Privacy Policy for the eOsebna mobile application

The Privacy Policy notice includes information about what data is being collected when using the eOsebna application, how the data is processed and what rights a person has with regard to personal data processing.

1. What is the eOsebna mobile application?

The eOsebna mobile application (hereinafter: the eOsebna application) is an application that enables contactless use of an electronic identity card. The contactless connection functions according to the NFC protocol. The electronic identity card is composed of three digital certificates on the chip of the identity card issued in the Republic of Slovenia. The digital certificate for electronic signature and the digital certificate of high assurance level are protected by means of a PIN code, while the digital certificate of low assurance level enables a login without entering the PIN code.

Once you have installed the eOsebna application on your mobile device, you can login into any service via the SI-PASS, with which you can select the login option for your electronic identity card and mobile application. By scanning the QR code, you can login with another device, e.g. a personal computer without an additional installation or adjustment.

With the eOsebna application, you can edit, view, save or remove the settings and details of your electronic identity card. You can activate your identity card, change its PIN code or unlock it with the PUK code.

2. Who is the operator of the eOsebna application?

The eOsebna application is provided by the Ministry of Digital Transformation (hereinafter: MDP), which manages the content and technical aspects of the application. The MDP is the controller of the data that is processed within the eOsebna application.

The electronic address of the data protection officer is dpo.mju@gov.si.
3. Is the use of the application voluntary?

The use of the application is voluntary and free of charge.

4. Is personal data processed for the functioning of the application?

Personal data is processed for the functioning of the application, i.e.:

  • the user registers the electronic identification means in the eOsebna application by entering the CAN code in the eOsebna application. The CAN code consists of six digits that are printed vertically in the lower right corner on the front side of the identity card. The CAN code is needed to establish a safe connection between the mobile device and the chip of the identity card upon each next login with the eOsebna application. The CAN code is saved exclusively in the application on the mobile device of the device owner for the duration when the specific electronic identification means is registered in the eOsebna application;
  • data on the personal name of the ID card holder is saved in the eOsebna application upon the registration of the electronic identification means.

The application enables the user to display data about the holder, which is contained in an individual ID card. The data consist of:

  • name and surname,
  • serial number of the ID card,
  • PIN,
  • date of birth,
  • gender,
  • period of validity of the ID card,
  • citizenship, and
  • data on the holder’s digital certificates installed on the electronic ID card:
  • type of digital certificate:
  • issuer,
  • serial number, and
  • validity of the digital certificate.

This data is only displayed to the user of the application if this is requested and is not stored in the application.

When submitting data for the purpose of identifying the ID card holder in the SI-PASS or other electronic services, the SI-PASS submits data (technically, this data together represents the so-called JWT file):

  • provision of the country in which the user of the SI-PASS is located,
  • electronic service for the use of which identification is required,
  • level of application in the electronic service,
  • browser,
  • operating system, and
  • IP address.

The display of this data is intended exclusively for the user, so that they can verify whether they have actually submitted a specific request.

All data processed within the eOsebna application is processed exclusively on the user’s mobile device in the eOsebna application which the user has installed. No data located in the eOsebna application is transferred to another information system unless the user requests this explicitly (e.g. use of the application for registration through the SI-PASS).

No data is processed in the eOsebna application unless the user of the application requests this.

5. On what legal basis is your data processed?

Personal data in the eOsebna application is processed on the basis of paragraph two of Article 9 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia [Uradni list RS], Nos. 94/07 – official consolidated text and 177/20), as a person decides on their own whether they will use the ID card through the mobile device and identify themselves in this way when implementing electronic procedures. A person can use their ID card (or the electronic identification means of high assurance level) for the same purpose without the eOsebna application, i.e. with the use of the smart card reader. In this case, the personal data processing within the eOsebna application will not occur.

6. If you want to stop using the application

You can stop using the application at any time with immediate effect after you remove the application from the device on which you have installed it.

If you remove the application from your phone, you will also delete all data about additional ID cards.

You can also delete data on an individual ID card at any time, i.e. data about the ID card, the CAN code and personal name.
7. Who is the application intended for?

The application is intended for persons who are the holders of identity cards with chips and were older than 12 years when they obtained the identity card.
8. Which personal data is processed?

