These principles of processing personal data describe how WeVerify B.V. as a data controller ensures the protection of personal data in accordance with applicable laws while offering KYC services. The aim of these principles is to provide information for the subscribers on the relevant topics related to personal data processing and to introduce principles that WeVerify B.V. follows while processing personal data.
These principles do not concern the storage and processing of data of legal persons or other institutions.
Should you have any questions relating to the processing of personal data we kindly ask you to contact us using the following contacts:
Data controller:
WeVerify B.V.
Address: Wilhelminaplein 1 3072DE Rotterdam, The Netherlands
Phone: +31 10 257 99 99
E-mail: info@weverify.com
Or
Data Protection Officer:
E-mail: dpo@weverify.com
The General Data Protection Regulation 2016 (GDPR) is one of the most significant pieces of legislation affecting the way that WeVerify B.V. carries out its information processing activities. Significant fines are applicable if a breach is deemed to have occurred under the GDPR, which is designed to protect the personal data of citizens of the European Union. It is WeVerify B.V.’s policy to ensure that our compliance with the GDPR and other relevant legislation is clear and demonstrable at all times.
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, as amended up to 18 October 2024. WeVerify B.V. is guided by the eIDAS Regulation in its document signing activities and service provision. The regulation is directly applicable in the European Union, containing requirements and conditions for providing different trust services, including specific requirements for personal data processing.
Data Category | Specific Data Collected | Purpose of Collection | Legal Basis |
Personal Details | First Name, Last Name, Middle Name (if applicable) | Document signing, Managing your account, Communicating with you regarding your service requests | Contractual Necessity |
Street Address, City, Postal Code, Country | Providing KYC solutions, Managing your account | Legal Obligation | |
Contact Information | Email Address | Communicating with you regarding your service requests, Managing your account, Informing you with updates, news, special offers, and general information | Contractual Necessity, Consent (for marketing communications) |
Phone Number (including country code) | Communicating with you regarding your service requests, Managing your account | Contractual Necessity | |
Identification | National Identification Number, Issuing Country of Identification Number | Providing KYC solutions | Legal Obligation |
Type of Identity Document (e.g., Passport, Driver’s License), Identity Document Number, Identity Document Expiry Date, Issuing Authority of Identity Document, Scanned Copy of Identity Document (if collected) | Documents signing, Providing KYC solutions | Contractual Necessity, Legal Obligation (for KYC) | |
Technical Data | Device Model, Operating System Version, Browser Type, Browser Version, IP Address, Device ID (if applicable) | Fraud prevention, Service optimization | Legitimate Interest |
IP Address, Timestamp of Access, Pages Visited, Actions Taken on the Service | Monitoring service usage, Fraud prevention, Security | Legal Obligation | |
Biometric Data | Type of Biometric Data (e.g., Facial Image), Method of Collection (e.g., Photo Upload, Video Recording), Purpose of Biometric Data (e.g., Identity Verification), Storage Method (e.g., Encrypted Storage) | Identity Verification, Preventing fraud during KYC and Digital signing processes | Explicit Consent |
Near Field Communication Data | NFC data collected during identity verification process. To provide NFC based identity verification service Legal obligation | Verifying identity documents (e.g., ePassports, national ID cards) containing NFC chips, Preventing fraud during identity verification | Legal Obligation, Explicit Consent |
Account Information | Username, Password (stored in hashed format), Account Creation Date, Last Login Date, Account Status (e.g., active, inactive, suspended) | Managing your account, Providing and securing access to the services | Contractual Necessity, Legitimate Interest (for security) |
Communication Data | Content of Communications with Customer Support (e.g., emails, chat logs, call recordings), Date and Time of Communications, Channel of Communication | Providing customer support, Improving our services, Training purposes | Contractual Necessity, Legitimate Interest (for service improvement) |
Payment Information | Payment Method (e.g., Credit Card, Bank Transfer), Credit Card Type, Credit Card Expiry Date, Last Four Digits of Credit Card, Billing Address, Transaction History, Payment Amount, Payment Date, Payment Status (e.g., successful, failed) Note: We may use a third-party payment processor and not directly store full credit card details. | Processing payments, Managing subscriptions, Preventing fraud | Contractual Necessity, Legal Obligation (for financial reporting) |
Marketing Preferences | Whether you have opted in to receive marketing communications, Preferred channels for marketing communications (e.g., email, SMS), Topics of interest | Sending marketing communications, Personalizing marketing content | Explicit Consent |
Location Data | General Location Data derived from IP Address (e.g., City, Country), Precise Location Data | Personalizing content, Fraud prevention, Providing location-based services (if applicable) | Legitimate Interest (for general location), Consent (for precise location) |
Usage Data | Device Information: Internet Protocol (IP) Address, Browser Type, Browser Version, Mobile Device Type, Mobile Device Unique ID, Mobile Operating System, Mobile Internet Browser Type, Unique Device Identifiers, Diagnostic Data: Error Logs, Performance Data (e.g., page load times) | Analysing service usage, Improving user experience, Troubleshooting technical issues, Preventing fraud, Ensuring security, Personalizing content, Monitoring performance, | Legitimate Interest (for service improvement and security), Contractual Necessity (for providing the service), Legal Obligation (in some cases, e.g., for security logging) |
KYC Data | Proof of Identity Documents, Proof of Address Documents (e.g., Utility Bill, Bank Statement), Source of Funds Information, Politically Exposed Person (PEP) Status, Sanctions Screening Results | Complying with KYC/AML regulations, Preventing fraud and money laundering | Legal Obligation |
Legal obligations: To comply with applicable laws and regulations
Consent: Where you have provided explicit consent for us to process your data.
