These General Terms and Conditions (T&C) govern the provision and use of electronic identification through the certME application and related services.

Please read these General Terms and Conditions carefully before registering or using the certME application and keep them for yourself for further consultation.

By installing, registering, using and/or accessing the certME application, you confirm that you are complying with these General Terms and Conditions.

If you do not agree to these General Terms and Conditions, please refrain from or stop installing, using or accessing the certME application and related services.

Please note that the use of certain functionalities offered by the certME application may still be subject to additional conditions.

Please refer to this document for any questions.

These General Terms and Conditions are available in Romanian and English. All language versions have the same legal value.

The application and the related services are offered by CERTSIGN S.A., https://www.certsign.ro having the main office in Bucharest, sector 4, Sos. Olteniței, nr. 107A, Building C1, 1st floor, room 16, registered with the Trade Register Office attached to the Bucharest Tribunal under no. J40/484/2006, fiscal identification code 18288250, no. telephone (+40)311 011 870 (hereinafter referred to as "certSIGN").

This document may be modified, updated at any time by CERTSIGN S.A., you having the obligation to access https://www.certme.ro/en/terms-conditions where you will find the latest version of these General Terms and Conditions.

I. DEFINITIONS

Electronic identification means (EIM) - a material and/or immaterial unit that contains personally identifiable data and is used for the purpose of authenticating to an online service.

Identity Validator – certSIGN or a certME partner entity authorized by certSIGN based on a collaboration protocol or contract to prove the identity of certME EIM applicants, to verify their identification data and identity, to request the issuance, suspension, reactivation, or revocation of certME EIM and to validate the personal identification data of certME EIM users with their consent at the request of the Service/product Providers. In the case of remote video verification of the user's identity within the certME mobile application, only certSIGN has the role of Identity Validator.

Service/product Provider – client entity of the certME service, in relation to which the user wishes to use certME EIM, authorized to ask the Identity Validator through the certME service to confirm the validity of the data provided by the certME EIM user.

User – you, the natural person who accepts these Terms and Conditions and whose identity has been verified or is to be verified by an Identity Validator and who has received or is to receive a certME EIM.

II. DESCRIPTION OF THE APPLICATION AND ITS FUNCTIONALITIES

The certME app is a mobile application for Android and iOS mobile devices that provides a series of services and functionalities, which allows users to securely share their personal identification data, identify themselves, log in, authorize transactions/ operations or sign documents with Service/product Providers.

III. APP AVAILABILITY

certME is only available to mobile users of smartphone or tablet devices over the age of 18.

The availability of the different services and functionalities offered through the application may vary, among other things (but not limited to), depending on: the type of device used, the country of residence of the user, the options chosen by the Service Providers with whom you wish to interact, your telecommunications operator or the SIM card you are using.

The app can only be used on websites or mobile applications that support the use of certME, and the list of Service/product Providers can be consulted at www.certme.ro.

certSIGN does not guarantee the acceptance of this mobile application by any Service/product Provider, moreover, certSIGN does not guarantee uninterrupted or error-free operation.

IV. APPLICATION FUNCTIONALITIES

The functionalities of the application allow users to register, log in, identify themselves, share their identification data, approve transactions / operations through the websites and / or mobile applications offered by the Service/product Providers.

V. REGISTRATION IN THE CERTME PLATFORM FOR ACQUIRING CERTME EIM

Obtaining a certME EIM can be done directly through certSIGN or through certME partners, called Identity Validators. certME Identity Validators can be found in the certME mobile app. This can be done by downloading the certME application on the mobile device, going through these General Terms and Conditions and considering the information note on the processing of personal data of certSIGN.

If the User opts to obtain a certME EIM by remote video identity verification within the certME mobile application, the identity verification is carried out by certSIGN through the VideoID service (https://www.signicat.com/products/identity-proofing/id-document-and-biometric-verification) in accordance with the Norms regarding the regulation, recognition, approval or acceptance of the remote personal identification procedure using video means approved by Decision no. 564/2021 issued by the Authority for Digitization of Romania.

