Your privacy is very important to us. We want to process your personal data in a legal, correct and transparent manner. In this privacy statement we explain which personal data we collect and process from you as a natural person.
1 Safeguarding your privacy together
We define multiple categories of individuals whose personal data we collect and process:
1.1 Privacy statement valid for processing of personal data collected by C-iD via website, platform, app or from other sources
We advise you to read this information carefully, so that you know what C-iD can use your data for. You will also find more information about your privacy rights and how you can exercise them in this privacy statement.
C-iD may amend this privacy statement. The most recent version can always be found on www.ci-id.org. For any important substantive change, C-iD informs you via its website, app or other communication channels.
We also recommend that you read the C-iD Cookie Statement when using a digital solution, such as the C-iD website and the C-iD application. In it you can read what cookies are, which cookies C-iD uses and how C-iD monitors your privacy. You can consult this cookie statement on www.c-id.org, at the bottom of the webpage.
1.2 C-iD handles your personal data with care
C-iD is a platform that is active in Belgium and a selection of countries worldwide. The registered office is located at Zagerijstraat 39 bus 1, 3600 Genk, Belgium. More information about the activities of C-iD can be found on www.c-id.org.
C-iD is responsible for the processing of personal data in the context stated in this Privacy Statement.
2 Right to privacy
If C-iD processes your data, you have a lot of rights. If C-iD asks you for permission for a processing, you can also withdraw that permission yourself whenever you want.
2.1 You can view your data
If you want access to the data that C-iD processes about you, please let us know. Some data can be viewed directly via, for example, the www.c-id.org platform or the C-iD app.
If you exercise your right of access, C-iD will give you as complete an overview of your data as possible. It is possible that some personal data from classic backup files, log, history or archive files (e.g. the existence of a permission) are not included in this overview. This data is not part of the currently processed personal data and is therefore not immediately available. You can, however, request this additionally (e.g. cookie data).
Anti-money laundering legislation prohibits C-iD in certain cases from giving you access to the personal data that C-iD processes about you. For example, C-iD cannot give you access to an anti-money laundering investigation. That is prohibited by law because release could jeopardize the investigation. In that case, you can request further information via firstname.lastname@example.org.
2.2 You can have your data corrected
It may happen that certain data that C-iD has stored about you is not (or no longer) correct. You can always ask to have that data corrected or completed.
For the standard service, you can adjust certain data yourself via the user menu, both via the platform and the app.
2.3 You can have your data deleted
You can ask C-iD to delete your personal data. If C-iD no longer has a compelling reason for the processing of your personal data, C-iD will delete it. A legal obligation may prevent deletion.
2.4 You can object to a certain use of data
If you do not agree with the way in which C-iD processes certain data on the basis of its legitimate interest, you can object to this. Objection that we will comply with, unless there are compelling reasons not to do so, which will be the case, for example, if we process data to combat fraud.
2.5 You don't want that C-iD processes your personal data to send you direct marketing?
It is possible that you do not want C-iD to process your personal data to send you direct marketing. C-iD respects that. Just send an email to email@example.com.
But even if you exercise your right to object to direct marketing, you can still see an advertising message on a digital solution from C-iD or elsewhere. This may concern a general advertising message for which C-iD does not process personal data of customers, sending notifications from the browser regarding the newsletter (for which you can always withdraw your consent), or a personalized advertising message for which we only process your cookie data. If you do not want the latter, you can withdraw your consent to the collection of this cookie data and its use for sending customized commercial messages.
2.6 You can dispute an automatically made decision
Some data processing and processes are fully automated without human intervention. In some cases, such a decision can have quite an impact on you. In most cases, C-iD only calculates this profile for customers who request or use a certain service for which these profiles are required. In other cases, C-iD calculates this profile in advance.
If you do not agree with the result of such a fully automated decision, you can contact C-iD via firstname.lastname@example.org.
2.7 You can ask to transfer your data to a third party
You have the right to ask C-iD to transfer personal data that you have provided to C-ID on the basis of consent or contract execution to you or directly to a third party.
The legislation does provide for a number of restrictions on this right, so that it does not apply to all data.
