access, rectification, and/or erasure of
personal data, your right of restriction of processing, and/or your
right to object to processing as well as to invoke your right to
data portability please:
● If you are one of our clients’ end-users: please contact our
client directly.
● If you are one of our client developers or admins: please contact
us at privacy@loginid.io.
If you have given your consent to a certain purpose, you can
withdraw your consent at any time. Please keep in mind that
withdrawal does not have retrospective effect. You can contact us by
using the contact details at the bottom of this Privacy Statement.
10. DO YOU HAVE QUESTIONS OR COMPLAINTS?
If you have any further questions about the way we process your
personal data, please contact us at privacy@loginid.io.
Should you still be of the opinion that your request or complaint
was not handled satisfactorily by us, you have the right to lodge a
complaint with your local data
protection supervisory authority. Please contact your local data
protection supervisory authority through the contact details on
their website.