1. Downloading the app

The app is available for download from both Google Play and the App Store and can run on smartphone or tablet devices.

2. Enrollment in the certME platform

The User will present himself in person to the Identity Validator operator, with his identity card issued by the Romanian authorities, in original, or by remote video means (within the certME mobile application). The operator of the Identity Validator records the personal data of the User, and the User confirms their correctness from his certME application.

3. Issuance of certME electronic identification means

The certME application installed on the User’s mobile device generates the the public-private key pair that is part of the User's certME EIM based on the User's biometric authentication. All these operations are performed encrypted within the certME electronic wallet which is under the exclusive possession and control of the User.

The certME application installed on the user’s mobile device, generates based on the identification data a unique encrypted code, which does not contain personal data of the user and can not be used to deduce them, and transmits this code for storage in the certME blockchain, together with the data of the Identity Validator.

4. Updating the user’s personal data

In order to properly use a certME EIM, the User must address the Identity Validator to update his personal data, as soon as the information that was the basis issuing the EIM no longer corresponds to reality. Modification of the data may lead to the suspension or revocation of the EIM, as the case may be.

VI. AUTHENTICATING WITH SERVICE / PRODUCT PROVIDERS

The user uses his certME mobile application to log in to the application or website of a Service/product Provider enrolled in the certME platform.

The user may receive from the Service/product Provider, within the certME application from their mobile device, a request to access a subset of the User's personal data. If the User agrees and confirms/allows access to the requested data from the certME application, the Service/product Provider receives the data from the User after confirming their validity from the Identity Validator who performed the verification of the User's identity.

The request to confirm the validity of the User's data and the receipt of the confirmation are made only through hashes, no personal data being transmitted to or stored on the certME platform. Data communication to the Service Provider/products is encrypted.

VII. ACCESS AND USE OF THE APPLICATION

The access and use of the certME service is allowed only to natural persons over the age of 18.

Use of the certME/ certME EIM mobile application will be temporarily blocked if the biometric authentication on the User's mobile device is not successful (the number of biometric scans depends on the type of device and the operating system of the mobile device). The waiting time may increase after each failed authentication attempt.

certSIGN reserves the right to block, suspend or revoke the electronic identification means and, subsequently, to deny the user access to it at any time, in case of technical problems, suspicion of incorrect or fraudulent use or for any other objective security reason.

You understand and agree that in using the App you must at all times comply with these General Terms and Conditions, security recommendations, all applicable laws, rules and regulations.

The application is for the personal use of the user and cannot be used by any other person, even with the user's consent.

You can request a certME EIM only on your behalf and only you must use it to register, access, confirm transactions to accounts to which you have a legal right of access.

In case of fraud or suspicion of fraud in connection with the certME mobile application or in case of loss, destruction, compromise of the mobile device or unauthorized use or the risk of unauthorized use of it or the certME EIM, you must immediately request the Identity Validator to suspend or revoke the certME EIM.

If you have access to certME EIM, you can suspend your certME EIM by pressing a button in the certME mobile app. If you do not have access to your certME EIM, in order to suspend your certME EIM, you must present yourself in person to the Identity Validator and identify yourself by presenting the original identity document.

The reactivation of a suspended certME EIM or the revocation of a certME EIM can only be done in person at the Identity Validator, by identifying yourself based on the original identity card issued by the Romanian authorities.

The certME EIM automatically becomes unusable, by deleting data related to certME EIM, in any of the following situations:

• The certME application is uninstalled from the mobile device
• the data is deleted through the functions of the mobile device (e.g. "clear data");
• The screen lock function is disabled;
• Biometric authentication is disabled;
• A rooting or jailbreak process is applied to the device.

In order to issue a new certME EIM, the User must go through a new identity verification process.

For your safety, the certME mobile application does not allow local or cloud backup of app data.

