eHerkenning is similar to DigiD. Just like citizens can use DigiD to login with the government agencies, companies, entrepreneurs and professionals can do that with eHerkenning.

An eHerkenning tool is person-bound. It cannot be transferred to someone else, such as a colleague. As user of eHerkenning, you can be authorised by your supervisor to act on behalf of your company with your service providers. 1 or more authorisations are registered when applying for a tool.

€0.75

per employee

per month

Unlimited authorisations

Minimum contract period 12 months

Yearly billing

€9 ex VAT per year

Request EH1

€1.75

per employee

per month

Unlimited authorisations

Minimum contract period 12 months

Yearly billing

€21 ex VAT per year

Request EH2+

€3.00

per employee

per month

Unlimited authorisations

Minimum contract period 12 months

Yearly billing

€36 ex VAT per year

Request EH3

€6.00

per employee

per month

Unlimited authorisations

Minimum contract period 12 months

Yearly billing

One time cost €17.50 for the face-2-face check

€72 ex VAT per year

Request EH4

Government agencies and corporates work together in safely logging in on the internet. The newer way of logging in is called Idensys. In the future, various organisations will check whether Idensys works well. As private individual, you can use your Digidentity to log into Idensys in companies who are participating in the testing. Only you are able to use your Idensys login tool. No one else can use it.

Do you want to use Digidentity to use Idensys? This is very simple. The only things you need is an identity document and a smartphone. And did you create a Digidentity? You may use it as often as you want to. As proof that you are you.

Digidentity is a digital identity to simplify your online life and to make it more safe. Also in the United Kingdom. We worked with the British government on GOV.UK Verify. This is a new way to prove your identity online. You can use this to utilise various government services, such as viewing your driver's license or the submission of your tax return.

Registration for GOV.UK Verify is also rather simple with Digidentity. You will be set-up in no time with your identity document and your smartphone. Then you will have an online identity that you can use safely when dealing online with the authorities.

Certified by the government

With a PKIgovernment services certificate you will gain access to the digital window of the government via Standard Business Reporting (SBR). Fast, easy and reliable. With this certificate, you are recognised as reliable sender and you have a secure connection with the electronic mail box of the government.

Safe information exchange

Every company that is connected to Digiport via a PKIgovernment services certificate can digitally exchange information with the government. That is very useful if your company, for example, regularly has to supply information to the government. A PKIgovernment services certificate ensures that the data is sent safely to the correct government organisations. But also the other way around: information of a government organisation is sent to the correct company.

Application for SBR

With SBR you can compile and supply digitally standardised financial reports. In order to use SBR, you require a PKIgovernment services certificate.

Request

You can gain access to Digiport (SBR) via our Certificate Store in a few steps.

1. Create an account in the Certificate Store.
2. Register the subscribing organisation.
3. Register the contact person.
4. Register the certificate administrator.
5. Ensure the physical check of the certificate administrator.
6. Request the certificate.

Accelerated process

Within 24 hours your certificate (depending on face-2-face checks and documents)

Access to services via Digipoort such as tax authorities

Suitable for use within fiscal packages

Valid for 1 year

One time cost €125 for the face-2-face check (€25 at our office)

€325 ex VAT

Accelerated request

Normal process

Within 2 weeks your certificate (mean time application process, no guarantee)

Access to services via Digipoort such as tax authorities

Suitable for use within fiscal packages

Valid for 1 year

One time cost €125 for the face-2-face check (€25 at our office)

€175 ex VAT

Normal request

Secure your website

A PKIgovernment SSL certificate is used, among others, to secure your website, enter an electronic signature or to authenticate persons and services.

Use the certificate

A PKIgovernment SSL certificate differs from a PKIgovernment services certificate. You cannot submit a tax certificate with it. For this reason, you do not need to specify a OIN number for a PKIgovernment SSL certificate. Further, both certificates are the same.

Request

With our Certificate Store you can request a PKIgovernment SSL certificate in a few easy steps.

1. Create an account in the Certificate Store.
2. Register the subscribing organisation.
3. Register the contact person.
4. Register the certificate administrator. We check them face-2-face.
5. Have the abovementioned steps been completed? Request a certificate via a CSR.

Within 2 weeks of your certificate (mean time application process, no guarantee)

Access to services via Digipoort such as tax authorities

Suitable for use within fiscal packages

Valid for 1 year

One time cost €125 for the face-2-face check (€25 at our office)

€175 ex VAT

Request

Conditions

• General terms and conditions
• Privacy Policy

Forms

• Authorisation form certificate (Dutch)

Manuals

Download our manual to help you to create a CSR here. You require a CSR when applying for a certificate.

