Terms and Conditions of Use
Subscribers must carefully read these terms and conditions prior to use of the Electronic Identity Account (‘the e-ID Account’) and/or Authentication and Qualified Electronic Signature Certificates (jointly referred as the ‘Certificates’) within the Identity Card/Residence Permit (the ‘e-ID’) issued by the Government of Malta.
01 Subject Matter.
The following provides for the terms and conditions regulating the use of:
- a) the e-ID Account;
- b) the Certificates.
The provision of e-ID Account and Certificates services are strictly related. The e-ID may require to use the Certificates for the delivery of e-Services that require enforced authentication. These terms and conditions regulate the use and reliance upon the Certificates as per the Trusted Service Provider’s (‘TSP’) Certificate Policy (‘CP’), which can be found at https://repository.qca.gov.mt.
02 Definitions
Unless otherwise stated in these terms and conditions, the terms and words used therein in relation to the ‘Certificates’ have the same meaning as in the TSP’s glossary which can be found at https://repository.qca.gov.mt. ‘Application Form’ refers to the application form which has been signed by the data subject so as to be issued with the Identity Card/Residence Permit, whereas the ‘Subscriber Agreement’ shall refer to the agreement signed by the data subject to apply for an eID account. The term ‘Subscriber’ shall refer to the eID account user.
01 PART A – TERMS SPECIFIC TO E-ID ACCOUNT
03 Authority responsible for e-ID Account.
The Authority responsible for the e-ID Account and for the relative terms and conditions set out hereunder shall be the Registration Authority (‘RA’). The Expatriates Section, responsible for the issuance of residence permits issued to non-Maltese nationals and the Identity Cards Unit, responsible for the issuance of identity cards to Maltese nationals, both within Identità, shall act as the RA.
04 Use of e-ID Account.
The Subscriber shall:
- a) ensure that his/her usernames, passwords and activation links relating to the e-ID Account (“e-ID Credentials”) are not compromised;
- b) immediately notify the RA on becoming aware that his/her e-ID Credentials are compromised, or there is substantial risk of compromise;
- c) ensure that all information provided to the RA in relation to the generation and issuance of his/her e-ID Account (including all information submitted by him/her during the registration process) is true, complete and up-to-date;
- d) immediately notify the RA if there is any other change to his/her e-ID registration information or any other information provided to the RA;
- e) make use of his/her e-ID Account only for the purposes for which it was issued, notably to access and use e-Services, and within the usage and reliance limitations as specified these terms and conditions and all other applicable laws, agreements and terms and conditions of use related to the subject matter;
- f) check the details set out in his/her e-ID Account on receipt and promptly notify the RA if incorrect or improper information has been created.
05 Warranties by the RA on the e-ID Account.
The Subscriber agrees that use of the e-ID Account, including access and usage of any functionality or multiple profile contained in the e-ID Account as well as access and usage of any electronic service connected to the electronic portal of the Government of Malta is solely at the Subscriber’s own risk. The RA expressly disclaims all warranties of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose and non-infringement. The Subscriber understands and agrees that any transaction, material and/or data downloaded or otherwise obtained through the use of e-ID Account is done at the Subscriber’s own discretion and risk and that usage of the e-ID Account may be construed as an ‘electronic signature’ in terms of the Maltese Electronic Commerce Act.
06 Warranties by the Subscriber on the use of the e-ID Account.
The Subscriber warrants:
- a) that he/she is solely responsible for any use as well as the contents of any transmission, message or transaction performed through the usage of the e-ID Account including all functionalities and profiles that can be assigned to and/ or generated by him/her through the use of the e-ID Account;
- b) to all Service Providers who will grant access to any electronic service provided through the portal of the Government of Malta (‘Service Providers’) that (i) no unauthorized person has ever had access to his/her e-ID Account and that the e-ID Account is being used exclusively for appropriate, authorised and lawful purposes; and (ii) at the time that any act, use or transaction is carried out or performed through by any other person or organisation on behalf of the Subscriber through the use of the assignment and/or delegation function available in the e-ID Account was validly authorised by the Subscriber and that such authorization was not revoked by the Subscriber, (iii) all representations made and documents submitted by the Subscriber during the application and registration for the e-ID Account are true and up-to-date.
