GOV.UK Verify: a secure way to prove your identity online
It makes it safe, quick and easy to access government services, such as filing your tax or checking the information on your driving licence. Registration for GOV.UK Verify is also quite simple if you use Digidentity. You will be set up in no time using your identity document and your smartphone. Then you will have an online identity that you can use safely when dealing online with the authorities.
Read moreYour Digidentity is your online identity
You can add an eHerkenning to your Digidentity, but you can also use eSGN for digital signing. With your Digidentity you can log in to websites or digital services and conduct your business securely and simply.
Request a Digidentity
Forget your passwords for all the different websites. Your Digidentity is your digital identity. With your Digidentity you can safely and simply log in to websites or online services of companies and authorities. Our app helps you through the registration process. You can upload your id document easily and securely and proof that your are who you say you are.

Identification
Register your profile. Create an account and enter your details. Next, you will identify yourself.
Verification
We verify your details. This is to make sure you are indeed who you say you are. For example, based on your passport.
Use it
Congratulations, you have your own super-safe online identity. You can login with authorities and companies, as your true self.
Beware: Don't remove the Digidentity app of your mobile device after you finished the registration. You need it every time you want to log in and identify yourself. Secure, fast an simple.
Safe, Simple, Secure, Be Verified
Call it a passport. Or a driving licence. With your Digidentity you can move around freely online. Login safely and easily – every window will open.

Be verified
Are you who you say you are? We verify your details and save it in our patented system with the highest security level.

Easy online
No effort with passcodes or tokens. A username, password and mobile phone, you do not need anything else to browse the internet safely.

All in 1 ID
Authorities, companies: you will be able to use Digidentity on more and more websites.
Safe access to your online service
If you conduct business online as a company, you need to be certain whom you are dealing with. Conversely, the person who logs in to your digital service needs to be able to count on your handling their data correctly. Therefore, a secure and reliable access to your online services is essential. With Digidentity, you render your services securely accessible online. Customers log in to your website or service using their digital identity (Digidentity) and thus can conduct their business securely and simply.

We will help you with eHerkenning
As broker, we connect you to the eHerkenning system. This way you can easily and very reliably do business online with customers and other companies. And you have access to all authentication services of the 3 systems. For eHerkenning you have, in addition to the authentication services, also access to all authorisation registers and signing services within this system.
Read more about eHerkenning
We will help you with eIDAS
The EU member states have agreed that, as from September 2018, European citizens and businesses must be able to log in to all Dutch public sector organisations using their own national login scheme. Thus, the European Union aims to regulate rendering electronic transactions within Europe easier and safer.
Read more about eIDASAbout us
Almost everyone leaves digital traces of their personal data and identity on the internet. For example, when buying online or using social media. These activities are not always secure, and fraudsters are always looking for new ways to get hold of other people's personal data. That is precisely why Digidentity was founded ten years ago: to improve the protection of internet users' digital identity and to make their online lives safer.
Read more about Digidentity
A team with a mission
Digidentity offers internet users their own online identity. This is not only our work, it is our mission.
Read more about us
Will you strengthen our team?
Do you also value privacy on the internet? Do you like working on high tech solutions for millions of internet users? Then Digidentity is just the place for you.
Read our vacancieseHerkenning
Digidentity gives you back your privacy on the internet. We offer you one online identity that only you control. Completely digital, without passcodes or tokens. Forget the washing list of usernames and passwords. With your online identity you will be able to deal with an ever-increasing number of companies and government services.
eHerkenning is similar to DigiD. Just like citizens can use DigiD to login with the government agencies, companies, entrepreneurs and professionals can do that with eHerkenning.
An eHerkenning tool is person-bound. It cannot be transferred to someone else, such as a colleague. As user of eHerkenning, you can be authorised by your supervisor to act on behalf of your company with your service providers. 1 or more authorisations are registered when applying for a tool.




Physical identification
An eHerkenning tool can be requested online. For an eHerkenning tool with assurance level 4, a face-to-face check is also required. This happens at our office or at the customer's location.
GOV.UK Verify
Swift, safe and secure.
Digidentity was founded with the sole purpose of protecting people’s online identities. In an ever more digital world we offer easy to use applications and combine smooth usability with government-grade security.
We are an international company and leading provider of digital identities in The Netherlands and Great Britain. We service people with over 150 different nationalities and are one of the few parties equipped to help foreign workers with their online verification in Great Britain. Last year alone our software realised 250 million authentications and protected the digital identity of more than 17 million people.
We take great pride in our approach to privacy and security. Your data will not be shared or used for other purposes.
By registering your Digidentity you will be able to access all government services in a swift, safe and secure way.
Be verified by DigidentityDigital Signing (eSGN)
Save time and costs: Printing, signing, scanning, mailing and archiving the paperwork are things of the past. Your customers will simply digitally sign via their mobile devices, tablets or computers.
Signatures on contracts, employment agreements, purchase agreements, leases, living wills, tenders, policies, building plans and other documents no longer need to be handwritten on paper. These documents can be attested by a digital signature.
Using eSGN by Digidentity, you can digitally sign PDF documents in a legal valid way. This digital signature also ensures that the document has not been edited afterwards.
You can download the eSGN app from the app store on a tablet, it is also available as a web application, or you can integrate the functionality into your own workflow.
Benefits
- Ease: The signatory can conduct his or her business fully digitally at any location and at any time. The signatory can simply sign using his or her mobile phone, laptop, desktop computer, or tablet. eSGN allows for multiple signatories. Having an eSGN account allows them to notified when a document is ready for signing and you will receive a message as soon as everyone has signed the document.
- Cost savings: Thanks to digital signing, save money by reducing printing on paper, administrative actions and mail.
- Time saving: Reduce operational costs and put an end to manual processes. This way, you will no longer need to send prompt notes or follow up by phone: If a signatory still lingers over your contract, you can send them a fast reminder through eSGN (in the app). This will save you time and effort.
- Safe: We are fully compliant with the latest security standards .
- Legal validity: The qualified digital signature is 100% legally valid, it is legally equivalent to a handwritten signature.
- Environmentally friendly: No paper, printing or mail.
What is an electronic or digital signature?
An electronic or digital signature is equivalent to a hand-written signature. An electronic signature consists of cryptographic electronic data that are attached to a digital document.
The purpose of an electronic or digital signature is to establish:
- the identity of the sender (authenticity and identification) and§
- the invariability of the information sent (integrity).
The app eSGN
You can download the eSGN app from the app store on a tablet (and it is also available as a web application). Once you have signed in with your Digidentity account, you can start using eSGN right away.
Integrating digital signatures into the workflow
Alternatively, you can choose to integrate digital signatures into the existing workflow of your company or organization. Send, sign and share immediately from the applications that you are already using.
We provide a user-friendly integration of digital signatures into your own application (Application Programming Interface, API). This could be a portal, a mobile app, document management system (DMS) or any other application in which documents need to be signed in a straightforward and legally valid way.
So:
- no separate application, but entering digital signatures directly from the trusted custom applications and
- signing large volumes.
Types of signatures and legal validity
There are three types of electronic signatures:
- Get started quickly using eSGN Basic with a digital signature. You can use this electronic signature to sign your insurance policy for example: Once you pay the insurer the premium and they have your address details, this type offers sufficient reliability (and legally valid).
- eSGN Advanced is a legally valid digital signature. The advanced digital signature provides a high degree of reliability and offers legal certainty, because the identity of the signer has been established and attested to by us. This signature is used, for instance, to file your tax return.
- With eSGN Qualified you have the most reliable digital signature. It is a qualified digital signature that is legally equivalent to a handwritten signature. In the case of a legal dispute, the contrary must be proven.
Digital Passports and Company Certificates
Other products
Swift, safe and secure.
PKIgovernment services certificate
PKIgovernment refers to the Public Key Infrastructure (PKI) of the Dutch government. This system organises the issuance and management of digital certificates under authority of the Dutch state. PKIgovernment offers a high reliability level for all certificate types.
PKIgovernment certificates are issued by certificate service providers: Trusted Service Providers (TSP). Digidentity as TSP supplies certificates.
Certified by the government
With a PKIgovernment services certificate you will gain access to the digital window of the government via Standard Business Reporting (SBR). Fast, easy and reliable. With this certificate, you are recognised as reliable sender and you have a secure connection with the electronic mail box of the government.
Safe information exchange
Every company that is connected to Digipoort via a PKIgovernment services certificate can digitally exchange information with the government. That is very useful if your company, for example, regularly has to supply information to the government. A PKIgovernment services certificate ensures that the data is sent safely to the correct government organisations. But also the other way around: information of a government organisation is sent to the correct company.
Application for SBR
With SBR you can compile and supply digitally standardised financial reports. In order to use SBR, you require a PKIgovernment services certificate.
Request
You can gain access to Digipoort (SBR) via our Certificate Store in a few steps.
- Create an account in the Certificate Store.
- Register the subscribing organisation.
- Register the contact person.
- Register the certificate administrator.
- Upload a CSR. How do I generate a CSR (Dutch)?
- Ensure the physical check of the certificate administrator.
- Request the certificate.