2.8 You can ask to restrict the processing of your data
In certain cases, you have the right to ask C-iD to restrict the processing of your personal data. This right is subject to conditions. You can exercise your right to restriction of processing:
2.9 How to exercise your rights
Depending on what type of customer you are, you can exercise your rights in different ways.
Always be as specific as possible if you want to exercise your rights. Then C-iD can handle your question concretely and correctly. C-iD must be able to verify your identity, to prevent someone else from exercising your rights. That is why C-iD can request a copy of your identity card with such an application. If you are a platform user, C-iD will also ask for the mobile phone number or company number with which you are registered with C-iD.
Do you have a question or a comment? Then you can send an e-mail to email@example.com. These are your first points of contact regarding privacy.
2.9.2latform users and prospects
You can also exercise your rights as a platform user or prospect. Please send an e-mail to firstname.lastname@example.org. Include your name, the e-mail address with which you have registered in the application and possibly the telephone number.
2.10nbsp;You can file a complaint
If you have a complaint regarding the exercise of your rights, C-iD is ready for you by e-mail to email@example.com.
You can also always contact C-iD in writing by sending a letter to Zagerijstraat 39 bus 1, 3600 Genk, Belgium or by mail to firstname.lastname@example.org.
3 Your personal data for numerous purposes
These purposes are grouped according to the applicable legal basis.
3.1 C-iD must comply with laws, legal obligations and public order
Specifically, C-iD must identify you as a customer, representative or beneficial owner and verify your identity.
C-iD uses data that comes from yourself, but also data that it can find via other channels (internet search engines, social media, the internet, etc.).
C-iD offers its services through various channels, directly www.c-id.org the platform, via the C-iD app, but also through intermediaries.
As a customer of C-iD, you call on a number of services. It has to process C-iD. Examples of processing operations for the execution of contracts are the management of accounts, payment transactions, etc.
If you make a payment transaction, C-iD provides information about the progress of that transaction to the relevant payee (for example, general information about why a direct debit was not carried out).
C-iD processes personal data of representatives of legal entities for authentication of and communication with the legal entity and for the exercise of the powers for C-iD services and products.
C-iD offers its customers products and services in app, which are sometimes also open to platform users. In order to be able to offer these services, C-iD processes personal data, and when the functionality of the service so requires, also calculated personal profiles.
C-iD offers its customers services on the platform and in the app of partners outside the banking or insurance sphere. When data exchange is required to ensure the smooth use of the partner's service, C-iD informs the customer about this in the process.
In order for these applications to work, C-iD exchanges personal data with the partners. C-iD is usually responsible for the processing and for the transfer of customer data to the third party. The partner is responsible for the processing of personal data in the context of the provision of services.
You should contact that third party for more information about the protection of your personal data and to exercise your privacy rights.
As a platform user, you can also use some of the services described above in the C-iD app. In order to be able to offer you the services, C-iD needs a number of data from you (e.g. mobile phone number, e-mail address, company number). C-ID stores your personal data in order to be able to provide the service and to simplify the purchase of such services in the future. To avoid having to enter that data again and again, C-iD keeps your data for a limited time. If you no longer use the services after a certain period of time, C-iD will delete your data. You can also delete your data yourself at any time by deleting your profile via the user menu.
3.3 C-iD processes personal data on the basis of legitimate interest
In addition to compliance with legal obligations, the performance of a contract and consent, C-iD as commercial companies has a number of legitimate interests that form the basis for the processing of personal data. They are motivated by the need to be able to function as a company and to enable the development of new initiatives and their offer to customers. In doing so, C-iD ensures that the impact on your privacy is as limited as possible and that in any case the balance between the legitimate interests of C-iD and the possible impact thereof on your privacy is not disturbed. If you still have objections to these processing operations, you can exercise your right to object. Oppose that C-iD will respect, unless C-iD has compelling reasons not to do so.
For example, C-iD processes personal data in various situations:
3.4 In certain cases, C-iD asks your permission for the processing of your personal data
C-iD asks your permission:
3.5 C-iD uses your personal data to do direct marketing
As a company, C-iD wants to be able to make proposals about an extensive range of products and services. This can be done at your explicit request, or if C-iD suspects that you are interested in or benefit from a product or service.
