FAQ

ID Wallet FAQ

How can I be sure that Identyum will not read/use/resell/etc. my personal data?
Your identity data is yours only. It is stored in an encrypted format, encrypted by your PIN and further protected with your second factor (i.e. one-time SMS password). Since no one knows your PIN nor the second factor (SMS OTP), you have to provide your PIN and the second factor every time you want to allow someone to access your identity data (for Identyum to be able to decrypt and send the requested data). This in essence means that not even Identyum can access your personal data without your explicit consent. And besides – protecting your personal data and putting it back exclusively under your control is Identyum’s core mission and key feature.
What if I forget the PIN for my Identyum ID Wallet?

As a critical element in the secure storage and protection of identity and personal data, the Identyum ID Wallet PIN is known only to you. If you forget your PIN, you must repeat the entire identification process, which includes setting a new PIN.

At any moment when PIN authentication is required, you will always have the option to enter the PIN and the option ‘I forgot my PIN,’ which will lead you into the process of identification and setting a new PIN. This procedure ensures that your identity and personal data remain secure and that access and data management remain under your control.

Sign FAQ

What are the requirements for electronically signing a document using Identyum Sign?

To electronically sign a document, you must first have a digital signature certificate, an electronic confirmation issued by a certificate issuance service provider that links electronic signature verification data with a person and confirms that person’s identity.

The second thing is to have an application or technological solution to enable the implementation of document signatures – Identyum Sign.

The person that I've sent the PDF to has digitally signed it. Is this PDF legally binding? Is the digital signature valid in court?
As a minimum, to be able to digitally sign a PDF, the other person is required to use an advanced digital signature (which he/she gets through Identyum platform, once his/her identity is verified). In the EU, advanced digital signature is legally protected by eIDAS Directive and is valid throughout any EU court. Non-EU countries mostly have very similar national regulations.
Is the electronic signature made through the Sign service legally valid?

All electronic signatures are fully legally valid if they comply with the eIDAS regulation and national regulations.

Electronic signatures made through the Sign service (Identyum SES, AdES, or/ FINA AdES) are entirely in accordance with the eIDAS regulation and national regulations. They are thus valid in every court within the European Union.

Electronic signatures (Identyum AdES or/and FINA AdES) created through the Identyum Sign service are firmly linked to the identity of the signatory, which gives the signature a higher level of credibility, especially in case of possible court proceedings and the need to prove the signature.

What does SES, AES and QES mean?

A simple electronic signature (SES) is any digital signature that expresses consent to the content of the document being signed. For example, it can be a simple click on a button in the menu, selecting a certain box, or copying a scanned PDF signature on a digital document. Simple electronic signatures are not regulated in detail by the eIDAS Regulation.

People can not use such signatures for public and state online services as they cannot prove the signatory’s identity unequivocally. The security of such signatures is at the level of registration using e-mail and setting a password.

An advanced electronic signature (AES) must be undoubtedly related to the signatory, must enable identification of the signatory, and be created using data that are under the sole control of the signer, must be linked to the signing data in a way that any subsequent modification of the data can be detected.

Advanced electronic signatures can be safely used to sign online contracts, letters, e-mails, or other digital documents and, as such, are valid in court as evidence that a certain person signed a certain document.

A qualified electronic signature (QES) is legally equivalent to a handwritten signature, which means that, from a legal point of view, a document containing QES will be as legally authentic as a handwritten document. Qualified electronic signatures are used in the Republic of Croatia today, for example, to sign all types of submissions that lawyers send to courts via the e-communication system.

 

 

Is it possible to forge an electronic signature?

It is nearly impossible to forge an electronic signature. With a wet signature (handwritten signature with a pen), it’s easy for someone to imitate the signature of the actual person or alter the document to facilitate forgery.

On the other hand, an electronic signature can be verified. When signing digitally, the software scans the document and creates a unique formula, a ‘hash,’ representing the signature. When the recipient verifies the document, a similar process occurs. Digital signatures are also time-stamped and protected from unauthorized alterations, ensuring that electronically signed documents cannot be changed after the process is completed.

Can I electronically sign a Word document?