Personal data is processed for the functioning of the application, i.e.:

  • the user registers the electronic identification means in the eOsebna application by entering the CAN code in the eOsebna application. The CAN code consists of six digits that are printed vertically in the lower right corner on the front side of the identity card. The CAN code is needed to establish a safe connection between the mobile device and the chip of the identity card upon each next login with the eOsebna application. The CAN code is saved exclusively in the application on the mobile device of the device owner for the duration when the specific electronic identification means is registered in the eOsebna application;
  • data on the personal name of the ID card holder is saved in the eOsebna application upon the registration of the electronic identification means.

The application enables the user to display data about the holder, which is contained in an individual ID card. The data consist of:

  • name and surname,
  • serial number of the ID card,
  • PIN,
  • date of birth,
  • gender,
  • period of validity of the ID card,
  • citizenship, and
  • data on the holder’s digital certificates installed on the electronic ID card:
  • type of digital certificate:
  • issuer,
  • serial number, and
  • validity of the digital certificate.

This data is only displayed to the user of the application if this is requested and is not stored in the application.

When submitting data for the purpose of identifying the ID card holder in the SI-PASS or other electronic services, the SI-PASS submits data (technically, this data together represents the so-called JWT file):

  • electronic service for the use of which identification is required,
  • level of application in the electronic service,
  • browser,
  • operating system, and
  • IP address.

The display of this data is intended exclusively for the user, so that they can verify whether they have actually submitted a specific request.

All data processed within the eOsebna application is processed exclusively on the user’s mobile device in the eOsebna application which the user has installed. No data located in the eOsebna application is transferred to another information system unless the user requests this explicitly (e.g. use of the application for registration through the SI-PASS).

No data is processed in the eOsebna application unless the user of the application requests this.
9. Functionalities of the application

With regard to the identity card, the eOsebna application enables two types of uses, i.e.:

a. identity card management,

b. login into electronic services via the SI-PASS.

a. Identity card management:,

  • Adding the identity card into the eOsebna application

Several identity cards can be added into the eOsebna application on an individual mobile device.

Once the identity card is added, the eOsebna application saves the CAN code and the personal name of the ID card holder.

    1. After the initial instructions, enter the CAN* code or choose '+ Add a new ID card' and enter the CAN* code.
    2. Bring the ID card closer to the phone or the device to establish communication according to the NFC protocol.
    3. If the ID card has already been activated, it is subsequently added into the eOsebna application on the device.
  • Activation of the electronic identity card in the eOsebna application

The activation of the electronic ID card is a one-time action, in which you determine the PIN code and thus activate the slot on the chip, in which the digital certificate for electronic signing and the digital certificate for the application of the electronic identification means of high assurance level are installed.

To activate the electronic ID card, you need the initial password that you received together with the new ID card. If you no longer have the initial password, you can activate the electronic ID card in accordance with the 'Unlock with the PUK code' procedure described below. 

    1. Follow the instructions 'Adding the identity card into the eOsebna mobile application'.
    2. Enter the initial password** for the identity card.
    3. Determine and enter the PIN**** code for the electronic ID card in the form of six digits and confirm the PIN code by re-entering it.
    4. Bring the ID card closer to the phone or device to establish communication according to the NFC protocol.
  • Removal of the identity card from the eOsebna application
    1. In the eOsebna application, choose the identity card that you wish to remove.
    2. Choose the gear wheel icon in the upper right corner, which will take you to the 'Settings' window.
    3. Find the 'Remove the identity card' option and confirm. 
  • Change of PIN code
    1. In the eOsebna application, choose the identity card for which you want to change the PIN**** code.
    2. Choose the gear wheel icon in the upper right corner, which will take you to the 'Settings' window.
    3. Find and select the 'Change the PIN code' option.
    4. Enter the existing (old) PIN code.
    5. Determine and enter the PIN code for the electronic ID card in the form of six digits and confirm the PIN code by re-entering it.
    6. Bring the ID card closer to the phone or device to establish communication according to the NFC protocol.
  • Unlocking with the PUK code

To obtain the PUK code to unlock the electronic ID card, you must visit an administrative unit or a diplomatic/consular representation.

