eHerkenning is similar to DigiD. Just like citizens can use DigiD to login with the government agencies, companies, entrepreneurs and professionals can do that with eHerkenning.

An eHerkenning tool is person-bound. It cannot be transferred to someone else, such as a colleague. As user of eHerkenning, you can be authorised by your supervisor to act on behalf of your company with your service providers. 1 or more authorisations are registered when applying for a tool.

€0.75

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

€9 ex VAT per year

Request EH1

€1.75

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

€21 ex VAT per year

Request EH2+

€6.00

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

One time cost €17.50 for the face-to-face check

€72 ex VAT per year

Request EH3

€6.00

per employee

per company

per month

No extra costs

Minimum contract period 12 months

Yearly billing

One time cost €17.50 for the face-to-face check

€72 ex VAT per year

Request EH4

Physical identification

An eHerkenning tool can be requested online. For an eHerkenning tool with assurance level 3 and 4, a face-to-face check is also required. This happens at our office or at the customer's location.

Digidentity was founded with the sole purpose of protecting people’s online identities. In an ever more digital world we offer easy to use applications and combine smooth usability with government-grade security.

We are an international company and leading provider of digital identities in The Netherlands and Great Britain. We service people with over 150 different nationalities and are one of the few parties equipped to help foreign workers with their online verification in Great Britain. Last year alone our software realised 250 million authentications and protected the digital identity of more than 17 million people.

We take great pride in our approach to privacy and security. Your data will not be shared or used for other purposes.

By registering your Digidentity you will be able to access all government services in a swift, safe and secure way.

Signatures on contracts, employment agreements, purchase agreements, leases, living wills, tenders, policies, building plans and other documents no longer need to be handwritten on paper. These documents can be attested by a digital signature.

Using eSGN by Digidentity, you can digitally sign PDF documents in a legal valid way. This digital signature also ensures that the document has not been edited afterwards.

You can download the eSGN app from the app store on a tablet, it is also available as a web application, or you can integrate the functionality into your own workflow.

Benefits

• Ease: The signatory can conduct his or her business fully digitally at any location and at any time. The signatory can simply sign using his or her mobile phone, laptop, desktop computer, or tablet. eSGN allows for multiple signatories. Having an eSGN account allows them to notified when a document is ready for signing and you will receive a message as soon as everyone has signed the document.
• Cost savings: Thanks to digital signing, save money by reducing printing on paper, administrative actions and mail.
• Time saving: Reduce operational costs and put an end to manual processes. This way, you will no longer need to send prompt notes or follow up by phone: If a signatory still lingers over your contract, you can send them a fast reminder through eSGN (in the app). This will save you time and effort.
• Safe: We are fully compliant with the latest security standards .
• Legal validity: The qualified digital signature is 100% legally valid, it is legally equivalent to a handwritten signature.
• Environmentally friendly: No paper, printing or mail.

What is an electronic or digital signature?

An electronic or digital signature is equivalent to a hand-written signature. An electronic signature consists of cryptographic electronic data that are attached to a digital document.

The purpose of an electronic or digital signature is to establish:

• the identity of the sender (authenticity and identification) and§
• the invariability of the information sent (integrity).

The app eSGN

You can download the eSGN app from the app store on a tablet (and it is also available as a web application). Once you have signed in with your Digidentity account, you can start using eSGN right away.

Integrating digital signatures into the workflow

Alternatively, you can choose to integrate digital signatures into the existing workflow of your company or organization. Send, sign and share immediately from the applications that you are already using.

We provide a user-friendly integration of digital signatures into your own application (Application Programming Interface, API). This could be a portal, a mobile app, document management system (DMS) or any other application in which documents need to be signed in a straightforward and legally valid way.

So:

• no separate application, but entering digital signatures directly from the trusted custom applications and
• signing large volumes.

Types of signatures and legal validity

There are three types of electronic signatures:

• Get started quickly using eSGN Basic with a digital signature. You can use this electronic signature to sign your insurance policy for example: Once you pay the insurer the premium and they have your address details, this type offers sufficient reliability (and legally valid).
• eSGN Advanced is a legally valid digital signature. The advanced digital signature provides a high degree of reliability and offers legal certainty, because the identity of the signer has been established and attested to by us. This signature is used, for instance, to file your tax return.
• With eSGN Qualified you have the most reliable digital signature. It is a qualified digital signature that is legally equivalent to a handwritten signature. In the case of a legal dispute, the contrary must be proven.

Request eSGN Advanced Request eSGN Qualified

Certified by the government

With a PKIgovernment services certificate you will gain access to the digital window of the government via Standard Business Reporting (SBR). Fast, easy and reliable. With this certificate, you are recognised as reliable sender and you have a secure connection with the electronic mail box of the government.

Safe information exchange

Every company that is connected to Digipoort via a PKIgovernment services certificate can digitally exchange information with the government. That is very useful if your company, for example, regularly has to supply information to the government. A PKIgovernment services certificate ensures that the data is sent safely to the correct government organisations. But also the other way around: information of a government organisation is sent to the correct company.

Application for SBR

With SBR you can compile and supply digitally standardised financial reports. In order to use SBR, you require a PKIgovernment services certificate.

Request

You can gain access to Digipoort (SBR) via our Certificate Store in a few steps.

1. Create an account in the Certificate Store.
2. Register the subscribing organisation.
3. Register the contact person.
4. Register the certificate administrator.
5. Upload a CSR. How do I generate a CSR (Dutch)?
6. Ensure the physical check of the certificate administrator.
7. Request the certificate.

Normally within 2 weeks completed

Access to services via Digipoort such as tax authorities

Suitable for use within fiscal packages

Valid for 2 years

One time cost €125 for the face-to-face check (€25 at our office)

€350 ex VAT

Request

Secure your website

A PKIgovernment SSL certificate is used to protect your website.

Use the certificate

A PKIgovernment SSL certificate differs from a PKIgovernment services certificate. You cannot submit a tax certificate with it. For this reason, you do not need to specify a OIN number for a PKIgovernment SSL certificate. Further, both certificates are the same.

Request

With our Certificate Store you can request a PKIgovernment SSL certificate in a few easy steps.

1. Create an account in the Certificate Store.
2. Register the subscribing organisation.
3. Register the contact person.
4. Register the certificate administrator. We check them face-to-face.
5. Have the abovementioned steps been completed? Request a certificate via a CSR.