VIII. YOUR OBLIGATIONS (OF THE USER)

You must present correct and valid documents, as well as correct data when enrolling in the certME platform, you are solely responsible for their validity and correctness.

By accepting these General Terms and Conditions, you acknowledge that in order to issue certME EIM, certSIGN must verify your identity.

You must immediately notify certSIGN when the data presented for the issuance of the certME EIM and the verification of your identity no longer correspond to the reality.It is your responsibility to own and use the hardware and software resources necessary for the use of the services, assuming in this regard any responsibility for their functionality and compatibility with them for their correct configuration.

The device used must be in your possession, do not allow any other person access to it and protect it from unauthorized access.

Biometric authentication to your device must not be accessible to others. Do not enlist other people's biometric features in your mobile device.

You are solely responsible for the approved documents or transactions or for the services accessed following identification with the help of the certME EIM, which are solely under your control and at your discretion.

You must notify certSIGN immediately when you become aware of any missing, stolen, misappropriated or unauthorized use of your login data, as well as the mobile device on which you have installed the certME mobile application, as well as any other breach of security in connection with use of the certME application or certME EIM that you become aware of.

IX. OBLIGATIONS OF certSIGN

1. certSIGN will issue certME EIM after the validation of the data in the application by the User.
2. certSIGN will comply with the provisions of these General Terms and the practices and procedures related to the certME service.
3. certSIGN will ensure the security of the information systems used to provide electronic identification services, using the practices recognized in the field and recommended by applicable standards.
4. certSIGN will suspend or revoke the electronic identification means in case of suspicion of unauthorized use, incorrect data or at the user's request. It will urgently inform the User about the suspension or revocation of the certME EIM, along with the reasons for its decision.

X. COPYRIGHT. INTELLECTUAL PROPERTY RIGHTS

certSIGN reserves all rights not expressly guaranteed to you in this document. The software is protected by the provisions of Romanian law on copyright and related rights and other international intellectual property laws and treaties. CERTSIGN S.A. or its suppliers own the title, copyright and related rights and other intellectual property rights to the Software. The software is licensed, not sold. This document does not grant you any rights to the trademarks or services of CERTSIGN S.A.

All content of any services or products related to CERTSIGN S.A. are Copyright CERTSIGN S.A. and / or its suppliers.

CERTSIGN S.A. has patents, patented applications, trademarks, copyrights and related rights or other intellectual property rights covering these topics in any web pages that are part of this service. Except for the data expressly provided in this document, certSIGN does not grant you a license for these patents, applications, trademarks, copyrights and related rights or other intellectual property rights. Any rights not expressly granted herein are reserved.

You only have the right to download the certME application and use it for electronic identification under the conditions set out in this document, as well as in the practices and procedures related to the certME service.

XI. RESPONSIBILITY. LIMITATIONS. GUARANTEES

certSIGN is not responsible for:

1. damage caused by force majeure and/or the fortuitous event. It is understood by case of force majeure that unpredictable and insurmountable event produced after the conclusion of the contract such as: fire, earthquake, any other natural calamity, epidemics, as well as war. The relatively unpredictable and relatively invincible circumstance, not having an extraordinary character, such as: strikes, legal restrictions, other such events, define the fortuitous case;
2. damages caused by improper use of certME EIM ("inappropriate" represents the use in inconsistency with the stated purpose), the inclusion of erroneous data in the certME EIM, if the User has confirmed that these data are correct;
3. Any act accomplished using certME EIM;
4. the functionality of the Internet network, the equipment the User uses and the content of the information that is transmitted through it;
5. No damage, damage or financial loss arising from the use or inability to use the application and certME EIM;
6. The User's use of false personal documents or misrepresentations. The User shall be solely responsible for the damages suffered by certSIGN and third parties due to inaccuracy and/or forgery of the information and documents communicated.

Under no circumstances can certSIGN be liable to pay damages for indirect damages, unrealized benefit or profit, loss of business, customers or data.

