Fina m-Token - Terms and Conditions
1. Introductory Provisions
1.1. These Fina m-Token Terms of Service (hereinafter: Terms) lay down the terms of use of the Fina m-Token mobile application by the User for the purpose of user authentication to Fina's e-Signature Cloud Service for the creation of a qualified electronic signature or qualified electronic seal.
1.2. These Terms apply in conjunction with the Certification Services Agreement, wherein the rights and obligations of the Contracting Parties are derived from the provisions of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, The Act Implementing Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, General Rules for the Provision of Certification Services for Qualified Electronic Signature and Seal Certificates, Ordinance on Certification Procedures for Qualified Electronic Signature and Seal Certificates, Terms of Use of Certification Services for Business Certificates, Terms of Use of Certification Services for Personal Certificates, Terms of Use of Certification Services for Government Entities, and Fina's other acts regulating the performance of certification services.
1.3. Documents listed in these Terms under 1.2 are available on Fina's website under https://www.fina.hr/finadigicert.
2. Definitions
The following definitions apply for the purposes of these Terms:
2.1. "Fina m-Token" is a means of two-factor authentication of the Signatory and Creator of the Seal to the e-Signature Cloud Service, delivered in form of a mobile application.
2.2. "e-Signature Cloud Service" is Fina's service for remote creation of qualified electronic signatures and qualified electronic seals under Regulation (EU) No 910/2014 (hereinafter: eIDAS Regulation).
2.3. "User" is a business operator, government entity or natural person who entered into a Certification Services Agreement with Fina as the provider of trust services for the purposes of issuing the certificate and using it within the e-Signature Cloud Service.
2.4. "Signatory" is a natural person who creates a qualified electronic signature using the e-Signature Cloud Service, including the Fina m-Token authentication. A Signatory may have an association with a business operator.
2.5. "Creator of the Seal" is a legal person who creates an electronic seal.
2.6. "Authorized Representative" is a natural person authorized by law or power of attorney to represent the Creator of the Seal in the procedure of issuance and/or revocation of the electronic seal certificate and who uses the Fina m-Token for authentication to the e-Signature Cloud Service.
2.7. "One-Time Password" (OTP) is a series of six digits, valid for a limited period of time, generated by the Fina m-Token, which is used to authenticate the Signatory or the Creator of the Seal to the e-Signature Cloud Service on their mobile phone for purposes of authorizing the creation of a qualified electronic signature or qualified electronic seal.
2.8. " Activation data " is composed of two separate series of digits assigned by Fina to the User for the purpose of activating the m-Token. Fina sends one series of digits to the User in a text message, and the other in an e-mail, using the mobile phone number and e-mail address registered when submitting the Request to be Issued a Certificate. The Activation data is valid for 24 hours.
2.9. "PIN" is a six-digit activation code that is used to unlock the Fina m-Token prior to using it. The PIN is set by the Signatory or Authorized Representative.
2.10. "Request to Have a Certificate Issued" (hereinafter: Request) is a properly filled in and signed form requesting to be issued certificates for the creation of qualified electronic signatures and certificates for the creation of qualified seals in the e-Signature Cloud Service. The requests can be submitted in person at Fina's Registration Offices, online through OSPD or through an external contractual RO.
2.11. "Certification Services Agreement" is an agreement signed between the User and Fina, regulating the obligations of the Contracting Parties.
2.12. "Registration Office Network" (hereinafter: RO Network) is a registration network composed of Fina’s Registration Offices (Fina RO Network) and the network of registration offices of each individual external contractual business operator performing User registration tasks (external contractual RO).
2.13. "Electronic Services" are online services associated with the e-Signature Cloud Service allowing their users to create qualified electronic signatures and seals.
2.14. "OPSD" is Fina's online documentation submitting service.
2.15. "Qualified Electronic Signature" is an advanced electronic signature created using qualified means of electronic signature creation and based on a qualified electronic signatures certificate.
2.16. "Qualified Electronic Seal" is an advanced electronic seal created using the means of qualified electronic seal creation and based on a qualified electronic seal certificate.
2.17. "Qualified Electronic Signature Certificate" is an electronic signature certificate issued by a qualified provider of trust services that meets the requirements laid down in the eIDAS Regulation.
2.18. "Qualified Electronic Seal Certificate" is an electronic seal certificate issued by a qualified provider of trust services that meets the requirements laid down in the eIDAS Regulation.