• Manual create CSR PKIgovernment SBR certificate on Windows (Dutch)
• Manual create CSR PKIgovernment SSL certificate on Windows (Dutch)
• Manual renew Digidentity PKI Certificate (Dutch)

Digidentity L4 Services CA chain

Download the CA chain required here to generate a personal PKCS12 certificate if you requested a certificate with a CSR.

• Download as PEM

Roots and CRL

Download the roots and CRL certificates of Digidentity here for your level 3 and 4 account.

Mobile App

You require our app for your Digidentity. From application to daily use. Download the free Digidentity app here.

Digidentity

by Digidentity

Free

Digidentity

by Digidentity BV

Free

Digidentity

by digidentity.eu

Free

Only usable for GOV.UK Verify.

Who is Digidentity?

You cannot go anywhere without your passport. Doors remain shut, borders closed. Unless you venture online. There you no longer require a spectrum of profiles. For example to send messages or to network. But how safe it that? Before you know it, you are leaving a trail of personal details that fraudsters will use to their benefit.

Digidentity offers internet users their own online identity. We value privacy above all else. We call it Privacy by design. That is our work, our mission. We are identity providers pur sang and have been doing this work since 2008.

What is Digidentity?

Privacy by design is in our DNA, woven into our fibres. You will trace this back to Digidentity: the name of our company and our product. Digidentity is your digital identity, to simplify your online life. That is why we say

Your own Digidentity, be verified.

What is your talent?

Do you also value your privacy on the internet? Do you like to work on high tech solutions for millions of internet users? Then Digidentity is the place for you. Discover how your talent can improve our team and view our vacancies.

Certified Trusted Third Party

Digidentity is a certified Trusted Third Party (TTP). As objective organisation, we provide commercial reliability with digital transactions. We do this with commercial and technical security services.

A TTP has technical and legally reliable resources for performing and facilitating electronic transactions, and for producing objective evidence in case of disputes.

Periodic audits

As neutral facilitator, it is important to us to control our processes. To guarantee this control, Digidentity is periodically audited according to the norms of ETSI EN 319 411-2, ETSI 102 042 and ISO 27001:2013.

For more information, read the general terms and conditions of Digidentity and the Certificate Practice Statements of PKIgovernment.

Highest safety standards

We comply with the strictest safety standards and are authorised to provide digital identities. The information that we send via the internet is secured on a very high level.

We are thus not only a Trusted Third Party, but also a Certification Authority and hold a PKIgovernment certificate. Our organisation, systems and employees are periodically audited and found acceptable by BSI. This happens conform the CWA requirements.

Our accreditations

BSI - ISO/IEC 27001:2013

Delivery of Identity Services, Digital Signing and Certificate Services by the processes Registration, Dessimination, Authorisation, Broker and Revocation Service, IT Operations and Development, in accordance with the Statement of Applicability version 2.0 dated 17 August 2015.

BSIGroup.com Certificaat ISC 066 2015 - 2018

BSI - ETSI EN 319 411-1

Trust Service Providers issuing certificates; Part 1: General requirements

Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2, in accordance with the Statement of Applicability v1.0, dated 11 April 2017 and the Overview of Applicability v1.0, dated 11 April 2017.

BSIGroup.com Certificaat ETS 043 2017-2018

BSI - ETSI EN 319 411-2

Trust Service Providers issuing certificates; Part 2: Requirements for Trust Service Providers issuing EU qualified certificates

Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2, in accordance with the Statement of Applicability v1.0, dated 11 April 2017 and the Overview of Applicability v1.0, dated 11 April 2017.

BSIGroup.com Certificaat ETS 015 2017-2019

PKIgovernment

Public Key Infrastructure for the government, in short PKIgovernment, enable reliable communication. PKI certificates secure the information that persons and organisations send via internet on a high level of reliability.

Logius.nl

eHerkenning

We are officially recognised by the eHerkenning administration organisation, part of the minister of Economic Affairs, as eHerkenning broker. This means that we can offer services and solutions for the total playing field of eHerkenning, the successor of DigiD for companies.

eHerkenning.nl

Idensys

Login safely on the internet. This is very important when doing business with the municipality, the Tax department or a health care insurer online. This is also important when you shop or bank online. The government and enterprises thus work together to safely login on the internet. The new way of logging in is called Idensys.

idensys.nl

tScheme

tScheme is the independent, industry-led, self-regulating system set up to create strict assessment criteria based on which the Trust Services will be approved.

tScheme.org

eHerkenning

These terms and conditions are applicable to providing services in the framework of the Network for eHerkenning and the Authorisation register AuthorisationOnline.

