When Additional Information is combined with BankID, some special guidelines applies.

How to treat the National Identity Number

When used in context of the BankID IDP, National Identity Number is also available, in addition to the email, phone number and address of the end-user. This is only available to Merchant who have a legal basis of treatment for this information.

Nnin and nnin_altsub (Norwegian National Identity Number)

A Merchants who have a legal basis for treatment for the end-users national identity number can access it in two ways, for different purposes:

1. For matching an identified user with a user already existing in their own database, nnin_altsub can be retrieved from the ID token, without the users consent.
2. For establishing a relationship with a new customer, nnin from Additional Information must be used. When requesting nnin from Additional Information, the user will be asked to give his consent to pass on this information to the Merchant.

Please note that this practice is different to the practice on the legacy BankID server platform. On the legacy platform the national identity number retrieved from the certificate can be used for both purposes.