PKIgovernment SSL certificates
PKIgovernment refers to the Public Key Infrastructure (PKI) of the Dutch government. This system organises the issuance and management of digital certificates under authority of the Dutch state. PKIgovernment offers a high reliability level for all certificate types.
PKIgovernment certificates are issued by certificate service providers: Trusted Service Providers (TSP). Digidentity as TSP supplies certificates.
Secure your website
A PKIgovernment SSL certificate is used to protect your website.
Use the certificate
A PKIgovernment SSL certificate differs from a PKIgovernment services certificate. You cannot submit a tax certificate with it. For this reason, you do not need to specify a OIN number for a PKIgovernment SSL certificate. Further, both certificates are the same.
Request
With our Certificate Store you can request a PKIgovernment SSL certificate in a few easy steps.
- Create an account in the Certificate Store.
- Register the subscribing organisation.
- Register the contact person.
- Register the certificate administrator. We check them face-to-face.
- Have the abovementioned steps been completed? Request a certificate via a CSR.

Professional Certificates
PKIgovernment refers to the Public Key Infrastructure (PKI) of the Dutch government. This system organises the issuance and management of digital certificates under authority of the Dutch state. PKIgovernment offers a high reliability level for all certificate types.
PKIgovernment certificates are issued by certificate service providers: Trusted Service Providers (TSP). Digidentity as TSP supplies certificates.
Documentation
Get started with our manuals, certificates and other downloads.
Legal Documentation
CA Documentation
- Certificate Practice Statement for PKIoverheid certificates
- PKI Disclosure Statement for PKIoverheid
- Certificate Policy & Certificate Practice Statement for Digidentity certificates
- PKI Disclosure Statement for Digidentity
Other documentation
PKI Certificates
Digidentity CA
- Digidentity Service Root CA
- Digidentity SSL CA
- Digidentity Secure Email CA
- Digidentity SSCD Root CA
- Digidentity Personal Qualified CA
- Digidentity Business Qualified CA
- Digidentity Personal Advanced CA
Digidentity L4 Server CA G3 chain
Download the CA chain required here to generate a personal PKCS12 certificate if you are in possession of a G3 certificate.
translation missing: en.downloads_modal_4_header
translation missing: en.downloads_modal_4_description
Roots and CRL
Download the roots and CRL certificates of Digidentity's CA here for your level 3 and 4 account.
Level 4 - G3
Digidentity BV PKIoverheid Organisatie Server CA - G3
Staat der Nederlanden Organisatie Services CA - G3
Staat der Nederlanden Root CA - G3
Level 3 - G2
translation missing: en.downloads_modal_5_level_3_1_title
translation missing: en.downloads_modal_5_level_3_2_title
translation missing: en.downloads_modal_5_level_3_3_title
translation missing: en.downloads_modal_5_level_3_4_title
translation missing: en.downloads_modal_5_level_3_5_title
translation missing: en.downloads_modal_5_level_3_6_title
translation missing: en.downloads_modal_5_level_3_7_title
translation missing: en.downloads_modal_5_level_3_8_title
translation missing: en.downloads_modal_5_level_3_9_title
Level 4 - G2
Digidentity Burger CA - G2
Digidentity Organisatie CA - G2
Digidentity Services CA - G2
Digidentity SSCD CA - G2
Machtiging Online SSCD - G2
Staat der Nederlanden Burger CA - G2
Staat der Nederlanden Organisatie CA - G2
Staat der Nederlanden Root CA - G2
Mobile App
You require our app for your Digidentity. From application to daily use. Download the free Digidentity app here.
Learn more about us
Almost everyone leaves digital traces of their personal data and identity on the internet. For example, when buying online or using social media. These activities are not always secure, and fraudsters are always looking for new ways to get hold of other people's personal data. That is precisely why Digidentity was founded ten years ago: to improve the protection of internet users' digital identity and to make their online lives safer.
We are now active in several countries, working for various governments, and we have users with over 150 different nationalities. We are the technical market leader in Europe and also the largest supplier of GOV.UK Verify in the United Kingdom. In The Netherlands we are officially recognized broker and supplier of eHerkenning. Last year, our software realized 250 million authentications and protected the digital identity of more than 15 million people.
Digidentity is an authentication specialist. This means that we have specialized in the techniques and methodologies relating to user login procedures. Digidentity is also an eIDAS accredited Qualified Trust Service Provider for SSL, SBR and professional certificates and qualified digital signatures (eSGN).
For companies
If you conduct business online as a company, you need to be certain whom you are dealing with. Conversely, the person who logs in to your digital service needs to be able to count on your handling their data correctly. Therefore, a secure and reliable access to your online services is essential. With Digidentity, you render your services securely accessible online. Customers log in to your website or service using their digital identity (Digidentity) and thus can conduct their business securely and simply.
For individuals
Your Digidentity is your online identity. You add an eHerkenning to your Digidentity, but you can also use eSGN for digital signing. With your Digidentity you can safely log in to websites or digital services and conduct your business.
Work at Digidentity
Working at Digidentity means working in a dynamic environment in a team of ambitious people.
What is your talent?
Do you also value your privacy on the internet? Do you like to work on high tech solutions for millions of internet users? Then Digidentity is the place for you. Discover how your talent can improve our team and view our vacancies.
Ruby Developer
Are you an experienced Ruby developer and currently looking for a new challenge? Would you like to work on developing online services in a socially responsible industry? At Digidentity you're at the right address. We're looking for a Ruby Developer available to join our team immediately.
Ruby DeveloperiOS Mobile Developer
Are you an experienced iOS developer and currently looking for a new challenge? Would you like to work on developing online services in a socially responsible industry? At Digidentity you're at the right address. We're looking for an iOS developer available to join our team immediately.
iOS Mobile DeveloperAndroid Mobile Developer
Are you an experienced Android developer and currently looking for a new challenge? Would you like to work on developing online services in a socially responsible industry? At Digidentity you're at the right address. We're looking for an android developer available to join our team immediately.
Android Mobile DeveloperTest Engineer
Are you an experienced software tester, with strong communication skills and a hands-on mentality? Are you stress resistant? Would you like the opportunity to work in a young dynamic organization? As of now, we are looking for a motivated individual to join our team.
Test EngineerCustomer Service Representative
Do you enjoy helping people to the best of your abilities and work in an enthusiastic, close knit team? Are you looking for a job that you could combine with your studies or home life? Then you might be what we are looking for.
Customer Service RepresentativeOpen Application
We are always looking for new talent! Are you interested to know what Digidentity can offer you? Or are you a student and looking for an internship and/or practical training assignment? Send an open application to our HR department.
Open ApplicationOnline identification, online trading
We help companies and government authorities to identify themselves digitally. This makes digital trading comfortable and reliable to them. We are already working for the Dutch and British governments and offer resources on different levels to them. And for extensive support and tailor-made solutions, you can also use Digidentity as broker.

eHerkenning broker
Digidentity is officially recognised as eHerkenning broker. This means that we offer services and solutions for the total playing field of eHerkenning, the successor of DigiD for companies.
With the Digidentity eHerkenning broker, you will be able to recognise all online companies in the Netherlands. Furthermore, you will return in a safe and efficient manner the messaging within eHerkenning. But there is more. With the eHerkenning broker, you also use all authentication services, authorisation registers and signing services of eHerkenning.
Request eHerkenning brokerIs your organisation ready for online cross-border business transactions? We can help you!
The EU member states have agreed that, as from September 2018, European citizens and businesses must be able to log in to all Dutch public sector organisations using their own national login scheme. Thus, the European Union aims to regulate rendering electronic transactions within Europe easier and safer.