07 Indemnity on the e-ID Account.
The Subscriber shall indemnify the RA and/or the Service Providers for any loss, damage and expense of any kind, arising out or in connection with (a) the manner and extent of the use of the e-ID Account by the Subscriber and/or by any person or organisation which the Subscriber appoints, assigns or delegates to appear and act on behalf of the Subscriber; (b) any negligence or wilful misconduct made by the Subscriber when using his/her e-ID Account and/or by any person or organisation which the Subscriber appoints, assigns or delegates to appear and act on behalf of the Subscriber; (c) any falsehood or misrepresentation of fact by the Subscriber and/or any person or organisation which the Subscriber appoints, assigns or delegates to appear and act on behalf of the Subscriber; (d) any failure by the Subscriber and/or any person or organisation which the Subscriber appoints or delegates to appear and act on behalf of the Subscriber to disclose a material fact with the intent to deceive the RA or the Service Providers; (e) any failure by the Subscriber and/or any person or organisation which the Subscriber appoints, assigns or delegates to appear and act on behalf of the Subscriber to prevent the compromise, loss, disclosure, modification, or unauthorized use of their e-ID Credentials; and (f) any non-permitted use of the e-ID Account.
The Subscriber further agrees to release, indemnify, defend and hold harmless the RA and any of its contractors, agents, employees, officers, directors, affiliates and assigns from all liabilities, claims, damages, costs and expenses, including reasonable legal fees and expenses, of third parties relating to or arising out of any falsehoods or misrepresentations of fact by the Subscriber on the Application Form and/or Subscriber Agreement, any breach of intellectual property or other proprietary right of any person or entity, failure to disclose a material fact on the Application Form and/or Subscriber Agreement, if the misrepresentation or omission was made negligently or with intent to deceive any party, failure to protect the Subscriber’s username, password, and activation links or to take the precautions necessary to prevent the compromise, loss, disclosure, modification or unauthorized use of same
08 Data Protection – e-ID Account
By agreeing to sign up for an e-ID Account, the Subscriber will provide the RA with personal data (the ‘e-ID Personal Data’). The e-ID Personal Data is retrieved from the Application Form. Further personal data, including IP address indicating from where the Subscriber is accessing their account, is collected when using the eID platform. This data is collected to ensure the security of the platform and prevent fraudulent activity. Appropriate technical and organizational measures are implemented to protect the data against unauthorized access or disclosure. By applying for an eID account and using the eID platform, you consent to the collection, use and storage of the IP address and geolocation as described in this section.
The RA is committed to process the e-ID Personal Data in a lawful, fair and transparent manner and in observance with the principles set out by General Data Protection Regulation (‘GDPR’), Article 5.
8.1 Data Controller - e-ID Account.
- Data Protection
- Officer Identitá
- Valley Road, Msida, MSD 9020, Malta
- Telephone: +356 2590 4900
- Email: [email protected].
8.2 Purposes and legal basis - e-ID Account.
Identitá is an Agency of the Government of Malta established by S.L. 595.07. The RA shall process the e-ID Personal Data to issue and manage the e-ID Account of the Subscriber, if the Subscriber agrees to sign up for it, including by providing such e-ID Personal Data to a third party at the Subscriber’s request when the Subscriber decides to use the e-ID Account toward such third parties. The RA does not re-use the information for another purpose that is different to the one stated. Processing is necessary for the performance of a contract to which the data subject is party and the delivery of services related to the Certificates under said contract (the Subscriber Agreement).
Processing is also necessary for the performance of a task in the public interest by the RA.
8.3 Recipients of Personal Data - e-ID Account.
e-ID Personal Data may be transferred to and accessed by the following recipient
- a) Service Providers from whom the Subscriber requests an e-Service. The Service Providers and the e-Services available to the Subscriber are found by searching “services” on the following website https://servizz.gov.mt and are subject to change. The Service Providers are public authorities of the Government of Malta offering online services in the public interest. They act in their capacity of data controllers once the e-ID Personal Data has been transferred to them. The Service Providers process the e-ID Personal Data in order to render the e-Services available to the Subscriber, only if said e-Services are requested by the Subscriber.
- b) Malta Information Technology Agency (‘MITA’), which acts as a data processor on behalf of the RA. MITA has access for technical purposes, and may use one or more sub-processors approved by the RA. The transfers will be done in line with applicable laws, and arrangements are in place in order to guarantee the confidentiality, integrity and availability of the e-ID Personal Data within these transfers. Under certain conditions outlined in law, the RA may disclose personal data to third parties, (such as the other Government entities or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes. e-ID Personal Data will not be transferred to third countries or international organizations.
