Security and privacy

General information about the BetrSign® mobile app and data processing

SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana is the provider of the BetrSign® mobile app.

The BetrSign mobile app enables contactless reading of qualified digital certificates on an electronic ID card using the NFC protocol for secure login to supported IT systems and electronic signing of documents. The mobile application is used as an interface for working with digital certificates and supports the business processes of business entities using BetrSign® services.

The BetrSign® mobile application allows the user to retrieve, store and exchange the necessary identification data or attributes for online authentication when using online public and private services from the ID card, which are displayed on the screen and transmitted to the online service after confirmation.

Type of personal data we process:

The Provider processes the following type of personal data for the purpose of running the application:

  • for contactless verification of qualified digital certificates on an electronic identity card: first name, surname and CAN code,
  • for the transfer of personal data to a different business entity (depending on settings): first name, last name, gender, date of birth, citizenship, nationality, unique master citizen number, document type, document number, expiry date.

The Provider technically allows for the data from the user’s ID card to be transferred to another business entity on the basis of the user’s prior consent. The legal entity that obtains the personal data is responsible for further processing in accordance with the applicable data protection legislation.

The application also allows the user to view the holder’s details on each identity card:

  • First name and surname,
  • Serial number of the identity card,
  • Unique Master Citizen Number,
  • Date of birth,
  • Gender,
  • Expiry date of the identity card,
  • Nationality and
  • Details of the holder’s digital certificates affixed to the electronic identity card:
    • type of digital certificate,
    • the issuer,
    • serial number and
    • the validity of the digital certificate.

This information shall be displayed to the user on request and shall not be stored in the application.

Where is the personal data transferred to?

The BetrSign® mobile app never automatically transmits any data anywhere.

The data is processed exclusively on the user’s mobile device and the BetrSign app. Under no circumstances will the data in the app be transferred to another information system, except at the user’s explicit request (e.g. if the user uses the app to register with an information system).

Information on personal data transfer to a third country or international organisation:

The data is processed exclusively within the territory of the Republic of Slovenia and is not transferred to third countries.

In the case of contactless reading of qualified digital certificates on an electronic identity card, the legal basis for the processing of data is the personal consent of the user or the execution of a contract to which the user is a party. The legal basis is determined by the business entity using BetrSign® services in its business processes.

For the transfer of personal data to another business entity, the legal basis is the personal consent of the user.

Retention period: until consent is withdrawn or the mobile application is deleted.

Is BetrSign secure?

We are one of the leading providers of secure digital transaction management services, listed on the European list of qualified trust services providers. BetrSign is compliant with the most demanding security standards (ISO/IEC 27001:2013 and ISO/IEC 27018:2014) and meets all the requirements of the European eIDAS regulation, the implementing acts of the European Parliament and Council, and the ETSI-specific standards for e-business.

Safety standard: ISO/IEC 27001:2013

Safety standard: ISO/IEC 27001:2013

What rights do I have as a mobile app user?

The provider shall allow the user to withdraw consent or object to the processing of- and access to the data, to request the erasure and/or portability of the data. The provider also allows the restriction of data processing. The rights may be exercised by written application to the e-mail address gdpr@setcce.com or to the physical address SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana.

Complaints: It is possible to lodge a complaint or report against the provider’s conduct in relation to the protection of personal data with the Information Commissioner of the Republic of Slovenia, address: 22 Dunajska Street, 1000 Ljubljana, e-mail: gp.ip@ip-rs.si telephone: 012309730, website: www.ip-rs.si).

For more information on the processing of personal data, please refer to the General Terms and Conditions..