|Subject||Terms and Conditions|
|Author||Steven Camps, Jonas Vekeman, Kristof Sercu & Pascal Lotiquet|
|General Standard||eIDAS QERDS|
|Implementation Standard||ETSI EN 319 V1.1.1|
|Goes into effect||With the start of the service in 2022|
|Company||Dioss Smart Solutions NV|
|Approved By||Guy Lauwers, CEO Dioss Group|
|14/04/2022||V1.0||Kristof Sercu||First Version, approved by Dioss Management|
|21/04/2022||V1.1||Kristof Sercu||Some small revisions based on Dioss Management feedback|
|11/05/2022||V1.2||Kristof Sercu||Legal updates|
Table of contents
- Sender agreement
- Sender and receiver obligations
- Sender obligations
- Receiver obligations
- Dioss obligations
- Service window
- Maintenance and faults
- Backups and restores
- SMS capability
- Middleware capability
- Force Majeure
- Intellectual Property
- Confidentiality & Privacy
- Applicable Law
These Terms & Conditions are applicable to everyone using the Dioss QERDS service and need to be carefully read before agreeing to them. They exist in conjunction with the Practice Statement and Privacy Statement which can be found on our website (https://smartsolutions.dioss.com/en/products/tuvi/).
Also see Practice Statement
|Agreement||The agreement between Sender and Dioss governing the use of the Service and consisting of a validly accepted Quotation, these Terms & Conditions, the Practice Statement and the Privacy Statement. In the event of a Reseller’s purchase, a more detailed contract, such as a “Value Added Reseller Agreement” may entered into, instead of a Quotation.|
|Authentication||Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be. This has specific connotations in the eIDAS Regulation.|
|Authorized User||The natural person appointed by Sender as being authorized to use the service.|
|CAB||Conformity Assessment Body instituted by the EU.|
|Confidential Information||Information, defined in art. 10 of these Terms & Conditions, proprietary to one or more Parties, which is and should remain confidential.|
|Identification||Identification is the ability to identify uniquely a user of a system or an application that is running in the system. This has specific connotations in the eIDAS Regulation.|
|Party or Parties||Dioss and/or the Sender.|
|Personal Data||Data relating to an identified or identifiable human being, as defined in the EU General Data Protection Regulation 2016/679.|
|Platform||The Dioss web interface and backend services.|
|Receiver||The person that wishes to receive Qualified Electronic Registered Delivery.|
|Sender||A person authorized directly through verification of the KBO or appointed by such a person as a representative of the company.|
|Service||the qualified delivered service provided by Dioss, offering the ability to the Sender and its Authorized Users to send messages as a electronic registered message.|
|Terms & Conditions||The Terms and Conditions as stated below.|
3. Sender agreement
Senders and their Authorized Users may only use the Service after coming to a full and accepted Agreement with Dioss or a recognized partner. These partners are available through direct request from Dioss.
This Agreement originates with a Quotation made specifically for the Sender’s company and can be successfully concluded by:
- Signing the Quotation (handwritten signature or any qualified digital signature according to eIDAS, e.g., using eID or itsme®).
- Signing a contract stipulating how to work together.
A Quotation is free of obligation and valid up to 30 days after being sent by Dioss, unless otherwise indicated in the Quotation.
Pricing and invoicing is stipulated in the Quotation. If a certain fixed amount of sending's is agreed upon which is later exceeded, Dioss reserves the right to cancel the Service of the Sender. This will only be done after due notification and renewal propositions have been made, with allowing at least 2 weeks time before terminating the Service for this Sender. This will be further specified in the Quotation and the conditions in the Quotation takes precedence over these conditions.
4. Sender and receiver obligations
If the Sender or Receiver encounters any errors or imperfections in the Service they must immediately bring these to the attention of Dioss by contacting Dioss support at firstname.lastname@example.org.
Dioss is not responsible for the management of email clients of either the Sender or the Receiver.
Abstain from unauthorized use of the Service. Do not violate any applicable laws and behave responsibly and carefully in line with the intended functionality of the Service.
5. Sender obligations
The Sender is obliged to check whether or not the Authorized User is authorized to represent the Sender for this system. If they lose the right to represent the Sender, the Sender is obliged to delete the Authorized User’s account.
If a Sender wants to delete its account, it can do so on the QERDS platform and by contacting email@example.com. If a legal representative of the Sender sees that an account is active that should not be, it must contact firstname.lastname@example.org.
