SecureLogin recognizes the importance of information security and the protection of your privacy. This page also includes our implementation of the General Data Processing Regulation (GDPR). We will ensure that your data is safe.
Processing personal data
SecureLogin processes multiple types of personal data. We need this information to be able to let your account function. We process, amongst others, the following data:
- Phone number
- E-mail address
- Payment information
- Profile picture
- Identity number/claim
Our website and/or service does not have the intention to collect information from visitors under the age of 16, unless there is consent from their parent/legal guardian. However, we cannot fully check if a visitor is older than 16. We encourage parents to be involved in the online activities of their children, in order to prevent data about children from being collected without consent. If you are certain that we collected personal data of a minor without consent, please contact us on firstname.lastname@example.org, thereafter we will delete the data.
Usage and management of personal data
Your data is saved on our protected server. Within your own SecureLogin environment you can see which data is stored, it is also possible to change the data here.
Sharing of personal data
We will not share your personal data to other companies or institutes, unless we are legally required to do so (e.g. in case of a suspected crime) or if it is necessary to able to realise our services. An example of this would be domain registrations. There is a Data Processing Agreement (DPA) in place with all the companies whom process your data on our behalf. This is to ensure the same level of protection and confidentiality of your data.
Right of access, to rectify and erase your personal data
You have the right of access to your personal data, as well as the right to rectify or erase it. You can submit your request for this to email@example.com. You also have the right to get an explanation as to why we process your personal data and for which purpose. Next to that, you can withdraw you consent or object to a specific usage purpose.
To ensure that the request to access has been made by you, we ask you to attach a proof of identity in which you black out your picture and social security number. This is to protect your privacy. SecureLogin will respond to your request as soon as possible, with a maximum of 4 weeks.
SecureLogin’s policy with regards to data breaches is unambiguous. In case of any breach of data, no matter how small the doubt, any SecureLogin employee has to report this breach to his/her immediate manager.
Management will thereafter (externally) investigate the matter and take the necessary steps. In case an employee does not report a data breach within two hours after (s)he found out, management can take proportionate steps against the employee.
The SecureLogin browser extension is available for Mozilla Firefox and Google Chrome and is needed to login automatically to some external applications. This is indicated when starting the application.
The browser extension requires the following permissions:
Because all clients have their own domain at SecureLogin, and we support a growing list of applications, of which some have a client specific domains, the extension requires permissions to perform operations on all domains.
The browser extension will remain inactive until an application is started from SecureLogin. To detect this, all web requests are being monitored. Whenever an application is started that requires the browser extension, a data package with login instructions is sent through a secure connection. When the browser extension detects this, it’s activated and will process the login process locally on your computer. The browser extension needs access to your browser’s tabs and cookies for this. When the login process is complete or 30 seconds have passed, the browser extension deactivates itself and the instructions will be removed from memory.
In some cases the browser extension clears the cookies of the application, to prevent a user from remaining in a previously started session.
When using the browser extension it can connect to SecureLogin to send telemetry. Telemetry contains technical data like a timestamp, the operating system and browser that are being used, screen resolution and other data that indicates whether the login steps were processed successfully. Telemetry does not contain any personal data. The telemetry is sent over a secure connection and stored for a maximum of 30 days. The data can be accessed (read-only) by SecureLogin employees in case investigation is needed if there are issues with starting applications.
To SecureLogin the protection of your data is of the utmost importance. We take appropriate measures to prevent misuse, loss, unauthorised access, unwanted publication and/or unauthorised changes to your data. In case you think your data is inadequately protected or if there are any clues of misuse, please contact us at firstname.lastname@example.org.
Our General Terms and Conditions and processor contract include the exact regulations with regards to the GDPR. You can request a copy of these by sending an e-mail to email@example.com. No rights can be derived from the above summary of our policy. This policy can change from time to time without prior notification.