Terms of Use for the Digital ID Platform as Hosted Solution

1. Overview
1.1 These terms apply where You use or access the Digital ID Platform as a Hosted Solution using the services and/or data supplied by ConnectID Pty Ltd or its Related Bodies Corporate (the “ConnectID Operator”).
1.2 By using the Digital ID Platform, You do so subject to these additional terms in addition to the other terms of use contained in the greenID agreement. You acknowledge these terms may be updated from time to time as required by the ConnectID Operator.

2. Terms of Use
2.1 You must access and use the Digital ID Platform for your own internal business purposes in accordance with these terms and the greenID agreement and solely for the purposes of identity verification.
2.2 When using the Digital ID Platform, you must comply with all applicable Laws.
2.3 You must not seek to circumvent or disable any controls in the Digital ID Platform.
2.4 Any and each Digital Identity Transaction will only be provided if the Identity Owner gives express consent. The Identity Owner is required to have a digital account enabled with a Data Provider within the ConnectID Network and have had their identity details (such as name, telephone number, email and date of birth) verified with the Data Provider within the prior 5 years and meet certain minimum age requirements set out by the relevant identity provider.
2.5 You acknowledge and agree that, to the extent permitted by Law, Us or the ConnectID Operator provide no warranties, representations, guarantees or conditions and excludes all liability in connection with:
(a) the accuracy, currency, timeliness, validity, completeness or suitability of the Digital ID Platform, our services, or any Identity Data for any purpose, including with respect to compliance with any regulatory requirements, such as any “know your customer”, AML/CTF Act or similar requirements;
(b) the availability of Digital ID Platform or access to it, nor that the Digital ID Platform or such access will be uninterrupted or error free;
(c) any Transactions (including fraudulent Transactions), Identity Data or verifications or assertions as to a person’s identity or attributes, including with respect to quality, accuracy, currency, timeliness, validity or completeness.
2.6 You must not:
(a) use the Digital ID Platform in breach of any applicable Laws or for any purpose that is unlawful or that would give rise to any civil or criminal liability for Us, the ConnectID Operator or any other third party;
(b) charge any fees from the Identity Owner to perform a Digital Identity Transaction via the ConnectID services.
(c) use the Digital ID Platform or associated documentation in any manner that adversely impacts or limits:
i. the stability, security, reliability, performance or integrity of our systems or the systems of the ConnectID Operator or the Digital ID Platform, or any data Processed or transferred using the Digital ID Platform;
ii. the ability of third-parties to use or integrate with the Digital ID Platform; or
iii. Our interests or reputation or the interests or reputation of the ConnectID Operator;
(d) except as permitted by Law, copy, cache, reproduce, seek to reverse engineer or decompile any part of the Digital ID Platform, or modify or create derivative works based on all or any part of the Digital ID Platform;
(e) rent, lease, sell, assign, sub-licence, deliver or otherwise distribute the Digital ID Platform or any platform documentation to any other person except as expressly permitted by these Rules, or otherwise use the Digital ID Platform or any platform documentation to provide any form of bureau, aggregator or similar services without the prior written consent of the ConnectID Operator;
(f) provide the Digital ID Platform to a third party or permit any third party to have access to the Digital ID Platform or platform documentation, other than as permitted under these terms;
(g) remove, alter or obscure any identification, copyright, trademark or other proprietary notices, labels or marks (if any) contained in any materials relating to the Digital ID Platform, including the platform documentation;
(h) send infringing or unlawful material using the Digital ID Platform or any sensitive data;
(i) attempt to gain unauthorised access to the Digital ID Platform or any data Processed or transferred using the Digital ID Platform;
(j) use the Digital ID Platform to propagate any virus, worms, malicious code, Trojan horses, or other programming routine intended to damage any system or data;
(k) do anything that would prejudice the ConnectID Operator’s existing right, title, or interest in the Digital ID Platform;
(l) use the Digital ID Platform for the purposes of evaluation, benchmarking or other comparative analysis; or
(m) use the Digital ID Platform or any platform documentation for any purpose other than as permitted under these terms and the greenID agreement, including to copy, replicate, produce, create, develop or duplicate some or all of the Digital ID Platform or any platform documentation in another form, product or service, without our prior written consent.
2.7 We and the ConnectID Operator do not accept any liability whatsoever, now or in the future, in respect of any reliance that you place on the accuracy of the information, irrespective of how and what the purpose of the information is used for by You.
2.8 You acknowledge and agree that the ConnectID Operator may make changes to and update the Digital ID Platform from time to time.