eIDAS
This arrangement is known as the eIDAS Regulation. eIDAS is the acronym for 'Electronic Identification and Trust Services (for electronic transactions in the Internal Market)', referring to the eIDAS Regulation no. 910/2014 of the European Parliament.
European member states have agreed to use the same concepts, arrangements and infrastructure with regard to access to online services. This ensures that the levels of reliability of the login schemes used within the European Union are aligned. The various arrangements have been enshrined in the eIDAS Regulation.
This regulation promotes cross-border services and trade between citizens and businesses in the European member states.
The eIDAS Regulation became effective on 17 September 2014. As from September 2018, the mutual recognition of notified member state eIDs is mandatory.
Digital services
eIDAS renders digital services accessible to Europeans residing in the Netherlands. Expats, foreign students and seasonal workers do not need to apply for a Dutch DigiD, but can log in using their own eID instead, for instance to apply for a parking permit or to inform their municipality they have moved.
National login schemes or eIDs
In the Netherlands, we use DigiD, eHerkenning or Idensys. The Fins use a Mobiilivarmenne or FINeID; in Denmark, one can log in using a NemID; and in Spain, citizens use a Documento Nacional de Identidad electrónico (DNIe).
Incoming and outgoing traffic
The regulation consists of two parts, i.e. incoming and outgoing traffic.
Incoming traffic
European citizens using their national login scheme to log in to Dutch service providers. For instance, expats can already log in to the portal of the municipality of Wassenaar by means of their own national login ID in order to access their personal data. This section of the regulation is mandatory for Dutch public organisation.
Outgoing traffic
Dutch citizens logging in to service providers elsewhere in Europe using a notified login scheme (recognised by Europe). This part of the regulation is not mandatory However, DigiD, eHerkenning and Idensys intend to have their login schemes notified. This will render them suitable for logging in to all European government services.
Regulation concerns the entire public sector
Since all member states must implement the mandatory section of the regulation, so – obviously – must the Netherlands. The public sector is at the forefront of this development, as the European measure is binding for all public organisations (i.e. those offering digital services involving online authentication and accepting login schemes with 'substantial' and 'high' levels of reliability). Apart from this, private organisations performing public tasks likewise need to comply with the regulation. Thus, the regulation concerns ministries, implementing organisations such as RDW and UWV, municipalities, provinces, district water boards, but also private independent administrative bodies (ZBOs), academic hospitals and pension funds.
On 25 July 2017, the Dutch Ministry of Economic Affairs issued an administrative letter on eIDAS (only Dutch). This letter informs 808 public organisations and private organisations performing a public duty regarding the eIDAS regulation. If your organisation received this letter, you are obliged to comply with this European regulation.
What does your organisation need to do to comply with the obligation?
In the Netherlands, you can comply with the eIDAS obligation for online access through the eHerkenning | Idensys system. This means that by connecting to an eHerkenning | Idensys broker you will comply with the obligation to grant EU citizens online access to your service. As accredited brokers, we are able to arrange this connection for you.
Are you already connected to eHerkenning | Idensys? Then you are part-way to complying with the measure.
Are you participating in DigiD? In that case, we can arrange a connection to eHerkenning | Idensys for you.
Please contact us to find out which steps you need to take.
What is the advantage of the eIDAS regulation for my organisation?
Prior to the eIDAS regulation, your customer service was tasked with the administrative processing of European citizens, consumers and company representatives. These administrative processes were often long-winded and complex compared to the digital services that were already being provided for Dutch citizens, consumers and company representatives. Thanks to the eIDAS regulation, public services providers will be able to render services to European citizens, consumers and company representatives more easily and more cheaply.
Trust services
The European Union's eIDAS legislation goes beyond electronic identification.
Trust services are electronic services, usually provided for remuneration, which comprise the following:
- creating, verifying and validating electronic signatures, electronic seals or electronic time stamps, services for electronic registered delivery and certificates related to those services; or
- creating, verifying and validating certificates for website authentication; or
- preserving electronic signatures, seals or certificates related to those services (article 3, under 16, eIDAS Regulation).
Trust services are understood to mean:
- electronic signatures (also called digital signature, e-signature or e-sign);
- electronic seals;
- electronic time stamps;
- services for registered delivery;
- electronic certificates for website authentication.
With regard to trust services, a distinction is made between qualified and non-qualified services. In principle, a non-qualified supplier is any supplier offering such a service. A qualified provider is a provider that offers services with a higher level of reliability.
The change that probably impacts on the providers of such services most is the new notification requirement and duty of care. As from 1 July 2016, providers of both qualified and non-qualified trust services are to report incidents with a significant impact to the supervisory body (the Authority for Consumers and Markets – the ACM) and, where appropriate, also to the Dutch Data Protection Authority (AP) and the National Cyber Security Centre (NCSC). Moreover, there are enhanced supervision and security requirements. For instance, qualified trust service providers are to carry out annual security audits and submit their results to the supervisory body.
You can read more about trust services in the eIDAS regulation on the website of the Dutch Radiocommunications Agency (Agentschap Telecom).
Are you a trust service provider and do you want to find out what this means to your organisation and which measures you need to take? Please contact us. We are happy to help you!
Certifications & Approved Provider
Digidentity holds certifications for several standards and regulations.

ISO/IEC 27001:2013
The ISO27001:2013 standard is a specification for an Information Security Management System (ISMS). An ISMS provides a policies and procedures for information security that includes risk management, security controls for logical and physical access controls, network security, human resource security, business continuity, incident management, operational security and compliance. Digidentity is audited annually on compliance to ISO27001:2013 by BSI Group Netherlands (certificate ISC 066).

ETSI EN 319 411-1
This standard defines the policy and security requirements for Trust Service Providers issuing public key certificates, including trusted web site certificates. Digidentity issues EU qualified certificates as part of our Domain Validated and Organisation Validated Server certificates and Secure Email certificates.
Browser and operating systems companies, such as Microsoft, Apple, Google and Mozilla accept this certification as one of their requirements to include our root certificate.Digidentity is audited annually on compliance to ETSI EN 319 411-1 by BSI Group Netherlands (certificate ETS 043).

ETSI EN 319 411-2
This standard defines the policy and security requirements for Trust Service Providers issuing EU qualified certificates for electronic signatures. Digidentity issues EU qualified certificates as part of our electronic signature service for eSGN and eSGN Seal in compliance with eIDAS requirements.
Digidentity is audited annually on compliance to ETSI EN 319 411-2 by BSI Group Netherlands (as stated on certificate ETS 015).

eIDAS
Digidentity is a Qualified Trust Service Provider (QTSP) as defined in EU Regulation 910/2014 also known as eIDAS.
Digidentity is included on the "EU Trust List" for Trust Service Providers for issuance of EU qualified certificates. Digidentity is audited annually on compliance to eIDAS by Agentschap Telecom and by BSI Group Netherlands as part of the ETSI audit (certificate ETS 015).

PKIoverheid
PKIoverheid is designed for trustworthy electronic communication within and with the Dutch government. PKI certificates secure the information that persons and organisations send via internet on a high level of reliability.
Digidentity is audited annually on compliance to PKIoverheid requirements by BSI Group Netherlands as part of the ETSI audit (as stated on certificates ETS 015 & ETS 043).
eHerkenning
eHerkenning is an authorisation service from the Dutch government to provide secure access to government services for organisations. Digidentity is selected by the Dutch government as supplier of eHerkenning services.
Digidentity is audited annually on compliance to eHerkenning requirements by Agentschap Telecom.

tScheme
tScheme aims to improve levels of trust in digital economies. tScheme provides an independent means of establishing and testing the trust of services. Digidentity is an Identity Service Provider for GOV.UK Verify and has achieved the tScheme Approved Service certification.
Digidentity is audited anually on compliance to the tScheme requirements by Lloyd’s Register from the UK.
Memberships
Digidentity not only develops online identities, but is also active in the world of online identities. By participating in various interest groups within the industry, we have a voice to convey the importance of safe and reliable online services. We also do this beyond the borders of the Netherlands. So came Marcel Wendt, founder of Digidentity, to be a board member of the eHerkenning / Idensys system and of OIX UK Europe.