The Sender is obliged to only designate Authorized Users for representation of the company and remove those Authorized Users that are no longer representing the company and thus no longer authorized to use the Service. The Sender remains solely responsible for using the UI or API to check whether registered mails are actually arriving at the Receiver.
The Sender is not permitted to operate as a provider of the Service itself. To this end, a separate reseller agreement must be concluded.
The Sender is solely responsible for API key management, and is advised to rotate the key at least once yearly and preferably every 6 months. Dioss retains the right to rotate or block the key if the Agreement is terminated or any security issues involving the key come to light. The Sender is solely responsible for taking security measures with regard to the end-user devices used to access the Service and keep them up to date.
The Sender is solely responsible for all actions performed via the Service through its own account, including those of the Authorized Users. The Sender takes all necessary measures towards the Authorized Users to enforce an equal level of diligence with regard to the accounts, the login data and the security thereof.
The Sender is solely responsible for the correctness of the recipient data such as email addresses, names and more and the link between them. The Sender is also responsible for taking precautions to ensure that any message exchanged in connection with the Service is not blocked by any spam filter. This recipient data should ensure that the data arrives with the correct person. The identification of Receivers is made of personal data whereby the necessary accuracy and care is observed by the Sender.
In case of sending to an organization, the Sender is additionally responsible for checking whether the recipient is actually authorized to receive messages for that organization.
The Sender’s identity is verified, and the company responsibility is checked in the KBO, but it remains the responsibility of the Sender to make sure that they are authorized to send messages for their company.
6. Receiver obligations
Authentication and identification on the platform means the Receiver also accepts the electronic delivery, which will be communicated towards the Sender.
The delivery will only take place after the identification and authentication.
A Receiver cannot reject a Delivery explicitly, though it is possible to just do nothing upon receiving the registered email and let the availability period expire.
7. Dioss obligations
Dioss performs the Service to the best of its ability, with the application of sufficient care and expertise, in a non-discriminatory way. With regard to the Service to be provided, Dioss has a best-efforts obligation only. Some of those efforts will be carried out by third parties where they are best placed to do so.
Dioss can be contacted for support (or complaints) by means of a service desk (reachable by emailing to email@example.com) and its website” (https://smartsolutions.dioss.com/en/products/tuvi/). Dioss will endeavor to answer questions effectively and within a reasonable time period. The answers provided can be general or personal. This service desk is available to clients with an SLA.
Dioss is entitled to suspend its obligations as regards to the Sender or Receiver if they act in any way that is contrary to the Agreement or Quotation, these Terms and Conditions, the Privacy Statement or the Practice Statement, without Dioss being liable to pay any compensation.
7.1 Service window
For those clients with an SLA, Dioss uses a service window within which monitoring and standby experts are assured.
This service window is between 7h30 and 22h30 7/7 (Brussels/Europe time zone).
7.2 Maintenance and faults
Dioss shall endeavor to offer an availability of 99% of the Service within its service window, excluding scheduled or unscheduled maintenance periods.
Dioss shall endeavor to schedule planned maintenance windows on Tuesdays between 9h and 11h (Brussels/Europe time zone). If the downtime is planned for longer than 30 minutes, prior announcement will be made using the website (https://tuvi.dioss.com/) through email towards the Senders.
Urgent maintenance might be required without the possibility for prior notice for security or operational reasons, in which case Dioss will endeavor to inform the Senders as soon as possible using the same channels.
Whenever the Service is down, and the downtime lasts longer than a day, the duration for receiving the message is prolonged accordingly.
Under no circumstances is Dioss liable to pay damages in relation to maintenance downtimes, network disruption or loss, or computer intrusion: these situations are considered to be cases of force majeure.
Dioss is entitled to make occasional modifications to the Service and/or the QERDS platform in order to improve its functionality and rectify any faults. If a modification results in a significant change this will be communicated through the website (https://tuvi.dioss.com/) through email towards the Senders.
Not all functionality of the offered services is under full management of Dioss. The SLA is not applicable when service levels are not met due to factors outside Dioss’ reasonable control, force majeure, inappropriate use of the platform, external components or third-party software, external DoS (Denial of Service) attacks, actions in an explicit intent to create downtime (eg. during audit or performance assessment), TSA service provider problems, the availability of the itsme® services, the availability of other external services such as SMS and email, etc. Time periods in which one of these functionalities is not available, disconnected or out of service without fault of Dioss, are not part of the availability and intervention time calculation.
