2 Table of contents 1 Introduction General description Document name and specification data Parties Banks Service provider System supplier The identifying customer The purpose of bank identifiers and the Tupas certificate Organisation administering the identification principles Administrative data of the standard Administrative organisation Intellectual property rights Naming convention and definitions Publication and availability of the data Implementation of the service Contract between the bank and the service provider Applicability for operations and the industry Agreement on legal consequences Handling of personal identity codes Marketing use of the name Tupas and the logos of the banks providing the service Bank identifiers Identification of the applicant for bank identifiers Contracts concerning bank identifiers Blocking service Use of the service Storage of the data in the identification document Release of data and bank secrecy The service provider's data Collecting log data of the use of service, storage of the data Storage period Release of data and bank secrecy The service provider's key Continuity of operations, error management and handling of exceptions Use of the data received via the Tupas service Single Sign-On and Session Transfer Halting of the Tupas service and termination of the contract Right to give notice Technical security arrangements Creation and implementation of bank identifiers and the service provider's keys Protection of identifiers and keys IT security arrangements Timestamp Certificate and blocking list profiles Auditing and inspections The statutory right of supervisory authorities for inspections APPENDIX 1 BANK-SPECIFIC CONTACT INFORMATION HANDELSBANKEN NORDEA OP BANK GROUP S-BANK SAMPO BANK SAVINGS BANKS AND LOCAL CO-OPERATIVE BANKS TAPIOLA BANK... 15
3 2 (16) BANK OF ÅLAND APPENDIX 2 DOCUMENTS USED FOR INITIAL IDENTIFICATION... 16
4 3 (16) CHANGE LOG Version Page Comment v second paragraph incorrect, changed to correspond to decision made on 19th December 2007 by the Federation's Banking Executive Committee. v2.0 all Name changed to identification service, use of the term certification abandoned, additional specification to identification principles, contact information moved from the service description. v2.0b 11 Minimum length, generation and renewal of authentication key. 16 Acceptability of documents used for initial identification updated. APPROVAL Version code Date Approved by v June 2008 Payment Systems Committee v March 2010 Payment Systems Committee v2.0b Payment Systems Committee
5 4 (16) 1 Introduction 1.1 General description The banks Tupas identification service (hereinafter "Tupas service") allows businesses and corporations (hereinafter "service provider") who provide electronic business services to identify their customers using Tupas certificates. In the Tupas service, banks identify their customers with strong identification 1 by using their own registers. The Tupas service is used primarily for electronic identification and electronic signatures in the service provider's business services. The Tupas service has been jointly specified by all the involved banks. Each bank identifies its customers using the same bank-specific identifiers (hereinafter "bank identifiers") that the customer uses in the bank s own services. The Tupas service can be used in Internet services which require the reliable identification of customers. In addition to strong identification, the transaction must be carried out through sufficiently secure procedures. The changing identification numbers which banks use satisfy the criteria for a secure identification transaction. 2 The service provider initiates the identification by sending an identification request to the customer. The customer then transfers the request to their own bank s identification service by clicking on the bank s service button. The bank's Tupas service sends a response message to the customer (hereinafter "Tupas certificate" or "certificate") once the identification has taken place. 3 The customer checks the information on the certificate, and after approving it, returns to the service provider's service, at which point the certificate's data is transmitted to the service provider. If the customer so wishes, he or she is allowed to cancel the identification transaction before identifying himself or herself, or while checking the certificate. In the Tupas service, the bank is only responsible for identifying the customer as specified in this service description, and is not responsible for the validity or content of the legal transaction between the customer and the service provider. The service provider and the customer can agree on the use of the Tupas certificate as part of the electronic signature 4 in the legal transaction between the customer and the service provider, which enables the reception of various applications and the signing of contracts through the Internet. The service provider is responsible for the other requirements of the electronic signature, such as managing all of the data and ensuring 1 Strong identification comprises something that the user: knows (such as a user ID), possesses (such as a list of passwords or a security calculator that generates one-time identifiers, or some other device), is physically (such as a fingerprint). Two of these conditions must be satisfied simultaneously for the authentication transaction to satisfy the definition of strong authentication. (Act on Strong Electronic Identification and Electronic signatures [617/2009], Chapter 1 Section 2 Subsection 1) 2 The combination of a fixed password and user name does not satisfy the criteria for strong identification required by the Tupas specification. 3 The Tupas Certificate can only be used once and it is tied to both the service provider's service transaction in question and to the customer with a time stamp. 4 Electronic signature means data in an electronic form that is linked or logically connected to some other electronic data and used as a device for verifying the identity of the signatory. Identification devices may be used in the execution of legal transactions, unless otherwise provided by law or section 18. (Act on Strong Electronic Identification and Electronic signatures [617/2009], Chapter 1 Section 2 Subsection 9, and Chapter 2 Section 5 Subsection 1).