    1. In the eOsebna application, choose the identity card which you want to unlock with the PUK**** code.
    2. Choose the gear wheel icon in the upper right corner, which will take you to the new 'Settings' window.
    3. Find and select the 'Unlock with the PUK code' option.
    4. Confirm the accompanying instructions and enter the PUK code in the new window.
    5. Determine and enter the new PIN**** code for the electronic ID card in the form of six digits and confirm the PIN code by re-entering it.
    6. Bring the ID card closer to the phone or device to establish communication according to the NFC protocol.  
  • Display of data on the identity card
    1. In the eOsebna application, choose the identity card which has the data you want to see.
    2. Choose the gear wheel icon in the upper right corner, which will take you to the new 'Settings' window.
    3. Find and select the 'Display data' option.
    4. Bring the ID card closer to the phone or device to establish communication according to the NFC protocol.
    5. The data on the ID card and the data on digital certificates that form the electronic ID card will be displayed.

* More on the CAN code: https://www.si-trust.gov.si/sl/podpora-uporabnikom/pogosta-vprasanja/elektronska-osebna-izkaznica/#can

** More on the initial password: https://www.si-trust.gov.si/sl/podpora-uporabnikom/pogosta-vprasanja/elektronska-osebna-izkaznica/#tpin

*** More on the PUK code: https://www.si-trust.gov.si/sl/podpora-uporabnikom/pogosta-vprasanja/elektronska-osebna-izkaznica/#puk

**** More on the PIN code: https://www.si-trust.gov.si/sl/podpora-uporabnikom/pogosta-vprasanja/elektronska-osebna-izkaznica/#pin

  • Setting or change of language of the eOsebna application

a) When first using the eOsebna application, choose the icon displaying a change of language in the upper left corner and select the language.

b) Language can be changed during the use of the application by selecting the gear wheel icon in the upper right corner, which will take you to the 'Settings' window. Then find and choose the 'Change language' option to select the suitable language.

b. Login into electronic services via the SI-PASS:  

  • Login into an electronic service on the device on which the eOsebna application is installed
    1. The electronic service directs you in the browser on your mobile device to login via the SI-PASS.
    2. Select the login method with the electronic ID card and the mobile application.
    3. Click on the button to confirm the opening of the eOsebna application. If the eOsebna application is not installed, download and install it via the store (Google Play, Apple Store, etc.) and repeat the previous step (in the browser).
    4. In the eOsebna application, select and confirm the identity card with which you want to login.
    5. Check and confirm the login data (in the JWT file) displayed by the eOsebna application.
    6. Enter the PIN code if a login with the electronic identification means of high assurance level is requested.
    7. Bring the ID card closer to the phone or device to establish communication according to the NFC protocol, which will confirm the identity of the ID card holder and forward the data on the identity from the electronic ID card (i.e. record in the JWT file) to the SI-PASS.
    8. In the browser, the SI-PASS will direct you to the electronic service in which you wanted to login. The electronic service permits work under your identity.

(Only steps 4 to 7 are carried out in the eOsebna application. Other steps are carried out in other information systems.)

  • Login into an electronic service on a different device (e.g. personal computer)
    1. The electronic service directs you to login via the SI-PASS.
    2. Select the login method with the electronic ID card and the mobile application.
    3. Open the eOsebna application on your mobile device and scan with it the QR code, which is displayed on the screen of the other device. If the eOsebna application is not installed, download and install it via the store (Google Play, Apple Store, etc.).
    4. In the eOsebna application, select and confirm the identity card with which you want to login.
    5. Check and confirm the login data (in the JWT file) displayed by the eOsebna application.
    6. Enter the PIN code if a login with the electronic identification means of high assurance level is requested.
    7. Bring the ID card closer to the phone or device to establish communication according to the NFC protocol, which will confirm the identity of the ID card holder and forward the data on the identity from the electronic ID card (i.e. record in the JWT file) to the SI-PASS. On the other device, the SI-PASS directs you to the electronic service in which you wanted to login. The electronic service permits work under your identity.

(Only steps 4 to 7 are carried out in the eOsebna application. Other steps are carried out in other information systems.)

The eOsebna application is available in Slovenian, English, Italian and Hungarian.
10. What permissions and functionalities are required by the application?

