Terms and Conditions (A.) and Data Protection Policy (B.) of WebID Solutions GmbH

A. Terms and Conditions

1. General and Scope

1.1 WebID Solutions GmbH (hereinafter called "WebID") provides users with services for identification, documentation and age verification (hereinafter collectively "identification services") in accordance with these Terms and Conditions (hereinafter called "T&Cs").

1.2 These T&Cs apply to the identification services provided by WebID to the users of WebID services.

1.3 The T&Cs apply exclusively. Any conflicting or differing terms and conditions of the user will only become part of the contract insofar as they are identical in content with these T&Cs or explicitly approved by WebID in writing. This also applies if WebID provides services without reservation whilst being aware of the user’s conflicting or differing terms.

2. Identification Services

2.1 WebID’s identification services include

- the determination, verification and confirmation of identity, a documented statement or age of the user for partners (as defined below) on behalf of the partner and the user (2.2),

- the transmission to the partner of the data and information obtained as part of the identification process, including – where requested by the partner – the pictures taken as part of the identification process and any other documents (2.2 f) and

- the storage of a user profile for the purpose of future identification or age verification, as well as any necessary data handling with the user’s consent (2.3)

always in accordance with these T&Cs, as well as the separate Data Protection Policy and Consent.

2.2 Identity or age verification and confirmation

a. The identity or age verification and confirmation presupposes the requirement of a contractual partner of WebID (hereinafter called “partner”) who wishes to verify the identity or age of the user or requires said verification on account of legal regulations (e.g. Money Laundering Act, Digital Signature Act, Youth Media Protection Act, German e-mail law), in order to enter into a business relationship with the user or to provide certain services to the user.

b. The identification, documentation or age verification of the user through WebID forms part of the overall process of a personal interview via videoconference between the user and a WebID agent which is recorded as an audio file for compliance with record-keeping legislation.

c. During the overall identification process WebID collects the user’s personal data and information as appropriate and in accordance with the respective laws and as required for the purpose of identification and age verification of the user and also conducts a cross-check of personal data and information transmitted by the respective partner.

d. The nature and scope of the collection and processing of personal data and information by WebID depends on the intended or existing contractual relationship between the user and the partner, as well as the legal requirements that stipulate a proof of age or identity. Besides the verification of the name, place of birth, date of birth, nationality and address of the user, other data may be checked which is required either for entering into or executing a contractual relationship between the user and the partner or required by law. Depending on the respective legal requirements regulating the identity and age verification, a check of additional data stated in a valid, official identity document (e.g. passport) may also be required. For this verification, additional data stated on the official identity document will be requested and a visual inspection of the official identity document will be carried out by WebID. In this context it may also be necessary to take photographs, both of the official identity document and of the user. In this case, a photograph of the user, as well as of the front and back of the official identity document, will be taken in the form of screenshots. The use of WebID services requires prior consent to the separate Data Protection Policy on the part of the user. The Data Protection Policy also explicitly stipulates the user’s right to revoke consent to the data collection in part or as a whole during the videoconference or at any time thereafter. In the case of total or partial revocation of consent, it is however possible that the user may not be able to use or fully use the WebID service.

e. WebID will only provide the partner with confirmation of the user’s identity and age if the personal data and information transmitted by the partner or collected by WebID is suitable to confirm the identity or age of the user and if all other information required by law or as set out by the individual partner has been provided in full, i.e. copies and documents that are necessary to verify the identity or age.

f. The user will be informed about the identity or age verification. WebID sends out e-mails accordingly. Moreover, during videoconferencing and other stages of the verification process, WebID sends a transaction number (TAN), centrally and uniquely generated especially for this particular purpose, via e-mail or SMS to the e-mail address or phone number specified by the user. This TAN allows the user to successfully complete the process as required by the partner. The user must enter this TAN directly as part of the online process and send it back to WebID electronically. In addition, WebID will notify the partner, upon whose request the identity or age verification of the user was conducted, of the successful completion of the identification process and, upon request, transmit the personal data and information used to successfully verify identity or age of the user and all photographs and other records and documents provided by the user as part of the identification process.

g. WebID’s contractual obligation consists of the identity verification process, as well as verifying and confirming the identity or age of the user for a current partner or future partners.

