Overview

1. 1. 1. Who is responsible for processing your data?
      2. What data do we collect about you?
      3. Why do we process your personal data?
      4. How will we communicate changes to our privacy policy?
      5. Your rights
      6. Who do we disclose your data to?
      7. International transfers
      8. Where and for how long do we store your data?
      9. Technical and organizational measures and processing safety
      10. Principles for the processing of personal data
          
      11. Communication data
      12. Data protection authority

1. Who is responsible for processing your data?

1.1. “IT Fintech” SRL is a data operator located at Muncesti 1, Chisinau, Republic of Moldova, responsible for your personal data collected and processed through the website myid.md and the MyID Wallet application (hereinafter in this Policy ) referred to as «MYID», «we», «us» or «our»).

1.2. When processing personal data, within the organization, the principles set forth in international acts, directives of the European Parliament and the Council on the protection of individuals with respect to the processing of personal data and on the free movement of such data, as well as national data, are applied – Law №133 of 08.07.2011 “On protection of personal data“, in the requirements for ensuring the security of personal data during their processing in personal data information systems, approved by Government Decree №1123 of December 14, 2010, in the Regulations on the Register of Records of Personal Data Operators, approved by Government Decree №296 of May 15 2012 “and other relevant legislative / regulatory acts.

1.3. The main objectives of the Policy are the availability, integrity and confidentiality of all information, including personal data processed by the company, both during manual processing and in information technology systems and processes. Security is an important component of the optimal execution of IT processes in a company. Compliance with this Policy is fundamental to adequate IT security. It contains requirements and rules to protect all information, including personal data, IT systems and processes, from natural influences, human and technical errors, as well as from deliberate actions that can cause material or non-material damage or lead to violations of human rights law. Given that IT security cannot be guaranteed by technical systems alone, this Policy also covers organizational, legal and other issues.

1.4. For the processing of personal data, MYID has appointed a Data Protection Officer (DPO) who can be contacted using the following contact details: complain@myid.md

2. What data do we collect about you?

We process the following categories of personal data:

2.1. Data obtained as a result of direct interaction

2.1.1. Confirmation of identity

When you go through the MyID Wallet verification process, MYID collects:

• A photocopy of the front side of the identity card and all data in text form that was obtained when processing a photo using OCR technologies;
• A photocopy of the back of the identity card and all data in text form that were obtained when processing photos using OCR technology;
• Video used as proof that you are a living person;
• An image of a face extracted from a document;
• Face image taken from the video;
• Phone details: operating system, name, type, manufacturer, model and version.

2.1.2. Google social identity

When you create your Google Identity Certificate through «MyID Wallet», MYID collects data such as:

• Surname
• Name
• E-mail address
• Profile picture URL.
• Phone details: operating system, name, type, manufacturer, model and version;

2.2. Data collected automatically when you use our Services

2.2.1. Cookies and similar technologies on the website

We use cookies to better manage user sessions. “Cookies” are small text files transmitted by a web server to your device’s hard drive. Cookies can be used to collect the date and time of your visit, history, your preferences and your username. You can set your browser to reject all or some of the cookies, or to warn you when web pages install or access cookies. If you disable or refuse cookies, please note that certain parts of our Services / Platforms may become unavailable or may not function as expected. For more information on the cookies we use, see our Cookie Policy.

2.3. Data from third parties or from publicly available sources

We receive your personal data from various third parties and from publicly available sources, namely:

2.3.1. Certain technical and usage information from analytics providers such as Google.

3. Why do we process your personal data?

We will only use your personal data if permitted by law. Most often, we will use your personal data in the following situations:

• If we need to fulfill a contract that we are about to conclude or that we have entered into with you;
• If it is necessary in our legitimate interests to improve the Services and provide a secure and reliable Platform;
• If we are required to comply with a legal or regulated obligation;
• If you give us your explicit consent (for example, if you accept a photocopy of your newsletter, Google Social Identity, etc.);

Below we have described how we use your personal information and the legal basis on which we rely. We have also identified our legitimate interests, where applicable:

3.1. To provide Services through our Platform

3.1.1. If you are applying for an ID verification process, we use photocopies of your identity document to extract personal information from it, and in some cases, we use IDNP to extract information from the public register and verify that information from the photocopy;

3.1.2. If you are applying to go through the Google Social Identity Verification process, we will use your permission to retrieve the personal information referred to in clause 2.1.2.

3.2. To improve your experience on the Platform

we use the collected data for the following purposes:

• To improve the quality of the Services, we use data to train our ML models.

4. How will we communicate changes to our privacy policy?

We may change this Policy from time to time. We will publish the changes on the project page https://myid.md and inform you through the Platform. However, all collected data is processed in accordance with the policy in force at the time of acceptance of the consent or the terms of service.

5. Your rights

In certain circumstances, you have rights under your data protection law in relation to your personal data. If you would like to exercise any of the rights listed below, please contact us using our contact details.

5.1 The right to request access to your personal data (commonly referred to as «data access request»). This allows you to receive a copy of the personal data we hold about you and to ensure that we process it lawfully.