• User requirements eHerkenning v1.8
• General terms and conditions AuthorisationOnline v1.1

Certificates

Certificate Practice Statement

A Certification Practice Statement (CPS) states for which procedures and norms Digidentity issues and administers certificates.

• CPS Digidentity v1.1
• CPS Digidentity v1.0

• CPS Digidentity PKIgovernment v1.12
• CPS Digidentity PKIgovernment v1.11
• CPS Digidentity PKIgovernment v1.10
• CPS Digidentity PKIgovernment v1.9
• CPS Digidentity PKIgovernment v1.8
• CPS Digidentity PKIgovernment v1.7
• CPS Digidentity PKIgovernment v1.6
• CPS Digidentity PKIgovernment v1.5
• CPS Digidentity PKIgovernment v1.4.1
• CPS Digidentity PKIgovernment v1.3
• CPS Digidentity PKIgovernment v1.2
• CPS Digidentity PKIgovernment v1.1
• CPS Digidentity PKIgovernment v1.0

PKI Disclosure Statement (PDS)

A PKI Disclosure Statement (PDS) is the document in which Digidentity summarises the CPS.

• PDS Digidentity PKIgovernment v1.3
• PDS Digidentity PKIgovernment v1.2
• PDS Digidentity PKIgovernment v1.1
• PDS Digidentity PKIgovernment v1.0

Regulations

Which national and European regulations are applicable to products and services of Digidentity?

• Act on electronic signatures
• Decree on electronic signatures
• Regulation on electronic signatures
• Directive 1999/93/EC of the European Parliament and the Council

1. About us

1. Digidentity BV is a registered company in the Netherlands, with company number 27322631, situated at Waldorpstraat 17 P (2521 CA) in The Hague.
2. Questions about the identity service can be resolved via the website (www.digidentity.co.uk) or by contacting the help desk via phone (+44‐33‐06060732) or e‐mail (helpdesk@digidentity.co.uk).

2. Contract and Scope of Application

1. You agree to these terms and conditions by applying for an identity account via Digidentity. The terms and conditions will continue to apply whether or not the verification of your identity is successful or not.
2. Excluding any other terms and conditions, the present terms and conditions will apply to all aspects of the relationship and the contract between you and Digidentity, unless otherwise expressly agreed to in writing from Digidentity. Unconditional acceptance and agreement of these terms and conditions is implied.
3. Digidentity reserves the right to unilaterally modify the terms and conditions at all times. The modified terms and conditions will apply immediately after being published on the website. You will be informed of any changes via notifications on the website and/or by notifications in your identity account.
4. In the event that you are not in agreement with any modified or revised Digidentity terms and conditions, then you are able to withdraw from using the service via your identity account. In your identity account you have the possibility to deactivate your identity account.

3. Identity Service

1. On applying for an identity account the process of verification will begin immediately, including the validation of documents and data provided by you and by other sources. If the completed verification process results in a confirmation and/or validation the fully verified identity account will be provided. The decision to grant an identity account remains exclusively with Digidentity at all times.
2. On granting an identity account the necessary user name, password and other modes of access will be provided. The log in details are strictly personal and confidential. Sharing this information with any other person or entity is not permitted, you must take all reasonable measures to prevent the abuse, misuse, theft, or loss thereof.
3. Documentation and information provided for the verification of identity will be stored by Digidentity in accordance with appropriate data protection laws as set out in the privacy policy. After issuing a fully verified identity account, and providing the means to access personal identity accounts, it will be necessary to re‐validate your existing information/data via the relevant issuing authorities from time to time. This is necessary in order to ensure that Digidentity have the most up‐to‐date details available for the purposes of identity verification.
4. Verified identity accounts (fully verified or not) are valid for a period of one year. After one year the account will be deactivated automatically and will require reactivation by you. A notification to reactivate an account will be visible the first time trying to log in after one year has elapsed.

4. Termination

1. You may deactivate identity accounts at any time by using the "deactivation" button in the identity account. A 30 day 'cool off' period is required, as set out in our privacy policy. If you wish to reactivate an account, you can log back in within 30 days after requesting deactivation. After 30 days have elapsed, with no reactivation by you, the account will be rendered inaccessible and will be no longer be available to use. Relevant records will be kept for the purposes of auditing, in accordance with appropriate laws.
2. Digidentity reserves the right to deactivate accounts with immediate effect if there is any reason to believe or to suspect that the verification and/or validation provided has been faulty or is no longer correct. In order to gain access to an identity account again you will be required to apply for a new identity account.
3. Digidentity reserves the right to deactivate accounts with immediate effect if communications from you to Digidentity employees are considered harassing, threatening, abusive and beyond the provision of reasonable services offered to support applications for identity verification. Any continuation of abusive, threatening or harassing behaviour will be reported to the appropriate authorities.
4. Digidentity reserves the right to deactivate accounts with immediate effect if it is suspected or known that the information provided during identity verification is false/fraudulent as set out in the privacy policy. Any fraudulent activity will be referred to the relevant authorities. On behalf of the Identity service, the Government Digital Service may also report any suspicious activities to any relevant body or appropriate.

