SwissID General Terms and Conditions for Private Customers
These General Terms and Conditions SwissID for private customers (hereinafter: "GTC SwissID") exclusively govern the contractual relationship between the customers (hereinafter: "SwissID Holder") and SwissSign Ltd. (hereinafter: "SwissSign") concerning use of the "SwissID" service for digital identity and authentication (hereinafter: "SwissID").
Use of applications and services of online service providers that can be accessed upon successful authentication using SwissID is solely a matter of the relationship between the respective online service provider and the SwissID Holder and does not fall within the scope of these GTC SwissID.
2. Description of services
With SwissID, SwissSign provides natural persons (SwissID Holders) with a service for digital identity (incl. registration) and online authentication. A SwissID is personal and non-transferable. It can only be used with online service providers that have been authorised by SwissSign. The SwissID Holder can release attributes (e.g. first name, surname, delivery address) relating, inter alia, to his/her identity to the online service provider or the online services. The security level of the SwissID is determined through the registration/identification process and the corresponding authentication level of the SwissID Holder. Each SwissID can be used for online services meeting the security level for which it was issued, or a lower security level.
The functions of SwissID are described in detail on the website www.swissid.ch.
2.1 Conclusion of the contract
The contract between SwissSign and the SwissID Holder concerning use of the SwissID is concluded by the SwissID Holder creating an online SwissID user account and completing the registration process.
2.2 User account
Registration for a SwissID user account is completed via the website www.swissid.ch. To do so, the SwissID Holder needs access to his/her email account and, as applicable, mobile telephone in order to be able to use two-factor authentication.
The SwissID Holder shall be obligated, during registration and for other use activities, to provide complete and truthful information, to keep all of the information in his/her user accounts up-to-date and to correct any errors immediately. With his/her registration, the SwissID Holder confirms that he/she has legal capacity to act or is acting with the consent of his/her legal representative.
After confirming his/her email address, the SwissID Holder is registered and the user account is set up. After completing registration, the SwissID Holder can log into his/her user account via the website www.swissid.ch and manage his/her information, links to online services and data approved for release.
2.3 Data transfer to online service providers
The SwissID service enables the SwissID Holder to authenticate himself/herself with online services and to transfer his/her attributes to online services. Only upon successful authentication and with the express consent of the SwissID Holder are the attributes approved for release (e.g. first name, surname) transferred to the online service provider. In his/her user account, the SwissID Holder has the option at any time to adjust the transfer of data to the respective online service provider.
3. Rights and obligations of the SwissID Holder
3.1 Identity data – Security levels
The SwissID is issued at various security levels (“self-declared” or “verified”). When a SwissID account is opened, as a rule it is set at the “self-declared” security level. The SwissID Holder is responsible for the accuracy of the data he/she provides. At the higher “verified” security levels, SwissSign guarantees the correct entry in the systems of SwissSign of the data verified by SwissSign or third parties. In the event of changes to his/her information, the SwissID Holder shall be obligated to inform SwissSign and, if necessary, have the identity data re-verified (e.g. in the case of name changes).
3.2 Means of authentication
To prevent third parties from accessing the SwissID Holder’s user account, the SwissID Holder shall be responsible for the careful and secure storage of his/her means of authentication (e.g. user name, password, code, mobile telephone, etc.). In particular, these may not be provided to third parties. If a SwissID Holder nonetheless allows third parties to access his/her account, he/she shall be responsible for their actions as if they were his/her own.
After successful authentication with the SwissID, the SwissID Holder will remain logged in to the online service until he/she logs out again manually or is automatically logged out by the online service after a longer period of inactivity.
3.3 Own systems
The SwissID Holder shall be solely responsible for internet access and the necessary hardware and software components (incl. configuration). He/she must ensure that his/her systems are adequately protected against malicious software (viruses, malware, etc.) and third party access.
The SwissID Holder must ensure that the equipment and devices that are used for the login and the online services accessible via the SwissID are protected from unauthorised access and manipulation.
