ARIADNEXT is committed to ensuring that the processing of your personal data from the Remote Identity Verification Service (« PVID Service ») complies with national and European personal data protection legislation.
The purpose of this policy is to explain to you in an understandable and accessible way the processing implemented to understand the reasons for this collection and the conditions under which your data is processed based on the Requirements Framework published by the ANSSI on March 1, 2021 and applicable to Remote Identity Verification Providers (hereinafter the « PVID Framework »).
For this part of the processing, the person responsible for processing your personal data is ARIADNEXT. For more information, please consult the legal notice.
As part of the services provided to our clients, ARIADNEXT is required to process your personal data in order to verify your identity in two stages:
ARIADNEXT applies the principle of data minimisation when processing your data.
The categories of data processed for the two treatments are as follows:
On the basis of the contracts established with our clients, the only recipients of your personal data are the business departments of our client for whom we provide the PVID Service.
It is possible that we may query an identity document validation service operated by the State issuing the document.
Otherwise, the data is only processed by our company ARIADNEXT.
The data is not intended for any other organisation.
Furthermore, no data is transferred outside the European Union.
Depending on the purpose, the length of time your personal data is kept varies.
For the identity verification process, as of the transmission of the result to the client’s business department, the data is kept for ninety-six (96) hours in order to be able to respond to a possible challenge or appeal.
The evidence files are subject to intermediate archiving on the basis of the PVID Repository. The period of retention of evidence files is ten (10) years in principle. This period may be adjusted according to the legal and regulatory requirements of our clients, but may not exceed 15 years.
In the event of identity theft returned by the PVID Service, ARIADNEXT reserves the right to retain the personal data associated with the case of identity theft in order to analyse it for the duration of the analysis. This period may not exceed one (1) year.
In accordance with the RGPD, any organisation processing personal data is bound by a security obligation. Thus, the following security measures have been put in place:
ARIADNEXT is ISO 27 001 certified and hosts the personal data collected.
The regulations applicable to personal data provide that you have the right to access, rectify, delete incomplete or inaccurate personal data concerning you, limit the processing, and request portability.
However, the requirements of the VID Reference Framework limit these rights. In the context of the VID Service, you only have the right of access to your data but not the right of rectification, nor the right to portability of your data, nor the right to deletion of personal data contained in the transmitted result or in the evidence file.
You do not have the right of access to data that has been subject to processing, whether automated or manual, the knowledge of which could inform you of the nature of the checks carried out by the service for the purpose of detecting identity theft.
However, the exercise of certain rights is conditional on the existence of one or more reasons provided for in the regulations on the protection of personal data. Understand your data protection rights.
If you feel, after contacting us, that your rights regarding your data are not being respected, you can submit a complaint to the CNIL.
ARIADNEXT’s Data Protection Officer (DPO) is your contact for any request to exercise your rights regarding this processing.
122 Rue Robert Keller
35510 Cesson-Sévigné
France
You can also send your requests via the website: