MYDIGIPASS Privacy Policy

This Privacy Statement applies solely to the use of the MYDIGIPASS.COM™ (“MDP”) service provided through or with the MYDIGIPASS.COM™ website (“Website”).

This Privacy Statement describes how VASCO will collect, transfer, disclose, process and use personal data and personally identifiable information (collectively, “Information”) obtained from users of the Website and how you as user of the Website can access your Information and control its use.

This Privacy Statement does not apply to the collection or use of your Information by third party websites, service providers or applications you access directly with your MYDIGIPASS.COM account, or enabled DIGIPASS hardware or software, or indirectly via the Website. Please refer to the privacy policies of such third party websites, service providers or applications before providing Information to them or consenting that your Information be shared with or by them.

"VASCO" refers to VASCO Data Security, Inc., 1901 South Meyers Road, Suite 210, Oakbrook Terrace, Illinois, U.S.A., if and to the extent you are legally domiciled in North, South, Central America or the Caribbean and VASCO Data Security International GmbH, Balz-Zimmermannstrasse 7, CH-8152 Glattbrugg, Switzerland, if and to the extent you are legally domiciled outside of North, South, Central America or the Caribbean. In Belgium, VASCO is represented, in accordance and for the sole purposes of the Privacy Act of 8 December 1992, by VASCO Data Security NV, Koningin Astridlaan 164, 1780 Wemmel, VAT BE 0446.822.877 RPR Brussels.

Types of Information collected through the Website

VASCO, as responsible data controller, will collect the following Information when you visit the Website and access its pages:

“Active” Information that you disclose to VASCO includes Information that VASCO requires when you create your MDP user account (“Account”) such as your full name, address, email, telephone or mobile phone number, your employer (if you are a MDP developer subscribing to the Website on behalf of your employer), your date of birth, Information that you add to your MDP user profile (“User Profile”), and such other Information you elect to disclose and as VASCO may request from time to time.

If you have a MYDIGIPASS.COM account initiated with your Belgian electronic identity card through the CSAM Belgian Government Portal (“eID Card”) or if you later add your eID Card to your Account, then Active Information includes, to the extent not prohibited under applicable law, and only as necessary to allow VASCO to provide the Website services requested by you from time to time, certain data available on your eID Card, specifically (A) your eID Card number, , the chip number, the authentication certificate, begin and end dates of the eID Card validity period, your name, , as well as (B) your gender, your photograph, where you were born, your birth date, your nationality, the municipality where your eID Card was issued, if you’re a member of nobility, and your complete address. Type (A) information is necessary for the provision of all MYDIGIPASS.COM services relying on the eID Card; type (B) information is collected and processed by VASCO for specific purposes, depending on specific applications or service providers, e.g., to detect and solve homonyms, to comply with regulations, such as is the case for e.g., banking or insurance institutions, imposing to authenticate – or to keep evidence or copies of – eID information relating to customers, such as their gender, address, photograph, birth date or birth place, or where such information is more generally necessary for the delivery of the intended service. If you choose, the Active Information so collected may then be communicated to third parties who request verification of your Information through your MDP account. Such sharing shall only take place if you decide to share certain or all of your Active Information with the third party and if you provide your consent.

Other information VASCO will actively collect includes the third party websites, service providers or applications you access through the Website while using VASCO’s online authentication service, and information about the products or services provided by such third party websites, service providers or applications. Such Active collection by VASCO excludes collection of your activities with digital public applications of Belgian administrations that you access via the CSAM Belgian Government Portal by registering for your MDP account with your eID Card.

VASCO also actively collects marketing permissions as well as your consent to the use of Cookies and other data collection techniques defined below, areas of interest you indicate, your language preferences or such similar information you elect to provide.

“Passive” Information VASCO receives through the Website includes communication Information which VASCO automatically receives as part of the technical connection itself or the act of using or accessing the Website, or through your use of certain browsers. This automated Information includes the date, time and time zone as well as network routing information and equipment versions. VASCO passively receives Website activity data capturing how you enter and leave the Website, how you navigate to and leave the pages and links you visit on the Website, your length of stay on any part of the Website, frequency of your visit on any of its pages or third party websites or applications accessible through the Website, your product or service preferences indicated by the number of times and the length of time you view a product or service or the number of times you access a third party website or application using the authentication service provided through the Website, your location, IP address, and the type of browser you use. This Passive Information collection does not include digital public applications of Belgian administrations that you access via the CSAM Belgian Government Portal with your eID card initiated MDP account.

VASCO receives Passive Information using the following data collection techniques:

“Cookies” are small text files or pieces of information sent from the Website to your web browser or your hard drive to store bits of information related to you. Cookies may last for so long as you are active on the Website and are deleted when you close your browser. Cookies can also be stored in your computer memory or your browser to last until you delete them manually or until they expire. Cookies may collect a unique identifier and can store user information such as IP addresses, navigational data, server information, data transfer times, user preferences, and passwords needed to access the Website. VASCO uses Cookies to track your Account and User Profile, to store authentication information, and the date and time you accept the MDP Terms of Service (“Terms of Service”) and this Privacy Statement.