5.2 The right to request rectification of any data we hold about you. This allows you to correct any incomplete or inaccurate data that we hold about you, although we may need the accuracy of new data that you provide to us.

5.3 The right to demand the restriction of the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following cases:

a) if you want to check the accuracy of the data;

b) if we use the data unlawfully;

c) if you need to save the data, even if we no longer need it, because you need to present, exercise or defend legal claims;

d) if you object to our use of your data and we must ensure that there is a compelling legal basis for our use.

5.4. The right to request the deletion of your personal data. This allows you to ask us to delete or destroy your personal data if there is no compelling reason to continue processing it. You also have the right to ask us to delete or destroy your personal data if you have successfully exercised your right to object to their processing (see below), if we have processed your data unlawfully or if we are required to delete your personal data in accordance with local law. Please note that we are legally obligated to store your data for certain purposes. See section 9 for details.

5.5. The right to request the transfer of your personal data to you or to third parties. We will provide you or third parties with your personal data in a widely used structured format that can be read using a computer. Please note that this right only applies to automatically collected data for which you initially gave us consent, or if we used this data to fulfill a contract with you.

5.6. The right to withdraw your consent to the processing of your personal data at any time. This will not in any way affect the legality of any processing that we have already performed based on prior consent.

5.7. There is no regular fee: you do not need to pay for access to your personal (or for the exercise of any other rights). However, we will charge a reasonable fee if your request is manifestly unfounded, repeated or exaggerated. Alternatively, we may refuse to comply with your request in these circumstances.

5.8. Response time: We aim to respond to all legitimate inquiries within one month. It can sometimes take more than a month if your request is particularly complex or if you have made multiple requests. In this case, we will inform you and keep you informed.

In addition, you have the right to lodge a complaint with the data protection authority at any time.

6. Who do we disclose your data to?

We do not disclose data to anyone except:

6.1. Criminal prosecution bodies, government agencies and others: disclose personal information to prosecuting authorities, government agencies or government agencies and others as required by law or regulation. We may sell, transfer or combine parts of our business or our assets. Alternatively, we may seek acquisitions or mergers with other businesses. If there are changes in our company, the new owners may use your personal data in the same way as prescribed in this Policy.

6.2. Authorized and designated personnel working with the information system.

7. International transfers

When we transfer your personal data to a country outside the European Union, we ensure that the same degree of protection is ensured by implementing at least one of the following safeguards:

• We will only transfer personal data to countries deemed adequate by the European Commission. For more information, see Non-EU Data Protection Compliance.
• If we work with certain service providers, we may use special contracts approved by the European Commission, as a result of which the protection of personal data will comply with EU regulations. For more information, see European Commission: Model Contracts for the Transfer of Personal Data to Third Countries.
• If we do business with US service providers, we may share data with them if they are part of a Privacy Shield Policy that obliges them to provide appropriate protection for personal data transferred between Europe and the United States. For more information see European Commission: EU-US Privacy Shield.

8. Where and for how long do we store your data?

The data that we collect about you will be stored and processed both inside and outside the Republic of Moldova, on secure servers, in order to provide users with the best possible experience. For example – to quickly create web pages or mobile applications.

We will retain your personal data for as long as is necessary to achieve the purposes that we provided when collecting it, including to meet any legal requirements, accounting or reporting.

To determine the required storage time for personal data, we take into account the amount, nature and confidentiality of data, the potential risk of damage caused by unauthorized use or disclosure of your personal data, the purposes for which we process your data, and the possibility of realizing these purposes by other means in accordance with applicable legal requirements.

9. Technical and organizational measures and processing safety

All information we receive about you is stored on secure servers and we have taken appropriate technical and organizational measures to protect your personal data. We constantly assess the security of the network and its compliance with the internal information security program, which is designed to:

a. to protect your data from accidental or illegal loss, access or disclosure;

b. to identify reasonably foreseeable risks to the security of our network;

c. to minimize security risks, including risk assessment and periodic testing.

10. Principles for the processing of personal data

The processing of personal data is based on the following principles:

• the legality of the purposes and methods of processing personal data and good faith;
• compliance of the purposes of processing personal data with the purposes defined above and declared when collecting personal information;
• compliance with the volume and nature of the processed personal data, methods of processing personal data in connection with the purpose of processing personal data;
• the accuracy of personal data, the relevance and the required volume of their processing, the inadmissibility of excessive processing in relation to the purposes of collecting personal data;
• the legality of organizational and technical measures to ensure the security of personal data;
• striving for continuous improvement of the personal data protection system.

11. Communication data

For more information or to exercise your rights, please contact our customer service by phone or email.

Working hours:
Monday-Friday from 09:00 to 18:00;
Lunch break: 12:00 -13: 00 / 13:00 -14: 00;
Weekends: Saturday and Sunday.

24/7 customer support:
Email: support@myid.md

12. Data protection authority

For data protection issues, you can contact your local authority represented by the National Center for Personal Data Protection.

Address: MD-2004, Republic of Moldova, mun. Chisinau, st. Sergey Lazo, 48

Site: http://www.datepersonale.md/