Within 2 weeks of your certificate (mean time application process, no guarantee)

To protect your website

Valid for 2 years

One time cost €125 for the face-to-face check (€25 at our office)

€350 ex VAT

Request

More information available in Dutch

Normally within 2 weeks completed

Personal digital signature

One time cost €125 for the face-to-face check (€25 at our office)

€150 ex VAT per year

Request

Legal Documentation

• Terms & Conditions
• Privacy Statement
• Complaints Procedure
• Data Retention Policy

CA Documentation

• Certificate Practice Statement for PKIoverheid certificates
• PKI Disclosure Statement for for PKIoverheid
• Certificate Policy & Certificate Practice Statement for Digidentity certificates
• PKI Disclosure Statement for Digidentity

Other documentation

• eHerkenning Terms & Conditions

PKI Certificates

Digidentity CA

• Digidentity Service Root CA
• Digidentity SSL CA
• Digidentity Secure Email CA
• Digidentity SSCD Root CA
• Digidentity Personal Qualified CA
• Digidentity Business Qualified CA
• Digidentity Personal Advanced CA

Digidentity L4 Server CA G3 chain

Download the CA chain required here to generate a personal PKCS12 certificate if you are in possession of a G3 certificate.

• Digidentity BV PKIoverheid Organization Server CA - G3

translation missing: en.downloads_modal_4_header

translation missing: en.downloads_modal_4_description

• PKIoverheid G1 CA

Roots and CRL

Download the roots and CRL certificates of Digidentity's CA here for your level 3 and 4 account.

Mobile App

You require our app for your Digidentity. From application to daily use. Download the free Digidentity app here.

Digidentity

by Digidentity

Free

Digidentity

by Digidentity BV

Free

Digidentity

by digidentity.eu

Free

Only usable for GOV.UK Verify.

Almost everyone leaves digital traces of their personal data and identity on the internet. For example, when buying online or using social media. These activities are not always secure, and fraudsters are always looking for new ways to get hold of other people's personal data. That is precisely why Digidentity was founded ten years ago: to improve the protection of internet users' digital identity and to make their online lives safer.

We are now active in several countries, working for various governments, and we have users with over 150 different nationalities. We are the technical market leader in Europe and also the largest supplier of GOV.UK Verify in the United Kingdom. In The Netherlands we are officially recognized broker and supplier of eHerkenning. Last year, our software realized 250 million authentications and protected the digital identity of more than 15 million people.

Digidentity is an authentication specialist. This means that we have specialized in the techniques and methodologies relating to user login procedures. Digidentity is also an eIDAS accredited Qualified Trust Service Provider for SSL, SBR and professional certificates and qualified digital signatures (eSGN).

For companies

If you conduct business online as a company, you need to be certain whom you are dealing with. Conversely, the person who logs in to your digital service needs to be able to count on your handling their data correctly. Therefore, a secure and reliable access to your online services is essential. With Digidentity, you render your services securely accessible online. Customers log in to your website or service using their digital identity (Digidentity) and thus can conduct their business securely and simply.

For individuals

Your Digidentity is your online identity. You add an eHerkenning to your Digidentity, but you can also use eSGN for digital signing. With your Digidentity you can safely log in to websites or digital services and conduct your business.

What is your talent?

Do you also value your privacy on the internet? Do you like to work on high tech solutions for millions of internet users? Then Digidentity is the place for you. Discover how your talent can improve our team and view our vacancies.

Digidentity is a certified Trusted Service Provider (TSP). As objective organisation, we provide commercial reliability with digital transactions. We do this with commercial and technical security services.

A TSP has technical and legally reliable resources for performing and facilitating electronic transactions, and for producing objective evidence in case of disputes.

Periodic audits

As neutral facilitator, it is important to us to control our processes. To guarantee this control, Digidentity is periodically audited according to the norms of ETSI EN 319 411-1, ETSI EN 319 411-2 and ISO 27001:2013.

For more information, read the general terms and conditions of Digidentity and the Certificate Practice Statements of PKIgovernment.

Our certifications

BSI - ISO/IEC 27001:2013

Delivery of Identity Services, Digital Signing and Certificate Services by the processes Registration, Dessimination, Authorisation, Broker and Revocation Service, IT Operations and Development.

BSIGroup.com Certificate ISC 066

BSI - ETSI EN 319 411-1

Trust Service Providers issuing certificates; Part 1: General requirements

Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2.

BSIGroup.com Certificate ETS 043

BSI - ETSI EN 319 411-2

Trust Service Providers issuing certificates; Part 2: Requirements for Trust Service Providers issuing EU qualified certificates

Providing Certification Authority processes and services under the Staat der Nederlanden Root CA-G2, the Staat der Nederlanden Organisatie CA-G2 and the Staat der Nederlanden Burger CA-G2.

BSIGroup.com Certificate ETS 015

PKIgovernment

Public Key Infrastructure for the government, in short PKIgovernment, enable reliable communication. PKI certificates secure the information that persons and organisations send via internet on a high level of reliability.

Logius.nl

eHerkenning

We are officially recognised by the eHerkenning administration organisation, part of the minister of Economic Affairs, as eHerkenning broker. This means that we can offer services and solutions for the total playing field of eHerkenning, the successor of DigiD for companies.

eHerkenning.nl

tScheme

tScheme is the independent, industry-led, self-regulating system set up to create strict assessment criteria based on which the Trust Services will be approved.

tScheme.org

Other documentation

These terms and conditions are applicable to providing services in the framework of the Network for eHerkenning and the Authorisation register AuthorisationOnline.

• User requirements eHerkenning v1.9b
• eHerkenning Terms & Conditions

Certificates

Legal Documentation

• Terms & Conditions
• Privacy Statement
• Complaints Procedure
• Data Retention Policy

CA Documentation

• Certificate Practice Statement for PKIoverheid certificates
• PKI Disclosure Statement for for PKIoverheid
• Certificate Policy & Certificate Practice Statement for Digidentity certificates
• PKI Disclosure Statement for Digidentity

Other documentation

• eHerkenning Terms & Conditions

PKI Certificates

Digidentity CA

• Digidentity Service Root CA
• Digidentity SSL CA
• Digidentity Secure Email CA
• Digidentity SSCD Root CA
• Digidentity Personal Qualified CA
• Digidentity Business Qualified CA
• Digidentity Personal Advanced CA

PKIoverheid CA

G1

• PKIoverheid G1 CA

G2

• Digidentity Burger CA - G2
• Digidentity Organization CA - G2
• Digidentity Services CA - G2
• Digidentity SSCD CA - G2
• Authorization Online SSCD - G2

G3

• Digidentity BV PKIoverheid Organization Server CA - G3

Solera CA

• Digidentity L3 ABZ CA - G2
• Digidentity L3 Burger CA - G2
• Digidentity L3 Organisatie CA - G2
• Digidentity L3 Root CA - G2
• Digidentity L3 Services CA - G2
• Digidentity L3 SSCD CA - G2
• TTP Services ABZ Nederland ABC CA
• TTP Services ABZ Nederland DP CA
• Machtiging Online SSCD CA - G2

Mobile App

You require our app for your Digidentity. From application to daily use. Download the free Digidentity app here.

