General Terms of use for the smsPASS one time password
Authentication and e-Signature Service
By acquiring the one-time password smsPASS (hereinafter: smsPASS) the user agrees to the general terms of use. If the user does not agree with the general terms of use, it is not possible for them to obtain the smsPASS.
These terms of use apply to the relationship between issuer and the user, namely for the use of smsPASS.
1. DESCRIPTION OF smsPASS
The one-time password smsPASS in a login method based on two-factor authentication of the user and provides his or her unique identification. The initial user identification upon acquiring smsPASS is performed either personally at a registration authority SI-TRUST or remotely with a qualified certificate for e-signature which was issued also with the purpose of authentication to which the user’s tax number is associated. Based on the application with the smsPASS, the user can acquire a qualified certificate SI-PASS-CA for a qualified electronic signature and use it to electronically sign documents within the SI-PASS system. The issuer of smsPASS is the Trust Service Authority of Slovenia at the Ministry of the Interior and Public Administration.
2. GENERAL PROVISIONS
The content of the General Terms of Use (hereinafter: Terms of Use) of smsPASS applies to the terms of use of smsPASS and represents a legally binding agreement between the smsPASS issuer and users.
smsPASS issuer reserves the right to change any part of the smsPASS service and delete any content without prior notice. In the event of abuse mentioned under paragraph 10 of Terms of Use, the issuer reserves the right to limit or discontinue the use of smsPASS to a user.
In order to provide the user the best possible user experience, the smsPASS issuer is responsible for constantly updating the service. The user acknowledges and agrees that the form and nature of the service provided by the issuer may change from time to time without prior notice.
3. DEFINITION OF TERMS
The Ministry of Public Administration is the issuer of smsPASS and the administrator of the SI-PASS system.
SI-PASS user account is an account which is created by the user upon registering and is used with every login to SI-PASS.
The one-time password smsPASS is the method of logging into the SI-PASS system which is based on a two-factor authentication of the user and provides his or her unique identification.
The SI-PASS user pages are websites, through which the user can access his or her SI-PASS system settings.
The Trust Service Authority of Slovenia SI-TRUST is the trust services provider operating within the Ministry of Public Administration.
4. ACQUISITION OF smsPASS
In order to acquire and use smsPASS the user requires a SI-PASS user account and a device with a phone number that enables reception of short text messages (hereinafter: SMS messages).
Prior to acquiring smsPASS, the user must be appropriately identified, which is done either personally at a registration authority SI-TRUST or remotely with a qualified certificate for e-signature which was issued also with the purpose of authentication to which the user’s tax number is associated. smsPASS can be acquired by persons with a personal identification number and tax number issued in the Republic of Slovenia.
a. USER IDENTIFICATION AT A REGISTRATION AUTHORITY
A user who wishes to obtain smsPASS and in the activation process selects identification at a registration authority, begins the acquisition process on the SI-PASS user pages. If the user does not yet have a SI-PASS user account, he must first register it. In the process of activating smsPASS, the user provides the personal data necessary for obtaining smsPASS: name, surname, tax number, date of birth and address of permanent residence. Upon successful submission of a request for the smsPASS, the user visits a registration authority SI-TRUST, where the civil servant of the registration authority personally identifies the user by means of a valid identity document with a photo.
Once the user's identity is confirmed, the user receives an activation code to his or her email address, which is needed in order to continue the smsPASS activation process. The user completes the procedure on the SI-PASS user pages, where the user enters the activation code and his or her phone number to which he receives an SMS message with a one-time password. By entering this one-time password, the user acknowledges his or her control of the device and finishes the smsPASS activation process.
b. USER IDENTIFICATION WITH THE QUALIFIED CERTIFICATE FOR E-SIGNATURE
A user who wishes to obtain smsPASS and in the activation process selects identification with a qualified certificate for e-signature, begins the acquisition process on the SI-PASS user pages. If the user does not yet have a SI-PASS user account, he must first register it. In the process of activating smsPASS, the user confirms the personal data necessary for obtaining smsPASS: name, surname, tax number, date of birth and address of permanent residence.
After the successful submission of the request for smsPASS, the user receives by post to his or her permanent address an activation code that is needed in order to continue with the activation procedure of smsPASS. The user completes the procedure on the SI-PASS user pages, where the user enters the activation code and his or her phone number to which he receives an SMS message with a one-time password. By entering a one-time password, the user acknowledges the control of the device and finishes the smsPASS activation process.
5. USE AND MANAGEMENT OF smsPASS
Upon logging in with smsPASS to an e-service, the user is redirected to the SI-PASS system, where he first enters his or her user name and password, and then the one-time password received in the SMS message. After a successful login, the user is redirected back to the e-service.
On the SI-PASS user pages, the user can add a new phone number, remove the existing phone number, and cancel the smsPASS service.
6. TERMS OF USE - AGE AND RESPONSIBILITY
smsPASS can be acquired by competent persons over 15 years of age. The use of smsPASS is intended solely for the user’s own use. The use of smsPASS by other persons is not permitted, for which the user guarantees with full liability and assumes passive legitimisation in case of a dispute. It is not allowed to authorise or register other persons, or otherwise redirect smsPASS.