Nederland ICT
Nederland ICT is the trade union of the ICT sector with a membership of more than 550 connected companies. Their supporters represent circa €30 billion turnover. With members ranging from large to SMEs, from all segments of the ICT sector. Nederland ICT is the most significant role player and it represents the interests of everyone across the industry.
nederlandict.nl
Open Identity Exchange UK Europe (OIX UK)
OIX UK is a nonprofit organization, working globally with the private sector, and the government, to promote and expand existing and new identity products, with a focus on British citizens.
oixuk.gov
Digital Identification and Authentication Council of Canada (DIACC)
DIACC works, but also builds lasting relationships with like-minded organizations to increase national and international opportunities for the Canadian modernization of digital services and to contribute actively to the global digital economy. Digidentity is a member of DIACC.
diacc.ca
Digidentity is proud to be an Associate Member of the Cloud Signature Consortium
The Cloud Signature Consortium is a group of industry and academic organizations committed to building a new standard for cloud-based digital signatures that will support web and mobile applications and comply with the most demanding electronic signature regulations in the world.
cloudsignatureconsortium.orgRequirements
View the information about requirements and regulations that are applicable to the products and services supplied by us.
Other documentation
These terms and conditions are applicable to providing services in the framework of the Network for eHerkenning and the Authorisation register AuthorisationOnline.
Certificates
Documentation
Get started with our manuals, certificates and other downloads.
Legal Documentation
CA Documentation
- Certificate Practice Statement for PKIoverheid certificates
- PKI Disclosure Statement for PKIoverheid
- Certificate Policy & Certificate Practice Statement for Digidentity certificates
- PKI Disclosure Statement for Digidentity
Other documentation
PKI Certificates
Digidentity CA
- Digidentity Service Root CA
- Digidentity SSL CA
- Digidentity Secure Email CA
- Digidentity SSCD Root CA
- Digidentity Personal Qualified CA
- Digidentity Business Qualified CA
- Digidentity Personal Advanced CA
- Digidentity Assurance Root CA
- Digidentity SIVI CA
PKIoverheid CA
G1
G2
- Digidentity Burger CA - G2
- Digidentity Organization CA - G2
- Digidentity Services CA - G2
- Digidentity SSCD CA - G2
- Authorization Online SSCD - G2
G3
Solera CA
- Digidentity L3 ABZ CA - G2
- Digidentity L3 Burger CA - G2
- Digidentity L3 Organisatie CA - G2
- Digidentity L3 Root CA - G2
- Digidentity L3 Services CA - G2
- Digidentity L3 SSCD CA - G2
- TTP Services ABZ Nederland ABC CA
- TTP Services ABZ Nederland DP CA
- Machtiging Online SSCD CA - G2
- TTP Services ABZ Nederland CA - G2 chain
Conformity Assessment Reports
- ISO27001:2013 – Certificate ISC 066
- ETSI EN 319 411-1 – Certificate ETS 043
- ETSI EN 319 411-2 – Certificate ETS 015
Mobile App
You require our app for your Digidentity. From application to daily use. Download the free Digidentity app here.
Regulations
Which national and European regulations are applicable to products and services of Digidentity?
Terms & Conditions
Version 2019-v1
Last update: 12 April 2019
-
About Digidentity
- Digidentity B.V. is a registered limited company in The Netherlands, with company number 27322631, located at Waldorpstraat 13F, 2521 CA, The Hague, The Netherlands.
- If you have any questions about the identity service, you can visit our website www.digidentity.eu or contact us via
- Reception: +31 (0)887 78 78 78
- Service Desk NL:+31 (0)887 78 78 88
- Service Desk UK: +44 (0)330 05 83 454 or
- Dutch service desk:helpdesk@digidentity.eu
- English service desk:helpdesk@digidentity.co.uk
-
Contract & Scope of Application
- Digidentity delivers products and services for identity management and verification of identity. Digidentity is a Trust Service Provider for the issuance and management of EU qualified and advanced certificates, email certificates and server certificates.
- These are the Terms & Conditions Digidentity B.V. These Terms & Conditions are applicable to all products and services delivered by Digidentity.
- These Terms & Conditions are the foundation of the binding agreement between you (person or organisation) and Digidentity B.V. The Terms & Conditions exclude any other Terms & Conditions. In addition to these Terms & Conditions you may be required to accept product specific Terms & Conditions. These will be made available to you during the registration/application process where applicable.
- These Terms & Conditions will apply to all aspects of the relationship and the contract between you and Digidentity, unless Digidentity has otherwise expressly agreed to in writing. Unconditional acceptance and agreement of these Terms & Conditions is implied.
- Before being able to register for a product and/or service, you need to read and explicitly agree to these Terms & Conditions. To legally accept these Terms & Conditions you must have reached the legal age in your country of residence. This means that you are able to legally enter a binding contract.
- The Terms & Conditions will continue to apply whether or not the application process, and/or verification of your identity, is successful.
- Digidentity reserves the right to modify these Terms & Conditions at all times. The modified version will apply as soon as Digidentity has published them on the website. Once the Terms & Conditions change you will be required to read and accept them on your next use of your account.
- If you are not in agreement with any modified or revised Digidentity Terms & Conditions, you can no longer use the Digidentity Identity Services. In that case you can contact the Service Desk who can arrange the deactivation of your account. You can reactivate your account within 30 days after deactivation by logging in and accept the Digidentity Terms & Conditions. After 30 days, your account is deleted.
-
Our Service
- When you register for any product, you will need to register for an account. The process of verification will begin upon beginning registration and includes the validation and verification of the documents and data that you, and other sources, have provided.
- To complete the registration process, you will need to submit all of the data required. If you do not supply all of the required data it will not be possible to verify your identity and/or organisation, and we will be unable to provide you with the product you require.
- If the registration process is successful then Digidentity will make the product available to you via use of/or within your account, and the registration process will be complete.
- If the registration process results in no confirmation and/or no verification, the application will be rejected, and the product will not be made available to you.
- The decision to approve or reject applications for Digidentity’s products and services remains for Digidentity B.V. at all times.
-
Products
- At Digidentity, you are able to register/apply for the products listed on our website, to which these Terms & Conditions apply.
- The use of our service is described in these Terms & Conditions, product specific Terms & Conditions and our Certificate Practice Statement.
-
Product Validity
- For GOV.UK Verify accounts it is necessary to revalidate users within 180 days of first registration. If this revalidation is successful then no further validation will take place, and the account will remain active unless a request for deactivation or deletion has taken place. During the revalidation process GOV.UK Verify users may be asked to provide a new identity evidence.
- For eHerkenning accounts the initial contract is for twelve (12) months. After twelve (12) months have passed, the account is automatically renewed for twelve (12) months and can be cancelled on a monthly basis.
- SSL/SBR Certificates from the PKIo Private root are valid for three (3) years. Once the Certificate has expired a new application will be required. Digidentity do not extend existing Certificates but will issue new ones.
- SSL Certificates from the PKIo public root are valid for two (2) years. Once the Certificate has expired a new application will be required. Digidentity do not extend existing Certificates but will issue new ones.
- For eSGN Certificates (Qualified and Advanced) the initial contract is twelve (12) months. After twelve (12) months have passed, the account is automatically renewed for twelve (12) months and can be cancelled on a monthly basis.
- For Profession Certificates initial contract period is for twelve (12) months. After twelve (12) months have passed, the account is automatically renewed for twelve (12) months and can be cancelled on a monthly basis.
- Accounts and/or contracts cannot be transferred. Applicants, personal or organisational, must register for their own account.
-
Notice to Relying Parties
- Digidentity recommends that relying parties verify the validity or revocation of the certificates using the current revocation status information.
- Digidentity recommends that relying parties take account of any limitations on the usage of the certificate indicated either in the Terms & Conditions, Certificate Practice Statement or in the certificate itself.
- Digidentity recommends that relying parties take the precautions prescribed in agreements and elsewhere.
- Digidentity recommends that relying parties check the validity of certificates via the complete certificate chain to the trusted root certificate.
-
Personal Data Verification
- To register an account, you will be asked to provide evidence of your identity. The evidence that you provide will be used to verify your personal data. The evidence requested can include:
- dentity document via the mobile app – Passport or National Identity Card
- Selfies via the mobile app
- A zero-cost credit card/debit card transaction (UK)
- Your mobile phone number
- A face-to-face meeting with a Digidentity representative
- Your email address
- Your home address (for GOV.UK Verify)
- Your name history (for GOV.UK Verify)
- Your professional registration number for certificates for Registered Professionals.
- Digidentity will only request the data which is required to create and verify your identity.
- From time-to-time, Digidentity are required to perform revalidation of your existing data via the relevant issuing authorities. This is necessary to ensure that Digidentity have up-to-date and accurate information for the purposes of identity verification.
- Any issued authentication certificate is not to be regarded as a form of legal identification document per the WID (Wet Identification – Dutch Law of Identification). Legal identification can only be shown by providing a recognised ID document.
- Digidentity verifies the request for a certificate for Registered Professionals with the Nederlandse Beroepsorganisatie voor Accountants (NBA).
-
Organisation Verification
- If your registration/application is on behalf of an organisation, or with authorisation of an organisation then Digidentity will request the following evidence/information, where applicable;
- The Dutch Chamber of Commerce Registration Number (Dutch KvK Number)
- Organisation address details
- Organisation email address
- Validation of the Fully Qualified Domain Name (FQDN)
- Blacklist/phishing list check
- Identity document copy of owner/director/legal representative
- Authorisation for the person applying for the certificate
- Letter to confirm employment of the person applying
- Digidentity will only request the data which is required to verify the organisational identity and legal representation.
- Digidentity will not issue certificates and/or other products if the organisation is in bankruptcy proceedings, or no longer registered at the Dutch Chamber of Commerce.
- Digidentity will only issue certs to legal representative(s) with appropriate authorisations to enter a contract on behalf on an organisation.
- If the Dutch Chamber of Commerce registry shows joint legal representation, then Digidentity will request authorisation from all legal representatives listed in the registry, without exception.
- Any issued authentication certificate is not to be regarded as a form of legal identification document per the WID (Wet Identification – Dutch Law of Identification). Legal identification can only be shown by providing a recognised ID document per the WID.
-
Certificate Acceptance
- The certificate is deemed to have been accepted by the subscriber once a period of more than one (1) calendar month has passed without any communication being received from the subscriber (person or organisation), or, that the certificate has been downloaded, used and/or installed.
-
Deactivation, Deletion and Revocation
- You can deactivate your account at any time using the ‘Deactivate my account’ link in your account. A 30-day period deactivation period is started, as set out in our Certificate Practice Statement. You will not be able to use your account or the products in your account. You can reactivate your account by logging in within 30 days after deactivation. If you have not reactivated your account within those 30 days, your account and all personal data will be deleted, and all certificates issued to you will be revoked. Relevant records will be kept for compliance purposes, in accordance with appropriate laws.
- You can delete your account at any time by using the ‘Delete my account’ link in your account. Digidentity will permanently delete your account and personal data from our systems. Any certificates that have been issued to you will be revoked. Relevant records will be kept for compliance purposes, in accordance with appropriate laws.
