Trust Center

We enable over 4,000 organizations across Europe to deliver exceptional business services, with a central focus on earning and maintaining your trust.

Compliance

We run our security program in compliance with a range of well-known industry standards. We appreciate that these attestations matter, as they provide independent assurance to our customers that we are on the right track.


We also perform comprehensive security audits, which is done at least annually.

Outputs arising from these audit and certification programs, coupled with our internal process outputs, such as vulnerability management, are all fed into a continuous improvement cycle which helps us keep sharpening the overall security program.

GDPR Compliance

We invest significant strategic resources in maintaining compliance with the GDPR and we also aim to help our customers comply with the processes and policies outlined. Where applicable, we institute appropriate international data transfer mechanisms by executing Standard Contractual Clauses through our updated Data Processing Agreements.

We are wholly invested in our customers' success and the protection of customer data. One way that we deliver on this promise is by helping Verified’s customers and users understand, and where applicable, comply with the General Data Protection Regulation (GDPR). The GDPR is the most significant change to European data privacy legislation in the last 20 years and went into effect on May 25, 2018.

Verified does not store any of its customers data outside the EU/EEA region. The latest EU court ruling has validated Verified’s management decision to move all data processing activities into the EU/EEA region.

In case a customer has a specific need for international data transfer, we can support this need by executing Standard Contractual Clauses and our updated Data Processing Agreement.

We offer data portability and data management tools including:

Profile deletion tool: We help customers respond to user requests to delete personal information, such as names and email addresses, from a Verified account and we also help end users delete their personal information.

Import and export tools: Customers may access, import, and export their Customer Data using Verified’s tools.

We have ensured Verified staff that access and process Verified customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.

We hold any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.

We have committed to carrying out data impact assessments and consulting with EU regulators where appropriate.

Privacy

We commit to meeting the highest bar for personal data privacy, and support your organization in meeting data privacy obligations around the world. We appreciate our customers’ concerns about privacy – and we understand that these concerns are probably the same concerns we ourselves have when using SaaS-based applications. So, fundamentally, we try to treat your personally identifiable and other sensitive data the same way we would want our service providers to treat our data.

Verified and its subsidiaries comply with the EU GDPR guidelines for the collection, use, and retention of personal information.

Our approach to privacy is laid out in detail in our Privacy Policy.

Privacy Rights Requests

GDPR provides every individual with the right to seek records about themselves that are maintained within a company or organization. In this section we would like to inform you about your privacy rights under GDPR and how you can exercise them with Verified.

What are your privacy rights?

  1. The right to be informed – we inform you about how we process your personal information in our Privacy Policy.
  2. The right of access– this is a right to ask us for a copy of the information that we, as a controller, hold about you, along with certain other information.
  3. The right to data portability – this is a right to ask us to provide you with a copy of your information you have provided in a structured, commonly used, and machine readable form in certain circumstances.
  4. The right to rectification – this is a right to change or correct any personal information that you believe we are holding about you that is inaccurate or incomplete.
  5. The right to erasure (deletion) – this is the right to have your personal information deleted if it is no longer required for the purposes for which it was collected or if other certain conditions apply (commonly called “the right to be forgotten”).
  6. The right to restrict processing – this is a right to request the restriction or suppression of your personal information in limited circumstances. We do not believe that this right will ordinarily apply to our processing of your personal information.
  7. The right to object – this is a right to object to the processing of your personal information in certain limited circumstances, such as when we are relying on ‘legitimate interests’ to process your personal information.
  8. The right to make a complaint to your Data Protection Authority – this is a right to complain to a data protection authority about our use of your Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.

When can you exercise your privacy rights?

GDPR makes the distinction between those who act as ‘controllers’ and those who act as ‘processors’ of personal information. Put simply, a controller is the organization who determines how and why your personal information is to be used for certain purposes. A processor is an organization who acts as a service provider and only processes personal information on behalf of the controller under the controller’s instruction.

This is important to highlight, as for most of our services, our clients are the data controller and we are acting as their data processor.

Under the law, it is up to the controller to make sure you can exercise your rights over your personal information. If you have questions about how your personal information is handled by our clients (the business or organization contacting you through the service), you will need to review their privacy notices and, if necessary, contact them directly.

How can you exercise your privacy rights?

You can exercise your privacy rights by using this form.

Amazon

Description and relevant certification

Hosting of our platform for our operational services storage ISO/IEC 27001:2013, SOCI-III, PCI DSS and more.

Company ID and address

Org no: 516411-0669, Kungsgatan 49, 111 22 Stockholm, Sverige

Processing customers data

Processing customers data

Region

EU

Bronnoysundregistrene

Description and relevant certification

Lookup services

Company ID and address

974 760 673, Brønnøysundregistera, Postboks 900, 8910 Brønnøysund

Processing customers data

Yes

Region

EU

Datadog

Description and relevant certification

Use logdata for Observability, monitoring and security purposes. Read more: https://trust.datadoghq.com/.

