The Supplier Data used to provide this Dataset is provided by GBG’s Supplier, Trinsic Technologies, Inc. GBG is obliged under the terms of its agreement with its Supplier to ensure that all End Users agree to comply with the following licensing provisions:

1. DEFINITIONS
1.1. In these Additional Terms, the following definitions shall apply, in addition to the definitions set out in the Agreement:
“End User Data” means any data, including where relevant any personal data, relating to an End User that is (a) provided by the Data Subject to End User, or (b) collected, accessed, or otherwise obtained by GBG on behalf of an End User and processed solely in accordance with the terms of the Agreement.

2 USE OF THE DATASET
2.1. End User shall not:
(a) reproduce, display, download, modify, create derivative works of or redistribute the Services;
(b) attempt to reverse engineer, decompile, disassemble or access the source code for the Services or any component thereof;
(c) execute unauthorized automated tests or load balancing against the Supplier Data, Dataset or Services;
(d) introduce to the Services any unauthorized data, malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code, or any data that infringes, misappropriates, or otherwise violates the intellectual property rights or other rights of any third party;
(e) use the Supplier Data or any component thereof, in the operation of a service bureau to support or process any content, data, or information of any party other than End User;
(f) sell, transfer, sublicense, assign, or otherwise permit any party, other than the then-currently Authorised Users, to access the Supplier Data and/or Services;
(g) access or use the Supplier Data and/or Services to deliberately create a competing product or service; or
(h) use the Supplier Data and/or Services for any purpose that is unlawful, harassing, abusive, tortious, threatening, harmful, invasive of privacy, vulgar, defamatory, false, intentionally misleading, trade libelous, pornographic, obscene, patently offensive, promotes racism, bigotry, hatred, or physical harm of any kind, or is otherwise objectionable.
2.2. End User acknowledges and agrees that GBG may immediately suspend End User’s access and use of the Supplier Data if GBG has reasonable evidence that cause it, in good faith, to believe the End User has violated clause 2.1 above. GBG will cooperate and work with the End User to restore access in a timely manner once any suspected breach has been cured, unless such breach gives rise for GBG to terminate pursuant to the terms of the Agreement.
2.3. Prior to taking this Dataset, the End User must complete and sign the “Agreement Form for Customer” attached at Annex 1.

3. INFORMATION REQUESTS
3.1. GBG and/or the Supplier may receive requests, or be contractually required by government entities, regulatory authorities, or the ID Provider, to provide or obtain information about End User and/or Data Subjects as a condition of the use of the Services. The End User authorizes GBG and its Supplier to provide End User Data to such authorities (or their designated representatives) in response to such requests and, if the requested information is not already in GBG’s or its Supplier’s possession, End User will promptly provide all necessary information to GBG for this purpose.

4. USE OF ID PROVIDER MARKS
4.1. End User is granted a limited, non-exclusive, royalty-free license to use the marks of IN Groupe Trust Services, NO Branch (“ID Provider”), subject to any communicated limitations, conditions, usage guidelines, or approval procedures, for the purpose of: (i) indicating to actual and prospective customers that End User is authorized to make available the Supplier Data, (ii) identifying the ID Provider as an offered verification method within End User’s services. End User acknowledges that the right to use the ID Provider’s mark is not guaranteed and that any licence to use an ID Provider mark granted hereunder may be revoked at any time at the sole discretion of GBG, the Supplier or ID Provider. End User agrees not to alter, obscure, or misuse ID Provider marks or use them in a way that could cause confusion, diminish their distinctiveness, or imply that End User is an exclusive provider or partner of the ID Provider.

5. SERVICE LEVELS
5.1. The End User acknowledges and accepts that any downtime or performance degradation caused by the ID Provider is beyond GBG's reasonable control and shall be considered an exception to the availability of the Services.

6. DATA PROTECTION AND COMPLIANCE WITH RELEVANT LAWS
6.1 End User shall inform the Data Subject that their data shall be transferred to the Supplier in the United States as part of this Service.

Annex 1

Agreement Form for Customer

Customer information
Company Registration Number (or similar from an official companies’ register)
Name of the Customer
Address 1 (addressee or department)
Address 2 (street/postal address)
Postcode and city
Country
Agreement contact	Phone	E-mail

 

The following integration partner is authorised to represent the Customer during technical integration
Name of the integration partner Trinsic Technologies, Inc.
Company Registration Number (or similar from an official companies’ register) 84-2221672
Main contact for the technical integrator Michael Boyd	Phone	E-mail michael@trinsic.id

Purpose of the Agreement

IN Groupe Trust Services, NO Branch, business registration number 933 127 990, (“IN Groupe”) is delivering electronic identification service through the Partner. IN Groupe provides customers with strong electronic identification services, and the Customer provides the end users of the Customer’s Online Service (i.e. eID Holders) with an Online Service wherein strong electronic identification is needed.