7.3 Backups and restores
In case of extreme problems, we might need to restore the Service from offsite backups. Dioss aims to keep the downtime within the service window below 2 hours.
7.4 External capabilities
The QERDS platform makes use of several external services.
The SMS providers are chosen for their reliability and extensive service in Belgium. However, the service does not guarantee a 100% delivery method nor a 100% uptime guarantee. A backup provider will be available in case Dioss notices any downtime and will failover either through an automatic system or manually. A resend option will be available where the code is resent by the user. This still does not cover all failure cases and Dioss makes no guarantees. Multiple other European countries are available, but Dioss cannot provide any guarantees.
Similarly, Dioss cannot make any guarantees on a 100% availability of other used external services such as itsme®/TSA/email/….
7.5 Middleware capability
The Dioss eID Middleware is a Dioss product that can be used as a tool by the Sender and Receiver to authenticate and identify themselves. This is provided by Dioss on a best effort basis, where Dioss strives to support many systems, browsers and readers but has no obligation to support all of them.
- Supported systems include: Windows, Mac
- Supported browsers include: Edge, Chrome
- Supported readers include: most PCSC and CCID readers
These specific supported systems are included at the time of first release of these Terms & Conditions, but should be consulted on the Dioss Smart Solutions website (https://smartsolutions.dioss.com/en/products/eid-middleware/) for the latest status .
Under no circumstances does Dioss make any guarantees as to the working of this product as browsers and OS providers can change their functionality so that Dioss needs to adapt accordingly.
8. Limitation & Liabilities
Each Party has his own obligations and liabilities which remain their own. Dioss reserves the right to temporarily or permanently suspend the Sender’s accounts or one or more individual accounts of Authorized Users, or access thereto. Dioss reserves the right to claim damages in the event of damage as a result of Sender’s or Authorized Users’ improper use of their accounts.
8.1 Supplier and partner obligations
For Dioss to continue using the same suppliers and partners, it is absolutely required that they remain in good standing and keep their respective accreditations and certifications.
8.2 Dioss QTSP obligations
As a provider of trust services Dioss is liable for damage caused, intentionally or negligently to any natural or legal person due to a failure to comply with the obligations under the eIDAS Regulation.
The intention or negligence of Dioss as an eIDAS QTSP shall be presumed unless Dioss shows that the damage has occurred without the intention or negligence of Dioss.
The liabilities defined in the present art. 8.2 are subject to boundaries set by limitations on the use of the Services, as may be defined in the Agreement.
8.3 Limitation of Liability
Save for the provisions set forth in art. 8.2 of these Terms & Conditions and to the extent permitted by law, Dioss may not be held liable for any damage or loss due to:
- Force majeure as defined in this document;
- Sudden and unforeseen problems with external partners;
- Negligence or fault of the Sender, Authorized User or Receiver, including behaviour in violation of the Agreement, the law or other instructions given by Dioss;
- Any claims related to the Sender’s content, including but not limited to trade secrets, intellectual property and data protection;
- Shortcomings of or errors committed of Suppliers, Partners and Resellers such as incorrect use, improper handling or failure of the services;
- Destruction, damage or theft through external influences;
- Consequences of hacking of the Service (application, servers, infrastructure).
To the extent permitted by law, Dioss may in no event be held liable for consequential damage and/or any form of indirect damage, including loss of use and profit, data or opportunity, loss of reputation of the Sender, etc., except in case of fraud or willful intent.
To the extent permitted by law, and without prejudice to the aforementioned exclusions, Dioss’ liability is limited per incident and per year. Damage to different (third) parties originating from one cause will be regarded as one incident. Damage caused over several years, due to one single incident, shall be regarded as one incident. Dioss shall under no circumstances be liable for damage due to one or multiple incidents exceeding the amount that has actually been paid by the Sender for the Service in the year in which the incident(s) occurred.
If the Sender wishes to make a complaint, he must submit it in full and with reasons within 14 days of the provision of the Service by sending an e-mail to Dioss at firstname.lastname@example.org. If a complaint is not complete and well-founded or is submitted too late, it cannot be accepted.
A claim does not relieve the obligation to make payment in accordance with the Agreement made between the parties.
9. Term & Termination
9.1 The Agreement enters into force on the date of acceptance by the Sender of the Quotation or upon signing of the contract by both Parties, and is entered into for a fixed duration of one year. The fixed duration of one year is automatically renewed for consecutive periods of one year, unless one Party notifies the other Party of its intention not to renew the Agreement, at least three months before the end of the current period.