Digidentity

by Digidentity

Free

Digidentity

by Digidentity BV

Free

Digidentity

by digidentity.eu

Free

Only usable for GOV.UK Verify.

Regulations

Which national and European regulations are applicable to products and services of Digidentity?

• Act on electronic signatures
• Decree on electronic signatures
• Regulation on electronic signatures
• Directive 1999/93/EC of the European Parliament and the Council

1. About Digidentity

   1. Digidentity B.V. is a registered limited company in The Netherlands, with company number 27322631, located at Waldorpstraat 17P, 2521 CA, The Hague, The Netherlands.
   2. If you have any questions about the identity service, you can visit our website www.digidentity.eu or contact us via
   • Reception: +31 (0)887 78 78 78
   • Service Desk NL:+31 (0)887 78 78 88
   • Service Desk UK: +44 (0)330 05 83 454
   or
   • Dutch service desk:helpdesk@digidentity.eu
   • English service desk:helpdesk@digidentity.co.uk

2. Contract & Scope of Application

   1. Digidentity delivers products and services for identity management and verification of identity. Digidentity is a Trust Service Provider for the issuance and management of EU qualified and advanced certificates, email certificates and server certificates.
   2. These are the Terms & Conditions Digidentity B.V. These Terms & Conditions are applicable to all products and services delivered by Digidentity.
   3. These Terms & Conditions are the foundation of the binding agreement between you (person or organisation) and Digidentity B.V. The Terms & Conditions exclude any other Terms & Conditions. In addition to these Terms & Conditions you may be required to accept product specific Terms & Conditions. These will be made available to you during the registration/application process where applicable.
   4. These Terms & Conditions will apply to all aspects of the relationship and the contract between you and Digidentity, unless Digidentity has otherwise expressly agreed to in writing. Unconditional acceptance and agreement of these Terms & Conditions is implied.
   5. Before being able to register for a product and/or service, you need to read and explicitly agree to these Terms & Conditions. To legally accept these Terms & Conditions you must have reached the legal age in your country of residence. This means that you are able to legally enter a binding contract.
   6. The Terms & Conditions will continue to apply whether or not the application process, and/or verification of your identity, is successful.
   7. Digidentity reserves the right to modify these Terms & Conditions at all times. The modified version will apply as soon as Digidentity has published them on the website. Once the Terms & Conditions change you will be required to read and accept them on your next use of your account.
   8. If you are not in agreement with any modified or revised Digidentity Terms & Conditions, you can no longer use the Digidentity Identity Services. In that case you can contact the Service Desk who can arrange the deactivation of your account. You can reactivate your account within 30 days after deactivation by logging in and accept the Digidentity Terms & Conditions. After 30 days, your account is deleted.

3. Our Service

   1. When you register for any product, you will need to register for an account. The process of verification will begin upon beginning registration and includes the validation and verification of the documents and data that you, and other sources, have provided.
   2. To complete the registration process, you will need to submit all of the data required. If you do not supply all of the required data it will not be possible to verify your identity and/or organisation, and we will be unable to provide you with the product you require.
   3. If the registration process is successful then Digidentity will make the product available to you via use of/or within your account, and the registration process will be complete.
   4. If the registration process results in no confirmation and/or no verification, the application will be rejected, and the product will not be made available to you.
   5. The decision to approve or reject applications for Digidentity’s products and services remains for Digidentity B.V. at all times.

4. Products

   1. At Digidentity, you are able to register/apply for the products listed on our website, to which these Terms & Conditions apply.
   2. The use of our service is described in these Terms & Conditions, product specific Terms & Conditions and our Certificate Practice Statement.

5. Product Validity

   1. For GOV.UK Verify accounts it is necessary to revalidate users within 180 days of first registration. If this revalidation is successful then no further validation will take place, and the account will remain active unless a request for deactivation or deletion has taken place. During the revalidation process GOV.UK Verify users may be asked to provide a new identity evidence.
   2. For eHerkenning accounts the initial contract is for twelve (12) months. After twelve (12) months have passed, the account is automatically renewed for twelve (12) months and can be cancelled on a monthly basis.
   3. SSL/SBR Certificates from the PKIo Private root are valid for three (3) years. Once the Certificate has expired a new application will be required. Digidentity do not extend existing Certificates but will issue new ones.
   4. SSL Certificates from the PKIo public root are valid for two (2) years. Once the Certificate has expired a new application will be required. Digidentity do not extend existing Certificates but will issue new ones.
   5. For eSGN Certificates (Qualified and Advanced) the initial contract is twelve (12) months. After twelve (12) months have passed, the account is automatically renewed for twelve (12) months and can be cancelled on a monthly basis.
   6. For Profession Certificates initial contract period is for twelve (12) months. After twelve (12) months have passed, the account is automatically renewed for twelve (12) months and can be cancelled on a monthly basis.
   7. Accounts and/or contracts cannot be transferred. Applicants, personal or organisational, must register for their own account.

6. Notice to Relying Parties

   1. Digidentity recommends that relying parties verify the validity or revocation of the certificates using the current revocation status information.
   2. Digidentity recommends that relying parties take account of any limitations on the usage of the certificate indicated either in the Terms & Conditions, Certificate Practice Statement or in the certificate itself.
   3. Digidentity recommends that relying parties take the precautions prescribed in agreements and elsewhere.
   4. Digidentity recommends that relying parties check the validity of certificates via the complete certificate chain to the trusted root certificate.

7. Personal Data Verification

   1. To register an account, you will be asked to provide evidence of your identity. The evidence that you provide will be used to verify your personal data. The evidence requested can include:
   • dentity document via the mobile app – Passport or National Identity Card
   • Selfies via the mobile app
   • A zero-cost credit card/debit card transaction (UK)
   • Your mobile phone number
   • A face-to-face meeting with a Digidentity representative
   • Your email address
   • Your home address (for GOV.UK Verify)
   • Your name history (for GOV.UK Verify)
   • Your professional registration number for certificates for Registered Professionals.
   2. Digidentity will only request the data which is required to create and verify your identity.
   3. From time-to-time, Digidentity are required to perform revalidation of your existing data via the relevant issuing authorities. This is necessary to ensure that Digidentity have up-to-date and accurate information for the purposes of identity verification.
   4. Any issued authentication certificate is not to be regarded as a form of legal identification document per the WID (Wet Identification – Dutch Law of Identification). Legal identification can only be shown by providing a recognised ID document.
   5. Digidentity verifies the request for a certificate for Registered Professionals with the Nederlandse Beroepsorganisatie voor Accountants (NBA).

