Privacy Policy ai-di

1. Data Controller

The person responsible for the processing of the data you provide through the mobile application ai-di is the Asociación Civil para el Desarrollo de Ecosistemas Descentralizados -DECODES-, NGO Bitcoin ArgentinaMarcelo T. de Alvear 405, Buenos Aires Argentina, where you can send any questions regarding data protection either by mail – indicating the reference “Data Protection” – or by e-mail to the following address soporte@aidi.app.

2. Purpose and legal basis for the processing of personal data

  • Mobile application. Personal data will be processed for the purpose of: (i) create an ai-di user account; (ii) to validate their identity through digital means; and (iii) request third parties to issue and verify their digital credentials.

It is important to inform you that through the mobile application ai-di. you can: (i) request a “third party issuer” of digital credentials to validate an attribute of their identity or, (ii) share your digital credentials with third parties. In both cases, you should consult the third party’s privacy policy. The above, in the understanding that DECODES, through the ai-di application, is only responsible for the personal data that help you to self-manage your digital identity.

  • Website. Personal data collected through the website, such as name and surname, cell phone number and e-mail, are processed for the purpose of sending queries or requesting further information about the DIDI project.

For more information, you may consult the following Register of ai-di’s Processing Activities.

Description

Treatment activity

(1) User account creation(2) Digital identity validation(3) Alternative identity validation(4) Issuance of credentials (5) Web site inquiries
Legal basisConsent. Article 5 of the Law 25326.. Consent. Article 5 of the Law 25326Legitimate interest. Article 11 of the
Law 25326
.
Legitimate interest. Article 11 of the
Law 25326
.
Consent. Article 5 of the Law 25326..
Treatment purposes
  • Create a user account in the ai-di mobile application.
  • The user can count on a self-sovereign digital identity mechanism.
  • Access the ai-di application services.
Validate your identity through digital media. Validate your identity through an alternative process. Apply to a “third party issuer” for the issuance of an identity card in your name upon your request.Send inquiries or request more information about the DIDI project.
Group of peoplePerson using the ai-di applicationPerson using the ai-di applicationPerson using the ai-di applicationPerson using the ai-di applicationPerson using the website.
Categories of personal data
  1. Name and surname
  2. E-mail address
  3. Cell phone number
  1. National Identity Card.
  2. Proof of life through face (biometric data).
  1. National identity card number.
  2. First and last name
  3. Cell phone credential.
  4. E-mail credential.
  1. User’s identity card in ai-di (DID).
  1. Name and surname
  2. Cell phone number
  3. E-mail address
Category of people targeted

(Data communication)

No communication of personal data is foreseen
  • VU Security
No communication of personal data is foreseenThird-party issuers of identity credentials integrated into the ai-di application, when requested by you.No communication of personal data is foreseen
International transferMicrosoft by cloud storage services (AZURE), which complies with adequate guarantees of personal data protection (
link
)
International data transfers are not foreseenInternational data transfers are not foreseenMicrosoft by cloud storage services (AZURE), which complies with adequate guarantees of personal data protection (
link
)
International data transfers are not foreseen
Time limit for deletionThey will be kept for the time necessary to fulfill the purposes of the processing of personal data.They will be kept for the time necessary to fulfill the purposes of the processing of personal data.They will be kept for the time necessary to fulfill the purposes of the processing of personal data.They will be kept for the time necessary to fulfill the purposes of the processing of personal data.They will be kept for the time necessary to fulfill the purposes of the processing of personal data.
Safety measures
  • Database encryption.
  • Encrypted communication with SSL certificates.
VU SecurityVU Security: There is a service agreement between DECODES and VU Security, where the information is encrypted through an omnichannel system, as described in the
privacy policy of VU Security
.
  • Database encryption.
  • Encrypted communication with SSL certificates.
  • We have safeguards in place to protect your personal data, which are described in Microsoft’s privacy policy for the services of
    AZURE
    services, as well as the particular considerations of
    Microsoft and Argentine law
    .
  • Information backup.
  • Access controls for both DECODES and third party issuers.
  • Privacy and security standards of the
    W3C standard on decentralized identifiers (DIDs).
    ).
  • Database encryption.
  • Encrypted communication with SSL certificates.

 

3. Legitimation

The processing of your data will only be carried out if we have your consent, which will be understood as given by a clearly affirmative action through the ai-di mobile application.

On the other hand, DECODES may process your data based on a legitimate interest to provide you with a better service, in relation to the following aspects:

  • Analyze errors in the ai-di mobile application.
  • Analyze the functionality and/or improvement of the ai-di mobile application.
  • Analyze the number of visits, downloads, as well as the activity of visitors and their frequency of use. For these purposes, DECODES uses the statistical information produced by the Internet service provider.
  • Use of own or third party session cookies to fulfill a technical purpose, that is, those that allow people to use the ai-di mobile application, as well as the use of different options and services that exist in it. No cookies are used to collect user information nor are IP access addresses recorded.
  • Alternative validation of your identity in order to prevent fraud and identity theft.
  • Request the issuance of digital identity credentials by third parties.

4. Conservation

The personal data provided will be kept for the time necessary to fulfill the purpose for which they are collected and to determine the possible responsibilities that may arise from the purpose.

