Ver.iD Services Agreement
Last updated: 4 April 2023
This Ver.iD Services Agreement (“Agreement”) is a legal agreement between Subst.id B.V. (“Ver.iD”, “us”, or “we”) and the entity or person (“you”, “your”, or “client”) who registered on the Ver.iD Account page to receive certain verification, data, technology and analytics services, and other business services that may be offered by Ver.iD and its affiliates (each, a “Service”). This Agreement describes the terms and conditions that apply to your use of the Services.
If you do not understand any of the terms of this Agreement, please contact us before using the Services.
You may not access or use any of our Services unless you agree to abide by all of the terms and conditions in this Agreement.
The Services cannot be relied upon by any other person and/or entity than you and you are not allowed to suggest otherwise.
Section A: General Terms
1. Overview of this Agreement
This Agreement provides a general description of the Services that Ver.iD may provide to you, including those that allow you to accept personal or company data from purchasers of your services or donors to your organization (“Customers”). We provide you with a more detailed description of the Services through published software libraries, online documentation and Application Programming Interfaces (APIs) specifications or web-based widgets, web-based applications and plugins that may be used to access the Services . Before using the Services, you must register with Ver.iD and create an account (a “Ver.iD Account”).
Section A describes the process of registering for and using your Ver.iD Account.
Section B describes your use of the Ver.iD Platform, a Credential Service Provider (see definition below).
Section C describes your use of Ver.iD Flows, a Credential Service (see definition below).
Section D describes proper handling, management, and use of data generated during your use of the Services, including your Customers’ data.
Finally, Section E describes your liability to Ver.iD for all losses connected with your Ver.iD Account, and other legal terms that apply to you.
2. Your Ver.iD Account
a. Registration and Permitted Activities: Only businesses (including sole proprietors), bona fide charitable organizations, and other entities or persons located in Netherlands are eligible to apply for a Ver.iD Account to use the Services described in this Agreement. Ver.iD and its affiliates may provide Services to you or your affiliates in other countries or regions under separate agreements.
To register for a Ver.iD Account, you or the person or people submitting the application (your “Representative”) must provide us with your business or trade name, physical address, email, phone number, business identification number, URL, the nature of your business or activities, and certain other information about you that we may require (such as data security and privacy policies). We may also collect personal information of your Ver.iD Account administrator. Until you have submitted, and we have reviewed and approved, all required information, your Ver.iD Account will be available to you on a preliminary basis only, and we may terminate it at any time and for any reason.
b. Representation: You and your Representative individually affirm to Ver.iD that your Representative is authorised to provide the information described in this Section on your behalf and to bind you to this Agreement. We may require you or your Representative to provide additional information or documentation demonstrating your Representative’s authority. Without the express written consent of Ver.iD, neither you nor your Representative may register or attempt to register for a Ver.iD Account on behalf of a Client previously terminated from use of the Services.
If you are a sole proprietor, you and your Representative also affirm that your Representative is personally responsible and liable for your use of the Services and your obligations to Customers, including payment of any amounts owed under this Agreement. You may not use the Services if you are under 18 years of age.
c. Validation and Underwriting: At any time during the term of this Agreement and your use of the Services, we may require additional information from you to validate information you provided, verify you or your Representative’s identity, and assess the risk associated with your use of data the data you collect on your Customers. Your failure to provide this information or material may result in suspension or termination of your Ver.iD Account.
You authorise us to retrieve information about you from our service providers and other third parties and you authorise and direct such third parties to compile and provide such information to us. You acknowledge that this may include your name, addresses, and other data about you or your Representative. You acknowledge that we may use your information to verify any other information you provide to us, and that any information we collect may affect our assessment of your overall risk to our business. You acknowledge that in some cases, such information may lead to suspension or termination of your Ver.iD Account. Ver.iD may periodically update this information as part of our underwriting criteria and risk analysis procedures.
d. Changes to Your Business, keeping your Ver.iD Account Current: You agree to keep the information in your Ver.iD Account current. You must promptly update your Ver.iD Account with any changes affecting you, the nature of your business activities, your Representatives, or any other pertinent information. We may suspend your Ver.iD Account or terminate this Agreement if you fail to keep this information current.
e. Relying Party status: You agree to directly or indirectly register and to implement measures expected from a Relying Party, as defined and instructed in regulation that is applicable to your use of wallets. You notify us of this through your Ver.iD Account.
You also agree to promptly notify us in writing immediately and in any event no more than three days after any of the following occur: you are the subject of any voluntary or involuntary bankruptcy or insolvency application, petition or proceeding, receivership, or similar action (any of the foregoing, a “Bankruptcy Proceeding”); there is an adverse change in your organizational condition; there is a planned or anticipated liquidation or substantial change in the basic nature of your business, or there is any change in the control or ownership of your business or parent entity; there is a change in the regulatory status of your business or your business has been notified that it is the subject of an investigation or enforcement action by a regulator or law enforcement.
3. Your Relationship with your Customers
You may only use the Services for legitimate verifications (being verification and related processes such as archiving and reporting) of your Customers. Legitimate includes applying general data protection regulation for the use of personal and/or company data, in particular with regard to sensitive data such as a personal identification number.
You know your Customers better than we do, and you are responsible for your relationship with them. Ver.iD is not responsible for the products or services you publicize or sell, or that your Customers purchase using the Services.
Ver.iD provides Services to you but we have no way of knowing if any particular verification is accurate or complete, or typical for your business. You are responsible for knowing whether a verification initiated by you or your Customer is erroneous or suspicious. If you are unsure if a verification is erroneous or suspicious, you agree to research and, if necessary, contact your Customer before fulfilling or completing the verification. You are solely responsible for any losses you incur due to erroneous or fraudulent verifications in connection with your use of the Services.
4. Fees and Fines
Ver.iD will provide the Services to you at the rates and for the fees (“Fees”) described on the pricing page on our website and incorporated into this Agreement. The Fees include charges for, but is not limited to, identity verification, processing fees, storage and reporting fees, infrastructural fees and fees for other events in connection with your Ver.iD Account. We may revise the Fees at any time. However, we will provide you with at least 30 days’ advance notice before revisions become applicable to you (or a longer period of notice if this is required by applicable Law).
In addition to the Fees, you are also responsible for any penalties or fines imposed in relation to your Ver.iD Account resulting from your use of our Services in a manner not permitted by this Agreement or applicable regulations.
