Условия защиты данных программного обеспечения ID-карты Департамента Государственной Инфосистемы

Документ об условиях защиты данных Департамента Государственной Инфосистемы поясняет, как происходит использование личных данных в программном обеспечении ID-карты (в том числе, DigiDoc4 клиент, сервис валидации цифровых подписей RIA - SiVa и мобильное приложение RIA - DigiDoc ): характер данных, с какой целью передаются данные и каким лицам.  

  • Условия защиты данных, действуют с 02.02.2023 г.

    Data Protection Terms for the ID-Software of the Information System Authority

    Approved on 02.02.2023

    In this document, we explain what personal data is processed by the Information System Authority’s (hereinafter RIA) ID-software and for what purpose, including to which third party service providers, for what purpose, and what types of data is forwarded.

    1. These data protection terms apply to:
      1. the DigiDoc4 Client;
      2. RIA’s DigiDoc mobile apps (iOS and Android);
      3. RIA’s Digital Signature Validation Service (SiVa);
      4. Web eID browser extension.
    2. The data subject (hereinafter user) is a natural person who uses the ID-software.
    3. COMPOSITION OF PROCESSED DATA
      1. The DigiDoc4 Client, the RIA DigiDoc mobile application, and the automatic software update control application regularly contact the Information System Authority’s server to check for available software and configuration updates. The application transmits to the server:
        1. the software version number;
        2. the computer’s and phone’s operating system name and version number;
        3. the computer’s or phone’s language settings:
        4. the card reader’s and card reader driver’s information, if connected;
        5. the user’s IP address.
      2. Upon signing with the DigiDoc4 Client, the following data will be transmitted to the validity confirmation service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the DigiDoc library version number;
        3. the computer’s operating system name and version number;
        4. the format of the envelope (i.e. container) to be signed;
        5. the serial number of the user certificate;
        6. the user’s IP address.
      3. Upon signing with the DigiDoc4 Client, the following data will be transmitted to the timestamping service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the DigiDoc library version number;
        3. the computer’s operating system name and version number;
        4. the signature hash (i.e. signature message digest);
        5. the user’s IP address.
      4. Upon signing with mobile-ID via the DigiDoc4 Client, the following data will be transmitted to the MID REST API web service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s phone number;
        5. the user’s IP address.
      5. Upon signing with Smart-ID via the DigiDoc4 Client, the following data will be forwarded to the Smart-ID service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s IP address.
      6. Upon validation of digitally signed PDF documents via the DigiDoc4 Client, the following data will be transmitted to the Digital Signature Validation Service SiVa of the Information System Authority:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the whole document;
          2. the signer’s certificate information.
      7. Upon validation of digitally signed DDOC documents via the DigiDoc4, the following data will be transmitted to the Digital Signature Validation Service SiVa of the Information System Authority:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the title of the envelope (i.e. container) to be signed;
          2. the whole document;
          3. the signer’s certificate information.
      8. Upon launching the DigiDoc4 Client, the following will be transmitted for loading the Estonian trust list to the trust list holder, which is the Estonian Information System Authority (sr.riik.ee):