Company ID and address

Datadog, Inc. 620 8th Ave 45th Floor, New York, NY 10018 USA https://trust.datadoghq.com/

Processing customers data

Yes

Region

EU

Dun & Bradstreet

Description and relevant certification

Lookup services

Company ID and address

Org no: 556341-5685, Rosenborgsgatan 4-6, Solna, Sweden

Processing customers data

Yes, from Dec 27, 2023

Region

EU

EID Easy OÜ

Description and relevant certification

Signing, authentication

Company ID and address

14080014, Telliskivi tn 60/1, Tallinn, Estonia, 10412

Processing customers data

If customer uses the service

Region

EU

Finansiell ID-Teknik BID AB

Description and relevant certification

Signing, authentication, lookup services with BankID SE

Company ID and address

556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm

Processing customers data

If customer uses the service

Region

EU

Google Ireland Limited

Description and relevant certification

Storage of files that enables the customer to maintain the text and its translations to different languages that are used if the service “smart forms” is used.

Company ID and address

ISO/IEC 27001:2013, SOC 2, CSA STAR and more: https://cloud.google.com/security IEno 6388047V, Gordon House, Barrow Street, Dublin 4

Processing customers data

If customer uses the service

Region

EU if customer select to use the service

IN Groupe Trust Services ApS

Description and relevant certification

Offer eID (MitID in Denmark)

Company ID and address

C/O IN Groupe Denmark A/STeknikerbyen 5, 2.Søllerød2830 Virum‍

Processing customers data

If customer select to use the service

Region

EU

MongoDB Limited

Description and relevant certification

Storage of process data generated and could be used during usage of some of our services as custom flows and AML.

Company ID and address

ISO/IEC 27001:2013, SOC 2, PCI DSS and more: Number One Ballsbridge, Ballsbridge, Dublin 4, Ireland

Processing customers data

Region

EU if customer select to use the service

Nets AS

Description and relevant certification

Signing, authentication, payments, lookup services

SOC 2

Company ID and address

37427497, Klausdalsbrovej 601, DK-2750 Ballerup, Denmark

Processing customers data

If customer select to use the service.

Region

EU

Plisec AB

Description and relevant certification

Lookup services supporting AML and KYC compliance

Company ID and address

559161-4275, Dansbanevägen, 16, 126 31 Hägersten, Sweden

Processing customers data

If customer uses the service

Region

EU

Tagd AB

Description and relevant certification

Operational services for contract management.

Company ID and address

559364-3058
Skogsfrugränd 1, 16762 Bromma, Sweden

Processing customers data

If customer select to use the service.

Region

EU

Trapets AB

Description and relevant certification

Signing, authentication, payments, lookup services

Company ID and address

Org no: 556586-4773, Kungsgatan 56, 111 22 Stockholm, Sweden

Processing customers data

If customer select to use the service

Region

EU

Vipps AS

Description and relevant certification

Signing, authentication, payments, lookup services

Company ID and address

918 713 867, Postboks 9236 Grønland, 0134 Oslo

Processing customers data

If customer uses the service

Region

EU

Zendesk, Inc.

Description and relevant certification

Tool for our customer support services and ticket application. Contains information provided by the customer and support staff about the service. ISO 27001:18, AICPA, SOCII etc. See: https://www.zendesk.com/product/zendesk-security/

Company ID and address

EIN no: 26-4411091, SEC CIK #0001463172, 989 Market St, San Francisco, CA 94103

Processing customers data

If customer uses the service

Region

EU

Basic electronic - Level 2

Character

Quick and easy

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Customer on-boarding
  • Signing when receiving a parcel

Type

Touch ID, Email, SMS OTP

Advanced electronic - Level 3

Character

  • Linked to signer
  • Increased legally binding proof
  • More trustworthy than basic electronic signature

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Loan application
  • Employment contracts
  • Insurance documents
  • Documents from public authorities

Type

SMS OTP, Mail OTP, BankID Sweden, BankID Norway, FTN, MitID

Qualified electronic - Level 4

Character

  • Highest level of security
  • Personal link to signer
  • Digital equivalent of a written signature
  • Legal obligation

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Loan application
  • Employment contracts
  • Insurance documents
  • Documents from public authorities

Type

BankID Norway

Standard

ISO 27001

Sponsor

International Organization for Standardisation

Status

Certified ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.

Standard

BankID

Sponsor

BankID

Status

Verified is a compliant partner and issuer of BankID in Norway and Sweden. Merchants get their certificates issued through Verified. Verified adheres to the current requirements of BankID to keep this status/position. BankID meets the banks’ own high standards for Internet banking security.