After successfully opening a SwissID account, the SwissID Holder may, in principle, use the SwissID service free of charge. The SwissID Holder may incur costs for the data connection (i.e. contractual costs of mobile providers, connection costs and access to the internet, as well as all additional costs invoiced for loading the data).
In the case of the “verified” security level, the SwissID Holder may incur costs in connection with the verification of his/her identity. Costs may also be incurred in connection with the use of means of authentication (e.g. mobile telephone), hardware and software, or internet access. These costs shall not be borne by SwissSign.
3.5 Reporting obligation
If the SwissID Holder has reason to believe that a third party knows the authentication features or has access to the user account or to online services accessible via the SwissID, he/she shall be obligated to immediately report this to the SwissID support contact. In addition, he/she must immediately change the password.
3.6 Compliance with applicable law
The SwissID Holder shall be obligated to comply with applicable law when using his/her user account and the online services accessible via the SwissID. In particular, content and activities that violate applicable law (e.g. criminal law, law on personal rights, intellectual property law), are of a defamatory or objectionable character, infringe the privacy of third parties, constitute unsolicited bulk and/or advertising mailings, or in any way violate the GTC SwissID or are contrary to the interests of SwissSign shall be prohibited.
The SwissID Holder shall be responsible for his/her activities including, in particular, for the messages uploaded, saved in the system, made available for retrieval and/or transferred or disseminated by him/her or by third parties for whom he/she is responsible.
The SwissID Holder may not use the services associated with the SwissID for unlawful purposes and/or in an abusive manner.
4. Rights and obligations of SwissSign
SwissSign shall protect its infrastructure and the data of the SwissID Holders through appropriate measures and shall treat the data entrusted to it as strictly confidential.
The infrastructure (e.g. architecture, network, systems) and processes relevant to SwissID shall be checked regularly both internally and externally; any deficiencies shall be rectified in a timely manner. The infrastructure shall be housed exclusively in data centres located within Switzerland.
SwissSign strives to ensure the uninterrupted availability of the SwissID service. However, SwissSign does not provide any guarantee for the uninterrupted availability of its services and does not assume any responsibility for the availability or error-free functioning of the systems of online services accessible via the SwissID.
SwissSign will keep all interruptions necessary to rectify disruptions, implement maintenance windows or introduce new technologies, etc. as short as possible, and will carry them out during off-peak hours whenever possible.
4.3 Quality and security of the data
At the “verified” security level, SwissSign guarantees the correct entry in its systems of the data verified by SwissSign or third parties. Using appropriate data security measures, SwissSign shall ensure the confidentiality, availability and integrity of the data in order to guarantee the necessary data protection.
4.4 Blocking of access
SwissSign shall have the right, without notice and without incurring any costs, to block the SwissID Holder’s access to the user account or the use of the SwissID if the SwissID Holder violates these GTC SwissID, there is suspicion of misuse, or if the security of the system is or could be compromised. In order to lift the block, the SwissID Holder may contact the SwissSign support contact and must identify himself/herself. SwissSign may take additional measures to prevent misuse.
4.5 Use of third parties
The SwissID Holder expressly agrees that SwissSign may engage third parties for providing its services and that in the process data of the SwissID Holder may be disclosed to the extent necessary to provide and improve the services. The third party may process data of the SwissID Holder solely on behalf and in accordance with the instructions of SwissSign.
SwissSign shall be responsible to the SwissID Holder for ensuring the data are processed in compliance with applicable data protection law.
4.6 Adjustments to the services and the GTC SwissID
SwissSign may adjust or make changes to its services and the GTC SwissID at any time. Any changes shall be communicated to the SwissID Holder in an appropriate manner, e.g. by a notice displayed upon log-in using the SwissID. If the SwissID Holder does not agree with a significant change that is to his/her detriment, he/she may cancel his/her contract with SwissSign in writing with immediate effect and cease using SwissID. Otherwise, he/she shall be deemed to have tacitly accepted such change.
