Photo ID – Privacy Notice

Privacy Policy on personal data processing ex Reg. EU 2016/679 art.13-14

Dear Participant, pursuant to art. 13 and 14 of Regulation EU2016/679, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter, ‘GDPR’), we inform you that, as a Trust Service Provider (hereinafter, ‘QTSP’), Intesi Group Spa(with registered office in via Torino 48, 20123 Milan, Italy), will process personal data supplied by you or collected from third parties, in compliance with GDPR and with any other law provisions in force and/or that would be subsequently issued regarding personal data protection.

This processing will be based on principles of correctness, lawfulness and transparency. Your personal data will be processed in compliance with the legal provisions of the aforementioned regulation and will be strictly inherent, complete and not excessive in relation to the purposes pursued.

Purposes and legal base of the processing:

Intesi Group collects and stores your personal data for the sole purpose of providing you with the order to issue the Photo ID credential  in  the framework of the new trust service of issuance of electronic attestations of attributes pursuing Regulation (Eu) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework.

In particular, we process your data for the issuance of the Photo ID credential in the scope of the piloting activities as part of the works of the EU Digital Identity Wallet Consortium Project – EWC (co-funded by the EU’s Digital Europe Programme under Grant Agreement – GAP-101102744). Participants use the EUDI Wallet provided by iGrant.io to provide the necessary data during their check-in process at Apartamentos Michelangelo.

As part of the test, you are required to download the digital identity wallet provided by iGrant.io or Validated ID. After downloading, you now need to request the issuance of a Photo ID credential that includes the information from your passport. To do this, you will need to scan your passport and complete a biometric and liveness check.

Legal basis for personal data processing is:

We ask for your consent to process your personal data for the issuance of the Photo ID credential. This includes both general personal data, which will be processed based on your consent in accordance with Article 6 (1) (a) of the General Data Protection Regulation (GDPR), and special categories of personal data, specifically biometric data, which will be processed only with your explicit consent, as required under Article 9 (2) (a) of the GDPR.

The types of personal data collected to enable you to join and participate in the pilot project are as follows:

  1. Passport data, including:
    • Passport holder’s photo
    • Passport number
    • National ID number (depending on the issuing country)
    • Full name
    • Date of birth
    • Place of birth
    • Gender
    • Nationality
    • Signature
  2. Biometric data, including a live facial image and facial landmarks.
  3. Wallet’s public key

These data will be used exclusively for the purpose of issuing a Photo ID credential in your digital identity wallet. No additional personal data will be requested from you beyond what is necessary for this purpose.

Processing of your personal data occurs in an automated and/or manual form with logic strictly related to the purposes indicated above and in compliance with the provisions of GDPR art. 32 regarding security measures.

In order to pursue the purposes described above, Intesi Group will communicate your personal data exclusively to its employees, similar personnel, collaborators who will act as authorized parties and/or Data Processors, and, in particular, to the following parties:

  • employees or collaborators of Intesi Group authorized to process data
  • Data Processors specific to the pilot project:
    1. Sicpa, as the Credential Exchange Platform provider, is responsible for formatting the personal data collected into a Photo ID credential. This credential is then sent for encryption and signature by Intesi, who will forward the signed credential to Sicpa for provision into the end-user’s digital identity wallet application. The processing of these personal data will take place within the European Union and Switzerland, in accordance with the European Commission’s Adequacy Decision 2000/518/EC of 26 July 2000 for Switzerland (pursuant to Article 45 of the GDPR), as confirmed in the Report from the Commission to the European Parliament and the Council on the first review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC, and under the relevant intra-group agreements governing data transfers between the company’s branches.
    2. Incert, as the scanning and live biometric verification technology provider, will represent the first step of the process, collecting data from the user and their physical passport. These data will then be forwarded to Sicpa for formatting into a Photo ID credential. All personal data processing activities will take place within the scope of the European Union.

These processors will act in accordance with the provisions of Article 28 of the GDPR and will process the data solely in accordance with the instructions of the data controller, adopting appropriate technical and organisational measures.

Personal data collected will not be disclosed to third parties and will not be communicated without your explicit consent, except for the necessary communications that may involve data transfer to public bodies, consultants or others subjects to fulfil legal obligations.

We inform you that, in compliance with the principles of lawfulness, purpose limitation and data minimization pursuant to GDPR art. 5, the participating entities will not retain any personal data provided during the issuance of the Photo ID Credential. 

We collect personal data directly from you during the different phases of issuing the Photo ID credential (passport scanning and biometric liveness check). Your personal data is only processed during this issuance, and no data is stored afterward, as it is permanently and irrevocably deleted. The data contained in the Photo ID credential is stored in your digital identity wallet application provided by iGrant.io or Validated ID, which, as a wallet provider, does not retain or have access to any personal data contained in your Photo ID credential. 

Your personal data will be deleted as soon as the issuance of the Photo ID credential has concluded. 

Data Controller: Pursuant to the Law, the Data Controller is Intesi Group Spa (Via Torino 48 , 20123 Milano (MI), VAT no. 02780480964, contactable as follows: e-mail privacy@intesigroup.com, telephone 026760641) in the person of its current legal representative. Pursuant to GDPR art. 37, the Data Controller designated a Data Protection Officer (“DPO”), whom you can contact to exercise your rights as well as to receive any information about your rights.

The DPO’s contact details are the following: Andrea Lisi e-mail dpo@intesigroup.com

For the personal data concerning you, you have the right to obtain from the Data Controller the erasure (‘right to be forgotten’), limitation, update, rectification, portability, objection to the processing and, in general, you can exercise all the rights provided for in GDPR art. 15, 16, 17, 18, 19, 20, 21, 22.

To exercise any of these rights, you can contact Intesi Gorup at: dpo@intesigroup.com

If you believe your rights have been violated, you have the right to file a complaint with the relevant Data Protection Authority. You can find their contact information here: 

 https://www.garanteprivacy.it/web/garante-privacy-en

email: protocollo@gpdp.it, phone  +39 06.696771

Privacy policy

do you need assistance?

get in touch