This Privacy Statement applies solely to the use of the MYDIGIPASS service provided through or with the MYDIGIPASS website (“Website”).
This Privacy Statement describes how VASCO will collect, transfer, disclose, process and use personal data and personally identifiable information (collectively, “Information”) obtained from users of the Website and how you as user of the Website can access your Information and control its use.
This Privacy Statement does not apply to the collection or use of your Information by third party websites, service providers or applications you access directly with your MYDIGIPASS account, or enabled DIGIPASS hardware or software, or indirectly via the Website. Please refer to the privacy policies of such third party websites, service providers or applications before providing personal information to them or consenting that your personal data be shared.
Types of information collected through the Website
VASCO, as responsible data controller, will collect the following information when you visit the Website and access its pages:
“Passive” information VASCO receives through the Website includes communication information which VASCO automatically receives as part of the technical connection itself or the act of using or accessing the Website, or through your use of certain browsers. This automated information includes the date, time and time zone as well as network routing information and equipment versions. VASCO passively receives website activity data capturing how you enter and leave the Website, how you navigate to and leave the pages and links you visit on the Website, your length of stay on any part of the Website, frequency of your visit on any of its pages or third party websites or applications accessible through the Website, your product or service preferences indicated by the number of times and the length of time you view a product or service or the number of times you access a third party website or application using the authentication service provided through the Website, your location, IP address, and the type of browser you use. Passive information does not identify you to VASCO by name, and VASCO does not link your IP address to you or other personally identifiable information.
VASCO receives passive information using the following data collection techniques:
You may configure your Internet browser to alert you when a cookie is sent or used and allow you to decide whether to accept, reject or remove cookies. If you reject, disable or remove cookies, you might not be able to access certain pages or important functions on the Website.
Locally shared objects, also called flash cookies, are pieces of data that websites using Adobe Flash may store on your computer. VASCO will use the information collected to find out how you navigate the Website. You may disable this function by referring to the www.adobe.com website for information. However, if you disable or disallow locally shared objects, you might not be able to access certain pages or functions on the Website.
“Internet Protocol (IP) addresses” and “log files” are used to identify server problems, improve Website content, and compile aggregated statistics about Website usage and click-stream data.
VASCO reserves the right to introduce new passive tracking technologies and techniques related to the use of the Website, subject to and in accordance with applicable data protection laws and regulations.
Purpose of collecting the Information through the Website
VASCO collects the Information to allow access and use of the Website and related services; to perform the authentication services; to tailor and select content and improve the quality of the Website and user experience; to communicate with users and respond to inquiries, provide technical support, and resolve problems that users experience when using the Website; to tailor marketing to users’ needs and track marketing campaign results and responses; to notify users about new product releases, services, and changes or updates to the Website; to perform data analysis including anonymisation of personal information; to verify user compliance with the Terms of Service; to enhance security and protect VASCO from fraud or other inappropriate conduct.
Disclosure, processing, use and transfer of the Information
VASCO begins to store any Information you provide when you accept the Terms of Service and this Privacy Statement. VASCO stores such information for a period of up to ten (10) years. VASCO will disclose, transfer, process and use the Information as specified in the following:
When you visit the Website to use the authentication or such other services that VASCO provides, VASCO will process and use your Information as legally permitted and as requested or consented by you. With your consent, VASCO will share your Information with third party websites, applications and services that you access through, with or assisted by the Website, and to third parties that offer complementary products or services. These third parties are independent from VASCO and have their own privacy policies, which you should review before interacting with the third parties or consenting to have your Information shared.
VASCO may disclose and transfer the Information to IT providers, subcontractors and other third party service providers that assist with the operation of the Website or the associated activities and services. In addition, VASCO will disclose your authentication activity to the third party websites, service providers or applications that you access using VASCO’s authentication services through the Website.
Your Information may be transferred, accessed and stored globally, as necessary for the provision of the services through the Website. VASCO may transfer the Information to VASCO affiliates in the United States or other locations, only when the transfer is legally permissible and appropriate for the purposes described in this Privacy Statement.
Some recipients of the Information may be located within your home jurisdiction or elsewhere, including countries that do not offer an adequate level of protection within the meaning of the European Data Protection Directive (95/46/EC). In this case, VASCO will ensure by other means, prior to the transfer of the Information, that the data recipient adequately safeguards the Information. All recipients of the Information will be required to keep the Information secure, and a data recipient that qualifies as a data processor will be required to process the Information in accordance with our instructions.
VASCO may disclose your Information to law enforcement authorities or other government officials, when required by law or legal process, when necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or illegal activity.
VASCO may also disclose and transfer the Information, subject to the requirements of applicable law and as necessary or appropriate, to protect the security of the Website, to protect VASCO, its affiliates, directors, officers, and employees or others against liability, or in connection with the sale or transfer of all or part of the business.
VASCO will notify you should the collection, use, disclosure, or storage of your Information change from that stated at the time of collection. If you receive such notification, you may elect to either opt-out of any change, when possible, or you may terminate your Account by deleting your User Profile.
User Profile, Preferences and Opt-Out
To gain full access to the Website, VASCO requires you to create an Account and maintain a User Profile. If you are a eID Card holder, when you register with your eID Card information will be transferred from you eID Card to populate your Account. You may elect to provide additional informaition as indicated in your User Profile. You may customize your User Profile and control your preferences for using the Website, select third party websites or applications with which you authenticate via the Website, receive electronic information and marketing information including opting into or out of certain contacts and interests. However, if you are a eID Card holder and desire to use your MYDIGIPASS account to authenticate your identity then you may not modify certain data and may instead elect to remove your eID information from your account if you prefer not to have your Information used by your Account. You can access your User Profile at any time to change your preferences or make other modifications by logging in to your Account at https://www.mydigipass.com/. You cannot opt out of or modify preferences on support-related information as well as information necessary for you to use the Website.
If you have questions about your User Profile, you may refer to the Frequently Asked Questions section of the Website, or contact VASCO at firstname.lastname@example.org .
Access, correction or deletion of Information
You may directly access, correct, update or delete all or part of your Information in your User Profile, or you may request VASCO at email@example.com to correct or delete a part or all your Information in accordance with applicable law or regulations. However, if you are a eID Card holder and desire to use your MYDIGIPASS account to authenticate your identity then you may not modify certain data and may instead elect to remove your eID information from your account if you prefer not to have your Information used by your Account. VASCO will make every reasonable effort to promptly comply with your request. VASCO may, however, limit access to your Information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by international standards. To protect your privacy and security, VASCO may take reasonable steps to verify your identify before responding to your request.
Pursuant to applicable laws and regulations, VASCO maintains reasonable technical and organization measures to protect your Information against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access.
Links to other websites
The privacy practices set forth in this Privacy Statement apply only to this Website and the specified activities. Other websites, whether operated by VASCO or by third parties, may have different privacy practices. Please review the privacy policies of such other websites that you access through the Website prior to providing or consenting to the sharing of your Information.. VASCO is not responsible or liable for the content of third party websites or service providers or for third party compliance with applicable laws and regulations.
Revisions to this Privacy Statement
If you have any questions about this Privacy Statement or VASCO’s privacy practices, please contact VASCO at:
VASCO Data Security International GmbH
Fax No.+41(0)43 555 35 01
If applicable law does not specify a period to respond to an inquiry, VASCO will try to answer your questions or concerns as promptly as possible; however, more complex questions or requests may take more time.
Effective Date: 8 October 2014