Privacy statement and cookie statement for xID. Version 1.0 - 16.01.18.
1. xID is an easy login and signup solution
xID is an easy service for login and signup with sites that offer xID. xID identifies you based on recognising the devices (computer, tablet and mobile phone) where you have choosen to activate xID.
Merchants that use xID can be websites, web shops, public or private web services, apps or other sites that use xID in their services.
3. Data controller
BankID Norge AS, org. no 913 851 080, Munkedamsveien 45A, NO-0250 Oslo, is the data controller for the processing of your personal data in xID.
You can request access to the personal data we have stored about you. Requests for access and corrections can be addressed to firstname.lastname@example.org. If you wish to be deleted from the service, you can do so at www.bankid.no/xid.
4. Our verification of your identity
We need to be certain who you are. When you create your xID, as well as for activating xID on new devices, you need to identify yourself using BankID.
5. Why do we process your personal data?
The purpose of processing your personal data is to be able to deliver xID to you. We need to process your personal data to be able to recognise your devices, and to ensure that merchants receive correct information about you when you use xID to login and signup.
6. Transferring your personal data from BankID to xID
xID needs correct information about you in order to work.
When you order xID, the following personal data will be transferred from the BankID service to the xID service:
- A unique user number – same for BankID and xID
- First name and last name
- Date of birth
- Norwegian national identity number
If your BankID(s) are changed, updated information will be transferred to xID.
7. Transfer of personal data to merchants
You decide on which xID merchants you would like to use xID. This is done through dialogue boxes on the individual site. The merchants you approve will receive the following information about you:
- Your first name and last name
- Your date of birth
- A unique user number - same for BankID and xID
- Your Norwegian national identity number (if they have already registered this information)
The alternative to using xID is to signup and log in manually. We have created xID to save you this trouble.
8. The merchants’ use of your personal data
The merchants’ use of the personal data transferred from xID depends on the terms and conditions of each merchant. BankID Norge AS is not responsible for a merchant’s subsequent use of your personal data. If you wish to access, correct or delete the information stored with a merchant, you must contact the merchant directly.
9. Deletion of personal data. Logs
Your personal data will be processed until you terminate the service, or until BankID Norge terminates your agreement to use xID. When the service is terminated, your personal data will be deleted from xID within a month.
We store a log of your use of xID and the corresponding merchants. In addition to invoicing and operational purposes, the log safeguards your interests and consumer rights in the event of disputes relating to purchases and orders from merchants.
The log is kept for three months.
10. When do we start processing your personal data?
Your personal data will be processed in xID from the time you start using the service.
You may receive an offer to start using xID when logging in with BankID, or when logging in to or registering with different xID merchants. xID will not process any of your personal data until you have created your xID.
11. Security and device security
xID will identify you based on recognising the devices where you have activated xID, e.g. your tablet, mobile phone and/or computer.
Thus, it is important to have control of the devices that you use xID on. You should also protect such devices by using a screen lock or similar. You should not let others use such devices or have access to them. Do not use xID on a shared computer that many people have access to.
If a device where you have activated xID is stolen or lost, we recommend that you delete the device from xID. Find out how at www.bankid.no/xid.
12. Cookies and device fingerprinting technology
We use a cookie with a unique number to recognise your devices. The number is randomly generated and your identity cannot be derived from it. The only link between this number and your identity is within the xID-solution. The solution and this information is protected under the most stringent requirements for data security and access.
xID will also retrieve information about your browser for enhanced security. This information includes various properties that can be retrieved by standard technology (known as device fingerprint technology).
xID may also register and store other data about your use of xID for your security and to prevent criminal offences. Such security data could be changes in user behaviour or the condition of the device, and can be used to detect deviations from normal values to counteract and, if relevant, follow up criminal offences targeting you and/or the merchant.