8. Organisation Verification

   1. If your registration/application is on behalf of an organisation, or with authorisation of an organisation then Digidentity will request the following evidence/information, where applicable;
   • The Dutch Chamber of Commerce Registration Number (Dutch KvK Number)
   • Organisation address details
   • Organisation email address
   • Validation of the Fully Qualified Domain Name (FQDN)
   • Blacklist/phishing list check
   • Identity document copy of owner/director/legal representative
   • Authorisation for the person applying for the certificate
   • Letter to confirm employment of the person applying
   2. Digidentity will only request the data which is required to verify the organisational identity and legal representation.
   3. Digidentity will not issue certificates and/or other products if the organisation is in bankruptcy proceedings, or no longer registered at the Dutch Chamber of Commerce.
   4. Digidentity will only issue certs to legal representative(s) with appropriate authorisations to enter a contract on behalf on an organisation.
   5. If the Dutch Chamber of Commerce registry shows joint legal representation, then Digidentity will request authorisation from all legal representatives listed in the registry, without exception.
   6. Any issued authentication certificate is not to be regarded as a form of legal identification document per the WID (Wet Identification – Dutch Law of Identification). Legal identification can only be shown by providing a recognised ID document per the WID.

9. Certificate Acceptance

   1. The certificate is deemed to have been accepted by the subscriber once a period of more than one (1) calendar month has passed without any communication being received from the subscriber (person or organisation), or, that the certificate has been downloaded, used and/or installed.

10. Deactivation, Deletion and Revocation

    1. You can deactivate your account at any time using the ‘Deactivate my account’ link in your account. A 30-day period deactivation period is started, as set out in our Certificate Practice Statement. You will not be able to use your account or the products in your account. You can reactivate your account by logging in within 30 days after deactivation. If you have not reactivated your account within those 30 days, your account and all personal data will be deleted, and all certificates issued to you will be revoked. Relevant records will be kept for compliance purposes, in accordance with appropriate laws.
    2. You can delete your account at any time by using the ‘Delete my account’ link in your account. Digidentity will permanently delete your account and personal data from our systems. Any certificates that have been issued to you will be revoked. Relevant records will be kept for compliance purposes, in accordance with appropriate laws.
    3. If certificates have been issued to you, you can revoke these certificates by logging into your identity account and clicking ‘Revoke certificates’. Once you have clicked this link, you will have to provide your password for authentication. Next, you will see an overview of all two factor authenticators and your personal certificates. You can revoke the relevant certificate by clicking ‘Delete smartcard and revoke certificates’ alongside the corresponding smartcard. Revocation will occur immediately, and you will no longer be able to use your certificate.
    4. You may request revocation of your SSL/SBR certificate by logging into your SSL/SBR account and clicking ‘revoke’ alongside the corresponding certificate. Revocation will occur immediately, and you will no longer be able to use your certificate.
    5. Digidentity reserves the right to deactivate accounts with immediate effect if there is any reason to believe or suspect that the verification and/or validation provided is no longer correct, or has been faulty, false or fraudulent as set out in the Certificate Practice Statement. If you want to continue using an account, you will need to apply for a new account.
    6. Digidentity reserves the right to revoke any certificate if there is any violation of these Terms & Conditions, or any contractual agreement, or that Digidentity discovers that the certificate has been used, is being used, or will be used for any criminal activities, including phishing, fraud or for the distribution of malware/viruses.
    7. Once a certificate is revoked or expired you may no longer use the private key associated with it.
    8. Digidentity will refer any fraudulent activity to the relevant authorities. On behalf of the Identity service, we may also report any suspicious activities to any relevant body or appropriate authority.
    9. Digidentity reserves the right to deactivate accounts with immediate effect if it considers communications from a user to Digidentity employees to be harassing, threatening, abusive. As far as Digidentity is concerned, this makes it impossible to provide reasonable services in support of applications for a digital identity. Digidentity will report any continuation of abusive, threatening or harassing behaviour to the appropriate authorities.

11. Our Obligations

    1. Digidentity will provide the services as described on the website, in accordance with the Terms & Conditions, the Privacy Statement and Certification Practice Statement. Digidentity will carry out any contractual obligations. However, these obligations are no guarantee for a successful outcome in your application.
    2. Digidentity aims to provide a continuously functioning and accessible service but makes no guarantees about the availability of any services provided. You accept the fact that (temporary) disruptions may occur which would render the service inaccessible on occasions.
    3. Digidentity aims to make a documentation repository available 24 hours a day, 7 days a week. Should this repository become unavailable, Digidentity aims to recover its availability within four (4) hours.
    4. Digidentity reserves the right to limit availability to or render the services entirely inaccessible for limited periods of time in order to carry out maintenance and/or implementation of required modifications. Digidentity aims to carry out these scheduled down times in periods which could be reasonably considered to affect the minimum number of users as far as possible, e.g. outside of office hours.
    5. Digidentity will provide the service in accordance with the published Digidentity Privacy Statement. This Privacy Statement is accessible on the website. Digidentity will update its Privacy Statement from time to time to reflect changes to data processing in relation to the service.

12. Your Obligations

    1. You understand that verification of identity is a process that relies on personal data, available documentation and information provided by you, and is uniquely based on your data. You accept that this identity verification process cannot be based on other user experiences or requirements.
    2. You ensure and warranty to take all reasonable measures to assure control of, keep confidential, and protect the private key which corresponds to the public key of your issued SSL/SBR certificate. As a personal subscriber, you ensure the private key is under your sole control. As an organisational subscriber (legal subscriber) you ensure the private key is under the control of the subject.
    3. You accept that unauthorised use of the subject’s private key is forbidden.
    4. You ensure and warrant to install the SSL/SBR certificate only on servers that are accessible at the subjectAltName listed in the certificate, and only to use the certificate in accordance with all applicable laws, agreements and Terms & Conditions.
    5. You are obliged to report without any reasonable delay any suspected misuse, actual misuse or compromise of your certificate to Digidentity, and to immediately request revocation of the certificate.
    6. You are obliged to notify Digidentity, without delay, if the private key has been lost, stolen or potentially or actually compromised, and to immediately and permanently stop use of this key, excepting key decipherment.
    7. You are obliged to notify Digidentity, without delay, if control over the private key has been lost due to theft, compromise or loss of the activation data e.g. PIN code.
    8. You accept your obligation for the key pair to only be used in accordance with any limitations notified. You also accept the obligation to only use the private key for cryptographic functions within the secure cryptographic device.
    9. You ensure and guarantee that all data and documents provided are correct, complete, accurate and up‐to‐date, and that they conform to the requirements as set out by Digidentity during the registration process and application. You will update your online profile if changes occur in the data you have submitted upon registering. For SSL/SBR certificates you must inform Digidentity of any changes which cause a mismatch in your certificate information. You will follow instructions and requirements for any transfer of data (via the online process or using the mobile/tablet application) that Digidentity indicates.
    10. You agree to inform Digidentity without delay if there are any security concerns, security issues or data leaks. Digidentity will treat any report as confidential and will handle it in accordance with appropriate laws and regulations to minimise damages. Digidentity aims to resolve any security alert as fast as reasonably possible and will take steps to inform any third parties that the issue affects.
    11. You accept the obligation to inform Digidentity of any violation of the Terms described in articles 12, c) and 15, adding a detailed description of such violation and any other relevant information. You must take all reasonable measures to prevent further and/or continuing violations and will take all reasonable measures to limit any damage resulting from such a violation.
    12. You accept the obligation to pay the invoice from Digidentity within fourteen (14) days after the issue date of the invoice.