2.3 User profile storage

a. Following successful completion of the identity or age verification process and with the express prior consent of the user, WebID will create a user profile based on the information collected and personal data provided and save this profile for the purpose of enabling the user to carry out future identity or age checks with other partners. This service is also entirely subject to the user’s express prior consent.

b. Along with the creation of the user profile, WebID will generate and forward a unique transaction number or stored personal data to the user for definite user allocation. The user may use this transaction number or user allocation for future WebID identity or age checks with future partners, unless additional information is required in individual cases for the purpose of proof of identity or age by this particular partner.

c. The user has the right to request the immediate deletion of their WebID user profile without any notice. WebID may also block or delete the user profile without any notice if the user violates the law regulating identity or age verification or the provisions set out in these T&Cs, particularly with regard to the user’s legal obligation to cooperate. In such cases and subject to statutory or contractual retention periods, WebID will delete or destroy the user profile in question, the personal data and information stored, as well as any photographs and documents obtained, and immediately block the user’s transaction number. It is not possible to restore the user profile once it has been deleted.

2.4 WebID will also provide confirmation of successful identification to other existing or future partners, provided the user has consented to this as stated in section 2.1 and the partner has requested the identification or age verification in accordance with section 2.2 a. In this case the provisions in sections 2.2 d. to g. apply accordingly. Should existing information for identification not be sufficient, the required additional information will be requested.

3. Access and Availability

3.1 WebID can only provide identification services if the user has videoconferencing software compatible with the WebID system, a webcam (video and audio) and access to the internet.

3.2 A further requirement for carrying out identification services is prior registration or login to the WebID service on the part of the user according to the procedure described in section 4.

3.3 WebID is entitled to suspend, change or modify the WebID service in any way at any time. This especially holds true in situations where legal or regulatory requirements for provision or in connection with the identification service change.

3.4 WebID strives to provide the WebID identification service without disruptions. However, no liability can be assumed for the continuous availability of WebID services. WebID may temporarily restrict the availability of the service whenever necessary with regard to capacity limits, the security or integrity of the servers, or for technical maintenance or repair work, provided it safeguards proper or improved provision of services (maintenance). In such cases WebID will take into account the legitimate interests of users, for example through advance information. WebID’s liability for self-inflicted causes as stipulated in section 10 remains unaffected.

4. Registration / Login

4.1 Each users may only register once.

4.2 In order to register, the user will fill in the electronic data entry form provided by WebID or its partners correctly and in full and send it to WebID by clicking the appropriate button. By clicking on a corresponding button, the user consents to the use of WebID services and will receive the opportunity to review the data and correct any errors within the form. Should the user or WebID not continue the identification process immediately after registration, WebID is entitled to contact the user via the e-mail address provided during registration, in order to inform the user of any necessary further steps in the identification process.

4.3 Registration is only possible if the user explicitly consents to the T&Cs and the separate Data Protection Policy prior to sending the information.

5. Contract Conclusion

5.1 By sending the registration form, the user makes a binding offer to conclude a contract with WebID for processing, storing and disclosing their data, providing identification services and providing partners with confirmation of their identity in accordance with these T&Cs and the separate Data Protection Policy. WebID will confirm receipt of the user registration without delay via electronic confirmation by e-mail to the e-mail address provided during registration. This confirmation does not constitute an acceptance of the user’s offer to use the identification services. A legal agreement is only entered into once WebID has submitted a separate declaration of acceptance in a separate e-mail (registration confirmation) or through the actual provision of data processing and identification services. WebID will accept the offer no later than three (3) days after registration has been completed. However, WebID reserves the right to reject registrations without giving a reason.