You request a complete blending of Fees for Wallets, by a Wallet Provider (definition see below), processing for all verification services charges by all Wallet Providers (that can be used through our Services) irrespective of the underlying differences in issuing fees. If you do not understand the Fee Schedule or you have a question about Fees, or wish to receive unblended rates for payment card processing, please contact us.
You are also obligated to pay all taxes, fees and other charges imposed by any governmental authority, including any value added tax, goods and services tax, sales tax and applicable indirect and transactional taxes (“Taxes”) on the Services provided under this Agreement.
5. Services and Ver.iD Account Support
We will provide you with support to resolve general issues relating to your Ver.iD Account and your use of the Services. This support includes resources and documentation that we make available to you through the current versions of Ver.iD’s support pages on our website (collectively, “Documentation”). The most efficient way to get answers to your questions is to review our Documentation. If you still have questions after reviewing the Documentation, please contact us.
You are solely responsible for providing support to your Customers related to your products and services and business activities. We are not responsible for providing support for the Services to your Customers unless we agree to do so in a separate agreement with you or one of your Customers.
6. Taxes and Other Expenses
Our fees are exclusive of any applicable Taxes, except as expressly stated to the contrary. Pursuant to applicable Law, we may send documents to you and tax authorities for verifications processed using the Services. We may be required to file periodic informational return with taxing authorities in relation to your use of the Services.
7. Service Requirements, Limitations and Restrictions
a. Compliance with Applicable Laws: You must use the Services in a lawful manner, and must obey all laws, rules, and regulations (“Laws”) applicable to your use of the Services. As applicable, this may include compliance with domestic and international Laws related to the use or provision of data services, notification and consumer protection, unfair competition, privacy, and false advertising, and any other Laws relevant to verifications and related archiving and reporting. This includes principles and standards out of the framework for Digital Identity Wallets in the EU and other requirements of the EU eIDAS (electronic IDentification, Authentication and trust Services) regulation.
b. Restricted Businesses and Activities: You may not use the Services to enable any person (including you) to benefit from any activities that can be identified as a restricted business or activity (collectively, “Restricted Businesses”). Restricted Businesses include use of the Services in or for the benefit of a country, organization, entity, or person embargoed or blocked by any government, including those on sanctions lists identified by international organization or countries.
c. Other Restricted Activities: You may not use the Services to facilitate illegal transactions or to permit others to use the Services for personal, family or household purposes. In addition, you may not allow, and may not allow others to: (i) access or attempt to access non-public Ver.iD systems, programs, data, or services; (ii) copy, reproduce, republish, upload, post, transmit, resell, or distribute in any way, any data, content, or any part of the Services, Documentation, or our website except as expressly permitted by applicable Laws; (iii) act as service bureau or pass-through agent for the Services with no added value to Customers; (iv) transfer any rights granted to you under this Agreement; (v) work around any of the technical limitations of the Services or enable functionality that is disabled or prohibited; (vi) reverse engineer or attempt to reverse engineer the Services except as expressly permitted by Laws; (vii) perform or attempt to perform any actions that would interfere with the normal operation of the Services or affect use of the Services by our other Clients; or (ix) impose an unreasonable or disproportionately large load on the Service.
8. Suspicion of Unauthorised or Illegal Use
We may refuse, condition, or suspend any operation that we believe: (i) may violate this Agreement or other agreements you may have with Ver.iD; (ii) are unauthorised, fraudulent or illegal; or (iii) expose you, Ver.iD, or others to risks unacceptable to Ver.iD. If we suspect or know that you are using or have used the Services for unauthorised, fraudulent, or illegal purposes, we may share any information related to such activity with the appropriate financial institution, regulatory authority, or law enforcement agency consistent with our legal obligations. This information may include information about you, your Ver.iD Account, your Customers, and Transactions made through your use of the Services.
9. Disclosures and Notices; Electronic Signature Consent
a. Consent to Electronic Disclosures and Notices: By registering for a Ver.iD Account, you agree that such registration constitutes your electronic signature, and you consent to electronic provision of all disclosures and notices from Ver.iD (“Notices”), including those required by Law. You also agree that your electronic consent will have the same legal effect as a physical signature.
b. Methods of Delivery: You agree that Ver.iD can provide Notices regarding the Services to you through our website or through the Dashboard (as defined below), or by mailing Notices to the email or physical addresses identified in your Ver.iD Account. Notices may include notifications about your Ver.iD Account, changes to the Services, or other information we are required to provide to you. You also agree that electronic delivery of a Notice has the same legal effect as if we provided you with a physical copy. We will consider a Notice to have been received by you within 24 hours of the time a Notice is either posted to our website or emailed to you.
c. SMS and Text Messages: You authorise us to provide Notices to you via text message to allow us to verify your or your Representative’s control over your Ver.iD Account (such as through two-step verification), and to provide you with other critical information about your Ver.iD Account. In the event of a suspected or actual fraud or security threat to your Ver.iD Account, we will use SMS, email or another secure procedure to contact you. Standard text or data charges may apply to such Notices. Where offered, you may disable text message notifications in the Dashboard. However, by disabling text messaging, you may be disabling important Security Controls (as defined below) on your Ver.iD Account and may increase the risk of loss to your business.
d. Requirements for Delivery: It should come as no surprise to you that you will need a computer or mobile device, Internet connectivity, and an updated browser to access your Dashboard and review the Notices provided to you. If you are having problems viewing or accessing any Notices, please contact us and we can find another means of delivery.
e. Withdrawing Consent: Due to the nature of the Services, you will not be able to begin using the Services without agreeing to electronic delivery of Notices. However, you may choose to withdraw your consent to receive Notices electronically by terminating your Ver.iD Account.
a. Term and Termination: This Agreement is effective upon the date you first access or use the Services and continues until terminated by you or Ver.iD. You may terminate this Agreement by closing your Ver.iD Account at any time by opening the account information tab in your account settings, selecting “close my account” and ceasing to use the Service. If you use the Services again or register for another Ver.iD Account, you are consenting to this Agreement. We may terminate this Agreement or close your Ver.iD Account at any time for any reason (including, without limitation, for any activity) by providing you advance Notice (the period of notice as required by applicable Law). We may suspend your Ver.iD Account and your ability to access funds in your Ver.iD Account, or terminate this Agreement, if (i) we determine in our sole discretion that you are ineligible for the Services because of significant fraud or any other risks associated with your Ver.iD Account; (ii) you use the Services in a prohibited manner or otherwise do not comply with any of the provisions of this Agreement; (iii) any Law, Wallet Provider requires us to do so; or (iv) we are otherwise entitled to do so under this Agreement. An Wallet Provider may also terminate your ability to use the Wallet in your verification or processing efforts, at any time and for any reason, in which case you will no longer be able to accept the Wallet under this Agreement.