You can reach this information in all kinds of ways: via the internet and apps, by e-mail, by post, via push messages from the app or from the platform and by telephone. In addition, new technologies are added every day that C-iD is happy to go along with. C-iD does everything it can to convey the information clearly and chooses the most suitable channel for this, which disturbs you as little as possible.
3.5.1arketing based on your click and surfing behavior
3.5.2arketing for prospects
C-iD uses contact details of prospects to conduct direct marketing. For commercial messages via e-mail, this only happens after prior permission.
3.6 C-ID does not sell your personal data
C-iD does not sell or rent your personal data to third parties for their own use, unless you choose to do so yourself by giving your consent or in the context of a service.
4 Different types of data
Below you can read what kind of data C-iD processes.
4.1 Identification, service bound data and personal details
The details of your electronic identity card, accessible without a PIN code, such as name, gender, date of birth, nationality, national register number; but also your customer number, click data, the way you operate your device, identification data of the devices you use (Mac address, IPs, unique identification data of your device).
Phone number, e-mail, language, address, username in social media.
Your files, sites, buildings, housing units, passports and product data. Based on, for example, the number of files and transactions, C-iD can analyze your behavior and detect needs. Based on that profile, we can, for example, approach you with a personalized offer, we can better analyze which tools you work best with, what communication preferences you have or which services you need.
Your profession, professional experience, living environment and property, etc. Comments and suggestions, past complaints. She can certainly help C-iD to serve you better in the future.
4.2 Data from third parties
C-iD sometimes processes public data.
For example, this may concern data that is subject to a publication obligation, such as the publication of your appointment as a director of a company. Whether it concerns data that you have made public yourself, such as information on your website, your blog or via your publicly accessible social media profile, public information available on the internet or data about you that C-iD obtained from third parties (manager, etc.).
4.3 Where you are can be important
If the platform or app wishes to access your location, C-iD will always inform you about this and, if necessary, ask your permission. C-iD asks you for this permission when you visit certain pages on the website or when you use the app, for example.
In addition, your location is also known to us based on your IP address and technical data of the phone.
4.4 What you C-iD tells can process C-iD
If you have contact with a C-iD employee, by phone or email, this can be registered:
Even if you are not yet a customer, C-iD will store the information you provide. That information can then be used later when you become a customer.
In this way, C-iD wants to avoid, for example, that you always have to communicate the same information or answer the same questions again. In this way, C-iD can also improve the continuity of services for you.
4.5 Monitoring of written correspondence
If you use your e-mail to contact C-iD or if you have digital communication channels that use C-iD, C-iD will provide you with its legally required and administrative communications. In that case, C-iD will send you a push notification to make you aware of this.
C-iD assumes that correspondence with employees in their capacity as C-iD employees is professional, and so C-iD can view them in the context of:
4.6 Transaction details
4.6.1pecific services that C-iD delivers you based on your transaction data
C-iD offers you transfer and share services, whereby C-iD gets access to the information of all users to show and identify it. A condition for this is that such data is accessible online. If connecting different users is difficult, limited data can be exchanged to solve those problems.
4.7 It can go beyond your personal data
For example, if you have a company, you agree that C-iD also stores those relationships and processes the data of any related persons. We may also process personal data of persons with whom we do not have a direct relationship, but who are involved in a relationship. If you provide information about your data subjects, we ask you to inform them about this. If this is necessary for a correct service for your company, we can also communicate limited data about you to your employees.
If you provide information about your employees or about those involved, we ask you to inform them about this.
Please note that legal entities may only provide us with personal data of natural persons associated with them, if those persons are sufficiently aware of this and, if necessary, consent to it.
The legal entity therefore indemnifies C-iD against all liability (with regard to the data subjects) in this respect. For example, the company is responsible for complying with privacy laws when it submits a list of users for an online application or beneficiaries for an employee participation program.
5 Collaboration, confidentiality and security
5.1 Not everyone will see your data at C-ID
Only persons who are authorised to do so have access to personal data, and only if that data is relevant to the fulfilment of their assignment.