2.19. "CMS" is the portal where digital certificates are issued and downloaded.
2.20. "Request to Block, Unblock, Deactivate or issue a new Fina m-Token" is a request submitted by the User at Fina to deactivate the Fina m-Token service.
3. General Provisions
3.1. Fina m-Token service (hereinafter: Service) is integrated in the certificate issuance service for the creation of qualified electronic signatures and for the creation of qualified seals in the e-Signature Cloud Service and forms a constituent part thereof.
3.2. Any user who has submitted the Request to Have a Certificate Issued for the creation of qualified electronic signatures and a Request to Have a Certificate Issued for the creation of qualified seals in the e-Signature Cloud Service and who has signed the Certification Services Agreement in accordance with the documentation specified in these Terms under 1.2 can become a User of the Fina m-Token application.
3.3. The information and documentation required for the issuance of certificates for the creation of qualified electronic signatures and certificates for the creation of qualified seals in the e-Signature Cloud Service are available on Fina's website https://www.fina.hr/finadigicert.
3.4. The list of technical prerequisites, the method of activation and the use of the Fina m-Token application is described in the User Instructions available at https://www.fina.hr/finadigicert.
4. Arranging the Service
4.1. The User arranges the service by submitting a Request to be Issued a Certificate for the creation of qualified electronic signatures and a Request to be Issued a Certificate for the creation of qualified seals in the e-Signature Cloud Service and by signing the Certification Services Agreement in person at a Fina RO Network office or online using the OPSD service. The User may also arrange the Service through an external contractual RO.
4.2. The moment of signature of the Certification Services Agreement, which signifies acceptance of the Terms of Use of Certification Services, which regulate the certification procedures with respect to the authentication of the User to the e-Signature Cloud Service, is considered the moment of conclusion of the Certification Services Agreement.
4.3. Fina and the User are the Contracting Parties.
5. Scope and use of the Fina m-Token application
5.1. The use of the Service allows the User the following:
- authentication in the procedure of issuance of the certificates for the creation of qualified electronic signatures and certificates for the creation of qualified seals in the e-Signature Cloud Service;
- authentication to the e-Signature Cloud Service.
5.2. The User is required to ensure the adequate technical and other prerequisites laid down in the User Instructions in order to use the Fina m-Token application.
5.3. Fina reserves the right to unilaterally modify the User Instructions, which are posted on Fina's website at https://www.fina.hr/finadigicert. The User agrees to the abovementioned manner of modifying the User Manual and receiving information.
6. Personal Data Protection
6.1. Personal data collected on the Request are processed for the purposes of the data controller's compliance with the legal requirements solely for the purposes of providing the certification services and the Fina m-Token service and are necessary to Fina as the data controller for the purposes of contracting and providing the certification service of which the Fina m-Token service is a constituent part.
6.2. As the data controller, Fina needs the personal data collected by means of the Request to Have a Certificate Issued for the purposes of providing the Service.
6.3. As the data controller, Fina may forward the personal data to providers of IT solutions and services acting as contractual data processors. In this case, the data processor processes the personal data as instructed by the data controller in order to fulfil the purpose for which the personal data was collected and in the manner defined by the personal data processing agreement in accordance with the requirements of the General Data Protection Regulation.
6.4. The User has the right to request access to, to request correction, deletion, transferability and restriction of processing, and to object to the processing of personal data concerning him/her if the required prerequisites have been met. Any request associated with the exercise of the above rights is to be submitted in written at designated windows at Fina offices, whose list is available on Fina's website https://www.fina.hr. The data subject may file an objection to the processing of his/her personal data to the supervisory authority – the Personal Data Protection Agency, azop@azop.hr.
