General terms and conditions for the use of the certME application and the certME electronic identification means

These General Terms and Conditions (T&C) govern how the electronic identification means are provided and used through the certME application and related services.

Please read these General Terms and Conditions carefully before registering or using the certME application and keep them for yourself for future reference.

By installing, registering, using and / or accessing the certME application, you confirm that you comply with these General Terms and Conditions.

If you do not agree to these General Terms and Conditions, please refrain from or stop installing, using, or accessing the certME application and related services.

Please note that the use of certain functionalities offered by the certME application may continue to be subject to additional conditions.

Please see this document for any questions.

These General Terms and Conditions are available in Romanian and English. All language versions have the same legal value.

The application and the related services are offered by CERTSIGN S.A., https://www.certsign.ro having its registered office in Bucharest, sector 4, Șos. Olteniței, no. 107A, Building C1, Floor 1, room 16, registered at the Trade Register Office attached to the Bucharest Tribunal under no. J40 / 484/2006, CUI 18288250, telephone number (+40) 311 011 870 (hereinafter referred to as “certSIGN”).

This document can be modified, updated at any time by CERTSIGN S.A., you have the obligation to access https://certme.ro/termeni-conditii where you will find the latest version of these General Terms and Conditions.

I. DEFINITIONS

Electronic identification means (IE) – means a material and/or immaterial unit containing person identification data and which is used for authentication for an online service;

Identity Validator – certME partner entity authorized to prove the identity, to verify the identification data and the identity of the user of the electronic identification means, to request the issuance, suspension, reactivation or revocation of the electronic identification means and to validate the data registered by the Service Providers.

Service provider – certME client entity, in relation to which you want to use the means of identification, authorized to request certME to confirm the validity of the data provided by the user of the electronic means of identification.

User – you, the natural person whose identity has been verified by an Identity Validator and who has received an electronic identification means.

II. DESCRIPTION OF THE APP AND ITS UNCTIONALITIES

The certME application is a mobile application for Android and iOS mobile devices that offers a series of services and functionalities, which allows you to securely share data, identify yourself, authenticate, in order to authorize transactions or sign documents with Service Providers.

III. AVAILABILITY OF THE APPLICATION

certME is only available to users of mobile devices such as smartphones or tablets over the age of 18.

The availability of the various services and features offered by the application may vary, among other things (not limited to), depending on the type of: device used to access its operating system, your country of residence, the options chosen by the service providers you you want to share them, your telecom operator, or the SIM card you use.

The application can be used only on websites or mobile applications that accept the use of the certME application, the list of Service Providers can be consulted here www.certme.ro.

certME does not guarantee the acceptance of this mobile application by any service provider, moreover, certME does not guarantee uninterrupted or error-free operation.

IV. APPLICATION FUNCTIONALITIES

The functionalities of the application allow you to register, connect, identify yourself, share your identification data, in order to approve transactions through the websites and / or mobile applications offered by the Service Providers.

V. REGISTRATION IN THE certME PLATFORM TO OBTAIN THE certME ELECTRONIC IDENTIFICATION MEANS

Obtaining a certME electronic identification means can be done through certME partners, called Identity Validators. The list of certME Identity Validators can be found at www.certme.ro.

By contacting an Identity Validator when accessing an application on a particular website or purchasing a service or product, you can choose to obtain a certME electronic means of identification free of charge.

This can be done by downloading the certME application on your mobile device, after you have read these Terms and Conditions and read the personal data processing notice of both certSIGN and the Identity Validator.

1. Downloading the application

The app is available for download from both Google Play and the Apple AppStore and can run on smartphones and tablets.

2. Enrollment in the certME platform

The user will present himself to the operator of the Identity Validator with the documents attesting his identity, accepted at national level (identity card, passport, etc.). Verification of identity shall be carried out face-to-face or by equivalent means of identification in accordance with applicable law. The Identity Validator operator records personal data and the user confirms it from the certME application downloaded on his device.

3. Issuance of the certME electronic identification means

The certME application installed at the user generates PKI keys that are part of the electronic identification means of the user based on the biometric authentication of the User on his device. All these operations are performed encrypted in the electronic wallet of the device in the user’s possession.

The certME application, installed at the user, generates a unique encrypted code based on the identification data, which does not contain the user’s personal data and cannot be used to deduce them, and transmits this code for storage on the Blockchain, together with the Identity Validator data.

4. Updating the user’s personal data

In order to properly use the certME means of identification, the User must contact the Identity Validator or certSIGN (if the Identity Validator suspends or terminates the performance of identity verification and validation services) to update his personal data, as soon as the underlying information on which the electronic means of identification were created are no longer true.

VI. AUTHENTICATING TO SERVICE / PRODUCT PROVIDERS

The user connects to the application or website of a Service Provider enrolled in the certME platform.

