Yes, as a business customer, you define in your contract the retention period of the identification data for POSTIDENT by video chat, POSTIDENT by photo and POSTIDENT by eID function and POSTIDENT by post office. The retention period is a maximum of 3 months.

Data protection is of the utmost concern. This is why DP AG as a data processor concludes a data processing contract with you as part of the POSTIDENT contract, which is directly included in the contract as an attachment.

• POSTIDENT by video chat involves the online identification of natural persons in accordance with the regulations of the German Money Laundering Act via web browser on home PCs or from any location via an app on a mobile device.
  
• POSTIDENT by post office involves the identification of natural persons in accordance with the specifications of the German Money Laundering Act in Deutsche Post’s offices.
  
• POSTIDENT by eID function enables the online identification of new customers in accordance with the specifications of the German Money Laundering Act. This is done via Deutsche Post’s POSTIDENT portal and a new ID card with the eID function activated.
  
• POSTIDENT by photo involves the identification of natural persons by taking photos of their ID documents and their face via the web browser on home PCs or from any location via an app on a mobile device.

• No additional documents can be sent with POSTIDENT by video chat, POSTIDENT by photo and POSTIDENT by eID function.
• The return of additional documents is not part of the service POSTIDENT by post office. In case of the needed return of additional documents please provide your customer with an envelope with postage prepaid and adressed to you.

POSTIDENT by video chat, POSTIDENT by photo, POSTIDENT by post office and POSTIDENT by eID function:

these are billed monthly. The invoices will list the basic services, the return fees and value added tax (VAT) separately.

POSTIDENT by post office:

Authorized ID documents are valid German ID cards, official foreign identity cards that are equivalent to a German ID card, and passports, provided that the documents contain a photograph of the holder and are accepted by Deutsche Post as identification. Please note that not all available ID documents can be accepted due to the required security features for documents. If private customers have questions about the identification process with ID documents that are not accepted, they will be referred to you as the party commissioning the identity check.

An authorized ID document must contain the information for the mandatory fields on the POSTIDENT form and be legible (i.e. at minimum in Latin characters and Arabic numerals) and decipherable for the vicarious agents of Deutsche Post.
If, in exceptional cases, information about the address is not provided in the ID document, the vicarious agents of Deutsche Post will request this from the person to be identified during the identity verification process in the post office.

POSTIDENT by eID function:

The only authorized ID documents for participating in the identity verification process with the new ID card are a new German ID card with the eID function activated, and a German electronic residence permit also with the eID function activated and marked as a document issued in lieu of an identity card. Electronic residence permits must have been issued after March 1, 2013, because older documents do not contain all mandatory information as the result of a production error. For identification via desktop, an ID card reader and the AusweisApp2 software are required. For verification via smartphone (with activated NFC), the POSTIDENT app is required. In both cases – via desktop or smartphone – the eID function must be activated and the personal 6-digit PIN must be known. For more information about the eID function of the new ID card, visit here.

POSTIDENT by video chat:

Authorized ID documents are valid German ID cards, official foreign identity cards that are equivalent to a German identity card, and passports, provided that the documents contain visual (holographic) security features and a photograph and are accepted by Deutsche Post as identification.
Please note that not all available ID documents can be accepted due to the required security features for documents. If private customers have questions about the identification process with ID documents that are not accepted, they will be referred to you as the party commissioning the identity check.

An authorized ID document must contain the information for the mandatory fields on the POSTIDENT form, and be legible (i.e. at minimum be in Latin characters and Arabic numerals) and decipherable for the vicarious agents of Deutsche Post.

POSTIDENT by photo:

Authorized ID documents are valid German identity cards, official foreign identity cards that are equivalent to a German identity card, and passports, provided that the documents contain visual (holographic) security features and a photograph and are accepted by Deutsche Post. Please note that not all available ID documents can be accepted due to the required security features for documents. If private customers have questions about the identification process with ID documents that are not accepted, they will be referred to you as the party commissioning the identity check.

An authorized ID document must contain information that is legible (i.e. at minimum be in Latin characters and Arabic numerals) and decipherable for the vicarious agents of Deutsche Post.

With POSTIDENT by video chat, if a person cannot be identified due to technical problems or other circumstances, the person to be identified will receive an e-mail instructing them to continue with the POSTIDENT by video chat procedure at a later time, or to select a different POSTIDENT procedure for identification (via post office, or eID function).