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s IP address.
      9. Upon uploading a document photo via the DigiDoc4 Client, the following data will be transmitted to the Information System Authority:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s authentication certificate;
        4. the user’s IP address.
      10. Upon signing with the RIA DigiDoc mobile application, the following data will be transmitted to the validation service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the DigiDoc library version number;
        3. the phone’s operating system name and version number;
        4. the format of the envelope (i.e. container) to be signed;
        5. the serial number of the user certificate;
        6. the user’s IP address.
      11. Upon signing with the RIA DigiDoc mobile application, the following data will be transmitted to the timestamping service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the DigiDoc library version number;
        3. the phone’s operating system name and version number;
        4. the signature hash (i.e. signature message digest);
        5. the user’s IP address.
      12. Upon signing with mobile-ID via the RIA DigiDoc mobile application, the following data will be transmitted to the MID REST API web service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s phone number;
        5. the user’s IP address.
      13. Upon signing with Smart-ID via the RIA DigiDoc mobile application, the following data will be transmitted to the Smart-ID service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s IP address.
      14. Upon validating the digital signatures of signed PDF documents via the RIA DigiDoc mobile application, the following data will be transmitted to the digital signature validation service SiVa of the Information System Authority:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the whole document;
          2. the signer’s certificate information.
      15. Upon validating the digital signatures of signed DDOC documents via the RIA DigiDoc mobile application, the following data will be transmitted to the digital signature validation service SiVa of the Information System Authority:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the title of the envelope (i.e. container) to be signed;
          2. the whole document;
          3. the signer’s certificate information.
      16. Upon launching the RIA DigiDoc mobile application, the following data will be transmitted to the trusted list holder, which is the Information System Authority (sr.riik.ee), for loading the Estonian Trusted List:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s IP address.
      17. Upon authentication to the e-service with an ID-card using the Web eID browser extension, the following data will be transmitted to the e-service:
        1. the user’s certificate for authentication;
        2. URL of the website origin for authentication.
      18. Upon signing to the e-service with and ID-card using the Web eID browser extension, the following data will be transmitted to the e-service:
        1. the user’s certificate for signing.
    4. INFORMATION SYSTEM AUTHORITY’S LOGS
      1. Upon using the ID-software, the timestamp, mobile-ID, and Smart-ID inquiries specified in clauses 3.3–3.5, 3.11–3.13 are executed through RIA’S information systems, where they are logged.
      2. RIA also logs the inquiries specified in clauses 3.1, 3.6–3.9, 3.14-3.16.
      3. Upon using the ID-software the inquires specified in clauses 3.17 and 3.18 are not logged by RIA.
      4. RIA maintains the logs for 1 year.
      5. Log data is released by law, for example to the data subject at their request, with their consent, or on any other statutory basis (for example, to a law enforcement authority in criminal proceedings).