7. OTHER RULES OF USE
In order to ensure quality usage of smsPASS, the user will follow the SI-PASS-CA issuer policy and other rues of use published on the SI-TRUST website (www.si-trust.gov.si).
8. TECHNICAL RECOMMENDATIONS FOR USERS
SI-PASS websites are tested for use on the following browsers: Chrome (v. 45 and later), Mozilla Firefox (v. 41.0 and later), Internet Explorer (IE9 and later), Safari (v. 8 and later), Opera (v. 33 and later).
SI-PASS websites can be used on older versions of browsers; however, the pages can look disfigured.
Option of smsPASS login to a particular e-service depends on its service provider, who determines the allowed login methods to the e-service.
9. LIMITATION OF LIABILITY
The user must take into consideration that:
- from the accessibility viewpoint, web technologies which enable identification and transmission of information are not 100% reliable. The administrator is not liable in case of potential outages of operation due to the transmission line of the provider;
- receiving of a text message depends on the operation of a mobile network, which cannot be 100% reliable and is dependent on the user’s mobile operator;
- the issuer is not liable for faulty operation of the services, which is the result of the user’s lack of knowledge or misuse;
- for the use of smsPASS the user needs suitable software and hardware (computer, browser, mobile phone);
- the administrator or issuer cannot guarantee the workings of the services in case of a network outage by the contractors, power outage or any other technical disturbances which could temporarily hinder the workings of the services;
- all information published on SI-PASS user pages and SI-TRUST website is purely informative. The administrator strives for an optimal presentation of the webpages and their workings, keeping the information published on those pages complete and up to date; however, the administrator is not liable for their inaccurateness, currency and incompleteness;
- the administrator or issuer is not, in any case, liable for any direct or indirect damage or inconvenience (loss of profit, business risks, loss of software or other data ware), which could result due to technical problems or the user’s inability to use smsPASS.
10. USERS COMMIT:
- not to use smsPASS for illegal purposes;
- not to use phone numbers not under their control;
- not to use computer codes, malware or anything that could disrupt, disable or damage the smsPASS service, the administrator or issuer and their software and hardware.
11. THE PURPOSE OF PROCESSING AND PROTECTING PERSONAL DATA
The issuer of smsPASS commits to diligently protect the user’s data and will use them solely for the needs of carrying out the service. The user confirms of being, prior to the acquisition smsPASS, adequately acquainted with the extent and purpose of processing personal data, which he or she has or will make accessible to the administrator upon signing up or logging in, and that he or she agrees with the before mentioned.
The smsPASS issuer will gather, store and otherwise process smsPASS user data with the following purpose:
a) general data about the smsPASS user, intended for quality maintenance of SI-PASS, more specifically
- managing the registered users’ database; for this purpose the SI-PASS identifier, the name of the user account (email address), and information on the use of smsPASS are being stored;
- preparing anonymous statistical analyses (total number of users, number of new users in a specific time frame, use of user pages etc.).
The data will be kept secure consistent with the legalisation in force which deals with protection of personal data, and will not be transmitted to a third party, unless defined otherwise by law. The provider will also keep the gathered data only as long as it takes to fulfil the purpose for which the data was gathered.
b) personal data, intended for user authentication.
In the process of acquiring and using smsPASS, the user transmits certain personal data and is responsible for their authenticity.
Upon acquiring smsPASS the user gives his personal conformation that the issuer can process the personal data of the user:
- name and surname,
- tax identification number,
- date of birth,
- permanent address,
- one or more email addresses and,
- one or more mobile phone numbers.
The smsPASS issuer commits to never misuse users’ personal data, send unwanted commercial electronic messages or in any way infringe their privacy.
The data will be kept consistent with the legislation in force that deals with protection of personal data, and will not be transmitted to a third party, contrary to the terms of use of the SI-PASS system, unless defined otherwise by law. Personal data will be stored and used in order to achieve the purpose for which the data was processed. The issuer commits to erase all data upon fulfilment of the purpose.
At the time of managing personal data, an individual has the possibility to view, copy, update, correct and delete personal data, in accordance with applicable law.
12. TECHNICAL SUPPORT
In case of encountering any problems or have questions, users can send an email to ekc@gov.si or call +386 080 2002.
13. VIOLATION OF TERMS OF USE
The issuer reserves the right to deny or limit the use of smsPASS to users in violation or in conflict with the Terms of Use.
If the users cause any damage to the administrator with their actions, they will be held morally, materially and criminally fully liable.
Report any possible infringements in using smsPASS by other users to the issuer via email to ekc@gov.si or in writing to the Ministry of Public Administration, Tržaška 21, 1000 Ljubljana.
14. MODIFICATION AND COMPLEMENTIONS OF GENERAL TERMS OF USE
The smsPASS issuer can modify and complement the current Terms of Use without prior notification or conformation form the users.