pilotWallet privacy statement

1. Introduction

In this privacy statement, the Federal Office of Information Technology, Systems and Telecommunication (FOITT) explains to what extent, for what purpose and under what conditions it processes personal data with regard to the use of the application for the storage and presentation of digital credentials from the federal trust infrastructure (hereinafter "pilotWallet"). In addition to this privacy statement, the terms of use and privacy statements of the respective issuers of digital credentials must also be observed, as users' personal data contained in the credentials stored in pilotWallet will be processed by the issuers and verifiers.

The processing of personal data by the Federal Administration is governed by Swiss data protection law. It applies to data processing in connection with pilotWallet and the operation of associated information systems for issuing and verifying digital credentials from the federal trust infrastructure. Data processing by the FOITT is based on the draft Federal Act on Electronic Identity Credentials (e-ID Act).

2. Responsibility

The data processing described here is under the responsibility of the

Federal Office of Information Technology, Systems and Telecommunication FOITT
3003 Bern
Switzerland
T +41 58 463 25 11
info@bit.admin.ch

3. Data processing

pilotWallet is used for the secure electronic transmission and storage of trust infrastructure digital credentials in accordance with Article 7 of the e-ID Act, so that they can be presented if required. The installation and use of this app are voluntary.

The following personal data is processed when pilotWallet is used:

• IP address

3.1 Specifically, pilotWallet provides for the following processing operations:

3.1.1. Receipt of a digital credential

People who have applied for and received a digital credential can save it on their mobile phone in pilotWallet. New digital credentials from the federal trust infrastructure can be received via the integrated QR code scanner (or via a URL that opens pilotWallet). The following system data is transmitted when a connection to these servers is established: (IP address, operating system version, app version).

3.1.2. Verification of a digital credential using pilotWallet

In line with the principle of data minimisation, the procedure is as follows: pilotWallet locally checks the validity of the digital credentials stored in it by comparing index data from the corresponding backend system over an encrypted connection.

3.1.3. Presentation of credentials (verification)

As digital credentials from the federal trust infrastructure may contain particularly sensitive personal data, the pilotWallet software has been programmed in such a way that content cannot be passed on to the verifier without the user's consent. If, in response to a request for information, the user decides to release personal data contained in previously received/stored credentials, it is transmitted to the verifier.

3.1.4. Version check

When the application is used on the local end device, the user may be prompted to use or download the latest version. For this purpose, a request is sent to the FOITT servers each time the application is launched, which returns the current app version.

3.1.5. Logging

The FOITT needs access to crash logs to be able to check how pilotWallet is working and to fix errors. These contain data on the user's operating system version, app version, device type and anonymised IP address. Crash logs are transmitted directly to FOITT systems only with the user's consent.

3.2. Protective measures

Appropriate measures are taken to protect digital credentials against unauthorised access by third parties. Consequently, the use of pilotWallet, which also includes simply displaying digital credential information, is dependent on authentication. All types of authentication available on the mobile phone in question (PIN, pattern, password, biometric authentication, etc.) can be used for this purpose.

4. Purposes

The sole purpose of pilotWallet and the data processing associated with it is to enable users to:

• receive and store verifiable credentials digitally;
• present verifiable credentials when a request for information is made;
• check the validity of credentials.

5. Data transfer

The provision of reports from information systems or their retrieval by pilotWallet takes place via Federal Administration servers.

For legal reasons, it may be necessary for the personal data processed by the FOITT (IP address) to be passed on to authorities and courts.

6. Place of data processing

Users' personal data is stored and processed in Switzerland.

7. Retention period

The FOITT stores personal data only for as long as required to:

• fulfil the aforementioned purposes;
• comply with its statutory obligations.

8. Data security

In order to protect the data against unauthorised access, loss and misuse, the FOITT takes appropriate security measures of both a technical nature (encryption, logging, access controls and restrictions, backups, IT and network security solutions, etc.) and an organisational nature (instructions for employees, confidentiality agreements, reviews, etc.).

9. Your rights in relation to your personal data

You have the following rights in relation to personal data concerning you:

• the right to obtain information on what personal data about you we store and how we process it;
• the right to have a copy of your personal data provided or transferred to you in a commonly used format;
• the right to rectification of your personal data;
• the right to deletion of your personal data;
• and the right to object to the processing of your personal data.

Please note that these rights are subject to statutory requirements and exceptions. To the extent permitted by law, we may refuse your request to exercise these rights. You additionally have the right to file an objection with the competent data protection authority.

10. Amendments

This privacy statement may be amended by the FOITT at any time without prior notice. The current published version or the version valid for the period in question shall apply.