Terms of use

Version 1.6 of August 24th, 2023

1. Definitions

The following terms have the meanings set forth below for these T&Cs:

• “Mobile Application” refers to the mobile application that IDnow SAS makes available to Users to use the Identity Service and which can be downloaded from an app store.
• “IDnow SAS” refers to the company identified in the Legal Notices.
• “Best Practices” refers to the care, skill, diligence, prudence, efficiency, foresight, and speed that are reasonably expected from a service provider comparable to the Identity Service.
• “General Terms and Conditions” refers to this document and the documents they mention that
govern the relationship between the User and IDnow SAS.
• “Data and Information” refers to all data and information that Users provide to IDnow SAS to enable verification of their identity, extracted or inferred data and information, and data and information related to the use of the Identity Service.
• “Digital Identity” refers to the unique User profile provided by IDnow SAS after verifying the identity based on the Data and Information provided by the Users.
• “Low Assurance Level” indicates that the means used for electronic identification provides basic
assurance. It establishes with some assurance that the user is who they claim to be, but security
measures are minimal. It is suitable for services that do not handle sensitive data and for which the risk of abuse or fraud is deemed low. Although this level reduces certain risks, it does not provide full protection against more advanced threats.
• “Substantial Assurance Level” indicates that the means used for electronic identification offers
enhanced protection compared to the low level. It ensures that the risks of abuse or identity fraud
are significantly reduced thanks to more robust security measures. To achieve this level, users can
expect stricter identification and authentication issuance procedures. It is recommended for services that handle more sensitive data or are exposed to higher risk.
• “Mobile Operator” refers to a 2G or higher mobile telephony operator.
• “Frequently Asked Questions” or “FAQ” refers to the set of questions made available to Users on the website to answer questions about the Identity Service and its use.
• “Reactivation of the electronic identification means” refers to the process of re-enabling an
identification method that has been suspended. After reactivation, the user can again use this
identification means to access a service or system. Reactivation may require additional verification
of the user’s identity to ensure account security.
• “Replacement of the electronic identification means” refers to the process of substituting an existing electronic identification means with a new one. The implementation of this process typically occurs due to the loss, theft, deterioration, compromise, or obsolescence of the original identification means.

•”Renewal of the electronic identification means” concerns the update or change of authentication
elements while retaining the same medium or device, i.e., in the context of an electronic
identification means based on a mobile application, without the user needing to erase the app’s
data or reinstall it on the phone.
• “Revocation of the electronic identification means” refers to the process by which a previously
validated and active electronic identification means is permanently canceled and rendered
inoperative. After revocation, this identification means can no longer be used to access a service or
system. This action is typically taken for security reasons, such as suspicion of fraud or compromise, or at the user’s request.

• “Service”, “Identity Service” or “Digital Identity Service” includes the YRIS Digital Identity mobile application, the “YRIS” digital identity with its functions, features, as well as all updates and upgrades, the website, and associated support.
• “Third-Party Service” refers to a service provider whose Users are or wish to be clients and who
direct them to the Identity Service to obtain or verify their identity.
• “Website” refers to the Website and the web pages through which IDnow SAS provides the Identity Service or the associated support services.
• “Support” refers to the support service that IDnow SAS sets up to answer Users’ questions and help them resolve any difficulties encountered while using the Identity Service.
• “Suspension of the electronic identification means” refers to the temporary deactivation of an
electronic identification means. During the suspension, the user cannot use the identification means to access a service or system. Suspension is used as a security measure in the event of suspected suspicious activity.
• “User” refers to a User of the Website, Mobile Application, or Identity Service.

2. Introduction to the Digital Identity Service

General

The YRIS Digital Identity is an electronic identification means compliant with the low and substantial assurance requirements of the eIDAS regulation and the security requirement standard for electronic identification means. It allows Android or iOS smartphone holders to create and use a digital identity through a Mobile Application with connected Third-Party Services.