b. Effects of Termination: Termination does not immediately relieve you of obligations incurred by you under this Agreement. Upon termination, you agree to (i) complete all pending verifications, (ii) stop accepting new verifications, and (iii) immediately remove all Ver.iD and wallet Providers logos from your website (unless permitted under a separate licence with the Wallet Provider). Your continued or renewed use of the Services after all operations have been processed serves to renew your consent to the terms of this Agreement. If you terminate this Agreement, we will pay out any remaining funds owed to you with exception of the subscription fee for the current month which is considered due for the whole month after the start of the month.
In addition, upon termination you understand and agree that (i) all licences granted to you by Ver.iD under this Agreement will end; (ii) we reserve the right (but have no obligation) to delete all of your information and account data stored on our servers; (iii) we will not be liable to you for compensation, reimbursement, or damages related to your use of the Services, or any termination or suspension of the Services or deletion of your information or account data; and (iv) you are still liable to us for any Fees or fines, or other financial obligation incurred by you or through your use of the Services prior to termination.
Section B: The Ver.iD Platform
1. Overview and Definitions
The Ver.iD Platform is a Credential Service Provider that consist of four components: a Dashboard, a collection APIs including Documentation, a collection of Widgets or Applications and Plugins.
The following terms used in this Agreement relate to your use of the Ver.iD Platform:
- A “Credential” is a set of one or more Attributes created by an Issuer. A Verifiable Credential is a tamper-evident Credential whose Issuer authorship is cryptographically tied to the Attributes in the Credential. Verifiable Credentials can be used to build Verifiable Presentations, which can be cryptographically verified by a Verifier proving the authenticity and integrity of the Attributes in a Credential with respect to an Issuer.
- ”Attributes”, are assertions made by an Issuer about a Holder, e.g., the first-name or the social security number.
- An ”Issuer” is a role that can create Attributes with assertions about one or more Holders, creating a Verifiable Credential from these Attributes and transmits these to a Holder.
- A ”Holder” is a role that possesses one or more Verifiable Credentials in a Wallet that has the capability to create Verifiable Presentations for Verifiers.
- A “Wallet” is software that a Holder possesses on a mobile phone in a web-browser that holds a collection of Verifiable Credentials on behalf of a Holder. Wallets are provided by Wallet Providers.
- A “Wallet Provider” is a party that created a Wallet and maintains an ecosystem of Issuers and Verifiers. Wallet Providers maintain a registry of Issuers and provide the required cryptographic material to initiate a Verification.
- A “Verification” is a cryptographic operation on a Verifiable Presentation or Verifiable Credential, proving the authenticity and integrity of the Attributes in the Credential with respect to an Issuer. The operation does not imply the truth of Attributes in a Verifiable Presentation, merely that the Attributes are authentic.
- A “Verifier”, or “Relying Party”, is a role that receives a Verifiable Presentation from a Holder or through a Credential Service Provider and optionally can start a Verification to proof the correctness of a Verifiable Presentation.
- “Credential Services” are Services that you may use to create, collect, verify and store Verifiable Credentials or Verifiable Presentations from your Customer, and optionally include archiving, compliance or reporting services if and when applicable.
- A “Credential Service Provider”, is the party that facilitates Credential Services.
a. API (Application Programming Interface)
The Ver.iD platform includes an API that may be used to access the Services. You may use the API solely as described in the Documentation to use the Services on your websites and through your own applications identified in your Ver.iD Account. You may not use the API for any purpose, function, or feature not described in the Documentation or otherwise communicated to you by us. Due to the nature of the Services, we will update the API and Documentation from time to time, and may add or remove functionality. We will provide you Notice in the event of material changes, deprecations, or removal of functionality from the API so that you may continue using the Services with minimal interruption. We will make API keys for live and test verifications available to you through the Dashboard, see below. You are responsible for securing your API keys — do not publish or share them with any unauthorised persons. Failure to secure your API keys will increase the likelihood of fraud on your Ver.iD Account and potential losses to you or your Customers. You should contact us immediately if you become aware of any unauthorised use of your API key or any other breach of security regarding the Services. We provide more details on proper use of API keys in the Documentation. Information on securing your Ver.iD Account is available in Section D.
You may manage your Ver.iD Account, connect with other service providers, and enable additional features through the Ver.iD dashboard (“Dashboard”). Ver.iD will use the Dashboard to provide you with information about your Ver.iD Account. Ver.iD will also provide you with access to statistics and reports which will include all your Ver.iD Account activity. The information may be provided in your language, and if not, it will be provided in English.
c. Widgets and Applications
Your Customers interact with our platform through the use of Widgets or Applications. Widgets and Applications are web-based user interfaces hosted by Ver.iD that provide Credential Services directly to your Customers. Most, if not all, Widgets and Applications are designed to completely run client-side, i.e. in the browser or mobile phones of your Customers, so-called Single Page Applications. The Widgets and Applications are available in the native language of your customers, and if not, it will be available in Dutch or English.
Ver.iD may provide Plugins to access the platform APIs, Widgets or Applications from common web applications that you may use, such as, but not limited to, WordPress, Magento, Shopify or Drupal. Most, if not all, Plugins are open-source and published on the Ver.iD public repositories. The location of these repositories can be found in our Documentation.
2. Ownership of Ver.iD IP
As between you and Ver.iD, Ver.iD and its licensors exclusively own all rights, title, and interest in the patents, copyrights (including rights in derivative works), moral rights, rights of publicity, trademarks or service marks, logos and designs, trade secrets, and other intellectual property embodied by, or contained in the API, Services, Dashboard, Widgets, Applications, Plugins and Documentation (collectively, “Ver.iD IP”) or any copies thereof. Ver.iD IP is protected by copyright, trade secret, patent, and other intellectual property Laws, and all rights in Ver.iD IP not expressly granted to you in this Agreement are reserved.
