Successful data transmission
After successful transmission of the data to the POSTIDENT portal, the user can be forwarded to a business partners website.
Document review and data provision
The recordings are checked in the background using software and machine learning methods. This process uses various security features to verify that the ID documents are genuine, and checks that the photograph on the document matches the video sequence recorded by you. In the event of abnormalities and to check the correct functioning of the software, qualified service employees can be used to check individual identification processes. The identification data is automatically transmitted to the business partner after the check.
In accordance with Article 22 (3) GDPR, you have the right to intervene by a person on the part of the controller, to express your own point of view and to contest the decision when using automated decision-making. These rights are to be asserted against the partner, who can, for example, offer you alternative identification procedures.
Explanations of data collected and transmitted
The ID data and verification data (including the digital copy of the ID document) are collected for transfer to the business partner and for validation of the data. The verification data (e.g. the digital copy of the ID document) is only transferred to business partners that are subject to corresponding regulatory requirements (such as the eIDAS regulation). The ID data and verification data may also by processed by Deutsche Post AG for quality assurance purposes. See also: Quality assurance in AutoID.
Processing of biometric data
As part of AutoID's implementation of the POSTIDENT procedure, biometric data is processed in order to better detect fraud attempts such as identity theft. For example, the position data of the face is compared to the ID document.
Your biometric data will not be stored. Only the results of the processing are stored that do not themselves represent biometric data and do not allow any conclusions to be drawn about the person to be identified. In addition, there is no further processing, e.g. for analyses or profiling.
If you would like to avoid the processing of biometric data, you can alternatively use other methods - if offered by your business partner - such as POSTIDENT via post office or POSTIDENT via online ID function. If these are not offered by your business partner, please contact them.
Quality assurance in the AutoID process
The competent controller within the meaning of the General Data Protection Regulation (GDPR) is Deutsche Post AG.
It may be necessary to collect and use ID data and verification data for the continuous improvement of identification through automated decision-making in the AutoID process. In this case the data is used for the purpose of fraud prevention, for example, and to verify that the machine learning methods and associated software are correct and continuously optimized.
Your data will of course only be kept for as long as it is needed to perform these tasks, after which it will be securely deleted. See retention periods.
Here, too, the backup of strictly confidential data meets the highest standards at all times, and is monitored continuously by our IT security measures.
If, after the identification process, you wish to withdraw your consent to the use of your data for quality assurance purposes in AutoID, please address your withdrawal request to: AutoID.Postident@deutschepost.de
The legal basis for this is Article 6(1)(f) of the GDPR. Identification data is used for quality assurance purposes in order to allow for continuous quality improvement and to avoid decision-making errors in automated processing. The interests of the data subjects are safeguarded through very limited access rights, a storage period of no more than 180 days and a right to object.