Privacy Policy

Your privacy is very important to us. We want to process your personal data in a legal, correct and transparent manner. In this privacy statement we explain which personal data we collect and process from you as a natural person.

1    Safeguarding your privacy together

We define multiple categories of individuals whose personal data we collect and process:

  • C-iD customers (have a contractual relationship with C-iD);
  • platform users (do not have a customer relationship with C-iD, but use the services in the C-iD app);
  • prospects (do not have a customer relationship with C-iD and may not be a platform user, but have a connection with C-iD as, for example, data subject or beneficiary).

1.1  Privacy statement valid for processing of personal data collected by C-iD via website, platform, app or from other sources

We advise you to read this information carefully, so that you know what C-iD can use your data for. You will also find more information about your privacy rights and how you can exercise them in this privacy statement.

C-iD may amend this privacy statement. The most recent version can always be found on www.ci-id.org. For any important substantive change, C-iD informs you via its website, app or other communication channels.

We also recommend that you read the C-iD Cookie Statement when using a digital solution, such as the C-iD website and the C-iD application. In it you can read what cookies are, which cookies C-iD uses and how C-iD monitors your privacy. You can consult this cookie statement on www.c-id.org, at the bottom of the webpage.

1.2  C-iD handles your personal data with care

C-iD is a platform that is active in Belgium and a selection of countries worldwide. The registered office is located at Zagerijstraat 39 bus 1, 3600 Genk, Belgium. More information about the activities of C-iD can be found on www.c-id.org.

C-iD is responsible for the processing of personal data in the context stated in this Privacy Statement.


2    Right to privacy

If C-iD processes your data, you have a lot of rights. If C-iD asks you for permission for a processing, you can also withdraw that permission yourself whenever you want.

2.1  You can view your data

If you want access to the data that C-iD processes about you, please let us know. Some data can be viewed directly via, for example, the www.c-id.org platform  or the C-iD app.

If you exercise your right of access, C-iD will give you as complete an overview of your data as possible. It is possible that some personal data from classic backup files, log, history or archive files (e.g. the existence of a permission) are not included in this overview. This data is not part of the currently processed personal data and is therefore not immediately available. You can, however, request this additionally (e.g. cookie data).

Anti-money laundering legislation prohibits C-iD in certain cases from giving you access to the personal data that C-iD processes about you. For example, C-iD cannot give you access to an anti-money laundering investigation. That is prohibited by law because release could jeopardize the investigation. In that case, you can request further information via support@c-id.org.

2.2  You can have your data corrected

It may happen that certain data that C-iD has stored about you is not (or no longer) correct. You can always ask to have that data corrected or completed.

For the standard service, you can adjust certain data yourself via the user menu, both via the platform and the app.

2.3  You can have your data deleted

You can ask C-iD to delete your personal data. If C-iD no longer has a compelling reason for the processing of your personal data, C-iD will delete it. A legal obligation may prevent deletion.

2.4  You can object to a certain use of data

If you do not agree with the way in which C-iD processes certain data on the basis of its legitimate interest, you can object to this. Objection that we will comply with, unless there are compelling reasons not to do so, which will be the case, for example, if we process data to combat fraud.

2.5  You don't want that C-iD processes your personal data to send you direct marketing?

It is possible that you do not want C-iD to process your personal data to send you direct marketing. C-iD respects that. Just send an email to support@c-id.org.

But even if you exercise your right to object to direct marketing, you can still see an advertising message on a digital solution from C-iD or elsewhere. This may concern a general advertising message for which C-iD does not process personal data of customers, sending notifications from the browser regarding the newsletter (for which you can always withdraw your consent), or a personalized advertising message for which we only process your cookie data. If you do not want the latter, you can withdraw your consent to the collection of this cookie data and its use for sending customized commercial messages.

2.6  You can dispute an automatically made decision

Some data processing and processes are fully automated without human intervention. In some cases, such a decision can have quite an impact on you. In most cases, C-iD only calculates this profile for customers who request or use a certain service for which these profiles are required. In other cases, C-iD calculates this profile in advance.