In the event of grossly negligent or intentional breaches of contract, SwissSign shall be liable for the proven damages, unless it can prove that it was not at fault. Liability for damages resulting from simple negligence, as well as for indirect damages, consequential damages, unrealised savings, lost profits or data losses shall be excluded to the extent legally permitted. In particular, SwissSign shall not be liable for any damages arising in connection with software and/or hardware used by the SwissID Holder or an online service. Liability for auxiliaries and substitutes of SwissSign, as well as for the conduct of third parties (e.g. online services for which the SwissID Holder can use his/her SwissID) shall also be expressly excluded to the extent legally permitted.
6. Data protection and data security
SwissSign shall protect the data provided by the SwissID Holder through appropriate technical and organisation measures and shall handle them with due care and in accordance with Swiss data protection law.
SwissSign collects, processes and stores personal data only to the extent necessary to provide the services, for the security of operations and infrastructure, for invoicing and to manage and maintain customer relationships, namely to ensure a high quality of service and the improved provision of the services. In particular, personal data may be transmitted to this end to selected third parties on a case-by-case basis with the express consent of the SwissID Holder. Personal data are stored exclusively in data centres located in Switzerland and erased, at the latest, upon the expiry of the statutory retention period.
In order to provide the SwissID Holder with the best possible service, technical analysis tools are used. For this purpose, SwissSign may compare such data in anonymised form with information from third parties or generate statistics and share these statistics with third parties. Any resulting raw data will not be used to generate personal profiles of SwissID Holders.
The exchange of data of SwissID Holders between the system of SwissID and that of the online service only occurs with the express consent of the SwissID Holder.
7. Intellectual property
For the duration of the contract, the SwissID Holder shall be granted the non-transferrable, non-exclusive right to the use the services and products of SwissSign. SwissSign shall be the exclusive owner of all intellectual property rights in relation to the SwissID; use by the SwissID Holder shall not confer upon him/her any rights in the intellectual property of SwissID: All rights to existing intellectual property, or intellectual property created during the performance of the contract, in relation to the services and products of SwissSign shall remain vested with SwissSign or the applicable third party rights holder. All texts, graphics, symbols, photographs, plans, logos, videos, sounds and trademarks are protected by copyright and may not be used, whether in whole or in part, as the subject-matter of a presentation, reproduction, exploitation or transfer on any medium without the express prior consent of SwissSign.
If the SwissID Holder infringes intellectual property rights of SwissSign or third parties and if claims are brought against SwissSign in this regard, the SwissID Holder shall indemnify and hold SwissSign harmless.
8. Entry into force, term and termination
The contract between the SwissID Holder and SwissSign shall enter into force upon the successful completion of registration of the SwissID account. It shall be concluded for an indefinite term. It may be terminated by the SwissID Holder at any time or it may be suspended or cancelled by SwissSign if the SwissID Holder has not used his/her SwissID for more than a year. The SwissID Holder shall effect its termination directly in his/her SwissID user account.
Termination of the contract shall result in the simultaneous cessation of the right to use the user account and the functions used by the SwissID Holder on the basis of the registration for the log-in. The foregoing shall be without prejudice to offers with fixed terms or billing cycles, which can only be cancelled upon their expiry, as well as termination with immediate effect for good cause. The SwissID Holder authorises SwissSign, in the event that online services no longer have a contractual relationship with SwissSign, to demand the erasure of his/her personal data from the corresponding online services.
In the event that any contractual provisions between the parties should be or become invalid, this shall not affect the validity of the remaining contractual provisions. The invalid provision concerned shall be replaced by a provision that most closely reflects the economic purpose of the invalid provision concerned. The same shall apply in the case of a gap.
10. Applicable law
Swiss law shall apply exclusively. The provisions of the UN Convention on Contracts for the International Sale of Goods of 11 April 1980 (Vienna Convention, "CISG") shall not apply.
Subject to any legally mandated places of jurisdiction, the exclusive place of jurisdiction shall be Zurich.
For SwissID Holders with a foreign domicile or registered office, Zurich shall be deemed the place of debt enforcement and exclusive place of jurisdiction for all proceedings.
Glattbrugg, August 2019