GetID use and secure your personal data whilst you are using the GetID website www.getid.ee or when you enter into a contract with GetID to provide services to your organisation.
GetID processes service users personal data as directed by our clients for the provision of our service. Our clients are also joint data controllers who determine the purpose of Processing of Personal Data and, accordingly, GetID is a joint controller of user personal data with respect to those services. In other cases, GetID is a controller of user personal data (e.g. users of GetID´s web page)
GetID takes the protection and security of your personal data very seriously and this policy sets out our responsibilities under the General Data Protection Regulation 2016 (‘GDPR’) and other applicable laws/regulations in European Economic Area (EEA) relating to the processing and security of personal data.
Our registered head office is located in the Republic of Estonia:
Maakri 19/1, 30th floor, 10145, Tallinn, Estonia
Company registration number: 14700267
If you have any questions or concerns regarding the processing of your personal data, you can contact our Data Protection Officer at firstname.lastname@example.org.
Personal Data we process
Personal data we process about clients and their representatives:
For entering into an Agreement, for providing our Service, for communicating with the representative of our client and for other lawful reasons we need to Process the data of client’s representative.
This means we may Process, among other, following Personal Data of the representative of the client:
- personal information of the representative of the client, such as name, position, contact information;
- personal information in connection of provision of the Service, such as data from communication with us;
- technical data, including but not limited to information about, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes, also, your general geographic location (e.g. city, country);
- publicly available relevant data.
We collect this data either from you directly, when you communicate with us directly e.g., sending us an email, providing us with your Personal Data on the phone or through visiting our offices.
Please note that we also check information about client (incl. about relevant representatives of client) from publicly available sources. We only gather relevant and necessary data in order to validate right of representation.
Personal data we process about our services user
We may collect and Process, among other, the following Personal Data:
personal information of service user, such as name, sex, personal identification code, date of birth, legal capacity, nationality, citizenship, but also historic data of that service user that may have been stored with us during previous counteractions within the retention periods;
document details, such as the name of the document, issuing country, number, expiry date, security features;
facial recognition data, such as photos, videos and sound recording, photographs taken from you and your document and video and sound recording of the verification process;
contact details, such as address, e-mail address, telephone numbers, IP address;
technical data, including but not limited to information about, the date and time that you use the Services, your IP address and domain name, your software and hardware attributes, also, your general geographic location (e.g. city, country);
biometrical data, such as facial identifiers;
publicly available relevant data, e.g. information about being politically exposed person (PEP) and checks in sanction lists.
Legal basis for processing personal data
GetID processes Client and service user related data, including personal data, on the following basis:
the Client/service user has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of the Client agreement to which the Client is a party or in order to take steps at the request of the data subject prior to entering into a Client agreement;
processing is necessary for compliance with a legal obligation to which GetID is subject to;
processing is necessary for the performance of a task carried out in the exercise of official authority request;
processing is necessary for the purposes of the legitimate interests pursued by GetID or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Client/service provider which require protection of personal data.
GetID’s legitimate interests are expressed in furtherance of its own operating activity in offering Clients better services and products, developing its own products, ensuring data and information security and performance of general legal obligations set forth in legal acts.
The GDPR and your rights
As an individual, you have rights under the GDPR regarding the use of your personal data, these are:
Your right of access- You have a right to know what personal data GetID hold on you and for what purpose we are processing your personal data.There may be some exemptions, which means you may not always receive all the information we process.
Your right to rectification- You have the right to ask us to rectify any information you believe is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure- You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing- You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing- You have the right to object to processing if we are able to process your information because the processing is in our legitimate interests.
Your right to data portability- You can request that the personal data you have provided to GetID be ported to another organisation.This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
Please read more about your rights from chapter III of the General Data Protection Regulation.
If your request concerns data we have Processed as a Processor you must submit your request to the service provider who is the controller of Processing of your Personal Data, we will inform you if this is the case.
Retention of Personal Data
GetID shall not process Client Data for longer than necessary for performing the objectives of the Processing, including for complying with the duty, set forth in legal acts, to retain data and for resolving disputes arising from agreement(s) entered into with the Client or for resolving potential disputes. GetID shall preserve Client data, who has entered into a Client agreement for receiving the investment services, for at least five years following the termination of the Client relationship, unless other terms for the preservation of data or documents are prescribed by law.
Submission of complaint
Where you believe that GetID has not taken our responsibilities with your personal data seriously, you have the right to complain to Data Protection Inspectorate (https://www.aki.ee/en/contacts).