Prebaci na hrvatski
Font size
Menu
Fina Digital Certificates Terms of Use of the Fina e‑Sign Cloud Mobile Application and the m‑Token Service with Rules on the Processing and Protection of Personal Data

Terms of Use of the Fina e‑Sign Cloud Mobile Application and the m‑Token Service with Rules on the Processing and Protection of Personal Data

1.    Introductory Provisions

1.1.    By these terms of use of the Fina e‑Sign Cloud mobile application and the Fina m‑Token service (hereinafter: the Terms of use), the conditions for using the Fina e‑Sign Cloud mobile application for the purpose of creating a qualified electronic signature by the Signatory and for creating a qualified electronic seal by the Creator of a seal Creator of a seal are established. The Fina m‑Token (hereinafter: the m‑Token) is an integral part of the Fina e‑Sign Cloud mobile application, and Signatories and Creator of a seal Creator of a seal use it to authenticate on Fina’s e‑Signature in the Cloud  Service in order to create a qualified electronic signature or a qualified electronic seal.

1.2.    These Terms of use apply together with the Agreement on the Provision of Certification Services, from which the rights and obligations of the contracting parties arise based on the provisions of Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, , with corrections,, amendments and/or supplements in force; the Act Implementation of Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Council Directive 1999/93/EC, Certificate Policy for for Qualified Certificates for Electronic Signatures and Seals, Certification Practice Statement for Qualified Certificates for Electronic Signatures and Seals, the Terms of use and conditions of providing certification services for Business Certificates and Certificates for State Administration Bodies, the Terms and conditions of providing certification services for the Provision of Services for Personal Certificates, and other Fina acts governing the provision of certification services.

1.3.    The documents referred to in point 1.2. of these Terms of use are available on Fina’s website at the address: https://www.fina.hr/finadigicert.  

2.    Definitions

The individual terms used in these Terms of use have the following meanings:

2.1.    Fina e‑Sign Cloud is a mobile application that enables the electronic signing of PDF documents in accordance with Regulation (EU) No. 910/2014 (hereinafter: the eIDAS Regulation).

2.2.    m-Token is a means of two‑factor authentication for the Signatory and the Creator of a seal on the e‑Signature Cloud Service, and it is an integral part of the Fina e‑Sign Cloud mobile application. 

2.3.    The e‑Signature in the cloud Service is Fina’s service for the remote creation of qualified electronic signatures and qualified electronic seals in accordance with the eIDAS Regulation. 

2.4.    Subscriber is legal or a natural person bound by the Subscriber Agreement with Fina as a trust service provider, for the purpose of issuing a certificate and its use within the e‑Signature in the Cloud Service. 

2.5.    Signatory is a natural person who, by using the e‑Signature in the Cloud Service, creates an electronic signature (hereinafter: User). The Signatory may be associated with a business entity. 

2.6.    Creator of the Seal of a seal is a legal person who, by using the e‑Sign in the Cloud Service, creates an electronic seal.

2.7.    Authorized Representative is a natural person authorised legally or by proxy to represent the  the Creator of a seal of a seal in the issuance procedure and/or revocation of the  certificate for electronic seal and who uses the m‑Token for authentication to access the e‑Signature in the Cloud Service. (hereinafter: User). 

2.8.    One-Time Password is a sequence of six digits with limited time validity, generated by the m‑Token, and used for authentication of the Signatory or the Creator of a seal of a seal via mobile phone on the e‑Signature in the Cloud Service for the purpose of authorising the creation of a qualified electronic signature or a qualified electronic seal. 

2.9.    Activation data consist of two separate sequences of digits that Fina assigns to the Signatory for the activation of the m‑Token.
consist of two separate sequences of digits that Fina assigns to the Signatory for the activation of the m‑Token.
The validity period of the Activation Data is 24 hours. 

2.10.    PIN of the m‑Token is a six‑digit activation code used to unlock the m‑Token before its use. The PIN is set by the Signatory or the Authorised Representative. 

2.11.    Certificate PIN is a six‑digit number used to activate the Signatory’s private key. 

2.12.   Certificate Application Form (hereinafter: Application Form) is a duly completed and signed Application Form used to request the issuance of certificates for creating qualified electronic signatures and certificates for creating qualified electronic seals within the e‑Signature in the Cloud Service.
It is submitted in person at Fina’s Registration Offices, online via the OSPD service, or through an externally Contracted RA.