3. Maintenance
3.1 The ConnectID Operator may, at any time and without notice, modify and suspend the operation of, or access to the Digital ID Platform, or any part thereof, for any reason or interrupt the operation of the Digital ID Platform or any part thereof, as necessary to perform maintenance, error correction or upgrades or to respond to or manage security risks. We will endeavour to communicate to You any planned maintenance in advance.
3.2 Neither Us nor the ConnectID Operator will be liable if, for any reason, the Digital ID Platform is not available at any time or for any period of time.

4. Audit
4.1 We may audit, access, inspect and copy (Audit) the performance of Your obligations or exercise of rights under these terms for the purpose of verifying whether You are complying with these terms or to enable Us (or any of our Related Bodies Corporate) to comply with applicable Law, with the TDIF requirements (if applicable) or any request or direction of a supervisory authority.

5. Intellectual Property
5.1 You acknowledge and agree that title to and ownership of all rights (including all Intellectual Property rights) in and to the Digital ID Platform and associated documentation, including all modifications, improvements or derivative works with respect to the same, will at all times remain with the ConnectID Operator.

6. Privacy and data
6.1 When accessing, collecting, using, disclosing, processing, transferring and/or otherwise handling (together Processing) Personal Information in connection with the Digital ID Platform or any Transaction, We and the ConnectID Operator will comply with applicable data privacy laws.
6.2 You:
(a) acknowledge the ConnectID Privacy Policy and agree to the ConnectID Operator’s Processing of Personal Information as contemplated by the ConnectID Privacy Policy and these terms; and
(b) must ensure, and warrant and represent to Us and the ConnectID Operator, that You have made all necessary disclosures and obtained all relevant consents and approvals, including under Privacy Law, to provide Personal Information to Us and the ConnectID Operator and for Us and the ConnectID Operator to process that Personal Information as contemplated by these terms.
6.3 You warrant to Us and the ConnectID Operator that You comply with all applicable privacy laws including:
(a) publish and maintain a public-facing privacy policy that complies with the requirements of the Privacy Act which expressly covers matters related to Your participation in the Digital ID Platform and Transactions; and
(b) nominate a designated person or role who will act as the primary contact point for any privacy or data related matter, including in respect of any Security Incidents, in connection with the Digital ID Platform (Privacy Officer) and notify the Network Operator of the relevant contact details. The Privacy Officer must have appropriate skills, experience and background to perform the role.
6.4 You must notify Us without undue delay if there is a change in the contact details of Your nominated Privacy Officer.
6.5 If You become aware that a Security Incident has occurred, You must (except to the extent prohibited by applicable Law):
(a) promptly (and in any case within 24 hours) notify Us;
(b) without undue delay provide Us or the ConnectID Operator with all information related to the Security Incident as reasonably required by Us or the ConnectID Operator;
(c) conduct an expeditious investigation and assessment of the nature, extent and cause of the Security Incident.
(d) promptly take all reasonable steps to stop and mitigate any potential or further loss, interference or harm that may arise in connection with the Security Incident and remediate any weakness, failure or vulnerability in Your information technology environment or associated operational procedures to prevent any similar incident from occurring.
(e) provide reasonable assistance to Us or the ConnectID Operator as required to mitigate the impact of the Security Incident.

7. Indemnity
7.1 You will indemnify Us and the ConnectID Operator (and keep Us and the ConnectID Operator indemnified), their related bodies corporate and personnel (each an Indemnified Person) in respect of any loss or damage suffered by or claim made against the Indemnified Person as a result of or in connection with:
(a) Any breach of Your obligations under clauses 2.6(a), 2.6(d), 2.6(f), 2.6(h) and 2.6(m), 5 (Intellectual Property), 6 (Privacy and data) and Your confidentiality obligations under these terms and the greenID agreement; and
(b) Any fraudulent or unlawful acts or omissions, or wilful misconduct, by You or Your personnel;
provided that Your liability under this clause 7 will be reduced proportionally to the extent the loss or damage is caused or contributed to by any breach or negligent act or omission of an Indemnified Person.

8. Suspension
8.1 We and the ConnectID Operator may suspend the services for a specified or indefinite time if:
(a) You breach any provision of these terms and that breach is not remedied to Our or the satisfaction of the ConnectID Operator within such period as We or the ConnectID Operator may determine in writing acting reasonably;
(b) You breach Your obligations under these terms and the greenID agreement relating to security, confidentiality or privacy;
(c) You become subject to an Insolvency Event;
(d) We or the ConnectID Operator are directed or requested by any supervisory authority; or
(e) You are subject of a material Security Incident.