6 5 (16) its integrity and indisputability, and for storing the response message. Use of the Tupas certificate as an electronic signature is supported by the timestamped response messages and the banks' log files. 1.2 Document name and specification data 1.3 Parties Banks Service provider System supplier These identification principles are a description of the banks' Tupas identification service, as defined in the Tupas specifications. The document describes those procedural methods and operating principles that apply to the strong identification of the customer and service provider, the administration and lifespan of bank identifiers, and legal questions related to the business operations. The principles were produced by the Federation of Finnish Financial Services. In the Tupas identification service, banks function as the producers of certificates and identify the person and/or company that uses the services of a service provider who has a contract with the bank. The bank also identifies the service provider for the customer. The word "bank" refers here to a credit institution operating in Finland or to a branch of a credit institution that has licence to operate in Finland. The service provider forms a contract with each Tupas bank for the use of the service. The service provider uses the Tupas certificates for the reliable identification of customers who are using their service. The bank and the service provider are not in direct contact with each other in the identification service. There is no contractual or subcontracting relationship between the banks and the service provider's system supplier. The system supplier builds the system to include the technical features required for the introduction of the Tupas service The identifying customer The word customer here refers to a person who transacts business in the service provider s Internet service, using bank identifiers for identification. The customer is pivotal in the use of the service, and controls the transmission of his or her data between the service provider and the bank. 1.4 The purpose of bank identifiers and the Tupas certificate The Tupas service is suitable for Internet services whether they are targeted for consumers or businesses. The Tupas service enables the strong identification of a person using the service provider's service, and makes it possible to sign contracts and
7 6 (16) verify authorisations. It also enables the identification of businesses using the Tupas service. The strong identification carried out using the Tupas service is needed in Internet services in which confidential or financially valuable information is handled, binding legal transactions are made, or a person s age requires verification. 1.5 Organisation administering the identification principles The Federation of Finnish Financial Services maintains the documents connected to the Tupas identification principles, and is responsible for administrating and updating them. The Federation of Finnish Financial Services owns the copyrights to the Tupas identification principles. 2 Administrative data of the standard 2.1 Administrative organisation The Federation of Finnish Financial Services administrates, develops and maintains the Tupas specification and the documentation connected to it. The current technical description of the Tupas service, the identification principles and implementation procedures, and the roles and legal relationships of the parties that partake in the provision of the Tupas service are described in more detail in documents maintained by the Federation. Banks offer and sell the Tupas service to their own business and corporate customers with their own standard terms and conditions and under their own name. 2.2 Intellectual property rights The Federation of Finnish Financial Services owns the copyrights and all other intellectual property rights connected to the standard, such as the copyrights of the Tupas documentation, the Tupas product name (trademark) and the copyrights of the Tupas service information website. The documentation published by the Federation can be browsed, stored or printed for one's own use within the limits set by Finnish copyright legislation. Any other use without the express permission of the Federation of Finnish Financial Services is prohibited. The material or any part of the material may not be lent or distributed publicly without the advance written permission of the Federation. If the Federation gives its express written permission, the material can be used only in an appropriate manner pursuant to the law, authority guidelines and good practice, and the Federation of Finnish Financial Services must be indicated as the source. 2.3 Naming convention and definitions There is no designated name for the identifiers banks use in their service. In the Tupas documentation, the general term "bank identifiers" is used to denote these identifiers. In addition to the identifiers, banks may also decide to accept the use of other remote