5. Our Obligations

1. Digidentity will provide the identity service as described on the website in accordance with the terms and conditions, the associated privacy policy and Good Industry Practice. In the provision of identity verification Digidentity will act diligently and with reasonable care. Digidentity will carry out any contractual obligations involving efforts in verification processes, however, you cannot derive any rights from these obligations in order to guarantee a successful outcome in your application for an identity account.
2. Digidentity aims to provide a continuously functioning and accessible identity service, but makes no guarantees about the availability of any services provided. You accept the fact that errors (temporary) may occur which would render the service inaccessible on some occasions.
3. Digidentity reserves the right to limit access to, or render the identity service entirely inaccessible for limited periods of time in order to carry out maintenance and/or implementation of required modifications. Digidentity aims to carry out these scheduled 'down times' in periods which could be reasonably determined to affect the minimum number of users as far as possible e.g. outside of office hours.
4. Digidentity will provide the service in accordance with the published Digidentity Privacy Policy. This Privacy Policy is accessible from the service and will be updated from time to time to reflect changes in the processing of data in relation to the service.

6. Your Obligations

1. You agree to supply the necessary and required information and documentation in order to apply for the verification of identity. This includes a variety of personal information, and may or may not include passport, driving licence, a live bank transaction for £0.00 and knowledge based questions. You agree that in consenting to these terms and conditions that your consent is given to the extraction of data from your credit file in order that the knowledge based questions can be generated.
2. You agree and understand that verification of identity is a process reliant on personal details, available documentation and information provided by you, and is uniquely based on your own details. You accept that their identity verification process cannot be based on that of other user experiences or requirements.
3. You agree to ensure and guarantee that all data, documentation and information provided is correct, complete, accurate and up‐to‐date and conforms to the requirements as set out by Digidentity during the process of identity verification. You agree to notify Digidentity of any changes to your registration information. You agree to follow instructions and requirements for any transfer of data (via the online process, or using the mobile/tablet application) as indicated by Digidentity.
4. You accept and agree to inform Digidentity immediately if there are any security concerns, security issues or data leaks. Any report of this information to Digidentity will be treated as strictly confidential, and handled in accordance with appropriate laws and regulations in order to minimise damage to the affected users, to Digidentity or 3rd parties. Digidentity aims to resolve any security alerts or hazards as fast as reasonably possible and will take steps to inform any 3rd parties affected.
5. You accept the obligation to inform Digidentity of any violation of the terms described in articles 6, 8 and 9 accompanied by a detailed description of such violation and all other relevant information. You must take all reasonable measures to prevent further and/or continuing violations and shall take all reasonable measures to limit any damage resulting from such a violation.

7. Reasonable Use of Website and associated materials

1. You are prohibited from copying, passing on, selling, publishing or making profit from any content of the website, products, services or associated materials of Digidentity
2. You are prohibited from using the website, products or associated materials of Digidentity in any way that causes, or may cause, damage to the website or impairment of the performance, availability or accessibility of the website, products or associated materials.
3. You are prohibited from accessing the website and associated materials of Digidentity using any robot, spider or other automated means.

8. Personal Data

1. You acknowledge that the identity service is an authentication service and agree that Digidentity will use data to undertake a search for the purposes of verifying identity or the validity of any data or documents. In order to do this Digidentity may compare and check data against available databases (public or otherwise) which are accessible for the purpose. A record of the search will be saved for 7 years, as indicated in the privacy policy and in accordance with the requirements of appropriate laws and record keeping.
2. By entering into the contract you agree that personal data will be processed according to the Dutch personal data protection act, and in accordance with The Data Protection Act 1998 (UK). The data protection acts refers to the law regarding the protection and processing of personal data.
3. Digidentity and any relying parties' process information according to the laws specified in clause 8.2. Digidentity remains the responsible party for the processing of personal data at all times, whether using relying parties or not, in accordance with the Dutch Personal Data Protection Act and The Data Protection Act 1998 (UK) as a Data Controller.

