Privacy statement ReadID demo app

Version: 17 March 2016 

InnoValor provides, through the Google Play Store, the ReadID - NFC Passport Reader demo app, see https://play.google.com/store/apps/details?id=nl.innovalor.nfciddocshowcase. We provide this app free of charge to demonstrate and improve the underlying ReadID software.

 

What personal information is processed and stored?

InnoValor thus does not collect personal information. We do not know nor want to know who the users of our demo app are and whose identity documents are scanned.

The app however does need to process the personal information that is on the chip of the identity document, including privacy-sensitive information like name, date of birth, personal number and document number. In addition, the app scans via Optical Character Recognition technology (or alternatively via manual entry) the date of birth, date of expiry and document number since these are needed to get access to the information on the chip. This is a security feature of the chip, to avoid unauthorized access to its contents.

The app processes this information locally on the smartphone, i.e., the app does not send personal information to a server for processing. The personal information that is processed is not stored on the smartphone, with the exception of the date of birth, date of expiry and document number.  The app stores this so that the user does not have to re-enter this information (manually or through the optical scan) when opening the identity document for the second time. The user can manually delete the latter information by clicking on the cross icon in the app.

 

What non-personal information in collected and why?

The demo app is for both demonstration purposes and for improving the underlying ReadID software. For the improvement we need to collect the app’s usage information. This usage information does not contain personal information. Moreover, InnoValor cannot directly or indirectly relate the usage information to a specific person. Usage information will only be used for improving the quality of the app and not for other purposes. InnoValor will only retain the information for as long as is necessary to fulfil the specified purpose.

InnoValor collects the following usage information:

- Phone details, including phone type, Android version, memory size. We do not collect information that is unique for a certain phone.

- What type of identity document was scanned and read: was the scan successful, was the chip read successfully, what country issued the identity document, the document signing certificate as stored on the chip and the date of expiry. We collect the date of expiry since this allows us to determine the version of the scanned identity document.

- Usability information: how long the different steps take, if a user managed to go through all steps and usage frequency.

InnoValor uses servers under its own control as well as Google’s Android Analytics to collect usage information.

 

How is the personal information secured?

Since all the processing of personal information is done on the phone, the confidentiality of this information depends on the security of the phone. The app uses encrypted network connections for the communication of usage information.

 

What information can be shared by the user?

The app provides two options to allow the user to share the scanned information. The app uses the built-in sharing feature of the mobile operating system, where explicit action from the user is needed and the user selects an external app (e.g. an email client) to share the information with. Typically, within the external app selected by the user for sharing, the user can see and redact the information before actually sending it off through the Internet.

The first sharing option allows a user to share the photo and personal information details, e.g., emailing these to him or herself. InnoValor has implemented this feature due to popular demand from users. InnoValor recommends the user to use this feature with caution, since the information includes privacy-sensitive personal information such as name and personal number. Sharing this information on a social network is possible but InnoValor strongly discourage this.

The second sharing option allows users to share debug logging information with InnoValor. In case there is a technical issue sending this debug information can help us fix this issue. This log does not contain privacy sensitive information, e.g., no personal number or name. Via the settings the logging of debug information can be switched on or off. The user can inspect the exact log that is send to InnoValor himself.

 

Changes in this privacy statement

This privacy statement may change from time to time.  If the changes are significant or reduce the rights of users, then InnoValor will provide a prominent notice.