If you do not agree with the result of such a fully automated decision, you can contact C-iD via info@c-id.org.

2.7  You can ask to transfer your data to a third party

You have the right to ask C-iD to transfer personal data that you have provided to C-ID on the basis of consent or contract execution to you or directly to a third party.

The legislation does provide for a number of restrictions on this right, so that it does not apply to all data.

2.8  You can ask to restrict the processing of your data

In certain cases, you have the right to ask C-iD to restrict the processing of your personal data. This right is subject to conditions. You can exercise your right to restriction of processing:

  • during the period that enables C-iD to check the accuracy of your personal data if you dispute the accuracy of personal data that C-iD processes about you;
  • when a processing is unlawful, but you do not want the personal data to be deleted;
  • when C-iD no longer has a purpose to process the personal data, but you still need them in the context of a legal claim;
  • pending C-iD's answer to the question whether C-iD's legitimate grounds outweigh yours, if you have exercised your right to object to processing for which C-iD invokes the legitimate interest as a legal basis.

2.9  How to exercise your rights

Depending on what type of customer you are, you can exercise your rights in different ways.

2.9.1-iD customers

Always be as specific as possible if you want to exercise your rights. Then C-iD can handle your question concretely and correctly. C-iD must be able to verify your identity, to prevent someone else from exercising your rights. That is why C-iD can request a copy of your identity card with such an application. If you are a platform user, C-iD will also ask for the mobile phone number or company number with which you are registered with C-iD.

Do you have a question or a comment? Then you can send an e-mail to info@c-id.org. These are your first points of contact regarding privacy.

2.9.2latform users and prospects

You can also exercise your rights as a platform user or prospect. Please send an e-mail to info@c-id.org. Include your name, the e-mail address with which you have registered in the application and possibly the telephone number.

2.10nbsp;You can file a complaint

If you have a complaint regarding the exercise of your rights, C-iD is ready for you by e-mail to info@c-id.org.

You can also always contact C-iD in writing by sending a letter to Zagerijstraat 39 bus 1, 3600 Genk, Belgium or by mail to info@c-id.org.


3    Your personal data for numerous purposes

These purposes are grouped according to the applicable legal basis.

3.1  C-iD must comply with laws, legal obligations and public order

Specifically, C-iD must identify you as a customer, representative or beneficial owner and verify your identity.

C-iD uses data that comes from yourself, but also data that it can find via other channels (internet search engines, social media, the internet, etc.).

C-iD offers its services through various channels, directly www.c-id.org the platform, via the C-iD app, but also through intermediaries.

As a customer of C-iD, you call on a number of services. It has to process C-iD. Examples of processing operations for the execution of contracts are the management of accounts, payment transactions, etc.

If you make a payment transaction, C-iD provides information about the progress of that transaction to the relevant payee (for example, general information about why a direct debit was not carried out).

C-iD processes personal data of representatives of legal entities for authentication of and communication with the legal entity and for the exercise of the powers for C-iD services and products.

C-iD offers its customers products and services in app, which are sometimes also open to platform users. In order to be able to offer these services, C-iD processes personal data, and when the functionality of the service so requires, also calculated personal profiles.

C-iD offers its customers services on the platform and in the app of partners outside the banking or insurance sphere. When data exchange is required to ensure the smooth use of the partner's service, C-iD informs the customer about this in the process.

In order for these applications to work, C-iD exchanges personal data with the partners. C-iD is usually responsible for the processing and for the transfer of customer data to the third party. The partner is responsible for the processing of personal data in the context of the provision of services.

You should contact that third party for more information about the protection of your personal data and to exercise your privacy rights.

As a platform user, you can also use some of the services described above in the C-iD app. In order to be able to offer you the services, C-iD needs a number of data from you (e.g. mobile phone number, e-mail address, company number). C-ID stores your personal data in order to be able to provide the service and to simplify the purchase of such services in the future. To avoid having to enter that data again and again, C-iD keeps your data for a limited time. If you no longer use the services after a certain period of time, C-iD will delete your data. You can also delete your data yourself at any time by deleting your profile via the user menu.

