V-ID CUSTOMER RESPONSIBILITIES
V-ID expects each of its customers to act as a data controller for any personal data that is entered into a V-ID configured platform. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. V-ID is a data processor and processes personal data on behalf of the data controller when the controller is using the V-ID Platform.
Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, and accuracy, as well as fulfilling data subjects’ rights with respect to their data.
V-ID PLATFORM and GDPR
V-ID has implemented appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR.
V-ID employees keep up to date on security and privacy technology and legislation.
Continuous enhancements are made to the V-ID platform to keep security up to date, perform regular security review processes, update and monitor the security infrastructure and regular verification of policies.
Our contracts clearly and simply outline privacy and data ownership commitments to customers. If needed, we will work with our customers to define specific processing terms and conditions. All data that a user enters into a V-ID platform will only be processed in accordance with the agreed terms and conditions. All V-ID employees have signed a confidentiality agreement.
USE OF SUB-PROCESSORS
V-ID does not use data sub-processors unless explicitly requested for or mutually agreed with the customer.
V-ID hosts all solutions in secure and ISO 27001 compliant data European (most Dutch) centres. Access to the servers is restricted to authorised personnel only. Per configuration a different and extensive set of user profiles and access roles is configured to control access and use of data per user.
AVAILABILITY, INTEGRITY, AND RESILIENCE
V-ID hosts all solutions based on highly redundant hardware,providing our customers with maximum protection against system unavailability and loss of data.
Escrow agreements can be contracted to ensure software and data availability in the event of V-ID not being able to deliver its services.
V-ID conducts disaster recovery on a regular basis.
The V-ID platform uses various levels of encryption to protect data from being viewed by unauthorised users.
Data in transit is always SSL encrypted, mostly through HTTPS connections. Encryption schemes are frequently reviewed to stay up to date with the latest security standards and quality. Outdated encryption schemes are deprecated as needed.
V-ID employees have access rights based on their job function and role. Access is granted on a need-to-know basis and regularly reviewed and adjusted.
V-ID constantly scans for platform vulnerabilities using a wide variety of tools and mis-use detection systems including regular penetration testing, brute force sign on attempts, DDOS attacks and other techniques that potentially put customer data at risk.
The V-ID platform contains a series of features and functions to protect personal data against unauthorised or unlawful processing. Examples are 2-factor authentication, password strength checking, IP address checking, auto-disabling of profiles after a series of invalid login attempts and monitoring of suspicious logins using a frequently updated set of rules.
DATA RETURN & REMOVAL
Administrators can export and delete data via the V-ID platform at any time during the term of the agreement. All data is linked to user profiles. Depending on the agreed policy data can be auto-deleted after a period of time. All data that is related to a user can be deleted by deleting the user profile.
Society's digitalisation comes with new forms of fraud
Our mission is to validate every important process and file, so fraud and errors do not hold back society's innovations and advancements in digitalization.