To effectively conduct the activities in this pilot, it will be necessary to process specific personal data that participants are required to provide throughout the various activities and processes. This section provides information concerning our procedures for processing your personal data.
The activities involved in this pilot will involve different entities. As part of the test, you will be asked to download the digital identity wallet provided by iGrant.io or Validated ID and to request the issuance of the Photo ID credential to Intesi (also supported by Sicpa and Incert). The Photo ID Credential will include all your passport details (including all the data in the passport: full name, passport holder’s photo, date of birth, nationality, gender, passport number, personal identification number when applicable, date of issue, date of expiry, issuing authority and holder’s signature). These data will be exclusively stored on your device in the digital identity wallet. In addition, you will request the generation of a digital identity credential containing a set of personal data, including your current address, phone number, number of travellers and the relationship between them. In a second step, you will share the necessary data with Apartamentos Michelangelo during your check-in process in accordance with legal obligations established in the Royal Decree 933/2021, of October 26, establishing the documentary and information registration obligations of natural or legal persons engaged in accommodation and motor vehicle rental activities (Real Decreto 933/2021).
Concluded these steps, data are processed in a manner consistent with a standard check-in process, with the particularity of involving the sharing of a digital identity credential. For verification and validation purposes, this involves the use of certain technologies provided by independent entities, subject to the necessary contracts as data processors.
The processing of your personal data for the issuance of the respective digital credentials will be conducted strictly in accordance with your consent. This includes both general personal data, which will be processed based on your consent in accordance with Article 6(1)(a) and Article 7 of the General Data Protection Regulation (GDPR), and special categories of personal data, specifically biometric data, which will be processed only with your explicit consent, as required under Article 9(2)(a) of the GDPR. The disclosure of personal data to Apartamentos Michelangelo will be carried out in accordance with a legal obligation pursuant to Article 6(1)(c) of the General Data Protection Regulation (GDPR).
It is important to note that these procedures adhere to stringent compliance with GDPR principles and obligations, ensuring that the collection of data is minimized, deletion of personal data takes place as soon as possible, processing is confined when feasible to the user’s device, and robust security measures are implemented while ensuring your awareness. Specifically, iGrant.io or Validated ID, in their capacity as wallet providers, do not retain any personal data nor has access to these personal data, ensuring these data are only received by the intended relying party for the purposes of compliance with their legal obligations, pursuant to the abovementioned Royal Decree.
No data will be shared with third parties, and any publication of results will be fully anonymized, ensuring that the data cannot be traced back to any identifiable individual.
During this process, your data will be deleted immediately after the credential is issued into your digital identity wallet application. Participation in this pilot does not involve the extended retention of your personal information; data retention will be limited to Apartamentos Michelangelo and handled in a manner similar to a standard check-in using physical documents. Importantly, any sensitive information, such as that contained in the Photo ID credential, will be permanently removed from the digital identity wallet application as soon as the credential or the application is deleted. This information will not be reused, shared, or made accessible to any third parties.
Your email address may be temporarily retained to communicate the testing results or other updates about the testing activity and provide feedback, after which it will also be deleted.
Although you will be provided with consent for the processing of personal data throughout the pilot activities, Sicpa has been designated as the primary contact point for data protection matters within this pilot. You can direct your inquiries to Sicpa (Sebastian.Vandewaal@sicpa.com), and they will liaise with the other organizations as needed to ensure your request is handled appropriately. However, we would like to remind you that Sicpa is acting only in its capacity as pilot coordinator. Throughout this pilot, you will therefore be asked to consent to specific data processing operations, and you will be provided with the relevant contact information for the entity responsible for each process. Finally, we would like to remind you that, as a participant, you have the following rights under the GDPR, which you will be able to exercise within the framework of the pilot specifics (i.e. the digital identity wallet application):
Right of access: you can request access to and a copy of your personal data anytime, without justification.
Right to rectification: you can request corrections to any inaccurate or incomplete data we hold about you.
Right to erasure: you can withdraw consent, and your data will be deleted as soon as possible in compliance with applicable legal obligations. Data stored in the digital identity wallet application will be erased when you delete the application.
Right to restrict processing: you can request limitations on how your data is used in certain situations.
Right to data portability: you can request your data be transferred to another organization in a structured, machine-readable format.
If you believe your rights have been violated, you have the right to file a complaint with the Agencia Española de Protección de Datos. You can find their contact information here: https://www.aepd.es/, email: https://sedeaepd.gob.es/sede-electronica-web/ , phone 900 293 183
do you need assistance?