IN Groupe has entered into a Partner Agreement with a company, Trinsic Technologies, Inc. (“Partner”) that resells IN Groupe’s strong electronic identification service. The Partner resells IN Groupe’s strong electronic identification service to IDology, Inc. and/or its affiliates, including GB Group Plc. (“Reseller”), who in turn provides the FTN Service to its own customers, including the Customer. The Customer has entered into an agreement with the Reseller for access to the FTN Service and wishes to make use of that service in its Online Service, where strong electronic identification of end users (eID Holders) is required.

This Agreement includes the terms and conditions that govern the relationship between IN Groupe and the Customer when Customer uses FTN Service in the strong electronic identification service.

Agreement structure

Unless specifically agreed otherwise, the following appendices form an integral part of this Agreement and supersedes all prior agreements and understandings between the Parties, whether written or oral, relating to the FTN service:

Appendix 1:   Service Descriptions and General Terms and Conditions.

The Agreement shall enter into force when the Parties have signed the Agreement, or when IN Groupe Trust Services has otherwise accepted the Agreement signed by the Customer.

Signatures

The Customer’s signature confirms the information provided by the Customer herein and acceptance of the Agreement. The Agreement may be signed in writing below or electronically.

If the Agreement is signed electronically, please send by email in PDF-A format to sales.esecurity@nets.eu.

If the document is signed below in writing, the signed Agreement shall be sent to the following address: IN Groupe Trust Services ApS, Teknikerbyen 5, 2. sal, 2830 Virum, Denmark

 

Signatures

Place and date

Customer

Name and title of the signatory

Signature

 

Appendix 1 - Service Description Finnish Trust Network (FTN)

1. Overview of this appendix 1 – Service description Finnish Trust Network

This appendix 1 describes the FTN services and specific conditions related to the Service.

In addition to the Service Overview, General Terms & Conditions for the Service and Processing of Personal Data the appendix also contains:

Appendix A - Confirmation regarding Personal Identity Codes

It is required for the Customer to fill out and sign Appendix A.

2. Definitions for the FTN Service

In addition to “Appendix 2 Definitions” the following definitions also applies to this eID Service description:

Definition	Description
Finnish Trust Network (FTN)	“Finnish Trust Network” or “FTN” means the network established by the eID Issuers and the strong electronic identification broker service providers under the Act on Strong Electronic Identification and IN Groupe (617/2009), as amended from time to time, and registered and supervised by the Finnish Transport and Communications Agency (Traficom).

3. Introduction

IN Groupe is registered as a strong electronic identification broker service provider in the Finnish Trust Network (FTN). IN Groupe provides Customers with strong electronic identification broker services, and the Customer provides the end users of the Customer’s Online Service (i.e. eID Holders) with an Online Service wherein strong electronic identification is needed.

The Finnish Trust Network (FTN) is a cloud-based identity network that connects small and large web users to established Finnish eID Issuers.

The supported eID Issuers are:

the identity services from the Finnish banks

the identity services from the Finnish telecom operators

IN Groupe is acting as a reseller of the FTN in agreement with the Finnish banks and telecom operators.

The FTN Service is be made available for the End User through the Customer’s own Online Service wherever the electronic identification is needed.

This Appendix describes the Finnish Trust Network Service IN Groupe shall provide for the Customer.

4. Functionality

IN Groupe Electronic Identity Provider subscription services for FTN includes the following description.

The Service gives access via the FTN to the unique and certified electronic identities of the Finnish population that holds eIDs of the above-mentioned identity services.

At least the following information shall be included in the person identification data:

first name, last name and date of birth of the person, and,

if applicable, unique identifier of the person such as HETU(SSN) and SATU

The Service is delivered as a managed service/SAAS and accessed by industry standard Identity protocols (OIDC/SAML) securing uniform technical interface independent of eID Provider.

4.1. FTN eID Issuers included in the Service

The table below lists the eID Issuers in the FTN that are available in the Service: 

Finnish eID Issuers

Bonum/ POP Pankki

Handelsbanken

Ålandsbanken

Säästöpankki

Danske Bank

Aktia

Telia (All mobiilivarmenne users)

Nordea

OP

OMA Säästöpankki

S-Pankki

 5. General Terms & Conditions for FTN

5.1. Rights and Obligations of IN Groupe

IN Groupe shall provide the Service to the Customer and the Service Recipients, if applicable, in accordance with the Agreement and IN Groupe’ Principles of the Identification Broker Service (in Finnish: Välitysperiaatteet). IN Groupe’ performance of the Service is contingent upon the eID issuers’ performance of their services which are provided to IN Groupe on an “as-is” basis without any service levels or availability guarantees.

IN Groupe is responsible for transferring the Person Identification Data from the eID Issuers to the Customer as described in the Agreement. IN Groupe has no possibilities of ensuring availability of the eID Issuers’ services or accuracy, correctness, validity, or contents of the data or any eIDs, nor has IN Groupe any knowledge of any unauthorised possession or use of such eIDs. Therefore, IN Groupe shall not be responsible to the Customer, the eID Holders, or other third parties for any interruptions in the eID Issuers’ services or other such circumstances mentioned in this paragraph or otherwise outside of IN Groupe’ control.

IN Groupe shall ensure that the Person Identification Data is not transferred to, or used by, any unauthorised third parties when in their possession, unless permitted by applicable law or regulations.

5.2. Rights and Obligations of the Customer

The Customer shall use the Service in accordance with the Agreement, including these General Terms – FTN in force from time to time. 

Online Service(s), including its lawfulness and availability, development, maintenance and contents, and costs and expenses thereto, and

products and services the Customer or a Service Recipient markets, offers, or provides to their customers, including the eID Holders.

IN Groupe has no contractual relationship to the eID Holders, and thereby no responsibilities or liabilities of their acts or omissions nor any acts of third parties in relation to the use or possession of the eIDs. 

The Customer shall ensure that an eID Holder is legally competent to perform the acts he or she is authenticated for through the Service. The Customer shall check that the Person Identification Data received through the Service corresponds to the data submitted by the eID Holder to the Customer’s or the Service Recipient’s Online Service. Furthermore, the Customer shall ensure that the Person Identification Data is not used for purposes other than for authenticating the eID Holder nor transferred to, or used by, any third parties, un-less permitted by applicable law.

The Customer and the Service Recipients shall be legal entities registered within the EU/EEA Area. They shall also have a sufficient liability insurance to cover their liabilities under the Agreement.

6. Processing of Personal Data

The Customer is a data controller of personal data with regard to its Online Service and the Person Identification Data transferred to it by IN Groupe in the Service. IN Groupe is a data controller of personal data with regard to the Service and the Person Identification Data received from the eID Issuers. 

Each Party shall individually comply with, and be responsible for, the duties of a data controller in accordance with the GDPR and the Data Protection Act (1050/2018) as amended from time to time.

6.1. Person Identification Data

The Customer, Service Recipients, or their sub-contractors shall not process, or grant access to, the Person Identification Data outside the EU/EEA Area unless otherwise agreed in writing.

6.2. Personal Identity Codes

The Customer shall ensure, and is responsible for, that it has a legitimate reason and purpose for receiving and processing Personal Identity Codes in accordance with the Data Protection Act by providing IN Groupe a signed confirmation document.

Appendix A - Confirmation regarding Personal Identity Codes

The Customer confirms that it or the Service Recipient has a legitimate reason and purpose for receiving and processing Personal Identity Codes of the eID Holders for the purposes of the Online Service in accordance with GDPR and the Finnish Data Protection Act (1050/2018, in Finnish “Tietosuojalaki”).

The Customer’s or Service Recipient’s legitimate reason for processing eID Holders’ Personal Identity Codes in relation to the Service is the following (Personal Data Act 29 §):

Please indicate the appropriate option by placing an X in the corresponding box:

	processing is based on the explicit consent of the data subject
	processing is based on law
	processing is in order to realise the rights or obligations of the data subject or the controller
	processing for any relevant business activity as set out in the Data Protection Act, 29 §, subsection 2: in activities relating to granting of credit or collection of debt; in insurance business, credit institutions, payment institutions, renting and lending businesses; in credit data operations, in health care services, in social welfare activities or other social services; and in matters relating to the civil service, employment and other service relationships and benefits relating to the same.

IN Groupe may at any time request documentation showing that the conditions for requesting disclosure of the Personal Identity Codes are met by the Customer, and the Service Recipient, as applicable.

 

Signed at __________________, on this ___ day of _______________, _______.

 

Customer: