Data Privacy Policy – FastID application

1. Applicability

FastID is a Dutch company that has developed and exploits a digital identity service for consumers and merchants, named the FastID-app, to provide fast and secure access to services. This data privacy policy applies to the FastID-app with all content, functions and services. The FastID-app is digitally offered to users from 16 years and older. With the use of the FastID-app personal data will be processed. FastID is responsible for this data processing and in doing so abides by the General Data Protection Regulation (GDPR).

The vision of FastID is based on the idea that the consumer should be the one to have full ownership and control of its personal data and identity. With FastID the ID and the personal data from the user is stored encrypted only on the mobile phone of the user. This means that only the user can access the data, and that only the relevant data will be shared with explicit consent of the user.

FastID fully adheres to the applicable privacy rules in all processing activities, such as those included in the General Data Protection Regulation (GDPR).

Please find our contact details below:

FastID B.V.
Wilhelmina van Pruisenweg 35
2595 AN Den Haag

The Netherlands

In case you have any questions relating to data protection, please contact us via

2. Personal Data

The design of the FastID-app is such that personal data is stored exclusively on the telephone of the user. In the registration process for the FastID-app, FastID will only request the email address from the user to confirm the installation of the FastID-app, and in order to contact the user in case that is needed for the delivery of the service.

Furthermore, we process the personal data that is provided by users and stored in the FastID-app. This means that FastID may collect, store, and use personal when it is voluntarily submitted to us by the user. Examples of such personal data are name, address, place of residence, telephone number, passport data, facial photo, etc.

Other than the email address FastID has no access to any personal data the user stores in the FastID-app.

3. Consent

Apart from the processing of the email address of the user, which FastID needs to deliver the service, the legal basis for the processing of all personal data is explicit consent. Before processing or transferring any personal data of the user and in every specific use-case, explicit consent from the user will be asked.  

The user will be given the opportunity to withdraw their consent at any time, after which the processing will be terminated.

4. Third parties

FastID will not transfer your personal data to third parties without your explicit consent, unless this is necessary to comply with a judicial proceeding, court order or legal process. FastID will not transfer any personal data outside the European Economic Area.

5. Security and data retention

We have taken appropriate security measures to protect your personal data against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data. In the agreements with the third parties, we work with, we have agreed the same measures to ensure that their security level is also sufficient to protect your personal data.

6. User rights

Under the General Data Protection Regulation (GDPR) users may exercise certain rights regarding their personal data processed with the use of the FastID-App:

- Withdraw consent: you can withdraw your consent at any time by sending us an email.
- Access: you have the right to access your personal data.
- Rectification: if it appears that your personal data is incorrect, you can ask us to update or correct your data.
- Restrict: under circumstances you have the right to ask us not to process your data for any purpose other than just storing it.
- Delete: you can also request us to delete personal data and stop using it.
- Data portability: you have the right to receive your data to have it transmitted to another controller.
- Object: you have the right to object to the processing of your data if the processing is carried out on a legal basis other than consent.

The app is designed in such a way that FastID does not have access to the data that the user has included in it. The user himself is the only person who can add, correct and delete data.

If you have a question about the processing of your personal data, or in case you want to exercise the above-mentioned rights, please contact us via Your requests shall be exercised free of charge and will be addressed by us as early as possible and always within one month.

If you are not satisfied with the way in which we handle your personal data or related requests and/or questions, you can also submit a complaint to Dutch Data Protection Authority via:

7. The Airport use-case

Below is a summary of the processing of personal data in the context of the use of FastID at airports. This is a generic description and can be further supplemented per specific use case in the available privacy documentation if required.When using the FastID Service at the airport, personal data is processed to enable you to get access to e.g. the security checkpoint or other products such as lounges, control at the gate or the self- service kiosks. Passengers store their biometric data in the FastID mobile app and upload the respective boarding pass to the app before each flight. Passengers give their explicit consent to use their personal information for face recognition. At the airport, a live image of the passenger is created at the respective process points and transmitted to FastID in encrypted way. If the identification of the passenger is unique, the required boarding pass data is transmitted to the airport and the process point is activated for that passenger.

All images of the passenger generated at the airport are deleted immediately after being sent to FastID. FastID deletes the image of the passenger and flight information at the end of the following day of the data matching process day. The legal basis for data processing is your consent pursuant to Article 6 (1)(a) GDPR, which you have given as part of the confirmation process. You can be revoked at any time and without giving reasons with effect for the future. The revocation can be made in the FastID app. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.For the performance of the FastID services, the involved parties, such as the airport, airline and FastID, are responsible for clearly defined and separate parts of the services. In this respect, the parties provide their parts of the services and process data in their own responsibility and independent from the other party.

FastID is responsible for:
(1)         creating the FastID account;
(2)         saving provided biometrical passenger data on the local device of the passenger;
(3)         uploading the boarding pass through wallet or QR code scan for a specific flight;
(4)         extracting information from QR code of the boarding card;
(5)         obtaining consent by passengers to use passenger information for facial recognition services at the airport;
(6)         storing/hosting encrypted passenger string with biometrical information and boarding card details and wait for request by the other service provider;
(7)         if applicable, sending error message to the relevant service provider;
(8)         matching best picture of the passenger taken at the airport to stored encrypted passenger string;
(9)         sending boarding card string to the relevant service provider.

The Airline/Airport is responsible for:
(1)         detecting passengers at the boarding card control process point at the airport;
(2)         activating the camera in the boarding card control zone;
(3)         capturing video stream and sending best picture to FastID backend;
(4)         analyzing received boarding card string and proceed services;
(5)         opening the gate at the boarding card control or keeping it closed and showing message in display;
(6)         offering fallback procedure to passenger with physical provision of boarding card;
(7)         showing message to passenger in display.As stated above this is a general description of the responsibilities when using the FastID service(s) at airports. Additional, more specific information will be made available upon purchase/subscription to the service.

8. Legal information / version

This privacy statement has been prepared based on provisions of relevant privacy and data protection legislations, including the General Data Protection Regulation. Technical changes or new functionalities/services to the FastID-app may lead to adaptation of this data privacy policy. FastID reserves the right to make such changes and will publish the adapted privacy policy directly afterwards.

Latest update: May 12th, 2023