Where required by applicable law, VASCO will collect your consent prior to the use of Cookies and similar technologies, and will give you the possibility to withdraw your consent.

You may configure your Internet browser to alert you when a Cookie is sent or used and allow you to decide whether to accept, reject or remove Cookies. If you reject, disable or remove Cookies, you might not be able to access certain pages or important functions on the Website.

The Website uses Cookies from Google Analytics, a service by Google, Inc. (“Google”) that analyzes web traffic and enables Google and VASCO to monitor the use of the Website for the purpose of optimizing the services and simplifying the registration process. The Cookie generates information that is communicated to and saved in a Google server. Google uses this information to evaluate Website use, generate Website traffic reports, and provide additional services associated with the use of websites and the Internet. If applicable, Google will pass this information to third party data processors acting on behalf and for the account of Google, or when required by law. You may prevent the installation of Cookies by adjusting your browser; however, this might lead to a constricted functionality of the Website. By using the Website, you consent to the processing of your Information by Google in the way and for the purposes described above. Please refer to the http://www.google.com/policies/privacy/ for information regarding the Google Analytics privacy policy and the link https://tools.google.com/dlpage/gaoptout to opt out of Google Analytics participation.

The Website also uses cookies from Desk.com, a third party provider of customer service knowledge base portal services that VASCO has integrated in the Website. When you use the customer support assistance of the Website, Desk.com will collect and store (through both Active and Passive methods described above) your user name and address, IP address, browser, date and time, click paths and search terms. Please refer to the http://www.desk.com/privacy page for information regarding the Desk.com privacy policy.

Locally shared objects, also called flash cookies, are pieces of data that websites using Adobe Flash may store on your computer. VASCO will use the information collected to find out how you navigate the Website. You may disable this function by following the instructions referenced in www.helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html http://www.adobe.com/privacy/flash-player.html or information page. However, if you disable or disallow locally shared objects, you might not be able to access certain pages or functions on the Website. Please refer to the http://www.adobe.com/privacy/flash-player.html page for information regarding the Adobe Flash privacy policy.

“Internet Protocol (IP) addresses” and “log files” are used to identify server problems, improve Website content, and compile aggregated statistics about Website usage and click-stream data.

VASCO reserves the right to introduce new passive tracking technologies and techniques related to the use of the Website, subject to and in accordance with applicable data protection laws and regulations.

Purpose of collecting the Information through the Website

Where you use VASCO's Website and services for authentication to access digital public applications of Belgian administrations via the CSAM Belgian Government Portal, VASCO collects your Information for the following purposes: to allow access and use of the Website and related services; to perform the authentication services; to communicate with users and respond to inquiries, to provide technical support, and resolve problems that users experience when using the Website; to verify user compliance with the Terms of Service; and to enhance security and protect VASCO from fraud or other inappropriate conduct.

With respect to private and commercial websites and applications, VASCO collects the Information for the following purposes : to allow access and use of the Website and related services; to perform the authentication services; to tailor and select content and improve the quality of the Website and user experience; to communicate with users and respond to inquiries, provide technical support, and resolve problems that users experience when using the Website; to tailor marketing to users’ needs and track marketing campaign results and responses; to notify users about new product releases, services, and changes or updates to the Website; to perform data analysis including anonymisation of Information; to verify user compliance with the Terms of Service; to enhance security and protect VASCO from fraud or other inappropriate conduct.

Disclosure, processing, use and transfer of the Information

VASCO begins to store any Information you provide when you accept the Terms of Service and this Privacy Statement. VASCO stores such information for a period of up to ten (10) years following the end of your contractual relationship with VASCO, in accordance with applicable laws.  VASCO will disclose, transfer, process and use the Information as specified in the following:

When you visit the Website to use the authentication or such other services that VASCO provides, VASCO will process and use your Information as legally permitted and as requested or consented by you. With your consent, VASCO will share your Information with third party websites, applications and services that you access through, with or assisted by the Website, and to third parties that offer complementary products or services. These third parties are independent from VASCO and have their own privacy policies, which you should review before interacting with the third parties or consenting to have your Information shared.

VASCO may disclose and transfer the Information to IT providers, subcontractors and other third party service providers acting on behalf of VASCO and that assist with the operation of the Website or the associated activities and services. In addition, to the extent not prohibited by law, VASCO will disclose your authentication activity to the third party websites, service providers or applications that you access using VASCO’s authentication services through the Website.

Your Information may be transferred, accessed and stored globally, as necessary for the provision of the services through the Website. VASCO may transfer the Information to VASCO affiliates in the United States or other locations, only when the transfer is legally permissible, and where VASCO has maintained US Safe Harbor certification or has entered into the appropriate transfer agreements as required by relevant law and appropriate for the purposes described in this Privacy Statement.