- If certificates have been issued to you, you can revoke these certificates by logging into your identity account and clicking ‘Revoke certificates’. Once you have clicked this link, you will have to provide your password for authentication. Next, you will see an overview of all two factor authenticators and your personal certificates. You can revoke the relevant certificate by clicking ‘Delete smartcard and revoke certificates’ alongside the corresponding smartcard. Revocation will occur immediately, and you will no longer be able to use your certificate.
- You may request revocation of your SSL/SBR certificate by logging into your SSL/SBR account and clicking ‘revoke’ alongside the corresponding certificate. Revocation will occur immediately, and you will no longer be able to use your certificate.
- Digidentity reserves the right to deactivate accounts with immediate effect if there is any reason to believe or suspect that the verification and/or validation provided is no longer correct, or has been faulty, false or fraudulent as set out in the Certificate Practice Statement. If you want to continue using an account, you will need to apply for a new account.
- Digidentity reserves the right to revoke any certificate if there is any violation of these Terms & Conditions, or any contractual agreement, or that Digidentity discovers that the certificate has been used, is being used, or will be used for any criminal activities, including phishing, fraud or for the distribution of malware/viruses.
- Once a certificate is revoked or expired you may no longer use the private key associated with it.
- Digidentity will refer any fraudulent activity to the relevant authorities. On behalf of the Identity service, we may also report any suspicious activities to any relevant body or appropriate authority.
- Digidentity reserves the right to deactivate accounts with immediate effect if it considers communications from a user to Digidentity employees to be harassing, threatening, abusive. As far as Digidentity is concerned, this makes it impossible to provide reasonable services in support of applications for a digital identity. Digidentity will report any continuation of abusive, threatening or harassing behaviour to the appropriate authorities.
-
Our Obligations
- Digidentity will provide the services as described on the website, in accordance with the Terms & Conditions, the Privacy Statement and Certification Practice Statement. Digidentity will carry out any contractual obligations. However, these obligations are no guarantee for a successful outcome in your application.
- Digidentity aims to provide a continuously functioning and accessible service but makes no guarantees about the availability of any services provided. You accept the fact that (temporary) disruptions may occur which would render the service inaccessible on occasions.
- Digidentity aims to make a documentation repository available 24 hours a day, 7 days a week. Should this repository become unavailable, Digidentity aims to recover its availability within four (4) hours.
- Digidentity reserves the right to limit availability to or render the services entirely inaccessible for limited periods of time in order to carry out maintenance and/or implementation of required modifications. Digidentity aims to carry out these scheduled down times in periods which could be reasonably considered to affect the minimum number of users as far as possible, e.g. outside of office hours.
- Digidentity will provide the service in accordance with the published Digidentity Privacy Statement. This Privacy Statement is accessible on the website. Digidentity will update its Privacy Statement from time to time to reflect changes to data processing in relation to the service.
-
Your Obligations
- You understand that verification of identity is a process that relies on personal data, available documentation and information provided by you, and is uniquely based on your data. You accept that this identity verification process cannot be based on other user experiences or requirements.
- You ensure and warranty to take all reasonable measures to assure control of, keep confidential, and protect the private key which corresponds to the public key of your issued SSL/SBR certificate. As a personal subscriber, you ensure the private key is under your sole control. As an organisational subscriber (legal subscriber) you ensure the private key is under the control of the subject.
- You accept that unauthorised use of the subject’s private key is forbidden.
- You ensure and warrant to install the SSL/SBR certificate only on servers that are accessible at the subjectAltName listed in the certificate, and only to use the certificate in accordance with all applicable laws, agreements and Terms & Conditions.
- You are obliged to report without any reasonable delay any suspected misuse, actual misuse or compromise of your certificate to Digidentity, and to immediately request revocation of the certificate.
- You are obliged to notify Digidentity, without delay, if the private key has been lost, stolen or potentially or actually compromised, and to immediately and permanently stop use of this key, excepting key decipherment.
- You are obliged to notify Digidentity, without delay, if control over the private key has been lost due to theft, compromise or loss of the activation data e.g. PIN code.
- You accept your obligation for the key pair to only be used in accordance with any limitations notified. You also accept the obligation to only use the private key for cryptographic functions within the secure cryptographic device.
- You ensure and guarantee that all data and documents provided are correct, complete, accurate and up‐to‐date, and that they conform to the requirements as set out by Digidentity during the registration process and application. You will update your online profile if changes occur in the data you have submitted upon registering. For SSL/SBR certificates you must inform Digidentity of any changes which cause a mismatch in your certificate information. You will follow instructions and requirements for any transfer of data (via the online process or using the mobile/tablet application) that Digidentity indicates.
- You agree to inform Digidentity without delay if there are any security concerns, security issues or data leaks. Digidentity will treat any report as confidential and will handle it in accordance with appropriate laws and regulations to minimise damages. Digidentity aims to resolve any security alert as fast as reasonably possible and will take steps to inform any third parties that the issue affects.
- You accept the obligation to inform Digidentity of any violation of the Terms described in articles 12, c) and 15, adding a detailed description of such violation and any other relevant information. You must take all reasonable measures to prevent further and/or continuing violations and will take all reasonable measures to limit any damage resulting from such a violation.
- You accept the obligation to pay the invoice from Digidentity within fourteen (14) days after the issue date of the invoice.
-
Limitations of Use of our Website
- It is forbidden to copy, pass on, sell, publish or make a profit from any content of the website, products, services or associated materials of Digidentity.
- It is forbidden to use the website, products or associated materials of Digidentity in any way that causes, or may cause, damage to the website or impairment of the performance, availability or accessibility of the website, products or associated materials.
- It is forbidden to access the Digidentity website and associated materials using any robot, spider or other means.
-
Personal Data
- You acknowledge that Digidentity supply an identity, authentication and authorisation service and you understand that Digidentity will process personal data to establish an identity and to verify the validity of personal data or documents. Digidentity is the Data Controller as defined under the EU General Data Protection Regulation (GDPR) and will process the personal data with due care, in compliance with any applicable data protection laws including the GDPR, and these Terms & Conditions, unless otherwise agreed upon.
- Digidentity processes the personal data in order to perform its duties under the contract with you and to create and maintain a direct relationship with you as indicated in the Privacy Statement. For the avoidance of doubt: this includes comparing and checking the data against databases (public or otherwise) that are available for the purpose. Digidentity will not process the personal data for other purposes, unless the processing is required on the basis of a legal obligation or a co urt order, or if you have given your consent.
- In order to perform its duties under the contract, Digidentity will involve relying parties in the processing of personal data. Digidentity will take appropriate measures to ensure that these relying parties will process personal data in accordance with the purpose and applicable data protection laws.
-
Confidentiality
- Digidentity and you are obliged to take all reasonable measures to protect confidential information or the identity account from unauthorised access, loss, damage, modification or unauthorised processing. In the event that such an issue occurs, you must inform Digidentity without delay of any unauthorised access, loss, damage, modification or unauthorised processing.
-
Record Retention
- Digidentity may retain the following information (once registration is successful) during the lifetime of the account;
- Name
- Address
- Date of birth
- ID document information: name, date of birth, nationality, document number, expiry date
- Mobile phone number
- Email address
- Once deletion is confirmed, the account data is archived in an encrypted state for seven (7) years. Access to the archive is only given to authorised senior personnel, and only provided upon the requirement to provide evidence e.g. court proceedings. The archive remains locked under all other circumstances.
- Digidentity will keep an event log of information having been received per account, which includes the receipt of data, the processing thereof and the outcome. These event logs are kept for the same period as the account data – seven (7) years once the account is deleted.
All other data which has been used for verification during registration will be destroyed after fourteen (14) days.
-
Rights of Ownership and Intellectual Property
- At all times, any intellectual property rights that have to do with the identity service, or associated materials remain the property of Digidentity, the licensee or our supplier.
- Your right to use the identity service or associated materials does not entitle you to any intellectual property rights of the identity service or associated materials. Digidentity only provides a non‐exclusive right to use the identity service and/or associated materials to verify your identity and create an account. Your usage rights are strictly personal and cannot be transferred to any other person.
- It is forbidden to use (part of) the identity service, data or associated materials in any way that would result in the violation of intellectual property rights of Digidentity, the licensee or suppliers.
- Digidentity reserves the right to take all necessary measures to protect their own, the licensee's or suppliers' intellectual property rights. These measures include ending the use of the identity service or associated materials when the contract ends. It is forbidden to use, remove or avoid any such measures in any way.
-
Liabilities
- Nothing in these Terms & Conditions excludes or limits our liability in respect of
- any breach of law by Digidentity or its sub-contractors,
- any loss, unauthorised access to or corruption of personal data held by Digidentity or its sub-contractors (including any credentials issued to you),
- any wilful default on the part of Digidentity or its sub-contractors.
- We are not responsible to you for any loss or damage suffered by you which was not an obvious consequence of us breaching these Terms & Conditions. We are not responsible to you for losses which you suffer due to any events beyond our reasonable control. We are not responsible to you for losses that that Digidentity has not caused directly by actions.
- You cannot hold Digidentity liable for damages resulting from events beyond reasonable control or that Digidentity has not caused directly by actions.
- You cannot hold Digidentity liable for any indirect damages or damages that were/or are caused because you did not/or do not take appropriate measures to:
- limit such damages immediately after a damaging event has occurred,
- prevent further damage or subsequent damages resulting from the initial event,
- immediately inform Digidentity about events which would cause damages and/or provide relevant information to Digidentity.
- In all cases, the liability of Digidentity shall be limited to the usual and foreseeable damages. You cannot hold Digidentity liable for any business damages after using the identity service in the capacity of a consumer.
- You can never hold Digidentity liable in respect of any damages resulting from
- Your unauthorised or improper use of the data, the identity service and/or related materials;
- Providing incorrect and/or incomplete data, or not providing data to Digidentity in a timely manner;
- Losing your own data;
- Your failure to abide by any obligations provided in these Terms & Conditions or CPS, including not cooperating with the Terms & Conditions.
- The late, incorrect, or incomplete accessibility of the identity service;
- Miscommunication or loss of messages and notices resulting from the use of a mode of communication selected by you, or resulting from the dysfunction of any materials used by you, including improper functioning of the internet;
- The use of materials you selected;
- The unauthorised use, loss or theft of log in details that have been provided to you;
- The downtime or unavailable online tools of third parties;
- Sharing your username, password or PIN code with any other person.
-
Limitation of Action
- You must bring any claim for damages against Digidentity within one year after the damage has occurred.
-
Force Majeure
