eHerkenning is similar to DigiD. Just like citizens can use DigiD to login with the government agencies, companies, entrepreneurs and professionals can do that with eHerkenning.

An eHerkenning tool is person-bound. It cannot be transferred to someone else, such as a colleague. As user of eHerkenning, you can be authorised by your supervisor to act on behalf of your company with your service providers. 1 or more authorisations are registered when applying for a tool.

€0.75

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

€9 ex VAT per year

Request EH1

€1.75

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

€21 ex VAT per year

Request EH2+

€3.00

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

With BSN check on Dutch ID document

€36 ex VAT per year

Request EH3 / Id3

€6.00

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

One time cost €17.50 for the face-to-face check

€72 ex VAT per year

Request EH3

€6.00

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

One time cost €17.50 for the face-to-face check

€72 ex VAT per year

Request EH4

Physical identification

An eHerkenning tool can be requested online. For an eHerkenning tool with assurance level 3 and 4, a face-to-face check is also required. This happens at our office or at the customer's location.

Government agencies and corporates work together in safely logging in on the internet. The newer way of logging in is called Idensys. In the future, various organisations will check whether Idensys works well. As private individual, you can use your Digidentity to log into Idensys in companies who are participating in the testing. Only you are able to use your Idensys login tool. No one else can use it.

Do you want to use Digidentity to use Idensys? This is very simple. The only things you need is a Dutch identity document and a smartphone. And did you create a Digidentity? You may use it as often as you want to. As proof that you are you.

The services you can use with Idensys require your Citizen Service Number (BSN in Dutch). For this reason you can only register with a Dutch identity document that contains your BSN. We only use your BSN when registering and do not store it.

Digidentity is a digital identity to simplify your online life and to make it more safe. Also in the United Kingdom. We worked with the British government on GOV.UK Verify. This is a new way to prove your identity online. You can use this to utilise various government services, such as viewing your driving licence or the submission of your tax return.

Registration for GOV.UK Verify is also rather simple with Digidentity. You will be set-up in no time with your identity document and your smartphone. Then you will have an online identity that you can use safely when dealing online with the authorities.

Signatures on contracts, employment agreements, purchase agreements, leases, living wills, tenders, policies, building plans and other documents no longer need to be entered on paper. These documents can be attested by a digital signature.

By means of eSGNG by Digidentity, it is possible to sign PDF documents digitally in a legally valid way. To do so, you can use our eSGNG app, or you can integrate the functionality into your own workflow.

Benefits

• Ease: The signatory can conduct his or her business fully digitally at any location and at any time. The signatory can simply sign on his or her mobile phone, laptop or desktop computer, or tablet. eSGNG allows for multiple signatories.
• Cost savings: Thanks to the digital signature, there will be no unnecessary costs for paper, administrative acts and mail.
• Time saving: Reduce operational costs and put an end to manual processes. This way, you will no longer need to send prompts or follow-up by phone: If a signatory still lingers over your contract, you can send them a fast reminder through eSGNG. This will save you time and bother.
• Safe: We fully comply with the latest security standards.
• Legal validity: The qualified digital signature is 100% legally valid and complies with the electronic signature requirements in conformity with eIDAS and article 3:15a of the Dutch Civil Code.
• Environmentally friendly: No paper, no mail.

What is an electronic or digital signature?

An electronic or digital signature is an electronic equivalent of a hand-written signature. An electronic signature consists of electronic data that are attached to a digital document. 

The purpose of an electronic or digital signature is to establish:

• the identity of the sender (authenticity and identification) and
• the invariability of the information sent (integrity).

The eSGNG app

You can download the eSGNG app on a tablet from the app store (and soon, it will also become available as a web application). Once you have signed in with your Digidentity account, you can start using eSGNG right away.

Integrating digital signatures into the workflow

Alternatively, you can choose to integrate digital signatures into the existing workflow of your company or organisation. Send, sign and share immediately from the applications that you are already using.

We provide a user-friendly integration of digital signatures into your own application. This may be a portal, a mobile app, document management system (DMS) or any other application in which documents need to be signed in a straightforward and legally valid way.

So:

• No separate application, but entering digital signatures directly from the trusted custom applications
• Signing larges volumes

Interested? Contact us for more information.

Legal validity

According to European and Dutch legislation, there are three types of electronic signatures:

• The ordinary electronic signature (which we call Basic) You can use an ordinary electronic signature to sign your insurance policy. Along with the fact that you pay the premium and that the insurer has your address details, this type offers sufficient reliability (and is thus legally valid).
• The advanced electronic signature (which we call Advanced) An advanced electronic signature is connected to the signatory in a unique way and enables identification of the signatory. This type of signature involves extra checks to verify that the signatory is the right person. This signature is used, for instance, for filing your tax return.
• The qualified electronic signature (which we call Qualified) A qualified electronic signature is a signature with a qualified certificate. Such a certificate is a digital file that has been attached to the original document. There are special authorities that issue these certificates, the so-called Trusted Service Providers (TSP’s) or certification service providers. Like Digidentity, for example. The Dutch government makes use of a certificate that is issued by Public Key Infrastructure (PKI)-Overheid. Agentschap Telecom monitors the certification service providers. Issuing this type of signature even involves a visual check (face to face) to verify that the person concern is who he/she says he/she is.

Out of the various types of electronic signatures, only the qualified electronic signature is legally equated with the hand-written signature under European law. Parties that claim that the signature is false will need to prove this themselves. This does not apply to the other types of electronic signatures: in case of a legal conflict, the signatory himself will need to prove that the signature is legally valid.

eIDAS and the dutch civil code

In 2016, a new European regulation came into force, officially named Regulation (EU) No. 910/2014 of the European Parliament and of the Council, of 23 July 2014, on electronic identification and trust services in the internal market and repealing Directive 1999/93/EC. Quite a mouth full, and in practice the new regulation is referred to as eIDAS. This complex act regulates a vast number of things, but among others, it aligns the use and the value of electronic signatures throughout the European Union. You can read more about eIDAS here

As a result of eIDAS, the Dutch Civil Code has been amended.

Certified by the government

With a PKIgovernment services certificate you will gain access to the digital window of the government via Standard Business Reporting (SBR). Fast, easy and reliable. With this certificate, you are recognised as reliable sender and you have a secure connection with the electronic mail box of the government.

Safe information exchange

Every company that is connected to Digipoort via a PKIgovernment services certificate can digitally exchange information with the government. That is very useful if your company, for example, regularly has to supply information to the government. A PKIgovernment services certificate ensures that the data is sent safely to the correct government organisations. But also the other way around: information of a government organisation is sent to the correct company.

