Under the GDPR (General Data Protection Regulation), in force since 25 May 2018, Digidentity—as a Qualified Trust Service Provider (QTSP)—must comply with strict requirements when processing personal data. These requirements include:
- Transparency: Digidentity clearly explains in its Privacy Statement how personal data is processed. Customers must review and accept this information before creating an account.
- Purpose limitation: Personal data is collected and processed only for the specific purposes described in the Privacy Statement. Data is never used for purposes that are not explicitly stated.
- Data minimisation: Digidentity only collects the personal data necessary to provide its services and meet regulatory obligations.
- Accuracy: Personal data must be correct and up to date. Users are requested to update their details through their Digidentity account when necessary.
- Storage limitation: Personal data is not retained longer than required for the provision of services or to comply with legal and regulatory retention periods.
- Integrity and confidentiality: Digidentity implements strict technical and organisational measures to protect personal data from unauthorised access, loss, alteration, or destruction.
- Accountability: Digidentity is responsible for demonstrating compliance with all GDPR requirements and maintaining appropriate documentation and safeguards.
For more information on how Digidentity processes and protects personal data, please refer to our Privacy Statement on our documentation page.