Its issuance is done in two steps:
• the creation of a two-factor authentication method based on a confidential code and the possession of the phone,
• and a remote identification process based on capturing identity documents and the User’s face to
certify and extract identity data.

Once validated, the certified identity attributes necessary for the User’s identification are stored by the YRIS service. They are transmitted after authentication and consent of the User to Third-Party Services. The service delivers electronic identification means of low or substantial assurance levels. The choice of level is determined by the requirements of the third-party service initiating the installation. If the application is downloaded directly from the Apple App Store or Google Play Store, without prior interaction with a Third-Party Service, the delivered electronic identification means is of a low level. If a Third-Party Service requires a substantial assurance level for a User already having a YRIS identity of a low level, they will be prompted to redo the issuance process to obtain a substantial-level identity.

Free of Charge

The request for the electronic identification means, its use, and its renewal are free of charge.

Availability

The Identity Service is available 24/7.

For security reasons, maintenance operations, or updates, we may limit or interrupt access to the
Identity Service for limited periods of time. We will strive to carry out these operations during hours that will inconvenience the fewest number of Service Users.

3. Creation of your Digital Identity

Access Conditions

You are eligible for the Service if you meet the following conditions:

• Be a natural person;
• Be fifteen (15) years old or older;
• Be in possession of a valid identity document accepted by IDnow SAS remote verification service;
• Use a smartphone with:
◦ An integrated iOS or Android OS on which the latest security patches are applied,
◦ An integrated security component (SE or TEE security technologies),
◦ A rear camera and a front camera;
• Have a personal email address;
• Have a mobile phone number with one of the following area code : Afghanistan (+93), Albania (+355), Algeria (+213), Germany (+49), Andorra (+376), Angola (+244), Anguilla (+1), Antigua and Barbuda (+1), Saudi Arabia (+966), Argentina (+54), Armenia (+374), Aruba (+297), Australia (+61), Austria (+43), Azerbaijan (+994), Bahamas (+1), Bahrain (+973), Bangladesh (+880), Barbados (+1), Belgium (+32) Belize (+501), Benin (+229), Bermuda (+1), Bhutan (+975), Belarus (+375), Bolivia (+591), Bosnia-Herzegovina (+387), Botswana (+267), Brazil (+55), Brunei Darussalam (+673), Bulgaria (+359), Burkina Faso (+226), Burundi (+257), Cambodia (+855), Cameroon (+237), Canada (+1), Cape Verde (+238), Chile (+56), China (+86), Cyprus (+357), Colombia (+57), Comoros (+269) Congo-Brazzaville (+242), Congo-Kinshasa (+243), South Korea (+82), Costa Rica (+506), Côte d’Ivoire (+225), Croatia (+385), Cuba (+53), Curaçao (+599), Denmark (+45), Dominica (+1) Egypt (+20), Ecuador (+593), Estonia (+372), Eswatini (+268), Vatican City State (+39), Ethiopia (+251), Spain (+34), United Arab Emirates (+971), Fiji (+679), Finland (+358), France (+33), Gabon (+241), Gambia (+220), Georgia (+995), Ghana (+233), Gibraltar (+350), Greece (+30), Grenada (+1), Greenland (+299), Guadeloupe (+590), Guam (+1), Guatemala (+502), Guernsey (+44), Guinea (+224), Equatorial Guinea (+240), Guinea-Bissau (+245), Guyana (+592), French Guyana (+594), Haiti (+509), Honduras (+504), Hungary (+36), Christmas Island (+61), Isle of Man (+44), Åland Islands (+358), Cayman Islands (+1), Cocos Islands (+61), Cook Islands (+682), Faroe Islands (+298), Falkland Islands (+500), British Virgin Islands (+1), India (+91), Indonesia (+62), Iraq (+964), Iran (+98), Ireland (+353), Solomon Islands (+677), Turks and Caicos Islands (+1), Iceland (+354), Israel (+972), Italy (+39), Jamaica (+1), Japan (+81), Jersey (+44), Jordan (+962), Kazakhstan (+7), Kenya (+254) Laos (+856), Lesotho (+266), Latvia (+371), Lebanon (+961), Liberia (+231), Libya (+218), Liechtenstein (+423), Lithuania (+370), Luxembourg (+352), North Macedonia (+389), Madagascar (+261), Malaysia (+60), Malawi (+265), Maldives (+960), Mali (+223), Malta (+356), Morocco (+212), Martinique (+596), Mauritius (+230), Mauritania (+222), Mayotte (+262) Mexico (+52), Moldova (+373), Monaco (+377), Mongolia (+976), Montenegro (+382), Montserrat (+1), Mozambique (+258), Namibia (+264), Nepal (+977), Nicaragua , +505), Niger (+227), Nigeria (+234), Norway (+47), New Caledonia (+687), New Zealand (+64), Oman (+968), Uganda (+256), Uzbekistan (+998), Pakistan (+92), Panama (+507), Papua New Guinea (+675), Paraguay (+595), Netherlands (+31), Caribbean Netherlands (+599), Peru (+51), Philippines (+63), Poland (+48), French Polynesia (+689), Portugal (+351), Qatar (+974) Hong Kong SAR of China (+852), Macau SAR of China (+853), and the United States of America (+854). (+853), Central African Republic, +236), Romania (+40), United Kingdom (+44), Russia (+7), Rwanda (+250), Western Sahara (+212), Saint Barthélemy (+590), Saint Kitts and Nevis (+1), San Marino (+378), Saint Martin (+590), Saint Martin (Dutch part) (+1), Saint Vincent and the Grenadines (+1), Saint Lucia (+1), El Salvador (+503), Samoa , +685), American Samoa (+1), Sao Tome and Principe (+239), Senegal (+221), Serbia (+381), Seychelles (+248), Sierra Leone (+232), Singapore (+65), Slovakia , +421), Slovenia (+386) Somalia (+252), Sudan (+249), Sri Lanka (+94), Sweden (+46), Switzerland (+41), Suriname (+597), Svalbard and Jan Mayen (+47), Syria (+963), Tajikistan (+992) Taiwan (+886), Tanzania (+255), Chad (+235), Czech Republic (+420), British Indian Ocean Territory (+246), Palestinian Territories (+970), Thailand (+66), East Timor (+670), Togo (+228), Tonga (+676), Trinidad and Tobago (+1), Tunisia (+216), Turkmenistan (+993), Turkey (+90), Ukraine (+380), Uruguay (+598), Vanuatu (+678), Venezuela (+58), Viet Nam (+84), Yemen (+967), Zambia (+260), Zimbabwe (+263).

The following are not eligible for the Identity Service:
• Legal entities
• Guardianship as defined by articles 440 and following of the civil code is not supported by the
service, meaning:
◦ It is not possible for a guardian to initiate a request on behalf of the person under guardianship;
◦ It is forbidden for a person under guardianship to make this request.

4. Creation of the electronic identification method

To create your electronic identification means, you need to download the YRIS Mobile Application from the Apple App Store or the Google Play Store. After opening the application, a registration process is presented to create your authentication method.

You understand that to establish and verify your identity, you agree to provide us with documents
containing the necessary Information and Data. Otherwise, access to the Service will not be possible.

The User understands and accepts that the verification of his identity is a process dependent on his personal data, the Information and Documents he submits to the Service, external conditions, and the phone used.

Creating your login ID

To create your login ID, you need to indicate and confirm your mobile phone number. To confirm your mobile phone number, we send you an activation code via SMS that you will enter at the associated step in the Application.
We then ask you to set a six (6) digit confidential code that will allow you to authenticate for any access to a third-party Service.

Remote Verification of Your Identity

The remote identity verification process is determined by the requirements of the Third Party Service that initiated the installation of the Mobile Application.

If this Third Party Service allows a low level of guarantee for electronic identification, your identity data will be verified by our IDCheck.io service. The Mobile Application will guide you through various steps in which you will need to take a photo of the front, and if necessary, the back of your identification document and perform a head movement facing the camera for facial verification. The verification of this data can be entirely automatic. If there is any doubt about certain checks, they will be reviewed by a human operator. The same process will be carried out if the application is directly downloaded from the Apple App Store or the Google Play Store, without any prior interaction with a Third Party Service.

If the Third Party Service requires a substantial level of guarantee, the process is more demanding. Your identity data will be verified by our IDCheck.io PVID service, certified for a substantial guarantee level at the Reference standards applicable to remote identity verification providers by ANSSI. For your identification document, we ask you to present your identification document to your mobile phone’s capture tool. We capture the personal information contained on the document from a video sequence. For your face, we ask you to present your face and make a head movement and cover one of your eyes. These captured data are then subjected to analysis and can be supplemented or reviewed by a human operator before validation. For a deeper understanding of this latter method, consult our Remote Identity Verification Policy.

Verification of the birth city

To prevent possibly confusing you with someone else, we ask you to select your birth city from a set of cities, homonyms of the city indicated on your identification document.
This last piece of information completes the list of attributes of your pivot identity allowing your
identification.

Completion

You have just completed the creation of your Digital Identity and your electronic identification method is now usable. The validity period of your Digital Identity is five (5) years from the date of its activation.

5. Terms of use of your Digital Identity

Using your Digital Identity

You cannot transfer any of the rights granted to you under these T&C to any other person.

Connection to Third Party Services

Your identification method, both personal and confidential, allows you to identify and authenticate yourself with Third Party Services that are partners of IDnow SAS’s Identity Service.

When you click on the “YRIS” button on the Third Party Service’s website, you are redirected to the authentication page of our Digital Identity service. Here, you enter your phone number. If the guarantee level required by the Third Party Service matches that of your identification means, a waiting page appears on your browser and a notification is sent to your mobile, informing you of an ongoing authentication request.

On the Mobile Application, you can accept or decline this request. If accepted, you enter your six-digit confidential code. This code unlocks the waiting page and redirects you to a consent page (if it’s your first authentication with this Third Party Service). On this page, you can choose to accept or decline the sharing of your data. A refusal prevents you from accessing the Third Party Service, while an acceptance redirects you, as an authenticated user, to the Third Party Service’s website.

Proof of your authentication is provided by a two-factor authentication:

Possession of the User’s mobile phone A confidential code that proves you are the legitimate holder of the associated digital identity If the Third Party Service requires a substantial guarantee level and your YRIS identity is only of a low level, you are prompted to undergo a substantial level issuance process on the Mobile Application. During this process, a page displayed in the browser indicates that the upgrade of the identification means is in progress. After the update, you are redirected as an authenticated user to the Third Party Service’s website.

Managing your Digital Identity

Features related to managing your Digital Identity are directly accessible within the Mobile App. Once authenticated, you can:

• View your identity details, the expiry date of your digital identity, and connection;
• Edit your contact details;
• Manage your electronic means of identification using the following features:
◦ Change your confidential code by entering your existing confidential code before setting a new
one;
◦ Delete your Electronic Identification Means;
◦ Revoke consents you might have given regarding data sharing with certain Third-Party Services.

Modifying contact details and your login identifier

From the Mobile App, you can modify certain personal details provided during your registration:
• Change your email address: you can change your email address. To finalize this change, you must
click the email address verification link sent to the specified address.
• Modify your phone number: you can change your number. You will be prompted to enter an OTP
code sent by SMS to the provided number. Once your phone number is verified, this new number will serve as your login identifier.

6. Security Rules

Any use of your Digital Identity is deemed to be carried out by yourself.

To ensure the security of your digital identity, you commit to defining a confidential code that meets the following requirements:
• The confidential code should not be related to your identity (e.g., date of birth 010170).
• Choose a confidential code different from any other code you use.
• Never disclose any details about your Digital Identity to third parties. You will never be asked to
communicate your confidential code.
• It should be renewed regularly; thus, a reminder notification will be sent to you every 90 days.
• Never allow anyone to access or use your Digital Identity.
Both Users and IDnow SAS are required to take all reasonable measures to protect Information, Data, and Digital Identity from any unauthorized access, loss, damage, modification, or unauthorized processing.

