Data protection policy
1. Who are we and How to contact us?
CloudTrust SA (part of the ELCA Group) is an identity and authentication service provider acting as a Data Controller of the information you provide.
You can contact us for general data privacy queries by email to firstname.lastname@example.org or in writing to the Data Protection Officer of the ELCA Group (ELCA Informatique SA, Corporate Security & Privacy, Avenue de la Harpe 22-24, 1007 Lausanne, Switzerland). Please advise us of as much details as possible to comply with your request. Unless the situation requires a response within a shorter period of time, We will respond within 30 days to your request.
More information on the ELCA Group can be found on our main website at https://www.elca.ch/en.
2. Scope: who is concerned by this privacy notice?
This trustID Privacy Notice exclusively governs the processing of personal data as part of the contractual relationship between the customers (trustID Holder, You) and CloudTrust SA (trustID Provider, We) concerning the use of the trustID service/portal for digital identity and authentication.
The usage of applications and services of other online service providers that can be accessed using the trustID service/portal for digital identity and authentication is regulated by the contractual relationship between the relevant service provider and the trustID Holder and does not fall within the scope of this Privacy Notice document.
3. What types of personal data do we collect?
We collect and process personal data about the trustID Holder listed below:
- name (first name and last name)
- phone number
- birth location
- identity document type
- identity document number
- identity document expiry date
4. For which purposes do we collect personal data?
We collect your personal data in order to provide you with the services related to your trustID account, identify and authenticate you and communicate with you.
5. Who has access to your personal data?
Your personal data are transmitted to the service you’re connecting to during the authentication process.
Our support team is the only personnel within the trustID Provider who has access to your personal data.
The personal data may also be consulted by external verification agents for the identification phase.
6. What are the principles applied for Data storage and retention?
The personal data collected is securely stored in trustID Provider’s environments located in Switzerland. Backup are also securely stored in Switzerland.
We only retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.
7. Rights of the trustID Holder
- a. Identity data
You are responsible for the accuracy of the data you provide when opening a trustID account. We guarantee the correct entry in our systems of the data verified by the Verification Agents or third parties. We ensure professional data processing enforced by our compliance to EPR certification.
- b. Data Privacy
Every trustID Holder is entitled to the following:
- The right to access: You have the right to access all personal data we hold of you and obtain a copy thereof. You can access this data through your profile page on the trustID website.
- The right to review and update the data: You can update and correct the information stored in the context of your trustID account through your profile page on the trustID website.
- The right to erasure: You have the right to be forgotten at any point in time. Upon request, we will erase all personal data not legally required to be retained.
- The right to restrict or object: You have the right to request the restriction of the processing of your personal data or object to such processing.
- 8. Additional commitments of the trustID Provider
- a. Security
- We protect our infrastructure and the personal data of the trustID Holders through appropriate measures and treat such personal data entrusted to us as being strictly confidential.
- The infrastructure components (e.g. networks, systems) and processes relevant to trustID are checked regularly both internally and externally; any deficiencies are rectified as soon as possible. The infrastructure is exclusively hosted in datacenters located in Switzerland.
- b. Quality of the data
- We ensure professional data processing enforced by our compliance to EPR certification Using appropriate security measures, we ensure the confidentiality, availability and integrity of the data in order to guarantee an appropriate level of data protection.
- c. Data protection and data security
- We protect the data provided by the trustID Holders through appropriate technical and organizational measures and handle such data with due care in accordance with Swiss data protection law, GDPR or any applicable data protection laws.
- d. Use of third parties
- The trustID Holder expressly agrees that we may engage third parties for providing services and that these third parties may have access to the personal data to the extent necessary to provide and improve the services. The third party may process the data of the trustID Holder on behalf and in accordance with the instructions and rules set by the trustID Provider.
- Third-parties are the verification agents (for human identification) or the verification agents in our video identification provider.
- e. Adjustments to the Privacy Notice
- We may adjust or make changes to the Privacy Notice at any time. Changes will be communicated to the trustID Holders in an appropriate manner. trustID Holders in disagreement with the changes may cancel their trustID account.