9. Confidentiality

1. Digidentity and you are obliged to take all reasonable measures to protect confidential information or the identity account from unauthorised access, loss, damage, modification or unauthorised processing. In the event that this occurs Digidentity must be informed immediately of any such unauthorised access, loss, damage, modification or unauthorised processing

10. Rights of Ownership and Intellectual Property

1. Any intellectual property rights associated with the identity service or associated materials remain at all times the property of Digidentity, the licensee or our supplier.
2. The right to use the identity service or associated materials related to the identity service does not imply any transfer of any intellectual property rights of the identity service or associated materials to you. Digidentity only provides a non‐exclusive right to use the identity service and/or associated materials for the purpose of identity verification and creating an account. The rights of your use is strictly personal and cannot be transferred to any other person.
3. You are prohibited from using the identity service, data or associated materials in any way, or by use of any part, that would result in the violation of intellectual property rights of Digidentity, the licensee or suppliers.
4. Digidentity reserves the right to take all measures necessary in order to protect intellectual property rights owned by them, the licensee or suppliers. These measures include the termination of the use of the identity service or associated materials upon the termination of the contract. You are prohibited from removing or circumventing any such measures in any way

11. Liabilities

1. Nothing in these Terms and Conditions excludes or limits our liability in respect of a) Any breach of law by Digidentity or its sub-contractors, b) any loss, unauthorised access to or corruption of Personal Data held by Digidentity or its sub-contractors (including any credentials issued to you), c) any wilful default on the part of Digidentity or its sub-contractors. Any other limitations on liability included in these Ts&Cs must be reasonable in all the circumstances of the services provided by Digidentity to the user.
2. We are not responsible to you for any loss or damage suffered by you which was not an obvious consequence of us breaching these Terms and Conditions. We are not responsible to you for losses which you suffer due to any events beyond our reasonable control. We are not responsible to you for losses which you suffer which are not directly caused by our actions.
3. Digidentity cannot be held liable for damages resulting from events beyond reasonable control or not caused directly by actions by Digidentity.
4. Digidentity cannot be held liable for any indirect damages or damages caused because you did not/or do not take appropriate measures to i) limit such damages immediately after a damaging event has occurred, ii) prevent further damage or subsequent damages resulting from the initial event, iii) immediately took action to inform Digidentity about events which would cause damages and/or took action to provide relevant information to Digidentity.
5. In all cases the liability of Digidentity shall be limited to the usual and foreseeable damages. Digidentity can not be held liable for any business damages after using the identity service in the capacity of a consumer.
6. Digidentity can never be held liable in respect of any damages resulting from
   1. Your unauthorised or improper use of the data, the identity service and/or related materials;
   2. That the data you have provided is incorrect and/or incomplete, or not provided to Digidentity in a timely manner;
   3. Losing your own data;
   4. Your failure to abide by any obligations as provided in these terms and conditions, including not cooperating with the terms and conditions.
   5. The late, incorrect, or incomplete accessibility of the identity service;
   6. a. Miscommunication or loss of messages and notices resulting from the use of a mode of communication selected by you or resulting from the dysfunction of any materials used by you, including improper functioning of the internet;
   7. The use of materials selected by you;
   8. The unauthorised use, loss or theft of log in details that have been provided to you;
   9. The downtime or unavailable online tools of third parties.

12. Limitation of Action

1. Any claim for damages against Digidentity must be brought within one year after the damage has occurred.

13. Force Majeure

1. Digidentity are not obliged to perform any of the obligations under the contract or the terms and conditions in case of force majeure. Force majeure is understood to include but is not limited to:, improperly functioning materials provided by users, requirements under the law, power cuts, improper functioning of the internet, or of computer‐ and telecommunication facilities, extreme weather conditions, fire, flooding, war, strike, general problems of transportation and unavailability of one or more of Digidentity employees.

14. Applicable Law and Disputes

1. The contract and the terms and conditions are governed by Dutch law in adherence and conformity with application European Directives, specifically Article 8 of the European Convention of Human Rights regarding laws on privacy.
2. Any dispute that cannot be settled amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before this judge.

15. Warranties

1. Digidentity do not provide for any other guarantees, undertakings, and/or commitments than those explicitly provided for in the terms and conditions.

16. Concluding Provision

1. Should any provision of the terms and conditions be declared invalid or void, this shall not affect the validity of any of the other provisions included in the terms and conditions. In such case Digidentity will amend the terms and conditions with the aim to achieve the same object and purpose served by the provision declared invalid.

Definitions

The following words have the following meaning:

• User

  "User", "you" or "your" in these Terms and Conditions refer to you as a user of the Identity Service.

• Identity service

  The service provided by us to you entailing the verification of your identity and/or the validity of any documents or data. If this verification and/or validation process results in a confirmation and/or validation of the information provided by you, an identity account will be created for your personal use.

• Relying party

  The relevant third party who requires you to verify your identity in order for you to use its services, i.e. Government Departments like rand HMRC.