- Digidentity is not obliged to perform any of the obligations under the contract or the Terms & Conditions in case of force majeure. Force majeure is understood to be a turn of event which is out of the reasonable control of the affected party, and therefore, if Digidentity cannot perform actions associated with, and not limited to;
- Improper functioning materials provided by users
- Requirements under law
- Power cuts, power outages, or other interruptions of electricity
- Improper functioning of internet, computer and or telecommunication resources
- Extreme weather Conditions, flooding, earthquake or other natural or weather-related causes;
- Strike, riots or civil unrest
- Fire or explosion
- War, uprising or overt military hostilities;
- Catastrophic epidemic or pandemic
- General problems of transportation
- Extreme circumstances which reduce/severely limit the availability of Digidentity employees to carry out tasks
- Contradictory legislation or government action, prohibition, embargo or boycott
- Terrorism
- Failure of suppliers
- Digidentity take measures to thwart the risk of any interruption to services, and have a business continuity plan and disaster recovery plan.
-
Applicable Laws, Regulations and Audits
- The contract and the Terms & Conditions are governed by Dutch law in adherence and conformity with application European Directives, specifically Article 8 of the European Convention of Human Rights regarding laws on privacy.
- Digidentity is audited and approved for the issuance, management and revocation of Qualified Certificates for electronic signatures per Regulation no. 910/2014 (EU), known as eIDAS.
- Digidentity is audited annually against the requirements of ETSI EN 319 401, ETSI EN 319 411-1, ETSI EN 319 411-2, CA/Browser Forum Baseline Requirements, CA/Browser Forum Network Security Requirements, PKIoverheid Programma van Eisen, Afsprakenstelsel eHerkenning, tScheme and ISO27001:2013. Current certification can be viewed via this link: https://www.digidentity.eu/nl/home/#certifications
-
Complaints
- Digidentity has a complaints procedure available, which can be viewed via this link: https://www.digidentity.eu/en/home/#complaints-procedure
- Any dispute that a user and Digidentity cannot settle amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before that judge.
-
Warranties
- Any dispute that a user and Digidentity cannot settle amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before that judge.
-
Concluding Provision
- Any dispute that a user and Digidentity cannot settle amicably will be brought before the competent judge of the place where Digidentity have a statutory seat (The Hague). If applicable Dutch or European law provisions determine that another judge is also competent, then the case may also be brought before this judge. If applicable Dutch or European law provisions determine that another judge has exclusive competence, then the case may only be brought before that judge.
-
Definitions
- The following words have the following meaning:
- User: ‘User’, ‘you’ or ‘your’ in these Terms & Conditions refer to you as a user of the Identity Service.
- Identity service: The service we provide to you entailing the verification of your identity and/or the validity of any documents or data. If this verification and/or validation process results in a confirmation and/or validation of the information you have provided, we will create an identity account for your personal use.
- Relying party: The relevant third party who requires you to verify your identity so that you can use its services, i.e., Government Departments.
- Contract: The relationship between you and us, governed by the Terms & Conditions according to article 1
- Terms & Conditions: These Terms & Conditions as set out here.
- Identity account: Your unique profile we have provided to you after identification and/or validation of data and documents whether or not the verification of your identity is successful
- Data: Any data you have provided to us or in connection with the Digidentity Service.
- Licensee: The holder of a licence for intellectual property rights connected to the identity service.
- Materials: Materials refer to any software, hardware, websites, database, designs, models, programs, reports, and other identity services and materials we or the relying party have put to use in relation to the identity service.
- In writing: For the present Terms & Conditions, the term ‘in writing’ will refer to any written communication, whether this be by electronic means or by regular postal mail.
Privacy Statement
Version 2019-v1
Last update: 12 April 2019
Introduction
At Digidentity, we respect your privacy and we are committed to protecting your personal data. In this Privacy Statement, we will inform you about the personal data we collect and process and how we protect your personal data.
Who Are We
This Privacy Statement describes Digidentity B.V.'s collection and use of personal data. References in this Statement to "Digidentity", "we" or "us" shall mean Digidentity B.V. (registered in the Netherlands under company number 27322631), being the data controller for the data processing.
WHAT IS THE PURPOSE OF THIS STATEMENT?
With every service we provide, we take the protection of your privacy and personal data seriously. We ensure that we collect and process personal data for the services provided and in compliance with applicable privacy and data protection law (including but not limited to the EU General Data Protection Regulation (GDPR)).
We do not allow anyone to use or access your personal data for any other purposes than those set out in this Statement.
In this Statement, we give you information about how Digidentity collects and processes your personal data when you visit our website or otherwise interact with us. This includes any personal data that you provide when you purchase our products or services. The Statement also informs you how you can exercise your rights.
It is important that you read both this Privacy Statement and our Terms & Conditions. This Privacy Statement does not override earlier policies, but rather supplements them.
HOW CAN YOU CONTACT US?
If you have any questions, comments or requests concerning this Privacy Statement, please contact our Data Protection Officer (by e-mail, postal service or phone) using the details set out below.
Email address: privacy@digidentity.eu
Postal address: PO Box 19148, 2500 CC The Hague, the Netherlands
Telephone number: +3188 7 78 78 78
If you have any concerns about the way we handle your personal data, you have the right to make a complaint at any time to the data protection authorities. For Digidentity, this is the Autoriteit Persoonsgegevens in the Netherlands.
FOR WHICH PURPOSES DO WE USE YOUR PERSONAL DATA?
Execution of contract
Digidentity processes personal data for delivering our products or providing our services. The legal ground for processing personal data is to execute the contract with you for these products and services and to comply to applicable laws and regulations.
Legitimate interest
Based on our legitimate interest, we process personal data to administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
Consent
We use automated technologies and interactions (including, but not limited to log data and data analytics and cookies). You can subscribe to our free newsletter by entering your email address. You can unsubscribe any time via link provided in the newsletter. In eSGN, you may give consent to use your location to fill in the name of the location in the signature location field.
WHICH PERSONAL DATA DO WE COLLECT?
We process personal data when you interact with us, or when you use or purchase our products or services.
Digidentity process personal data and other data for providing our services which includes, if relevant:
Digidentity Account
To use our services and products, a Digidentity account is required. For a Digidentity account, an email address is required, and you must create a password (minimum ten characters with at least one uppercase, one lowercase character and one number). Your email address and password are needed to access your account. A pseudonym is created to identify your account within our systems.
Level of Assurance 0
Digidentity products that provide a Level of Assurance 0 (LoA0), require:
(1)eSGN Basic: your email address (as provided in your Digidentity account (2)IVAS Level 0: your email address (as provided in your Digidentity accountLevel of Assurance 1
Digidentity products that provide a Level of Assurance 1 (LoA1), require:
(1)eHerkenning Level 1: your email address (as provided in your Digidentity account) and a business email address. If applicable, an employment letter is required stating that you are employed at your organisation and an authorisation letter is required stating you are authorised to act on behalf of your organisation. The full name of legal representative(s) of organisation, business address and business role(s) which we obtain from the Chamber of Commerce (KvK). We also request copy of ID document of legal representative(s) of organisation for signature verification. (2)GOV.UK Verify (Level 1): your email address (as provided in your Digidentity account), phone number, full name, current and previous names, gender and addresses (minimum of one year of name and address history). Based on your name and address history, your UK credit file is checked in order match your details, as well as to generate Knowledge Based Verification (KBV) questions. We may also use your mobile phone number to verify a mobile contract attached to it. If the KBVs are attempted and failed, an app upload of a valid ID document is required for verification.Level of Assurance 2/2+
Digidentity products that provide a Level of Assurance 2 or 2+ (LoA2/2+), require:
(1)eHerkenning Level 2+: we request the same personal data as for eHerkenning Level 1 with the addition of mobile phone number to add two-factor authentication and a copy of ID document (for full name, date of birth and nationality verification). (2)GOV.UK Verify (Level 2): we request the same personal data as for GOV.UK Verify Level 1 with the addition of three years of name and address history, active history in your credit file, plus one or more ID documents to prove who you are. If you verify a document using the Digidentity app on your mobile device, you must provide pictures of your ID document and selfies (of you) in order to compare the photo on the ID document with the selfies. When you provide the details of your ID documents using a manual form, we verify the data using the Document Checking Service (GOV.UK approved databases from DVLA, DVA and the UK Passport Office).Level of Assurance 3 or Substantial+
Digidentity products that provide a Level of Assurance 3 (LoA3) or Substantial Level, require:
(1)eSGN Advanced: we request your email address (as provided in your Digidentity account), mobile phone number, full name, date of birth and gender. We need a copy of an ID document and three pictures (selfies) taken with the Digidentity app on your smartphone in order to compare the photo on the ID document with the selfies. We use the ID document to verify your full name, date of birth, place of birth and nationality and complete your registration. (2)eHerkenning Level 3: we request the same personal data as for eSGN Advanced with the addition of business information. This includes registration number at the Chamber of Commerce, business email address, full name of legal representative(s) of organisation, copy of ID document of legal representative(s) of organisation (for identity verification), business address and business role(s). An employment letter is required stating that you are employed at your organisation. If applicable, an authorisation letter is required stating you are authorised to act on behalf of your organisation. To finish the eHerkenning Level 3, we are required to perform a face-to-face verification of your identity. (3)IVAS Level 3: we request the same personal data as for eSGN Advanced. (4)Solera Garage: we request the same personal data as for eSGN Advanced.Level of Assurance 4 or High
Digidentity products that provide a Level of Assurance 4 (LoA4) or High Level, require:
(1)eSGN Qualified: we request the same personal data as for eSGN Advanced. (2)eHerkenning Level 4: we request the same personal data as for eHerkenning Level 3. (3)Professional Certificates: we request the same personal data as for eSGN Qualified with the additional request for your registration number from the Professional Registrar, your business email address and registration number at the Chamber of Commerce (for invoicing).For all Level 4 products, we are required to perform a face-to-face verification of your identity. You will receive a request for a face-to-face meeting where Digidentity will verify your identity in person by checking the original ID document that you have uploaded during registration.
Server certificates
For other products, Digidentity requires:
(1)SSL/SBR:your business email address (certificate manager, contact person), mobile phone number and registration number at the Chamber of Commerce, full name of legal representative(s) of organisation, copy of ID document(s) of legal representative(s) of organisation (for identity verification), business address and business role(s).Other products
For other products, Digidentity requires:
(1)ZLM:your email address (as provided in your Digidentity account), insurance number and date of birth. Your insurance number and date of birth are sent to ZLM for verification. If the data is correct, we receive the email address registered at ZLM. (2)Allianz:your email address (as provided in your Digidentity account), your Digital Passport and Allianz registration number. The Allianz registration number and Digital Passport data are verified with Allianz. After approval of the application, Digidentity receives the name, date of birth and gender from the Digital Passport issuer Solera. (3)Solera MMM:your email address (as provided in your Digidentity account), name and a copy of an ID document. (4)Smartr365:your email address (as provided in your Digidentity account), name and a copy of an ID document.Digidentity website
