Home
Buy Tokens
News
About the Token
About V-ID
Whitepaper
Roadmap
My Account
Contact us

V-ID updates

  • Ex-CTO American Express, joins V-ID
    V-ID welcomes Chris Robinson
  • V-ID and DigiByte aim to end document fraud
    read more about this joint development
  • Sign up for our newsletter
    receive the latest news and best offers
 

 
 

GDPR Statement

 
Last updated on September 14th, 2018

V-ID USER RESPONSIBILITIES

V-ID expects each of its users to act as a data controller for any personal data that is entered into the V-ID platform. The data controller determines the purposes and means of processing personal data, while the data processor processes data on behalf of the data controller. V-ID is a data processor and processes personal data on behalf of the data controller when the controller is using the V-ID Platform.

Data controllers are responsible for implementing appropriate technical and organisational measures to ensure and demonstrate that any data processing is performed in compliance with the GDPR. Controllers’ obligations relate to principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation and accuracy, as well as fulfilling data subjects’ rights with respect to their data.

V-ID PLATFORM and GDPR

V-ID has implemented appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR.

KNOWLEDGE

V-ID employees keep up to date on security and privacy technology and legislation.

Continuous enhancements are made to the V-ID platform to keep security up to date, perform regular security review processes, update and monitor the security infrastructure and regular verification of policies.

DATA HANDLING

Our terms of use clearly and simply outline privacy and data ownership commitments to our users. All data that a user enters into a V-ID platform will only be processed in accordance with the agreed terms and conditions. All V-ID employees and other parties working on behalf of V-ID have signed a confidentiality agreement.

USE OF SUB-PROCESSORS

V-ID may use data sub-processors.

SERVICES SECURITY

V-ID hosts all solutions in secure and ISO 27001 compliant European (mostly Dutch) datacentres. Access to the servers is restricted to authorised personnel only. V-ID uses an extensive set of user profiles and access roles ito control access and use of user data.

AVAILABILITY, INTEGRITY, AND RESILIENCE

V-ID hosts all solutions based on highly redundant hardware and aims to provide users with maximum protection against system unavailability and loss of data.

TESTING

V-ID conducts disaster recovery, penetration testing and active security checks on a regular basis.

ENCRYPTION

The V-ID platform uses various levels of encryption to protect data from being viewed by unauthorised users.

Data in transit is always SSL encrypted. Encryption schemes are frequently reviewed to stay up to date with the latest security standards and quality. Outdated encryption schemes are deprecated as needed.

ACCESS

V-ID or its sub-processors' employees have access rights based on their job function and role. Access is granted on a need-to-know basis and regularly reviewed and adjusted.

VULNERABILITY MANAGEMENT

V-ID constantly scans for platform vulnerabilities using a wide variety of tools and mis-use detection systems including regular penetration testing, brute force sign on attempts, DDOS attacks and other techniques that potentially put customer data at risk.

PLATFORM SECURITY

The V-ID platform contains a series of features and functions to protect personal data against unauthorised or unlawful processing. Examples are 2-factor authentication, password strength checking, IP address checking, auto-disabling of profiles after a series of invalid login attempts and monitoring of suspicious logins using a frequently updated set of rules.

DATA RETURN & REMOVAL

Administrators can export and delete data from the V-ID platform. Data can be manually or automatically deleted after a period of time.