This Privacy Statement explains how Authentitas AB (“we”, “us”, “our”) collects, uses, stores, and protects your personal data in compliance with the General Data Protection Regulation (GDPR). This statement applies to our mobile and web applications that process government-issued identity documents (such as passports) to create blockchain-protected QR codes (“Digital Seal”) for embedding in posts, articles, images, videos, legal documents, and other media.

1. Data Controller

Authentitas is the data controller responsible for the processing of your personal data. If you have any questions regarding this Privacy Statement or our data practices, please contact us at:

Data Protection Officer:
David Ratcliff, CEO
Email: info@authentitas.com
Address: Sjöviksvägen 34, Stockholm 11759

2. Information We Collect

To provide our service, we may collect and process the following categories of personal data:

• Identity Verification Data:
  • Scanned images or digital copies of government-issued identity documents.
• Personal Identification Information:
  • Full name, date of birth, nationality, and other details contained in the identity document.
• Usage Data:
  • Metadata regarding your interactions with our app, including device information, IP address, and usage logs.
• Blockchain-Related Data:
  • Data necessary to create and store your Digital Seal on the blockchain, ensuring its authenticity and integrity.

3. Legal Basis for Processing

We process your personal data only when we have a lawful basis under Article 6 of the GDPR. The legal bases for our processing include:

• Consent:
  • By using our service and providing your identity document, you expressly consent to the processing of your personal data for identity verification and the creation of your Digital Seal.
• Contractual Necessity:
  • The processing is necessary for the performance of the contract between you and Authentitas (i.e., to generate and embed your blockchain-protected QR code).
• Legal Obligations:
  • In certain circumstances, we may process your data to comply with applicable laws and regulations.
• Legitimate Interests:
  • We may process data where it is necessary for the security, integrity, and verification of digital content shared publicly, provided your rights and freedoms are not overridden.

4. How We Use Your Data

Your personal data is processed for the following purposes:

• Identity Verification:
  • To verify your identity using the government-issued document provided.

• Digital Seal Creation:
  • To generate a blockchain-protected QR code (Digital Seal) that attests to the authenticity of your identity.

• Integration with External Platforms:
  • To allow you to embed your Digital Seal in social media posts, news articles, blogs, websites, and legal documents.

• Security and Fraud Prevention:
  • To ensure the integrity of our system and prevent unauthorized access or fraudulent activities.

• Compliance and Auditing:
  • To maintain records for compliance with applicable legal and regulatory requirements.

5. Data Sharing and Transfers

• Third Parties:
  • We do not sell or rent your personal data to third parties. However, we may share your data with trusted service providers who assist us in operating our platform, subject to strict confidentiality agreements.
• Blockchain Storage:
  • Your Digital Seal is stored on a blockchain network. The immutable nature of blockchain means that once the QR code is recorded, it cannot be altered. However, only non-reversible data (e.g., cryptographic hashes) are stored on-chain to ensure your sensitive personal data is not directly exposed.
• International Transfers:
  • If your data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Statement or as required by law. Specific retention periods will be determined based on the type of data and legal obligations, after which your data will be securely deleted or anonymized.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Access:
  • The right to request access to your personal data and obtain a copy.
• Rectification:
  • The right to have inaccurate or incomplete data corrected.
• Erasure (“Right to be Forgotten”):
  • The right to request the deletion of your personal data, subject to legal and contractual restrictions.
• Restriction of Processing:
  • The right to request the restriction of processing of your data in certain circumstances.
• Data Portability:
  • The right to receive your data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Objection:
  • The right to object to processing based on legitimate interests or direct marketing.
• Withdraw Consent:
  • The right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided above.

8. Security Measures

We implement robust technical and organizational measures to safeguard your personal data against unauthorized access, loss, or disclosure. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

9. Updates to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices, technologies, or legal obligations. We will notify you of any significant changes by posting the updated statement on our website and, where appropriate, by other communication channels. We encourage you to review this statement periodically.

10. Contact Us

If you have any questions or concerns about this Privacy Statement or our data practices, please contact us at:

Email: info@authentitas.com
Address: Sjöviksvägen 34
Phone: +44 7512 792952

By using our app and providing your personal data, you acknowledge that you have read and understood this Privacy Statement and consent to our data processing practices as described herein.