ReadID Ready is an application for mobile identity document verification. By reading the NFC chip in your identity document, ReadID Ready can verify this is an authentic identity document and extract the personal data from the chip. In some cases the identity document verification is followed by facial matching: by comparing a selfie with the face image from the identity document you can prove you are the rightful holder of the document.
Who are we?
ReadID Ready is provided by InnoValor Software BV, or InnoValor for short. See readid.com for more information on our company. InnoValor provides identity document verification on behalf of its customers. InnoValor is the Data Processor, our customer is the Controller.
What personal information is processed?
We need to process the personal data that is on the RFID Chip within your electronic identity document. This includes, but is not limited to:
- Data about you: your surname and given name, date of birth, gender, nationality and face image
- Data about your identity document: the document number, the country that issued the document, and the date of expiry
For security reasons, we need to process your personal data on our servers for a short period of time. How long is determined by the Controller, but this is never longer than 50 days. After this period, InnoValor will no longer have a copy of your personal data, but the Controller may store your personal data for a longer period.
None of the information that is scanned or read from the chip, is stored in the application or on your phone. As soon as you close the app, the information is deleted from your phone.
What sub-processors are involved?
In case a facial matching takes place, then a sub-processor does this. This is iProov Limited (UK).
InnoValor Software BV uses InnoValor BV as a sub-processor, this is an affiliate company. In addition, AWS and/or Azure are used as public cloud providers and are therefore also sub-processors. All processing takes place inside the European Economic Area.
Since we verify your identity document on behalf of the Controller, we transfer your personal data to this company. What information exactly is determined by this organization, and this will depend on why they need to verify your identity document. Please refer to their privacy policies for information on how your personal data is handled by them.
What non-personal information in collected and why?
The ReadID Ready application, including the underlying ReadID software, are constantly improved. To do so, we need to collect the app's usage information. This usage information does not contain personal information. Moreover, InnoValor cannot directly or indirectly relate the usage information to a specific person. Usage information will only be used for improving the quality of software and not for other purposes. InnoValor will only retain the information for as long as is necessary to fulfill the specified purpose.
InnoValor collects the following usage information:
- Phone details, including phone type, Android version, memory size. We do not collect information that is unique for a certain phone.
- What type of identity document was scanned and read: was the scan successful, was the chip read successfully, what country issued the identity document, the document signing certificate as stored on the chip and the date of expiry. We collect the date of expiry since this allows us to determine the version of the scanned identity document.
- Usability information: how long the different steps take, if a user managed to go through all steps and usage frequency.
InnoValor uses servers under its own control as well as Google's Android Analytics to collect usage information.
Is my data secure?
InnoValor and all her sub-processors are ISO27001 certified, which means that an independent auditor checked that we have appropriate security measures. Of course, we comply to relevant legislation, including GDPR.
More information, complaints and right?
Since our customer is the Controller, we refer you there for more information on why we process you personal information, or if you'd like to invoke your rights, such as the right to be forgotten. You can also contact the Privacy Authority in your country.
InnoValor has a Data Privacy Officer, who can be contacted via firstname.lastname@example.org.
Changes in this privacy statement
This privacy statement may change from time to time.