9. Termination
9.1 You acknowledge that We rely on the ConnectID Operator to provide the services under these terms. Therefore, You acknowledge and agree that, in addition to Our rights in the greenID agreement, We can terminate these terms if, for any reason, our agreement with the ConnectID Operator is terminated.
9.2 Upon termination, for any reason, You must immediately cease to use the ConnectID services.

10. ConnectID Minimum Customer Terms
10.1 You acknowledge that the Identity Owners will be required to agree to the ConnectID End User Terms before We can proceed with the Digital Identity Transaction.

11. Definitions

Data Providers means participants of the Digital ID Platform responsible for supplying Identity Data.

Digital ID Platform means the digital identity platform operated by the ConnectID Operator.

Digital Identity Transaction means a transaction performed using the Digital ID Platform.

Identity Data means:
(a) an item of information or data associated with an Identity Owner (such as name, telephone number, date of birth, credit score or qualifications); and
(b) any verification or assertion of a person’s identity.

Identity Owner means an individual about whom Identity Data relates, and who is Your customer or potential customer.

Insolvency Event means an event that occurs in respect of a person if:
(a) it is (or states that it is) an insolvent under administration or insolvent (each as defined in the Corporations Act);
(b) it has had a Controller (as defined in the Corporations Act) appointed, or is in liquidation, in provisional liquidation, under administration or wound up or has had a Receiver (as defined in the Corporations Act) appointed to any part of its property;
(c) it is subject to any arrangement, assignment, moratorium or composition, protected from creditors under any statute, or dissolved (in each case, other than to carry out a reconstruction or amalgamation while solvent on terms approved by the Network Operator);
(d) an application or order has been made, resolution passed, proposal put forward, or any other action taken, in each case in connection with that person, which is preparatory to or could result in any of (a), (b) or (c) above;
(e) it is taken (under section 459F(1) of the Corporations Act) to have failed to comply with a statutory demand;
(f) it is the subject of an event described in section 459C(2)(b) or section 585 of the Corporations Act (or it makes a statement from which the Network Operator reasonably deduces it is so subject);
(g) it is otherwise unable to pay its debts when they fall due; or
(h) something having a substantially similar effect to (a) to (g) happens in connection with that person under the law of any jurisdiction.

Intellectual Property includes all industrial and intellectual property rights of any kind including copyright (including rights in computer software), trade mark, service mark, design, patent, trade secret, semi-conductor or circuit layout rights, trade, business, domain or company names, moral rights, rights in confidential information, know how or other proprietary rights (whether or not any of these are registered and including any application for registration) and all rights or forms of protection of a similar nature or having equivalent or similar effect to any of these which may subsist anywhere in the world.

Laws means:
(a) common law and equity;
(b) any legislation, statute, law, by-law, ordinance, rules, or subordinate legislation;
(c) mandatory or statutory codes of practice, standards, guidelines, principles and requirements, licences, permit, authorisation, accreditation or associated conditions; and
(d) writs, orders, injunctions and judgments.

Personal Information means any “Personal Information” or “Sensitive Information” (as such terms are defined in the Privacy Act) or similar terms under any Privacy Law which is received from any source in relation to or as a result of the performance of rights or obligations under these terms, and in all cases is deemed to include all Attributes and any Identity Data transferred in connection with the Digital ID Platform.

Privacy Act means the Privacy Act 1988 (Cth).

Privacy Law means all legislation, principles, industry codes, guidelines and policies relating to the collection, use, disclosure, storage, protection or granting of access rights to Personal Information, including the Privacy Act and any applicable state or territory privacy laws.

Security Incident means any actual:
(a) breach of Your confidentiality, privacy or security obligations under these terms and the greenID agreement;
(b) unauthorised, accidental or unlawful access to, use, disclosure or modification of, or loss of or damage to, any Personal Information or Identity Data transferred in connection with the Digital ID Platform; or
(c) unauthorised access to or use of the Digital ID Platform or any of Our interfacing systems or any compromise to the stability, security, reliability, performance or integrity of the Digital ID Platform, or such interfacing systems,

and includes an eligible data breach or any other actual or suspected data or security incident or event that is notified or required to be notified (by the ConnectID Operator or Us) to any supervisory authority in connection with the Digital ID Platform or that may compromise the stability, security, reliability, performance or integrity of the Digital ID Platform.

Transaction means the exchange of Identity Data associated with an Identity Owner between Us and the Data Providers via the Digital ID Platform.

Trusted Digital Identity Framework or TDIF means the Australian Government’s accreditation framework for digital identity services, including the policy and framework documents, requirements and associated legislation underpinning or relating to that framework.