Some recipients of the Information may be located within your home jurisdiction or elsewhere, including countries that do not offer an adequate level of protection within the meaning of the European Data Protection Directive (95/46/EC). In this case, VASCO will ensure by other means, prior to the transfer of the Information, that the data recipient adequately safeguards the Information. All recipients of the Information will be required to keep the Information secure, and a data recipient that qualifies as a data processor will be required to process the Information in accordance with our instructions.

VASCO may disclose your Information to law enforcement authorities or other government officials, when required by law or legal process, when necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or illegal activity.

VASCO may also disclose and transfer the Information, subject to the requirements of applicable law and as necessary or appropriate, to protect the security of the Website, to protect VASCO, its affiliates, directors, officers, and employees or others against liability, or in connection with the sale or transfer of all or part of the business.

VASCO will notify you – and, as the case may arise, seek your consent – should the collection, use, disclosure, or storage of your Information change from that stated at the time of collection. If you receive such notification, you may elect to either opt-out of any change, when possible, or you may terminate your Account by deleting your User Profile.

User Profile, preferences and Opt-Out

To gain full access to the Website, VASCO requires you to create an Account and maintain a User Profile. If you are a eID Card holder, when you register with your eID Card, Information will be retrieved from your eID Card to create your Account. If you do not want VASCO to retrieve the Information you should not create a MDP Account. You may elect to provide additional Information as indicated in your User Profile. You may customize your User Profile and control your preferences for using the Website, select third party websites or applications with which you authenticate via the Website, receive electronic information and marketing information including opting into or out of certain contacts and interests. However, if you are a eID Card holder and desire to use your MDP Account in combination with your eID card to authenticate your identity then you may not modify certain data and may instead elect to remove your eID Information from your Account if you prefer not to have your Information used by your Account. You can access your User Profile at any time to change your preferences or make other modifications by logging in to your Account at https://www.mydigipass.com/. You cannot opt out of or modify preferences on support-related Information as well as Information necessary for you to use the Website; you may instead elect to close your Account if you prefer not to have your Information used by your Account.

If you have questions about your User Profile, you may refer to the Frequently Asked Questions section of the Website, or contact VASCO at mydigipassprivacy@vasco.com.

Access, correction or deletion of Information

You may directly access, correct, update or delete all or part of your Information in your User Profile, or you may request VASCO at mydigipassprivacy@vasco.com. to correct or delete a part or all your Information in accordance with applicable law or regulations. However, if you are a eID Card holder and desire to use your MDP Account in combination with your eID card to authenticate your identity then you may not modify certain data and may instead elect to remove your eID Information from your account if you prefer not to have your Information used by your Account. VASCO will make every reasonable effort to promptly comply with your request. VASCO may, however, limit access to your Information as permitted under applicable law. To protect your privacy and security, VASCO may take reasonable steps to verify your identity before responding to your request.

Data security

Pursuant to applicable laws and regulations, VASCO maintains reasonable technical and organizational measures to protect your Information against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access.

Links to other websites

The privacy practices set forth in this Privacy Statement apply only to this Website and the specified activities. Other websites, whether operated by VASCO or by third parties, may have different privacy practices. Please review the privacy policies of such other websites that you access through the Website prior to providing or consenting to the sharing of your Information to or by such websites. VASCO is not responsible or liable for the content of third party websites or service providers or for third party compliance with applicable laws and regulations.

Revisions to this Privacy Statement

The privacy practices set forth in this Privacy Statement apply only to the Website and the specified activities.  VASCO will update this Privacy Statement from time to time as necessary, to adapt to changes in the Website, the services available, or to comply with law and regulations. VASCO may request that you confirm your understanding of and consent to a revised privacy policy if you register for additional services. Please check this Privacy Statement frequently before you submit additional Information. If you disagree with VASCO’s Privacy Statement, please do not access or use the Website any longer and do not transfer Information to VASCO. You will be notified of material revisions to this Privacy Statement electronically, or by other means that VASCO deems sufficient to reach your attention, such as a prominent post on the Website, and, as the case may arise, will be asked to consent to the revised Privacy Statement.

Contact us

If you have any questions about this Privacy Statement or VASCO’s privacy practices or if you wish to exercise your rights to access Information VASCO holds about you, to rectify inaccurate Information, or to object to its processing for direct marketing purposes, please contact VASCO at:

VASCO Data Security International GmbH
Postfach 8058

Zurich-Flughafen

Switzerland
Fax No.+41(0)43 555 35 01

Email: mydigipassprivacy@vasco.com

If applicable law does not specify a period to respond to an inquiry, VASCO will try to answer your questions or concerns as promptly as possible; however, more complex questions or requests may take more time.

Effective Date: May 2015