POSTIDENT – additional data privacy information

The information below supplements Deutsche Post AG’s general data privacy information, describing special aspects of the available identification and signature processes. Deutsche Post offers these processes on behalf of its business partners, who are responsible for the processing of your personal data in the meaning of the General Data Protection Regulation.

• POSTIDENT by post office
  
• POSTIDENT by video chat
  
• POSTIDENT by eID
  
• POSTIDENT by photo
  
• POSTIDENT by AutoID
• POSTIDENT E-Signing
• POSTIDENT Delivery
  

1. General information

2. Purpose, use and legal basis

3. Type and scope

4. Transfer of data

5. Description of the methods

6. Interruption and resumption

7. Storage period and erasure of data

8. Security of the POSTIDENT portal and your data

9. Saving IP addresses

10. Google Maps

Many businesses (referred to below as “business partners”) need to be able to identify their contractual partners (“users”). For example, Germany’s Money Laundering Act (Geldwäschegesetz – GwG) requires that businesses in certain sectors (such as providers of financial services or special insurance products, or casinos or other organizers/operators of games of chance) verify the identities of their customers/users. In addition to the requirements of the GwG, there are other situations involving an obligation to verify identity, including an identity check following the purchase of a prepaid SIM card as stipulated by the German Telecommunications Act (Telekommunikationsgesetz – TKG) and proof of age for the use of adults-only services or online gaming.

In addition to identity checks, some companies also need to verify specific personal authorizations. For example, car sharing or rental services need to verify that a user has a valid driver’s license. In addition, identifying the user (signer) is an important prerequisite for the creation of a qualified electronical signature (digital signature).

Protection of the privacy of the person to be identified (referred to below as “user”) during the processing of personal data is of great importance to Deutsche Post AG and is provided for in all POSTIDENT processes.

POSTIDENT designates the processes used to gather identity data or the complete process of establishing the identity of individuals (e.g., in a post office or video chat) for business partners.

Identification data is data (such as data from an ID card) gathered for and provided to a business partner for a specific purpose as part of a POSTIDENT process.

Verification data is information and recordings (e.g., scans of ID documents) that must be recorded and processed due to legal requirements or legitimate interests in order to prove that identification measures were carried out.

All data collected or otherwise obtained in POSTIDENT processes are used by Deutsche Post AG for the purpose of checking the identity of individuals on behalf of its business partners. Please contact the responsible business partner for further questions regarding the processing of your personal data. An exception is POSTIDENT E-Signing; see the POSTIDENT E-Signing (digital signature) section. Any other use is only permitted with the user’s consent. The only two exceptions are:

1. POSTIDENT E-Signing process. See the POSTIDENT E-Signing (digital signature) section. Any other use is only permitted with the user's consent.
2. Data collected for quality assurance purposes in the AutoID process. See the description of quality assurance in the AutoID process

The scope of data processing and use by Deutsche Post AG in connection with identification processes depends on the reasons for such processes, i.e., the intended or existing contractual relationship between you as the user and the business partner concerned, and the legal requirements calling for proof of identification, e.g., in accordance with the Geldwäschegesetz (Germany’s money laundering act), the Telekommunikationsgesetz (Germany’s telecommunications act), etc.

At most, Deutsche Post AG will (depending on the situation) collect the following user data when identifying a person with POSTIDENT.

1. ID card data

• Form of address
• Title/academic degree
• Last name
• First name (all first names)
• Name at birth
• Place of birth
• Date of birth
• Nationality
• Street and house number
• Zip code and town/city
• ID information such as type of ID, ID number, place of issue, date of issue, issuing authority, expiration date
• Mobile telephone
• Email address

During the identification process, you may receive an e-mail with a case number that can be used at any time to start the identification process. The user’s e-mail address is needed for this purpose. For some identification methods, a mobile telephone number will be needed to receive a TAN as an additional secure factor for two-factor authentication.

2. Driver’s license information

Users identifying themselves for providers of mobility services such as car sharing or car rental need a valid official driver’s license. During the identification process, Deutsche Post AG will collect the following additional data:

• License number
• Country of issue
• Expiration date
• Date of issue
• License categories (including date of issue, expiration date and any additional information)

3. Verification data

If the business partner requests identification compliant with certain legal requirements (e.g., Geldwäschegesetz (GwG - German money laundering act), Telekommunikationsgesetz (TKG German telecommunications act), eIDAS (electronic IDentification, Authentication and trust Services) Regulation and the like), this includes transmission of the ID information and, depending on the identification method, the verification data. Depending on the method, this can include:

• Photo or screenshot of user
• Photo or scan of ID document
• Photo or scan of driver’s license
• Recording (audio and video) of entire identification process
• Place and date of identification
• Photo or Scan of signature

If the identity check takes place with the specific intention of reaching an agreement with a business partner, the data required for the relevant proof of identity will be transferred to the intended business partner after completion of the identification process.

Service companies and service providers are involved during the identity check and for customer service and IT services.

The rules described below apply for the individual identity check process.