We strongly recommend keeping your phone updated by installing security patches for the OS
(operating system) as soon as they are available. This helps ensure data security and the smooth
operation of the application. IDnow SAS cannot be held responsible for consequences arising from not following these recommendations.

You agree to inform us as soon as possible at the address https://www.yris.eu/fr/contact/ of any
unauthorized use of your Digital Identity, your confidential code, or any other information related to your Digital Identity or any breach of security concerning the Services brought to your attention.

Intellectual Property

All intellectual property rights associated with the Identity Service, the Mobile App, the Website, or related documents are owned by IDnow SAS or have been authorized for its use.

The right to use the Identity Service, the Mobile App, the Website, or related documents does not
involve any transfer of intellectual property rights. IDnow SAS only provides a non-exclusive right to use the Identity Service, the Mobile App, the Website, or related documents.

Users are prohibited from using the Identity Service, the Mobile App, the Website, or related documents or facilitating their use by a third party if this use would violate IDnow SAS’s intellectual property rights.

IDnow SAS reserves the right to take all necessary measures to protect its intellectual property rights.

Users are prohibited from removing or circumventing these measures in any way. These measures
include the deletion of Users’ Digital Identity and the termination of the Identity Service.

7. Changes to the Digital Identity Service

We may modify these T&Cs at any time for security, legal, Service evolution, and/or regulatory reasons.

Any changes take effect from their publication or any other indicated date. We will not use this right to make substantial changes to the T&Cs without giving you the opportunity to express your agreement.

We recommend that you regularly consult these T&Cs based on their version and update date. If you
disagree with these changes, you must stop using the Identity Service and terminate your account.

8. Privacy and Personal Data

IDnow SAS takes the protection of personal data and the privacy of Users very seriously and complies with the provisions of European and French data protection legislation.

We use the information about you, whether it comes directly from you or has been collected by IDnow SAS, in accordance with our Privacy Policy.

The complete data retention durations for the User’s Digital Identity are detailed in this Privacy Policy. The retention period related to the Digital Identity Service, such as the data concerning your DigitalIdentity, the proof file of your Digital Identity, and event logs, is 5 years after the revocation of the Digital Identity Service, in accordance with the “eIDAS” regulation no. 910/2014 of July 23, 2014.”

9. Our Support

Questions about the Digital Identity Service should be addressed to IDnow SAS using the contact form available on the Website.

To be valid, all communication between Users and IDnow SAS must be in French or English.

10. Applicable Terms for Warranty, Liability, and Indemnity

Warranties and Liability of IDnow SAS

We commit to providing Digital Identity Services in accordance with these T&Cs and strive to ensure continuous availability, accessibility, and the quality of the Services provided.

However, none of the Digital Identity Services is immune to occasional interruptions and breakdowns, bugs or errors, or fitness for your requirements, and we may need to temporarily suspend access to the Services, especially for technical maintenance reasons, regardless of origin or cause, without this engaging our responsibility.

Furthermore, as you know, the internet network and the IT and telecommunication systems you use for the Services are not free from bugs, interruptions, and/or breakdowns. We cannot, therefore, be held responsible for any damage inherent in your use of the internet, your mobile phone brand, IT, and telecommunication systems, or resulting from events beyond its reasonable control or not directly caused by its actions.

IDnow SAS can never be held responsible for any damage resulting from:
• Incorrect or unauthorized use by Users of the Service, Mobile Application, or Website, or noncompliance with these T&Cs,
• Incorrect data or information provided by Users or not provided within the deadline set by IDnow SAS,
• Inability to access a Third-Party Service due to the non-functioning of the Identity Service.

In all cases, IDnow SAS cannot be held liable for indirect damages, such as commercial losses like job loss, profit loss, revenue loss, business interruption, loss of opportunity, or a reduction in the value of an asset, while the Identity Service is provided to Users for their personal use as a consumer.