7. The User's Responsibilities
7.1. The User has the following obligations and responsibilities:
- take responsible care of the mobile device to which the Fina m-Token application has been downloaded as the means of two-factor authentication to the e-Signature Cloud Service to prevent its loss, theft or abuse;
- activate the Fina m-Token application within 24 hours of receiving the Activation datasent by Fina in a text message and e-mail to the phone number and e-mail address specified by the User in the Request to have the Certificate Issued;
- only use the Fina m-Token for the purposes provided in the Certification Services Agreement and in these Terms under 5.1;
- properly activate the Fina m-Token;
- promptly update the Fina m-Token application to any new version made available by Fina;
- take all measures to protect the confidentiality of the Activation data, use the Code with due diligence, not disclose it or make it available to other persons, and accept full responsibility for all obligations arising from the use of the Code;
- not forward the Activation databy e-mail or text message to third persons and in no case provide third persons with access to or control of his/her mobile device;
- take all protective measures, use his/her PIN for the Fina m-Token application with due diligence, not disclose it or make it available to others, and accept full responsibility for all obligations arising from its use;
- inform Fina without delay of any loss or unauthorized use of Activation dataor PIN and, in case of the above, immediately submit a Request to Block, Activate or Deactivate the Fina m-Token.
7.2. The User bears the cost of any damage resulting from loss and/or unauthorized use of Registration Data and PIN and from unauthorized or inappropriate use of the Fina m-Token, which is considered gross negligence.
8. Fina's Responsibilities
8.1. Fina makes the application available for download and updating in online app stores (Google, Apple).
8.2. Fina makes the e-Signature Cloud Service and the CMS Portal available for downloading certificates.
8.3. Fina is responsible for the registration of the User in Fina's RO Network, the availability of the OSPD Service, and the sending of the Activation datafor the activation of the Fina m-Token application.
8.4. The Service Provider is not responsible for the following:
- inability to use the Service due to technical or other deficiencies on the part of the User (such as an inadequate mobile phone and operation system, inadequate internet connection or no internet connection, etc);
- other cases that fall under the responsibility of the User as specified in these terms under 7.1 and 7.2.
9. Compensation
9.1. The use of the Fina m-Token application is free of charge.
9.2. Fina charges a fee for the service of issuing the certificate and for the use of the e-Signature Cloud Service, of which the use of the Fina m-Token application is a constituent part, in accordance with Fina's official rates available at https://www.fina.hr/finadigicert.
9.3. The charges for the use of the Electronic Services are unrelated to the authentication service made possible by the Fina m-Token and may be subject to charges in accordance with the rules and rates stipulated by the owner of the Electronic Service.
10. End of Use of the Fina m-Token Application, Blocking, Unblocking and Deactivating the Fina m-Token Service, Replacing a Mobile Device
10.1. The Fina m-Token application will not be deactivated automatically by submitting a request for the revocation of the corresponding certificates in the e-Signature Cloud Service. The User may not use the application for any other purpose, and if the User does not intend to use Fina's e-Signature Cloud certificates again, the User may deinstall the application from his/her device, or submit the appropriate request to have the service deactivated at Fina.
The User may submit the Request to Deactivate the Fina m-Token Service at one of the offices in Fina's RO Network.
10.2. When replacing his/her mobile phone, the User may transfer the application from one mobile phone to the other, as explained in the User Instructions available on www.fina.hr/finadigicert. If the User has replaced his/her mobile device without transferring the application from one device to the other, the User is required to request Fina to issue new Registration Data and activate the new Fina m-Token application.
10.3. If the User has informed Fina about the loss and/or unauthorized use of the Registration Data or PIN, the Service will be blocked.
10.4. In case of suspected abuse, the User may block the Service by submitting the Request to Block, Unblock, Deactivate or issue a new Fina m-Token at Fina or in urgent cases by calling Fina's number (+385 1) 612 7040 every day 0-24. Urgent cases mean the theft or disappearance of the mobile device or another form of abuse of the Fina m-Token Service.
10.5. Fina can momentarily terminate the Agreement without prior warning and/or notice with any User who fails to comply with these Terms. Fina is required to inform the User of the fact by sending a notice to the e-mail address specified by the User in the Request to Have a Remote e-Signature Certificate Issued. In such a case, the Agreement is considered terminated at the moment of sending the notice.
11. Final Provisions
11.1. The User accepts the Terms by activating the Fina m-Token application.
11.2. The Terms are available on the website https://www.fina.hr/finadigicert.
11.3. These Terms will be posted on Fina's website. Fina reserves the right to subsequently amend the Terms, of which Fina is required to inform the User by posting a notice on Fina's website. The User will be considered to have agreed to the amended Terms if the User does not inform Fina in written within 15 (fifteen) days of the Terms being posted on Fina's website about the User's disagreement with the amended Terms and cancellation of the use of Fina's e-services.
11.4. These Terms apply from 28.12.2023.