You may choose to or we may invite you to submit comments or ideas about improvements to the Service, our API, our platform, or any other component of our products or services (“Ideas”). If you submit an Idea to us, we will presume that your submission was voluntary, unsolicited by us, and delivered to us without any restrictions on our use of the Idea. You also agree that Ver.iD has no fiduciary or any other obligation to you in connection with any Idea you submit to us, and that we are free to use your Ideas without any attribution or compensation to you.
You are granted a nonexclusive and non-transferable licence to electronically access and use the Ver.iD IP only in the manner described in this Agreement. Ver.iD does not sell to you, and you do not have the right to sublicence the Ver.iD IP. We may make updates to the Ver.iD IP or new Services available to you automatically as electronically published by Ver.iD, but we may require action on your part before you may use the Ver.iD IP or new Services (including activation through the Dashboard, or acceptance of new or additional terms). Ver.iD may revoke or terminate this licence at any time if you use Ver.iD IP in a manner prohibited by this Agreement.
You may not: (i) claim or register ownership of Ver.iD IP on your behalf or on behalf of others; (ii) sublicence any rights in Ver.iD IP granted by us; (iii) import or export any Ver.iD IP to a person or country in violation of any country’s export control Laws; (iv) use Ver.iD IP in a manner that violates this Agreement or Laws; or (v) attempt to do any of the foregoing.
4. Ver.iD Marks; References to Our Relationship
We may make certain Ver.iD logos or marks (“Ver.iD Marks”) available for use by you and other Clients to allow you to identify Ver.iD as a service provider. Ver.iD may limit or revoke your ability to use Ver.iD Marks at any time. You may never use any Ver.iD Marks or Ver.iD IP consisting of trademarks or service marks without our express permission, or in a manner that may lead people to confuse the origin of your products or services with ours.
During the term of this Agreement, you may publicly identify us as the provider of the Services to you and we may publicly identify you as a Ver.iD Client. If you do not want us to identify you as a Client, please contact us. Neither you nor we will imply any untrue sponsorship, endorsement, or affiliation between you and Ver.iD. Upon termination of your Ver.iD Account, both you and Ver.iD will remove any public references to our relationship from our respective websites.
You may use the Services to upload or publish text, images, and other content (collectively, “Content”) to your Ver.iD Account and to third-party sites or applications but only if you agree to obtain the appropriate permissions and, if required, licences to upload or publish any such Content using the Services. You agree to fully reimburse Ver.iD for all fees, fines, losses, claims, and any other costs we may incur that arise from publishing illegal Content through the Services, or claims that Content you published infringes the intellectual property, privacy, or other proprietary rights of others.
6. Our Services
a. Ver.iD Flows: The Ver.iD Flows is a Credential Service. A full description of Ver.iD Flows is defined on our website, in our Documentation and its use below in section C.
b. Other Services: From time to time we may offer you additional features or services that may be subject to additional or different terms of service. All such additional features and services form part of the Services, and you may not use these additional services unless you agree to the applicable agreement or terms (if any) for those services.
We may also provide you access to services identified as “beta” or pre-release services. You understand that these services are still in development, may contain bugs or errors, may be feature incomplete, may materially change prior to a full commercial launch, or may never be released commercially. We provide beta services AS IS, and without warranty of any kind, and your use of, or reliance on beta services is at your own risk.
Section C: Ver.iD Flows
1. Overview and Definitions
Ver.iD Flows is a Credential Service that allows you to create, verify and collect Verifiable Credentials or Verifiable Presentations to and from Wallets. The Service supports various Verifiable Credential Standards and is based on web standards such as, but not limited to, OAuth 2.0, JSON Web Tokens and JSON Web Signatures. Our platform provides you with an API that you can use to connect your own application to our infrastructure and provides you with a web-based Application and open-source web-based Plugins that you can use for your Customers.
The following terms used in this Agreement relate to your use of Ver.iD Flows:
- “Attribute Requirements” means a set of Attributes that is required by you with respect of your provision of products or services to your Customer; in accordance with a mandate from your Customer authorising you to receive, store, process and initiate a Verification without requiring any specific action of the Customer.
- “Verifiable Credential Standard” means specification for the data model and data integrity methods that provide an interoperable basis of dealing with Verifiable Credentials or Verifiable Presentations, e.g., Ver.iD JWT Token or the W3C Verifiable Credentials Data Model.
- “Verifiable Credential Standard Provider” means the party that created a Verifiable Credential Standard, e.g. W3C, Ver.iD or The Internet Engineering Task Force (IETF).
2. Registering for Use of Credential Services
When you register for a Ver.iD Account, you may be asked for information we use to identify you, your Representatives, principals, and other individuals associated with your Ver.iD Account. Throughout the term of this Agreement, we may share information about your Ver.iD Account with Wallet Providers and Verifiable Credential Standard Providers in order to verify your eligibility to use the Credential Services, and conduct risk management and compliance reviews. We may also share your Data (as that term is defined below) with Wallet Providers and Verifiable Credential Standard Providers for the purpose of facilitating the compliance with applicable Laws and Rules. We will review and may conduct further intermittent reviews of your Ver.iD Account information to determine that you are eligible to use the Credential Services. Ver.iD’s use of the information you provide to us under this Agreement is described in more detail in Section D.
3. Processing Verification; Disputes
You may only process data through the Credential Services that are authorised by your Customers. You maintain the direct relationship with your Customers and are responsible for: (i) acquiring appropriate consent on their behalf; (ii) providing confirmation or receipts to Customers for each verification; (iii) determining a Customer’s eligibility and authority to complete verifications. However, even authorised verifications may be subject to a Dispute. Ver.iD is not responsible for or liable to you for authorised and completed verifications that are later the subject of a Dispute, are submitted without authorisation or in error, or violate any Laws.
You are responsible for ensuring that you only process data through the Credential Services that are eligible to be treated as such in accordance with the terms of this Agreement and, with respect of your Attribute Requirements, that you have an appropriate mandate in place with your Customer enabling you to initiate processing and verification. You must keep a record of the basis on which you determined any processed verification was eligible and make such records available to us, our regulators and/or our auditors immediately on request.
You are immediately responsible to us for all Disputes, or Fines regardless of the reason or timing. In many, but not all cases, you may have the ability to challenge a Dispute by submitting evidence through the API or the Dashboard or electronically by mail. We may request additional information to assist you in contesting the Dispute, but we cannot guarantee that your challenge will be successful. Wallet Providers and Verifiable Credential Standard Providers may deny your challenge for any reason they deem appropriate.