To the extent permitted by law and without prejudice to any provision to the contrary contained in this document, certSIGN's liability for any losses incurred or incurred by you shall not exceed the equivalent of EUR 200.

certSIGN does not guarantee that certME EIM are suitable for any kind of operation or will be validated on any operating systems.

The certME application and any accompanying software, files, data and materials are distributed and offered as they are and without warranties of any kind, whether express or implied, including, without limitation, any warranties of merchantability or consistency for a particular purpose. CERTSIGN S.A. does not guarantee or make representations regarding its use or the result of its use. CERTSIGN S.A. does not guarantee that the certME application will be uninterrupted or error-free.

XII. DURATION. TERMINATION OF THE GENERAL TERMS AND CONDITIONS

These General Terms and Conditions shall cease to apply in the following situations: upon expiry or revocation of electronic identification means.

certME EIM is valid from the date of creation, for the entire period of validity of the identity document.

Clauses which by their nature continue to take effect even after the termination of these General Terms and Conditions shall survive their termination.

XIII. FINAL PROVISIONS

1. Costs for the use of certME EIM

The User is not charged any fee by certSIGN for creating certME EIM, downloading the certME application to your device and using it for identification. You are responsible for the costs of the devices used by you, the internet connection, the trip to the Identity Validator, the costs for the services/products you want to log in to or that you want to purchase, etc.

2. Confidentiality

The parties are obliged to maintain the confidentiality of all information of which they become aware or to which they have access in the conclusion and performance of these Terms and Conditions, regardless of their form.

certSIGN processes the user's personal data in accordance with the "Notice regarding the processing of personal data" available at www.certme.ro/en/app-gdpr-notice.

3. Recommended security precautions

1. The certME mobile app only works on mobile devices equipped with secure elements or enclaves for storing keys and passwords.
2. For ease of use and increased security, the certME mobile app works only on mobile devices equipped with secure biometric authentication means.
3. The certME mobile app only works on mobile devices that have the screen lock feature active through PIN, pattern, password or biometric authentication. For the protection of Users, disabling the screen lock function leads to the deletion of all data associated with the certME EIM and the impossibility of using it until the identity verification is re-performed at the Identity Validator.
4. The certME mobile app does not work on rooted or jailbroken mobile devices. For the protection of users, the application of a process of rooting or jailbreak on the device leads to the deletion of all data associated with certME EIM and the impossibility of its use.
5. Don't allow others to record biometrics on your device, not even your family members. As long as you are the only person who can biometrically log in to your device, no one else can use your certME EIM to identify you online or to access your data.
6. Do not authorize requests for identification or authentication if you have not initiated the transaction yourself. If you see a random identification/authentication request on the screen, ignore it. If it happens again, please contact our customer service and we will help you identify what needs to be done next.
7. Do not download unauthorized / illegal software applications or access links that promise you free access to goods or functions that normally cost you. Google Play and App Store are the recommended locations to make software updates and install new apps.
8. Keep your software up to date. Regular updates to your operating system and apps ensure that you have the best protection against security risks. The most effective way to make sure that the software is always up to date is to enable automatic updates.
9. Purchase mobile terminals only from authorized sellers or trusted persons who can prove that they are their rightful owners. Stolen devices are susceptible to hacking, are insecure, and can cause problems in the performance of installed applications.
10. The only way to make sure no one else is adding apps or doing unwanted operations on your device is to not share your device with others.
11. If you want to alienate your mobile device, you must delete the application before alienation.

4. Applicable law. Jurisdiction

Romanian law is applicable. Any disputes will be settled by the competent courts in Bucharest, Romania.

5. Complaints and support

Any complaints, grievances, suggestions or requests for support in the installation, use of the service, of the application can be addressed, respectively obtained by emailing hello@certme.ro or at the address Bdul. Tudor Vladimirescu, no. 29A, AFI Tech Park 1 building, floor 2, Bucharest, district 5.