Due to the nature of its operations, access to certain functionalities and interfaces must be enabled on your mobile device for the use of the eOsebna application. Various manufacturers determine the permissions that enable the use of certain or all functionalities of the application in different ways.

The required permissions include:

a. Technical requirements (all smart phones)

  • Internet

The application requires an Internet connection for the use of the electronic ID card when logging into electronic services. The electronic services cannot be accessed without the Internet connection.

  • Use of the camera

To use the application when logging into an electronic service on a different device, the application must be permitted to use the camera on the smart phone. The camera captures the QR code via the application, which is written on the other device when logging in.

b. Android smart phones

If you use an Android device, it is necessary to:

  • enable a connection according to the NFC protocol; The connection as per the NFC protocol must be enabled for communication with the ID card and reading of the data from the electronic ID card. Certain smart phones require the user’s permission to use the connection as per the NFC protocol.

c. iPhone (Apple iOS) smart phones

  • The connection according to the NFC protocol is enabled by default on iPhone smart phones and cannot be switched off.
11. When is the data deleted?

The deletion of data on the identity card which was added into the eOsebna application is under the exclusive supervision of the application user.

All data on identity cards will be deleted when you delete the eOsebna application.

Data on individual ID cards can be deleted from the eOsebna application if you delete the ID card from the list of added ID cards in the settings.

The data being forwarded to the SI-PASS or another information system is found in the JWT file and deleted immediately after the information system verifies the signature in the JWT file.

12. Who receives your data?

The eOsebna application does not forward any information automatically (without the user’s request) at any time.

The user decides whether the eOsebna application submits the data about the digital certificate for the purposes of identification (i.e. in the JWT file) to the SI-PASS or the electronic service. The digital certificates for login and signature are found on the chip of the ID card. The intervention that is exclusively under the user’s supervision is also the basic purpose of the application.

13. Is the data transferred to a third country?

The eOsebna application does not at any time forward any information automatically (without the user’s request), including into third countries.

 

The data which the user of the eOsebna application requests to be forwarded is forwarded via the online connection directly to the SI-PASS or other electronic services.

14. Other rights on the basis of the Personal Data Protection Act and the General Data Protection Regulation

Persons who are users of the application enforce their rights in the following scope:

  • the right to being informed about the personal data processing: general information on data processing can be found on the website of the Ministry of Public Administration. The operator of the eOsebna application is responsible for responding to requests that refer to information about which data was transmitted via the eOsebna application. The operator has no access to data found in the application and which the application reads from the ID card;
  • the right to access by a person to whom personal data refers: the eOsebna application is intended for automated access to data that is found on the ID card. The data on the ID card is thus also processed. The eOsebna application exclusively stores the data referred to under question 8 (the CAN code, personal name of the ID card holder);
  • the right to rectification: the eOsebna application is intended for the display of data that is found on the ID card. When entering the CAN code in the eOsebna application, the code is always correct if its use is enabled. If the code is not correct, the person corrects it on their own. The application does not enable the rectification of data stored in it, as it displays data from an official document;
  • the right to erasure (‘right to be forgotten’): the user of the eOsebna application may at any time delete data in the application or delete the application from their mobile device. The data that was forwarded to other information systems at the explicit request of the user of the eOsebna application cannot be deleted. The deletion of this data must be requested at the information system to which the data was forwarded;
  • the right to the restriction of processing: the eOsebna application does not store any data, which is why technically this right cannot be ensured;
  • the notification obligation regarding rectification or erasure of personal data or restriction of processing: this right is ensured by the operator of the eOsebna application;
  • the right to object: due to the nature of data processing, the operator of the eOsebna application cannot ensure the right to object, as it does not access the data, implements no decision-making on the data basis and forwards it only at the user’s explicit request. The operator of the eOsebna application does not ensure any other processing of specific personal data.

The electronic address of the data protection officer is dpo.mju@gov.si.

Information on the right to lodge a complaint with a supervisory body:

A complaint can be lodged with the Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail address: gp.ip@ip-rs.si, website: www.ip-rs.si.

15. Statistics

For statistical purposes, the operator of the eOsebna application obtains data on the number of downloads of the application from Google Play and Apple Store. The data is obtained from Google Play and Apple Store and not from the eOsebna application or its users.

 

Last change: 2022