Application for SBR

With SBR you can compile and supply digitally standardised financial reports. In order to use SBR, you require a PKIgovernment services certificate.

Request

You can gain access to Digipoort (SBR) via our Certificate Store in a few steps.

1. Create an account in the Certificate Store.
2. Register the subscribing organisation.
3. Register the contact person.
4. Register the certificate administrator.
5. Upload a CSR. How do I generate a CSR (Dutch)?
6. Ensure the physical check of the certificate administrator.
7. Request the certificate.

Normally within 2 weeks completed

Access to services via Digipoort such as tax authorities

Suitable for use within fiscal packages

Valid for 2 years

One time cost €125 for the face-to-face check (€25 at our office)

€350 ex VAT

Normal request

Secure your website

A PKIgovernment SSL certificate is used to protect your website.

Use the certificate

A PKIgovernment SSL certificate differs from a PKIgovernment services certificate. You cannot submit a tax certificate with it. For this reason, you do not need to specify a OIN number for a PKIgovernment SSL certificate. Further, both certificates are the same.

Request

With our Certificate Store you can request a PKIgovernment SSL certificate in a few easy steps.

1. Create an account in the Certificate Store.
2. Register the subscribing organisation.
3. Register the contact person.
4. Register the certificate administrator. We check them face-to-face.
5. Have the abovementioned steps been completed? Request a certificate via a CSR.

Within 2 weeks of your certificate (mean time application process, no guarantee)

To protect your website

Valid for 2 years

One time cost €125 for the face-to-face check (€25 at our office)

€350 ex VAT

Request

More information available in Dutch

Normally within 2 weeks completed

Personal digital signature

Valid for 3 years

One time cost €125 for the face-to-face check (€25 at our office)

€150 ex VAT

Request

Conditions

• General terms and conditions
• Privacy Policy
• Data Retention Policy

Forms

• Authorisation form certificate (Dutch)

Manuals

Download our manual to help you to create a CSR here. You require a CSR when applying for a certificate.

• Manual create CSR PKIgovernment SBR certificate on Windows (Dutch)
• Manual create CSR PKIgovernment SBR certificate on Mac (Dutch)
• Manual create CSR PKIgovernment SSL certificate on Windows (Dutch)
• Manual renew Digidentity PKI Certificate (Dutch)

Digidentity L4 Server CA G3 chain

Download the CA chain required here to generate a personal PKCS12 certificate if you are in possession of a G3 certificate.

• Download as PEM

Digidentity L4 Services CA G2 chain

Download the CA chain required here to generate a personal PKCS12 certificate if you are in possession of a G2 (issued before May 2018) certificate.

• Download as PEM

Roots and CRL

Download the roots and CRL certificates of Digidentity's CA here for your level 3 and 4 account.

Mobile App

You require our app for your Digidentity. From application to daily use. Download the free Digidentity app here.

Digidentity

by Digidentity

Free

Digidentity

by Digidentity BV

Free

Digidentity

by digidentity.eu

Free

Only usable for GOV.UK Verify.

Who is Digidentity?

You cannot go anywhere without your passport. Doors remain shut, borders closed. Unless you venture online. There you no longer require a spectrum of profiles. For example to send messages or to network. But how safe it that? Before you know it, you are leaving a trail of personal details that fraudsters will use to their benefit.

Digidentity offers internet users their own online identity. We value privacy above all else. We call it Privacy by design. That is our work, our mission. We are identity providers pur sang and have been doing this work since 2008.

What is Digidentity?

Privacy by design is in our DNA, woven into our fibres. You will trace this back to Digidentity: the name of our company and our product. Digidentity is your digital identity, to simplify your online life. That is why we say

Your own Digidentity, be verified.

What is your talent?

Do you also value your privacy on the internet? Do you like to work on high tech solutions for millions of internet users? Then Digidentity is the place for you. Discover how your talent can improve our team and view our vacancies.

Certified Trusted Service Provider

Digidentity is a certified Trusted Service Provider (TSP). As objective organisation, we provide commercial reliability with digital transactions. We do this with commercial and technical security services.

A TSP has technical and legally reliable resources for performing and facilitating electronic transactions, and for producing objective evidence in case of disputes.

Periodic audits

As neutral facilitator, it is important to us to control our processes. To guarantee this control, Digidentity is periodically audited according to the norms of ETSI EN 319 411-1, ETSI EN 319 411-2 and ISO 27001:2013.

For more information, read the general terms and conditions of Digidentity and the Certificate Practice Statements of PKIgovernment.

Highest safety standards

We comply with the strictest safety standards and are authorised to provide digital identities. The information that we send via the internet is secured on a very high level.

We are thus not only a Trusted Service Provider, but also a Certification Authority and hold a PKIgovernment certificate. Our organisation, systems and employees are periodically audited and found acceptable by BSI. This happens conform the CWA requirements.

Our certifications

BSI - ISO/IEC 27001:2013

Delivery of Identity Services, Digital Signing and Certificate Services by the processes Registration, Dessimination, Authorisation, Broker and Revocation Service, IT Operations and Development.

BSIGroup.com Certificate ISC 066

BSI - ETSI EN 319 411-1

Trust Service Providers issuing certificates; Part 1: General requirements

Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2.

BSIGroup.com Certificate ETS 043

BSI - ETSI EN 319 411-2

Trust Service Providers issuing certificates; Part 2: Requirements for Trust Service Providers issuing EU qualified certificates

Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2.

BSIGroup.com Certificate ETS 015

PKIgovernment

Public Key Infrastructure for the government, in short PKIgovernment, enable reliable communication. PKI certificates secure the information that persons and organisations send via internet on a high level of reliability.

Logius.nl

eHerkenning

We are officially recognised by the eHerkenning administration organisation, part of the minister of Economic Affairs, as eHerkenning broker. This means that we can offer services and solutions for the total playing field of eHerkenning, the successor of DigiD for companies.

eHerkenning.nl

Idensys

Login safely on the internet. This is very important when doing business with the municipality, the Tax department or a health care insurer online. This is also important when you shop or bank online. The government and enterprises thus work together to safely login on the internet. The new way of logging in is called Idensys.

idensys.nl

tScheme

tScheme is the independent, industry-led, self-regulating system set up to create strict assessment criteria based on which the Trust Services will be approved.

tScheme.org

eHerkenning

These terms and conditions are applicable to providing services in the framework of the Network for eHerkenning and the Authorisation register AuthorisationOnline.

• User requirements eHerkenning v1.9b
• General terms and conditions AuthorisationOnline v1.1

Certificates

Certificate Practice Statement

A Certification Practice Statement (CPS) states for which procedures and norms Digidentity issues and administers certificates.

