By clicking on the button "I share my information in a few clicks" (or similar wording), the User unreservedly accepts the present General Terms and Conditions between him and the company M-iTrust SAS (RCS Nanterre 842 232 878).
These general terms and conditions apply to the contract concluded between the company M-iTrust, simplified limited company, registered with the RCS of Nanterre under the number 842 232 878 and whose head office is: 73, Rue du Château in Boulogne-Billancourt (92100), represented by its Chairman-in-Office (hereinafter "MiTrust"), and the individual (hereinafter the "User") using the Service offered by MiTrust in partnership with Online Services.
Ces Conditions Générales sont les seules applicables et remplacent toutes autres conditions, sauf dérogation préalable, expresse et écrite. MiTrust peut être ponctuellement amené à modifier certaines des dispositions de ses Conditions Générales. These General Conditions are the only ones applicable and replace all other conditions, except prior, express and written derogation. MiTrust may be required to modify some of the provisions of its General Terms and Conditions. Each use of the MiTrust Service is governed by the Terms and Conditions applicable at the time of use of the Service. By clicking on the button "I share my information in a few clicks" (or similar wording, such as "I share my RIB in a few clicks" or "I check my address in a few clicks"), the User accepts without reservation the General Conditions after having read them, he hence acknowledges that he is fully informed and that he is bound by all the provisions herein. By using the MiTrust Service, the User agrees to comply with these conditions.
This article defines the main terms used in the terms and conditions (General Conditions, Personal Data, Login IDs, MiTrust Path, Platform, Service, Online Service, Data Source).
For the purposes of these Terms and Conditions, the following words, in both the singular and the plural, shall have the meanings given to them by the following definitions:
General Conditions: this contract;
Shareable Data: Data of the Personal User, which may refer to data (address for example) or documents (proof of address for example) and which are the object of the Service;
Personal Data: Data of the Personal User, which allows to identify it directly or indirectly, within the meaning of the General Regulations for the Protection of Data;
Login credentials: credentials and passwords to access the user's online accounts at Data Sources;
MiTrust Path: Interface between the Platform and Users allowing Users to interact with the Platform in order to obtain the Services;
Platform: Set of software MiTrust means, allowing MiTrust to perform Services for Users;
General Regulation for the Protection of Data: European Regulation of 27 April 2016 on the protection of individuals, the processing of personal data and the free movement of data, replacing Directive 95/46 / EC;
Online Service: MiTrust's Partner Service Provider requesting the User's Personal Data via MiTrust;
Data source: Service provider with whom the User has an existing business relationship, such as banks, telephone operators, energy distributors or utilities, and who has Personal Data of the User;
Audit Traces: : For each Transaction, MiTrust retains audit trails for the sole purpose of maintaining the platform and processing requests for access to the Online Services and Users;
Transaction: unit transaction of realization of the Service by MiTrust for a User, for example transfer of Personal Data from one or more Data Sources to an Online Service via the Platform;
Error report: voluntary transmission of Personal Data by the User on the proposal of MiTrust, for technical maintenance purposes of the Platform exclusively.
The purpose of the Service is the sharing of the User's Personal Data from a Data Source to an Online Service, in a simple, transparent and secure manner, under the permanent control of the User.
The purpose of these General Conditions is to define the conditions under which MiTrust will provide the User with a set of Personal Data Sharing services.MiTrust has developed a Service that brings confidence to the digital world by allowing the User to be identified and to transfer his Shareable Data to Online Services. MiTrust can retrieve this information from other service providers with whom the User is already in contact, the Data Sources, and transfer them in a simple, transparent and completely secure way to Online Services, always under the strict control of the User and with his explicit consent.
The User is informed that access to the Service requires a computer, a tablet or a smartphone with a browser and an internet connection, which he already recognizes have.
The Service provided by MiTrust is completely free for the User. For your information, MiTrust charges the Online Services that receive the Personal Data and may remunerate the Data Sources used.
This article describes the conditions of access to the MiTrust service (age, language, equipment).
To use the MiTrust Service, each User must be at least 15 years old, legally able to contract and use the Service in accordance with these Terms and Conditions.
The Service is available in French.
Computer and telecommunications equipment (computer, software, telecommunications, internet access, etc.) that allows access to the Service are the sole responsibility of the User, as well as all telecommunications costs incurred by their use.
In order to become a MiTrust User, each User must abide by these terms. You do not need to register or open an account with MiTrust.
This article describes in more detail the MiTrust Service, which is the sharing of data and / or personal documents. It describes the types of Data Sources and the technical modalities of connection to these sources (computer interface or web collection).
The User may use the MiTrust Service when an Online Service offers it as a means of obtaining certain Personal Data.
The Service that MiTrust carries out for the User and the Online Services consists of providing the Online Services with personal data (surname, first name, age, address, etc ...) and / or personal documents (proof of address, RIB, etc.).
For this Service, MiTrust offers the User to connect to a Data Source, indicating his / her Usual Login IDs to access his / her online account. These Login IDs allow MiTrust:
Either connect directly to the information system of the Data Source and receive the Personal Data (via APIs)
Either to retrieve the Personal Data requested on the User's Customer Space from the Data Source (via an automated web collection)
MiTrust specifically indicates to the User which Personal Data will be retrieved and which Personal Data will be transmitted to the Online Service and seeks its consent at each stage of the Journey to perform these operations.
The service providers that can be used as Data Sources for the MiTrust Service are:
fixed telephone operators, mobile, internet;
gas or electricity suppliers;
Banks, Insurance or Mutuals;
MiTrust reserves the right to add or remove certain categories of Data Sources or certain providers in the categories listed above. MiTrust aims to provide Users with the main service providers as a Data Source in order to share their Personal Data.
Depending on the level of trust required by the Online Service, only certain Data Sources may be offered to the User for a Transaction.
MiTrust always allows the User to select the Data Source he wishes for a Transaction and always seeks his explicit consent before collecting his Personal Data.
Sharing of Personal Data
MiTrust offers the User to connect to different Data Sources with which he is already in contact, to recover some of his Personal Data, in the form of data or documents, in order to share them. In particular:
identity data: surname, first name, date of birth, city of birth, country of birth, civility, sex or gender;
other personal data: postal address, telephone number, etc.;
documents: proof of address, RIB, certificates, etc ...
MiTrust reserves the right to add or remove certain types of data or documents. MiTrust aims to meet the needs of Online Services and to facilitate the life of Users in the communication of their Personal Data.
MiTrust always presents to the User the Shareable Data that it is about to share for a Transaction and always asks for its explicit consent before actually transferring its Personal Data.
Regarding identity data in particular, the Service makes it possible to:
Confirm to an Online Service that the identity of the User has been verified by a Data Source. In this case, no Personal Data related to its identity is shared with the Online Service, simply the fact that its identity has been verified
Transmit some or all of the Personal Data related to its identity, according to the needs of the Online Service, for example for age verification.
MiTrust systematically asks for the consent of the User at each stage of the Journey, and ensures the best confidentiality of the Personal Data entrusted by the User, in particular by ensuring not to retain login credentials or Personal Data beyond the completion of the transaction.
Information and consent
MiTrust undertakes to be transparent about the data processing performed and does not carry out any treatment without the prior consent of the User.
MiTrust thus explicitly requests the consent of the User:
to specifically retrieve certain Personal Data from a Data Source;
to transfer the Personal Data selected by the User to the Online Service that requests it.
MiTrust displays the Personal Data retrieved so that the User can select the relevant data to be shared for the current Transaction, for example when several mailing addresses are attached to a User's account with the Data Source.
Privacy and confidentiality protections
MiTrust fully respects the privacy of the User and ensures that no use of the User's Personal Data is made without his full agreement.