With POSTIDENT by photo, if a person cannot be identified due to technical problems or other circumstances, the person to be identified will receive an e-mail instructing them to continue with the procedure at a later time.

No other POSTIDENT procedure is currently available for the verification of driver’s licenses. In this case, you are responsible for offering the user an additional identification process.

If, contrary to expectations, any of the identification data is incorrect, please submit a complaint in accordance with our GT&C.

We kindly ask you to display each disputed identification in an e-mail as follows:

The format for reporting errors in cases when results are provided in digital form only is as follows:

E-mail in pure text format.

• Recipient: postident[at]deutschepost.de
• The sender’s e-mail address is assigned to one of the business customer’s points of contact disclosed to DPAG.
• Subject line (Subject): „Reklamation POSTIDENT–<case ID>“

Message contents should each be placed in their own row:

• Abrechnungsnummer (Billing number): <Billing number>
• Vorgangsnummer (case ID): <Case ID>
• Reklamationsgrund (reason for complaint): <Text up to 160 characters>

With POSTIDENT by post office:

The person to be identified receives a POSTIDENT coupon, which asks them to identify themselves in a Deutsche Post post office. As soon as the identity check is complete, the result of the identification is transmitted to you as the business customer on the same day. However, neither you nor Deutsche Post have any influence over when the person to be identified goes to the post office with the POSTIDENT coupon to identify themselves.

You will be provided with the results of the identification digitally e.g. in the Postident information portal after the identity verification procedure in the post office is completed.

With POSTIDENT by video chat:

Identifying a person via video chat takes approximately 5 minutes.

With POSTIDENT by photo:

It takes just a few moments for the user to take photos. Depending on the number of documents to be reviewed, identification by the service agent takes between 2 and 5 minutes.

With the POSTIDENT by eID function:

As our business customer, you can download the identification data in the contractually agreed cycle from the Postident information portal or the automated interface following identity verification.

As our business customer, you can download the identification data in the contractually agreed cycle from the automated interface following identity verification.

Currently, POSTIDENT is offered only in Germany. However, foreign companies and institutions can also use POSTIDENT for identity verification in the German market. Identity verification by POSTIDENT overseas is not possible.

With the digital identification procedures such as POSTIDENT by video chat, POSTIDENT by photo, and POSTIDENT by eID function, foreign persons can identify themselves at any time and any place if the requirements necessary for the identification are met.

POSTIDENT by post office without a digital interface:

With the product variant POSTIDENT by post office, the customer data necessary for identification can be taken from the POSTIDENT coupon. The POSTIDENT coupon has to be created by you as our business customer and given to the person to be identified. Either you provide the POSTIDENT coupon for download on your website, or you send it by mail to the person to be identified.

POSTIDENT by post office with a digital interface:

If you are connected digitally to the POSTIDENT portal, your customers are forwarded from your website to the POSTIDENT portal for the identity verification process. Here, your customer can download the POSTIDENT coupon in the form of a PDF file.

Alternatively, a digital interface is available without forwarding your customers to the POSTIDENT portal. Once connected to the automatic data interface, you can independently generate individualized POSTIDENT coupons to create unique cases.

• The digital interface to the POSTIDENT portal provides a solution portfolio for verification from a single source, which is being enhanced in line with market and customer needs.
  
• The conversion rate for transactions increases, since alternative procedures are offered to private customers in the POSTIDENT portal if the procedure they initially selected has to be terminated (if the technical requirements are not met, for example).
  
• The efficiency of the process increases within the company since all of the customer data is provided in digital form. The security features also increase the quality of the data.
  
• High level of security through continual compliance with data protection guidelines and data storage exclusively in Germany.
  
• Fast electronic data redelivery via the Postident information portal or digital interface.
  
• Investment security through connection to a single interface for all current and future identity verification procedures.

In the POSTIDENT portal, end customers can choose between the online procedures and identity verification in a post office:

• POSTIDENT by video chat
• POSTIDENT by post office
• POSTIDENT by eID function
• POSTIDENT by photo

No, you can only receive the data for all procedures, including the online procedures, in the same intervals and at the same time. However, if you want to change the cycle, you can do so when commissioning the online procedures. This will then apply to all data deliveries.