• CPS Digidentity v1.2
• CPS Digidentity v1.1
• CPS Digidentity v1.0

• CPS for PvE Deel 3e v1.2

• CPS for Qualified Certificates and SSL v1.14
• CPS Digidentity PKIgovernment v1.13
• CPS Digidentity PKIgovernment v1.12
• CPS Digidentity PKIgovernment v1.11
• CPS Digidentity PKIgovernment v1.10
• CPS Digidentity PKIgovernment v1.9
• CPS Digidentity PKIgovernment v1.8
• CPS Digidentity PKIgovernment v1.7
• CPS Digidentity PKIgovernment v1.6
• CPS Digidentity PKIgovernment v1.5
• CPS Digidentity PKIgovernment v1.4.1
• CPS Digidentity PKIgovernment v1.3
• CPS Digidentity PKIgovernment v1.2
• CPS Digidentity PKIgovernment v1.1
• CPS Digidentity PKIgovernment v1.0

PKI Disclosure Statement (PDS)

A PKI Disclosure Statement (PDS) is the document in which Digidentity summarises the CPS.

• PDS Digidentity PKIgovernment v1.3
• PDS Digidentity PKIgovernment v1.2
• PDS Digidentity PKIgovernment v1.1
• PDS Digidentity PKIgovernment v1.0

Regulations

Which national and European regulations are applicable to products and services of Digidentity?

• Act on electronic signatures
• Decree on electronic signatures
• Regulation on electronic signatures
• Directive 1999/93/EC of the European Parliament and the Council

1. About us

   1. Digidentity BV is a registered company in the Netherlands, with company number 27322631, situated at Waldorpstraat 17 P (2521 CA) in The Hague, the Netherlands.
   2. If you have any questions about the identity service, you can consult our website (www.digidentity.eu/en) or contact the Service Desk via phone (+44‐330 60 60 732) or e‐mail (helpdesk@digidentity.co.uk).

2. Contract and Scope of Application

   1. You agree to these terms and conditions by applying for an identity account via Digidentity. The terms and conditions will continue to apply whether or not the verification of your identity is successful.
   2. The present terms and conditions exclude any other terms and conditions. The present terms and conditions will apply to all aspects of the relationship and the contract between you and Digidentity, unless Digidentity has otherwise expressly agreed to in writing. Unconditional acceptance and agreement of these terms and conditions is implied.
   3. Digidentity reserves the right to modify the terms and conditions at all times. The modified terms and conditions will apply as soon as Digidentity has published them on the website. Digidentity will inform you of any changes via notifications on the website and/or by notifications in your identity account.
   4. If you are not in agreement with any modified or revised Digidentity terms and conditions, you can no longer use the Digidentity Identity Services. In that case, please clicking the "delete" button in your identity account.

3. The Identity Service

   1. Once you apply for an identity account, the process of verification will begin immediately. This process includes the validation of documents and data that you and other sources have provided. If the completed verification process results in a confirmation and/or validation, the fully verified identity account will be provided. The decision to grant an identity account remains exclusively with Digidentity at all times.
   2. If Digidentity grants you an identity account, you can log in using a free mobile/tablet app. Your login details are strictly personal and confidential. Sharing this information with any other person or entity is not permitted. You must take all reasonable measures to prevent the abuse, misuse, theft, or loss of your login details.
   3. Digidentity will store documentation and information that you and other sources have provided for the verification of identity. Digidentity will store this information in accordance with appropriate data protection laws as set out in our privacy policy. After Digidentity has issued a fully verified identity account, and provided the means to access personal identity accounts, Digidentity will need to re‐validate your existing information/data via the relevant issuing authorities from time to time. This is necessary to ensure that Digidentity have the most up‐to‐date data available for the purposes of identity verification.

4. Termination

   1. You may deactivate identity accounts at any time by using the "deactivation" button in your identity account. A 30-day 'cool-off' period is required, as set out in our privacy notice. If you wish to reactivate your account, you can log back in within 30 days after requesting deactivation. If you have not reactivated your account within those 30 days, you will no longer be able to use the account. Relevant records will be kept for the purposes of auditing, in accordance with appropriate laws.
   2. Digidentity reserves the right to deactivate accounts with immediate effect if there is any reason to believe or suspect that the verification and/or validation provided is no longer correct, or has been faulty, false or fraudulent as set out in the privacy policy. If you want to continue using an identity account, you will need to apply for a new account. Digidentity will refer any fraudulent activity to the relevant authorities. On behalf of the Identity service, we may also report any suspicious activities to any relevant body or appropriate authority.
   3. Digidentity reserves the right to deactivate accounts with immediate effect if it considers communications from a user to Digidentity employees to be harassing, threatening, abusive. As far as Digidentity is concerned, this makes it impossible to provide reasonable services in support of applications for identity verification. Digidentity will report any continuation of abusive, threatening or harassing behaviour to the appropriate authorities.

5. Our Obligations

   1. Digidentity will provide the identity service as described on the website in accordance with the terms and conditions, the associated privacy notice and Good Industry Practice. In the provision of identity verification Digidentity will act diligently and with reasonable care. Digidentity will carry out any contractual obligations involving efforts in verification processes. However, these obligations are no guarantee for a successful outcome in your application for an identity account.
   2. Digidentity aims to provide a continuously functioning and accessible identity service, but makes no guarantees about the availability of any services provided. You accept the fact that (temporary) errors may occur which would render the service inaccessible on some occasions.
   3. Digidentity reserves the right to limit access to, or render the identity service entirely inaccessible for limited periods of time in order to carry out maintenance and/or implementation of required modifications. Digidentity aims to carry out these scheduled 'down times' in periods which could be reasonably considered to affect the minimum number of users as far as possible, e.g. outside of office hours.
   4. Digidentity will provide the service in accordance with the published Digidentity Privacy Policy. This Privacy Policy is accessible from the website. Digidentity will update its Privacy Policy from time to time to reflect changes to data processing in relation to the service.

