Privacy Policy

This is the up-to-date privacy policy for the PlusID service. The privacy policy is valid until further notice. Please come back here to revise and read the latest privacy policy.

Last updated: 7th of July, 2022.

PlusID Privacy Policy

This Privacy Policy is related to the PlusID service provided by PlusID Oy. PlusID Oy acts as the registrar and the user of the PlusID service is registered user. The Privacy Policy applies to the PlusID service, website and application and your personal information that you have given or authorized to retrieve or verify from third party services or through similar interfaces that the PlusID Service has provided to the controller by technical or non-technical means to use the Service. As a user of the service, you accept the terms of the privacy policy. The privacy policy is part of the general terms of use of the PlusID service.

PlusID Oy takes your data protection seriously and undertakes to comply with the general EU data protection regulation and related national legislation when processing your personal data.

Contact details of the controller

  • Name and business ID: PlusID Oy (3256194-5)
  • Address: PO Box 164, 00701 HELSINKI
  • E-mail address:
    (via e-mail you can also contact the company’s data protection officer, Data Protection Officer, contacts in Finnish or English)


Purpose and legal basis of the processing of personal data

Personal data is stored in the registrar’s register to enable the use of the PlusID service.

The processing of personal data is based on the data subject’s consent, which the data subject gives when registering with the service by accepting this data protection policy.

The processing of personal data is also necessary in connection with the legal obligations of the controller (such as the provisions of the Money Laundering and Payment Institutions Act and related regulations).

Retention periods of personal data and criteria for their determination

We will only retain your personal information for as long and to the extent necessary to provide the Service. If the service is terminated, the data will be retained for the period required by law.

The Money Laundering and Terrorist Financing Prevention Act requires information to be retained for five (5) years from the termination of a regular customer relationship or the execution of an occasional transaction.

Information content of the register

The following information can be stored in the register:

  • PlusID *
  • Password *
  • Pin code *
  • Full name *
  • Personal identity number and / or other official identifying information *
  • Address information
  • Mobile phone number *
  • Email address
  • Information on the registered student’s, pensioner’s and / or physical disabilities
  • Gender of the data subject
  • Face and / or profile picture
  • Passport information
  • Bank details
  • Information on cryptocurrency wallets
  • WhatsApp phone number
  • Information on social media services
  • Company information and / or other information stored in connection with the registration of the transaction service
  • Public default notes
  • Authorizations given by the user in the service
  • Internal analytics (eg trust score)
  • Information related to customer knowledge required by the Money Laundering Act
  • Information required by payment institution legislation
  • Transaction-specific log information for information and payment requests
  • Information related to transactions, purchases and payments
  • Event-specific identification and timestamps of identification and / or verification events
  • In addition, general information can be stored in the register to improve the use and security of the service *:
  • IP address
  • Internet browser information
  • General statistics
  • Error reports
  • Service log information

The registered user influences the choice of information to be stored in the service itself, except for the information that is required by the service as mandatory. Mandatory information related to the use of the PlusID service is marked in the above list with an *. Please note that requests for information from PlusID community transaction services vary by service.

In addition, the Service may collect and store other general statistical information related to the development of the Service and user behaviour using Google Analytics. This information is collected anonymously. The service also collects and stores information related to service problems and error situations for the purpose of developing the service. Error report data is anonymised.

Regular sources of personal data

Personal data is obtained from the data subject himself and through third parties through interfaces for retrieving and / or verifying and verifying user data enabled by the PlusID service. Only data for which the data subject has given his or her express consent is stored in the service.

In the case of strong authentication, in connection with the implementation of the service, the PlusID service receives a personal identity number and a user name from the user registered in the service, which is stored and verified in the user’s data.

Through strong authentication via a passport or ID card, the PlusID service receives the ID card or passport number, validity period and other possible identifying information from the user registered in the service. This information is stored and verified in the user information.

