DENIC ID – Data Handling Policy

Last Modified: April 11th, 2019
Effective Date: April 15th, 2019

What is the scope of this policy

DENIC ID is the authentication service for your ID4me-based identity, or in simple terms, the entity that stores and verifies your password when you log in with ID4me.

DENIC ID is a service operated by DENIC eG, Kaiserstraße 75-77, 60329 Frankfurt, Germany (in this document referred to as “DENIC” or “we”). The service is provided to you as a subscriber of a digital identity service (in this document referred to as “you”). You have typically subscribed to this service through an identity provider (in this document referred to as “ID Provider” or “ID Agent”) and are using the service to gain access to third-party websites (in this document referred to as “Login Partner”).

This policy describes the data DENIC collects to provide you with the DENIC ID service, how it is used and shared with others, and which choices you have regarding this data. We recommend reading this Data Handling Policy along with our Data Privacy Statement, which includes information on how we protect your data and whom to contact for any concerns or questions you may have related to DENIC ID data privacy.

What kind of data do we collect and/or process

In order to provide you with your ID, we need to collect and process certain data about you. Protecting your privacy and enabling you to control which data you chose to share or not share with others is a key objective of the DENIC ID service. Certain kinds of data are optional for you to provide, others are required for the DENIC ID service to work.

Data you provide yourself

Data created while you use the service

Data your ID Provider relays to us

Data about your interactions with Login Partners

Device information

How we use this data

To set up and manage your identity with DENIC ID

To authenticate you for access to services of Login Partners

How is this data shared

We share information about you only with Login Partners or ID Providers, so that we can provide the ID service. We will not share any of your data with third parties, unless we are required to do so under German or European law.

Sharing data with Login Partners

Sharing data with ID Agents

Sharing data with law enforcement authorities

How we retain and delete this data

DENIC requires the data gathered or created while using the service to provide the DENIC ID service. We retain your data for the duration of your service subscription and for a period of 6 months thereafter. Certain information, including transaction und usage data, will be stored for up to 6 years as it may be subject to prolonged legal retention requirements. If you wish to delete your personal data, you can initiate the deletion process by cancelling your DENIC ID subscription with your sponsoring ID Provider. Once your ID Provider has requested a deletion, your identity will initially be disabled for a period of 30 days, during which it can be restored by your ID Provider on your behalf. After this period, your identity will be deleted, and related data will be retained as per the duration set out above.

How we update this Policy

We may update this Policy from time to time. If we make significant changes to this Policy, we will notify you when you log in to the DENIC ID dashboard. By continuing to use the DENIC ID service after such notice, you consent to updates to this policy.