Please keep in mind that, as explained in Section D.3, you are liable for all losses you incur when stolen Credentials or stolen Wallets are used for verification. Ver.iD does not and will not insure you against losses caused by fraud under any circumstances. For example, if someone pretends to be a legitimate Customer but is a fraudster, you will be responsible for any resulting costs, including Disputes, even if you do not recover fraudulently purchased products or services. Even if we work with you to assist you or law enforcement in recovering lost funds, Ver.iD is not liable to you, or responsible for your financial losses or any other consequences of such fraud.
4. Responsibilities and Disclosures to your Customers
It is very important to us that your Customers understand the purpose, amount, and conditions of Verifiable Presentations you process. With that in mind, when using the Credential Services you agree to: (i) accurately communicate, and not misrepresent, the nature of the verification prior to submitting it to the API; (ii) provide a receipt that accurately describes each verification to Customers; (iii) provide Customers a meaningful way to contact you in the event that the verification is not processed as described; (iv) not use Services to sell products or services in a manner that is unfair or deceptive, exposes Customers to unreasonable risks, or does not disclose material terms of a verification in advance; and (v) inform Customers that Ver.iD processes verifications for you. You also agree to maintain and make available to your Customers a reasonable cancellation, or adjustment policy, and clearly explain the process to Customers.
The Credential Services may include functionality that enables you to process recurring verifications of your Customers. If you use this functionality you agree to comply with applicable Laws and Rules, including clearly informing Customers in advance and explaining the method for cancelling their recurring verification.
If you engage in verifications with Customers who are individuals (i.e. consumers), you specifically agree to provide consumers disclosures required by Law, and to not engage in unfair, deceptive, or abusive acts or practices.
You may only use Credential Services to collect, verify and process the Credentials of your own Customers. You may not use Credential Services for any other purposes and may result in account suspension or termination of your Ver.iD Account.
5. Wallet Providers
When allowing your Customers to use specific Wallet Providers for verification purposes, you must comply with applicable Rules of these Wallet Providers and generally applicable rules set by government such as EU eIDAS. For example, Wallet Provider IRMA requires you to report to them that you are a so-called relying party for IRMA.
The Wallet Providers may amend their Rules at any time without notice to you, and Ver.iD reserves the right to change the Credential Services at any time to comply with these Rules.
6. Verifiable Credential Standard Providers
The outcome of the Credential Services of Ver.iD is in the form of generally acceptable credentials such as the W3C Verifiable Credentials following the W3C VC Data Model and W3C VC Data Integrity standards. The World Wide Web Consortium (W3C) develops international Web standards.
Verifiable Credential Standards Providers such as W3C may amend their standards at any time without notice to you, and Ver.iD reserves the right to change the Credential Services at any time to comply with these standards.
These specifications tell the Holder, Verifier or Relying Party (‘you’) what actions are required to perform (an obligation), not allowed to perform (a prohibition), or allowed to perform (a permission) if you are to accept the Verifiable Credential or Verifiable Presentation.
The terms-of-use specifications are included in the technical documentation of our platform and must be implemented by you when processing the Verifiable Presentation. In case the terms-of-use specifications are not included in the Verifiable Presentation provided by the API, we provide a default terms-of-use to be adhered as defined in the appropriate sections in our documentation.
The Dashboard may contain encrypted details of verifications, verification history, and other activity on your Ver.iD Account. Except as required by Law, you are solely responsible for reconciling the information in the Dashboard generated by your use of Credential Services with your records of Customer transactions, and for identifying any errors.
You agree to review your Ver.iD Account and immediately notify us of any errors. We will investigate any reported errors, and, when appropriate, attempt to rectify them.
9. Third party connections
The terms in this section only apply if you choose to connect Ver.iD Flows to a third-party application. Ver.iD Flows allows third parties, (a “Third-Party”), to help you administer Credential Services directly to you or your Customers. You can connect your Ver.iD Account to a Third-Party through the Dashboard by creating API keys in the Ver.iD Flows section. When you connect your Ver.iD Account to a Third-Party, you authorise Ver.iD to permit the Third-Party to: (i) access your Ver.iD Account and any Data (as defined in Section D) contained in your Ver.iD Account; (ii) assist you with creating and managing verifications with your Customers; and (iii) deduct amounts (for example, fees for use of the Third-party) from funds payable to you from verifications occurring in connection with the Third-Party (“Third-Party Fees”). You must separately agree with the Third-Party to pay any Third-Party Fees, and any Third-Party Fees will be in addition to Fees.
Once you have authorised a Third-Party to connect to your Ver.iD Account, the Third-Party will continue to have access to your Ver.iD Account until you specifically withdraw your authorisation by changing the Ver.iD Flow settings in the Dashboard.
Section D: Data Usage, Privacy, and Security
1. Data Usage Overview
Protecting, securing, and maintaining the information processed and handled through the Services is one of our top priorities, and it should be yours too. This section describes our respective obligations when handling and storing information connected with the Services. The following terms used in this section relate to data provided to Ver.iD by you or your Customers, or received or accessed by you through your use of the Services:
- “Personal Data” means information that identifies a specific living person (not a company, legal entity, or machine) and is transmitted to or accessible through the Services.
- “Company Data” means information that identifies a specific company, legal entity, or machine and is transmitted to or accessible through the Services.
- “Client Account Data” means information that describes your business and its operations, your products or services, and encrypted data on verifications initiated by you or your Customers.
- “Ver.iD Data” means anonymized details of the API transactions over Ver.iD infrastructure, and any other information created by or originating from Ver.iD or the Services.
The term “Data” used without a modifier means all Personal Data, Company Data, Client Account Data, and Ver.iD Data.
Ver.iD does analyse and manage Client Account Data to: (a) provide Services to you (b) mitigate fraud or other harm to Clients, Customers and Ver.iD; and (c) analyse, develop and improve our products, systems, and tools.
Ver.iD provides Client Account Data to Wallet Providers and regulators, to allow us to provide Services to you and other Clients. We do not provide Client Account Data to third parties for marketing their products to you. You understand and consent to Ver.iD’s use of Data for the purposes and in a manner consistent with this Section D.