Прежние версии условий защиты данных:

  • Условия защиты данных, действуют до 01.02.2023 г.

    Data Protection Terms for the ID-Software of the Information System Authority

    Approved on 20.07.2022

    In this document, we explain what personal data is processed by the Information System Authority’s (hereinafter RIA) ID-software and for what purpose, including to which third party service providers, for what purpose, and what types of data is forwarded.

    1. These data protection terms apply to:
      1. the DigiDoc4 Client;
      2. RIA’s DigiDoc mobile apps (iOS and Android);
      3. RIA’s Digital Signature Validation Service (SiVa);
      4. Web eID browser extension.
    2. The data subject (hereinafter user) is a natural person who uses the ID-software.
    3. COMPOSITION OF PROCESSED DATA
      1. The DigiDoc4 Client, the RIA DigiDoc mobile application, and the automatic software update control application regularly contact the Information System Authority’s server to check for available software and configuration updates. The application transmits to the server:
        1. the software version number;
        2. the computer’s and phone’s operating system name and version number;
        3. the computer’s or phone’s language settings:
        4. the card reader’s and card reader driver’s information, if connected;
        5. the user’s IP address.
      2. Upon signing with the DigiDoc4 Client, the following data will be transmitted to the validity confirmation service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the DigiDoc library version number;
        3. the computer’s operating system name and version number;
        4. the format of the envelope (i.e. container) to be signed;
        5. the serial number of the user certificate;
        6. the user’s IP address.
      3. Upon signing with the DigiDoc4 Client, the following data will be transmitted to the timestamping service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the DigiDoc library version number;
        3. the computer’s operating system name and version number;
        4. the signature hash (i.e. signature message digest);
        5. the user’s IP address.
      4. Upon signing with mobile-ID via the DigiDoc4 Client, the following data will be transmitted to the MID REST API web service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s phone number;
        5. the user’s IP address.
      5. Upon signing with Smart-ID via the DigiDoc4 Client, the following data will be forwarded to the Smart-ID service of SK ID Solutions AS:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s IP address.
      6. Upon validation of digitally signed PDF documents via the DigiDoc4 Client, the following data will be transmitted to the Digital Signature Validation Service SiVa of the Information System Authority:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the whole document;
          2. the signer’s certificate information.
      7. Upon validation of digitally signed DDOC documents via the DigiDoc4, the following data will be transmitted to the Digital Signature Validation Service SiVa of the Information System Authority:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the title of the envelope (i.e. container) to be signed;
          2. the whole document;
          3. the signer’s certificate information.
      8. Upon launching the DigiDoc4 Client, the following will be transmitted for loading the Estonian trust list to the trust list holder, which is the Estonian Information System Authority (sr.riik.ee):
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s IP address.
      9. Upon uploading a document photo via the DigiDoc4 Client, the following data will be transmitted to the Information System Authority:
        1. the DigiDoc4 Client software version number;
        2. the computer’s operating system name and version number;
        3. the user’s authentication certificate;
        4. the user’s IP address.
      10. Upon signing with the RIA DigiDoc mobile application, the following data will be transmitted to the validation service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the DigiDoc library version number;
        3. the phone’s operating system name and version number;
        4. the format of the envelope (i.e. container) to be signed;
        5. the serial number of the user certificate;
        6. the user’s IP address.
      11. Upon signing with the RIA DigiDoc mobile application, the following data will be transmitted to the timestamping service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the DigiDoc library version number;
        3. the phone’s operating system name and version number;
        4. the signature hash (i.e. signature message digest);
        5. the user’s IP address.
      12. Upon signing with mobile-ID via the RIA DigiDoc mobile application, the following data will be transmitted to the MID REST API web service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s phone number;
        5. the user’s IP address.
      13. Upon signing with Smart-ID via the RIA DigiDoc mobile application, the following data will be transmitted to the Smart-ID service of SK ID Solutions AS:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s personal identification code;
        4. the user’s IP address.
      14. Upon validating the digital signatures of signed PDF documents via the RIA DigiDoc mobile application, the following data will be transmitted to the digital signature validation service SiVa of the Information System Authority:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the whole document;
          2. the signer’s certificate information.
      15. Upon validating the digital signatures of signed DDOC documents via the RIA DigiDoc mobile application, the following data will be transmitted to the digital signature validation service SiVa of the Information System Authority:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s IP address;
        4. the signed document, including
          1. the title of the envelope (i.e. container) to be signed;
          2. the whole document;
          3. the signer’s certificate information.
      16. Upon launching the RIA DigiDoc mobile application, the following data will be transmitted to the trusted list holder, which is the Information System Authority (sr.riik.ee), for loading the Estonian Trusted List:
        1. RIA DigiDoc mobile application version number;
        2. the phone’s operating system name and version number;
        3. the user’s IP address.
      17. Upon authentication to the e-service with an ID-card using the Web eID browser extension, the following data will be transmitted to the e-service:
        1. the user’s certificate for authentication.
      18. Upon signing to the e-service with and ID-card using the Web eID browser extension, the following data will be transmitted to the e-service:
        1. the user’s certificate for signing.
    4. INFORMATION SYSTEM AUTHORITY’S LOGS
      1. Upon using the ID-software, the timestamp, mobile-ID, and Smart-ID inquiries specified in clauses 3.3–3.5, 3.11–3.13 are executed through RIA’S information systems, where they are logged.
      2. RIA also logs the inquiries specified in clauses 3.1, 3.6–3.9, 3.14-3.16.
      3. Upon using the ID-software the inquires specified in clauses 3.17 and 3.18 are not logged by RIA.
      4. RIA maintains the logs for 1 year.
      5. Log data is released by law, for example to the data subject at their request, with their consent, or on any other statutory basis (for example, to a law enforcement authority in criminal proceedings).