5.2 WebID does not store or permanently hold contractual agreement texts for the user’s retrieval.

6. Participation and Other User Obligations

6.1 The user is obliged to participate appropriately in the provision of identification services.

6.2 In particular, the user will provide WebID with all personal data, information, records and documents required for identification or age verification, both truthfully and in full.

6.3 Videoconferencing software is required for part of the WebID identification service process. Depending on the equipment employed by the user, it may be necessary for the user to download and install the appropriate software on the device being used. The option of using WebID’s identification services also depends on the technical performance of the user’s device. It is the user’s responsibility to ensure the performance and compatibility of the chosen device.

6.4 The user is obliged to keep secret the data (e.g. case number and TAN) and identification number provided by WebID at all times and to protect the data against use by unauthorised third parties, particularly minors. Disclosing the data and identification number or transferring the user profile to third parties is strictly prohibited. The user will inform WebID immediately in case of a suspected case of unauthorised use of their data, identification number or data required for user allocation. The user shall exempt WebID from all third party claims that may arise from unauthorised use of their access data or identification number, unless it is proven that they themselves are not responsible for the unauthorised use by third parties.

6.5 The user will solely use the identification number and the entirety of the data entered during registration for the purpose of verifying their identity or age to partners.

6.6 Once a user profile has been created for a user, the user shall notify WebID through a re-identification process of all changes to their personal data, depending on necessity with respect to the nature or extent of the changes.

6.7 Should the user violate the obligations under these T&Cs, WebID is entitled to abort the affected identification process or delete the user profile without further notice and to block the user’s identification number.

7. Revocation Policy

Revocation Policy

 

Right of Revocation

You may revoke your contract within 14 days in writing (e.g. letter, fax, e-mail) without giving reasons. The revocation period begins upon receipt of this notification in writing, but not before conclusion of the contract or prior to fulfilment of our obligations under Article 246 § 2 in connection with § 1 paragraph 1 and 2 EGBGB and our obligations according to § 312g paragraph 1 sentence 1 BGB in conjunction with Article 246 § 3 EGBGB. The timely dispatch of the revocation is sufficient for the observation of the revocation period. The revocation must be sent to:

WebID Solutions GmbH, Friedrichstrasse 88, 10117 Berlin

Revocation Consequences

In the case of an effective revocation, the mutually exchanged services and any benefits (e.g. interest) are to be returned. In case you are unable to return the received service and usage (e.g. use and enjoyment) to us in full or in good condition, you shall be liable to provide us with compensation. This may lead to the obligation to fulfil any contractual payment obligations for the period leading up to the revocation. Obligations to reimburse payments must be fulfilled within 30 days. The period for you begins with the dispatch of the revocation, and the period for WebID begins with receipt of the revocation.

Special Note

Your revocation right expires prematurely if the contract has been completely fulfilled by both sides upon your explicit request before you have exercised your right of revocation.

End of Revocation Policy

8. Remuneration

8.1 WebID provides identification services free of charge to the user.

8.2 Any connection or transmission charges incurred during the use of WebID services and levied by the relevant internet provider must be borne by the user.

9. Data Protection

WebID collects, processes and uses the user’s personal data for the sole purpose of providing identification services. WebID will not make any additional use of user data, unless the user has given express consent. For details please refer to the separate Data Protection Policy provided on WebID’s website which can be accessed and retrieved at any time.

10. Liability

10.1 WebID is liable for compensation in accordance with the statutory provisions for personal injury and for damages under the Product Liability Act.

10.2 WebID is liable for any other damages in accordance with the following provisions, unless otherwise stated in a warranty assumed by WebID.

10.3 Under the statutory provisions, WebID is liable for damages caused by fraudulent behaviour and damages caused by intent or gross negligence on the part of WebID, as well as legal representatives or senior staff of WebID.

