How to protect your identity verification from deepfakes - with NFC Learn more
Using our App? Go here
ReadID Ready

Privacy Policy

Version: 8-1-2024 (update from 31-10-2023 because added subprocessors)  

ReadID Ready is an application for mobile identity document verification. By reading the NFC chip in your identity document, ReadID Ready can verify this is an authentic identity document and extract the personal data from the chip. In some cases, the identity document verification is followed by facial matching: by comparing a selfie with the face image from the identity document you can prove you are the rightful holder of the document. ReadID Ready can orchestrate with optical verification services as well. 

Who are we?

ReadID Ready is provided by Inverid BV. Visit our company page for more information on our company. Inverid provides identity document verification on behalf of the customer - the organisation that referred you here. Inverid is the data processor, and the customer is the controller (or represents the controller).

What personal information is processed?

We need to process the personal data that is on the chip within your electronic identity document. This includes, but is not limited to:

  • Data about you: your surname and given name, date of birth, gender, nationality and face image

  • Data about your identity document: the document number, the country that issued the document, and the date of expiry

For security reasons, we need to process your personal data on our servers for a short period of time. How long is determined by the customer, but this is never longer than 50 days. After this period, Inverid will no longer have a copy of your personal data, but the customer may store your personal data for a longer period.

None of the information that is scanned or read from the chip, is stored in the application or on your phone. As soon as you close the app, the information is deleted from your phone.

Since we verify your identity document on behalf of our customer, we transfer your personal data to this organisation. What information exactly is determined by this organisation, and this will depend on why they need to verify your identity document. We refer to their privacy policies for information on how your personal data is handled by the customer.

What sub-processors are involved?

Inverid is involved as a sub-processor. In addition, AWS and/or Azure (in the EU) are used as public cloud providers and are therefore also sub-processors.

In case a facial matching takes place, then a sub-processor does this. This is iProov Limited (UK). iProov uses AWS, Azure and Google Cloud Platform as public cloud providers, located in the Economic European Area or the UK.

If optical verification is included, Veriff or Onfido is a subprocessor as well.

What non-personal information is collected and why?

The ReadID Ready application, including the underlying ReadID software, is constantly improved. To gain insight into where improvements are possible, we need to collect the app's usage information. This usage information is anonymous and does not contain personal information. Thus Inverid cannot directly or indirectly relate the usage information to a specific person. Usage information will only be used for improving the quality of our software and not for any other purposes.

Inverid collects the following usage information:

  • Phone details, including phone type, Android/iOS version, and memory size. We do not collect information that is unique to a certain phone.

  • What type of identity document was scanned and read: was the scan successful, was the chip read successfully, what country issued the identity document, the document signing certificate as stored on the chip and the date of expiry. We collect the date of expiry since this allows us to determine the version of the scanned identity document.

  • Usability information: how long the different steps take, if a user managed to go through all steps and the usage frequency.

Inverid uses servers under its own control as well as Matomo Analytics to collect usage information.

Is my data secure?

Inverid and all its sub-processors are ISO27001 certified, which means that an independent auditor checked that we have appropriate security measures. Of course, we comply with relevant legislation, including GDPR.

More information, complaints and rights

Since the customer is the controller, we refer you to that organisation for more information on why we process your personal information, or if you would like to invoke your rights, such as the right to be forgotten. You can also contact the Privacy Authority in your country. Inverid has a Data Privacy Officer, who can be contacted via dpo@inverid.com

Changes in this privacy policy

We retain the right to change this privacy policy. Any change will be published on the Inverid website.

 
readid-olga

Want to know more about ReadID?

Feel free to contact us for additional information on ReadID and its use cases. 

We’ll reply within 1 day.