6. Your Obligations

   1. The moment you apply for the verification of identity, we shall ask you to submit centain personal data, including contact data, an identity document and banking details. You will understand and accept that Digidentity will not be able to process your request if you do not submit these data, since we need them to fulfil our authentication and authorisation services. At the moment of registering, Digidentity will also ask you to transfer £ 0.00 from your bank account. Thus, we can verify whether the bank account number you submitted for direct debit purposes is really yours and check your creditworthiness to verify if you are capable of paying your bills. In our Privacy Policy, you can find further information about the warranties Digidentity makes regarding its processing of your personal data.
   2. You understand that verification of identity is a process that relies on personal data, available documentation and information provided by you, and is uniquely based on your own data. You accept that this identity verification process cannot be based on other user experiences or requirements.
   3. You ensure and guarantee that all data, documentation and information provided is correct, complete, accurate and up‐to‐date, and that it conforms to the requirements as set out by Digidentity during the process of identity verification. You will update your online profile if changes occur in the data you have submitted upon registering. You will follow instructions and requirements for any transfer of data (via the online process, or using the mobile/tablet application) that Digidentity indicates.
   4. You agree to inform Digidentity immediately if there are any security concerns, security issues or data leaks. Digidentity will treat any report of this information as strictly confidential, and will handle it in accordance with appropriate laws and regulations to minimise damage to the affected users, to Digidentity or relying parties. Digidentity aims to resolve any security alerts or hazards as fast as reasonably possible and will take steps to inform any third parties that the issue affects.
   5. You accept the obligation to inform Digidentity of any violation of the terms described in articles 6, 8 and 9, adding a detailed description of such violation and any other relevant information. You must take all reasonable measures to prevent further and/or continuing violations and will take all reasonable measures to limit any damage resulting from such a violation.

7. Reasonable Use of Website and associated materials

   1. It is forbidden to copy, pass on, sell, publish or make a profit from any content of the website, products, services or associated materials of Digidentity.
   2. It is forbidden to use the website, products or associated materials of Digidentity in any way that causes, or may cause, damage to the website or impairment of the performance, availability or accessibility of the website, products or associated materials.
   3. It is forbidden to access the Digidentity website and associated materials using any robot, spider or other automated means.

8. Personal Data

   1. You acknowledge that the identity service is an authentication and authorisation service and you understand that Digidentity will process certain personal data to establish an identity and to verify the validity of personal data or documents. Digidentity is the Data Controller as defined under the EU General Data Protection Regulation (GDPR) and will process the personal data with due care, in compliance with any applicable data protection laws including the GDPR, and these terms & conditions, unless otherwise agreed upon.
   2. To this end, Digidentity may only process the personal data in order to perform its duties under the contract with you and to create and maintain a direct relationship with you as indicated in the privacy policy. For the avoidance of doubt: this includes comparing and checking the data against databases (public or otherwise) that are available for the purpose. Digidentity will not process the personal data for other purposes, unless the processing is required on the basis of a legal obligation or a court order, or if you have given your consent.
   3. In order to perform its duties under the contract, Digidentity will involve relying parties in the processing of personal data. Digidentity will take appropriate measures to ensure that these relying parties will process personal data in accordance with the applicable data protection laws including the GDPR.

9. Confidentiality

   1. Digidentity and you are obliged to take all reasonable measures to protect confidential information or the identity account from unauthorised access, loss, damage, modification or unauthorised processing. In the event that such an issue occurs, you must immediately inform Digidentity of any such unauthorised access, loss, damage, modification or unauthorised processing.

10. Rights of Ownership and Intellectual Property

    1. At all times, any intellectual property rights that have to do with the identity service, or associated materials remain the property of Digidentity, the licensee or our supplier.
    2. Your right to use the identity service or associated materials does not entitle you to any intellectual property rights of the identity service or associated materials. Digidentity only provides a non‐exclusive right to use the identity service and/or associated materials to verify your identity and create an account. Your usage rights are strictly personal and cannot be transferred to any other person.
    3. It is forbidden to use (part of) the identity service, data or associated materials in any way that would result in the violation of intellectual property rights of Digidentity, the licensee or suppliers.
    4. Digidentity reserves the right to take all necessary measures to protect their own, the licensee's or suppliers' intellectual property rights. These measures include ending the use of the identity service or associated materials when the contract ends. It is forbidden to use, remove or avoid any such measures in any way.

11. Liabilities

    1. Nothing in these Terms and Conditions excludes or limits our liability in respect of a) any breach of law by Digidentity or its sub-contractors, b) any loss, unauthorised access to or corruption of personal data held by Digidentity or its sub-contractors (including any credentials issued to you), c) any wilful default on the part of Digidentity or its sub-contractors. Any other limitations on liability in these terms & conditions must be reasonable in all the circumstances of the services provided by Digidentity to the user. 
    2. We are not responsible to you for any loss or damage suffered by you which was not an obvious consequence of us breaching these Terms and Conditions. We are not responsible to you for losses which you suffer due to any events beyond our reasonable control. We are not responsible to you for losses that that Digidentity has not caused directly by actions.
    3. You cannot hold Digidentity liable for damages resulting from events beyond reasonable control or that Digidentity has not caused directly by actions.
    4. You cannot hold Digidentity liable for any indirect damages or damages that were/or are caused because you did not/or do not take appropriate measures to i) limit such damages immediately after a damaging event has occurred, ii) prevent further damage or subsequent damages resulting from the initial event, iii) immediately inform Digidentity about events which would cause damages and/or provide relevant information to Digidentity.
    5. In all cases, the liability of Digidentity shall be limited to the usual and foreseeable damages. You cannot hold Digidentity liable for any business damages after using the identity service in the capacity of a consumer.
    6. You can never hold Digidentity liable in respect of any damages resulting from 
       1. Your unauthorised or improper use of the data, the identity service and/or related materials;
       2. Providing incorrect and/or incomplete data, or not providing data to Digidentity in a timely manner;
       3. Losing your own data;
       4. Your failure to abide by any obligations provided in these terms and conditions, including not cooperating with the terms and conditions.
       5. The late, incorrect, or incomplete accessibility of the identity service;
       6. Miscommunication or loss of messages and notices resulting from the use of a mode of communication selected by you, or resulting from the dysfunction of any materials used by you, including improper functioning of the internet;
       7. The use of materials you selected;
       8. The unauthorised use, loss or theft of log in details that have been provided to you;
       9. The downtime or unavailable online tools of third parties;
       10. Sharing your username and password with any other person.

12. Limitation of Action

    1. You must bring any claim for damages against Digidentity within one year after the damage has occurred.

13. Force Majeure

    1. Digidentity are not obliged to perform any of the obligations under the contract or the terms and conditions in case of force majeure. Force majeure includes, but is not limited to: improperly functioning materials provided by users, requirements under the law, power cuts, improper functioning of the internet, or of computer‐ and telecommunication facilities, extreme weather conditions, fire, flooding, war, strike, general problems of transportation and unavailability of one or more of Digidentity's employees.

14. Applicable Law and Disputes

    1. The contract and the terms and conditions are governed by Dutch law in adherence and conformity with application European Directives, specifically Article 8 of the European Convention of Human Rights regarding laws on privacy.
    2. Any dispute that a user and Digidentity cannot settle amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before that judge.