10.4 4 WebID is liable for compensation limited to the amount of foreseeable damage typical for this contract

- for damages resulting from a negligent breach of fundamental contractual obligations or obligations which need to be fulfilled in order to even make the proper execution of the contract possible and on whose observance the user may regularly rely upon (cardinal obligations),

- as well as for damages which were caused deliberately or through gross negligence of WebID’s vicarious agents.

10.5 Any further liability on the part of WebID for damages caused by carelessness is excluded.

10.6 Notwithstanding the preceding provisions, the amount of any claim for damages will be reduced through negligence of the user - in particular through inadequate provision of cooperation services, organisational errors, inadequate data backup or a breach of other contractual obligations.

10.7 The customer is obligated to immediately report any damage as defined in the above liability regulations to WebID in writing or inform WebID on record, in order that WebID may be informed as early as possible and potentially be able to limit the damage in cooperation with the customer.

10.8 WebID is only liable for the replacement of data if the customer has met all necessary and appropriate data security measures and ensured that the data from data material which is kept ready in machine-readable format can be recovered with reasonable effort.

11. Other Items

11.1 These T&Cs and all contracts entered into between the user and WebID referring to these T&Cs are subject to the law of the Federal Republic of Germany, excluding the conflict of laws and the United Nations Convention of 11th April 1980 on Contracts for the International Exchange of Goods.

11.2 Changes and additions to these T&Cs must be made in writing. This also applies to amendments or the cancellation of the written form requirement.

11.3 In case any provisions of these T&Cs are partly or fully invalid or unenforceable or contain any gaps, the remaining provisions shall remain unaffected. The parties are obligated to replace the invalid or unenforceable provision by a valid and enforceable provision that reflects the economic purpose of the invalid or unenforceable provision as closely as possible.

Legal notice: These Terms and Conditions have been translated. In case of legal dispute, the German original Terms and Conditions apply.

Date: January 2014

B. Data Protection Policy

The following data protection notice serves the purpose of informing you about the collection, processing and use of personal data (hereinafter referred to as "data") in connection with the services provided by WebID, the scope of your consent in the handling of your data by WebID Solutions GmbH ("WebID") according to section 1.2 of this Data Protection Policy, and the option to revoke your consent towards WebID which is also described in section 1.2.

The collection and handling of personal data is carried out in compliance with the prevailing data protection legislation, in particular the provisions of the German Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

1. General

1.1 Identity or age verification and confirmation

The collection, processing and use of your data by WebID in connection with the verification and confirmation of your identity, a documented statement or your age is carried out on behalf of a partner company of WebID ("partner") who has instructed that this verification take place.

The collection, processing and use of your data is carried out solely for the purpose of verifying your identity, documented statement or age and in order to inform the respective partner of the result.

For this purpose we collect, process and use the data which you provide us with as part of your use of the WebID services, as well as any data made available to us by the respective partner for the purpose of comparison.

The scope of the collection, processing and use of this data is in accordance with the requirements for the intended or already existing contractual relationship between you and the partner, as well as the legal requirements which in individual cases require proof of identity or age. The personal data usually required is as follows:

  • Surname, first name
  • Place of birth
  • Date of birth
  • Nationality
  • Full address
  • Mobile phone number
  • E-mail address
  • Username of the video conferencing programme used
  • Photo / Screenshot of the person and the front and reverse of the identity document
  • Identification data (such as date and place of issue, issuing authority etc.)
  • Video and voice recording of the video call

Depending on the legal basis for proof of identity or age, an official and valid ID document (e.g. passport or identity card) is also required. In this context additional particulars stated on the respective official identity document are also collected, processed and used. In addition, it may be necessary to take a photograph of the official ID document you have chosen for the identification process.

