Veilig en snel

Goedkoopste in de markt

Advies op maat

Security and Privacy

At We-ID, the security of your data is our top priority. As a specialist in eHerkenning and digital identification, we ensure that your personal data is processed with the utmost care and in accordance with the strictest security standards. On this page, you will find information on how we protect your data and how you can contribute to a secure digital environment.

How does We-ID guarantee the security of your data?

We-ID complies with all laws and regulations regarding privacy and data protection. This includes:

ISO27001:2022 certified

We meet the highest standards for information security.

AVG-compliant

Your personal data will only be processed in accordance with the AVG.

Secure Encryption

All data is stored and transmitted using encryption to prevent unauthorized access.

Strict Access Control

Only authorized employees can process your data, and only when absolutely necessary.

Continuous Monitoring

We monitor our systems 24/7 to detect and prevent fraud and misuse.

Do you want to know more about how we process your data? Please read our privacy statement

Read our privacy statement (dutch)

Outsmarting Phishing: How to Stay Secure Online

Phishing emails pose a significant risk to online security. These are fraudulent emails posing as We-ID to deceive you into providing sensitive information.

How to identify a phishing email:

Unusual Sender:

Cybercriminals often use email addresses that closely resemble ours. Our official emails usually end in: @we-id.nl.

Unexpected Attachments or Links:

Hover your mouse over a link without clicking. If it does not lead to we-id.nl, do not click it.

Urgent Language and Threats:

Phrases such as “Your account will be blocked within 24 hours” are often a sign of phishing.

Spelling Errors and Unprofessional Layout:

While some phishing emails look legit, always compare them to previous communications. If you doubt a message, contact us directly.

Unusual Requests:

We-ID will never ask for your password or login credentials via email.

Messages Directly from 'eHerkenning':

You will never receive emails directly from ‘eHerkenning’ itself—only from recognized providers like We-ID. Messages sent on behalf of ‘eHerkenning’ are suspicious.

s

Tip!

Have you received a suspicious email? Report it immediately via Fraudehelpdesk.nl. You can also forward the email to valse-email@eherkenning.nl and delete it from your inbox immediately.

An example of an eHerkenning phisingmail:

Phishing via SMS (smishing)

Watch out for fake messages claiming to be from eHerkenning.

In addition to fake emails, SMS messages (smishing) are also used to impersonate eHerkenning providers.

How to recognize smishing:

  • The SMS comes from an unknown number or a sender ID like ‘eHerkenning’ or a generic provider name.
  • It contains an urgent request for action, such as “verifying your details.”
  • The link leads to an unreliable or strange-looking website.

Received a suspicious SMS?

  • Do not click the link and do not provide any data.
    Do not reply and do not call the mentioned number.
  • When in doubt: Contact We-ID directly through our official contact page.
  • Report the message to your provider or through Fraudehelpdesk.nl.

How long does We-ID retain your data?

We do not store your personal data longer than necessary and maintain strict retention terms in line with the GDPR. After the retention term, your data is securely and permanently deleted. You can find more information in our FAQ about retention terms and in our privacy statement.

eHerkenning-transactions

Retention term:
Statutorily required

Reason:
To allow for retrospective verification and audits (e.g., security investigations).

Account details

Retention term:
Up to 7 years after contract termination

Reason:
For potential fraud investigations and dispute resolution.

Customer Queries

Retention term
Temporary

Reason:
Phone calls are kept for up to 21 days for quality purposes. Biometric data is used only during identification and is not stored. You can find more information in our privacy statement.

Logs & Security Data

Retention term:
Limited

Reason:
To monitor service security and prevent fraud; deleted automatically once no longer needed for analysis.

Why is a Data Processing Agreement (DPA) not required?

We-ID is not a ‘processor’ but an independent Data Controller within the meaning of the GDPR. This means that we determine which personal data is processed and for what purpose, in accordance with the law.

Under the GDPR, a Data Processing Agreement (DPA) is only required if an organization processes data on behalf of another party. Because We-ID has its own statutory responsibility for the processing of identity data, such an agreement does not apply.

Want to know more? Please read our FAQ about the Data Processing Agreement.

Questions about your Privacy? Please reach out to us!

For more detailed information, please consult our Privacy Statement or the rules of the Agreements Framework for Electronic Access Services (Afsprakenstelsel Elektronische Toegangsdiensten). All eHerkenning providers must comply with these regulations.

Do you have any other questions in regards to how We-ID protects your data? Please reach out to us! We’ll gladly explain how we process and protect your data.

Your security is our priority. Together we ensure a trusted digital environment!

Read our privacy statement (dutch)

Security and Privacy at We-ID

How does We-ID protect my data?

We-ID complies with all laws and regulations regarding privacy and data protection. This includes:
ISO 27001:2022 Certified – We meet the highest standards for information security.
Secure Encryption – All data is stored and transmitted using encryption to prevent unauthorized access.
Strict Access Control – Only authorized employees can process your data, and only when absolutely necessary.
Continuous Monitoring – We monitor our systems 24/7 to detect and prevent fraud and misuse.

Which certifications does We-ID have in regards to security?

We-ID is ISO27001:2022 certified, which means that we meet the highest international standards regarding information security. Furthermore, we comply with the AVG.

Does We-ID comply with the AVG?

Yes, We-ID fully complies with the AVG. This means that we:

  • Only process personal data for legitimate purposes.
  • Do not store your data any longer than necessary.
  • Respect your right to privacy, including inspecting and deleting your data.
Which legislative guidelines apply for We-ID during data processing?

We-ID complies with the AVG, ISO27001:2022 norms, and Dutch legislation for digital identification.