The Service Provider requests confirmation of the User’s identity. The User receives within the certME application on his own device, a request from the Service Provider to confirm the access to a subset of personal data of the User. If the User agrees and validates the access to the requested data, from the certME application, the Service Provider receives the confirmation of the identity from the Validator and completes the User’s authorization.

The confirmation request and the confirmation are made only by hashes, without transmitting or storing any personal data on the certME platform in this process.

VII. ACCESS AND USE OF THE APPLICATION

Access and use of the certME service is only allowed to individuals over the age of 18.

Use of the electronic means of identification will be temporarily blocked if biometric authentication on your device fails three (3) consecutive times. After the 3 failed authentication attempts, the timeout doubles for each failed authentication attempt.

certSIGN reserves the right to suspend or revoke the electronic means of identification and subsequently to deny access to it at any time, in case of technical problems, suspicion of incorrect or fraudulent use or for any other objective security reason.

You understand and agree that in using the application you must comply at all times with these General Terms and Conditions, security recommendations, all applicable laws, rules and regulations.

The application is for the personal use of the User and may not be used by any other person, even with the consent of the User.

You can only create a certME account in your name and you can only use it to register, access, confirm transactions to accounts to which you have a legal right of access (own account or another person’s account for which you have a mandate).

As soon as you become aware of the loss, theft, unauthorized use or risk of unauthorized use or destruction or damage to your device or certME electronic identification means, you must ask the Identity Validator and / or certSIGN to suspend or revoke the electronic identification means.

In the event of fraud or suspected fraud in connection with the certME mobile application, you must request certSIGN or your Identity Validator to suspend or revoke the electronic means of identification.

The suspension, reactivation or revocation of a suspended certME means of identification can only be done in person at certSIGN or your Identity Validator, under the same conditions and following the same procedure by which the initial identity verification was performed in order to issue the means of identification.

The certME electronic identification means is automatically revoked, and in order to issue a new means of identification, the user must go through a new identity verification process, in any of the following situations:

  • The certME application is uninstalled from the mobile device or the database is deleted via the device functions (eg., clear data);
  • The screen lock function is disabled;
  • Biometric authentication is disabled;
  • A rooting or jailbreak process is applied to the device.

For your safety, the certME mobile application does not allow local or cloud backup of the database.

VIII. YOUR OBLIGATIONS (THE USER'S)

You must provide correct and valid documents, as well as correct data when enrolling in the certME platform being solely responsible for their validity and correctness.

It is your responsibility to own and use the hardware and software resources required to use the Services, taking full responsibility for their functionality and compatibility and for their proper configuration.

The device you are using must be in your possession, do not allow anyone else to access it, and protect it from unauthorized access.

Biometric authentication on your device must not be accessible to others. Do not enroll other people’s biometric features in your mobile device.

You are solely responsible for the documents or transactions approved or for the services accessed following the identification using the certME electronic identification means, which are exclusively under your control and at your discretion.

You will comply with the provisions of these General Conditions and of the Code of Practices and Procedures available at www.certme.ro/repository.

IX. OBLIGATIONS OF certSIGN

certSIGN will issue electronic identification means after the validation of the data in the application by the User.

certSIGN will comply with the provisions of these General Conditions and the Code of Practices and Procedures.

certSIGN will ensure the security of the computer systems used to provide electronic identification services, using the practices unanimously recognized in the field and recommended by international standards.

certSIGN will suspend or revoke the electronic identification means in case of suspicions of unauthorized use, incorrect data or at the request of the User. It shall immediately inform the User of the suspension or revocation of the electronic means of identification, together with the reasons for its decision.

certSIGN undertakes to notify the User via the certME mobile application about the modification of this document.

X. COPYRIGHT. INTELLECTUAL PROPERTY RIGHTS

certSIGN reserves all rights that are not expressly guaranteed to you in this document. The software is protected by copyright and related and other intellectual property laws and treaties. CERTSIGN S.A. or its suppliers own the title, copyright and related rights and other intellectual property rights in the Software. The software is licensed, not sold. This document does not grant you any rights in the trademarks or service marks of CERTSIGN S.A.

All content of any services or products related to CERTSIGN S.A. are Copyright © 2019-2020 CERTSIGN S.A. and / or its suppliers.

CERTSIGN S.A. may have patents, patented applications, trademarks, copyrights and related or other intellectual property rights that cover these topics in any web pages that are part of this service. Except as expressly provided in this document, certSIGN does not grant you a license for these patents, applications, trademarks, copyrights and related or other intellectual property rights. Any rights not expressly granted herein are reserved.

You only have the right to download the certME application and use it for electronic identification under the conditions shown in this document, as well as in the CertME Code of Practice and Procedures.