With regard to the obsolescence of verified data, the user must ensure the correctness and accuracy of the data as required by the service, so that the validity of the data can be verified in a manner sufficient for the usability of the service.

Regular disclosures

The data may be disclosed to the registrar’s transaction services belonging to the PlusID community, if the data subject gives permission in the PlusID service. Only information for which the data subject has given his or her prior consent to the disclosure shall be disclosed to the transaction services. The data subject can see each handover transaction from the PlusID interface, from which the information request can also be accepted. By accepting the terms and conditions, the data subject consents to the fact that the information required for the provision of services and access to the service may, however, be disclosed to third parties without the data subject’s express consent.

The information may be disclosed to different authorities as required by applicable law.

Personal data will not be transferred outside the EU or the European Economic Area unless required by applicable law.

Registry security principles

The data controller shall ensure that the personal data of the data subject are stored in a data-secure manner. The controller has extensive organizational and technical measures in place to protect personal data.

The company’s premises have a monitoring and alarm system. The written material is in separately locked rooms. The said material shall be kept for the time required by the law in force at the time. Personal information is only available to a limited number of staff.

The information entered in the register is confidential. The staff has given a commitment to keep the information they receive in the course of their work confidential. Access to the register requires a personal username and password. The controller shall endeavor to correct any errors found without undue delay.

All information stored in the register shall be encrypted in accordance with generally valid and secure principles. The data stored in the register is encrypted during both transmission and storage, and the stored data is encrypted at multiple levels.

Automatic decision making and profiling

The service can perform automatic decision making and user profiling as part of the service’s functionality. In connection with automatic decision-making, the information in the register and, possibly, the services of third parties that enable the use of the service are used. These situations may be related to, for example, checking the user’s creditworthiness, opening the billing function and ensuring the introduction of the service, for example on behalf of the user’s age.

By accepting the terms and conditions, the data subject consents to the use of automated decision-making and profiling without the separate consent of the data subject on a transaction-by-transaction basis.

Your rights

Under the Data Protection Regulation, the data subject has the following rights:

A) Each registrant has the right to check their data, which has been stored in the personal data register by logging in to the PlusID service with their own user IDs, or a request for register data can be made to PlusID Oy by e-mail to the above address (see “Registrar’s contact information”). In response, the data subject shall also be informed of the origin of the data, their purpose and information on where the data may be disclosed. The data subject shall present in the request for verification his or her identification information necessary for searching for the information.

The data subject may also make a request for personal data by post to:

PlusID Oy, “Request for verification of PlusID information”, PO Box 164, FI-00701 Helsinki

B) Every data subject has the right to request the correction of incorrect information about him or her that is in the customer register. A request for the correction of register information can be made to PlusID Oy by e-mail or post. In his request for rectification, the customer must provide the identification information necessary to search for the information and the changes he requires to be made. A processing fee may be charged for repeated requests from the data subject.

If incorrect, unnecessary, incomplete or otherwise outdated information is discovered on your own initiative through staff or automated inspections, such information will be corrected or deleted immediately.

C) Each data subject has the right, under certain conditions, to request the removal of his or her personal data from the customer register. A request for the deletion of register data can be made by PlusID Oy by e-mail or post. Similarly, data subjects have the right to be informed about the processing of their personal data (as reflected in this Privacy Policy), to restrict their processing if necessary, to transfer their data from one system to another (if alternative systems exist), to object to their processing and not to be subject to automatic decision-making.

D) The data subject may also refer a matter concerning his or her data protection rights to the Office of the Data Protection Officer. The website address of the Data Protection Commissioner is:


The service uses the local data storage and / or cookies of the user’s browser. Cookies are used to ensure the functionality, security, development and quality of the service. The user can delete cookies or stored data at any time from their browser. The PlusID service may not work in all respects without permission to store data and / or cookies.


The controller shall update its privacy policy on a regular basis. An up-to-date Privacy Policy is always available at

We encourage you to review this Privacy Policy regularly for any updates.