Renewal of certification under EuroPriSe’s new certification scheme pending
Recertification: 11/2020
RISER ID Services GmbH provides an online service that enables companies to request address information from official population registries. Users of the service are controllers in respect of personal data that is delivered to them via RISER. The service is designed in a way that facilitates users’ compliance with EU data protection law.
Product/Version
Registry Information Service on European Residents (RISER Service)
Function as provided in November 2020
Qualification: IT-based service (processor service)
Version of Certification Criteria
Cert. No.
EP-S-WD0P68
Gültigkeit
30/11/2020 – 30/11/2022
Recertification No. 3: 06/2018
Recertification No. 2: 03/2016
Recertification No. 1: 02/2014
Initial Certification: 02/2011
Monitoring
07/2021 (O.K.)
03/2022 (O.K.)
Kurzgutachten
Recert2020 Short Public Report RISER 
Recert2018 Short Public Report RISER
Recert2016 Short Public Report RISER
Recert2016 Short Public Report RISER 
Recert2014_Short Public Report RISER
Recert2014_Short Public Report RISER
Manufacturer/Provider
RISER ID Services GmbH
Rudolfstraße 9
10245 Berlin
Deutschland
BEST
RISER processes a minimum of data. RISER does not use the data-results for own purposes such as “address pooling”.
ATTENTION:
RISER ID Services GmbH processes query and result data on behalf of its customers. Even though RISER facilitates its privacy-compliant use, customers must ensure that processing of query/result data is backed by a legal basis and privacy compliant processes.
Summary
RISER ID Services GmbH offers a central online service that enables customers to request and verify address information in several European countries. Customers can request this information through single inquiries or through bulk inquiries. RISER can adapt to the customers’ needs in terms of data format and the required interfaces. The result of the inquiry returns the full name and full address as listed in the respective official register.
Address inquiries for different countries or communities are submitted via a central web portal. RISER distributes the request(s) to the respective register office(s). The register(s) process(es) the request(s) and send(s) the result(s) back to RISER. Following this, the result(s) can be downloaded from the web portal by the customer.
Details
Recertification 11/2020:
RISER GmbH moved to new premises in September 2020. The operative business of the RISER service now takes place in the offices of RISER ID Services GmbH in Rudolfstraße 9 in 10245 Berlin. RISER implemented appropriate technical and organizational data protection measures for the new location, which have been evaluated in the course of this recertification.
The ToE changed slightly (in comparison with the previous recertification). For details, please cf. the short public report.
Recertification 06/2018:
The recertification took place on the basis of v201701 of the EuroPriSe criteria catalog for IT products and IT-based services. The ToE changed slightly (in comparison with the previous recertification). For details, please cf. the short public report.
Recertification 02/2016:
The main changes since the last recertification in 2014 are listed below:
- Customers of RISER may request information from official registers in Germany, Austria and Switzerland (Estonia, Finland, Italy and Sweden have been removed from the service).
- Information regarding “without a permanent residence” and information bans is not provided any more.
- The update of the database containing information on deceased persons has been suspended since 11/2015.
- Customers who lack sufficient information to perform a successful enquiry regarding a person are provided with the possibility to collect the person’s date of birth via German credit agency Schufa Holding GmbH. This optional functionality does not form part of the target of evaluation, but the respective interface between RISER and Schufa does.
- The optional service to enrich personal data with phone numbers taken from publicly available phone directories was ceased.
- Further changes to the service and the underlying contractual clauses have been made (e.g., customers must assert that they will not use the information received via RISER for the purpose of advertising and address trade). These changes ensure RISER’s compliance with a new sector-specific law in Germany (please cf. the Short Public Report for details).
- For the encryption of passwords, SHA1 was replaced with SHA2.
- For the encryption of harddrives, Truecrypt was replaced with Veracrypt.
Recertification 02/2014:
The following new components have been added to the ToE:
- eMA Monitoring
- Enhanced registry information
- Database containing information on deceased persons
- Archiving
eMA Monitoring:
This new feature allows notification of a customer who already performed an inquiry on a specific person if another customer conducts an inquriy on said person and receives a different (new) result. The customer is informed about the fact that it may be useful to perform another inquiry. For this purpose, RISER makes use of hash values of inquiry and disclosure data. On the contrary, RISER does not operate a “shadow” database with information on residents.
Enhanced registry information:
RISER is now capable of processing enhanced inquiries on registry information (“erweiterte Melderegisterauskunft”).
Database with information on deceased persons:
RISER operates a database containing information on deceased persons. Inquiry data is matched with the data in this database in order to filter out inquiries on dead persons prior to the inquiry being forwarded to the competent registration authority.
Archiving:
A mullti step archiving concept has been implemented.
Currently, RISER is capable of forwarding inquiries to registration authorities in the following countries:
- Austria
- Estonia
- Deutschland
- Italy
- Lithuania
- Sweden
- Switzerland
The evaluation demonstrated that RISER still complies with EU data protection law. For details, cf. the Short Public Report.
Initial Certification (02/2011):
RISER ID Services GmbH requests registry information on behalf of the customers. Thus, RISER qualifies as data processor in the sense of Article 2(e) of Directive 95/46/EC when processing inquiry and result data.
The Target of Evaluation (ToE) is the Registry Information Service on European Residents (RISER Service).
It includes
- RISER Internal Client
- RISER Customer Portal
- RISER Supplier Portal
- RISER Registration-Authorities-Portal
- Interfaces with customers and suppliers
It does not include
- Public area of the RISER website
- RISER Pre-Sales Web-Client
- RISER-Newsletter
- Realtime-ID-Check
- Realtime-Age-Check
- Movers database hosted by third party supplier
Through a central web portal, address verification can be performed against official population registers inquiring into Austria, Estonia, Germany, Hungary, Ireland (electoral roll), Italy, Lithuania, Sweden, Switzerland and United Kingdom (electoral roll).
Technical Evaluator (since monitoring in 02/2019)
Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Deutschland
Legal Evaluator (since monitoring in 10/2019)
Alisha Gühr
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Deutschland
Legal Evaluator (since monitoring in 10/2014 until monitoring in 02/2019)
Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Deutschland
Technical Evaluator (since monitoring in 07/2017 until recertification in 06/2018)
Alexey Testsov
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Deutschland
Technical Evaluator (from monitoring in 10/2014 until monitoring in 11/2016)
Dipl. Math. Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Deutschland
Technical and Legal Evaluator (until recert in 02/2014)
Prof. Dr. Friedrich Holl
Hektorstraße 7
10711 Berlin
Deutschland