8 7 (16) identification devices. The service must fill the specifications of the Tupas service, but each bank may use their own bank-specific names. 2.4 Publication and availability of the data The public documentation connected to the Tupas specification is available on the website of the Federation of Finnish Financial Services at The Tupas specification comprises the following public documents: Tupas identification service for service providers service description and service provider's guidelines Tupas identification service identification principles 3 Implementation of the service 3.1 Contract between the bank and the service provider The service provider must sign a separate contract with all the banks whose Tupas service they want to use. The contract should include the details of the construction and technical solutions of the service, the division principles of expenses that result from the technical solutions, the division and limitations of responsibility, and the commercial terms and conditions of the cooperation. The contracts must follow the bank-specific terms and conditions of the Tupas service. Refer to Appendix 1 for bank-specific contact information. A bank may refuse the contract with the service provider, if it is evident that the Tupas certificate would be used for unethical or illegal activities, or if the use of the certificate could potentially cause financial or immaterial losses to the bank. It is fundamental for the Tupas service that the participating service providers provide their service under their own names. The interface between the services provided by the bank and the service provider should be made clearly separable in the implementation. Customers should be able to clearly distinguish who owns and is responsible for the service they are using at any given time (service provider identification). The first day of service is agreed on in the contract. The service provider s information is registered at each bank, and the service provider must notify each bank separately if the contract information changes. After the contract has been made, the bank delivers the service s bank-specific user ID and authentication key to the customer. The information is delivered either in digital or paper form depending on the bank. Before signing any contract, service providers can test the service in their product environment by using bank-specific trial identifiers. The bank-specific data used during the testing phase are available in the bank s service descriptions.
9 8 (16) Without the bank s permission, a service provider is not allowed to reproduce the Tupas service, attach Tupas buttons to e.g. s, or construct the Tupas service on websites other than the website registered under the service provider s name. 3.2 Applicability for operations and the industry The Tupas service is suitable for all private service providers and service providers subject to public law, and for all services and industries provided that the activity in question can be carried out through electronic services according to substantive legislation (such as the provisions concerning real estate business, estate law and family law). The service provider is responsible for the applicability of the Tupas service to the service provider's operations. The service provider should in advance always verify the introduction of the Tupas service with the regulatory authority of its own industry, for example if obligations for the identification of customers have been decreed in regulations, sector-specific laws, or the law for the prevention and investigation of money laundering. The service providers referred to above include deposit banks, financial institutions, fund management companies, investment service companies, brokerage firms, life and pension insurance companies and real estate agencies. In certain industries, projects that are to be outsourced, and situations in which agents or subcontractors are used, may in and of themselves require a contract that differs from the standard terms and conditions. 3.3 Agreement on legal consequences The terms and conditions of the contract between the customer and the bank do not apply to the legal relationship between the customer that is identified and the service provider utilising the Tupas service. For this reason, the terms and conditions of the service and the consequences of the signature must always be separately agreed on between the customer and the service provider whenever it becomes necessary. The use of bank identifiers for electronic signatures requires that the service provider acquires the customer s express agreement on these legal consequences, for example by asking them to sign a form on the service s website. The service provider must be able to indisputably reconcile the log data created in the use of Tupas identifiers. The service provider is responsible for the specification of the log data that is created in the service provider's own services. 3.4 Handling of personal identity codes The service provider is responsible for ensuring that it has the right to handle plaintext personal ID codes in the service in question, if it prefers to use the plaintext delivery of Tupas identifications.