2. Data Protection and Privacy
a. Confidentiality: Ver.iD will only use Client Account Data as permitted by this Agreement, by other agreements between you and us, or as otherwise directed or authorised by you. You will protect all Data you receive through the Services, and you may not disclose or distribute any such Data, and you will only use such Data in conjunction with the Services and as permitted by this Agreement or by other agreements between you and us. Neither party may use any Personal Data to market to Customers unless it has received the express consent from a specific Customer to do so. You may not disclose Data to others unless requested by Customers and consistent with applicable Laws.
You affirm that you are now and will continue to be compliant with all applicable Laws governing the privacy, protection, and your use of Data that you provide to us or access through your use of the Services. You also affirm that you have obtained all necessary rights and consents under applicable Laws to disclose to Ver.iD – or allow Ver.iD to collect, use, retain, and disclose – any Personal Data that you provide to us or authorise us to collect, including Data that we may collect directly from Customers using cookies or other similar means. As may be required by Law and in connection with this Agreement, you are solely responsible for disclosing to Customers that Ver.iD processes Verifications (including archiving and reporting) for you and may receive Personal Data from you. Additionally, where required by Law, we may delete or disconnect a Personal Data from your Ver.iD Account when requested to do so by the person.
If we become aware of an unauthorised acquisition, disclosure or loss of Personal Data on our systems, we will notify you consistent with our obligations under applicable Law. We will also notify you and provide you sufficient information regarding the unauthorised acquisition, disclosure or loss to help you mitigate any negative impact. We do note however, that our platform technology is setup in a way that we minimize the storage of Personal Data or Company Data. Where data storage is applicable, we aim to store all data in encrypted form or ensure that the data is stored only temporarily within our systems.
c. Data Processing. You are the data controller, and we are the data processor in relation to Personal Data processed on your behalf under this Agreement, except that we will be a data controller in relation to Personal Data where we determine the purposes and manner in which the Personal Data is processed (including, for example, in complying with any regulations or laws imposed upon us). We will, to the extent that we are a data processor, process Personal Data in accordance with the terms of this Agreement and lawful instructions reasonably given by you to us from time to time, and we will employ appropriate technical and organisational measures to protect such Personal Data. We will not be liable for any claim brought by a data subject arising from any action or omission by us, to the extent that such action or omission resulted from your instructions.
3. Security and Fraud Controls
a. Ver.iD’s Security: Ver.iD is responsible for protecting the security of Data in our possession. We will maintain commercially reasonable administrative, technical, and physical procedures to protect Client Account Data and Personal Data stored in our systems from unauthorised access, accidental loss, modification, or breach, and we will comply with applicable Laws when we handle Client Account and Personal Data. However, no security system is impenetrable, and we cannot guarantee that unauthorised parties will never be able to defeat our security measures or misuse any Data in our possession. You provide Client Account Data and Personal Data to Ver.iD with the understanding that any security measures we provide may not be appropriate or adequate for your business, and you agree to implement Security Controls (as defined below) and any additional controls that meet your specific requirements. In our sole discretion, we may take any action, including suspension of your Ver.iD Account, to maintain the integrity and security of the Services or Data, or to prevent harm to you, us, Customers, or others. You waive any right to make a claim against us for losses you incur that may result from such actions.
b. Your Security: You are solely responsible for the security of any Data on your website, your servers, in your possession, or that you are otherwise authorised to access or handle. You will comply with applicable Laws and Wallet Providers Rules when handling or maintaining Client Data and Personal Data and will provide evidence of your compliance to us upon our request. If you do not provide evidence of such compliance to our satisfaction, we may suspend your Ver.iD Account or terminate this Agreement.
c. Security Controls: You are responsible for assessing the security requirements of your business and selecting and implementing security procedures and controls (“Security Controls”) appropriate to mitigate your exposure to security incidents. We may provide Security Controls as part of the Services, or suggest that you implement specific Security Controls. However, your responsibility for securing your business is not diminished by any Security Controls that we provide or suggest, and if you believe that the Security Controls we provide are insufficient, then you must separately implement additional controls that meet your requirements. You may review some of the details of our Security Controls on our website or technical documentation.
d. Fraud Risk: While we may provide or suggest Security Controls, we cannot guarantee that you or Customers will never become victims of fraud. Any Security Controls we provide or suggest may include processes or applications developed by Ver.iD or other companies. You agree to review all the Security Controls we suggest or have included in our products and choose those that are appropriate for your business to protect against unauthorised access, if appropriate for your business, independently implement other security procedures and controls not provided by us. If you disable or fail to properly use Security Controls, you will increase the likelihood of invalid Verifications, invalid Verifiable Presentations, Disputes, fraud, losses, and other similar occurrences. Keep in mind that you are solely responsible for losses you incur from the use of lost or stolen Credentials or accounts by fraudsters who engage in fraudulent actions with you, and your failure to implement Security Controls will only increase the risk of fraud. We may assist you with recovering losses, but you are solely responsible for losses due to lost or stolen Credentials or accounts, compromise of your username or password, and any other unauthorised use or modification of your Ver.iD Account. Ver.iD is not liable or responsible to you and you waive any right to bring a claim against us for any losses that result from the use of lost or stolen Credentials or unauthorised use or modification of your Ver.iD Account. Further, you will fully reimburse us for any losses we incur that result from the use of lost or stolen credentials or accounts.
4. Your Use of Data with Ver.iD Flows
When using Ver.iD Flows, you will have the ability to connect your Ver.iD Account with your own application, under your supervision using an API key. Your applications may take certain actions on your behalf and access Data available through your Ver.iD Account, including some Client Data. By using Ver.iD Flows, you authorise Ver.iD to share Data with your application that you connect with your Ver.iD Account through the Dashboard or the API. You also understand that at any point you may disallow any such sharing by removing the your application from your Ver.iD Account. You waive your right to bring any claims against Ver.iD for losses you incur that arise from any actions or use of Data by your application connected to your Ver.iD Account, and you will fully reimburse us for any losses we incur that result from your actions or use of such Data by your application.
5. Provision of Account Details upon Termination
For 30 days after termination of your Ver.iD Account, you may request in writing that we provide to an alternative Credential Service Provider the Account Details regarding Verifications by you of your Customers Credentials that you are entitled to receive. We may require you to provide evidence that the alternative Credential Service Provider has appropriate systems and controls as a precondition to the provision of any Account details.