XI. LIABILITY. LIMITATIONS. GUARANTEES

certSIGN is not responsible for:

(a) damage caused by force majeure and / or fortuitous case. Force majeure means that unpredictable and unavoidable event that occurs after the completion of the contract such as: fire, earthquake, any other natural disaster, epidemics, and war. The relatively unpredictable and relatively invincible circumstance, not having an extraordinary character, such as: strikes, legal restrictions, other such events, define the fortuitous case;

(b) damage caused by improper use of certME electronic identification means (“improper” means use inconsistent with the stated purpose), inclusion of erroneous data in certME electronic identification means, if the User has confirmed that these data are correct;

(c) Any act performed using the certME electronic identification means;

(d) The functionality of the Internet network, the equipment used by the User and the content of the information that is transmitted through it;

(e) No damage, damage or financial loss resulting from the use or inability to use the certME application and electronic identification means;

(f) Use by the User of false personal documents or false statements. The user will be solely responsible for damages suffered by certSIGN and third parties due to inaccuracy and / or falsification of the information and documents provided.

In no case can certSIGN be liable for damages for indirect damages, unrealized profit or profit loss, loss of business, customers or data.

To the extent permitted by law and without prejudice to any provision to the contrary contained in this document, certSIGN’s liability for any loss suffered or incurred by you shall not exceed the equivalent of EUR 200.

certSIGN does not guarantee that certME electronic identification means are suitable for any kind of operation or will be validated on any operating systems.

The certME application and any software, files, data and accompanying materials are distributed and offered as is and without warranties of any kind, whether express or implied, including, but not limited to, any warranties of merchantability or fitness for a particular purpose. CERTSIGN S.A. does not guarantee or make representations regarding its use or the result of its use. CERTSIGN S.A. does not guarantee that the certME application will be uninterrupted or error-free.

XII. DURATION. TERMINATION OF THE GENERAL TERMS AND CONDITIONS

These General Conditions shall cease to apply in the following situations: upon expiration or revocation of the electronic means of identification.

The means of electronic identification is valid from the date of creation, for the entire period of validity of the identity document.

Clauses which by their nature continue to take effect even after the termination of these General Terms and Conditions, will survive their termination.

XIII. FINAL PROVISIONS

1. Costs for the use of certME electronic identification means

No fee is charged by the Identity Validator or certSIGN for creating certME electronic means of identification, downloading the certME application to your device and using it for identification. You are responsible for the costs of the devices you use, the internet connection, the trip to the Identity Validator, the costs for the services / products that you want to authenticate to or that you want to purchase, etc.

2. Confidentiality

The parties are obliged to maintain the confidentiality of all information that they become aware of or have access to in the conclusion and conduct of these Terms and Conditions, regardless of their form.

3. Recommended security precautions

  1. The certME mobile application only works on mobile devices equipped with secure elements or enclaves for storing keys and passwords.
  2. For ease of use and increased security, the certME mobile application only works on mobile devices equipped with secure biometric authentication.
  3. The certME mobile application only works on mobile devices that have the screen lock function enabled via PIN, pattern, password or biometric authentication. For the protection of users, deactivating the screen lock function leads to the deletion of all data associated with the certME means of identification and the impossibility of using it until the identity verification of one of the certME partners is performed again.
  4. The certME mobile application does not work on rooted or jailbroken mobile devices. For the protection of users, applying a rooting or jailbreaking process on the device leads to the deletion of all data associated with the certME identification means and the impossibility of using it.
  5. Do not allow other people to record their biometric features on your device, not even family members. As long as you are the only person who can authenticate biometrically on your device, no one else can use your certME identification means to identify you in the online environment or access your data.
  6. Do not authorize identification or authentication requests if you have not initiated the transaction yourself. If you see a random identification / authentication request on the screen, ignore it. If this happens again, contact our customer service and we will help you identify what needs to be done next.
  7. Do not download unauthorized / illegal software and do not access links that promise free access to goods or features that normally cost money. Google Play and the AppStore are recommended locations for making software updates and installing new applications.
  8. Keep your software up to date. Regular updates to your operating system and applications ensure that you have the best protection against security risks. The most effective way to ensure that your software is always up to date is to enable automatic updates.
  9. Purchase mobile devices only from authorized sellers or trusted persons who can prove that they are the rightful owners. Stolen devices are susceptible to hacking, are unsafe, and can cause problems with the performance of installed applications.
  10. The only way to ensure that no one else adds applications or unwanted operations to your device is to prevent others from accessing your device.

4. Applicable law. Jurisdiction

Romanian law is applicable. Any disputes will be settled by the competent courts in Bucharest, Romania.

5. Complaints and support

Any complaints, grievances, suggestions or requests for support in the installation, use of the service, of the application can be addressed, respectively obtained by emailing hello@certme.ro.