The electronic signature supports files in PDF format, which is also the standard format for digitally exchanging documents. If you have a Word document/file, you can always save it in PDF format and electronically sign it.

Can one person sign a document by hand and the other electronically?

An electronically signed document must remain stored in electronic form to prove the signature’s authenticity. Printing such a document does not verify the signature’s authenticity and is considered only a graphical representation of the signed document. Therefore, all signing parties must be willing and have the intention to sign the document electronically for it to be considered authentically signed.

What happens if I print an electronically signed PDF document?

Just as a handwritten signature on paper loses its legal evidentiary value when scanned, an electronically signed PDF document, once printed, becomes just an ordinary paper without a signature. The whole point of an electronically signed PDF document is that the signature can be verified in the digital world.

An electronic signature is not a mark, image, or text appearing on the document but an invisible addition. Once an electronically signed document is printed, it can no longer be verified, and the signature cannot be confirmed due to the lack of proof of the signer’s identity. Therefore, electronically signed documents are intended for digital, not physical storage.

 Identify FAQ

What are the prerequisites to be able to identify another person?

The user sending an identification request should have a device (Android or iOS smartphone or Windows/Linux/Mac computer/laptop) with an internet connection and internet browser.

The user that is receiving the identification request should have a device with an internet browser (Android or iOS smartphone or Windows/Linux/Mac computer/laptop) that allows the use of a camera, active, stable, and high throughput Internet connection, active SMS transmission service, correct, available, and clean HD or better front camera, personal ID card (or other national public identification document).

How can I choose which personal data to share?

Whenever someone wants to access your personal data (or you want to give access to some of your personal data), Identyum will provide you with a simple and intuitive interface, allowing you to choose precisely which data you are willing to share. For example, you can share (or not share) your first name, last name, address, nationality, age, date of birth, if you are 18+, etc. In any combination you choose. It is truly and only up to you.

How can I be sure that the person (that I've sent the identity verification link to) didn't fake his/her identity during the verification process?
To be able to verify his/her identity to you, the other person initially has to go through Identyum’s identity verification process. This process is very strict and it requires this person to show an authentic national identification document and confirm through a video his/her identity. Or, it can alternatively use his/her bank credentials or his/her national electronic ID scheme credentials. Either way, you will always get feedback from Identyum about the trustworthiness of the other person’s identity profile. Nevertheless, keep in mind that nothing in life can be 100% guaranteed – professional and well-funded criminals can in some cases even acquire “legitimate” (well-forged) national ID cards or passports, usually through networks of corrupted administrative workers. However, this is very, very rare and therefore highly unlikely in everyday life.
Does the person (that I've sent the identity verification link to) know that it’s me who requested identification? Does this person see my identity?
It is entirely up to you. Before you send the identity verification request to the other person, you can choose which (if any) of your identity details the other person will be able to see. More importantly, if you choose so, the other person will be able to see your identity details only after he/she successfully verified his/her identity – so you don’t have to worry about someone tricking you into giving away your identity details, without the other person doing it too. If you don’t want to share anything at all about you, that’s fine. Or maybe just your first name – that’s fine too. It really depends on a specific situation, however – do keep in mind that if you ask a legitimate person to verify his/her identity, without you wanting to share any data about your identity whatsoever, maybe the other person will refuse because of lack of trust.
How can I be sure that my data won’t be stolen by the other person that I’ve sent my identity data?
First and foremost (and if you choose so) – the other person will not be able to read any of your identity data unless he/she previously successfully confirms his/her identity to you. However, once you allow the other person to read your identity data, it is really in all honesty up to the other person what he/she will do with it. This is a fact that is simply beyond any possibility of control, with or without technology. It’s the same as in real life – once you tell someone your name, you cannot make him/her “forget” it. However, what you can do via Identyum is to ask him/her not to disseminate your identity data further, and you can even request him/her to delete all traces of your data on their IT systems.
Is Identify service in line with GDPR Regulation?

The Identify service complies with GDPR by ensuring informed consent. Users are clearly informed about who requests their data, the purpose of the request, and which personal data are involved. Users explicitly agree to share their data, stored securely in their Identyum ID Wallet, by clicking “Identify.” Data retrieval only happens if these conditions are met, ensuring GDPR compliance.