Tietoevry Banking Privacy Policy

Tietoevry has developed the Tietoevry Authentication App to be used for remote identity proofing where you, no matter of your location, can prove that you are the holder of an identity document issued to yourself. The process is straightforward, fast and secure as no data is stored in the app or on the device. Communication with the approval processes in a backend is secured with strong encryption to protect your data from tampering, unauthorized access and alteration.

INFORMATION ABOUT Tietoevry's PROCESSING OF YOUR PERSONAL DATA:

Tietoevry is acting as Data Controller in relation to the processing of your personal data in the Tietoevry Authentication App solution following your agreement with the company or bank requesting you to prove your identity with the Tietoevry Authentication App.

Data Controller:

Full name of legal entity: Tietoevry Oyj

Postal address: Keilalahdentie 2-4, 02150 Espoo, Finland

Telephone number: +3582072010

DPO contact information:

Tietoevry has appointed a Data Protection Officer who can be contacted at dpo@tietoevry.com. Please note that the authority, company or bank you entered into agreement with is acting as Data Controller for the processing your personal data in the respective authority, company or in the bank.

PERSONAL DATA NEEDED FOR USE OF Tietoevry Authentication App SOLUTION:

Processing of your personal data in Tietoevry Authentication App include all data resulting from the following performed actions:

SCAN OF MACHINE-READABLE ID DOCUMENT BASED ON ICAO9303 (PASSPORT,RESIDENCE CARD, NATIONAL IDENTITY CARD):

• Name
• Date of birth
• Nationality
• Place of birth
• Gender
• Document number
• Photo
• National identity number

PROCESSING:

Validate document data against public sources to verify authenticity of document. Perform a face match of your picture against biometric data stored in your identity document. Conduct liveness process of a user to ensure the user is alive and the correct person.

Biometric data in the use for identification against identity document

Biometric data in use for liveness detection

PURPOSE OF PROCESSING PERSONAL DATA IN Identity Proofing SOLUTION for Identity Proofing, authentication or signing purposes

Your personal data is processed for the purpose as specified and agreed with the authority, company or bank, where you originally have a customer relation to for identity proofing.

LEGAL BASIS FOR PROCESSING OF PERSONAL DATA IN Tietoevry Authentication App

• GDPR Article 6.1.b (necessary for the validity of the agreement between you and the authority, company or bank who directed you to use Tietoevry Authentication App)
• GDPR Article 6.1.c (necessary for Tietoevry to comply with the legal obligation)
• GDPR Article 9.2.a (Explicit consent: processing of biometric data and national identification number)

SOURCE

The personal data Tietoevry is processing about you directly is the personal data that you are providing by means of using the IdentityProofing app as described above.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

Tietoevry is only processing your personal data in the context for Identity Proofing in

Tietoevry Authentication App or in the Identity Proofing backend. The Result of the identification process, together with the necessary data for the authority,company or bank, is used for the purpose to accept the result for the individual identity document holder.

STORAGE AND DELETION IN Tietoevry Tietoevry Authentication App SOLUTION:

• Your personal data received from your mobile device is not stored in your device storage. When using the app, data is stored in device memory and discarded when the process is finished. The App is running in protected space secured with attestation control and encryption
• Your personal data (including biometric data) is stored in the identity Proofing solution backend for up to 10 years, unless law requirements are requiring the Data Controller to keep personal data for longer retention periods or needed for any other later re-identification process required by the authority, company or bank which initiated the identity proofing process.
• Liveness data as a result from your face scan is only stored in the device memory for the length of the process before it's sent to the backend for processing.
• Your personal data is stored in EU/EEA in a secured and protected environment.
• All personal data are stored encrypted in the backend: This includes biometric data.

YOUR RIGHTS

You have the following rights that you can request in respect of the information about you that we hold:

• Request to give you access to the personal data Tietoevry, authority, company of bank is processing about you.
• request us to rectify your personal data, update your personal data or erase your personal data
• Be aware by erasing data your status with authority, company or bank, may be revoked.
• request us to restrict the usage of your personal data
• Deny or object to the usage of your personal data
• withdraw your consent in relation to any processing regarding your consent
• data portability for such information collected directly from you and based on contract or consent
• automated decision-making

COMPLAINTS OR QUESTIONS:

If you have any questions to the processing of your personal data in the Tietoevry Tietoevry Authentication App, you are welcome to contact either privacy@tieotoevry.com Tietoevry DPO at: dpo@tietoevry.com

You are also entitled to complain to the local data protection authority in your local country regarding our processing of your personal data if you believe it is not being processed in accordance with applicable rules.

For more questions regarding the processing of your personal data related to your agreement on authentication or signing please contact the authority, company or bank that is using the Identity Proofing App to prove your identity.