15. Warranties

    1. Digidentity do not provide for any other guarantees, undertakings, and/or commitments than those explicitly provided for in the terms and conditions.

16. Concluding Provision

    1. Should any provision of the terms and conditions be declared invalid or void, this shall not affect the validity of any of the other provisions included in the terms and conditions. In such case Digidentity will amend the terms and conditions with the aim to achieve the same object and purpose served by the provision declared invalid.

Definitions

The following words have the following meaning:

1. User

   "User", "you" or "your" in these Terms and Conditions refer to you as a user of the Identity Service.

2. Identity service

   The service we provide to you entailing the verification of your identity and/or the validity of any documents or data. If this verification and/or validation process results in a confirmation and/or validation of the information you have provided, we will create an identity account for your personal use.

3. Relying party

   The relevant third party who requires you to verify your identity so that you can use its services, i.e., Government Departments.

4. Contract

   The relationship between you and us, governed by the terms and conditions according to article 2.1.

5. Terms and conditions

   These terms and conditions as set out here.

6. Identity account

   Your unique user profile we have provided to you after identification and/or validation of data and documents whether or not the verification of your identity is successful

7. Data

   Any data you have provided to us or in connection with the Digidentity Service.

8. Licensee

   The holder of a licence for intellectual property rights connected to the identity service.

9. Materials

   Materials refer to any software, hardware, websites, database, designs, models, programs, reports, and other identity services and materials we or the relying party have put to use in relation to the identity service.

10. In writing

    For the present terms and conditions, the term "in writing" will refer to any written communication, whether this be by electronic means or by regular postal mail.

11. Good Industry Practice

    At any time, the exercise of that degree of care, skill, diligence, prudence, efficiency, foresight and timeliness, which would be reasonably expected at such time from a leading and expert provider of services that are similar to the Digidentity Service, such provider seeking to comply with its obligations in full and complying with applicable laws and with ISO27001 and Scheme accreditations.

Introduction

At Digidentity Identity Service, our mission is to respect your privacy and protect your personal data.

In this privacy policy, we will inform you about the way we look after your personal data whenever you visit our website or interact with us in any other manner. Also, we will tell you about your privacy rights and explain how you may exercise them.

Please, feel free to click through to the areas set out below.

1. INFORMATION ABOUT US AND THIS POLICY
2. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
3. HOW DO WE USE YOUR PERSONAL DATA?
4. WHAT ARE COOKIES AND HOW DO WE USE THEM?
5. SHARING YOUR PERSONAL DATA
6. INTERNATIONAL TRANSFERS?
7. DATA SECURITY
8. DATA RETENTION
9. YOUR RIGHTS
10. GLOSSARY

1. INFORMATION ABOUT US AND THIS POLICY

   WHO ARE WE?

   This Privacy Policy ("Policy") describes Digidentity B.V.'s use of your personal data. References in this Policy to "Digidentity", "we" or "us" shall mean Digidentity B.V. (registered in the Netherlands under company number 27322631), being the data controller for the data processing.

   PURPOSE OF THIS POLICY

   With every service we provide we take the protection of your privacy and personal data very seriously. We ensure that we collect and process personal data in compliance with applicable privacy and data protection law. We do not allow anyone to use or access your personal data for any other purposes than those set out in this Policy.

   In this Policy, we give you information about how Digidentity collects and processes your personal data when you visit our website or otherwise interact with us. This includes any personal data that you provide when you purchase our products or services. The Policy also informs you how you can exercise your rights.

   It is important that you read both this privacy policy and our Terms and Conditions. This policy does not override earlier policies, but rather supplements them.

   We protect and handle any personal data about you in accordance with relevant and applicable data protection and privacy legislation (including but not limited to the EU General Data Protection Regulation ("GDPR")).

   CONTACT DETAILS

   If you have any questions, comments or requests concerning this Policy, please contact our data privacy officer (by e-mail, postal service or phone) using the details set out below.

   Email address: privacy@digidentity.eu
   Postal address: PO Box 19148, 2500 CC The Hague, the Netherlands
   Telephone number: +3188 7 78 78 78

   If you have any concerns about the way we handle your personal data you have the right to make a complaint at any time to the local data protection authorities. In the United Kingdom, this is the Information Commissioner's Office or "ICO". In the Netherlands, this is the Autoriteit Persoonsgegevens or "AP". However, we would appreciate the chance to respond to your concerns before you approach either the ICO or the AP, so please contact us in the first instance.

2. WHAT PERSONAL DATA WE COLLECT ABOUT YOU?

   We collect and process personal data about you when you interact with us and our products and services, or when you use or purchase our products or services. Personal data includes any information from which you can be identified (directly or indirectly).

   We have grouped different categories of personal data we may process:

   • "Identity Data" which includes, if relevant: name, or similar identifier, date of birth, gender, BSN or equivalent identifiers and other similar data;
   • "Contact Data" which includes, if relevant: billing address, home address, email address and telephone number(s);
   • "Financial Data" which includes, if relevant: bank account number and/or other payment card details;
   • "Transaction Data" which includes, if relevant: details about payments and delivery to and from you and other details of products and services you have purchased from us;
   • "Technical Data" which includes, if relevant: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to use our products and services;
   • "User Profile Data "which includes, if relevant: your username and password, your purchases or orders, your preferences, feedback and survey responses;
   • "Usage Data" which includes, if relevant: information about how you use our website, products and services;
   • "Aggregate Data" which include, if relevant: statistical and/or demographic data, which we have derived from your personal data and which we may for example use to calculate the percentage of users that access a specific website feature. We ensure the key to link the aggregate data back to your personal data can only be accessed by those persons who need to access it for specific and legitimate purposes.

   We do not collect any sensitive or special categories of personal data. Such data may include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. Nor do we collect information about any criminal convictions or offences.

   WHAT HAPPENS IF YOU DO NOT PROVIDE PERSONAL DATA?

   You do not have to supply us directly with any personal data when you use our website. However, some communications, services and facilities can only be provided if we receive relevant details from you, or they may not function properly if you do not provide certain data. If and when you wish to communicate with us or make use of any of our services and/ or facilities, we will inform you at that time about which personal data we need (and which we may not need) in order to respond to your request. Also, we will inform you of the (possible) consequences if you do not provide us with the personal data we require you to give.

   Also, it is important that the personal data we hold about you is accurate and current. Please, inform us through your online account, or via the contact details as set out above if your personal data changes during your relationship with us.