13. Limitations of Use of our Website

    1. It is forbidden to copy, pass on, sell, publish or make a profit from any content of the website, products, services or associated materials of Digidentity.
    2. It is forbidden to use the website, products or associated materials of Digidentity in any way that causes, or may cause, damage to the website or impairment of the performance, availability or accessibility of the website, products or associated materials.
    3. It is forbidden to access the Digidentity website and associated materials using any robot, spider or other means.

14. Personal Data

    1. You acknowledge that Digidentity supply an identity, authentication and authorisation service and you understand that Digidentity will process personal data to establish an identity and to verify the validity of personal data or documents. Digidentity is the Data Controller as defined under the EU General Data Protection Regulation (GDPR) and will process the personal data with due care, in compliance with any applicable data protection laws including the GDPR, and these Terms & Conditions, unless otherwise agreed upon.
    2. Digidentity processes the personal data in order to perform its duties under the contract with you and to create and maintain a direct relationship with you as indicated in the Privacy Statement. For the avoidance of doubt: this includes comparing and checking the data against databases (public or otherwise) that are available for the purpose. Digidentity will not process the personal data for other purposes, unless the processing is required on the basis of a legal obligation or a co urt order, or if you have given your consent.
    3. In order to perform its duties under the contract, Digidentity will involve relying parties in the processing of personal data. Digidentity will take appropriate measures to ensure that these relying parties will process personal data in accordance with the purpose and applicable data protection laws.

15. Confidentiality

    1. Digidentity and you are obliged to take all reasonable measures to protect confidential information or the identity account from unauthorised access, loss, damage, modification or unauthorised processing. In the event that such an issue occurs, you must inform Digidentity without delay of any unauthorised access, loss, damage, modification or unauthorised processing.

16. Record Retention

    1. Digidentity may retain the following information (once registration is successful) during the lifetime of the account;
    • Name
    • Address
    • Date of birth
    • ID document information: name, date of birth, nationality, document number, expiry date
    • Mobile phone number
    • Email address

    All other data which has been used for verification during registration will be destroyed after fourteen (14) days.

    2. Once deletion is confirmed, the account data is archived in an encrypted state for seven (7) years. Access to the archive is only given to authorised senior personnel, and only provided upon the requirement to provide evidence e.g. court proceedings. The archive remains locked under all other circumstances.
    3. Digidentity will keep an event log of information having been received per account, which includes the receipt of data, the processing thereof and the outcome. These event logs are kept for the same period as the account data – seven (7) years once the account is deleted.

17. Rights of Ownership and Intellectual Property

    1. At all times, any intellectual property rights that have to do with the identity service, or associated materials remain the property of Digidentity, the licensee or our supplier.
    2. Your right to use the identity service or associated materials does not entitle you to any intellectual property rights of the identity service or associated materials. Digidentity only provides a non‐exclusive right to use the identity service and/or associated materials to verify your identity and create an account. Your usage rights are strictly personal and cannot be transferred to any other person.
    3. It is forbidden to use (part of) the identity service, data or associated materials in any way that would result in the violation of intellectual property rights of Digidentity, the licensee or suppliers.
    4. Digidentity reserves the right to take all necessary measures to protect their own, the licensee's or suppliers' intellectual property rights. These measures include ending the use of the identity service or associated materials when the contract ends. It is forbidden to use, remove or avoid any such measures in any way.

18. Liabilities

    1. Nothing in these Terms & Conditions excludes or limits our liability in respect of
    • any breach of law by Digidentity or its sub-contractors,
    • any loss, unauthorised access to or corruption of personal data held by Digidentity or its sub-contractors (including any credentials issued to you),
    • any wilful default on the part of Digidentity or its sub-contractors.
    2. We are not responsible to you for any loss or damage suffered by you which was not an obvious consequence of us breaching these Terms & Conditions. We are not responsible to you for losses which you suffer due to any events beyond our reasonable control. We are not responsible to you for losses that that Digidentity has not caused directly by actions.
    3. You cannot hold Digidentity liable for damages resulting from events beyond reasonable control or that Digidentity has not caused directly by actions.
    4. You cannot hold Digidentity liable for any indirect damages or damages that were/or are caused because you did not/or do not take appropriate measures to:
    • limit such damages immediately after a damaging event has occurred,
    • prevent further damage or subsequent damages resulting from the initial event,
    • Date of birth
    • immediately inform Digidentity about events which would cause damages and/or provide relevant information to Digidentity.
    5. In all cases, the liability of Digidentity shall be limited to the usual and foreseeable damages. You cannot hold Digidentity liable for any business damages after using the identity service in the capacity of a consumer.
    6. You can never hold Digidentity liable in respect of any damages resulting from
    • Your unauthorised or improper use of the data, the identity service and/or related materials;
    • Providing incorrect and/or incomplete data, or not providing data to Digidentity in a timely manner;
    • Losing your own data;
    • Your failure to abide by any obligations provided in these Terms & Conditions or CPS, including not cooperating with the Terms & Conditions.
    • The late, incorrect, or incomplete accessibility of the identity service;
    • Miscommunication or loss of messages and notices resulting from the use of a mode of communication selected by you, or resulting from the dysfunction of any materials used by you, including improper functioning of the internet;
    • The use of materials you selected;
    • The unauthorised use, loss or theft of log in details that have been provided to you;
    • The downtime or unavailable online tools of third parties;
    • Sharing your username, password or PIN code with any other person.