8.4 Storage period of Personal Data - e-ID Account.
As a rule, the RA does not keep personal data for longer than necessary for the purposes for which it was collected. e-ID Personal Data will be stored by the RA for five (5) years after the death of the Subscriber or for five (5) years after the disabling of the e-ID Account of the Subscriber for whatever reason
8.5 Data subject rights - e-ID Account.
The Subscriber can contact the Data Protection Officer in order to exercise his/her right to access, rectify and, as the case may be, erase, any personal data relating to him/her, in compliance with applicable laws.
The RA may request the Subscriber to provide proof of identity (such as a copy of their residence permit/document or passport), before complying with the request.
If the Subscriber feels that the RA has infringed his/her data protection rights, the Subscriber may submit an official complaint to the supervisory authority of the Member State of his/her habitual residence or place of work.
02 PART B – TERMS TO SPECIFIC CERTIFICATES
09 Authority responsible for the Certificates.
The Authority responsible for the Certificates and for the relative terms and conditions set out hereunder shall be the Trust Service Provider (“TSP”). The Malta Electronic Certification Services Limited (“MECS Ltd.”) shall act as the TSP.
10 Identification Information of Certificates.
The Subscriber attests that the information submitted relating to the application for the Certificates, as may be corrected or updated from time to time, is true and complete and that s/he has complied with the corresponding registration procedures.
11 Acceptable Use or Reliance on Certificates.
- a) The reliance placed upon any Electronic Signature created using the authentication Certificate and associated Private Key embedded within the e-ID shall be limited to proof-of-possession of the e-ID and knowledge of the associated activation data. The TSP does not authenticate the content of any message signed using an Electronic Signature and accordingly does not entertain any liability or risk in relation thereto;
- b) The Subscriber shall use or rely on the Certificates only for the purposes permitted by the CP and the Subscriber Agreement and for no other purpose. The Subscriber acknowledges and agrees that any use of, or reliance on, the Certificates for purposes of any other transactions is at the Subscriber’s own risk and the TSP offers no express warranties regarding the fitness for purpose of the Certificates for any application not specifically approved in this Agreement or in the CP. To the fullest extent permitted by law, the TSP disclaims any implied warranties to the contrary;
- c) The TSP offers no express or implied warranties regarding the performance of any of the portal sites operated by the Government of Malta or other third parties;
- d) The Subscriber shall refrain from tampering with the Certificates and shall immediately inform the RA of any changes to the data on the Certificates;
- e) The Subscriber acknowledges that Certificates are not designed, intended, or authorised for use in hazardous circumstances or for uses requiring fail-safe performance;
- f) The Subscriber acknowledges and agrees that Certificates are personal to the relevant Subscriber and they are non- transferable. If a person relies upon a Certificate from an individual purporting to act on behalf of another legal person, the person does so entirely at its own risk;
- g) The Subscriber acknowledges that the service can be provided until the expiry of the Certificates.
- h) The Subscriber shall only use the Certificates to the extent consistent with applicable law.
12 Suspension and/or Revocation of Certificates.
12.1 Request by the Subscriber.
The Subscriber shall immediately request that the RA suspends and/or revokes a Certificate:
- a) If the e-ID, Private Keys or passwords of the Subscriber have been, or are suspected to have been, compromised or are insecure in any way;
- b) If any of the information contained in the Certificate, or the identification and authentication information has been changed or altered or is otherwise no longer accurate or complete.
12.2 Suspension/Revocation by TSP/RA.
The Subscriber acknowledges that the TSP or the RA may revoke a Certificate:
- a) If any of the information in the Certificate changes;
- b) If the TSP and/or the RA knows or has reason to suspect that the Private Keys or password or PIN number of the Subscriber have been compromised;
- c) If the Subscriber fails to comply with their obligations under the Subscriber Agreement and these terms and conditions of use; or
- d) For any other reasons the TSP and/or the RA deems necessary.
13 Warranties by the TSP on Certificates.
Section 9 of the CP contains the sole representations and warranties provided by the TSP for the benefit of Subscribers in relation to the Certificates. The obligations of the TSP in relation to the Certificates are subject to the limitations and exclusions set out in Section 9 of the CP.