3. HOW DO WE USE YOUR PERSONAL DATA?

   We will only use your personal data in accordance and compliance with applicable data protection and privacy laws. We use your personal data we collect through our website on the following grounds:

    
   • As required to perform a contract with you.
   • As required by us to enable our business and pursue our legitimate interests. We will only use your personal data if using them does not conflict with your interests and fundamental rights.
   • Where we need to comply with applicable legal or regulatory obligation and for the protection of our legitimate business interests and legal rights, such as for security, (credit) fraud prevention purposes and for use in connection with legal claims, compliance, regulatory and investigative purposes.
   • In accordance with your preferences and your consent.

   FOR WHICH PURPOSES DO WE USE YOUR PERSONAL DATA?

   In the table below, we have described all the ways we collect and process your personal data. We have also indicated which of the legal grounds (as explained above) we rely on to do so. Moreover, we have identified what our legitimate interests are where appropriate.

   Please note that we may process your personal data for more than one legal ground. This depends on the specific purpose for which we are processing. If more than one legal ground has been set out in the table below, feel free to contact us for details about the specific legal ground we are relying on to process your personal data.

   Purpose/Activity	Type of personal data	Lawful basis for processing including basis of legitimate interest
   Automated technologies and interactions (including, but not limited to log information, data analytics and cookies).	Technical Usage	Necessary for our legitimate interests (in maintaining and managing our website and ensuring its security). With your consent Please find more information in Chapter 4 on "cookies".
   Responding to your inquiry when you seek interaction with us (including, but not limited to inquiries, creating an account, subscriptions, feedback and reviews)	Identity Data Contact Data	Necessary for our legitimate interest (i.e. legitimate business in communicating with you and/or your wishes and expectations, accessing appropriate professional advice, ensuring we comply we with obligations to which our business is subject).
   To register you as a (new) customer	Identity Data Contact Data Profile Data Technical Data Financial Data Transaction Data Usage Data	Performance of a contract with you. With your consent.
   To process and deliver your purchase orders (including, but not limited to managing payments, fees and charges, collecting and recovering money owed to us)	Identity Data Contact Data Financial Data Transaction Data	Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us).
   To manage our customer relationship with you which will include: Notifying you about changes Asking you to leave a review or take a survey	Identity Data Contact Data Profile Data	Performance of a contract with you. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services).
   To administer and protect our business and the website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Identity Data Contact Data Technical Data	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). Necessary to comply with a legal obligation.
   To make suggestions and recommendations to you about products or services that may be of interest to you (Promotional offers)	Identity Data Contact Data Technical Data Usage Data Profile Data	Necessary for our legitimate interests (to develop our products/services and grow our business).

   CHANGE OF PURPOSE

   We will only use your personal data for the purposes for which we collected it. The exemption may be that we may need to use your personal data for a reason that is related to or compatible with the original purpose. If you wish to get more information as to how the processing for the new purpose is compatible with the original purpose, please contact us.

   If we want to process your personal data for an unrelated purpose, we will notify you prior to commencing such processing and we will inform you of the lawful basis on which such processing is based, or otherwise only do so with your consent.

4. WHAT ARE COOKIES AND HOW DO WE USE THEM?

   Cookies are files that store information on your hard drive or your browser. Thanks to cookies, companies can see whether you have visited their website before. This allows you to maintain your preferences on those websites.

   If you wish, you can delete all the cookies currently stored on your computer. You can find out how to delete cookies for your browser by clicking 'help' on your browser's menu. You can also find out how to do this, and find further information on cookies at www.allaboutcookies.org. If you delete your cookies, however, you may find that you can no longer take full advantage of the websites you visit.

   Category 1: Strictly Necessary Cookies

   These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, we cannot provide services you have asked for such as remembering your login details or data provided for a purchase. Cookies that are timed (i.e. session cookies) will expire after the set time interval, unless replaced by another cookie with a new timer. Cookies that expire on session end will be erased when the user closes (all) the browser instances. The session cookie is stored in temporary memory and is not retained after the browser is closed. Session cookies do not collect information from the user’s computer. They typically will store information in the form of a session identification that does not personally identify the user.

   Category 2: Performance Cookies

   These cookies collect information on how people use our website. For example, we use Google Analytics cookies to help us understand how users arrive at our site, browse or use our site and highlight areas we can improve such as navigation, website experience and marketing campaigns. The data stored by these cookies never shows personal details from which your individual identity can be established.

   Category 3: Functionality Cookies

   These cookies remember choices you make, such as the country you visit our website from, language and search parameters such as number of visitors and time of stay. These can then be used to provide you with an experience that is more appropriate to your selections and to make the visits more tailored and pleasant.

   GOOGLE ANALYTICS

   Our website uses Google Analytics, which is a web analytics service provided by a third-party provider (Google Inc.) Google Analytics is used for the purpose of evaluating your use of our website, compiling reports on website activity and other services relating to website activity and internet usage. The information generated by the cookie about your use of the website is usually transmitted to and stored by Google on servers in the United States. This transfer is covered by Google Inc.’s Privacy Shield certification and a separate data processing agreement that we have concluded with Google. On this website, we have also activated the IP anonymization tool “gat._anonymizeIp();” provided by Google Inc. to help protect your privacy.

   This means that your IP address will automatically be shortened after it is collected so it can no longer be connected to you (see https://support.google.com/analytics/answer/2763052).

   For further information see https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 (information on Google Analytics and data privacy).

   We don't use third-party cookies for any commercial purposes.

   Where we use third parties to deliver a service on our behalf, please visit their website to obtain further information regarding their use of cookies.

5. SHARING YOUR PERSONAL DATA

   Where necessary, your personal data may be shared with our suppliers, third party service providers and professional advisors who will process it on behalf of Digidentity in order to help us fulfil our purposes for processing data as described in the table above, i.e. to help us administer and manage our website, in order to resolve a query or complaint, in order to manage online payments or fulfil and deliver orders. Please find a list of third parties we may share your personal data with below.

   In any other case, we will not share your information with any third party unless:

   • we have your permission;
   • we are required to do so by law;
   • this is necessary in order for us to enforce our terms of use, rights or property or the rights or property of any third party; or
   • this is necessary in the connection with the sale, transfer or merger of (parts of) our business or its assets (in which case your details will be disclosed to our advisers and any prospective purchaser's advisers and will be passed to the new owners.)

   THIRD PARTIES

   Internal Third Parties

   Other companies in Digidentity's parent company Solera/Audatex Group, acting either as joint controllers or processors. They are based in the European Economic Area (EEA), provide IT and system administration services and undertake information reporting.

   External Third Parties

   • Service providers
     All our service providers are based in the EEA.
   • Professional advisers, including lawyers, bankers, auditors and insurers. They, too, are based in the EEA and they provide consultancy, banking, legal, insurance and accounting services.
   • Various government authorities and/or law enforcement officials.

