Effective December 2020
Bluink’s eID-Me solution allows you to enrol for and receive a digital identity on your smartphone which you can use for online and offline (in-person) transactions. During the enrolment process, identity information is collected from your identity documents (such as passport, driver’s licence, health card, etc.) along with a selfie captured from your smartphone camera, your mobile phone number, and the current location of your smartphone. This information is stored on the eID-Me server for a maximum of 2 hours, at which time it is erased. The information is erased sooner once an identity is issued to your smartphone.
The information that is securely stored on your smartphone once an identity is issued consists of a digital certificate and multiple identity claims (such as name, address, date of birth), which you can assert to third parties during transactions. This information is encrypted and bound to your smartphone’s local authentication (PIN, passcode, or biometric).
The only piece of information Bluink retains is your email address for support purposes.
The collected information during enrolment is used for identity proofing purposes to see if you are eligible to receive a digital identity. Your selfie is compared against portraits supplied on your identity card photos or passport scans to ensure that your face matches the portraits. Your smartphone location is used to ensure that you are at your home address. These identity proofing checks ensure that an imposter is not trying to register as you.
Once an eID-Me digital identity is issued, the information stored on your smartphone allows you to interact with third parties who may need to know attributes about you. For example, an online store may need proof of your age to sell you a restricted good.
You may erase or update the information stored on your smartphone at any time.
Some of the information (name, address, date of birth, mobile phone number) collected during enrolment may be sent to third parties solely to check that the information is consistent with records that may reside in credit bureaus or mobile carriers.
Once an eID-Me identity is issued to your smartphone, you will always be notified of what information is being requested and by whom during a transaction. No information is released unless you approve its release. If you consent to release information, it will be sent to the requesting third party through the eID-Me identity service. Bluink does not store or track any of your information during transactions. A local, encrypted record of your transactions is retained within the eID-Me smartphone app for your convenience, which you can erase or disable at any time. The information that you release to these third parties will be governed by their privacy policies and terms.
Bluink does not have any of your personal information (except for your email address, which is used for support purposes). Once you receive an eID-Me digital identity, your personal information is securely stored on your smartphone using AES 256-bit encryption. Authentication to your smartphone is required to access your personal information in eID-Me.
Any requests from third parties for information about you will be displayed for your approval during a transaction. Only the information that you approve for release will be sent to the requesting third party.
If you have questions or concerns about this Privacy Policy or our handling of your personal information, please contact us at privacy@bluink.ca.