9.2 Parties may unilaterally terminate this Agreement, in writing by registered mail to the other Party, with immediate effect and without any obligation to pay damages, in the following circumstances:
- in the event of grave negligence, fault or non-performance of the Agreement by the other Party, 30 days (or a different time when agreed upon between the different Parties) after having given notice to the other Party by registered mail ordering the latter to correct such malpractice;
- in the event that the other Party would declare bankruptcy, would be subject to any other insolvency procedure, would be liquidated or dissolved; and
- in the event of force majeure, pursuant to Article 11, due to which the other Party is unable to meet its contractual obligations for more than two (2) months.
9.3. If the Agreement would prematurely come to an end, for any reason whatsoever, all amounts and invoices are receivable and payable without delay.
9.4. Save for the provisions set forth in Article 8.3, the following provisions will survive this Agreement: Article 2 (Terminology), 4 (Sender & Receiver Obligations), 6 (Receiver Obligations), 8 (Limitations & Liabilities), 9 (Term & Termination), 10 (Prices & Payment), 11 (Force Majeure), 12 (Intellectual Property), 13 (Confidentiality), 14 (Privacy), 15 (Miscellaneous), as well as the Privacy Statement and the Practice Statement, for the purposes of settling and resolving the terminated cooperation.
9.5. In the event that Dioss would discontinue the Service for any reason, measures are taken as described in the Practice Statement to ensure a sound continuation of security and reliance for the Senders and Receivers.
10. Prices & Payment
Prices are determined in the Quotation. Upon acceptance of the Quotation by the Sender, the prices are applicable. Prices are mentioned in Euro and remunerations are payable in Euro at the offices of Dioss.
Dioss will invoice the remunerations from time to time to the Sender. Save for the provision set forth in Article 9.3, all invoices should be paid within 15 days after the date of issuance. Complaints relating to the execution of the assignment should be communicated to Dioss within 8 working days of receipt of the invoice (contact email@example.com). Invoices left unpaid after the expiration date automatically generate interests amounting to 1% for each month of late payment, as well as a compensation of 10% on the amount due, within a minimum of 150 euro. All interests and damages are capitalized each year, thus rendering interests themselves.
11. Force Majeure
No Party is liable to another party for any delay or failure to perform its obligations that arise from any reason or reasons that are beyond the reasonable control of such Party including any situation accepted by standard Belgian jurisprudence and including, but not limited to, any of the following cases: pandemic, natural disaster, government decisions or interventions, sudden changing legal framework, war, fire, flooding, explosion, social upheaval and civil unrest, destruction, theft and other third party wrongdoing, all kinds of IT related fraud such as phishing, hacking and malware, power outage, network and internet interruptions.
Parties explicitly agree that payment obligations are excluded from the scope of application of this force majeure provision.
12. Intellectual Property
All rights are reserved. All intellectual or industrial property rights that exist for programming, product specifications, drawings, designs, sketches, trade signs and marks, trade dress, inventions and knowhow, irrespective of whether these are on analogue or digital media, used in the name of Dioss, are assigned to Dioss who has the right to use them at all times.
By the present Terms & Conditions Dioss grants the Sender a limited, non-exclusive, non-transferable right to use the Service, encompassing the intellectual and industrial property, for the duration of the Agreement. Nothing in the entire Agreement between Parties may be interpreted as the granting of more ample rights.
The Parties will treat any information that they provide to each other as confidential before, during or after the use of the Service. Such Confidential Information includes:
- the existence and content of the Quotation;
- all correspondence between Parties and their coworkers, before, during and after the duration of this Agreement;
- all plans, internal reports, correspondence, strategies, research and development, knowhow, accounting, client and prospect information and statistics;
- all information labelled as confidential; and
- all information of which the confidential nature should be reasonably deducted.
Parties declare to keep all Confidential Information strictly confidential and undisclosed and will never disseminate, transfer or otherwise disclose such Confidential Information to any third party for any reason.
This commitment to confidentiality shall last for the whole duration of this Agreement and up to ten (10) years after the end or termination of the Agreement.
