Privacy statement ReadID demo apps
Version: 03-sep-2020 (updated from 19-sep-2019 version with user analytics details)
InnoValor provides ReadID demo apps through the Play Store and the App Store, see https://play.google.com/store/apps/details?id=nl.innovalor.nfciddocshowcase. and https://apps.apple.com/nl/app/readid-nfc/id1463949991. We provide these apps free of charge to demonstrate and improve the underlying ReadID software. The publicly available apps run client-only, below we explain what this means for your privacy.
What personal information is processed and stored
InnoValor thus does not collect personal information. We do not know nor want to know who the users of our demo app are and whose identity documents are scanned.
The app however does need to process the personal information that is on the chip of the identity document, including privacy-sensitive information like name, date of birth, personal number and document number. In addition, the app scans via Optical Character Recognition technology (or alternatively via manual entry) the date of birth, date of expiry and document number, since these are needed to get access to the information on the chip. This is a security feature of the chip, to avoid unauthorized access to its contents.
The app processes this information locally on the smartphone, i.e., the app does not send personal information to a server for processing. The personal information that is processed is not stored on the smartphone.
What non-personal information is collected and why?
The demo app is for both demonstration purposes and for improving the underlying ReadID software. For the improvement we need to collect the app’s usage information as well as user analytics to collect anonymous usage information to help us to improve your user experience. This usage information does not contain personal information. Moreover, InnoValor cannot directly or indirectly relate the usage information to a specific person. Usage information will only be used for improving the quality of the app and not for other purposes. InnoValor will only retain the information for as long as is necessary to fulfil the specified purpose.
InnoValor collects the following usage information:
- Phone details, including phone type, Android version, iOS version, memory size. We do not collect information that is unique for a certain phone.
- What type of identity document was scanned and read: was the scan successful, was the chip read successfully, what country issued the identity document, the document signing certificate as stored on the chip and the date of expiry. We collect the date of expiry since this allows us to determine the version of the scanned identity document.
- Usability information: how long the different steps take, if a user managed to go through all steps and usage frequency.
InnoValor uses servers under its own control and user analytics data hosted by a third party (Matomo).
How is the personal information secured?
Since all the processing of personal information is done on the phone (client only), the confidentiality of this information depends on the security of the phone. The app uses encrypted network connections for the communication of usage information.
What information can be shared by the user?
The app provides two options to allow the user to share the read information. The Android app uses the built-in sharing feature of the mobile operating system, where explicit action from the user is needed and the user selects an external app (e.g. an email client) to share the information with. Typically, within the external app selected by the user for sharing, the user can see and redact the information before actually sending it off through the Internet. The iOS app does not have this option for sharing.
This first sharing option allows a user to share the photo and personal information details, e.g., emailing these to him or herself. InnoValor has implemented this feature due to popular demand from users. InnoValor recommends the user to use this feature with caution, since the information includes privacy-sensitive personal information such as name and personal number. Sharing this information on a social network is possible but InnoValor strongly discourages this.
The second sharing option allows users to share debug logging information with InnoValor. In case there is a technical issue sending this debug information can help us fix this issue. This log does not contain privacy-sensitive information, e.g., no personal number or name. In the Android app in the settings the logging of debug information can be switched on or off. In the iOS version this is always enabled. The user can inspect the exact log that is sent to InnoValor himself.
For some demo apps one or both of these options are not available.
Changes in this privacy statement
This privacy statement may change from time to time. If the changes are significant or reduce the rights of users, then InnoValor will provide a prominent notice.