19. Limitation of Action

    1. You must bring any claim for damages against Digidentity within one year after the damage has occurred.

20. Force Majeure

    1. Digidentity is not obliged to perform any of the obligations under the contract or the Terms & Conditions in case of force majeure. Force majeure is understood to be a turn of event which is out of the reasonable control of the affected party, and therefore, if Digidentity cannot perform actions associated with, and not limited to;
    • Improper functioning materials provided by users
    • Requirements under law
    • Power cuts, power outages, or other interruptions of electricity
    • Improper functioning of internet, computer and or telecommunication resources
    • Extreme weather Conditions, flooding, earthquake or other natural or weather-related causes;
    • Strike, riots or civil unrest
    • Fire or explosion
    • War, uprising or overt military hostilities;
    • Catastrophic epidemic or pandemic
    • General problems of transportation
    • Extreme circumstances which reduce/severely limit the availability of Digidentity employees to carry out tasks
    • Contradictory legislation or government action, prohibition, embargo or boycott
    • Terrorism
    • Failure of suppliers
    2. Digidentity take measures to thwart the risk of any interruption to services, and have a business continuity plan and disaster recovery plan.

21. Applicable Laws, Regulations and Audits

    1. The contract and the Terms & Conditions are governed by Dutch law in adherence and conformity with application European Directives, specifically Article 8 of the European Convention of Human Rights regarding laws on privacy.
    2. Digidentity is audited and approved for the issuance, management and revocation of Qualified Certificates for electronic signatures per Regulation no. 910/2014 (EU), known as eIDAS.
    3. Digidentity is audited annually against the requirements of ETSI EN 319 401, ETSI EN 319 411-1, ETSI EN 319 411-2, CA/Browser Forum Baseline Requirements, CA/Browser Forum Network Security Requirements, PKIoverheid Programma van Eisen, Afsprakenstelsel eHerkenning, tScheme and ISO27001:2013. Current certification can be viewed via this link: https://www.digidentity.eu/nl/home/#certifications

22. Complaints

    1. Digidentity has a complaints procedure available, which can be viewed via this link: https://www.digidentity.eu/en/home/#complaints-procedure
    2. Any dispute that a user and Digidentity cannot settle amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before that judge.

23. Warranties

    1. Any dispute that a user and Digidentity cannot settle amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before that judge.

24. Concluding Provision

    1. Any dispute that a user and Digidentity cannot settle amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before that judge.

25. Definitions

    1. The following words have the following meaning:
    • User: ‘User’, ‘you’ or ‘your’ in these Terms & Conditions refer to you as a user of the Identity Service.
    • Identity service: The service we provide to you entailing the verification of your identity and/or the validity of any documents or data. If this verification and/or validation process results in a confirmation and/or validation of the information you have provided, we will create an identity account for your personal use.
    • Relying party: The relevant third party who requires you to verify your identity so that you can use its services, i.e., Government Departments.
    • Contract: The relationship between you and us, governed by the Terms & Conditions according to article 1
    • Terms & Conditions: These Terms & Conditions as set out here.
    • Identity account: Your unique profile we have provided to you after identification and/or validation of data and documents whether or not the verification of your identity is successful
    • Data: Any data you have provided to us or in connection with the Digidentity Service.
    • Licensee: The holder of a licence for intellectual property rights connected to the identity service.
    • Materials: Materials refer to any software, hardware, websites, database, designs, models, programs, reports, and other identity services and materials we or the relying party have put to use in relation to the identity service.
    • In writing: For the present Terms & Conditions, the term ‘in writing’ will refer to any written communication, whether this be by electronic means or by regular postal mail.

Introduction

At Digidentity, we respect your privacy and we are committed to protecting your personal data. In this Privacy Statement, we will inform you about the personal data we collect and process and how we protect your personal data.

Who Are We

This Privacy Statement describes Digidentity B.V.'s collection and use of personal data. References in this Statement to "Digidentity", "we" or "us" shall mean Digidentity B.V. (registered in the Netherlands under company number 27322631), being the data controller for the data processing.

WHAT IS THE PURPOSE OF THIS STATEMENT?

With every service we provide, we take the protection of your privacy and personal data seriously. We ensure that we collect and process personal data for the services provided and in compliance with applicable privacy and data protection law (including but not limited to the EU General Data Protection Regulation (GDPR)).

We do not allow anyone to use or access your personal data for any other purposes than those set out in this Statement.

In this Statement, we give you information about how Digidentity collects and processes your personal data when you visit our website or otherwise interact with us. This includes any personal data that you provide when you purchase our products or services. The Statement also informs you how you can exercise your rights.

It is important that you read both this Privacy Statement and our Terms & Conditions. This Privacy Statement does not override earlier policies, but rather supplements them.

HOW CAN YOU CONTACT US?

If you have any questions, comments or requests concerning this Privacy Statement, please contact our Data Protection Officer (by e-mail, postal service or phone) using the details set out below.

Email address: privacy@digidentity.eu
Postal address: PO Box 19148, 2500 CC The Hague, the Netherlands
Telephone number: +3188 7 78 78 78

If you have any concerns about the way we handle your personal data, you have the right to make a complaint at any time to the data protection authorities. For Digidentity, this is the Autoriteit Persoonsgegevens in the Netherlands.

FOR WHICH PURPOSES DO WE USE YOUR PERSONAL DATA?

Execution of contract

Digidentity processes personal data for delivering our products or providing our services. The legal ground for processing personal data is to execute the contract with you for these products and services and to comply to applicable laws and regulations.

Legitimate interest

Based on our legitimate interest, we process personal data to administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).

Consent

We use automated technologies and interactions (including, but not limited to log data and data analytics and cookies). You can subscribe to our free newsletter by entering your email address. You can unsubscribe any time via link provided in the newsletter. In eSGN, you may give consent to use your location to fill in the name of the location in the signature location field.

WHICH PERSONAL DATA DO WE COLLECT?

We process personal data when you interact with us, or when you use or purchase our products or services.

Digidentity process personal data and other data for providing our services which includes, if relevant:

Digidentity Account

To use our services and products, a Digidentity account is required. For a Digidentity account, an email address is required, and you must create a password (minimum ten characters with at least one uppercase, one lowercase character and one number). Your email address and password are needed to access your account. A pseudonym is created to identify your account within our systems.

Level of Assurance 0

Digidentity products that provide a Level of Assurance 0 (LoA0), require:

Level of Assurance 1

Digidentity products that provide a Level of Assurance 1 (LoA1), require:

Level of Assurance 2/2+

Digidentity products that provide a Level of Assurance 2 or 2+ (LoA2/2+), require:

Level of Assurance 3 or Substantial+

Digidentity products that provide a Level of Assurance 3 (LoA3) or Substantial Level, require:

Level of Assurance 4 or High

Digidentity products that provide a Level of Assurance 4 (LoA4) or High Level, require:

For all Level 4 products, we are required to perform a face-to-face verification of your identity. You will receive a request for a face-to-face meeting where Digidentity will verify your identity in person by checking the original ID document that you have uploaded during registration.