When a Party is compelled to disclose Confidential Information to its co-workers or external service providers in order to guarantee the sound execution of the Agreement, she shall restrict such disclosure to the bear minimum necessary for enabling that co-worker or service provider to perform its tasks in function of the execution of this Agreement. Parties agree to include a confidentiality clause into the corresponding agreement with such co-workers or service providers, providing for at least the same level of protection of confidentiality as the one set forth in the present Article 13.
This confidentiality obligation is not applicable to:
- information for which Parties have explicitly given consent to disclosure;
- generally available information;
- information already known to the receiving Party prior to entering into this Agreement and not shared during the negotiations leading up to this Agreement;
- information obtained from a third party not bound by a confidentiality agreement; and
- information to be disclosed to a public authority pursuant to an administrative, judicial or legal order, in which case the receiving Party shall inform the disclosing Party of such order as soon as possible.
The Parties will also impose this obligation on their employees and any involved third parties.
Dioss will not consult the contents of the communications that the Sender stores or distributes unless Dioss is obliged to do so in accordance with a legal provision or court order. In that case, Dioss will limit as far as possible the extent to which it consults the data.
Dioss will solely consult the data and/or metadata on the use of the Service by the Sender if this is necessary for the use of the Service. This may, for example, be necessary to provide support.
All customers who provide data or material for the purpose of carrying out the Service with Dioss guarantee Dioss that the availability of these is in no way in contravention of the rights of third parties or legal conditions. The Sender is bound to release Dioss from any direct or indirect consequences, resulting from breaches relating to these rights or any claims that third parties may make on Dioss. This refers to any interest or fine due to the violation of these terms by the other Party.
The provision and use of the Service involves the processing of Personal Data. Dioss acts as data controller for all Personal Data pertaining to both the Sender and the Receiver, the reports and the metadata generated through the Service. The Sender acts as data controller for the data sent through the Service.
All information data protection related covenants are included in the Privacy Statement that forms an integral part of the Agreement and may be consulted on our website: https://smartsolutions.dioss.com/en/products/tuvi/privacy-statement/.
15.1 Four Corners
This Agreement shall constitute the entire agreement between the Parties on the subject and supersedes any and all prior and contemporaneous oral or written understandings between the Parties relating to the subject matter hereof. Parties explicitly exclude the applicability of other contractual provisions, including without limitation Developer’s specific or general terms and conditions, invoicing terms or privacy policies, especially those contrary to the provisions set forth in this agreement. All Exhibits to this Agreement form an integral part thereof.
15.2 Hierarchy of Forms
This Agreement includes and consists in the Quotation, the Terms & Conditions, the Practice Statement and the Privacy Statement. In the event of inconsistencies or contradictions between the different forms, the following hierarchy should be observed in the execution and interpretation of the Agreement:
- Privacy Statement
- Terms & Conditions
- Practice Statement
If a battle of forms occurs with general terms and conditions or other contractual provisions imposed by the Sender, the Authorized Users or the Receiver, these are explicitly excluded from application to the benefit of the Agreement.
No purported amendment, modification or waiver of any provision hereof shall be binding unless set forth in writing signed by both Parties (in the case of amendments and modifications) or by the Party to be charged thereby (in the case of waivers). Such modifications or amendments shall be subject to drafting an Exhibit to formalize all covenants. No other duties, obligations and liabilities or warranties than those expressly provided in this Agreement and its attachments shall be applied.
Dioss is entitled to unilaterally amend these Terms & Conditions or supplement them with new conditions. These amendments or additions will take effect 30 days after their publication on the Dioss website (https://smartsolutions.dioss.com/en/products/tuvi/privacy-statement/). Amendments of minor importance will always take immediate effect.
If any provision of this Agreement, or any portion thereof, would be held null, invalid or unenforceable, then the remainder of this Agreement shall nevertheless be enforced in accordance with their terms.
In such event, Parties agree to continue to execute this Agreement in good faith and to replace the invalid or unenforceable provision with a provision that most closely corresponds to the agreement between Parties.
15.5 Applicable Law
This Agreement, its text, the negotiation thereto, the execution thereof and its interpretation are governed by Belgian law, explicitly excluding the applicability of other legal systems and of the CISG (Vienna UN Convention on Contracts for the International Sale of Goods).
In the event of a dispute concerning the validity, interpretation or performance of the Agreement, the Parties shall use their best endeavours to settle the matter amicably, if necessary by means of commercial mediation.
15.7 Competent Court
In case of claims and disputes over these terms or the product in general, the courts of the judicial district of Ghent will have sole jurisdiction.GO BACK TO TUVI