5. Data communication

Through the ai-di mobile application we communicate your personal data to third parties for processing activities, which can be consulted in the Register of Processing Activities (See point 2 of this Policy).

In addition to the above, DECODES may communicate your personal data to third parties either by a legal obligation or a requirement of a competent authority.

6. International Transfers

DECODES stores the data required for the registration of your account in the ai-di application through the cloud services provided by Microsoft. We have safeguards in place to protect your personal data which are described in Microsoft’s privacy policy for the following services
AZURE
as well as the particular considerations of
Microsoft and Argentine law
.

7. Security

All your activity on the ai-di application is encrypted through a secure and modern encryption suite, which means that the data exchanged between you and the ai-di application and anyone you choose to share your data with is safe.

In addition, we limit access to your personal data to those employees and other third parties who have a strict need to know. They will only process your personal data in accordance with your instructions and are bound by a duty of confidentiality.

Your personal data is stored on our servers in an encrypted state, so that only you or anyone to whom you specifically consent to provide access can decrypt your personal data.

Apart from your photograph and proof of life to prove your identity, your personal information is encrypted only in your ai-di digital wallet for reference through encrypted messages stored on our servers to ensure that we can detect tampering and protect you against identity fraud. This allows us to generate an environment of trust among ai-di users with security and privacy measures in the treatment of their personal data.

8. Exercising your rights in relation to your personal data

In relation to your personal data we inform you that you can exercise your rights of access, rectification, updating, deletion, limitation of processing and oppose the processing of your data. The exercise of these rights, together with the request for withdrawal of consent, may be made at any time by sending your request to the following e-mail address
soporte@aidi.app
from the mobile application.

8.1. Right to information

The right to information implies, in particular, that you may request confirmation from DECODES as to whether your personal data is being processed. If this is the case, you should obtain information about such personal data.

8.2. Right of rectification

  • From the ai-di application you have the control to rectify and update your personal data on cell phone number, email and profile picture.
  • In case of your name you will have the right to request the rectification to DECODES.
  • In case of personal data derived from the issuance of a digital credential, you must request its rectification before the issuing third party, when it is an error from its origin, so you should consult its privacy policy.

8.3. Right to suppression (“right to be forgotten”)

  • You may request DECODES to delete the personal data linked to your account registration in the ai-di mobile application, which are: name and surname, email, cell phone number and, if applicable, profile picture.
  • Personal data related to your identity credentials, you must request the rectification before the third party issuer.
  • When you share credentials about your identity with third parties either by QR code or URL link, such links will be valid for a certain period of time. In this case we are obliged to remove the validity of the links you share as a security measure to your personal data, for which we will adopt appropriate measures taking into account the technology available and the cost of implementation.

Exceptionally, the right to erasure (“right to be forgotten”) shall not apply whenever such processing is necessary for legally established reasons, such as, for example, when data processing is required to comply with a legal obligation or to assert, exercise or defend legal claims.

8.4. Right to limitation of processing

The right to restriction of processing means that you retain the right to request DECODES to restrict data processing where for example: you have contested the accuracy of the personal data; the processing is unlawful and you object to the erasure of the personal data; or your data is no longer needed for the purposes of the processing, but you need it for the formulation, exercise or defense of claims.

8.5. Right to data portability

The right to data portability means that you must obtain your personal data that you have provided to DECODES in a structured, commonly used and machine-readable format, and you retain the right to transmit such data to another controller without restriction, provided that the processing is based on consent or a contract, and that the processing is carried out in an automated manner.

You also retain the fundamental right to have your personal data transferred directly from us to a different controller where technically feasible.

8.6. Right of opposition

We will inform you of your right to object at the latest at the time of the first communication. The right of opposition applies in the following cases:

  • Right to object for reasons related to your particular situation. You retain the right to object at any time to the processing of your data being carried out in your public interest for reasons relating to your particular situation.
  • In the event of an objection on grounds relating to an exceptional situation, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8.7. Right to withdraw consent

Where processing is based on consent, you have the right to withdraw such consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent given prior to withdrawal. You will be informed of the right to withdraw consent prior to giving consent.

9. Automated decisions

We do not process personal data to make automated decisions.

10. Filing a complaint with the supervisory authority

THE AGENCY OF ACCESS TO PUBLIC INFORMATION, in its capacity as Control Agency of Law No. 25,326, has the power to hear complaints and claims filed by those whose rights are affected by non-compliance with the regulations in force regarding personal data protection.

You can file a
digital means of filing a claim
before the Dirección Nacional de Protección de Datos Personales, or in person or by mail to the address Av. Pte. Julio A. Roca 710, 2nd floor, Autonomous City of Buenos Aires, postal code C1067ABP, from 9:30 a.m. to 5:30 p.m.

11. Applicable regulations

Our activity is governed by the
Law 25.326 on the Protection of Personal Data in Argentina.
.

However, we also follow best practices in the field of personal data protection derived from the
European Union’s General Personal Data Protection Regulation.
. The foregoing, since by means of the
Decision number 2003/490/EC, issued by the European Commission on June 30, 2003.
Argentina has an adequate level of protection for personal data transferred from the European Community.

12. Last update

Last updated on July 26, 2022.