SwissID General Terms and Conditions for Private Customers
Version from 05.03.2018
These SwissID General Terms and Conditions for Private Customers (hereafter: SwissID GTC) govern the contractual relationship between the customers (hereafter: Customer) and SwissSign Group Ltd. or SwissSign Ltd. (hereafter: SwissSign) concerning the use of the service for digital identity and authentication “SwissID” (hereafter: SwissID).
The applications and services of SwissSign or of other online service providers which can be accessed after successful authentication using SwissID are not part of SwissID. The regulation of the use of such applications and services shall be a matter exclusively for the respective online service provider.
2. Description of service
With the SwissID service, SwissSign provides individuals with a digital identity (SwissID) for authentication on the internet in dealings with online service providers which are authorised by SwissSign. The digital identity consists of various components used for authentication as well as additional information of the Customer. As part of the use of SwissID with online service providers, the Customer may transfer to the online service the data which belong to his/her identity.
The SwissID service provides the following functions:
- “Login” – simple login
Standard login with user support for simple access to online services.
- “Approval” – personal data transfer
Approved transfer of data which have been confirmed by the user or by third parties.
- “Verification” – two-factor verification
Strong authentication of users via a second factor, e.g. via app, SMS code or biometrics.
- “Identification” – checked identity
Transfer of checked identity data as an online ID. Identification variants such as face-to-face or video identification with passport or identity card are carried out.
- “Signature” – electronic signature
Electronic signature of contracts and other documents – any time and from any location. The quality of remote signatures can be selected and, for instance, also supports qualified signatures according to the Swiss Electronic Signature Act ZertES.
The functions and the degree of implementation are described in detail on the website www.swissid.ch.
The digital identity is given one of the identification levels specified for SwissID. Reaching an identification level requires verifications of certain details provided by the Customer. The Customer can manage the SwissID service in his/her user account.
The SwissID service is free of charge for the Customer unless a charge is otherwise specified below.
For the online service, the online service provider selects the required identification level for authentication according to its requirements and determines the scope of the required data (attributes).
Only with the consent of the Customer shall the online service provider transfer additional attributes to a named third party for specifically mentioned services.
3. User account
Registration for a user account is via the website www.swissid.ch. SwissSign is free to reject registration applications without giving reasons.
3.2 Customer information
During registration and other acts of use, the customer is obliged to provide complete and true information, to keep all information up to date and to correct any errors immediately. By registering, the Customer confirms he/she has the power to act or acts with the consent of the legal representative.
3.3 Third-party data
If the Customer processes third-party data, he/she shall bear exclusive responsibility vis-à-vis the affected persons.
3.4 User self-management
After registering, the Customer can log into his/her user account via the website www.swissid.ch and manage his/her information, options and choices.
After a successful login via SwissID the Customer remains logged in until he/she logs out or is logged out by the system after an extensive period of inactivity. When starting or at certain moments the Customer may be asked to enter the password again.
The Customer is responsible for ensuring that he/she uses the login only on devices used exclusively by him/her or persons authorised by him/her. After several failed attempts to log in, the user account will be automatically blocked. An unlocking process is available for the Customer to unblock the account.
4. Selective data transfer for authentication
The service also supports the Customer when registering and updating his/her data with the respective online service provider. For this purpose, the Customer authorises SwissSign to transfer selected contact and identification data to the individual online service providers selected by the Customer.
According to the requirements of the online service provider and with the consent of the Customer, further data may be transferred to the online service provider (e.g. form of address, first name(s), surname, SwissID number, domicile address, telephone number, e-mail address, verification status).
SwissSign transfers data solely after successful authentication of the Customer to SwissID and after explicit approval of the data which are to be transferred to the online service provider.
5. Obligations of the Customer
5.1 Authentication features
The Customer is responsible for carefully storing the authentication features (e.g. user name, password, e-mail with link, SIM card, mobile telephone, hardware token, SMS one-time password, etc.). The Customer has to ensure that no third party has access to his/her user account. If the Customer grants third parties access to his/her account, the third parties’ actions shall be considered as the Customer’s own.
5.2 Reporting obligation
If the Customer or user has reason to assume that an unauthorised third party knows the authentication features or has unauthorised access to the user account or an online service accessible via SwissID, they are obliged to report this immediately to the customer service of SwissSign. They must also change the password immediately. The Customer shall also inform the customer service of SwissSign as soon as possible in the event of any failures and malfunctions of the system. The Customer shall bear the costs for rectifying the malfunction if the malfunction is due to defects or errors in the equipment used by the Customer.
5.3 Own systems
The Customer is responsible for ensuring the availability of internet access and the required hardware and software components with the corresponding configurations, and shall bear the costs arising from this. The Customer shall take the required measures to prevent unauthorised interference in external systems and the spread of viruses. He/she shall ensure in particular that systems and equipment in his/her possession which are used for the login and the online services accessible via SwissID are protected against unauthorised access and manipulations. SwissSign may take measures to prevent abuse. This includes temporary blocking of the user account and of SwissID access to other online services.