Channels for electronic data provision

When data is provided electronically, you have three options regarding the channel or channels through which the data is provided to you:

• Option 1: POSTIDENT information portal
  Internet application for selecting and downloading identification data
• Option 2: File interface
  To automate the processing of your results, you can use the SFTP file interface to specify how often (hourly/every hour on the hour/daily) you want the data to be provided electronically.
  
• Option 3: Web service
  We use the Standard Connect Result (SCR) interface to give you the option of collecting the results automatically by means of the REST web service call – including push notification as soon as an identity verification is completed. Prior to the set up a of digital interface, you will see additional details about interfaces and results formats.

Access to the identification data

As soon as the contract for using POSTIDENT is legally valid, the users you named are given access to the identification data. Each user, depending on the method of data provision that was selected, receives the following information as a separate registered letter, or optionally in separate E-Postbrief items:

Archive file

• Data password for encrypting the archive file

POSTIDENT information portal/automated data interface

• User name and password for the POSTIDENT information portal
• User name and password for the automated data interface

The identification data that was collected as part of the post office data provision is usually provided on the day of identification, from Monday to Saturday. The business customer can access the identification data via the Postident information portal at any time, however, the access via the automated data interface is restricted to the contractually agreed cycles.

The data is provided as a ZIP archive in the POSTIDENT system and made available for download in the POSTIDENT information portal. WinZip and 7-Zip are supported. The ZIP file is encrypted with AES 256 and secured with a password.

You, or the portal users named by you, are given access only to the identification data for the correspondingly activated billing numbers that were contractually agreed with you.

Identification records can be called up repeatedly.

Within the POSTIDENT information portal, only selected identification data can be viewed. This means that the search result provides only an overview of the identifications performed. However, you or the POSTIDENT information portal users can use the download function to display the full records and images (if available).

The archive will always include all the identification data that was not yet provided since the last upload. The identification data and, where applicable, associated images are provided for collection by the business customer. The records in the archive files provided are designed so that the data from all Postident procedures can be transmitted in a standardized format. The archive file contains one or more files and is zipped.

If you are interested in concluding a contract, please contact your customer adviser.

With its eIDAS Regulation, the European Union has defined a Europe-wide valid legal framework for digital signatures. If a digital signature meets the Regulation’s requirements, it is to be considered as having the same legal force as a handwritten signature. To ensure that the digital signatures of the POSTIDENT E-Signing procedure are eIDAS-compliant, Deutsche Post has been verified in accordance with the eIDAS Regulation as a qualified trust service provider.

Yes. With a single signature process, up to five documents can be digitally signed simultaneously. This means that supporting documents such as GT&C do not have to be integrated into the contract document.

A digital signature can be verified by means of commonly used PDF reader programs. To do this, in Adobe Reader for example, click the "Signatures" properties window to display the certificate chain and the integrity of the signature.

Yes. If you prefer, in place of the handwritten signature, a stamp can be added that indicates the name of the signatory and the time of the signature.

Our technical support is available if you have any problems. You can contact them by telephone and e-mail from Monday to Friday between the hours of 8 a.m. to 6 p.m.

A digital signature is essentially a certificate that is attached to the PDF file to be signed. Through the identification, the user authorizes this certificate and approves its attachment to the PDF file by means of a mobile TAN process. Once it has been attached, the certificate documents the integrity of the document, the name of the signatory and the time of the signature.

At the start of the signature process, you send us the documents to be signed as well as the relevant customer data via the Signing REST interface. Throughout the entire process, you can use this interface to display the current status. The unique hash value of the document is determined for the signature, which is subsequently encrypted and appended to the document with the help of the private key (= signature key) from the certificate that is issued. The public key (= signature verification key) that is necessary for encryption is provided in a Public Key Infrastructure (PKI). To verify the signature, the hash value of the document is generated again and compared with the encrypted hash value from the signature. If both hash values match, the authenticity of the signature is ensured and the document has not been changed.

Yes. eIDAS-compliance means that the digital signature is equivalent to a handwritten signature.

In accordance with the eIDAS Regulation, before a customer provides a digital signature, they have to be identified by means of an appropriate procedure so that the authenticity of the signature is ensured. The POSTIDENT by video chat procedure offers an easy solution for identification that complies with the German Money Laundering Act and is available to a wide range of users.

Yes. After they have been signed, the documents are provided to the private customer for downloading. The customer is also sent a link via e-mail. After re-authentication via mobile TAN, this can be used to download the documents for up to 150 days. Both this period and the frequency in which the documents may be downloaded again are limited.