Section E: Additional Legal Terms
1. Right to Amend
We have the right to change or add to the terms of this Agreement at any time, solely with prospective effect, and to change, delete, discontinue, or impose conditions on use of the Services by posting such changes on our website or any other website we maintain or own. We will provide you with Notice of any changes through the Dashboard, via email, or through other reasonable means. If you have an existing Ver.iD Account, the changes will come into effect on the date we specify in the Notice, and your use of the Services, API, or Data after a change has taken effect, constitutes your acceptance of the terms of the modified Agreement. You can access a copy of the current terms of this Agreement on our website at any time. You can find out when this Agreement was last changed by checking the “Last updated” date at the top of the Agreement.
You may not assign this Agreement, any rights or licences granted in this Agreement, or operation of your Ver.iD Account to others without our prior written consent. If you wish to make such an assignment, please contact us. If we consent to the assignment, the assignee must agree to assume all of your rights and obligations owed by you related to the assignment, and must agree to comply with the terms of this Agreement. Ver.iD may assign this Agreement without your consent or any other restriction. If we make an assignment, we will provide reasonable Notice to you.
3. Right to Audit
If we believe that a security breach, leak, loss, or compromise of Data has occurred on your systems, website, or app affecting your compliance with this Agreement, we may require you to permit a third-party auditor approved by us to conduct a security audit of your systems and facilities, and you must fully cooperate with any requests for information or assistance that the auditor makes to you as part of the security audit. The auditor will issue a report to us which we may share with Wallet Providers and Verifiable Credentials Standard Providers or other relevant parties.
4. No Agency; Third-Party Services
5. Force Majeure
Neither party will be liable for any delays in processing or other non-performance caused by telecommunications, utility failures, or equipment failures; labour strife, riots, war, or terrorist attacks; non-performance of our vendors or suppliers, fires or acts of nature; or any other event over which the respective party has no reasonable control. However, nothing in this section will affect or excuse your liabilities or your obligation to pay Fees, Fines, Disputes, Refunds, or Returns under this Agreement.
6. Your Liability For Third-Party Claims Against Us
Without limiting, and in addition to, any other obligation that you may owe under this Agreement, you are always responsible for the acts and omissions of your employees, contractors and agents, to the extent such persons are acting within the scope of their relationship with you.
You agree to defend Ver.iD against any claim, suit, demand, loss, liability, damage, action, or proceeding (each, a “Claim”) brought by a third party, and you agree to fully reimburse Ver.iD for any Claims that result from: (i) your breach of any provision of this Agreement; (ii) any Fees, Fines, Disputes, or any other liability we incur that results from your use of the Credential Services; (iii) negligent or wilful misconduct of your employees, contractors, or agents; or (iv) contractual or other relationships between you and Customers.
Important Note for Sole Proprietors: If you are using Services as a sole proprietor, please keep in mind that the Law and the terms of this Agreement consider you and your business to be legally one and the same. You are personally responsible and liable for your use of the Services, payment of Fees, Fines, losses based on Disputes or fraud, or for any other amounts you owe under this Agreement for your failure to use Security Controls, and for all other obligations to us and to your Customers. You risk personal financial loss if you fail to pay any amounts owed. Please take the time to read our documentation and take any measures appropriate to protect against such losses.
7. Representations and Warranties
By accepting the terms of this Agreement, you represent and warrant that: (a) you are eligible to register and use the Services and have the authority to execute and perform the obligations required by this Agreement; (b) any information you provide us about your business, products, or services is accurate and complete; (c) any verification represent a Verification for permitted products or services and any related information accurately describes the Verification; (d) you will fulfil all of your obligations to Customers and will resolve all Disputes with them; (e) you will comply with all Laws applicable to your business and use of the Services; (f) your employees, contractors and agents will at all times act consistently with the terms of this Agreement; (g) you will not use Credential Services for personal, family or household purposes (except in the normal course of business); and (h) you will not use the Services, directly or indirectly, for any fraudulent or illegal undertaking, or in any manner that interferes with the normal operation of the Services.
8. No Warranties
WE PROVIDE THE SERVICES AND VER.ID IP “AS IS” AND “AS AVAILABLE”, WITHOUT ANY EXPRESS, IMPLIED, OR STATUTORY WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR ANY OTHER TYPE OF WARRANTY OR GUARANTEE. NO DATA, DOCUMENTATION OR ANY OTHER INFORMATION PROVIDED BY VER.ID OR OBTAINED BY YOU FROM OR THROUGH THE SERVICES — WHETHER ORAL OR WRITTEN — CREATES OR IMPLIES ANY WARRANTY FROM VER.ID TO YOU.
YOU AFFIRM THAT VER.ID DOES NOT CONTROLS THE PRODUCTS OR SERVICES THAT YOU OFFER OR SELL OR THAT YOUR CUSTOMERS PURCHASE USING THE CREDENTIAL SERVICES. YOU UNDERSTAND THAT WE CANNOT GUARANTEE AND WE DISCLAIM ANY KNOWLEDGE THAT YOUR CUSTOMERS POSSESS THE AUTHORITY TO MAKE, OR WILL COMPLETE, ANY VERIFICATION.
VER.ID DISCLAIMS ANY KNOWLEDGE OF, AND DOES NOT GUARANTEE: (a) THE ACCURACY, RELIABILITY, OR CORRECTNESS OF ANY DATA PROVIDED THROUGH THE SERVICES; (b) THAT THE SERVICES WILL MEET YOUR SPECIFIC BUSINESS NEEDS OR REQUIREMENTS; (c) THAT THE SERVICES WILL BE AVAILABLE AT ANY PARTICULAR TIME OR LOCATION, OR WILL FUNCTION IN AN UNINTERRUPTED MANNER OR BE SECURE; (d) THAT VER.ID WILL CORRECT ANY DEFECTS OR ERRORS IN THE SERVICE, API, DOCUMENTATION, OR DATA; OR (e) THAT THE SERVICES ARE FREE OF VIRUSES OR OTHER HARMFUL CODE. USE OF DATA YOU ACCESS OR DOWNLOAD THROUGH THE SERVICES IS DONE AT YOUR OWN RISK — YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR PROPERTY, LOSS OF DATA, OR ANY OTHER LOSS THAT RESULTS FROM SUCH ACCESS OR DOWNLOAD. YOU UNDERSTAND THAT VER.ID MAKES NO GUARANTEES TO YOU REGARDING VERIFICATION PROCESSING.