Within C-iD, your personal data are in principle only processed and consulted by certain services:
The persons who can consult your data are also bound by strict professional discretion and must comply with all technical regulations to ensure the confidentiality of your personal data and the security of the systems they contain.
5.2 Processing of data by processors of C-iD
For the processing of personal data, C-iD uses various processors. These are companies that process the data on behalf of C-iD.
5.2.1rocessors inside C-iD
For the processing of personal data C-iD calls on processors within C-iD, located within the European Union: Itaci.
The data processing that C-iD does on behalf of C-iD includes a number of control functions and support functions such as complaint management, marketing support, support of invoicing, payment traffic and ICT management of C-iD.
Furthermore, C-iD may, directly or indirectly, call on other processors, such as:
5.3 Processing by other data controllers
As the controller, C-iD may, in addition to other processors, also call on other service providers or third parties who are themselves responsible for the processing, such as lawyers or notaries.
5.4 C-iD takes concrete measures to secure your data
C-iD ensures that strict rules are followed and that the processors concerned:
C-iD cannot be held liable if those processors (in accordance with the legislation) provide personal data of customers to local authorities or if incidents occur at those processors, despite the measures they have taken.
C-iD ensures that European data protection standards are applied to personal data worldwide.
C-iD takes internal technical and organizational measures to prevent personal data from getting into the hands of and being processed by unauthorized persons, or accidentally modified or destroyed.
The premises, the servers, the network, the transfers and the data are strictly secured. This is also additionally checked by a specialized service.
Together with you, we should be aware that exchanges via e-mail can be intercepted and strive, where possible, to use another means of communication or to limit the information.
5.5 C-iD does not store your data forever
C-iD uses your personal data if C-ID has a clear purpose for this. If C-iD no longer has a purpose, we delete the data.
The starting point for keeping your personal data is the statutory retention period (usually up to ten years after the end of a contract or the execution of a transaction; for business claims this is up to thirty years after the end of a contract or the execution of a transaction). For the exercise of our rights, this may be longer. If the law does not prescribe a retention period, the retention may be shorter.
Some applications may require a wider time horizon, for example for making studies, risk and marketing models. Some insights only become clear if you look at them in a broader time frame. The retention period can therefore be extended by ten years compared to the standard retention periods. C-iD will, as stated, always break the link with individual persons as soon as possible and only work with aggregated or pseudonymised data.
For example, information that you registered yourself on the platform or in the app, C-iD stores for five years.
C-iD uses personal data of prospects for a maximum of five years, unless there was a contact with the prospect in the meantime. Then a new term of up to five years will start. The prospect can always ask to delete his personal data.
5.6 Data transfer outside the EEA
The laws in some countries outside the EEA (such as the United States of America or India) do not always provide the same data protection that applies in the EEA member states.
C-iD always prefers that processing of personal data takes place on the territory of the European Union. Due to the nature of some processes (e.g. if 24/7 support is required), in some cases personal data may be transferred to processors outside the EEA.
Even if the data centre is located within the EEA, there is a possibility that access from outside the EEA will remain possible (e.g. in case of technical problems, or when 24/7 support is needed). This is also considered as data transfer outside the EEA.
For some processes, the data centers of the processors may be located outside the EEA or there is access from outside the EEA, such as the United States of America and India.
5.7 C-iD does not simply respond to questions from third parties
Because C-iD must comply with its duty of discretion and privacy legislation, it can only answer questions from third parties if they are based on a legal provision or a legitimate interest, which are necessary for the execution of the agreement, or with the consent of the data subject.
In the latter case, it even recommends requesting the data from the data subject himself.
C-iD cannot be held liable if the lawful recipients of data, personal data of customers or legal entities have to submit to local authorities due to a foreign legal obligation. Or if they treat personal data insecurely.
5.8 You too can help secure your data
C-iD has no or insufficient influence on certain aspects of (technical) data processing and cannot guarantee total security. Just think of the internet or mobile communication (such as smartphones).
When hackers are at work, C-iD doesn't always manage to fend off their cyberattacks in time. Sometimes it even has no control over it at all, for example if a hacker manages to obtain your identification data by installing illegal software on your computer (spyware) or by creating a fake website (phishing).