Yes, the Verifai Web SDK is fully GDPR-compliant. During the development we constantly kept the GDPR-regulations in our mind. Here’s how:
Transparency: the customer knows that his/her data is being used and processed, gave permission to do so and knows his/her rights. Users of Verifai are asked for permission and made aware of what information gets processed or not. At any time, a customer can refuse the service by not scanning his/her ID. Also, our software uses privacy filters: sensitive personal information that isn’t needed for a certain service (e.g. photos and personal identification numbers) is never being recorded.
Goal restriction: personal data is only collected for authorized and lawful purposes and may not be used for any other purposes. Verifai never uses, extracts or stores personal data for own use. Therefore, any extracted personal information on scanned ID-documents is solely being used for the intended purposes. Although our software uses machine learning, the data used to improve our software never includes any personal information.
Data restrictions: only necessary personal information gets collected. Thanks to redaction of sensitive data such as photos and personal documents before it is returned to the customer, both the customer and the client are ensured that only relevant data is collected. Our software can easily be adapted to a client’s needs. We offer a tailor-made redacting solution so you can choose which sensitive information should be extracted (because it’s needed) and which information should be blocked. Want to see how it works? Check this video. The process is similar on web.
Correctness of data: personal information should be correct and should stay correct. By using our ID scanner you are able to bypass human error from manually entering personal information. Therefore, the margin of error is significantly reduced. Verifai itself is capable of realising 100% correct data for each document that is recognised. In the unlikely event that Verifai is incapable of recognizing a document, it won’t enter incorrect data, but no data at all. This reduces the risk of entering incorrect data.
Storage restrictions: personal information (stored for the intended goal) should never be stored longer than necessary. Verifai stores the results of a successful scan on its own servers for a very limited time. As soon as the client has retrieved the data, it is immediately deleted from our servers. Scanned personal information is then transferred to our client’s system, who can determine by themselves how long they need the data, to be compliant with GDPR regulations.
Integrity and trust: Personal information should be protected against unauthorized access, loss, theft and destruction. Verifai is designed to ensure maximum safety and security of personal information. Since we limit personal data on our servers, the risk of unauthorized access, loss, theft and destruction from our own servers is limited. We support only TLS 1.2 to ensure a completely secure connection.