• Contract

  The relationship between you and us, governed by the terms and conditions according to article 2.1.

• Terms and conditions

  These terms and conditions as set out here.

• Identity account

  Your unique user profile provided to you by us after successful identification and/or validation of data and documents.

• Data

  Any data you have provided to us or in connection with the Digidentity Service.

• Licensee

  The holder of a licence for intellectual property rights connected to the identity service.

• Materials

  Materials shall refer to any software, hardware, websites, database, designs, models, programs, reports, and other identity services and materials put to use by us or the relying party in relation to the identity service.

• In writing

  For the present terms and conditions, the term "in writing" will refer to any written communication, whether this be by electronic means or by regular postal mail.

• Good Industry Practice

  At any time, the exercise of that degree of care, skill, diligence, prudence, efficiency, foresight and timeliness which would be reasonably expected at such time from a leading and expert provider of services which are similar to the Digidentity Service, such provider seeking to comply with its obligations in full and complying with applicable laws and with ISO27001 and tScheme accreditations.

Purpose of the Policy

This Privacy Policy, together with the Terms and Conditions, describes how we protect your privacy and how we use information about you when providing the Identity Service to you.

At the core of our service is the belief that your data belongs to you and to you alone. We only use your data to verify your identity. We do not share your data with 3rd parties, we do not allow anyone else to use or access your data outside the purposes for delivering the Identity Service to you

Any data we are in possession of about you is protected and handled in accordance with:

• Dutch Personal Data Protection Act, registration number 1451668
• The Data Protection Act 1998 (UK)

Digidentity are committed to protecting and respecting your privacy. This Policy sets out how we both use and protect the personal information that you provide to us when you use the Digidentity Services. Dutch Personal Data Protection Act, registered under number 1451668.

What information we collect

To provide the Digidentity service we will need to collect information from you for the purposes of registration and continued use of the services. We will seek your consent to the collection and processing of your personal information at the time of collection.

We only collect and process data that is needed to verify your identity and provide you with our identity service. This includes but is not limited to:

• Name, forename and middle name
• Title
• Gender
• Date of birth
• Current and previous addresses
• Telephone numbers
• E-mail addresses
• Passport Number
• Driving Licence number
• Photos of you that you provide in our app ('Selfie')
• Credit Card number (only the last four numbers are kept)

What we do with the information we collect

We collect information from you to provide the Digidentity service you have requested, and in particular to:

• Verify your identity against publically available data sources including your financial history. Your financial history is obtained from our credit reference agency, who may place a record of this check on your credit file, known as a `soft marker`. This will not affect your credit status or ability to obtain credit in the future.
• Verify your Identity by checking your documentation with the GOV.UK Document Checking Service, which can verify information against government data sources including information held by the Driver and Vehicle Licensing Agency (DVLA) and HM Passport Office.
• Verify your Photo with our partner who will verify your picture against other relevant documentation.
• Check the bank details you have provided are valid by making a zero-value payment to your bank account via our Payment Service Provider.
• Enable us to contact you by means such as SMS, E-Mail etc.
• Help us respond to your Technical or Service queries.

In each instance we will seek your consent to this sharing of your personal information.

Who we share information with

The data you provide to us will not be disclosed to organisations other than to the suppliers that we work with to deliver the service to you.

We may disclose your personal data where we have your permission or where we are under a duty to share your personal information in order to comply with any legal obligations.

How you can access or amend the information we hold about you

You may request details of personal information we hold about you in accordance with the Data Protection Act (1998). To do so, or if you think the information we hold about you is incomplete or incorrect or you wish to have your account removed, please contact us at:

Digidentity BV | Postbus 19148 | 2500 CC 's-Gravenhage | Nederland
Telephone (0)887 78 78 78 | E-mail info@digidentity.eu | Web www.digidentity.eu

Don't forget to mention in your mail that this is about an information request.

If the information we hold about you is inaccurate, you can also access and update it at any time by logging on to the Digidentity website www.digidentity.co.uk and updating your profile.

Your data is only processed for as long as you have an active account with Digidentity, and only for the purposes described in this Privacy Policy and in accordance with the relevant laws. If you request that your account is removed, there will be a 30 day 'cool down period'. If your account is not re-activated within 30 days, it will be closed and therefore inaccessible which may impact your ability to access other services which require your identity to be verified.

Your information will be encrypted and stored in accordance with legal requirements for a period of 7 years for audit purposes. After 7 years the data is permanently removed from our systems..

How we protect your data

We operate an extensive security policy to ensure that all reasonable efforts are made to ensure the personal information collected by the service is made available to you, remains confidential, and is protected from disclosure or unauthorised amendment.

