These General Terms and Conditions (T&C) govern the provision and use of electronic identification through the certME application and related services.

Please read these General Terms and Conditions carefully before registering or using the certME application and keep them for yourself for further consultation.

By installing, registering, using and/or accessing the certME application, you confirm that you are complying with these General Terms and Conditions.

If you do not agree to these General Terms and Conditions, please refrain from or stop installing, using or accessing the certME application and related services.

Please note that the use of certain functionalities offered by the certME application may still be subject to additional conditions.

Please refer to this document for any questions.

These General Terms and Conditions are available in Romanian and English. All language versions have the same legal value.

The application and the related services are offered by CERTSIGN S.A., https://www.certsign.ro having the main office in Bucharest, sector 4, Sos. Olteniței, nr. 107A, Building C1, 1st floor, room 16, registered with the Trade Register Office attached to the Bucharest Tribunal under no. J40/484/2006, Cui 18288250, no. telephone (+40) 311 011 870 (hereinafter referred to as "certSIGN").

This document may be modified, updated at any time by CERTSIGN S.A., you having the obligation to access https://www.certme.ro/en/terms-conditions where you will find the latest version of these General Terms and Conditions.

I. DEFINITIONS

Electronic identification means (EIM) – a material and/or immaterial unit that contains personally identifiable data and is used for the purpose of authenticating to an online service.

Identity Validator – certME partner entity authorized by certSIGN based on a collaboration protocol or contract to prove the identity of certME EIM applicants, to verify their identification data and identity, to request the issuance, suspension, reactivation, or revocation of certME EIM and to validate the personal identification data of certME EIM users with their consent at the request of the Service Providers. In the case of remote video verification of the user's identity within the certME mobile application, certSIGN has the role of Identity Validator.

Service/product Provider – client entity of the certME service, in relation to which the user wishes to use certME EIM, authorized to ask the validator through the certME service to confirm the validity of the data provided by the certME EIM user.

User – you, the natural person who accepts these Terms and Conditions and whose identity has been verified or is to be verified by an Identity Validator and who has received or is to receive a certME EIM.

II. DESCRIPTION OF THE APP AND ITS FUNCTIONALITIES

The certME app is a mobile application for Android and iOS mobile devices that provides a series of services and functionalities, which allows users to securely share their personal identification data, identify themselves, log in, authorize transactions/ operations or sign documents with Service/product Providers.

III. AVAILABILITY OF THE APPLICATION

certME is only available to mobile users of smartphone or tablet devices over the age of 18.

The availability of the different services and functionalities offered through the application may vary, among other things (but not limited to), depending on: the type of device used, the country of residence of the user, the options chosen by the Service Providers with whom you wish to interact, your telecommunications operator or the SIM card you are using.

The app can only be used on websites or mobile applications that support the use of certME, and the list of Service Providers can be consulted at https://www.certme.ro.

certSIGN does not guarantee the acceptance of this mobile application by any Service/product Provider, moreover, certSIGN does not guarantee uninterrupted or error-free operation.

IV. APPLICATION FUNCTIONALITIES

The functionalities of the application allow users to register, log in, identify themselves, share their identification data, approve transactions / operations through the websites and / or mobile applications offered by the Service/product Providers.

V. REGISTRATION IN THE certME PLATFORM TO OBTAIN THE certME ELECTRONIC IDENTIFICATION MEANS

Obtaining a certME EIM can be done directly through certSIGN or through certME partners, called Identity Validators. The list of certME Identity Validators can be found at https://www.certme.ro. If the user opts to obtain a certME EIM by remote video verification of the identity within the certME mobile application, the identity verification is carried out by certSIGN through its video verification operators with the VideoID service (https://www.electronicid.eu/en/solutions/videoid).

By contacting an Identity Validator when accessing an app on a particular website or purchasing a service or product, users can opt to obtain a certME EIM free of charge.

This can be done by downloading the certME application on your mobile device, going through these Terms and Conditions and taking note of the information notes on the processing of personal data of both certSIGN and the Identity Validator.

1. Downloading the application

The app is available for download from both Google Play and the Apple AppStore and can run on smartphone or tablet devices.

2. Enrollment in the certME platform

The user will present himself in person or by remote video means (within the certME mobile application) to the operator of the Identity Validator with his identity card issued by the Romanian authorities. The Operator of the Identity Validator records the personal data of the user, and the user confirms their correctness from his certME application.

3. Issuance of the certME electronic identification means

The certME application installed on the user’s mobile device generates the PKI keys that are part of the user's certME EIM based on the user's biometric authentication. All these operations are performed encrypted within the electronic wallet of the mobile device in the user's possession.

The certME application installed on the user’s mobile device, generates based on the identification data a unique encrypted code, which does not contain personal data of the user and can not be used to deduce them, and transmits this code for storage in the certME blockchain, together with the data of the Identity Validator.

4. Updating the user’s personal data

In order to properly use a certME EIM, the User must address the Identity Validator or certSIGN (if the Identity Validator ceases or ceases the performance of identity verification and validation services or if the identity verification was performed by certSIGN) to update their personal data, as soon as the information that was the basis for the creation of the EIM no longer corresponds to reality.