3.3  C-iD processes personal data on the basis of legitimate interest

In addition to compliance with legal obligations, the performance of a contract and consent, C-iD as commercial companies has a number of legitimate interests that form the basis for the processing of personal data. They are motivated by the need to be able to function as a company and to enable the development of new initiatives and their offer to customers. In doing so, C-iD ensures that the impact on your privacy is as limited as possible and that in any case the balance between the legitimate interests of C-iD and the possible impact thereof on your privacy is not disturbed. If you still have objections to these processing operations, you can exercise your right to object. Oppose that C-iD will respect, unless C-iD has compelling reasons not to do so.

For example, C-iD processes personal data in various situations:

  • For risk management, security and fraud prevention, the identification and prevention of major risks, such as the risk of fraud, cyber and credit risks, based on thorough data analysis.
  • Use of personal data for the organization using personal data for internal and regulatory reporting, internal control, defense of rights and for communication as a company. We store personal data for any subsequent evidence. We sometimes outsource the archiving. C-iD can use personal data to support and simplify the purchase, use and termination of products and services by the customer, among other things to avoid having to re-enter information that you previously provided. For example, C-iD can pass on identity data to other companies of the in order to facilitate identification with those other companies.
  • C-iD may also use your personal data for the establishment, exercise, defence and safeguarding of the rights of C-iD or the persons it may represent, for example in the event of disputes.
  • C-iD may use your personal data to create synergy, efficiency increase or other organizational or process benefits. For example, C-iD can combine aggregated customer data with publicly available data to optimize the database.
  • C-iD may also combine the personal data held by the C-iD entities for the creation of segments (e.g. Private individuals, Producers, Architects, contractors, etc.).
  • In order to give you a good service, it is important to distribute data within the organization and to bring them together with (central) relationship managers, including in a CRM application, to maintain your customer image.
  • C-iD cooperates with preferred third-party service providers for the offer of banking and insurance products (see 3.2). In order to be able to screen and contact potential future traders later, C-ID collects identification and contact details of these potential trading partners. The data may have been communicated to C-ID following a business event, published on social media or publicly available.
  • Personal data processed to support ICT systems and software, improve processes, coach employees and improve services
  • During the development of applications, tests with personal data are required, including the final acceptance test prior to bringing an application into production. Where necessary, this can be done in collaboration with third parties appointed by C-iD.
  • If C-iD investigates incidents in applications, C-iD may process personal data for this purpose.
  • Incident management solves problems at the customer level. When the integrity of IT systems is no longer guaranteed, C-iD can solve the problem by recreating the missing element. In doing so, C-iD processes personal data.
  • C-iD may use personal data for the evaluation, simplification, testing and improvement of processes, applications and models, such as optimization of campaigns, simulations and sales on the website. For example, by monitoring the (non-complete) completion of simulations, statistics, satisfaction surveys, data from cookies (such as preference settings for and click behavior on the website).
  • C-iD uses personal data to send you messages or to contact you in the context of a service that you purchase from C-iD or from a third party via C-iD.
  • If you fill in a form from C-iD, it will of course process the data for the administrative management of the process for which you filled in the form. In this way, your data can be stored in a simulation in the meantime. This way you don't have to fill them in again if you end the process or want to start again later.
  • If you have not completed a registration or transaction, we can contact you to see what went wrong and if we can help you. It is about technical and administrative support for that specific process.
  • In order to be able to send out relevant messages and information, C-iD processes customer profiles.
  • Data processing that is necessary to offer (digital) solutions and to determine the relevant strategy of C-iD.
  • C-iD can use your personal data to make you a better proposal. To this end, C-iD analyzes the behavior and some relevant characteristics of the customer based on customer profiles.
  • Drawing up profiles to align C-iD's commercial and product strategy with the behaviour and wishes of customers.