Server certificates

For other products, Digidentity requires:

Other products

For other products, Digidentity requires:

Digidentity website

We use cookies and Google Analytics on our websites:

Digidentity Mobile App

The Digidentity mobile app (for Apple iOS and Android) may be used in the registration process, supports authentication and provides access to your virtual smartcard. The mobile app requests access to the camera of your mobile phone to allow scanning of QR codes. Your name is displayed on the virtual smartcard. If you enable analytics in the mobile app, we collect anonymised data on the use of our mobile app.

HOW DO WE USE YOUR PERSONAL DATA?

Digidentity use your personal data to execute the contract that you have entered with us.

We are required by laws and regulations and international standards for digital identities to verify all personal data provided to make sure that your data is correct. Your email address and phone number are verified by sending a conformation code so we can verify you are in possession of the email address and phone number. We may use your mobile phone number and email address to contact you in relation to the product or service that you use.

We verify your full name, date of birth and nationality using a copy of your ID document. Your age is determined from you date of birth to verify you are of legal age for entering a contract us. During the registration, you are requested to upload a copy of both front and back of a valid ID document.

Digidentity use an external automated document validation system that checks if the ID document is genuine and valid. These automated validation check if all information is present and according to requirements (document valid, picture present, social security number passes the verification check). Documents that have been modified or data is hidden will be rejected. We collect your full name, date of birth, place of birth, gender, nationality and ID document number from your ID document as prove of verification. Your full name and nationality are included into digital certificates issued to you.

For professional certificates, we verify your registration at the Professional Registrar using your registration number to make sure you are eligible for a professional certificate.

During registration, three pictures (selfies) must be taken which we will compare to the picture on the ID document to verify your identity. The copies of your ID document and three selfies will be permanently deleted after 14 days. Credit file data (GOV.UK Verify) is deleted after 30 days.

HOW DO WE SECURE YOUR DATA?

Digidentity has taken the necessary security measures to protect your personal data against accidental loss, unauthorised access, modification or disclosure. We limit access to your personal data to those employees who have a business need. They will only process your personal data as per our instructions, and they are legally bound to keep your personal data confidential.

We have set up procedures to deal with any suspected personal data breaches, and we will notify you and any relevant data protection authority of a breach where we are legally required to do so.

We have an Information Security Management System (ISMS) and are ISO27001:2013 certified. As part of our certification, our security measures to protect your personal data are annually evaluated by an external auditor. Digidentity is subject to regular inspections by Agentschap Telecom for Trust Services and Electronic Identification which also includes compliance to GDPR.

WHAT ARE YOUR RIGHTS?

You have the right to:

• request information on personal data we process and what we do with the personal data
• request access to your personal data
• request correction of your personal data
• request erasure of your personal data
• object to specific processing of the personal data
• revoke your consent

When you make use of your right, we are required to verify your identity. You can access, correct or erase your personal data in your account profile. In case we rely on your consent for the processing of your data, you have to right to revoke your consent at any time.

Please note that any processing we carried out before the withdrawal of your consent remains lawful. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case when you withdraw your consent.

If you wish to exercise any of these legal rights, please contact us via the contact information.

PURPOSE

When you register with Digidentity your personal data is required to confirm your identity. This document provides you with information about how long your personal data is stored. This personal data is subject to data protection laws, as described in the Terms and Conditions and Privacy Policy.

DATA RETENTION PERIODS

The data retention periods are in the table below:

Digidentity will only store your data if necessary, to meet obligations for auditing and forensic evidence purposes. Your rights to request deletion are described in the Terms and Conditions and Privacy Policy.

During archival the data is securely stored (encrypted/masked/locked away), and is inaccessible to authorized users during daily business tasks. Data will only be accessible to personnel in functions related to security e.g. Security Officers or the Data Protection Officer (DPO).

Once the data has reached the maximum retention period of 7 years it is deleted/destroyed. The destruction of data ensures that no information can be recovered.

Our core values

We focus 100%

What defines our work? We want to give internet users back their privacy. That is the core of our business, the core of our existence. Too much personal details are available on the internet. We are bringing it back to one, safe place. To one, reliable online identity. This way you gain control over your own data. We focus on this. Purely and solely. With our full attention. So that we can excel in it.

We operate internationally

Every individual, his online identity. That is our mission. For this purpose, we are building a scalable platform that is as international as the internet itself. With a unique digital passport you can use anywhere in the world. Safely and reliably. Logically we will focus further than just the Netherlands. You will find us in the United Kingdom. And behind the scenes where are also advising in multiple countries about the developments concerning digital identities. Call use involved across borders.

We put the user first

Nothing more personal than an online identity. The optimal personal experience of our service is then also a central point in our service. How do make the service even more safe, more easy – those are the questions we are continuously asking ourselves. The key factor is the protection of information, so we offer clients privacy and we gain trust. We use our user feedback, analytics and our UX Lab test results to gain happy clients. This way, our product sells itself.

We are raising the bar

We are working hard for the best possible result. Together we will decide how we will do that. We take and organise the area to realise our own ideas for it. In addition to this, we also take into consideration the interest of the entire industry. This means that we are rather an entrepreneur than an employee: we detect new opportunities and combine these.

Report your findings.

If you find a weak spot in one of our systems, please let us know. We will always seriously consider your notification and will investigate every possible vulnerabilities. In this way we can repair this as quickly as possible. This way, we can work with you to protect our clients and systems.

We ask you

1. Please e-mail your findings to our Network Operation Centre ;
2. Do not abuse the problem, by for example
   • reading more information than is necessary to prove the leak;
   • download, delete or edit data or components of the software system;
3. Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
4. Provide adequate information to reproduce the problem so that we can solve it quickly;
5. Do not share the problem with others until we have stated that the vulnerability has been rectified and that we have agreed with you to make it public.

We promise

1. To respond to your notification within 3 days. We will give our assessment of the notification and an expected date for a solution;
2. We will not take any legal steps against you about your notification. If you at least kept to the abovementioned requirements;
3. We will treat your notification confidential and will not share your personal data with third parties without your consent;
4. We will inform you about the progress of our rectification of the problem;
5. We will mention your name as the person who detected the problem in notifications, but only if you want this;
6. As a token of our appreciation for your help, we would like to offer you a reward. We will make a €100 donation to any of the following charities, according to your choice for every problem with our security that you detect. Choose from CARE , Homeplan , Edukans .

Summary of the Notifications

Contacting us with feedback

At Digidentity we do our best to ensure that we provide the best services and products possible. We do understand that sometimes users may want to pass on their feedback and concerns. In the event you wish to comment about the services we offer, you are able to contact us with more details.

How can you get in touch?

You are able to contact us via email, chat and telephone. The details of which are as follows:

Email: helpdesk@digidentity.co.uk
Chat can be accessed via our website www.digidentity.co.uk
Telephone: +44(0)330 05 83 454

How we handle your feedback/comments?