14 Warranties by the Subscriber on the use of the Certificates.
The Subscriber warrants and represents that s/he:
- a) accepts the procedures set by the TSP in the CP currently in effect for the provision of Certificates;
- b) when applying to the RA for the e-ID, s/he has submitted precise, accurate and complete information, and complied with the corresponding registration procedures;
- c) will use or rely on keys or Certificates only for purposes permitted by the Subscriber Agreement and for no other purpose;
- d) gives an undertaking that s/he is the sole holder of the Private Keys within the e-ID linked to the Public Keys to be certified;
- e) protects the Private Keys at all times against loss, disclosure, alteration or unauthorised use;
- f) will immediately notify the RA in such manner as specified by the TSP in the event of the compromise or suspected compromise of the Private Keys or the activation data (e.g. PIN codes);
- g) will immediately inform the RA of any changes to the data on the Certificates;
- h) will comply with the terms and conditions of the service providers with whom it communicates while using the Certificate.
15 Limitation of Liability.
The TSP shall have no liability in respect of any loss or damage (including, without limitation, consequential loss or damage) which may be suffered or incurred or which may arise directly or indirectly in relation to the use or reliance upon Certificates or associated public/private key pairs for any use other than in accordance with the Subscriber Agreement and/or which exceeds the indicated limitations of any such use or reliance in line with Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (“EIDAS Regulation”). The TSP shall not be under any liability for failure to perform any of its obligations herein where such failure arises from a force majeure event that is an event beyond the TSP’s reasonable direct control, including, but not limited to, Acts of God (including weather of exceptional severity, floods, lightning or fire), general or local strikes, national emergency, acts or omission of Government or other competent authorities, fire or destruction of the TSP’s works or materials, insurrection or other civil disorder, war or military operations, or explosions.
16 Indemnity on Certificates.
To the extent permitted by law the Subscriber agrees to indemnify and hold the TSP harmless from any acts or omissions resulting in liability, any loss or damage, and any suits and expenses of any kind, including reasonable attorneys’ fees that the TSP may incur as a result of the Subscriber’s negligence or its failure to comply with the Subscriber Agreement or with the terms of the CP.
17 Data Protection - Certificates.
By agreeing to sign up for the Certificates, the Subscriber will provide the TSP with personal data (the ‘Certificates Personal Data’). The TSP is committed to process the Certificates Personal Data in a lawful, fair and transparent manner and in observance with the principles set out by GDPR, Article5.
17.1 Data Controller - Certificates.
The data controller of the Certificates Personal Data is the TSP, which may be contacted using the details below:
- Malta Electronic Certification Services Limited,
- Valley Road,
- Msida, MSD9020, Malta
- Telephone: +356 25904000
- Email: [email protected].
17.2 Purposes and legal basis - Certificates.
The TSP shall process the Certificates Personal Data in order to provide the Subscriber with the Certificates, to manage such Certificates in accordance with applicable law, to allow the Subscriber to use certain services related to Electronic Authentication and Electronic Signatures.
Processing is necessary for the performance of a contract to which the data subject is party, and for the delivery of services related to the Certificates under said contract (the Subscriber Agreement).
Furthermore, some processing activities by the TSP are necessary for the TSP to comply with the EIDAS Regulation.
Processing is also necessary for the performance of a task in the public interest by the TSP. MECS Ltd is tasked with acting as the Certification Authority of the Government of Malta responsible for issuing qualified Certificates for the e-IDs. The TSP will not re-use the information for any other purpose that is different to the ones stated.
17.3 Recipients of Personal Data - Certificates.
In order to maintain and manage the Certificates, the TSP may transfer and share the Certificates Personal Data with MITA and the third-party service provider engaged by Identità. Furthermore, some Certificate Personal Data may be made available to relying parties if the Subscriber chooses to use the Certificates towards third parties or if the status of the Certificates changes, for the purposes of validating the Certificates and the use of the Certificates by the Subscriber.
This will be done in line with applicable laws, and arrangements are in place in order to guarantee the confidentiality, integrity and availability of the Certificates Personal Data within these transfers.
Under certain conditions outlined in law, the TSP may disclose personal data to third parties, (such as the other Government entities or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes. Certificates Personal data will not be transferred to third countries or international organizations.
17.4 Storage period of Personal Data - Certificates.
As a rule, personal data is not kept longer than necessary for the purposes for which it was collected
17.5 Data subject rights - Certificates.
The Subscriber can contact the Data Protection Officer in order to exercise his/her right to access, rectify and, as the case may be, erase, any personal data relating to him/her, in compliance with applicable laws.
The TSP may request the Subscriber to provide proof of identity (such as a copy of their ID card or passport), before complying with the request.
If the Subscriber feels that the TSP has infringed his/her data protection rights, the Subscriber may submit an official complaint to the supervisory authority of the Member State of his/her habitual residence or place of work.