2.13.   Subscriber Agreement is the Agreement between the Subscriber and Fina that regulates the obligations of the contracting parties.

2.14.    Registration Office Network (hereinafter: the RA Network) is the registration network consisting of Fina’s registration offices (Fina RA Network) and the network of registration offices of every particular external contracted business entity that performs subscriber registration services (External Contracted RA). 

2.15.    Electronic Services are online services connected to the e‑Signature Cloud Service in order to enable their Users to create a qualified electronic signature and seal. 

2.16.    OSPD is Fina’s online service for submitting documentation.

2.17.    Qualified Electronic Signature is an advanced electronic signature created by qualified electronic signature creation device and which is based on a qualified certificate for electronic signatures.

2.18.    Qualified Electronic Seal is an advanced electronic seal created using qualified electronic seal creation device and is based on a qualified certificate for electronic seal. 

2.19.    Qualified Certificate for Electronic Signature is certificate for electronic signature issued by a qualified trust service provider and meets the requirements set by the eIDAS Regulation. 

2.20.    Qualified Certificate for Electronic Seal is an certificate for electronic seal issued by a qualified trust service provider and meets the requirements set by the eIDAS Regulation. 

2.21.    CMS is the Portal for issuing and downloading digital certificates.

2.22.    Application Form for blocking, unblocking, deactivation, or issuing a new Fina m‑Token is a duly completed and signed form submitted by the User to Fina for the purpose of activating and deactivating the m‑Token service.

3.    General Provisions

3.1.    The service of using the Fina e Sign Cloud mobile application is a service that enables the Signatory to electronically sign individual PDF documents in accordance with the eIDAS Regulation.
The m Token is an integral part of this mobile application. 

3.2.    The m Token is integrated into the certificate issuance service for the creation of qualified electronic signatures and certificates for the creation of qualified electronic seals within the e Sign Cloud Service, and it is an integral part of that service.

3.3.    A user of the Fina e Sign Cloud mobile application may be any user of Fina’s certificates for remote electronic signing/sealing, except users of Banks who do not use Fina’s m Token for authentication on the e-Signature in the Cloud Service but instead use the Bank’s authentication means (Erste Bank and HPB Bank).

3.4.    A user who has submitted a Certificate Application Form for the creation of qualified electronic signatures or a certificate for the creation of qualified electronic seals within the e-Signature in the Cloud Service and who has signed the Subscriber Agreement accordance with the documentation specified in item 1.2. of these Terms of use may become a user of the m-Token.

3.5.    Information and documentation regarding the issuance of certificates for the creation of qualified electronic signatures and certificates for the creation of qualified electronic seals within the e-Signature in the Cloud Service are available on Fina’s website: https://www.fina.hr/finadigicert

3.6.    The list of technical prerequisites, the method of using the Fina e Sign Cloud mobile application, and the activation of the m Token are described in the user instructions available at https://www.fina.hr/finadigicert.  

4.    Service Contracting 

4.1.    The Subscriber contracts the use of the Fina e Sign Cloud application by downloading the application to their mobile device and accepting these Terms of use. The m Token is an integral part of the application. The Subscriber contracts the m Token in accordance with item 4.2. of these Terms of use. 

4.2.    The Subscriber contracts the m Token by submitting a Certificate Application form for the creation of qualified electronic signatures and a certificate for the creation of qualified electronic seals within the e-Signature in the Cloud Service, and by signing the Subscriber Agreement, either by appearing in person at a Fina RA network office or online via the OSPD service. The Subscriber may also contract the m Token at an External Contracted RA. 

4.3.    The moment of concluding the Agreement for certification services is considered to be the moment the Agreement on the Provision of Certification Services is signed, thereby accepting the Terms of Provision of Certification Services, which regulate certification procedures regarding Signatory or Authorised Representative authentication on the e-Signature in the Cloud Service. 

4.4.     The contracting parties are Fina and the Subscriber.

5.    Scope and Use of the Fina e Sign Cloud Application and the m Token

5.1.    Using the Fina e Sign Cloud mobile application enables the electronic signing of individual PDF documents in accordance with the eIDAS Regulation. 

5.2.    Using the m Token enables:

  • Authentication in the process of issuing certificates for the creation of qualified electronic signatures and certificates for the creation of qualified electronic seals within the e Sign Cloud Service.
  • Authentication on the e Sign Cloud Service for the purpose of creating a qualified electronic signature or a qualified electronic seal.

