POSTIDENT – additional data privacy information
The information below supplements Deutsche Post AG’s general data privacy information, describing special aspects of the available identification and signature processes.
- POSTIDENT by post office
- POSTIDENT by video chat
- POSTIDENT by eID
- POSTIDENT by photo
- POSTIDENT E-Signing
1. General information
Many businesses (referred to below as “business partners”) need to be able to identify their contractual partners (“users”). For example, Germany’s Money Laundering Act (Geldwäschegesetz – GwG) requires that businesses in certain sectors (such as providers of financial services or special insurance products, or casinos or other organizers/operators of games of chance) verify the identities of their customers/users. In addition to the requirements of the GwG, there are other situations involving an obligation to verify identity, including an identity check following the purchase of a prepaid SIM card as stipulated by the German Telecommunications Act (Telekommunikationsgesetz – TKG) and proof of age for the use of adults-only services or online gaming.
In addition to identity checks, some companies also need to verify specific personal authorizations. For example, car sharing or rental services need to verify that a user has a valid driver’s license. In addition, identifying the user (signer) is an important prerequisite for the creation of a qualified electronical signature (digital signature).
Protection of the privacy of the person to be identified (referred to below as “user”) during the processing of personal data is of great importance to Deutsche Post AG and is provided for in all POSTIDENT processes.
POSTIDENT designates the processes used to gather identity data or the complete process of establishing the identity of individuals (e.g., in a post office or video chat) for business partners.
Identification data is data (such as data from an ID card) gathered for and provided to a business partner for a specific purpose as part of a POSTIDENT process.
Verification data is information and recordings (e.g., scans of ID documents) that must be recorded and processed due to legal requirements or legitimate interests in order to prove that identification measures were carried out.
2. Purpose, use and legal basis
All data collected or otherwise obtained in POSTIDENT processes are used by Deutsche Post AG solely for the purpose of identifying individuals for its business partners. An exception is POSTIDENT E-Signing; see the POSTIDENT E-Signing (digital signature) section. Any other use is only permitted with the user’s consent.
Identification is required for the contractual relationship between the user and the business partner, usually due to legal requirements; the legal basis is Article 6 (1) (b) and (c) of the General Data Protection Regulation.
3. Type and scope
The scope of data processing and use by Deutsche Post AG in connection with identification processes depends on the reasons for such processes, i.e., the intended or existing contractual relationship between you as the user and the business partner concerned, and the legal requirements calling for proof of identification, e.g., in accordance with the Geldwäschegesetz (Germany’s money laundering act), the Telekommunikationsgesetz (Germany’s telecommunications act), etc.
At most, Deutsche Post AG will (depending on the situation) collect the following user data when identifying a person with POSTIDENT.
1. ID card data
- Form of address
- Title/academic degree
- Last name
- First name (all first names)
- Name at birth
- Place of birth
- Date of birth
- Nationality
- Street and house number
- Zip code and town/city
- ID information such as type of ID, ID number, place of issue, date of issue, issuing authority, expiration date
- Mobile telephone
- Email address
During the identification process, you may receive an e-mail with a case number that can be used at any time to start the identification process. The user’s e-mail address is needed for this purpose. For some identification methods, a mobile telephone number will be needed to receive a TAN as an additional secure factor for two-factor authentication.
2. Driver’s license information
Users identifying themselves for providers of mobility services such as car sharing or car rental need a valid official driver’s license. During the identification process, Deutsche Post AG will collect the following additional data:
- License number
- Country of issue
- Expiration date
- Date of issue
- License categories (including date of issue, expiration date and any additional information)
3. Verification data
If the business partner requests identification compliant with certain legal requirements (e.g., Geldwäschegesetz (GwG - German money laundering act), Telekommunikationsgesetz (TKG German telecommunications act), eIDAS (electronic IDentification, Authentication and trust Services) Regulation and the like), this includes transmission of the ID information and, depending on the identification method, the verification data. Depending on the method, this can include:
- Photo or screenshot of user
- Photo or scan of ID document
- Photo or scan of driver’s license
- Recording (audio and video) of entire identification process
4. Transfer of data
If the identification process takes place with the specific intention of reaching an agreement with a business partner, the data required for the relevant proof of identity will be transferred to the intended business partner after completion of the identification process.
Service companies and service providers are included for customer service and IT services.
Data processing takes place only in audited data centers within the territory of the European Union and in the European Economic Area.
5. Description of the methods
The rules described below apply for the individual identification methods:
POSTIDENT by post office
Main steps in the identification process
- Identification process begins when user presents POSTIDENT coupon
- User’s ID checked with ID reader by employee in post office; ID data copied automatically
- Employee in post office checks the data and verifies that the photograph on the ID document matches the user
- User verifies data and provides sample signature
- Transfer of data to business partner
Notes regarding recorded and transferred data
Due to regulatory requirements, your ID document will also be scanned during the identification process at the post office of your choice.
The ID data and the digital copy of the ID document are only recorded for transfer to the business partner and for verifying the data. The digital copy of the ID document is only transferred to business partners that are subject to corresponding regulatory requirements such as the Geldwäschegesetz (GwG - German money laundering act), the Telekommunikationsgesetz (TKG - German telecommunications act) or the eIDAS Regulation.