5.4 Compliance with legal order
The Customer is obliged to comply with Swiss and foreign legal regulations when using the user account and the online services accessible via SwissID. Impermissible are, in particular, contents and activities which violate applicable law (e.g. criminal law, personal rights, intellectual property rights), are defamatory or offensive, violate the privacy of third parties, represent unsolicited bulk and/or advertising mail or, in any way, violate the SwissID GTC or the interests of SwissSign.
6. Blocking access
SwissSign is authorised to block the Customer’s access to the user account or the use of SwissID without notice and without cost implications if the Customer violates these SwissID GTC, if there is suspicion of abuse or if the security of the system is no longer guaranteed.
SwissSign shall endeavour to ensure as high as possible and uninterrupted availability of the SwissID service.
It provides no guarantee of an uninterrupted service, of providing the service at a specific time, or regarding the completeness, authenticity and integrity of the stored data or the data transferred via its system or the internet. SwissSign assumes no responsibility for the availability of systems of online service providers.
SwissSign shall minimise the time required for interruptions to rectify malfunctions, perform maintenance, introduce new technologies, etc. and, wherever possible, shall carry these out during off-peak hours.
8. Use of third parties
SwissSign may engage third parties to provide its services and, if necessary for the performance of the services, may pass on the Customer’s data to these third parties.
9.1 Liability of SwissSign
Any liability of SwissSign to the Customer or third parties for non-performance or performance not in accordance with the contract shall be excluded unless this occurred deliberately or as a result of gross negligence. SwissSign shall not be liable either for the correctness of the provided data, for consequential loss or damage or for lost profit. SwissSign shall not be liable for any loss or damage arising from any failures of the login or service offers. Finally, SwissSign shall not be liable for the proper functioning of third-party systems, in particular the internet, or for the software and hardware used by the Customer.
9.2 Liability of the Customer
The Customer shall be liable to SwissSign for loss or damage which is in any way attributable to the non-performance or inadequate performance of his/her contractual obligations unless he/she demonstrates that he/she is not at fault. The Customer undertakes to indemnify SwissSign in respect of all third-party claims resulting from the non-contractual or illegal use or misuse of the login, the functions and the online services. The indemnification includes the obligation to fully indemnify SwissSign in respect of legal defence costs (e.g. court and legal costs).
10. Data protection and data security
When collecting and processing personal data, SwissSign shall observe the provisions of Swiss data protection law.
SwissSign shall take appropriate measures to protect the Customer’s data and shall treat these data as confidential.
SwissSign shall collect, process and store personal data only if these data are required for providing the services, for the security of operations and infrastructure, for invoicing and for handling and maintaining the relationship with the Customer, and in particular for guaranteeing high service quality.
Technical analytical tools are used to provide the Customer with the best-possible service. SwissSign may compare such data in anonymised form with information of third parties and/or develop statistics and notify third parties of these statistics.
SwissSign is authorised to pass on contents and information to third parties and/or to delete these if this is necessary based on legal provisions or official orders.
In addition, the data privacy statement on the website www.swissid.ch/en/data-protection provides information about data processing when using the aforementioned website.
11. Entry into force, term and termination
The contract shall be concluded with the registration according to section 2 and shall be for an indefinite period. It can be terminated by the Customer at any time and by SwissSign subject to giving notice of 1 month to the end of any month. The Customer shall send the termination by e-mail to the customer service or in writing to the following address: SwissSign Group Ltd., Customer Service, Sägereistrasse 25, P.O. Box, 8152 Glattbrugg. At the same time, dissolution of the contract shall lead to loss of the right to use the user account and functions used by the Customer on the basis of the registration for the login. Offers with fixed validity periods or billing cycles which cannot be dissolved until after their expiry, and termination without notice for cause, shall remain reserved.
12. Amendment of GTC
SwissSign reserves the right to amend the SwissID GTC at any time. Before it comes into effect, the relevant new version shall be published in good time on the SwissSign website (GTC) and the user shall be informed in an appropriate way. The GTC shall be deemed to have been approved if the Customer logs in and continues to use the online services. An objection shall be construed as termination of the contract and shall result automatically in its dissolution according to section 11.
The exclusive place of jurisdiction shall be Zurich. The mandatory statutory places of jurisdiction shall apply for disputes arising from consumer agreements. Consumer agreements are contracts related to services which are intended for the personal or family needs of the Customer. If the Customer has a foreign domicile or place of business, Berne shall be deemed to be the place of enforcement and to have exclusive jurisdiction for all proceedings.
14. Applicable law
In other respects, Swiss law shall apply to the contractual relationship.
© SwissSign Group Ltd., March 2018