We use cookies and Google Analytics on our websites:
(1)Cookies:Cookies are files that store information on your device. We use cookies to provide you our services and products. These cookies are required for our products or services to work properly. We use cookies to analyse the use of our websites so we can improve performance, navigation and website experience. These cookies never store personal data. You can delete all cookies currently stored on your device. You can find out how to delete cookies for your browser by clicking 'Help' in your browser's menu. (2)Google Analytics:Digidentity uses Google Analytics to monitor and analyse the use of our website. We have set up Google Analytics to anonymise your IP address. We collect only anonymised data to improve our website, products and services.Digidentity Mobile App
The Digidentity mobile app (for Apple iOS and Android) may be used in the registration process, supports authentication and provides access to your virtual smartcard. The mobile app requests access to the camera of your mobile phone to allow scanning of QR codes. Your name is displayed on the virtual smartcard. If you enable analytics in the mobile app, we collect anonymised data on the use of our mobile app.
HOW DO WE USE YOUR PERSONAL DATA?
Digidentity use your personal data to execute the contract that you have entered with us.
We are required by laws and regulations and international standards for digital identities to verify all personal data provided to make sure that your data is correct. Your email address and phone number are verified by sending a conformation code so we can verify you are in possession of the email address and phone number. We may use your mobile phone number and email address to contact you in relation to the product or service that you use.
We verify your full name, date of birth and nationality using a copy of your ID document. Your age is determined from you date of birth to verify you are of legal age for entering a contract us. During the registration, you are requested to upload a copy of both front and back of a valid ID document.
Digidentity use an external automated document validation system that checks if the ID document is genuine and valid. These automated validation check if all information is present and according to requirements (document valid, picture present, social security number passes the verification check). Documents that have been modified or data is hidden will be rejected. We collect your full name, date of birth, place of birth, gender, nationality and ID document number from your ID document as prove of verification. Your full name and nationality are included into digital certificates issued to you.
For professional certificates, we verify your registration at the Professional Registrar using your registration number to make sure you are eligible for a professional certificate.
During registration, three pictures (selfies) must be taken which we will compare to the picture on the ID document to verify your identity. The copies of your ID document and three selfies will be permanently deleted after 14 days. Credit file data (GOV.UK Verify) is deleted after 30 days.
HOW DO WE SECURE YOUR DATA?
Digidentity has taken the necessary security measures to protect your personal data against accidental loss, unauthorised access, modification or disclosure. We limit access to your personal data to those employees who have a business need. They will only process your personal data as per our instructions, and they are legally bound to keep your personal data confidential.
We have set up procedures to deal with any suspected personal data breaches, and we will notify you and any relevant data protection authority of a breach where we are legally required to do so.
We have an Information Security Management System (ISMS) and are ISO27001:2013 certified. As part of our certification, our security measures to protect your personal data are annually evaluated by an external auditor. Digidentity is subject to regular inspections by Agentschap Telecom for Trust Services and Electronic Identification which also includes compliance to GDPR.
WHAT ARE YOUR RIGHTS?
You have the right to:
- request information on personal data we process and what we do with the personal data
- request access to your personal data
- request correction of your personal data
- request erasure of your personal data
- object to specific processing of the personal data
- revoke your consent
When you make use of your right, we are required to verify your identity. You can access, correct or erase your personal data in your account profile. In case we rely on your consent for the processing of your data, you have to right to revoke your consent at any time.
Please note that any processing we carried out before the withdrawal of your consent remains lawful. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case when you withdraw your consent.
If you wish to exercise any of these legal rights, please contact us via the contact information.
Data Retention Policy
Version 1.0
Last update: 23 May 2018
PURPOSE
When you register with Digidentity your personal data is required to confirm your identity. This document provides you with information about how long your personal data is stored. This personal data is subject to data protection laws, as described in the Terms and Conditions and Privacy Policy.
DATA RETENTION PERIODS
The data retention periods are in the table below:
Type of Data | Retention Period | Archive after (after an account is inactive)* |
---|---|---|
Personal details – name, address, date of birth | While account is active | 7 years |
Mobile phone number | While account is active | 7 years |
Email address | While account is active | 7 years |
Passport images from mobile app | 6 months | • |
Passport number | While account is active | 7 years |
Identity card images from mobile app | 6 months | • |
Identity card number | While account is active | 7 years |
Driving licence images from mobile app | 6 months | • |
Driving licence number | While account is active | 7 years |
Bank Account number (masked) | While account is active | 7 years |
BSN Number (masked) | Deleted immediately after checking | • |
Selfies | 14 days and deleted | • |
Chamber of Commerce Listing (KvK) | While account is active | 7 years |
Bank card transactions (masked information) | While account is active | 7 years |
Digidentity will only store your data if necessary, to meet obligations for auditing and forensic evidence purposes. Your rights to request deletion are described in the Terms and Conditions and Privacy Policy.
During archival the data is securely stored (encrypted/masked/locked away), and is inaccessible to authorized users during daily business tasks. Data will only be accessible to personnel in functions related to security e.g. Security Officers or the Data Protection Officer (DPO).
Once the data has reached the maximum retention period of 7 years it is deleted/destroyed. The destruction of data ensures that no information can be recovered.
Our philosophy
Success does not just happen. We are working hard for it based on 4 core values that make us who we are: as authentic as our clients.
Our core values
We focus 100%
What defines our work? We want to give internet users back their privacy. That is the core of our business, the core of our existence. Too much personal details are available on the internet. We are bringing it back to one, safe place. To one, reliable online identity. This way you gain control over your own data. We focus on this. Purely and solely. With our full attention. So that we can excel in it.
We operate internationally
Every individual, his online identity. That is our mission. For this purpose, we are building a scalable platform that is as international as the internet itself. With a unique digital passport you can use anywhere in the world. Safely and reliably. Logically we will focus further than just the Netherlands. You will find us in the United Kingdom. And behind the scenes where are also advising in multiple countries about the developments concerning digital identities. Call use involved across borders.
We put the user first
Nothing more personal than an online identity. The optimal personal experience of our service is then also a central point in our service. How do make the service even more safe, more easy – those are the questions we are continuously asking ourselves. The key factor is the protection of information, so we offer clients privacy and we gain trust. We use our user feedback, analytics and our UX Lab test results to gain happy clients. This way, our product sells itself.
We are raising the bar
We are working hard for the best possible result. Together we will decide how we will do that. We take and organise the area to realise our own ideas for it. In addition to this, we also take into consideration the interest of the entire industry. This means that we are rather an entrepreneur than an employee: we detect new opportunities and combine these.
Responsible Disclosure
At Digidentity we are proud of the technology and services that we developed. Regardless of our continuous care for the protection of our systems, it is still possible that it may be used in unauthorised ways.
Report your findings.
If you find a weak spot in one of our systems, please let us know. We will always seriously consider your notification and will investigate every possible vulnerabilities. In this way we can repair this as quickly as possible. This way, we can work with you to protect our clients and systems.
We ask you
- Please e-mail your findings to our Network Operation Centre ;
- Do not abuse the problem, by for example
- reading more information than is necessary to prove the leak;
- download, delete or edit data or components of the software system;
- Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties;
- Provide adequate information to reproduce the problem so that we can solve it quickly;
- Do not share the problem with others until we have stated that the vulnerability has been rectified and that we have agreed with you to make it public.
We promise
- To respond to your notification within 3 days. We will give our assessment of the notification and an expected date for a solution;
- We will not take any legal steps against you about your notification. If you at least kept to the abovementioned requirements;
- We will treat your notification confidential and will not share your personal data with third parties without your consent;
- We will inform you about the progress of our rectification of the problem;
- We will mention your name as the person who detected the problem in notifications, but only if you want this;
- As a token of our appreciation for your help, we would like to offer you a reward. We will make a €100 donation to any of the following charities, according to your choice for every problem with our security that you detect. Choose from CARE , Homeplan , Edukans .
Summary of the Notifications
Complaints Procedure
Version 1.0
Last update: 18 January 2016
Contacting us with feedback
At Digidentity we do our best to ensure that we provide the best services and products possible. We do understand that sometimes users may want to pass on their feedback and concerns. In the event you wish to comment about the services we offer, you are able to contact us with more details.
How can you get in touch?
You are able to contact us via email, chat and telephone. The details of which are as follows:
Email: helpdesk@digidentity.co.uk
Chat can be accessed via our website www.digidentity.co.uk
Telephone: +44(0)330 05 83 454
How we handle your feedback/comments?
Any information we receive regarding our services or products is taken seriously in order to improve our overall service. We do our best to treat all users with respect, and genuine understanding of the importance of their situation, with the ultimate aim of helping and resolving any issues.
First contact
The first point of contact will be our one of our dedicated support agents, where any concerns or feedback you have will be responded to as quickly and clearly as possible. In handling your enquiry our team will also ensure that your provided feedback or information is passed on to the correct channels and is available for the review and evaluation of our services. All information will be recorded via email if this was not the primary method of contact.
Our support agents are trained and able to respond to almost all enquiries.
Transferring
In the event you are not satisfied with the response you have received your details will be forwarded to the next available supervisor, who will investigate the case further and respond to you personally. It may be necessary for the supervisor dealing with your enquiry to consult with others regarding the details of your enquiry, or to request more expert advice. The details of your enquiry will be treated with respect at all times with the aim of resolving your issues or concerns.
In the unlikely event your concern, feedback or issue is more serious it will be passed onto the management to deal with. This will be determined by the supervisor handling your case.
Public Service Description
Version 1.3
Last update: 13 April 2017
Digidentity is a certified identity provider for the GOV.UK Verify service, and as such is listed by GOV.UK as a certified company: GOV.UK website.
Via Digidentity:
- Users can register for a Digidentity account to assert their identity.
- Users with an asserted identity can access services available for GOV.UK Verify.
- Users can expect the highest standards of authentication and security available.
To provide this service to users, Digidentity ensures that the requirements and standards of the UK Government in GPG (Good Practice Guide) 44 and GPG 45 are met.
Once a user has successfully verified for an identity account for GOV.UK Verify LoA1 or LoA2, it can be used to access associated LoA1 or LoA2 services provided by the GOV.UK Verify initiative.
How the service works

