Schedule a demo

Privacy Policy

This Privacy Statement is relevant for visitors of our website and (future) users of Ubiqu and Ubiqu’s apps and services. We highly value your ease and convenience while making use of our services and in order to provide optimal security, we handle your personal data with utmost care, integrity and transparency.

With this Privacy Statement we would like to inform you about which data we collect, how we collect your data (directly or indirectly), why we collect your data (for which purposes), on the basis of which principles (lawfulness) and how we further handle your data.

Who are we? 

Ubiqu Access B.V. (hereinafter “Ubiqu”, “we”, “our”, “us”), an Security Services Provider. We are located at Kerstant van den Bergelaan 13b, 3054 EM in Rotterdam, the Netherlands, and registered in the Chamber of Commerce (Kamer van Koophandel), registration number 24485739. Ubiqu and Strongpin also are the brand names and trademarks under which we deliver the services to you as a user.

This Privacy Policy applies to and covers the processing of Personal Data which may be collected by Ubiqu when you visit and/or interact with our website https://www.ubiqu.com/ (hereinafter – the “Website”); contact us via email or phone or in other cases as described below where we act as the controller of your Personal Data.

Which service do we offer:

We offer the following services (called Ubiqu, Ubiqu services):

  • Website
  • Authenticate app (app for Android and iOS)
  • Access app (app for Android and iOS)
  • Vault app (app for Android and iOS)
  • Access management console (website)
  • Vault management console (website)
  • Vault extensions (extension for Microsoft Edge, Mozilla Firefox and Google Chrome)
  • API’s for third party processing: we offer API’s, that third parties access, this third party is always covered by a contractual arrangement between you and the third party processor, while the front-end website and app usage is part of this agreement.
  • In the case of Strongpin, Ubiqu itself acts as the third party and is governed by this agreement.
Which personal data do we process?

We process the following personal data in order to offer our products and services:

  • Technical details: IP address, login details, language settings and operating system of the used device.
  • Personal identification information details: Name, email address, phone number.
  • Identity verification details: data read from NFC chip and photo of Identity document.
  • User details: details entered by the user in fields of an application, such as username,  setting, preferences and other such  data.
  • Encrypted data: data entered or acquired by the user, which is encrypted and available to authorized users, under consent and control of the owner of the data.
How and for what purpose do we use your data?

1. Visitor data on our website(s)

General visitor data are used to show, maintain and improve the website as well as possible. We analyse how many visitors our website receives, which web pages are visited and where the visitors come from.

2. Contact with Ubiqu

Ubiqu collect the following data:

  • Personal identification information details

To ensure the best service, we use your Personal identification information details to communicate with you. If you are a registered client at ubiqu and you need support with the use of a service, then we might ask you for additional user and identity details to communicate with you.

3. Usage of Ubiqu

When using any Ubiqu service, ubiqu collects the following data:

  • Technical details
  • User details

We use this data to provide the services, properly protect our organisation and to guarantee user-friendliness. We do this with i.e. tests, handling incidents, problem solving, technical support and reporting.

4. Secrets sharing at Ubiqu

We collect the following data:

  • Technical details
  • User details
  • Encrypted data

We use technical details to maintain and optimize the delivery of our service

5. Mobile application use

We collect the IP address to make statistical analyses about the use of the Ubiqu apps and use Firebase and Apple Push Notification service(APNS) for notification. Ubiqu has concluded a data processing agreement with Apple and Google and does not use other statistical analysis services for application use in combination with Apple and Google except crash analytics. We are able to send a service message or notification to your app to communicate with you.

We collect behavioural data, e.g. how you use the app and enter your PIN or biometric when you use the app in order to provide a better and more secure service.

6. Identity verification use

We collect the following data:

  • Technical details
  • Identity verification details
  • Encrypted data

In order to verify your identity we read-out the NFC of your passport and take a photo of your ID card. We then use biometrics to match your physical presence to the photo retrieved from the NFC data and send the proof of this verification to the third party organization for which you are performing this identity verification.

7. Physical access control use

We collect the following data:

  • Technical details
  • User details

8. Biometric use in mobile applications

Biometric use is optional and activated by yourself. By default, Biometrics is opt-out by not having biometric activated or deactivating biometrics.  Activating biometrics results in opt-in by the act of activating biometrics.

9. Signing and signing pre-processing use

We collect the following data:

  • Technical details
  • We retrieve your certificate from your certificate issuer for embedding in the signed document.
  • We process the data provided to perform the signing process (i.e., hash for signature or pdf of signing pre-processing)

10. Credential issuance use

We collect the following data:

  • Technical details
  • We process any provided data by the user, with consent managed from the supply party and seal that data in a verifiable credential (such as an X509 certificate) and optionally verify at available and relevant registries if the data provided is valid and/or not revoked.

10. Verification use

We collect the following data:

  • Technical details
  • We process any provided data by the user and verify the data itself or at available and relevant registries if the data provided is valid and/or not revoked.