All claims must be addressed to IDnow SAS by registered mail to its head office within one year after the occurrence of the facts.

User’s Liability

The User is responsible for their YRIS confidential code and must take all reasonable measures to
prevent it from being known by anyone else. In the event of deliberate or negligent disclosure, the service will not be responsible for any losses or damages incurred.

The user agrees not to lend their phone to untrustworthy third parties and not to allow access to the application by unauthorized persons. Furthermore, the user undertakes not to assign or sell their phone with the installed application to third parties. It is the user’s responsibility to delete the application from their phone before selling, transferring, or giving it to another person. The user is responsible for all consequences arising from unauthorized use of their phone or the application, including, but not limited to, fraud, identity theft, and privacy violations. IDnow SAS disclaims any liability for the user’s failure to meet these obligations.

Force Majeure

IDnow SAS will not be held responsible for any breach of these Terms and Conditions resulting from causes beyond its reasonable control, including, but not limited to, legal requirements, power outages, inappropriate operation of the Internet, IT and telecommunications facilities including the mobile phone and SIM card of the Users, extreme weather conditions, fires, floods, war, strikes, terrorism, general transportation issues, or the unavailability of one or more employees of IDnow SAS.

12. End of your Digital Identity

Revocation

Users are free to stop using the identity service at any time. They can delete their Digital Identity at any time using the function available on the Mobile Application. This deletion will result in the removal of all their personal data from the Identity Service, except those that must be kept for audit purposes, in accordance with French law.

The YRIS service does not allow for the suspension of the means of identification, so IDnow SAS reserves the right to delete the User’s Digital Identity immediately without having to notify them if their messages to IDnow SAS staff are deemed harassing, threatening, or abusive. Any further violence, threatening behavior, or harassment will be reported to the competent authorities.

Similarly, IDnow SAS reserves the right to delete the User’s Digital Identity immediately without having to notify them if IDnow SAS knows or suspects that the Data or Information provided during identity verification is false or falsified, or if IDnow SAS knows or suspects that the user’s identity verification process did not proceed correctly. IDnow SAS reserves the right to report any identity theft or forgery attempt to the competent authorities.

Lastly, IDnow SAS reserves the right to delete the User’s Digital Identity immediately without having to notify them if IDnow SAS knows or suspects they are violating the current General Conditions.

Revocation in Case of Loss or Theft of Mobile Phone

IDnow SAS provides users with an online service that allows them to quickly revoke their YRIS
identification means in the event of loss, theft of their mobile phone, or any other event that could harm their security.

Performing this operation requires, after entering the phone number associated with the electronic means of identification, to follow a remote identity verification process to ensure that the User is indeed the legitimate holder of the electronic identification means they wish to revoke. Once the transmitted identity data is verified, a strict comparison is made between the extracted identity attributes and those referenced on the user’s electronic identification means. In case of a match, the means of identification is revoked and thus becomes unusable.

This revocation service is available 24/7 and can be accessed at the following address:
https://app.yris.eu.

Users can also make their revocation request via the contact form available at the following address: https://www.yris.eu/en/contact/

In this case, additional information, including copies of their documents, will be requested to allow IDnow SAS to ensure that they are indeed the legitimate holders of the title before IDnow SAS’s supportproceeds with the revocation of their YRIS electronic identification means.

Reactivation

Reactivation of the YRIS electronic identification means is not possible. When a support agent deletes a user’s account or when a user deletes their account or uninstalls the Mobile Application installed on their phone, it invalidates the cryptographic elements used during authentication. These elements cannot be restored. However, the user can retrieve their connection history for the month following the deletion. This operation requires going through the process of creating the YRIS electronic identification means and occurs once the transmitted identity data have been verified and a strict comparison has been made between the extracted identity attributes, the provided email address, and those referenced on their previous account.