5.3.    To use the Fina e Sign Cloud mobile application and the m Token, the Subscriber is required to ensure the appropriate technical and other prerequisites specified in the User Instructions.

5.4.    Fina reserves the right to unilaterally amend the User Instructions, which are published on Fina’s website: https://www.fina.hr/finadigicert. The Subscriber agrees with this method of amending the User Instructions and being informed about such amendments. 

6.    Processing and Protection of Personal Data

6.1.    Personal data collected through the Certificate Application Form are processed to comply with the legal obligations of the data controller, solely for the purposes of providing certification services and the use of the m Token and are necessary for Fina as the data controller to conclude and provide the certification service of which the m Token is an integral part. 

6.2.    Personal data collected through the Certificate Application Form are necessary for Fina as the data controller for the purpose of providing the Service.

6.3.    The data controller, Fina, may forward personal data to providers of IT solutions and services who act as contracted processors. In such cases, the processor processes personal data following the instructions of the data controller, for the purpose for which the personal data were collected, and in accordance with the personal data processing agreement, in line with the requirements of the General Data Protection Regulation.

6.4.    The User has the right to request from Fina access, rectification, erasure, portability, and restriction of processing, and to lodge an objection to the processing of their personal data, provided that the prescribed conditions are met. Requests related to the aforementioned rights are submitted in writing at the designated service counters of Fina’s business units, the list of which is published on Fina’s website https://www.fina.hr. The data subject may lodge a complaint regarding the processing of personal data with the supervisory authority – the Croatian Personal Data Protection Agency, at azop@azop.hr

7.    Subscriber Responsibility

7.1.    The Subscriber and User undertakes to:

  • responsibly safeguard the mobile phone on which the Fina e‑Signature Cloud application, of which the m‑Token is an integral part as a means of two‑factor authentication on the e‑Signature Cloud Service, is installed, in order to prevent its loss, theft, or misuse,
  • activate the m‑Token within 24 hours from the moment of receiving the Activation Data that Fina has sent to the SMS and email address specified in the user’s Certificate Application form,
  • use the m‑Token only for the purposes specified in the Agreement on the Provision of Certification Services and in item 5.1. of these Terms of use,
  • properly activate the m‑Token,
  • promptly update the Fina e‑Signature Cloud application with each new version made available by Fina,
  • take all measures to protect the confidentiality of the Activation Data, use the Activation Data with due care, not disclose or make them available to others, and accept full responsibility for all obligations arising from the use of the Activation Data and the m‑Token,
  • not forward the Activation Data by email or SMS to third persons and not provide third persons with access to or control of their mobile phone under any circumstances,
  • take all measures to protect and use with due care, and not disclose or make available to others, the m‑Token PIN, and accept full responsibility for all obligations arising from its use,
  • without delay notify Fina of the loss or unauthorised use of the Activation Data or the m‑Token PIN and, in such a case, immediately submit a Request for blocking, activation, and deactivation of the Fina m‑Token.

7.2.    The User bears all damages arising from the loss and/or unauthorised use of the Activation Data and the m‑Token PIN, as well as from unauthorised or improper use of the m‑Token.

8.    Fina’s Responsibility

8.1.    Fina ensures the availability of the Fina e‑Sign Cloud mobile application in application stores (Google, Apple and Huawei) for download and updates. 

8.2.    Fina is responsible for the availability of the e‑Sign Cloud Service and the CMS Portal for certificate download.  

8.3.    Fina is responsible for registering Subscribers in Fina’s RA network, for the availability of the OSPD Service, and for sending Activation Data for m‑Token activation. 

8.4.    Fina is not responsible:

  • for the inability to use the Fina e‑Sign Cloud application and the m‑Token due to technical or other deficiencies on the Subscriber’s side (e.g., an unsuitable mobile phone or its operating system, inadequate or missing internet connection, etc.),
  • in other cases where the Subscriber is responsible in accordance with items 7.1. and 7.2. of these Terms of use.  

9.    Fees

9.1.    The use of the Fina e‑Sign Cloud mobile application is not charged. 

9.2.    Fina charges for the certificate issuance service and the use of the e‑Signature Cloud Service, of which the use of the Fina e‑Signature Cloud application and the m‑Token is an integral part, in accordance with Fina’s Official Price List published at https://www.fina.hr/finadigicert.  

