This Privacy Statement applies solely to the use of the MYDIGIPASS.COM™ (“MDP”) service provided through or with the MYDIGIPASS.COM™ website (“Website”).
This Privacy Statement describes how VASCO will collect, transfer, disclose, process and use personal data and personally identifiable information (collectively, “Information”) obtained from users of the Website and how you as user of the Website can access your Information and control its use.
This Privacy Statement does not apply to the collection or use of your Information by third party websites, service providers or applications you access directly with your MYDIGIPASS.COM account, or enabled DIGIPASS hardware or software, or indirectly via the Website. Please refer to the privacy policies of such third party websites, service providers or applications before providing Information to them or consenting that your Information be shared with or by them.
"VASCO" refers to VASCO Data Security, Inc., 1901 South Meyers Road, Suite 210, Oakbrook Terrace, Illinois, U.S.A., if and to the extent you are legally domiciled in North, South, Central America or the Caribbean and VASCO Data Security International GmbH, Balz-Zimmermannstrasse 7, CH-8152 Glattbrugg, Switzerland, if and to the extent you are legally domiciled outside of North, South, Central America or the Caribbean. In Belgium, VASCO is represented, in accordance and for the sole purposes of the Privacy Act of 8 December 1992, by VASCO Data Security NV, Koningin Astridlaan 164, 1780 Wemmel, VAT BE 0446.822.877 RPR Brussels.
Types of Information collected through the Website
VASCO, as responsible data controller, will collect the following Information when you visit the Website and access its pages:
“Active” Information that you disclose to VASCO includes Information that VASCO requires when you create your MDP user account (“Account”) such as your full name, address, email, telephone or mobile phone number, your employer (if you are a MDP developer subscribing to the Website on behalf of your employer), your date of birth, Information that you add to your MDP user profile (“User Profile”), and such other Information you elect to disclose and as VASCO may request from time to time.
If you have a MYDIGIPASS.COM account initiated with your Belgian electronic identity card through the CSAM Belgian Government Portal (“eID Card”) or if you later add your eID Card to your Account, then Active Information includes, to the extent not prohibited under applicable law, and only as necessary to allow VASCO to provide the Website services requested by you from time to time, certain data available on your eID Card, specifically (A) your eID Card number, , the chip number, the authentication certificate, begin and end dates of the eID Card validity period, your name, , as well as (B) your gender, your photograph, where you were born, your birth date, your nationality, the municipality where your eID Card was issued, if you’re a member of nobility, and your complete address. Type (A) information is necessary for the provision of all MYDIGIPASS.COM services relying on the eID Card; type (B) information is collected and processed by VASCO for specific purposes, depending on specific applications or service providers, e.g., to detect and solve homonyms, to comply with regulations, such as is the case for e.g., banking or insurance institutions, imposing to authenticate – or to keep evidence or copies of – eID information relating to customers, such as their gender, address, photograph, birth date or birth place, or where such information is more generally necessary for the delivery of the intended service. If you choose, the Active Information so collected may then be communicated to third parties who request verification of your Information through your MDP account. Such sharing shall only take place if you decide to share certain or all of your Active Information with the third party and if you provide your consent.
Other information VASCO will actively collect includes the third party websites, service providers or applications you access through the Website while using VASCO’s online authentication service, and information about the products or services provided by such third party websites, service providers or applications. Such Active collection by VASCO excludes collection of your activities with digital public applications of Belgian administrations that you access via the CSAM Belgian Government Portal by registering for your MDP account with your eID Card.
“Passive” Information VASCO receives through the Website includes communication Information which VASCO automatically receives as part of the technical connection itself or the act of using or accessing the Website, or through your use of certain browsers. This automated Information includes the date, time and time zone as well as network routing information and equipment versions. VASCO passively receives Website activity data capturing how you enter and leave the Website, how you navigate to and leave the pages and links you visit on the Website, your length of stay on any part of the Website, frequency of your visit on any of its pages or third party websites or applications accessible through the Website, your product or service preferences indicated by the number of times and the length of time you view a product or service or the number of times you access a third party website or application using the authentication service provided through the Website, your location, IP address, and the type of browser you use. This Passive Information collection does not include digital public applications of Belgian administrations that you access via the CSAM Belgian Government Portal with your eID card initiated MDP account.
VASCO receives Passive Information using the following data collection techniques:
You may configure your Internet browser to alert you when a Cookie is sent or used and allow you to decide whether to accept, reject or remove Cookies. If you reject, disable or remove Cookies, you might not be able to access certain pages or important functions on the Website.
“Internet Protocol (IP) addresses” and “log files” are used to identify server problems, improve Website content, and compile aggregated statistics about Website usage and click-stream data.
VASCO reserves the right to introduce new passive tracking technologies and techniques related to the use of the Website, subject to and in accordance with applicable data protection laws and regulations.
Purpose of collecting the Information through the Website
Where you use VASCO's Website and services for authentication to access digital public applications of Belgian administrations via the CSAM Belgian Government Portal, VASCO collects your Information for the following purposes: to allow access and use of the Website and related services; to perform the authentication services; to communicate with users and respond to inquiries, to provide technical support, and resolve problems that users experience when using the Website; to verify user compliance with the Terms of Service; and to enhance security and protect VASCO from fraud or other inappropriate conduct.
