Data Security

IDnow Employees

Our identity experts are in direct contact with your end customers. They verify personal information, identity documents and process the recordings. That’s why we select our identity experts with the utmost care.

Our experts initially undergo an application process consisting of several stages and they must submit their police clearance certificate, as well as their Schufa credit report. They then receive intensive training from our trainers. In doing so, we use a training concept that we devised jointly with the State Criminal Police Office of Hessen. We hold training courses not only at the start, but regularly and on special occasions.

Specific Security Regulations

In order to comply with security standards, we have adopted the following specific measures:

  1. All of our ident centers used for remote identification have two-factor access control and also video surveillance.
  2. The IDnow system is a software system that has been fully developed and programmed by us in-house. Within the framework of the IDnow solution, we do not use any video chat software such as Skype. We run the system on our servers located in Germany. Security is also our maxim in the technical environment. From the outset, our system fulfils the required end-to-end encryption, as well as the requirements TR-02102.
  3. Pursuant to Art. 32 GDPR, measures are adopted which are suitable for protecting the data processing system against unauthorized access.
  4. Only system administrators can access the server systems and access always takes place using encrypted connections (SSH + IPsec). All accesses are personalized and secured by passwords and + 2-Factor Authentication (TOTP). Minimum requirements are set for passwords with regard to complexity, repetitions, etc..
  5. Pursuant to Art. 32 GDPR, measures are adopted which are suitable for guaranteeing that personal information cannot be exposed to unauthorized reading, copying, modification or removal during its electronic transmission or storage on data carriers.
  6. Pursuant to Art. 32 GDPR, measures are adopted which are suitable for guaranteeing that personal information is protected against accidental destruction or loss.

Data Storage

By default, we store personal information for 90 days. We can adapt this period to your requirements. After this period has expired, the data is completely deleted.

The agreement on the processing of the commissioned personal information in compliance with data protection legislation pursuant to Art. 28 of the GDPR forms an integral part of every customer contract

Details on Privacy

Questions?

Let's talk!
Play