POSTIDENT by video chat
Main steps in the identification process
Identification process begins on business partner website
Transfer from business partner website to identity check on POSTIDENT portal.
Selection of POSTIDENT by video chat as method
As needed, entry of personal information and selection of the ID document to be used in the identification process.
Video chat
Using the camera in the user’s device, a service employee leads the user through the video identification process, verifies the ID data and takes photos.
Provision of identification data
By entering a TAN received via text message, the user confirms and concludes the identification process.
Notes regarding recorded and transferred data
During POSTIDENT by video chat, the following are also produced:
- Photo or screenshot of user (portrait)
- Photo or screenshot of ID document
- Complete audio-visual recording of the process
POSTIDENT by eID
Main steps in the identification process
- Transfer of user from business partner website to identity check on POSTIDENT portal
- In the portal, the user can choose to use the POSTIDENT by eID via desktop or smartphone
- In the case of identification via desktop, the user will be automatically routed to the AusweisApp2 website with the software from the German government’s service provider (Governikus) and the AusweisApp2 will start
- In the case of identification via smartphone, the identification process runs via the Postident app
- By entering the six-digit PIN from their ID, the user agrees to the encrypted transfer of the previously displayed information
Notes regarding recorded and transferred data
The ID data are only recorded for transfer to the business partner.
POSTIDENT by photo
Main steps in the identification process
Identification process begins on business partner website
Transfer from business partner website to identity check on POSTIDENT portal.
Selection of POSTIDENT by photo as method
Take photos of the documents (ID document and/or driver’s license) and a short video of the face. Transfer the data to the POSTIDENT portal for verification.
Successful data transfer
After successful transfer of the data to the POSTIDENT portal, the user is routed back to the business partner’s website.
Document inspection and provision of data
Trained service employees inspect the documents in the background. The identification data are automatically transferred to the business partner.
Notes regarding recorded and transferred data
The photos and data from the ID document and/or driver’s license and the brief video portrait of the user are only recorded for transfer to the business partner.
POSTIDENT E-Signing (digital signature)
Main steps in the digital signature process
How the digital signature works with POSTIDENT E-Signing:
Transfer of user from business partner website to identity check on POSTIDENT portal
Identification of the user (signer) based on POSTIDENT by video chat and issuance of a digital certificate via the signature service
Display of the documents to be signed for review by the user after successful identification
Approval to apply valid digital signature and consent to the terms and conditions of use and the certification guidelines (excerpt from certification practice statement) by entering a TAN received via text message (conclusion of contract)
Confirmation of successful creation of the digital signature for the user and offer to download the signed documents
Notes regarding recorded and transferred data
The collected data regarding the user are used solely for providing identification, certificate generation and signature services; it is subsequently archived. In accordance with the stipulations of the eIDAS Regulation, the data are kept at DPAG until the cessation of the trust service’s activity. Should DPAG cease the activity, the data will then be transferred to the Bundesnetzagentur (German network agency) the national supervisory authority responsible for eIDAS) for providing evidence in legal proceedings and for ensuring continuity of the service; (see eIDAS article 24 (2) (h). The user data compiled and kept for this identification method are described in the POSTIDENT by video chat section.
6. Interruption and resumption
Cancelation of the POSTIDENT process and withdrawal
The user can cancel the identification or signature process at any time and withdraw consent for data recording and transfer. To the extent that no identification data have been transferred to the relevant business partner until that time, the recorded data will be deleted (subject to statutory retention periods or other legal requirements).
Resumption of POSTIDENT process
In case of interruptions in the online identification or signature process during use of POSTIDENT by eID, POSTIDENT by video chat, POSTIDENT by photo or POSTIDENT E-Signing, the user will receive via e-mail a link for trouble-free resumption of the process. After completion of the POSTIDENT by video chat, POSTIDENT by eID, POSTIDENT by photo or POSTIDENT E-Signing process, this data will be deleted after no more than ninety days. In the case of a signature process in POSTIDENT E-Signing, authentication with a TAN received via text message is required for resumption after online identification for security reasons.
7. Storage period and erasure of data
Different storage periods and deletion deadlines apply depending on the progress of the selected identification method.
| Progress | Type of data |
Storage period | Notes |
|---|---|---|---|
| Before completion of identification process |
|
90 days | Deletion as long as identification process not completed |
| After identification | Identification data/verification data | Maximum 150 days | As long as business partner does not delete the data earlier. |
8. Security of the POSTIDENT portal and your data
The identification processes described above provide a maximum level of data security. We offer complete security for your data when using the portal and its services. All pages in the portal are protected with SSL (secure sockets layer) encryption to prevent unauthorized reading or modification of the transferred data.
- Your data are confidential; data transfer via the internet only takes place with encryption.
- Server authenticity is assured; data processing takes place only in audited data centers within the territory of the European Union and in the European Economic Area.
- Your data are protected against tampering; algorithms ensure that data reach our servers complete and unaltered.
9. Saving IP addresses
Due to regulatory requirements and for security reasons, during use of POSTIDENT online the Deutsche Post AG web server stores the IP address, the website from which the user visits the website, the pages visited by the user at Deutsche Post AG, and the date and time of access. The maximum storage duration for this data is ninety days.