With respect to private and commercial websites and applications, VASCO collects the Information for the following purposes : to allow access and use of the Website and related services; to perform the authentication services; to tailor and select content and improve the quality of the Website and user experience; to communicate with users and respond to inquiries, provide technical support, and resolve problems that users experience when using the Website; to tailor marketing to users’ needs and track marketing campaign results and responses; to notify users about new product releases, services, and changes or updates to the Website; to perform data analysis including anonymisation of Information; to verify user compliance with the Terms of Service; to enhance security and protect VASCO from fraud or other inappropriate conduct.
Disclosure, processing, use and transfer of the Information
VASCO begins to store any Information you provide when you accept the Terms of Service and this Privacy Statement. VASCO stores such information for a period of up to ten (10) years following the end of your contractual relationship with VASCO, in accordance with applicable laws. VASCO will disclose, transfer, process and use the Information as specified in the following:
When you visit the Website to use the authentication or such other services that VASCO provides, VASCO will process and use your Information as legally permitted and as requested or consented by you. With your consent, VASCO will share your Information with third party websites, applications and services that you access through, with or assisted by the Website, and to third parties that offer complementary products or services. These third parties are independent from VASCO and have their own privacy policies, which you should review before interacting with the third parties or consenting to have your Information shared.
VASCO may disclose and transfer the Information to IT providers, subcontractors and other third party service providers acting on behalf of VASCO and that assist with the operation of the Website or the associated activities and services. In addition, to the extent not prohibited by law, VASCO will disclose your authentication activity to the third party websites, service providers or applications that you access using VASCO’s authentication services through the Website.
Your Information may be transferred, accessed and stored globally, as necessary for the provision of the services through the Website. VASCO may transfer the Information to VASCO affiliates in the United States or other locations, only when the transfer is legally permissible, and where VASCO has maintained US Safe Harbor certification or has entered into the appropriate transfer agreements as required by relevant law and appropriate for the purposes described in this Privacy Statement.
Some recipients of the Information may be located within your home jurisdiction or elsewhere, including countries that do not offer an adequate level of protection within the meaning of the European Data Protection Directive (95/46/EC). In this case, VASCO will ensure by other means, prior to the transfer of the Information, that the data recipient adequately safeguards the Information. All recipients of the Information will be required to keep the Information secure, and a data recipient that qualifies as a data processor will be required to process the Information in accordance with our instructions.
VASCO may disclose your Information to law enforcement authorities or other government officials, when required by law or legal process, when necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or illegal activity.
VASCO may also disclose and transfer the Information, subject to the requirements of applicable law and as necessary or appropriate, to protect the security of the Website, to protect VASCO, its affiliates, directors, officers, and employees or others against liability, or in connection with the sale or transfer of all or part of the business.
VASCO will notify you – and, as the case may arise, seek your consent – should the collection, use, disclosure, or storage of your Information change from that stated at the time of collection. If you receive such notification, you may elect to either opt-out of any change, when possible, or you may terminate your Account by deleting your User Profile.
User Profile, preferences and Opt-Out
To gain full access to the Website, VASCO requires you to create an Account and maintain a User Profile. If you are a eID Card holder, when you register with your eID Card, Information will be retrieved from your eID Card to create your Account. If you do not want VASCO to retrieve the Information you should not create a MDP Account. You may elect to provide additional Information as indicated in your User Profile. You may customize your User Profile and control your preferences for using the Website, select third party websites or applications with which you authenticate via the Website, receive electronic information and marketing information including opting into or out of certain contacts and interests. However, if you are a eID Card holder and desire to use your MDP Account in combination with your eID card to authenticate your identity then you may not modify certain data and may instead elect to remove your eID Information from your Account if you prefer not to have your Information used by your Account. You can access your User Profile at any time to change your preferences or make other modifications by logging in to your Account at https://www.mydigipass.com/. You cannot opt out of or modify preferences on support-related Information as well as Information necessary for you to use the Website; you may instead elect to close your Account if you prefer not to have your Information used by your Account.
If you have questions about your User Profile, you may refer to the Frequently Asked Questions section of the Website, or contact VASCO at firstname.lastname@example.org.
Access, correction or deletion of Information
You may directly access, correct, update or delete all or part of your Information in your User Profile, or you may request VASCO at email@example.com. to correct or delete a part or all your Information in accordance with applicable law or regulations. However, if you are a eID Card holder and desire to use your MDP Account in combination with your eID card to authenticate your identity then you may not modify certain data and may instead elect to remove your eID Information from your account if you prefer not to have your Information used by your Account. VASCO will make every reasonable effort to promptly comply with your request. VASCO may, however, limit access to your Information as permitted under applicable law. To protect your privacy and security, VASCO may take reasonable steps to verify your identity before responding to your request.
Pursuant to applicable laws and regulations, VASCO maintains reasonable technical and organizational measures to protect your Information against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access.
Links to other websites
The privacy practices set forth in this Privacy Statement apply only to this Website and the specified activities. Other websites, whether operated by VASCO or by third parties, may have different privacy practices. Please review the privacy policies of such other websites that you access through the Website prior to providing or consenting to the sharing of your Information to or by such websites. VASCO is not responsible or liable for the content of third party websites or service providers or for third party compliance with applicable laws and regulations.
Revisions to this Privacy Statement
If you have any questions about this Privacy Statement or VASCO’s privacy practices or if you wish to exercise your rights to access Information VASCO holds about you, to rectify inaccurate Information, or to object to its processing for direct marketing purposes, please contact VASCO at:
VASCO Data Security International GmbH
Fax No.+41(0)43 555 35 01
If applicable law does not specify a period to respond to an inquiry, VASCO will try to answer your questions or concerns as promptly as possible; however, more complex questions or requests may take more time.
Effective Date: May 2015