Registration
Via the GOV.UK pre-registration questions, Digidentity can be chosen as the identity provider. Once chosen, users are automatically directed to the registration process of Digidentity. The registration process will be per the chosen LoA. Users are required to accept the terms and conditions, without accepting these it is not possible to register.
Authentication
When logging into their profile, or when requiring access to GOV.UK Verify services, users are required to make use of the 2-factor authentication. Users can opt for SMS or by using the Digidentity Authenticator app available. Once authenticated users can access services and/or their profile to maintain it.
IPV
Identity proofing and verification is at the core of creating a digital identity. The information required to verify an identity is dependent on the Level of Assurance. The higher the level, the more assurance is required.
Account Maintenance
Users are in control of their own identity account, and can also make changes where needed e.g. change of name because of marriage. Changes are always verified to ensure maximum protection and security, and for fraud prevention.
Registration
Making an account
Once directed to the Digidentity process users are required to make a username, password and to confirm their email address. Once this is complete the user needs to choose their form of 2- factor authentication, e.g. SMS. 2-Factor authentication is always required to secure the account for GOV.UK verify.
Entering personal details
Users are required to enter their personal details, including; name, date of birth, gender (optional) and address. Sometimes name history and/or address history is required. Once this is entered the details are confirmed and used to collect data from a credit file. The data collected is NOT a credit reference, and has NO impact on the credit reference. The data is used to check and verify information for the process of verification, along with data/document checking services provided by the Government.
Identity proofing
Depending on the Level of Assurance users will be required to provide evidence of the identity. Users registering for LoA2 are required to reach a higher level of assurance and will need to supply a combination of evidences which include (but not limited to): UK passport, Non-UK passport, Photo card ID (Government issued), Photo card driving licence, mobile phone contract, bank transaction £0.00 and knowledge based verification (questions generated from the data). Users can also choose to provide their details using our mobile app. Since photos are required of the document, and selfies too, more assurance is attained per document. Users who provide a UK Passport with the app therefore, need only add one more piece of evidence e.g. bank transaction £0.00.
Completion
Once the process of verification is completed the user will be redirected to the service they initially required. To access services of GOV.UK in the future users can use their existing account credentials, and once successfully logged in, will be redirected to the service required.
Revalidation
During the lifespan of the account it is necessary to revalidate details within 180 days of the registration date. Revalidation is a requirement per the Good Practice Guide set out by GOV.UK. Revalidation ensures the integrity of the data within the user account. If the account revalidation occurs users may be asked to take steps to update their information e.g. passport is expired and so add a new one.
Support
Users requiring support during the process are able to contact us:
Email: helpdesk@digidentity.co.uk
Phone: +44(0)330 05 83 454
Monday to Friday 08:00 to 22:00
Saturday and Sunday 08:00 to 17:00
Calls cost no more than calls to geographic numbers (01 or 02) and your telecoms provider must include these calls in inclusive minutes and any discount schemes in the same way.
Ken je je klanten echt?
Een eenvoudige en veilige manier om je gebruikers te verifiëren.
Als je online zaken doet als bedrijf, moet je er zeker van zijn met wie je te maken hebt. Omgekeerd moet de persoon die zich aanmeldt bij jouw digitale dienst erop kunnen rekenen dat zijn gegevens correct worden verwerkt. Daarom is een veilige en betrouwbare toegang tot je online diensten van essentieel belang.
Met Digidentity maakt je jouw diensten veilig online toegankelijk. Klanten loggen in op jouw website of dienst met hun digitale identiteit (Digidentity) en kunnen zo hun bedrijf veilig en eenvoudig uitvoeren.
Lees hier meer over wat wij voor jou kunnen doen
eSGN: digitaal ondertekenen
Een elektronische of digitale handtekening is equivalent aan een handgeschreven handtekening. Een digitale handtekening bestaat uit cryptografische elektronische gegevens die zijn gekoppeld aan een digitaal document. Met eSGN van Digidentity kun je PDF-documenten op een rechtsgeldige manier digitaal ondertekenen. Deze digitale handtekening zorgt ook voor zekerheid dat het document nadien niet bewerkt is. Importeer documenten vanuit Cloud-diensten of vanaf je lokale schijf en onderteken je document met een digitale handtekening. Bespaar tijd en kosten door een einde te maken aan het printen, ondertekenen, scannen en archiveren of verzenden van documenten.
Wil je meerdere mensen laten ondertekenen? Geen probleem, Met een eSGN-account krijgen ze een melding ontvangen wanneer een document klaar is voor ondertekening en ontvang jij bericht zodra iedereen het document heeft ondertekend.
Je kunt de eSGN-app downloaden vanuit de app store op een tablet, deze is ook beschikbaar als een webtoepassing of je kunt de functionaliteit integreren in je eigen workflow. Zodra je bent ingelogd met je Digidentity-account, kun je direct eSGN gebruiken.
Newsletter
Subscribe to our newsletter and stay updated on the latest developments.
Now that you know a little bit more about us, sign up for our newsletter in order to stay updated. We still have a lot to tell you. You will receive an email from us a few times a year.
You can unsubscribe any time via the link provided in the newsletter. We process your personal data in accordance with our Privacy Policy. Check your rights in the Privacy Policy for more information.