# Key Principles

***

**Use Login as an authentication service**

* Option 1: NRIC/FIN and UUID
* Option 2: UUID only

**UUID**

* Instead of NRIC/FIN, digital services of businesses can use the Universally Unique Identifier (UUID) to uniquely identify a person

**Provide non-Singpass alternative**

* Provide support to customers who prefer to use a non-Singpass alternative

**PDPA & Applicable Regulations/Legislation**

* Protect, retain and transfer data retrieved according to the rules of the Personal Data Protection Act (PDPA), relevant industry regulations and applicable legislation
* For collection of National Identification Numbers, refer to the advisory guidelines from PDPC [here](https://www.pdpc.gov.sg/-/media/Files/PDPC/PDF-Files/Advisory-Guidelines/Advisory-Guidelines-for-NRIC-Numbers---310818.pdf)

**Use for lawful purposes**

* Use of user credentials for lawful purposes only