To limit the risks associated with the use of the User's Personal Data:
MiTrust does not store Transaction Logins (see below), except with the explicit agreement of the User to participate in maintenance operations (see Clause 10); ;
MiTrust does not store Recovered Personal Data.
MiTrust stores for each Transaction Audit Traces for the sole purpose of maintenance and processing of requests for the exercise of rights relating to the protection of Personal Data. These Audit Traces do not contain Personal Data except in the case of a web collection. The Login ID of the Transaction is then kept, but in a "pseudonymized" form that allows you to find the Transaction but no longer allows you to log in to the User's account.
This article describes the rights available to the User on his Personal Data, and how to collect information that the User wishes to share. In particular, MiTrust is prohibited from performing any action or collection that is not explicitly granted by the User. Particulars describe the use of MiTrust's automatic retrieval of document data and the User's voluntary sending of an Error Report to MiTrust for technical maintenance purposes.
Computer interface (API, Application Programing Interface)
MiTrust can collect Shareable Data by means of a connection to the Data Source computer system, via a so-called API. MiTrust has a contractual relationship with the Data Source and computer access to its API. In most cases, the User must enter their Login IDs with the Data Source in the Data Source's IT environment, in order to allow MiTrust to retrieve the Personal Data that is explicitly requested.
MiTrust then has no knowledge of login credentials./span>
MiTrust may collect Shareable Data on the User's Customer Space made available by the Data Source. MiTrust has no contractual relationship with the Data Source and acts on behalf of the User. The User must enter their login credentials with the Data Source in the MiTrust IT environment, in order to allow MiTrust to connect to its customer area and retrieve the personally requested Personal Data.
By entering Login Credentials, the User gives MiTrust delegation to carry out all the actions necessary to retrieve on its behalf the Personal Data explicitly requested and which are hosted on the Data Source site. MiTrust is not authorized to perform any action on the Data Source website, on behalf of the User, that is not necessary for the recovery of the Personal Data explicitly requested in the Transaction and for which it is gave his consent. MiTrust does not retain login credentials, which are immediately encrypted when they are entered and are not retained after a Transaction; only a "pseudonymized" trace of the identifier is retained under the Audit Trail (see Article 8).
In all cases, MiTrust never acquires any rights over the Users' Personal Data. MiTrust ensures the strict confidentiality of the User's Personal Data, as well as information concerning the User's activity.
In the context of a Transaction, the User authorizes MiTrust to perform an exclusively automated reading and analysis of certain documents for the sole purpose of recovering the Personal Data that he wishes to share. All automatic processing is done for the account, at the request and in the name of the User.
In certain exceptional situations (for example as a result of a technical error during a Transaction), it may be proposed to the User to send, with its explicit consent, an Error Report to MiTrust. This report will allow MiTrust to simulate all or part of the Transaction for technical investigation and maintenance purposes.
These operations will be carried out by technicians subject to a specific confidentiality commitment, following a reinforced security procedure, using secure and automated tools, implementing data anonymization procedures that avoid the display of Login IDs and Data. Personal in clear (blurring, obfuscation, truncation of data).
The login credentials associated with such a transaction will be encrypted and kept for 7 days and then automatically deleted.
The MiTrust Service is hosted in France, on a high-availability cloud service offering recognized and certified security features, but some data may be subject, for technical reasons, to a strictly regulated and regulatory international transfer.
The MiTrust Platform that processes Personal Data for the purposes of the Service is hosted on servers in France but with the possibility of transfer of certain data outside France by the host during maintenance operations or for technical reasons.
These transfers will be carried out in accordance with the legal and regulatory provisions applicable in France and within the EU, in particular through the implementation of adequate guarantees to ensure the protection of the transferred data. The User is informed of the possibility of such a transfer and consents by accepting these Terms and Conditions.
MiTrust's infrastructures are hosted on cloud-based high-availability Platform as a Service (PaaS) cloud services. These services run in data centers that meet industry-leading security and reliability standards, such as ISO / IEC 27001: 2013 and NIST SP 800-53 with 24-hour business continuity, 7 days out of 7. All data transmissions over the internet are encrypted (SSL SHA-256).