   We require all third parties with whom we may share your personal data to respect the security of your personal data and to treat it in accordance with the law. We do not allow third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes as per our instructions. All these conditions are laid down in data processor (or other) agreements which we have concluded with them prior to sharing your personal data and in accordance with applicable data protection and privacy legislation.

6. INTERNATIONAL TRANSFERS

   Unless expressly stated otherwise in this Policy, we do not transfer your personal data outside the European Economic Area (EEA).

7. DATA SECURITY

   We have taken the necessary security measures to prevent that your personal data is accidentally lost, used or accessed in any unauthorised way, altered or disclosed. Also, we limit access to your personal data to those employees who have a business need to know. They will only process your personal data as per our instructions, and they are legally bound to keep your personal data confidential.

   We have set up procedures to deal with any suspected personal data breaches, and we will notify you and any relevant data protection authority of a breach where we are legally required to do so.

8. DATA RETENTION

   HOW LONG WE STORE YOUR PERSONAL DATA?

   We will only store and process your personal data for as long as we need to in order to fulfil the purposes we collected it for, including compliance with any legal, accounting, or reporting requirements.

   To determine the appropriate retention period for personal data, we consider:

   • the amount, nature, and sensitivity of the personal data,
   • the potential risk of harm from unauthorised use or disclosure of your personal data,
   • the purposes for which we process your personal data,
   • whether we can achieve those purposes through other means, and
   • the applicable legal requirements.

   Details of retention periods for different aspects of your personal data are available in our retention policy.

   In some circumstances, we may anonymise personal data (so that it can no longer, in any manner possible, be associated with or be re-identified with you).

9. YOUR RIGHTS

   You have the right to:

   Request access to the personal data (commonly known as a “data subject access request”) we hold about you. This means that you receive a copy of the personal data we hold about you, so that you can check that we are lawfully processing it.

   Request correction (i.e. rectification) of the personal data that we hold about you. This means you can have any incomplete or inaccurate personal data we hold about you corrected. However, we may need to verify the accuracy of the new personal data you provide to us.

   Request erasure of your personal data. This means that, you can ask us to delete personal data we hold about you. Please note however that the right to erasure is not absolute, and we may not be able to fulfil (a part of) your request if we are required to keep (certain) personal data by law or in connection to a contract with you. We will in our response to your request explain this to you in more detail where applicable.

   Object to processing of the personal data we hold about you in cases where we rely on a legitimate interest (or those of a third party) and as you feel it impacts on your fundamental rights and freedoms.

   If we have responded to your request for objection, you also have the right to ask us to delete your personal data.

   Request restriction of processing of the personal data we hold about you. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

   1. if you want us to establish the personal data’s accuracy;
   2. if our use of the personal data is unlawful but you do not want us to erase it;
   3. if you need us to hold the personal data even though we no longer require it, as you need it to establish, exercise or defend legal claims; or
   4. if you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

   Request the transfer (i.e. data portability) of the personal data we hold about you to yourself or a third party of your choice. We will provide to you, or that third party, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to digital information that you have provided us with, either on the basis of your consent, or where we needed to process the information in the performance of a contract we have with you.

   WITHDRAWAL OF YOUR CONSENT

   In those cases where we rely on your consent for the lawful processing of your data, you have the right to withdraw consent at any time. If we have no other legal ground on the basis of which we may process this data, we will discontinue processing it once you have withdrawn your consent.

   Please note that any processing we carried out before the withdrawal of your consent remains lawful. Also, if you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case when you withdraw your consent.

   If you wish to exercise any of these legal rights, please contact us via the contact information in Paragraph 1.

    

   NO FEE IS USUALLY REQUIRED

   You will not have to pay a fee to access your personal data (or to exercise any of the other legal rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

    

   WHAT WE MAY NEED FROM YOU

   If and when you make a request with respect to any of your rights as described above (i.e. access, correction, erasure, objection, restriction or transfer) we may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data (or to exercise any of your other legal rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

   TIME LIMIT TO RESPOND

   We aim to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you of such a delay within one month and keep you updated.

10. GLOSSARY

     

    LEGAL GROUNDS

     

    Legitimate Interest means the interest of our business in conducting and managing our business, so that we can give you and others the best service/product and the best and most secure experience. We consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where the impact on you overrides our interests (unless we have your consent or are otherwise required or permitted to by law).

    If you would like further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities, please contact us.

     

    Performance of Contract means that we process your personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.

     

    Comply with a legal or regulatory obligation means that we process your personal data because we need to fulfil a legal or regulatory obligation

    Consent means that we process your personal data because you have given us (demonstrable) permission to do so. 

    CHANGES TO THE POLICY

    Our Policy may require updates from time to time. We shall publish any changes we may make to our Policy in the future on our website www.digidentity.eu/en.

PURPOSE

When you register with Digidentity your personal data is required to confirm your identity. This document provides you with information about how long your personal data is stored. This personal data is subject to data protection laws, as described in the Terms and Conditions and Privacy Policy.

DATA RETENTION PERIODS

The data retention periods are in the table below:

Digidentity will only store your data if necessary, to meet obligations for auditing and forensic evidence purposes. Your rights to request deletion are described in the Terms and Conditions and Privacy Policy.

During archival the data is securely stored (encrypted/masked/locked away), and is inaccessible to authorized users during daily business tasks. Data will only be accessible to personnel in functions related to security e.g. Security Officers or the Data Protection Officer (DPO).

Once the data has reached the maximum retention period of 7 years it is deleted/destroyed. The destruction of data ensures that no information can be recovered.

Our core values

We focus 100%

What defines our work? We want to give internet users back their privacy. That is the core of our business, the core of our existence. Too much personal details are available on the internet. We are bringing it back to one, safe place. To one, reliable online identity. This way you gain control over your own data. We focus on this. Purely and solely. With our full attention. So that we can excel in it.

We operate internationally

Every individual, his online identity. That is our mission. For this purpose, we are building a scalable platform that is as international as the internet itself. With a unique digital passport you can use anywhere in the world. Safely and reliably. Logically we will focus further than just the Netherlands. You will find us in the United Kingdom. And behind the scenes where are also advising in multiple countries about the developments concerning digital identities. Call use involved across borders.

We put the user first

Nothing more personal than an online identity. The optimal personal experience of our service is then also a central point in our service. How do make the service even more safe, more easy – those are the questions we are continuously asking ourselves. The key factor is the protection of information, so we offer clients privacy and we gain trust. We use our user feedback, analytics and our UX Lab test results to gain happy clients. This way, our product sells itself.