9.3.    Fees for the use of Electronic Services are not related to the authentication service provided by the m‑Token and may be charged in accordance with the rules and price list of the owner of the Electronic Service.  

10.    Termination of Use of the Fina e‑Sign Cloud and the m‑Token, Blocking, Unblocking, and Deactivation of the m‑Token Service, Mobile Phone Replacement 

10.1.    The m‑Token will not be automatically deactivated by submitting a request for revocation of the corresponding certificates within the e‑Signature Cloud Service.
The User cannot use the mobile application for any other purpose, and if the User does not intend to be a User of Fina’s certificates used within the e‑Signature Cloud Service for the creation of qualified electronic signatures or qualified electronic seals again, they may uninstall the Fina e‑Signature Cloud application from the mobile phone or request the deactivation of the m‑Token at Fina by submitting the appropriate request.
The User may submit a request for the deactivation of the Fina m‑Token at one of the offices within Fina’s RA network.  

10.2.    In the event of a mobile phone change, the User may transfer the application from one mobile phone to another, in accordance with the instructions in the User Manual published at www.fina.hr/finadigicert
If the m‑Token user has changed their mobile phone but has not transferred the application from one phone to another, it is necessary to request the issuance of new Activation Data from Fina and reactivate the m‑Token. 
The new Activation Data will be sent to the mobile phone number and email address the User specified in the Certificate Application Form. 

10.3.    A User who uses the standalone Fina m‑Token application may transfer the m‑Token service to the Fina e‑Sign Cloud application, in accordance with the instructions in the User Manual published at www.fina.hr/finadigicert
If the user of the Fina m‑Token has uninstalled the Fina m‑Token application and has not transferred the m‑Token into the Fina e‑Sign Cloud application, it is necessary to request the issuance of new Activation Data from Fina and reactivate the m‑Token.
The new Activation Data will be sent to the mobile phone number and email address the User specified in the Certificate Application Form.

10.4.    Fina will block the m‑Token if the User has informed Fina of the loss and/or unauthorised use of the Activation Data or the PIN.

10.5.    In the event of suspected misuse, the User is obliged to request the blocking of the m‑Token by submitting a Application Form for blocking, unblocking, deactivation, and issuance of a new m‑Token at Fina, or in urgent cases by calling Fina’s telephone number (+385 1) 612 7040, available every day from 0 to 24 hours.
An Urgent reason includes theft or loss of the mobile phone or any other form of misuse of the m‑Token.

10.6.     In the event of a change of mobile phone number on the same mobile device, the User must personally submit a request at Fina to update the mobile phone number so that the correct number is used during signing.
The User must uninstall the existing application and reinstall it to register the application with the new number.
Before uninstalling the application, the User must transfer the m‑Token in accordance with the instructions in the User Manual published at www.fina.hr/finadigicert .
If the user of the Fina m‑Token has uninstalled the Fina m‑Token application and has not recorded the activation codes for reactivation of the m‑Token, it is necessary to request the issuance of new Activation Data from Fina and reactivate the m‑Token.
The new Activation Data will be sent to the new mobile phone number and email address the User specified in the Certificate Application Form, or in Application Form for blocking, unblocking, deactivation, or issuance of a new Fina m‑Token when reporting the change of mobile phone number.

10.7.     With a Subscriber who does not comply with these Terms of use, Fina may, without prior warning and/or notice, immediately terminate the Agreement, and must notify the User by sending a notice to the email address the User specified in the Certificate Application Form.
In this case, the Agreement is terminated at the moment the notice is sent.

11.    Final Provisions

11.1.    The User accepts the Terms of use by downloading the Fina e‑Sign Cloud application and activating the m‑Token. 

11.2.    These Terms of use are published on the website https://www.fina.hr/finadigicert

11.3.    Fina reserves the right to subsequently amend and supplement the Terms of use, and is obliged to inform the User by publishing the changes on Fina’s website.
It shall be considered that the Subscriber has agreed to the amendments and supplements to the Terms of use if, within fifteen days from their publication on Fina’s website, the Subscriber does not notify Fina in writing that they do not agree to the amendment and/or supplement to the Terms of use and that they are terminating the use of the Fina e‑Signature Cloud application and the m‑Token.

11.4.    These Terms of use enter into force on 30 March 2026.