3.4  In certain cases, C-iD asks your permission for the processing of your personal data

C-iD asks your permission:

  • for the processing of data that you added yourself in C-iD applications such as the C-iD app for commercial models and profiles;
  • for geolocation (unless explicitly stated otherwise);
  • to enter underlying data into a form with the information C-ID needs to process the form. C-ID usually asks you to check the correctness of this.

3.5  C-iD uses your personal data to do direct marketing

As a company, C-iD wants to be able to make proposals about an extensive range of products and services. This can be done at your explicit request, or if C-iD suspects that you are interested in or benefit from a product or service.

You can reach this information in all kinds of ways: via the internet and apps, by e-mail, by post, via push messages from the app or from the platform and by telephone. In addition, new technologies are added every day that C-iD is happy to go along with. C-iD does everything it can to convey the information clearly and chooses the most suitable channel for this, which disturbs you as little as possible.

C-ID uses personal data of platform users to carry out direct marketing campaigns on the basis of legitimate interest. This may concern the services offered via C-iD. For this purpose, C-iD processes the limited set of personal data that the user registered when activating the use of the platform (surname and first name, address, mobile phone number and e-mail address). If the user agrees to the use of cookies, C-ID can also send offers based on click and surfing behavior. The platform user can exercise his right of opposition to direct marketing. Then he may still see an advertising message, but then it concerns general advertising, for which C-iD does not process personal data of customers.

3.5.1arketing based on your click and surfing behavior

C-iD can send you offers based on your click and surfing behavior on its websites and applications, but only if you agree to the use of cookies for sending customized commercial messages. The cookie consent determines which offer C-iD can send you.

3.5.2arketing for prospects

C-iD uses contact details of prospects to conduct direct marketing. For commercial messages via e-mail, this only happens after prior permission. 

3.6  C-ID does not sell your personal data

C-iD does not sell or rent your personal data to third parties for their own use, unless you choose to do so yourself by giving your consent or in the context of a service.


4    Different types of data

Below you can read what kind of data C-iD processes.

4.1  Identification, service bound data and personal details


The details of your electronic identity card, accessible without a PIN code, such as name, gender, date of birth, nationality, national register number; but also your customer number, click data, the way you operate your device, identification data of the devices you use (Mac address, IPs, unique identification data of your device).


Phone number, e-mail, language, address, username in social media.


Your files, sites, buildings, housing units, passports and product data. Based on, for example, the number of files and transactions, C-iD can analyze your behavior and detect needs. Based on that profile, we can, for example, approach you with a personalized offer, we can better analyze which tools you work best with, what communication preferences you have or which services you need.


Your profession, professional experience, living environment and property, etc. Comments and suggestions, past complaints. She can certainly help C-iD to serve you better in the future.

4.2  Data from third parties

C-iD sometimes processes public data.

For example, this may concern data that is subject to a publication obligation, such as the publication of your appointment as a director of a company. Whether it concerns data that you have made public yourself, such as information on your website, your blog or via your publicly accessible social media profile, public information available on the internet or data about you that C-iD obtained from third parties (manager, etc.).

4.3  Where you are can be important

If the platform or app wishes to access your location, C-iD will always inform you about this and, if necessary, ask your permission. C-iD asks you for this permission when you visit certain pages on the website or when you use the app, for example.

In order to provide you with that service, C-iD may use a geolocation service provider, such as Google. Google has its own privacy policy. More information can be found on www.google.com/policies/privacy. We therefore advise you to read them. In addition, C-iD can also use your location data to create global models and analyses.

In addition, your location is also known to us based on your IP address and technical data of the phone.

4.4  What you C-iD tells can process C-iD

If you have contact with a C-iD employee, by phone or email, this can be registered:

  • to build a contact overview;
  • to have a (short) report of the contact;
  • as a reminder for tasks that an employee still has to perform;
  • to offer you a better service in the future.

Even if you are not yet a customer, C-iD will store the information you provide. That information can then be used later when you become a customer.

In this way, C-iD wants to avoid, for example, that you always have to communicate the same information or answer the same questions again. In this way, C-iD can also improve the continuity of services for you.