NOTHING IN THIS AGREEMENT OPERATES TO EXCLUDE, RESTRICT OR MODIFY THE APPLICATION OF ANY IMPLIED CONDITION, WARRANTY OR GUARANTEE, OR THE EXERCISE OF ANY RIGHT OR REMEDY, OR THE IMPOSITION OF ANY LIABILITY UNDER LAW WHERE TO DO SO WOULD: (A) CONTRAVENE THAT LAW; OR (B) CAUSE ANY TERM OF THIS AGREEMENT TO BE VOID.
9. Limitation of Liability
Under no circumstances will Ver.iD be responsible or liable to you for any indirect, punitive, incidental, special, consequential, or exemplary damages resulting from your use or inability to use the Services or for the unavailability of the Services, for lost profits, personal injury, or property damage, or for any other damages arising out of, in connection with, or relating to this Agreement or your use of the Services, even if such damages are foreseeable, and whether or not you or Ver.iD have been advised of the possibility of such damages. Ver.iD is not liable, and deny responsibility for, any damages, harm, or losses to you arising from or relating to hacking, tampering, or other unauthorised access or use of the Services, your Ver.iD Account, or Data, or your failure to use or implement anti-fraud measures, Security Controls, or any other data security measure. Ver.iD further denies responsibility for all liability and damages to you or others caused by (a) your access or use of the Services inconsistent with the Documentation; (b) any unauthorised access of servers, infrastructure, or Data used in connection with the Services; (c) interruptions to or cessation of the Services; (d) any bugs, viruses, or other harmful code that may be transmitted to or through the Services; (e) any errors, inaccuracies, omissions, or losses in or to any Data provided to us; (f) third-party content provided by you; or (g) the defamatory, offensive, or illegal conduct of others.
You agree to limit any additional liability not disclaimed or denied by the Ver.iD under this Agreement to your direct and documented damages; and you further agree that under no circumstances will any such liability exceed in the aggregate the amount of Fees paid by you to Ver.iD during the three-month period immediately preceding the event that gave rise to your claim for damages.
These limitations on our liability to you will apply regardless of the legal theory on which your claim is based, including contract, tort (including negligence), strict liability, or any other theory or basis. We may provide some of the Services from facilities outside the Netherlands. We do not claim, and we cannot guarantee that Services we provide, or services Wallet Providers provide, are or will be appropriate or available for any other location or jurisdiction, comply with the Laws of any other location or jurisdiction, or comply with Laws governing export, import, or foreign use.
10. Responding to Legal Process
Ver.iD may respond to and comply with any writ of attachment, lien, levy, subpoena, warrant, or other legal order (“Legal Process”) that we believe to be valid. Where permitted by Law, we will make reasonable efforts to provide you Notice of such Legal Process by sending a copy to the email address we have on file for you. Ver.iD is not responsible for any losses, whether direct or indirect, that you may incur as a result of our response or compliance with a Legal Process.
11. Dispute Resolution
a. Governing laws: This Agreement and the rights of the parties hereunder shall be governed and construed in accordance with the laws of The Netherlands.
b. Service of Process: Each party hereby irrevocably and unconditionally consents to service of process through personal service at their corporate headquarters, registered address, or primary address (for individuals or sole proprietors). Nothing in this Agreement will affect the right of any party to serve process in any other manner permitted by Law.
c. Class Waiver: To the fullest extent permitted by Law, each of the parties agrees that any dispute arising out of or in connection with this Agreement will be conducted only on an individual basis and not in a class, consolidated or representative action. If for any reason a claim or dispute proceeds in court rather than through arbitration, each party knowingly and irrevocably waives any right to trial by jury in any action, proceeding or counterclaim arising out of or relating to this Agreement or any of the transactions contemplated between the parties.
12. Entire Agreement
This Agreement and all policies and procedures that are incorporated by reference constitute the entire agreement between you and Ver.iD for provision and use of the Services. Except where expressly stated otherwise in a writing executed between you and Ver.iD, this Agreement will prevail over any conflicting policy or agreement for the provision or use of the Services. This Agreement sets forth your exclusive remedies with respect to the Services. If any provision or portion of this Agreement is held to be invalid or unenforceable under Law, then it will be reformed and interpreted to accomplish the objectives of such provision to the greatest extent possible, and all remaining provisions will continue in full force and effect.
13. Cumulative Rights, Construction, Waiver
The rights and remedies of the parties under this Agreement are cumulative, and either party may enforce any of its rights or remedies under this Agreement, along with all other rights and remedies available to it at Law. No provision of this Agreement will be construed against any party on the basis of that party being the drafter. Unless expressly stated otherwise, the use of the term “including” or “such as” is not to be interpreted as limiting the generality of the text preceding the term. The failure of either party to enforce any provision of this Agreement will not constitute a waiver of that party’s rights to subsequently enforce the provision.
All provisions of this Agreement that give rise to a party’s ongoing obligation will survive termination of this Agreement, including Sections A.3 (“Your Relationship with Your Customers”), A.6 (“Taxes and Other Expenses”), A.7 (“Service Requirements, Limitations and Restrictions”), A.8 (“Suspicion of Unauthorised or Illegal Use”), A.9 (“Disclosures and Notices; Electronic Signature Consent”), A.10.b (“Effects of Termination”), B.2 (“Ownership of Ver.iD IP”), C.6 (“Specific Verification Methods”), C.7 (“Reconciliation”), D.3 (“Security and Fraud Controls”), D.4 (“Your Use of Data with Ver.iD Connect”), D.5 (“Provision of Account Details upon Termination”), E.4 (“No Agency; Third-Party Services”), E.5 (“Force Majeure”), E.6 (“Your Liability for Third-Party Claims Against Us”), E.7 (“Representations and Warranties”), E.8 (“No Warranties”), E.9 (“Limitation of Liability”), E.10 (“Responding to Legal Process”), E.11 (“Dispute Resolution”), E.12 (“Entire Agreement”), E.13 (“Cumulative Rights, Construction, Waiver”) and E.14 (“Survival”); and any related terms in the Agreement.
The parties hereby acknowledge that they have required this Agreement and all related documents to be in the English language.
If you have a complaint with the Services we provide, please contact email@example.com.