Data protection declaration for the websites and mobile apps of IDnow GmbH
1. Collection, processing and use of personal information
IDnow GmbH offers a service for verifying identity documents (in particular passports, ID cards, driving licences) and matching these to an individual. IDnow provides this service to its customers, including banks, financial institutions, insurance companies, online platforms, car sharing providers, car rental providers and operators of entertainment platforms (“Partners”) in order to meet legal requirements (e.g. money laundering legislation, road traffic legislation) or to provide assurances of the identity of the end user. IDnow acts either as a contract data processor in accordance with §11 of the German Federal Data Protection Act (BDSG) on the instructions of the customer or is itself the responsible body.
a. Verification process
The end user of the services uses a technical end device (e.g. his or her PC, tablet or Smartphone) in order to record an image of the identity document and, if applicable, of themselves with a camera in the course of a video chat or with photographs. A description of the steps and associated data processing of the verification process follows: The user is generally informed about the IDnow verification service by the partner. In order to perform the verification service, IDnow normally requires end-user data such as first and last names, date and place of birth, mobile phone number, email address and postal address of the user. Either the partner or the end-user will enter this data on the web page or in the IDnow app. During the verification process photographs and/or video recordings of the identity document are created in order to match the previously received end-user data with the data on the identity document. The data recorded by IDnow will vary depending on the type of identity document and the specific situation of the customer. For passports and ID cards, the first and last names, place and date of birth in particular are recorded. For verification in order to comply with the Money Laundering Act Geldwäschegesetz), the issuing authority, ID number, nationality, and for ID cards, the address of the user, will also be recorded. For driving licences, the first and last name, date of issue, driving licence classes and date of birth are recorded. IDnow stores the photographs and video recordings of the ID documents together with the end user data. As a second stage, depending on the partner configuration of the IDnow software, a photograph or video recording is made of the face of the end user. The photographs are taken either by the user or an IDnow staff member. To identify individuals in accordance with the Money Laundering Act (Geldwäschegesetz), the data is collected during a video chat. To do this, the user IP address is transmitted to TokBox Inc., which then sets up the video connection between the end user and the IDnow network. The conversation between the user and IDnow staff is also recorded acoustically. The exact sequence of the verification process is described in detail in the IDnow terms and conditions.
b. Consent, storage and deletion
All the data collected by IDnow is used solely for the purposes of verifying identity documents and/or identifying the user. Before each verification process, the end-user is informed by IDnow or the partner about the data to be collected by IDnow and transmitted to the partner. This information can be found in the applicable IDnow terms and conditions of business or in the terms and conditions and business and data protection declaration of the partner. Processing of your personal data beyond the purpose for which the legal permission is granted will only be carried out with the explicit consent of the user. The data is transmitted to the partner and will be deleted on the IDnow servers after 90 days at the latest, unless the partner has previously issued a deletion request. On the basis of statutory retention periods (e.g. in the context of the Money Laundering Act), the data can be stored by the partner for the duration of the business relationship between the partner and end-user and for up to five years after its termination.
2. Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses what are known as “cookies”, text files which are stored on your computer and enable your use of the website to be analysed. The information gathered by the cookie about your use of this website is generally transmitted to a server in the US and stored there. If IP anonymisation is activated on this website, however, your IP address will be stored by Google in shortened form within Member States of the European Union or in other States that are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports on website activity and provide the website operator with other services related to website usage and Internet activity. The IP address transferred by your browser through the use of Google Analytics will not be merged with any other data held by Google. You can prevent the storage of these cookies by selecting the appropriate settings in your browser software. However, please be advised that by doing so you may be unable to fully use some features of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) being passed to Google and the processing of these data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. In view of the debate regarding the use of analytics tools with full IP addresses, we would like to point out this website uses Google Analytics with the “_anonymizeIp ()” extension which ensures that IP addresses are only processed in a truncated form and exclude direct personal reference. Specially designed for browsers on mobile devices: please click on this link to prevent future anonymised collection by Google Analytics on this website for your browser by means of a so-called “opt-out cookie”.
3. Google AdWords Conversion Tracking
4. Use of own “cookies”
5. Further information and contacts
Please contact us if you have any questions about this data protection declaration. The contact address can be found at: https://www.idnow.io/impressum/. You can always check whether and which of your data we have stored. You can also send us information, deletion and correction requests as well as suggestions by email or letter to: https://www.idnow.io/company/contact/.