MiTrust is committed to ensuring the operation of its platform to allow the User to access the Service 7 days a week and 24 hours a day. In the event of a technical failure affecting the access to the Site or the functioning of the Platform for reasons beyond MiTrust's control, such as the interruption of telecommunication systems, the interruption of the Internet or the interruption of the services of its IT service providers, for any reason whatsoever , MiTrust is committed to implementing all the means at its disposal for:
Inform the User as soon as possible;
Restore access to the Service, even in degraded mode, as soon as possible.
The occurrence of the events referred to in the preceding paragraph will have no consequences on the continuation of this contract and may not give rise to a claim on the part of the User, these events being held as constituting force majeure.
The User is responsible for the relevance of the information transmitted to MiTrust, the use it makes of the Service, and its decision to share its data with an Online Service. In particular, the User makes sure not to violate the conditions of use of the Data Sources that he selects.
Responsibility for the content
The User is solely responsible for the relevance and validity of the information, including the Data Source Connection Identifiers sent to MiTrust in connection with the use of the Service. MiTrust cannot be held responsible for the consequences of an incorrect use of the Service by the User.
In particular, it is the responsibility of the User to verify that the Login IDs that he uses and the Personal Data he shares via the Service:
Do not constitute identity theft, that is to say that the User does not voluntarily use the MiTrust Service to pretend to be another person;
Do not constitute illegitimate access to user accounts from Data Sources, that is, the User does not voluntarily use the MiTrust Service to retrieve and share Sharable Data that is not his own;
Do not constitute a violation of intellectual property rights.
The User is also required to carefully check the Personal Data that has been recovered by MiTrust before giving his consent for transmission to the Online Service. MiTrust cannot be held responsible for the consequences of the transmission of Personal Data that does not correspond to the User while the latter has been able to take cognizance of this Personal Data and has explicitly agreed to transfer them to the Online Service.
MiTrust acknowledges and agrees that no proprietary rights in the data or documents processed by the Service will be transferred to or transferred by the User.
Collection of Personal Data
The User is entirely responsible for the use he makes of the Service, in particular, he will take care not to violate the conditions of use of the Data Sources he selects. MiTrust cannot be held responsible for the fraudulent use by a User of login credentials that do not belong to him.
The User entrusts MiTrust with the login credentials required for the connection on his client area to the Data Source he has chosen to collect the Personal Data.
The User undertakes to use MiTrust's collection tools only to collect Personal Data that corresponds to him and that he has the right to download. The User expressly acknowledges that the General Conditions that he has signed with the Data Source authorize him to entrust his login credentials to MiTrust and to give him a delegation to collect the Personal Data.
MiTrust declines any responsibility in the event of non-compliance by the User with the above conditions and cannot be held responsible for any malicious or fraudulent use by the User, especially if he has entrusted MiTrust with login credentials that does not belong to him.
Sharing of Personal Data
The User is solely responsible for his decision to share certain Personal Data with an Online Service.
Once the Transaction has been completed, the Shareable Data has been transmitted to the Online Service and is not stored by MiTrust. The main contact for the User to exercise his rights concerning his Personal Data, including Shareable Data, is the Online Service.
This contract between MiTrust and the User is valid for the completion of Transaction, and, at the end of the Transaction, for the exercise of its rights relating to the protection of Personal Data.
MiTrust's liability is limited to the commitments made in this Agreement. In particular, MiTrust's liability does not include: direct or indirect damages resulting from the use or performance of the Service, financial or commercial losses, defects in character recognition, loss of data, limitations related to the use of the Internet.
The responsibility of MiTrust is limited to the commitments made in application of the Contract and cannot be committed because of:
Damage due to the total or partial non-performance of his obligations by the User;
Direct or indirect damages suffered by the User, arising from the use or performance of the Service.
