DigiCert Remote ID Verification Privacy Notice

DigiCert Remote ID Verification Privacy Notice

Remote identity verification is an emerging method of individual biometric authentication that is conducted online. DigiCert, Inc. and its affiliates (“DigiCert”) offer remote identity verification to customers of specific products and services, like our document signing solution, to allow more location flexibility with the identity verification process. Customer accounts wishing to use the optional remote identity verification workflow will require applicants to upload their identity documents and pass a “liveness” test in addition to providing the personal data necessary to register for a DigiCert account. The specifics of the workflow and your data privacy are detailed below.

DigiCert is headquartered in Utah, USA. We take your privacy seriously and will only use your personal data to deliver the products and services requested.

Who are we?

DigiCert is a Global Trust Services Provider that provides services around the world.

Who is our Privacy Officer?

Data Protection Officer: Aaron Olsen, email: privacy@digicert.com

What data is collected?

In the remote identification verification process, our identity verification agents collect information that is necessary to provide the verification services. As part of this process, we collect and process the following personal data:

• Account creation information (please see our DigiCert Public Privacy Notice “Information that DigiCert Receives” for the information collected in this process)
• An image of the ID document you provide to verify your identity; with the ID document image, we will then collect and process the information contained on the ID document.
• First Name
• Last Name
• Date of birth
• Place of birth
• ID Type
• ID number
• Machine Readable Zone
• National identification number
• ID valid until
• Scan of ID document
• Nationality
• ID issuance date
• Issuing authority
• Images of your facial likeness (which include a three-dimensional facial scan) to compare to the image provided on your ID document
• Additional information that may not be available from your ID document but required to complete certification application, including:
• • Maiden name (optional)
  • Job title (optional)
  • Place of birth
  • Issuing country/nationality
  • Address

Why do we collect information and what is our lawful basis for processing?

Processing the personal data mentioned above is necessary to verify your identity to provide you with DigiCert products and services. Our lawful basis for this optional biometric processing is consent; consent records are available to the applicant at their request.

Who is collecting it?

We use third party applications to collect data directly from you. Where we use such applications they act entirely under our control and serve as a data processor; thus they are contractually bound only to collect and process the personal data according to our instructions and not to use it for any other purpose.

How will it be used?

Your personal data will be used to verify your identity for the purpose of user registration.

Who will it be shared with?

Your personal data will not be shared with any other person or party outside DigiCert and its agents.

Where will it be stored?

For all data subjects located outside Switzerland, your personal data collected during remote identity verification is processed and may be temporarily stored for up to 90 days in the EEA.

For data subjects in Switzerland, your personal data collected during remote identity verification is processed and may be temporarily stored for up to 90 days in Switzerland.

After any temporary processing, personal data associated with the remote identity verification process is stored according to your DigiCert account configuration. Please see our DigiCert Public Privacy Notice “Where We Store Your Data” for information on storage locations.

What data do we retain?

• First Name
• Last Name
• Date of birth
• Place of birth
• ID Type
• ID number
• ID valid until
• Scan of ID document
• Applicant image
• Nationality
• ID issuance date
• Issuing authority
• Machine Readable Zone

How is your data protected?

We use a combination of technical, administrative, organizational and physical safeguards to protect your personal data. Access to your personal data is restricted to those who are necessary for the delivery of the services. These safeguards are tested as part of our annual audits and accreditations. For further details please see details of our accreditations. For more information on our technical and organizational measures in place to protect your personal data, please visit https://www.digicert.com/legal-repository/security.

Automated Decision Making and Profiling

The remote identity verification process does involve the use of automated decision making, wherein you use a mobile device with a camera to capture images of yourself which are then compared to your image on the uploaded ID document. The process is designed to verify your identity with reference to the ID document. If you do not wish to use this optional automated process, you may elect to have a human agent verify your identity in a face-to-face setting (see “Your Options,” below).

We do not use your identify verification information to engage in profiling.

Your Options

Individuals have the option to use the remote identity verification process or the traditional in-person identity verification process. The traditional in-person verification process requires a third party, such as an attorney or a notary, to verify your identity and your identification documents. To obtain instructions on how to set up an in-person verification through an acceptable attorney or notary, please email our validation team at a location near you:

Netherlands (NL): qv.cas.nl@digicert.com
Germany (DE): qv.cas.de@digicert.com
Switzerland (CH): qv.cas.ch@digicert.com
United Kingdom (UK): qv.cas.uk@digicert.com
Other European Countries: qv.cas@digicert.com
Locations Outside of Europe: validation@digicert.com

Additional Information

To learn more about DigiCert data handling practices, please review DigiCert’s Public Privacy Notice.

This Privacy Notice

As our organization grows, this Privacy Notice is also expected to change over time. This Privacy Notice may be updated periodically to reflect changes in our personal information practices. You should check our site frequently to see the current Privacy Notice that is in effect.

The Privacy Notice was last updated on March 13, 2023.

Contact

If you have questions regarding this Privacy Notice, please contact us via email at: privacy@digicert.com.