Where we send data to third parties to help us provide the service to you, we will provide those third parties with only the information they need to deliver the service. Those Third Parties are prohibited from using this information for any other purpose than stated in this Policy.

How we use cookies

We use cookies to help us deliver an effective online service. Cookies are files that store information on your hard drive or your browser. These cookies mean that the Website can recognise that you have previously visited the Website. This allows you to maintain your preferences on the Website and for us to measure the usability of the Website.

You can, should you wish, disable the cookies from your browser and delete all the cookies currently stored on your computer. However, by deleting the cookies you may find you are prevented from taking full advantage of the Website. You can find out how to delete cookies for your browser by clicking 'help' on your browser's menu.

Where we use third parties to deliver a service on our behalf, please visit their website to obtain further information regarding their use of cookies.

We use only session cookies to help identify your computer so we can improve the website's usability, analyse the use of the website, prevent fraud and improve the security of the website.

We use Google Analytics with anonymous IP to analyse and create reports about the use of our website. We don't use third party cookies for any commercial purposes.

How to contact us

If you have any questions regarding this Policy or would like any further information regarding how your information is used or shared please contact Digidentity either by writing to us at:

Digidentity BV | Postbus 19148 | 2500 CC 's-Gravenhage | Nederland
Telephone (0)887 78 78 78 | E-mail info@digidentity.eu | Web www.digidentity.eu

Dont forget to mention in your mail that this is about an information request.

Changes to this privacy policy

Our Privacy Policy may require updates from time to time. Any changes we may make to our Privacy Policy in the future will be published on our website www.digidentity.co.uk. In addition, registered users will receive an email to inform them of changes.

Our core values

We focus 100%

What defines our work? We want to give internet users back their privacy. That is the core of our business, the core of our existence. Too much personal details are available on the internet. We are bringing it back to one, safe place. To one, reliable online identity. This way you gain control over your own data. We focus on this. Purely and solely. With our full attention. So that we can excel in it.

We operate internationally

Every individual, his online identity. That is our mission. For this purpose, we are building a scalable platform that is as international as the internet itself. With a unique digital passport you can use anywhere in the world. Safely and reliably. Logically we will focus further than just the Netherlands. You will find us in the United Kingdom. And behind the scenes where are also advising in multiple countries about the developments concerning digital identities. Call use involved across borders.

We put the user first

Nothing more personal than an online identity. The optimal personal experience of our service is then also a central point in our service. How do make the service even more safe, more easy – those are the questions we are continuously asking ourselves. The key factor is the protection of information, so we offer clients privacy and we gain trust. We use our user feedback, analytics and our UX Lab test results to gain happy clients. This way, our product sells itself.

We are raising the bar

We are working hard for the best possible result. Together we will decide how we will do that. We take and organise the area to realise our own ideas for it. In addition to this, we also take into consideration the interest of the entire industry. This means that we are rather an entrepreneur than an employee: we detect new opportunities and combine these.

Report your findings.

If you find a weak spot in one of our systems, please let us know. We will always seriously consider your notification and will investigate every possible vulnerabilities. In this way we can repair this as quickly as possible. This way, we can work with you to protect our clients and systems.

We ask you

1. Please e-mail your findings to our Network Operation Centre ;
2. Do not abuse the problem, by for example
   • reading more information than is necessary to prove the leak;
   • download, delete or edit data or components of the software system;
3. Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
4. Provide adequate information to reproduce the problem so that we can solve it quickly;
5. Do not share the problem with others until we have stated that the vulnerability has been rectified and that we have agreed with you to make it public.

We promise

1. To respond to your notification within 3 days. We will give our assessment of the notification and an expected date for a solution;
2. We will not take any legal steps against you about your notification. If you at least kept to the abovementioned requirements;
3. We will treat your notification confidential and will not share your personal data with third parties without your consent;
4. We will inform you about the progress of our rectification of the problem;
5. We will mention your name as the person who detected the problem in notifications, but only if you want this;
6. As a token of our appreciation for your help, we would like to offer you a reward. We will make a €100 donation to any of the following charities, according to your choice for every problem with our security that you detect. Choose from CARE , Homeplan , Edukans .

Summary of the Notifications

Contacting us with feedback

At Digidentity we do our best to ensure that we provide the best services and products possible. We do understand that sometimes users may want to pass on their feedback and concerns. In the event you wish to comment about the services we offer, you are able to contact us with more details.

How can you get in touch?

You are able to contact us via email, chat and telephone. The details of which are as follows:

Email: helpdesk@digidentity.co.uk
Chat can be accessed via our website www.digidentity.co.uk
Telephone: +44(0)330 60 60 732

How we handle your feedback/comments?