VI. AUTHENTICATING TO SERVICE / PRODUCT PROVIDERS

The user uses his certME mobile application to log in to the application or website of a Service/product Provider enrolled in the certME platform.

The user may receive from the Service/product Provider, within the certME application from their mobile device, a request to access a subset of the user's personal data. If the user agrees and confirms/allows access to the requested data from the certME application, the Service Provider receives the data from the user as well as a confirmation of their validity from the Validator who performed the verification of the user's identity.

The request to confirm the validity of the user's data and the receipt of the confirmation are made only through hashes, no personal data being transmitted to or stored on the certME platform.

VII. ACCESS AND USE OF THE APPLICATION

The access and use of the certME service is allowed only to natural persons over the age of 18.

The use of certME EIM will be temporarily blocked if the biometric authentication is not successful three times (3) consecutively. After the 3 failed authentication attempts, the waiting time is doubled for each failed authentication attempt.

certSIGN reserves the right to block, suspend or revoke the electronic identification means and, subsequently, to deny the user access to it at any time, in case of technical problems, suspicion of incorrect or fraudulent use or for any other objective security reason.

You understand and agree that in using the App you must at all times comply with these General Terms and Conditions, security recommendations, all applicable laws, rules and regulations.

The application is for the personal use of the user and cannot be used by any other person, even with the user's consent.

You can create a certME EIM only on your behalf and only you must use it to register, access, confirm transactions to accounts to which you have a legal right of access (own account or account of another person for whom you have a mandate / power of attorney).

In case of fraud or suspicion of fraud in connection with the certME mobile application or in case of loss of destruction or compromise of the mobile device, as soon as you become aware of the loss, theft, unauthorized use or risk of unauthorized use of your device or certME EIM, you must ask an Identity Validator or certSIGN to suspend or revoke the certME EIM.

If you have access to certME EIM, you can suspend your certME EIM by pressing a button in the certME mobile app. If you do not have access to your certME EIM, in order to suspend your certME EIM, you must present yourself in person to any Identity Validator or certSIGN and identify yourself by providing the following personal data: name, surname and CNP.

The reactivation of a suspended certME EIM or the revocation of a certME EIM can only be done in person at the premises of certSIGN or of any Identity Validator, under the same conditions and following the same procedure by which the initial identity verification was carried out when the certME EIM was issued.

The certME EIM is automatically revoked, and in order to issue a new EIM, the user must go through a new identity verification process in any of the following situations:

• The certME application is uninstalled from the mobile device or the database is deleted via the device's functions (e.g. clear data);
• The screen lock function is disabled;
• Biometric authentication is disabled;
• A root or jailbreak process is applied to the device.

For your safety, the certME mobile application does not allow the export of the private key, nor the local or cloud backup of the database.

VIII. YOUR OBLIGATIONS (OF THE USER)

You must present correct and valid documents, as well as correct data when enrolling in the certME platform being solely responsible for their validity and correctness.

It is your responsibility to own and use the hardware and software resources necessary for the use of the services, assuming in this regard any responsibility for their functionality and compatibility with them for their correct configuration.

The device used must be in your possession, do not allow any other person access to it and protect it from unauthorized access.

Biometric authentication to your device must not be accessible to others. Do not enlist other people's biometric features in your mobile device.

You are solely responsible for the approved documents or transactions or for the services accessed following identification with the help of the certME EIM, which are solely under your control and at your discretion.

IX. OBLIGATIONS OF certSIGN

certSIGN will issue certME EIM after the validation of the data in the application by the User.

certSIGN will comply with the provisions of these General Terms and Conditions and the Code of Practices and Procedures.

certSIGN will ensure the security of the information systems used to provide electronic identification services, using the practices unanimously recognized in the field and recommended by international standards.

certSIGN will suspend or revoke the electronic identification means in case of suspicion of unauthorized use, incorrect data or at the user's request. It will urgently inform the User about the suspension or revocation of the certME EIM, along with the reasons for its decision.

certSIGN undertakes to notify the user through the certME mobile application about the modification of this document.

X. COPYRIGHT. INTELLECTUAL PROPERTY RIGHTS

certSIGN reserves all rights not expressly guaranteed to you in this document. The software is protected by copyright and related and other laws and treaties of intellectual property. CERTSIGN S.A. or its suppliers own the title, copyright and related rights and other intellectual property rights in the Software. The software is licensed, not sold. This document does not grant you any rights to the trademarks or services of CERTSIGN S.A.

All content of any services or products related to CERTSIGN S.A. are Copyright ©2019-2022 CERTSIGN S.A. and / or its suppliers.

CERTSIGN S.A. may have patents, patented applications, trademarks, copyrights and related rights or other intellectual property rights covering these topics in any web pages that are part of this service. Except for the data expressly provided in this document, certSIGN does not grant you a license for these patents, applications, trademarks, copyrights and related rights or other intellectual property rights. Any rights not expressly granted herein are reserved.