10. Authentication use

We collect the following data:

  • Technical details
  • We process any provided data by the user, with consent managed from the supply party and verify at available and relevant registries if the data provided is valid and/or not revoked.
Lawfulness of processing

Organisations are only allowed to process personal data if they have a basis for doing so. The General Data Protection Regulation (GDPR) lists six possible lawful bases. We use three of these bases for our various processing operations:

  • Permission: to lawfully secure your identity and to get in touch with you at your request.
  • Contractual agreement: when you, as a customer, purchase our products and/or services or would like to do so, and we must process your personal data to be able to do so. We also use this basis to provide you with the necessary information concerning using Ubiqu.
  • Legal obligation: if we receive a legitimate claim to provide data to a competent authority. We are also legally obliged to keep personal data in our financial records in accordance with tax legislation.
  • Legitimate Interests: we use this basis for processing the identification and carrying out the identification procedure; we use this basis for processing of behavioural data to prevent fraud and to perform scientific research in order to improve fraud prevention.
Storage period of the data

We do not store your personal data for longer than strictly necessary for the purpose for which we obtained it. We base this assessment on the type of personal data, the product or service for which we have obtained the data, and what you, as the data subject, can reasonably expect as a retention period.

For the personal data that are processed to lawfully determine and confirm your identification, we use a retention period of maximum ten years: we store your personal data for as long as your certificate (obtained by your third party processor) is valid, maximum three years, and on top of that seven more years based on legislation after the expiration date of the certificate.

Data security

We do everything to offer optimal data security and to secure your personal data against loss and illegitimate usage. All employees of Ubiqu who have knowledge of personal data in the context of their duties are obliged to maintain confidentiality. Your personal data will only be shared with third parties in case of necessity with regard to above mentioned purposes. Ubiqu has been evaluated by an independent auditor for compliance of eIDAS regulation and is following ISO27001 for its services. ISO27001 is the standard for information security.

Who will we share your data with?

We might disclose Personal Data to third parties only in cases where we are legally authorized to do so. Your information is not exchanged or traded with any external parties, and we refrain from sharing your Personal Data with any third parties, except as explicitly specified herein:

Third-party service providers – when we use the services of third-party service providers that help us provide our services, run and manage our systems (e.g., storage services, customer relations management systems, cloud data services, etc). Personal Data may be submitted to, stored or accessed by such third party services providers exclusively to the extent necessary to provide us with the relevant services;​

When required by law – we will disclose Personal Data if such disclosure is required by law or necessary to comply with judicial proceedings, a court order or legal process;

With your consent – we can share your data with third parties when you have given us your consent to do so.

Recipients of your personal data

The following persons and/or authorities possibly have access to your personal data:

1.           Employees of Ubiqu that are assigned to or managing responsibilities related to the processing of personal data or the people that are involved in doing so;

2.           (Sub)Processors that are involved by Ubiqu in order to execute specific tasks with regard to her provision of services subject to the limitation in our data sharing clause;

3.           Governmental bodies, such as police and justice, for as far as necessary to comply with applicable norms and legislation.

Where is your data processed?

Your data may be processed in the EU. Nevertheless, your data will always be safe and under GDPR protection, despite where it is processed.

‍In cases where your Personal Data is transferred outside the European Economic Area, we will deploy suitable legal mechanisms to safeguard the transfer. If the regulations in force require it, we will seek your explicit written consent for the international transfer of your personal data according to the provisions of this Privacy Policy.

Cookies/State

Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites or use our apps, we may collect information from you automatically through cookies or similar technology.

Ubiqu uses cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in
  • Understanding how you use our website or apps

There are a number of different types of cookies, however, our website uses:

  • Functional cookies: these cookies collect data to remember choices users make to improve and give a more personalised experience.
  • Analytics cookies: these cookies help us to understand how visitors interact with our website, discover errors and provide a better overall analytics.

How to manage cookies? You can set your browser not to accept cookies. You can clear cookies from your web browser or use the mobile phone functionality to clear data from an app.

Cookies are stored on the user’s device and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser.

‍Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files stored on your computer to enable analysis of website usage by a user. The information about visitor’s website usage generated by the cookie (including your IP address) will be transferred to a Google server in the U.S. and stored there. Google uses this information to evaluate visitor’s use of the website, to prepare reports on website activity and to provide other services associated with website activity and internet usage to website operators.

‍Note that the external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Your rights

Based on the General Data Protection Regulation, you are entitled to the following rights:

‍I●            The right to be informed

●            The right of access

●            The right of rectification

●            The right to erasure

●            The right to restrict processing

●            The right to data portability

●            The right to object

In case you would like to know which of your personal data We process and for which purposes, or in case you would like to invoke one of the above mentioned rights, please get in touch with us via contact@ubiqu.com. We will inform you as soon as possible about your request.

Questions

In case of any questions related to the way we handle your privacy or in case you would like to invoke one or more of your rights as mentioned above, please get in touch with us via email contact@ubiqu.com, via post “Molengraaffsingel 12-14, 2629 JD, Delft, the Netherlands” or via phone: +31 880 220 440.

Revisions

We are entitled to revise our Privacy Statement at any given moment. We will announce this revision via our website. In case we want to radically change the underlying principles, we will actively reach out to you.

Dutch Data Protection Authority

We would like to support you in case you have a complaint regarding the processing of your personal data. Based on privacy legislation, you can file a complaint with the Dutch Data Protection Authority about the processing of your personal data. This is possible via the website of the Dutch Data Protection Authority: https://autoriteitpersoonsgegevens.nl/en.