Any information we receive regarding our services or products is taken seriously in order to improve our overall service. We do our best to treat all users with respect, and genuine understanding of the importance of their situation, with the ultimate aim of helping and resolving any issues.

First contact

The first point of contact will be our one of our dedicated support agents, where any concerns or feedback you have will be responded to as quickly and clearly as possible. In handling your enquiry our team will also ensure that your provided feedback or information is passed on to the correct channels and is available for the review and evaluation of our services. All information will be recorded via email if this was not the primary method of contact.

Our support agents are trained and able to respond to almost all enquiries.

Transferring

In the event you are not satisfied with the response you have received your details will be forwarded to the next available supervisor, who will investigate the case further and respond to you personally. It may be necessary for the supervisor dealing with your enquiry to consult with others regarding the details of your enquiry, or to request more expert advice. The details of your enquiry will be treated with respect at all times with the aim of resolving your issues or concerns.

In the unlikely event your concern, feedback or issue is more serious it will be passed onto the management to deal with. This will be determined by the supervisor handling your case.

Digidentity is a certified identity provider for the GOV.UK Verify service, and as such is listed by GOV.UK as a certified company: GOV.UK website.

Via Digidentity:

• Users can register for a Digidentity account to assert their identity.
• Users with an asserted identity can access services available for GOV.UK Verify.
• Users can expect the highest standards of authentication and security available.

To provide this service to users, Digidentity ensures that the requirements and standards of the UK Government in GPG (Good Practice Guide) 44 and GPG 45 are met.

Once a user has successfully verified for an identity account for GOV.UK Verify LoA1 or LoA2, it can be used to access associated LoA1 or LoA2 services provided by the GOV.UK Verify initiative.

How the service works

Registration

Via the GOV.UK pre-registration questions, Digidentity can be chosen as the identity provider. Once chosen, users are automatically directed to the registration process of Digidentity. The registration process will be per the chosen LoA. Users are required to accept the terms and conditions, without accepting these it is not possible to register.

Authentication

When logging into their profile, or when requiring access to GOV.UK Verify services, users are required to make use of the 2-factor authentication. Users can opt for SMS or by using the Digidentity Authenticator app available. Once authenticated users can access services and/or their profile to maintain it.

IPV

Identity proofing and verification is at the core of creating a digital identity. The information required to verify an identity is dependent on the Level of Assurance. The higher the level, the more assurance is required.

Account Maintenance

Users are in control of their own identity account, and can also make changes where needed e.g. change of name because of marriage. Changes are always verified to ensure maximum protection and security, and for fraud prevention.

Registration

Making an account

Once directed to the Digidentity process users are required to make a username, password and to confirm their email address. Once this is complete the user needs to choose their form of 2- factor authentication, e.g. SMS. 2-Factor authentication is always required to secure the account for GOV.UK verify.

Entering personal details

Users are required to enter their personal details, including; name, date of birth, gender (optional) and address. Sometimes name history and/or address history is required. Once this is entered the details are confirmed and used to collect data from a credit file. The data collected is NOT a credit reference, and has NO impact on the credit reference. The data is used to check and verify information for the process of verification, along with data/document checking services provided by the Government.

Identity proofing

Depending on the Level of Assurance users will be required to provide evidence of the identity. Users registering for LoA2 are required to reach a higher level of assurance and will need to supply a combination of evidences which include (but not limited to): UK passport, Non-UK passport, Photo card ID (Government issued), Photo card driving licence, mobile phone contract, bank transaction £0.00 and knowledge based verification (questions generated from the data). Users can also choose to provide their details using our mobile app. Since photos are required of the document, and selfies too, more assurance is attained per document. Users who provide a UK Passport with the app therefore, need only add one more piece of evidence e.g. bank transaction £0.00.

Completion

Once the process of verification is completed the user will be redirected to the service they initially required. To access services of GOV.UK in the future users can use their existing account credentials, and once successfully logged in, will be redirected to the service required.

Revalidation

During the lifespan of the account it is necessary to revalidate details within 180 days of the registration date. Revalidation is a requirement per the Good Practice Guide set out by GOV.UK. Revalidation ensures the integrity of the data within the user account. If the account revalidation occurs users may be asked to take steps to update their information e.g. passport is expired and so add a new one.

Support

Users requiring support during the process are able to contact us:

Email: helpdesk@digidentity.co.uk
Phone: +44(0)330 60 60 732

Monday to Friday 08:00 to 22:00
Saturday and Sunday 08:00 to 17:00

Calls cost no more than calls to geographic numbers (01 or 02) and your telecoms provider must include these calls in inclusive minutes and any discount schemes in the same way.