4.5  Monitoring of written correspondence

If you use your e-mail to contact C-iD or if you have digital communication channels that use C-iD, C-iD will provide you with its legally required and administrative communications. In that case, C-iD will send you a push notification to make you aware of this.

C-iD assumes that correspondence with employees in their capacity as C-iD employees is professional, and so C-iD can view them in the context of:

  • their mission,
  • argumentation
  • control at the workplace,
  • security
  • optimization and/or continuity of service to help the C-iD employees correspond with you quickly and efficiently.

4.6  Transaction details

4.6.1pecific services that C-iD delivers you based on your transaction data

C-iD offers you transfer and share services, whereby C-iD gets access to the information of all users to show and identify it. A condition for this is that such data is accessible online. If connecting different users is difficult, limited data can be exchanged to solve those problems.

4.7  It can go beyond your personal data

For example, if you have a company, you agree that C-iD also stores those relationships and processes the data of any related persons. We may also process personal data of persons with whom we do not have a direct relationship, but who are involved in a relationship. If you provide information about your data subjects, we ask you to inform them about this. If this is necessary for a correct service for your company, we can also communicate limited data about you to your employees.

If you provide information about your employees or about those involved, we ask you to inform them about this.

Please note that legal entities may only provide us with personal data of natural persons associated with them, if those persons are sufficiently aware of this and, if necessary, consent to it.

The legal entity therefore indemnifies C-iD against all liability (with regard to the data subjects) in this respect. For example, the company is responsible for complying with privacy laws when it submits a list of users for an online application or beneficiaries for an employee participation program.


5    Collaboration, confidentiality and security

5.1  Not everyone will see your data at C-ID

Only persons who are authorised to do so have access to personal data, and only if that data is relevant to the fulfilment of their assignment.

Within C-iD, your personal data are in principle only processed and consulted by certain services:

  • with whom you have, had or want to have a relationship or contacts;
  • the intervention of which is required for the provision or aftercare of services.

The persons who can consult your data are also bound by strict professional discretion and must comply with all technical regulations to ensure the confidentiality of your personal data and the security of the systems they contain.

5.2  Processing of data by processors of C-iD

For the processing of personal data, C-iD uses various processors. These are companies that process the data on behalf of C-iD.

5.2.1rocessors inside C-iD

For the processing of personal data C-iD calls on processors within C-iD, located within the European Union: Itaci.

The data processing that C-iD does on behalf of C-iD includes a number of control functions and support functions such as complaint management, marketing support, support of invoicing, payment traffic and ICT management of C-iD.

5.2.2ther processors

Furthermore, C-iD may, directly or indirectly, call on other processors, such as:

  • Consultants;
  • third party business owners to fulfill general vigilance obligations imposed by law:
  • ICT (security) service providers, such as Microsoft, specialized artificial intelligence companies such as Scone;
  • marketing and communication agencies and similar companies, where C-iD uses your personal profile information present with them in order to be able to make you the appropriate proposals in combination with the data that C-iD has about you via their channels (e.g. Google, Facebook, ...);
  • companies that support C-ID to determine and analyze your user behavior on our applications and our internet sites (e.g. Adobe, YouTube);
  • companies for archiving and accessing information, for example Google Drive (archives information for all customers, including those who did not opt for digital archiving).
  • companies specialized in scanning digital documents in order to digitize files with associated information;
  • printers for printing and addressing, among other things, passports with QR codes;
  • translators and translation agencies;
  • companies that offer Platform as a Service (Paas) and Software as a Service (SaaS) services in the cloud, such as the CRM application Teamleader, which uses C-iD to maintain your customer view, and the storage services of Google Workspace, on which C-iD can place its own platforms or software that process and store your personal data.

5.3  Processing by other data controllers

As the controller, C-iD may, in addition to other processors, also call on other service providers or third parties who are themselves responsible for the processing, such as lawyers or notaries.