Any information we receive regarding our services or products is taken seriously in order to improve our overall service. We do our best to treat all users with respect, and genuine understanding of the importance of their situation, with the ultimate aim of helping and resolving any issues.

First contact

The first point of contact will be our one of our dedicated support agents, where any concerns or feedback you have will be responded to as quickly and clearly as possible. In handling your enquiry our team will also ensure that your provided feedback or information is passed on to the correct channels and is available for the review and evaluation of our services. All information will be recorded via email if this was not the primary method of contact.

Our support agents are trained and able to respond to almost all enquiries.

Transferring

In the event you are not satisfied with the response you have received your details will be forwarded to the next available supervisor, who will investigate the case further and respond to you personally. It may be necessary for the supervisor dealing with your enquiry to consult with others regarding the details of your enquiry, or to request more expert advice. The details of your enquiry will be treated with respect at all times with the aim of resolving your issues or concerns.

In the unlikely event your concern, feedback or issue is more serious it will be passed onto the management to deal with. This will be determined by the supervisor handling your case.

Digidentity is a certified identity provider for the GOV.UK Verify service, and as such is listed by GOV.UK as a certified company: GOV.UK website.

Via Digidentity:

• Users can register for a Digidentity account to assert their identity.
• Users with an asserted identity can access services available for GOV.UK Verify.
• Users can expect the highest standards of authentication and security available.

To provide this service to users, Digidentity ensures that the requirements and standards of the UK Government in GPG (Good Practice Guide) 44 and GPG 45 are met.

Once a user has successfully verified for an identity account for GOV.UK Verify LoA1 or LoA2, it can be used to access associated LoA1 or LoA2 services provided by the GOV.UK Verify initiative.

How the service works

Registration

Via the GOV.UK pre-registration questions, Digidentity can be chosen as the identity provider. Once chosen, users are automatically directed to the registration process of Digidentity. The registration process will be per the chosen LoA. Users are required to accept the terms and conditions, without accepting these it is not possible to register.

Authentication

When logging into their profile, or when requiring access to GOV.UK Verify services, users are required to make use of the 2-factor authentication. Users can opt for SMS or by using the Digidentity Authenticator app available. Once authenticated users can access services and/or their profile to maintain it.

IPV

Identity proofing and verification is at the core of creating a digital identity. The information required to verify an identity is dependent on the Level of Assurance. The higher the level, the more assurance is required.

Account Maintenance

Users are in control of their own identity account, and can also make changes where needed e.g. change of name because of marriage. Changes are always verified to ensure maximum protection and security, and for fraud prevention.

Registration

Making an account

Once directed to the Digidentity process users are required to make a username, password and to confirm their email address. Once this is complete the user needs to choose their form of 2- factor authentication, e.g. SMS. 2-Factor authentication is always required to secure the account for GOV.UK verify.

Entering personal details

Users are required to enter their personal details, including; name, date of birth, gender (optional) and address. Sometimes name history and/or address history is required. Once this is entered the details are confirmed and used to collect data from a credit file. The data collected is NOT a credit reference, and has NO impact on the credit reference. The data is used to check and verify information for the process of verification, along with data/document checking services provided by the Government.

Identity proofing

Depending on the Level of Assurance users will be required to provide evidence of the identity. Users registering for LoA2 are required to reach a higher level of assurance and will need to supply a combination of evidences which include (but not limited to): UK passport, Non-UK passport, Photo card ID (Government issued), Photo card driving licence, mobile phone contract, bank transaction £0.00 and knowledge based verification (questions generated from the data). Users can also choose to provide their details using our mobile app. Since photos are required of the document, and selfies too, more assurance is attained per document. Users who provide a UK Passport with the app therefore, need only add one more piece of evidence e.g. bank transaction £0.00.

Completion

Once the process of verification is completed the user will be redirected to the service they initially required. To access services of GOV.UK in the future users can use their existing account credentials, and once successfully logged in, will be redirected to the service required.

Revalidation

During the lifespan of the account it is necessary to revalidate details within 180 days of the registration date. Revalidation is a requirement per the Good Practice Guide set out by GOV.UK. Revalidation ensures the integrity of the data within the user account. If the account revalidation occurs users may be asked to take steps to update their information e.g. passport is expired and so add a new one.

Support

Users requiring support during the process are able to contact us:

Email: helpdesk@digidentity.co.uk
Phone: +44(0)330 05 83 454

Monday to Friday 08:00 to 22:00
Saturday and Sunday 08:00 to 17:00

Calls cost no more than calls to geographic numbers (01 or 02) and your telecoms provider must include these calls in inclusive minutes and any discount schemes in the same way.

Als je online zaken doet als bedrijf, moet je er zeker van zijn met wie je te maken hebt. Omgekeerd moet de persoon die zich aanmeldt bij jouw digitale dienst erop kunnen rekenen dat zijn gegevens correct worden verwerkt. Daarom is een veilige en betrouwbare toegang tot je online diensten van essentieel belang.

Met Digidentity maakt je jouw diensten veilig online toegankelijk. Klanten loggen in op jouw website of dienst met hun digitale identiteit (Digidentity) en kunnen zo hun bedrijf veilig en eenvoudig uitvoeren.

Lees hier meer over wat wij voor jou kunnen doen

eSGN: digitaal ondertekenen

Een elektronische of digitale handtekening is equivalent aan een handgeschreven handtekening. Een digitale handtekening bestaat uit cryptografische elektronische gegevens die zijn gekoppeld aan een digitaal document. Met eSGN van Digidentity kun je PDF-documenten op een rechtsgeldige manier digitaal ondertekenen. Deze digitale handtekening zorgt ook voor zekerheid dat het document nadien niet bewerkt is. Importeer documenten vanuit Cloud-diensten of vanaf je lokale schijf en onderteken je document met een digitale handtekening. Bespaar tijd en kosten door een einde te maken aan het printen, ondertekenen, scannen en archiveren of verzenden van documenten.

Wil je meerdere mensen laten ondertekenen? Geen probleem, Met een eSGN-account krijgen ze een melding ontvangen wanneer een document klaar is voor ondertekening en ontvang jij bericht zodra iedereen het document heeft ondertekend.

Je kunt de eSGN-app downloaden vanuit de app store op een tablet, deze is ook beschikbaar als een webtoepassing of je kunt de functionaliteit integreren in je eigen workflow. Zodra je bent ingelogd met je Digidentity-account, kun je direct eSGN gebruiken.

Lees hier hoe je snel aan de slag kunt met eSGN

Now that you know a little bit more about us, sign up for our newsletter in order to stay updated. We still have a lot to tell you. You will receive an email from us a few times a year.

You can unsubscribe any time via the link provided in the newsletter. We process your personal data in accordance with our Privacy Policy. Check your rights in the Privacy Policy for more information.