Once as we have determined and verified your identity, we will transmit the collected data to the partner. In case you have instructed one of our or the partner’s distribution partners to forward the verification of your identity, the distribution partner will only receive a confirmation message informing them of the result of the verification process. The partner will use and store the data provided to fulfil obligations set out by the anti-money laundering legislation governing identifications.

We will delete your data immediately upon completion of the transmission subject to the legal requirements for data storage or other legal stipulations.

WebID will not carry out any further collection, processing or use of your data unless you have specifically expressed your consent to use the data for any of the purposes described below (e.g. creating your user profile).

1.2 Creating and storing your user profile and handling of data by WebID

Creating and storing your user profile is subject to the following declaration of consent. Once you have expressed consent to the agreement below within the framework of your registration, WebID will become responsible for processing and using the data associated with your user profile.

As part of establishing your user profile, WebID will use the information collected in connection with the identity or age verification and confirmation (see 1.1), as well as the unique identification number associated with your user profile. WebID will solely use your user profile for the purpose of providing future proof of identity or age to our partners.

Provided below for review is the declaration of consent given by you in relation with the creation and storage of your user profile, the use of the data necessary for processing and application purposes, as well as reference to the option for revocation of consent. The text of the declaration of consent and the declaration of revocation is as follows:

"I consent to WebID Solutions GmbH, Friedrichstraße 88, 10117 Berlin ("WebID") processing and using my personal data collected during the identity and/or age verification to generate a WebID user profile. The creation of a WebID user profile and the associated processing and use of the connected data is solely carried out for the purpose of carrying out future identification and age checks for the partners of WebID.

Previously given consent can be revoked verbally during the videoconference, i.e. before the identity or age check has been completed, or at any time afterwards by sending an e-mail to datenschutz@webid-solutions.de. WebID will send you an e-mail to confirm your withdrawal of consent."

2. Passing Your Data to Third Parties

Your data will only be passed on to the respective partner who requested the identity or age verification and confirmation. Should we subcontract the identity or age verification or the creation and storage of a user profile to a third party, this will be done via a data processing agreement according to the legal regulations set out in § 11 BDSG.

3. Protocol Data

When accessing our website your internet browser will automatically transmit information to us for technical reasons (e.g. browser type, date and time of the call). We are not able to assign this data to any specific natural person.

All the data collected is evaluated for statistical purposes only. Such data is not being passed on to third parties. This data is not linked with other data collected. The data is regularly deleted following statistical analysis.

4. Cookies

In some instances so-called "cookies" are generated on your computer. These are small text files that are deposited on your computer. Most of the cookies generated by us are deleted from your hard drive after the browser session (so-called session cookies). Other cookies remain on your computer and allow us to recognise your computer when you next visit (so-called persistent cookies). Storing cookies can be disabled in your browser settings. However, it should be noted that the use of our service and in particular the user comfort will be limited without such cookies.

5. Encryption

During recording or transmission of your data, we use the current state of the art SSL encryption (SSL = Secure Sockets Layer). The SSL encryption ensures the secure and confidential exchange of communication and data. This security feature is active if a symbol of either an unbroken key or a closed lock (depending on your browser) is shown at the bottom of your browser window.

6. Revocation of Consent

In case you wholly or partly revoke the consent previously given to us for the collection, processing and use of your data according to section 1.2, we will immediately delete your data in accordance with your express wishes or block it for further use, subject to statutory data storage periods.

7. Information

According to BDSG legislation you have the right to request information about your personal data stored by us free of charge, as well as the right to have this data corrected, blocked or deleted where necessary.

8. Contact Details for Privacy Policy Issues

For questions regarding the collection, processing or use of your data, any additional information, correction, blocking or deletion of your data, as well as revocation of consent previously granted, please contact datenschutz@webid-solutions.de.

Please note that this privacy policy has been translated from German. In case of legal dispute, the German original will prevail.

WebID Solutions GmbH Friedrichstraße 88, 10117 Berlin, T. +49 30 408173 216, F. +49 30 408173 450, info@webid-solutions.de