We are raising the bar

We are working hard for the best possible result. Together we will decide how we will do that. We take and organise the area to realise our own ideas for it. In addition to this, we also take into consideration the interest of the entire industry. This means that we are rather an entrepreneur than an employee: we detect new opportunities and combine these.

Report your findings.

If you find a weak spot in one of our systems, please let us know. We will always seriously consider your notification and will investigate every possible vulnerabilities. In this way we can repair this as quickly as possible. This way, we can work with you to protect our clients and systems.

We ask you

1. Please e-mail your findings to our Network Operation Centre ;
2. Do not abuse the problem, by for example
   • reading more information than is necessary to prove the leak;
   • download, delete or edit data or components of the software system;
3. Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
4. Provide adequate information to reproduce the problem so that we can solve it quickly;
5. Do not share the problem with others until we have stated that the vulnerability has been rectified and that we have agreed with you to make it public.

We promise

1. To respond to your notification within 3 days. We will give our assessment of the notification and an expected date for a solution;
2. We will not take any legal steps against you about your notification. If you at least kept to the abovementioned requirements;
3. We will treat your notification confidential and will not share your personal data with third parties without your consent;
4. We will inform you about the progress of our rectification of the problem;
5. We will mention your name as the person who detected the problem in notifications, but only if you want this;
6. As a token of our appreciation for your help, we would like to offer you a reward. We will make a €100 donation to any of the following charities, according to your choice for every problem with our security that you detect. Choose from CARE , Homeplan , Edukans .

Summary of the Notifications

Contacting us with feedback

At Digidentity we do our best to ensure that we provide the best services and products possible. We do understand that sometimes users may want to pass on their feedback and concerns. In the event you wish to comment about the services we offer, you are able to contact us with more details.

How can you get in touch?

You are able to contact us via email, chat and telephone. The details of which are as follows:

Email: helpdesk@digidentity.co.uk
Chat can be accessed via our website www.digidentity.co.uk
Telephone: +44(0)330 05 83 454

How we handle your feedback/comments?

Any information we receive regarding our services or products is taken seriously in order to improve our overall service. We do our best to treat all users with respect, and genuine understanding of the importance of their situation, with the ultimate aim of helping and resolving any issues.

First contact

The first point of contact will be our one of our dedicated support agents, where any concerns or feedback you have will be responded to as quickly and clearly as possible. In handling your enquiry our team will also ensure that your provided feedback or information is passed on to the correct channels and is available for the review and evaluation of our services. All information will be recorded via email if this was not the primary method of contact.

Our support agents are trained and able to respond to almost all enquiries.

Transferring

In the event you are not satisfied with the response you have received your details will be forwarded to the next available supervisor, who will investigate the case further and respond to you personally. It may be necessary for the supervisor dealing with your enquiry to consult with others regarding the details of your enquiry, or to request more expert advice. The details of your enquiry will be treated with respect at all times with the aim of resolving your issues or concerns.

In the unlikely event your concern, feedback or issue is more serious it will be passed onto the management to deal with. This will be determined by the supervisor handling your case.

Digidentity is a certified identity provider for the GOV.UK Verify service, and as such is listed by GOV.UK as a certified company: GOV.UK website.

Via Digidentity:

• Users can register for a Digidentity account to assert their identity.
• Users with an asserted identity can access services available for GOV.UK Verify.
• Users can expect the highest standards of authentication and security available.

To provide this service to users, Digidentity ensures that the requirements and standards of the UK Government in GPG (Good Practice Guide) 44 and GPG 45 are met.

Once a user has successfully verified for an identity account for GOV.UK Verify LoA1 or LoA2, it can be used to access associated LoA1 or LoA2 services provided by the GOV.UK Verify initiative.

How the service works

Registration

Via the GOV.UK pre-registration questions, Digidentity can be chosen as the identity provider. Once chosen, users are automatically directed to the registration process of Digidentity. The registration process will be per the chosen LoA. Users are required to accept the terms and conditions, without accepting these it is not possible to register.

Authentication

When logging into their profile, or when requiring access to GOV.UK Verify services, users are required to make use of the 2-factor authentication. Users can opt for SMS or by using the Digidentity Authenticator app available. Once authenticated users can access services and/or their profile to maintain it.

IPV

Identity proofing and verification is at the core of creating a digital identity. The information required to verify an identity is dependent on the Level of Assurance. The higher the level, the more assurance is required.

Account Maintenance

Users are in control of their own identity account, and can also make changes where needed e.g. change of name because of marriage. Changes are always verified to ensure maximum protection and security, and for fraud prevention.

Registration

Making an account

Once directed to the Digidentity process users are required to make a username, password and to confirm their email address. Once this is complete the user needs to choose their form of 2- factor authentication, e.g. SMS. 2-Factor authentication is always required to secure the account for GOV.UK verify.

Entering personal details

Users are required to enter their personal details, including; name, date of birth, gender (optional) and address. Sometimes name history and/or address history is required. Once this is entered the details are confirmed and used to collect data from a credit file. The data collected is NOT a credit reference, and has NO impact on the credit reference. The data is used to check and verify information for the process of verification, along with data/document checking services provided by the Government.

Identity proofing

Depending on the Level of Assurance users will be required to provide evidence of the identity. Users registering for LoA2 are required to reach a higher level of assurance and will need to supply a combination of evidences which include (but not limited to): UK passport, Non-UK passport, Photo card ID (Government issued), Photo card driving licence, mobile phone contract, bank transaction £0.00 and knowledge based verification (questions generated from the data). Users can also choose to provide their details using our mobile app. Since photos are required of the document, and selfies too, more assurance is attained per document. Users who provide a UK Passport with the app therefore, need only add one more piece of evidence e.g. bank transaction £0.00.

Completion

Once the process of verification is completed the user will be redirected to the service they initially required. To access services of GOV.UK in the future users can use their existing account credentials, and once successfully logged in, will be redirected to the service required.

Revalidation

During the lifespan of the account it is necessary to revalidate details within 180 days of the registration date. Revalidation is a requirement per the Good Practice Guide set out by GOV.UK. Revalidation ensures the integrity of the data within the user account. If the account revalidation occurs users may be asked to take steps to update their information e.g. passport is expired and so add a new one.

Support

Users requiring support during the process are able to contact us:

Email: helpdesk@digidentity.co.uk
Phone: +44(0)330 05 83 454

Monday to Friday 08:00 to 22:00
Saturday and Sunday 08:00 to 17:00

Calls cost no more than calls to geographic numbers (01 or 02) and your telecoms provider must include these calls in inclusive minutes and any discount schemes in the same way.