5.4  C-iD takes concrete measures to secure your data

C-iD ensures that strict rules are followed and that the processors concerned:

  • have only the data they need to carry out their assignments;
  • have committed themselves to C-iD to process this data securely and confidentially and to use it only for the execution of their assignments.

C-iD cannot be held liable if those processors (in accordance with the legislation) provide personal data of customers to local authorities or if incidents occur at those processors, despite the measures they have taken.

C-iD ensures that European data protection standards are applied to personal data worldwide. 

C-iD takes internal technical and organizational measures to prevent personal data from getting into the hands of and being processed by unauthorized persons, or accidentally modified or destroyed.

The premises, the servers, the network, the transfers and the data are strictly secured. This is also additionally checked by a specialized service.

Together with you, we should be aware that exchanges via e-mail can be intercepted and strive, where possible, to use another means of communication or to limit the information.

The C-iD platform or website and app may contain links to websites or information from third parties. C-iD does not control those websites or that information of third parties. The providers of those websites or information may have their own privacy policies. We therefore recommend that you read them. C-iD is not responsible for the content of those websites, their use or the privacy policy of those websites.

C-iD sometimes facilitates the publication of (personal) data via social media. Keep in mind that those channels have their own terms of use that you have to comply with yourself. Publication on social media can have (undesirable) consequences, also for your privacy or that of people about whom you share data. You may not be able to delete a publication in the short term. So you have to assess the consequences yourself, because you make the decision about the publication on those media. C-iD does not accept any responsibility for this.

5.5  C-iD does not store your data forever

C-iD uses your personal data if C-ID has a clear purpose for this. If C-iD no longer has a purpose, we delete the data.

The starting point for keeping your personal data is the statutory retention period (usually up to ten years after the end of a contract or the execution of a transaction; for business claims this is up to thirty years after the end of a contract or the execution of a transaction). For the exercise of our rights, this may be longer. If the law does not prescribe a retention period, the retention may be shorter.

Some applications may require a wider time horizon, for example for making studies, risk and marketing models. Some insights only become clear if you look at them in a broader time frame. The retention period can therefore be extended by ten years compared to the standard retention periods. C-iD will, as stated, always break the link with individual persons as soon as possible and only work with aggregated or pseudonymised data.

For example, information that you registered yourself on the platform or in the app, C-iD stores for five years.

C-iD uses personal data of prospects for a maximum of five years, unless there was a contact with the prospect in the meantime. Then a new term of up to five years will start. The prospect can always ask to delete his personal data.

5.6  Data transfer outside the EEA

The laws in some countries outside the EEA (such as the United States of America or India) do not always provide the same data protection that applies in the EEA member states. 

C-iD always prefers that processing of personal data takes place on the territory of the European Union. Due to the nature of some processes (e.g. if 24/7 support is required), in some cases personal data may be transferred to processors outside the EEA.

Even if the data centre is located within the EEA, there is a possibility that access from outside the EEA will remain possible (e.g. in case of technical problems, or when 24/7 support is needed). This is also considered as data transfer outside the EEA.

For some processes, the data centers of the processors may be located outside the EEA or there is access from outside the EEA, such as the United States of America and India.

5.7  C-iD does not simply respond to questions from third parties

Because C-iD must comply with its duty of discretion and privacy legislation, it can only answer questions from third parties if they are based on a legal provision or a legitimate interest, which are necessary for the execution of the agreement, or with the consent of the data subject.

In the latter case, it even recommends requesting the data from the data subject himself.

C-iD cannot be held liable if the lawful recipients of data, personal data of customers or legal entities have to submit to local authorities due to a foreign legal obligation. Or if they treat personal data insecurely.

5.8  You too can help secure your data

C-iD has no or insufficient influence on certain aspects of (technical) data processing and cannot guarantee total security. Just think of the internet or mobile communication (such as smartphones).

When hackers are at work, C-iD doesn't always manage to fend off their cyberattacks in time. Sometimes it even has no control over it at all, for example if a hacker manages to obtain your identification data by installing illegal software on your computer (spyware) or by creating a fake website (phishing).