MiTrust cannot be held responsible for any malfunctions or damage to the User's computer system caused by the use of the Service, whether or not the Service is used, including any loss of data from the User.
MiTrust and the User expressly agree that any financial or commercial loss (eg loss of data, operating loss, loss of revenue, loss of profits, loss of customers or orders, loss of profits, any commercial disturbance ) or any action against the User by a third party (with the exception of the case referred to in the Article in the Case of Infringement of the Contract) constitutes indirect damage and does not give the right to compensation by MiTrust.
Use of the Service requires a connection and an Internet browser. The User accepts the limitations of the Internet, including:
That the speed of response of the Service can be affected by a bad bandwidth;
That the confidentiality of data circulating on the Internet cannot be fully assured and that despite the important security measures implemented by MiTrust (including SSL encryption), this data can be diverted;
That the proposed Service implements complex IT functionalities and that, despite the many verification and correction procedures implemented by MiTrust, it is not possible to test all possibilities of use.
The User agrees to bear the risk of imperfection or temporary unavailability of the Service.
MiTrust retains the entire intellectual property of the Service. The User acquires no other rights than those conferred by the Contract, and in particular prohibits to reproduce, arrange, decompile, disassemble or distribute the Service or any related support.
MiTrust retains, as the sole owner of the rights, the intellectual property of the Service and all the prerogatives attached thereto. Pursuant to the provisions of Article L. 122-6-1 of the Intellectual Property Code, MiTrust reserves the right to correct errors. MiTrust grants the User a personal, non-exclusive and non-transferable right to use the Service. The User will not acquire any other intellectual property rights or any other rights than those conferred by the Contract. It acquires no rights over trademarks, trade names, logos or other distinctive signs, factory secrets, patents, whether from MiTrust and / or its licensors.
The user is forbidden to:
Modify or remove any mark or inscription appearing on any reproduction of the Service or related support;
Reproduce, arrange, adapt the Service or make it available to third parties, market it, make a loan;
Modify, translate, analyze, decompile, disassemble or create derived tools based on the Service.
The User undertakes to take all necessary measures to ensure that all persons living or working at home comply with the provisions of this article.
MiTrust has implemented a processing of personal data within the meaning of the legal and regulatory provisions in force, for which it is responsible, for the purposes of performing the Service with respect to the User. The implementation of this processing of personal data is necessary for the performance of the contract, that is to say, so that the User can benefit from the Service, and for the purposes of compliance by MiTrust with legal obligations and regulations imposed on it.
The personal data processed in this context are collected from or through the User. They are intended for Online Services and are not retained by MiTrust.
In accordance with the aforementioned legal and regulatory provisions, the persons concerned by this treatment have the right to query and access their personal data with the Online Service. They also enjoy, subject to the exceptions provided by law, the right to rectify, erase and limit the processing of their data to a certain extent, as well as the right to portability of their data. Data subjects also have the right to object to the processing of personal data concerning them and to the right to object to commercial and other prospecting. Data subjects also have the right to define guidelines on the fate of their personal data and how they want their rights to be exercised after their death.
These rights are exercised primarily with the Online Service with which the Shareable Data was shared. In the specific case where the rights are exercised with MiTrust, the User may exercise his rights with the DPO of MiTrust at the address email@example.com or by mail to DPO Consulting, 1-3 rue de Caumartin 75009 PARIS.
Finally, the persons concerned have the possibility to lodge a complaint with a national authority in charge of the protection of personal data (National Commission for Data Processing and Liberties or CNIL in France) if they consider that the processing their personal data is not carried out in accordance with the applicable provisions.
These Terms & Conditions are governed by French law. Any dispute that cannot be settled amicably will be submitted to the competent Paris courts designated according to the Code of Civil Procedure. Beforehand, any dispute between MiTrust and a User will be the subject of an attempt to settle amicably.
Claims or disputes arising from the interpretation or execution of this contract must be submitted, by registered letter with acknowledgment of receipt, to MiTrust or by email to firstname.lastname@example.org.