Renewal

The identity service does not support the renewal of the YRIS electronic identification means. However, users can manually delete their current means and create a new one.

Replacement

While the identity service does not have a dedicated feature for replacing the YRIS electronic
identification means, users can manually delete their current means and create a new one.
On the other hand, when an identification means reaches its expiration date, an email automatically invites the user to create a new electronic identification means.

Proof Files

Proof file associated with remote identity verification for a low assurance level
As mentioned in Paragraphe 5.2.2, the process of issuing a YRIS electronic identification means, for a low assurance level, requires a remote identity verification process during which the user submits their identity data. The authenticity and legitimacy of this data are determined by the IDCheck.io service. At the end of this verification, a verdict is reached. The YRIS service then creates a proof file containing information that can be used in support of any dispute or legal procedure. This file is archived for a period of ten years.

This proof file contains the following elements:

The verdict and final findings produced by the automatic systems and, if applicable, the operators; The items provided by the User and used by the service, i.e.: photos of the presented identity document, the reconstructed video of the user’s face, Information extracted from the identity document. Proof file associated with remote identity verification for a substantial assurance level
In the case of issuing a YRIS electronic identification means, for a substantial assurance level, the
creation and archiving of the proof file is ensured by our IDCheck.io PVID service. The conditions for creation and the content of this file are described in the Remote Identity Verification Policy.

Proof file associated with the electronic identification means

Compilation of the proof file

Following the deletion of their electronic identification means by the User, by the authorized staff of IDnow SAS, or by the service, the latter retains the information that can be used in support of any dispute or legal procedure in a proof file for a period of five years from the deletion date.

Content of the proof file

The proof file contains the following elements:
• User’s identity information extracted by the remote identity verification service;
• Personal data provided by the User and verified by the service during the creation process of the
electronic identification means;
• Information related to the smartphone and the version of the Mobile Application used;
• Information about the management of the electronic identification means lifecycle;
• The history of remote identity verification processes performed by the User, including those carried
out as part of a revocation request for the electronic identification means;
• The history of connections and associated evidence made by the User.

Terms of conservation and consultation of the proof files

These data are stored exclusively for the purpose of dispute resolution and in strict compliance with applicable regulatory requirements.Access to this file for consultation purposes is granted under the right of access provided for by the GDPR. No requests for rectification or deletion will be considered due to the purpose of these proof files, in accordance with Article II.2.4.2 (3) of the reference framework of security requirements for electronic identification means. The retention periods, five years for the proof file associated with the electronic identification means and ten years for the proof file associated with remote identity verification, are set by the reference framework of security requirements for electronic identification means. At the end of these periods, the proof files are automatically deleted. These deletions are irreversible. These proof files are encrypted and stored using a unique symmetric encryption key for each. This symmetric key is in turn encrypted by a public key. The private key associated with the latter is protected by a qualified offline cryptographic device.

Each request for access to a proof file is validated by the DPO in the case of exercising the right to
consultation, and by a corporate officer of IDnow SAS in the case of dispute resolution. The unarchiving procedure requires a quorum of authorized individuals. It is logged in the Register of access to the proof files.

Dispute Resolution and Applicable Law

These Terms and Conditions, as well as any disputes or claims arising out of or in connection with them or their subject or formation (including any non-contractual disputes or claims), will be governed by and construed in accordance with French law.

Any dispute that cannot be settled amicably will be brought before the competent judge in the placewhere IDnow SAS has its registered office.

13. Miscellaneous

If a provision of these General Conditions is declared invalid or null, this will not affect the validity of the other provisions included in the General Conditions. In such a case, IDnow SAS will amend these General Conditions with the aim of achieving the same purpose and objective as that of the provision declared invalid.

A waiver of any right or remedy under these General Conditions or by law will only be effective if given in writing and will not be deemed a waiver of any subsequent breach or default. The failure or delay by IDnow SAS to exercise a right or remedy provided in these General Conditions or by law does not constitute a waiver of that or any other right or remedy, nor does it prevent or restrict any further exercise of that or any other.