You only have the right to download the certME application and use it for electronic identification under the conditions set out in this document, as well as in the certME Code of Practice and Procedures.

XI. RESPONSIBILITY. LIMITATIONS. GUARANTEES

certSIGN is not responsible for:

(a) damage caused by force majeure and/or the fortuitous event. It is understood by case of force majeure that unpredictable and insurmountable event produced after the conclusion of the contract such as: fire, earthquake, any other natural calamity, epidemics, as well as war. The relatively unpredictable and relatively invincible circumstance, not having an extraordinary character, such as: strikes, legal restrictions, other such events, define the fortuitous case;

(b) damages caused by improper use of certME EIM ("inappropriate" represents the use in inconsistency with the stated purpose), the inclusion of erroneous data in the certME EIM, if the User has confirmed that these data are correct;

(c) Any act accomplished using certME EIM;

(d) the functionality of the Internet network, the equipment the User uses and the content of the information that is transmitted through it;

e) No damage, damage or financial loss arising from the use or inability to use the application and certME EIM;

(e) The User's use of false personal documents or misrepresentations. The User shall be solely responsible for the damages suffered by certSIGN and third parties due to inaccuracy and/or forgery of the information and documents communicated.

Under no circumstances can certSIGN be liable to pay damages for indirect damages, unrealized benefit or profit, loss of business, customers or data.

To the extent permitted by law and without prejudice to any provision to the contrary contained in this document, certSIGN's liability for any losses incurred or incurred by you shall not exceed the equivalent of EUR 200.

certSIGN does not guarantee that certME EIM are suitable for any kind of operation or will be validated on any operating systems.

The certME application and any accompanying software, files, data and materials are distributed and offered as they are and without warranties of any kind, whether express or implied, including, without limitation, any warranties of merchantability or consistency for a particular purpose. CERTSIGN S.A. does not guarantee or make representations regarding its use or the result of its use. CERTSIGN S.A. does not guarantee that the certME application will be uninterrupted or error-free.

XII. DURATION. TERMINATION OF THE GENERAL TERMS AND CONDITIONS

These General Terms and Conditions shall cease to apply in the following situations: upon expiry or revocation of electronic identification means.

certME EIM is valid from the date of creation, for the entire period of validity of the identity document.

Clauses which by their nature continue to take effect even after the termination of these General Terms and Conditions shall survive their termination.

XIII. FINAL PROVISIONS

1. Costs for the use of certME EIM

No fee is charged by the Identity Validator or certSIGN for creating certME EIM, downloading the certME application on your device and using it for identification. You are responsible for the costs of the devices used by you, the internet connection, the trip to the Identity Validator, the costs for the services/products you want to log in to or that you want to purchase, etc.

2. Confidentiality

The parties are obliged to maintain the confidentiality of all information of which they become aware or to which they have access in the conclusion and performance of these Terms and Conditions, regardless of their form.

certSIGN processes the user's personal data in accordance with the "Notice regarding the processing of personal data" available at https://www.certme.ro/en/app-gdpr-notice.

3. Recommended security precautions

1. The certME mobile app only works on mobile devices equipped with secure elements or enclaves for storing keys and passwords.
2. For ease of use and increased security, the certME mobile app works only on mobile devices equipped with secure biometric authentication means.
3. The certME mobile app only works on mobile devices that have the screen lock feature active through PIN, pattern, password or biometric authentication. For the protection of users, disabling the screen lock function leads to the deletion of all data associated with the certME EIM and the impossibility of using it until the identity verification is re-performed at one of the certME partners.
4. The certME mobile app does not work on rooted or jailbroken mobile devices. For the protection of users, the application of a process of rooting or jailbreak on the device leads to the deletion of all data associated with certME EIM and the impossibility of its use.
5. Don't allow others to record biometrics on your device, not even your family members.  As long as you are the only person who can biometrically log in to your device, no one else can use your certME EIM to identify you online or access your data.
6. Do not authorize requests for identification or authentication if you have not initiated the transaction yourself. If you see a random identification/authentication request on the screen, ignore it. If it happens again, please contact our customer service and we will help you identify what needs to be done next.
7. Do not download unauthorized / illegal software applications or access links that promise you free access to goods or functions that normally cost you. Google Play and AppStore are the recommended locations to make software updates and install new apps.
8. Keep your software up to date. Regular updates to your operating system and apps ensure that you have the best protection against security risks. The most effective way to make sure that the software is always up to date is to enable automatic updates.
9. Purchase mobile terminals only from authorized sellers or trusted persons who can prove that they are their rightful owners. Stolen devices are susceptible to hacking, are insecure, and can cause problems in the performance of installed applications.
10. The only way to make sure no one else is adding apps or doing unwanted operations on your device is to not share your device with others.

4. Applicable law. Jurisdiction

Romanian law is applicable. Any disputes will be settled by the competent courts in Bucharest, Romania.

5. Complaints and support

Any complaints, grievances, suggestions or requests for support in the installation, use of the service, of the application can be addressed, respectively obtained by emailing hello@certme.ro.