Image

European Privacy Seal for 4F

Recertification: 10/2017

Previous recertification: 08/2014

Initial certification: 08/2011

ValidSoft proved that its IT product VALid-4F facilitates its privacy-compliant use. 4F Self-Certification is a tool that enables individuals to quickly and simply prove over a mobile phone, to either private- or public sector entities, that they are who they claim to be, and that they are fulfilling certain conditions relating to their rough whereabouts.

Product/Version

VALid-4F Self-Certification (Standard Edition) v1.0

Qualification: IT Product

View the VALid-4F Certificate (Recert 201710) 

Cert. No.

EP-P-HYZXD1

Version of Certification Criteria

11/2011 (95/46/EC)

Validity

05/10/2017 - 31/10/2019

First recertification on August 08, 2014

Initial certification on August 31, 2011

Public Report

2017 recertification VALid-4F public report [PDF] Image 

2014 recertification VALid-4F public report [PDF] Image

2011 VALid-4F public report [PDF] Image

Manufacturer/Provider

VALIDSOFT LIMITED
Arthur Cox Building
Earlsfort Terrace
Dublin 2 
Ireland

BEST

All personal data, and in particular all internal and external data disclosures made in the course of using the product, are kept to the absolute minimum, and are anonymised to the furthest extent possible. In addition, the 4F's conditions of use provide for strong legal safeguards that aim at ensuring a privacy-compliant use of the Target of Evaluation (ToE).

ATTENTION:

It is crucial to distinguish clearly between the Target of Evaluation and further components that are closely related to the ToE, but not covered by it as such. In particular, it is important to realise that the ToE (as such) is neither capable of performing biometric verifications nor of carrying out checks of a person's whereabouts.

Summary

4F Self-Certification is a tool that enables individuals to quickly and simply prove over a mobile phone, to either private- or public sector entities, that they are who they claim to be, and that they are fulfilling certain conditions relating to their rough whereabouts. This is referred to as "self-certification".

Details

Recert 201710

The target of evaluation has not changed.

Recert 201408

The target of evaluation has not changed.

Initial Cert 201108

4F allows self-certification in different contexts. The following could be a typical use case:

In one EU Member State, the Government Department responsible for unemployment benefit payments allows claimants of such payments to self-certify by mobile phone that they still fulfil the conditions for the receipt of these payments e.g., staying in-country.

To this end, they are contacted by cell phone and must answer certain questions; the calling entity verifies both the authenticity of the voice of the person answering the call and the "liveliness" of the voice, and whether the phone, and thus the speaker, are in the country.

If the self-certification is successful, the claimant in question does not need to present him- or herself in person at the Department's offices.

4F Self-Certification is capable of processing the different checks as well as of producing an overall result. However, the ToE as such cannot perform biometric checks and checks of a person's whereabouts. Checks on a persons whereabouts are performed by a partner TSP. In respect of the biometric checks, a biometric engine must be linked to the ToE on the occasion of its implementation.

Even though the biometric checks and the checks of the whereabouts are not included in the ToE, they formed part of the legal evaluation to some extent. In particular, it was verified that the conditions of use of 4F Self-Certification provide for adequate legal safeguards e.g., the conditions of use require users of the ToE to collect data subjects' freely given and informed consent.

The evaluation confirmed that the ToE can be implemented in compliance with EU data protection law.

Technical Evaluator

Javier Garcia-Romanillos Henriquez de Luna
Ernst & Young (Spain)
Calle Zurbarán 7, 6B
28010 Madrid
Spain

Legal Evaluator

Prof. Douwe Korff
Wool Street House
Gog Magog Hills
Babraham
Cambridge CB22 3AE
UK

Formerly Certified Versions

N/A

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk. For more information please go to EuroPriSe Terms & Conditions.

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.