Data Privacy Policy – FastID

Summary

Below you will find a very brief summary of how we manage your personal data. If you want more information, scroll down for the extended text.

The FastID-app is created and made available by FastID, Melkeppe 24, (2498 CV) Den Haag, the Netherlands.

By using the app we process the following categories of your personal data: e-mail address (at registration) and the information you add to your profile for using the app.

By accepting the Terms & Conditions and this Data Privacy Policy you give consent to process the above mentioned categories of personal data. If you’re under 16 years of age, you can not give legally valid consent and need the consent of your parent(s) for downloading and using the FastID-app.

With the exception of the parties with whom we collaborate as mentioned under point 4, we only transfer your personal data on to third parties after you have given us explicit consent to do so and related to specific use-cases.

We have put in place appropriate security measures to prevent your information from being lost, used or accessed in an unauthorised way. If you feel that your personal data is not properly secured or there are indications of abuse, do not hesitate to contact us.

Under certain circumstances, you have rights in relation to your personal data, including the right to access, correct, erase and withdraw your consent. Please send a request to: privacy@fastid.nl. In case you are unhappy with the way we treat your personal data or request, you can complain to the regulator.

1. Applicability

FastID is a Dutch company that has developed and exploits a digital identity service for consumers and merchants, named the FastID-app, to provide fast and secure access to services. This data privacy policy applies to the FastID-app with all content, functions, and services. The FastID-app is digitally offered to users from 16 years and older. With the use of the FastID-app personal data will be processed. FastID is responsible for this data processing and in doing so abides by the General Data Protection Regulation (GDPR).

The vision of FastID is based on the idea that the consumer should be the one to have full ownership and control of its personal data and identity. With FastID the ID and the personal data from the user is stored encrypted only on the mobile phone of the user. This means that only the user can access the data, and that only the relevant data will be shared with explicit consent of the user.

FastID fully adheres to the applicable privacy rules in all processing activities, such as those included in the General Data Protection Regulation (GDPR).

Please find our contact details below:

FastID B.V.
Wilhelmina van Pruisenweg 35
2595 AN Den Haag
The Netherlands

In case you have any questions relating to data protection, please contact us via privacy@fastid.nl.

2. Personal Data

The design of the FastID-app is such that personal data is stored exclusively on the telephone of the user. In the registration process for the FastID-app, FastID will only request the email address from the user to confirm the installation of the FastID-app, and in order to contact the user in case that is needed for the delivery of the service.

Furthermore, we may process the personal data that is voluntarily provided by users and stored in the FastID-app. This means that FastID may collect, store, and use personal when it is voluntarily submitted to us by the user. Examples of such personal data are name, address, place of residence, telephone number, passport data and facial photo.

Other than the email address FastID has no access to any personal data the user stores in the FastID-app.

3. Consent

Apart from the processing of the email address of the user, which FastID needs to deliver the service, the legal basis for the processing of all personal data is explicit consent. Before processing or transferring any personal data of the user and in every specific use-case, explicit consent from the user will be asked.

The user will be given the opportunity to withdraw their consent at any time, after which the processing will be terminated.

4. Third parties

FastID will not transfer your personal data to third parties without your explicit consent, unless this is necessary to comply with a judicial proceeding, court order or legal process. In addition, parties with whom we collaborate to make the services possible (so-called sub-processors) have access to your personal data in certain cases. We have made agreements with these parties about, among other things, the way in which personal data is processed and the security requirements. Below is a summary of the sub-processors with whom FastID cooperates with regard to the service:

Amazon Web Services - data hosting back-end (servers within the EEA)
Amazon Rekognition - facial recognition (optional)
Oracle OPERA PMS - transfer reservation data (optional for hotels)
Mews PMS - transfer reservation data (optional for hotels)
Trask ZenID - liveness check / verification document / performing and improving the fraud check.
20Face - facial recognition (optional)

5. Security

We have taken appropriate security measures to protect your personal data against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. In the agreements with the third parties, we work with, we have agreed the same measures to ensure that their security level is also sufficient to protect your personal data.

6. User rights

Under the General Data Protection Regulation (GDPR) users may exercise certain rights regarding their personal data processed with the use of the FastID-App:

- Withdraw consent: you can withdraw your consent at any time by sending us an email.
- Access: you have the right to access your personal data.
- Rectification: if it appears that your personal data is incorrect, you can ask us to update or correct your data.
- Restrict: under circumstances you have the right to ask us not to process your data for any purpose other than just storing it.
- Delete: you can also request us to delete personal data and stop using it.
- Data portability: you have the right to receive your data to have it transmitted to another controller.
- Object: you have the right to object to the processing of your data if the processing is carried out on a legal basis other than consent.

The app is designed in such a way that FastID does not have access to the data that the user has included in it. The user himself is the only person who can add, correct and delete data.

If you have a question about the processing of your personal data, or in case you want to exercise the above-mentioned rights, please contact us via privacy@fastid.nl. Your requests shall be exercised free of charge and will be addressed by us as early as possible and always within one month.

If you are not satisfied with the way in which we handle your personal data or related requests and/or questions, you can also submit a complaint to Dutch Data Protection Authority via: https://autoriteitpersoonsgegevens.nl.

7. Legal information / version

This privacy statement has been prepared based on provisions of relevant privacy and data protection legislations, including the General Data Protection Regulation. Technical changes or new functionalities/services to the FastID-app may lead to adaptation of this data privacy policy. FastID reserves the right to make such changes and will publish the adapted privacy policy directly afterwards.

Latest update: 19 September 2023