MitID Terms of Service
This document (“MitID Terms of Service”) governs the Customer’s use of MitID and is an addendum to Criipto’s general Terms of Service.
Criipto offers MitID authentication as a broker on behalf of Nets DanID A/S (“Nets”), the operator of MitID.
Any regulation, including definitions, service levels and data protection policy, from Criito’s Terms of Service apply to these MitID Terms of Service as well, unless specifically stated otherwise.
To use the MitID services, the Customer will need to register as a MitID service provider by signing up for the MitID Service. This registration is done at Criiptos website.
During the registration process the Customer must provide:
- the name of the Customer’s company,
- the Customer’s CVR-number/VAT-number/SE-number and
- a statement saying whether the Customer’s company is a public or private entity.
There are two ways of identifying the Customer:
- The Customer identifies itself by performing a NemID or MitID company login.
- Criipto performs the KYC (know your customer) process of the Customer.
The fees for these two ways of identifying the company are specified below.
The Customer’s obligations
Nets has specified conditions in the agreement between Criipto and Nets (“Nets-Criipto-Agreement”), which Criipto must ensure is reflected in its terms with the Customers (these MitID Terms of Service). These obligations are as follows:
- MitID characteristics – It is important to Nets that the MitID Solution layout is consistent for all its users. The Customer must therefore ensure that it always follows Nets’ guidelines for the design of the MitID, e.g. regarding name, logo, domain name. The Customer must ensure that it always stays informed of any changes to these guidelines.
- Data Protection Policy – If the Customer obtains personal data, this information must be handled in accordance with Criipto’s Data Protection Policy (please see Terms of Service). The Customer must inform the End User and Criipto in case of a personal data breach.
- Limited period – An authentication of an End User in the MitID solution can be used for a total duration of 5 hours (300 minutes), after which the End Customer must authenticate itself again. The Customer can therefore not re-use an a uthentication of an End User, if the above-mentioned period has lapsed, but must instead authenticate the End User again. Any authentication that has not been made within the above-mentioned period cannot be made, mentioned or otherwise reproduced as a MitID authentication. Neither Nets or Criipto can in these cases be held responsible for security or other matters related to such authentication. This means, among other things, that information about possible blocking, suspending an End User’s MitID or additional information about the MitID identity is no longer available to the Customer.
- MitID and Nets – The Customer must ensure that it acts in a way that does not
- significantly affect (or can significantly affect) the End User’s perception of the MitID solution in a negative way,
- violate the integrity of the MitID solution or
- pose a security risk.
- Fees for the MitID Solution – The Customer can I no way charge its End Users for the authentication used in connection with the MitID Solution.
If the Customer does not essentially fulfil these obligations – based on Nets’ and/or Criipto’s assessment – Criipto can block the Customer’s access to the MitID solution, until the Customer essentially fulfils the obligations.
Furthermore, Nets can – in extraordinary cases – block the Customer’s access to the MitID solution, if Nets finds there are significant security reasons for this.
The fees described in these MitID Terms of Service are in addition to Criiptos general fee. Criipto will invoice the Customer 1:1 the fees charged by Nets for the use of MitID solution.
Each year, an expected fee per authentication request (“AAP”) is announced and used in the invoicing from Nets. The AAP is calculated based on the expected usage of MitID for the next year.
After a year, the AAP is adjusted based on the actual usage of MitID with retroactive effect, and the AAP for the next year is announced.
If the identification of a company is not done using a MitID or NemID company login, the Customer agrees to pay Criipto a onetime fee of 500 EURO for the KYC process.
Criipto acts as a broker in the relationship between the Customer and Nets, and Criipto therefore has no control over the MitID solution.
As a result hereof, Criipto shall not be liable for any liability (whether in contract, tort, misrepresentation, restitution, under statute or otherwise) arising out of or in connection with any party’s (be it the Customer, the End Users or others) use of the MitID Solution, unless the injured party can prove it to be circumstances within Criipto’s control.
In the event an injured party raises a claim, this must be raised against Criipto, who will subsequently have a recourse claim against Nets.
Changes to MitID Terms of Service
These MitID Terms of Service can be changed without notice to the Customers, e.g. if Criipto changes its general Terms of Services, or the Nets-Criipto-Agreement is changed.
If the agreement between Criipto and the Customer is terminated, the Customer must cease any use of the MitID immediately.