03 PART C – TERMS COMMON TO E-ID ACCOUNT AND CERTIFICATES
18 Protection of e-ID Credentials and Certificate Keys
- a) The Subscriber agrees to keep confidential all i) e-ID Credentials and/or ii) private keys and PINs relating to the Certificates and/or (if applicable) the Personal Unlocking Key (PUK);
- b) The Subscriber agrees to take all reasonable measures to prevent the loss, disclosure, modification or unauthorised use of:
- i) the e-ID Credentials and/or ii) any Private Keys, PINs related to the Certificates;
- c) Upon activation of the e-ID Account, the Subscriber shall be required to enter a new password. If the Subscriber fails to make the necessary change, the Subscriber acknowledges that no further use of the e-ID Account can be made;
- d) Upon first access to the Certificates, the Subscriber shall be required to change the activation PIN code for each Certificate. The Subscriber acknowledges that no further use of the Certificates can be made until he/she makes the necessary change;
- e) The Subscriber undertakes that s/he is and shall remain the sole holder of i) the e-ID Credentials and/or ii) the Private Key linked to the Public Key to be certified;
- f) The Subscriber acknowledges and agrees that the TSP and the RA shall not keep a copy of the Subscriber’s password, PINs or digital signing keys issued for the Certificates;
- g) The Subscriber is hereby notified that anyone who obtains the Private Key can forge his/her digital signature and take actions in his/her name. The TSP will not be liable for the consequences of Subscribers failing to maintain the confidentiality of their Private Keys.
19 Governing Law and Dispute Resolution.
These terms and conditions of use shall be governed by and construed in accordance with the Laws of Malta. Any dispute, controversy or claim arising under, out of or relating to the Subscriber Agreement and the terms and conditions of use, including, without limitation, its formation, validity, binding effect, interpretation, performance, breach or termination, as well as non-contractual claims, shall be resolved by the Courts of Malta.
20 Term
By continuing to use the eID account, the Subscriber is agreeing with these terms and conditions of use. In relation to the e-ID Account, the Subscriber Agreement as well as the terms and conditions of use shall be applicable for as long as the e-ID Account remains valid and the Subscriber has not breached any provision of the Subscriber Agreement and/or the terms and conditions.
21 Assignment
The TSP will assign specific functions with respect to the processing of Certificates to the RA, as specified in its CP. The Subscriber Agreement and these terms and conditions of use are personal to the Subscriber.
22 General
The Subscriber acknowledges and agrees that:
- a) No title to the Government of Malta’s Intellectual Property Rights in the e-ID Account and Certificates is transferred to the Subscriber, and that the Subscriber does not obtain any rights other than the rights expressly granted in the Subscriber Agreement;
- b) Despite any termination or expiry of the Subscriber Agreement, the disclaimers, limits of liability and provisions concerning indemnity shall survive;
- c) Any term or provision of the Subscriber Agreement and the terms and conditions of use, declared by a court of competent jurisdiction to be invalid, illegal or unenforceable shall be severed from the Subscriber Agreement and the terms and conditions of use, as applicable, and shall not affect the legality, enforceability, or validity thereof;
- d) These terms and conditions of use are subject to change. Any material changes are to be notified to the Subscriber by Identità.
- e) The Government of Malta will hold data relating to the Subscriber and the Subscriber’s use of the Certificate in electronic form and that such electronic information may be presented by the Government of Malta as evidence in the case of any dispute in line with its data retention policies;
- f) Except for indemnity obligations set out in the Subscriber Agreement, the Subscriber shall not hold the Government of Malta responsible for any cessation, interruption or delay in the performance of its obligations hereunder due to earthquake, flood, fire, storm, natural disaster, act of God, war, armed conflict, terrorist action, labour strike, lockout, boycott, provided that the Government (i) shall have given the Subscriber written notice thereof promptly and, in any event, within five (5) days of discovery thereof and (ii) shall take all reasonable steps reasonably necessary under the circumstances to mitigate the effects of the force majeure event upon which such notice is based.
23 Notices
Queries (relating to the e-ID Account / Certificates and to the terms and conditions of the e-ID Account / Certificates) set out above and any notices to the TSP / RA shall be served as follows:
- a) In person and by post addressed to eID Help Desk section at the following address: Identità, Head Office, Valley Road, Msida, MSD9020.
- b) By telephone at: +356 2590 4300
- c) By email: [email protected].
24 Updates to the Terms and Conditions
These terms and conditions are subject to change. Please visit this URL regularly to be aware of any change that may occur from time to time. Any major updates to the terms and conditions, will be communicated to all eID users.