Main steps in the identity check

• Identity check begins when user presents POSTIDENT coupon.
• User’s ID checked with ID reader by post office employee; ID data copied automatically.
• Post office employee checks the data and verifies that the photograph on the ID document matches the user.
• User verifies data and provides sample signature.
• Transfer of data to business partner

Notes regarding recorded and transferred data

Due to legal requirements, your ID document will also be scanned during the identification process at the post office of your choice.

The ID data and the digital copy of the ID document are recorded for transfer to the business partner and for verifying the data. The digital copy of the ID document is only transferred to business partners that are subject to corresponding regulatory requirements such as the Geldwäschegesetz (GwG - German money laundering act), the Telekommunikationsgesetz (TKG - German telecommunications act) or the eIDAS Regulation.

Main steps in the identification process

Notes regarding recorded and transferred data

The recordings are checked in the background using software and machine learning methods. This process uses various security features to verify that the ID documents are genuine, and checks that the photograph on the document matches the video sequence recorded by you. 
Due to official requirements, the following are also produced during POSTIDENT by video chat:

• Photograph or screenshot of user (portrait)
• Photograph or screenshot of ID document
• Complete audio-visual recording of the process

These recorded data and the identification data can be used by Deutsche Post AG for the purpose of monitoring the process, in particular for quality assurance measures taken to ensure compliance with the legal requirements that apply to the process. At the latest, the data will be deleted after expiration of the periods listed in section 7.

Possible processing of biometric data 

Over and above this, the processing of biometric data is possible during the POSTIDENT by video chat procedure in order to better detect fraud attempts such as identity theft. During this procedure the postion data of your face will be compared against your ID document.

Your biometric data will not be stored. Only the results of the processing activity are stored; these contain no biometric data and do not allow any inference as to the identity of the person verified. Furthermore no further processing, e.g. for analysis or profiling purposes, takes place.

Should you wish to avoid the processing of biometric data, you may opt to make use of an alternative procedure such as POSTIDENT by post office or POSTIDENT by eID, if this is offered by your business partner. If no such alternative is currently available, please contact your business partner. 

Main steps in the identification process

• Transfer of user from business partner website to identity check on POSTIDENT portal
• In the portal, the user can choose to use the POSTIDENT by eID via desktop or smartphone
• In the case of identification via desktop, the user will be automatically routed to the AusweisApp website with the software from the German government’s service provider (Governikus) and the AusweisApp will start
• In the case of identification via smartphone, the identification process runs via the Postident app
• By entering the six-digit PIN from their ID, the user agrees to the encrypted transfer of the previously displayed information
• Depending on the business partner, photos of the identification document may also be taken

Notes regarding recorded and transferred data

The ID data and photos of the identification document (depending on the business partner) are only recorded for transfer to the business partner and random quality control by Deutsche Post AG.

Main steps in the identification process

Notes regarding recorded and transferred data

The photos and data from the ID document and/or driver’s license and the brief video portrait of the user are only recorded for transfer to the business partner.

Create recordings of identity documents as well as a short video sequence of the document and the face. Subsequently, the data is transmitted to the POSTIDENT portal for verification.

Successful data transmission

After successful transmission of the data to the POSTIDENT portal, the user can be forwarded to a business partners website.

Document review and data provision

The recordings are checked in the background using software and machine learning methods. This process uses various security features to verify that the ID documents are genuine, and checks that the photograph on the document matches the video sequence recorded by you. In the event of abnormalities and to check the correct functioning of the software, qualified service employees can be used to check individual identification processes. The identification data is automatically transmitted to the business partner after the check.

In accordance with Article 22 (3) GDPR, you have the right to intervene by a person on the part of the controller, to express your own point of view and to contest the decision when using automated decision-making. These rights are to be asserted against the partner, who can, for example, offer you alternative identification procedures.

Explanations of data collected and transmitted

The ID data and verification data (including the digital copy of the ID document) are collected for transfer to the business partner and for validation of the data. The verification data (e.g. the digital copy of the ID document) is only transferred to business partners that are subject to corresponding regulatory requirements (such as the eIDAS regulation). The ID data and verification data may also by processed by Deutsche Post AG for quality assurance purposes. See also: Quality assurance in AutoID.

Processing of biometric data 

As part of AutoID's implementation of the POSTIDENT procedure, biometric data is processed in order to better detect fraud attempts such as identity theft. For example, the position data of the face is compared to the ID document.

Your biometric data will not be stored. Only the results of the processing are stored that do not themselves represent biometric data and do not allow any conclusions to be drawn about the person to be identified. In addition, there is no further processing, e.g. for analyses or profiling.

If you would like to avoid the processing of biometric data, you can alternatively use other methods - if offered by your business partner - such as POSTIDENT via post office or POSTIDENT via online ID function. If these are not offered by your business partner, please contact them.

Quality assurance in the AutoID process

The competent controller within the meaning of the General Data Protection Regulation (GDPR) is Deutsche Post AG.

It may be necessary to collect and use ID data and verification data for the continuous improvement of identification through automated decision-making in the AutoID process. In this case the data is used for the purpose of fraud prevention, for example, and to verify that the machine learning methods and associated software are correct and continuously optimized.