Contractual necessity: To fulfill our obligations under a contract with you.
WeVerify B.V. processes personal data only as long as necessary for fulfilling the purposes for which the personal data was collected or for fulfilling the obligations arising from applicable legislation. Please note that in order to provide digital signing and KYC services, we are guided by the GDPR regulations for the storage of personal data.
WeVerify B.V. is required to retain evidence used for identifying you during the provision of digital signing services and logs related to the procedures performed for at least 10 years. This retention is necessary to investigate any potential misuse of your identity and to demonstrate the appropriateness of WeVerify B.V.’s operations in providing digital signing services, if required. Retention of data and evidence is required under law and verified by independent auditors and supervisory bodies.
Your information, including Personal Data, is processed at the Company’s operational offices and any other locations where parties involved in the processing are situated. This means that your information may be transferred to and stored on computers located outside of your state, province, country, or other governmental jurisdiction, where data protection laws may differ from those in your jurisdiction.
By consenting to this Privacy Policy and providing your information, you agree to such a transfer.
The Company will take all reasonable measures to ensure that your data is handled securely and in accordance with this Privacy Policy. No transfer of your Personal Data will occur to any organization or country unless adequate safeguards are in place to secure your data and other personal information.
If the Company participates in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will notify you prior to the transfer of your Personal Data, at which point it will be subject to a different Privacy Policy.
In certain situations, the Company may be obliged to disclose your Personal Data if required by law or in response to valid requests from public authorities (e.g., a court or government agency).
The Company may disclose your Personal Data when it believes in good faith that such action is necessary to:
Data subject has the right to access his/her personal data, request rectification, deletion, transmit of data and restriction of processing.
To exercise the rights listed above, you can send electronically signed request to the e-mail address info@weverify.com. We will respond to your request within 30 days.
We emphasize that the request cannot be met in the following cases:
If the processing of personal data is based on consent, at any time you can withdraw your consent unless a direct illegitimacy to related laws by submitting an application in electronically signed form to e-mail address info@weverify.com
Should you find that your rights regarding the processing of personal data have been infringed, we ask you to send an electronically signed complaint via e-mail to info@weverify.com. We will reply to your e-mail within 30 days.
If you find that WeVerify B.V. is not processing your personal data in accordance with the relevant legislation, you may file a complaint to your national data protection authority.
Consent must be obtained from a data subject to collect and process their personal data in accordance with the GDPR, with parental consent required for children under 18 (or a lower age as defined by individual EU member states). Clear and accessible information regarding the use of their personal data and their rights, including the right to withdraw consent, must be provided at the time of consent; if not collected directly, this information must be shared within one month. Special categories of personal data, such as biometric data, require explicit consent, and WeVerify B.V. will ask for this consent during registration, specifically for the facial image extracted from a video you provide for identity verification. We process personal data within the EU or the EEA, and if any authorized processors are located outside this area, we comply with applicable legal safeguards, including adequacy decisions and standard contractual clauses.
It is WeVerify B.V.’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR regulation, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 24 hours.
WeVerify B.V. uses cookies on its websites. For further information, you can access our Privacy Policy on our website.