Your data will of course only be kept for as long as it is needed to perform these tasks, after which it will be securely deleted. See retention periods.

Here, too, the backup of strictly confidential data meets the highest standards at all times, and is monitored continuously by our IT security measures.

If, after the identification process, you wish to withdraw your consent to the use of your data for quality assurance purposes in AutoID, please address your withdrawal request to: AutoID.Postident@deutschepost.de

The legal basis for this is Article 6(1)(f) of the GDPR. Identification data is used for quality assurance purposes in order to allow for continuous quality improvement and to avoid decision-making errors in automated processing. The interests of the data subjects are safeguarded through very limited access rights, a storage period of no more than 180 days and a right to object.

Essential steps of the digital signature

Notes regarding recorded and transferred data

The collected data regarding the user are used solely for providing identification, certificate generation and signature services; it is subsequently archived. In accordance with the stipulations of the eIDAS Regulation, the data are kept at DPAG until the cessation of the trust service’s activity. Should DPAG cease the activity, the data will then be transferred to the Bundesnetzagentur (German supervisory authority responsible for eIDAS) for providing evidence in legal proceedings and for ensuring continuity of the service; (see eIDAS article 24 (2) h). The user data compiled and kept for this identification method are described in the POSTIDENT by video chat section.

The POSTIDENT E-Signing service with identity transfer creates the opportunity for the business partner (e.g., a bank) to transfer existing identity data to Deutsche Post with the consent of the private customer as part of a digital signature. An additional identification using POSTIDENT by video chat to legitimize the digital signature can therefore be omitted.

Essential steps of the digital signature with identity transfer

Notes regarding recorded and transferred data

The personal identity data is used exclusively for the purpose of providing the certificate creation and signature service for a digital contract signing by Deutsche Post AG and is then archived. The corresponding data is kept by the trust service (Deutsche Post AG) in accordance with the eIDAS specifications.

The following identity and process data are transferred from business partners to Deutsche Post AG:

• First name(s)
• Surname
• Date of birth
• Place of birth
• Address (street and house number, city, zip code, country)
• E-mail address
• Mobile phone number
• Time of the user's consent to the transmission of the identity data

Main steps in identification process

Notes regarding recorded and transferred data

Recipients ID data will only be used for identity check purpose. Transfer of data to the business partner is limited to the identification result and based on the result either reason of decline or place and date of hand over. The data will be deleted latest after expiration of the periods listed in section 7.

The user can cancel the identification or signature process at any time and withdraw consent for data recording and transfer. To the extent that no identification data have been transferred to the relevant business partner until that time, the recorded data will be deleted (subject to statutory retention periods or other legal requirements).

In case of delivery rejection, non-successful identity check, e.g. due to invalid ID documents, or no pickup at the post office, the mailing will be resend to the business partner.

In case of interruptions in the online identification or signature process during use of POSTIDENT by eID, POSTIDENT by video chat, POSTIDENT by photo, POSTIDENT by AutoID or POSTIDENT E-Signing, the user will receive via e-mail a link for trouble-free resumption of the process. After completion of the POSTIDENT by video chat, POSTIDENT by eID, POSTIDENT by photo or POSTIDENT E-Signing process, this data will be deleted after no more than ninety days. In the case of a signature process in POSTIDENT E-Signing, authentication with a TAN received via text message is required for resumption after online identification for security reasons.

The retention periods are storage periods for DPAG - the storage periods for GK may be longer.

Different storage periods and deletion deadlines apply depending on the progress of the selected identification method.

The identification processes described above provide a maximum level of data security. We offer complete security for your data when using the portal and its services. All pages in the portal are protected with SSL (secure sockets layer) encryption to prevent unauthorized reading or modification of the transferred data.

• Your data are confidential; data transfer via the internet only takes place with encryption.
• Server authenticity is assured; data processing takes place only in audited data centers within the territory of the European Union and in the European Economic Area.
• Your data are protected against tampering; algorithms ensure that data reach our servers complete and unaltered.
  

Due to regulatory requirements and for security reasons, during use of POSTIDENT online the Deutsche Post AG web server stores the IP address, the website from which the user visits the website, the pages visited by the user at Deutsche Post AG, and the date and time of access. The maximum storage duration for this data is ninety days.

By integrating Google Maps, we are able to provide a smoother user experience, and make it easier for you to find the nearest post office and use POSTIDENT by post office.

We use Google Maps from Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to display the maps. The following data are transferred to Google:

• Referrer (address of the page on which Google Maps is being used)
• IP address of the user
• Google account (if the user is registered with Google, the account will be recognized and correctly assigned)
• Browser; browser preferences, size and resolution; browser plugins; date; language setting
• User’s location – only if the user explicitly confirms the “Allow POSTIDENT to use your location?” prompt

The data is processed on the basis of Article 6(1) letter (f) GDPR. Deutsche Post AG has a legitimate interest in displaying the locations as accurately as possible for its customers since many of them make this search request. In the context of location search, the map shows customers the way from their current location to the post office. This service would not be possible without displaying a map.

During location search, only the search address entered by the user is forwarded. The search will not be linked to the user, nor will it be saved.

To Google's privacy policy

As of: July 2024