10 9 (16) 3.5 Marketing use of the name Tupas and the logos of the banks providing the service 4 Bank identifiers The image files for the bank-specific buttons used in the service can be downloaded from the banks websites. The size or colours of the buttons may not be changed. More detailed instructions on the use of the images can be found in the bank-specific terms and conditions of the contract between the service provider and the bank. The image on the button cannot be used for any other purpose than what is defined in the contract. 4.1 Identification of the applicant for bank identifiers When the identifiers are handed over, the bank authenticates the identity of the person who is applying for them. The identification is made face-to-face using a governmentissued document which reliably shows the identity of its holder. The documents that can be used in this initial identification are listed in Appendix 2. An exception to the rule of performing initial identification in person can be made if the identification service providers have entered into a mutual agreement on ways to rely on each other in performing the initial identification. In such cases, the identification device may be applied for electronically. In their agreement, the identification service providers shall define how the liability from potential faulty initial identification will be shared among them. Regarding the party sustaining the damage, the identification service provider relying on another provider performing the initial identification shall be held responsible. 5 The bank can use an agent in the identification if the bank and agent have agreed to do so in the manner required by the authorities. 4.2 Contracts concerning bank identifiers 4.3 Blocking service The identifier applicant and the bank sign a contract on the surrender and use of the bank identifiers. The first time a customer retrieves the identifiers must be in person, so his/her identity can be verified. In the future the identifiers can be ordered online and delivered by mail, if the customer has already existing, valid identifiers. A customer cannot authorise a third party to retrieve the identifiers on his or her behalf. Deactivated identifiers can only be activated when their owner has been identified. The bank can employ an agent to sign the contract and surrender the identifiers if the bank and agent have agreed on it in the manner required by the authorities. Banks offer the users of bank identifiers a round-the-clock (24/7) bank-specific blocking service, which the customer can use if his/her bank identifiers have been lost or wrongfully acquired by a third party. More information about the blocking service 5 The Act on Strong Electronic Identification and Electronic Signatures (617/2009), 17
11 10 (16) 5 Use of the service is available on the banks own websites. The blocking service alternatives are bankspecific. 5.1 Storage of the data in the identification document In the bank, the customer's identification must be documented and archived so that it can be shown what data the identification was based on and who the customer was identified by. The identification documents must be archived for at least five years after the end of the customer relationship. 6 The identification is recorded in documents and files concerning the customer. At least the following information must be stored: information concerning the person's identity the name of the document used in authenticating the person's identity, the number of the document, or some other identifier data (such as customer data recorded in the contract) or a copy of the person's identity papers name of the person who carried out the identification 5.2 Release of data and bank secrecy In connection with the Tupas service, the customer gives the bank permission to release customer data to the service provider. This concerns only data which is necessary for the use of the service. The service provider must process this data confidentially, pursuant to the Personal Data Act, decrees of the authorities, and legislation specific to the service provider's industry. If the service provider requires additional information from the customer s bank, for example for the purposes of risk management or to investigate a transaction which the customer has disputed, the bank cannot release the data due to bank secrecy, unless the customer has given the bank such permission. In connection with the use of the Tupas service, the service provider must ensure that it also asks for the customer's permission in advance for such situations. 5.3 The service provider's data On its website, the service provider must provide precise, clear and easily available information about itself. Such information includes, for example: the service provider's contact details o business name recorded in the trade register o auxiliary business name or other such name o address of the main place of business, address or other electronic contact details alternative way of contacting the service provider, such as a telephone number business ID and corporation ID the target of the service the authority supervising the service provider 6 Section 8 of the Act on Preventing and Clearing Money Laundering.
12 11 (16) how and where disputes concerning the service are to be settled to which deposit insurance or investment insurance system the service belongs the service fees and what they consist of The customer must be able to easily and clearly see when he or she moves from the pages of the Tupas service provider to the pages of another service provider. 5.4 Collecting log data of the use of service, storage of the data Storage period Each bank's Tupas application maintains a log of the use of the Tupas service. When the Tupas service is used, the bank sends the data on the identified customer to the service provider's data system. The service provider is responsible for reconciling this identification and/or signature transaction data with the transaction (contract, application, etc.) in which the Tupas service was used. The service provider must ensure that its own service maintains log files of the service. It must be possible to reconcile this log data with the audit trail data in the data content of the transaction (database(s) that form(s) the transaction's entire data content) to which the use of the Tupas service was connected. The banks store the log data generated through the use of the Tupas service for the minimum time period required by legislation and official regulations. The service provider stores the customer data it receives via the Tupas service for the time period required by its industry s legislation and the Personal Data Act, after which the personal data must be deleted Release of data and bank secrecy The bank's log data is subject to bank secrecy and is not released to the service provider. With the customer s permission, the bank is entitled to release log data created through the use of the Tupas service. 5.5 The service provider's key The authentication key (the MAC key) used in the calculation of checksums is random and at least 32 characters long. 7 For security the bank generates the service provider's key by using changing attributes. The authentication key is regularly changed by the bank and can also be changed if the service provider so wishes. The change is carried out through bank-specific procedures which are described in the banks' system descriptions. 7 All authentication keys issued after 1 April 2011 must have a minimum length of 32 characters (64 hexadecimal characters).
13 12 (16) 5.6 Continuity of operations, error management and handling of exceptions The banks provide the identification service in accordance with bank-specific terms and conditions. The banks are required to have a continuity plan for the services, which includes the description of error handling and notification. 5.7 Use of the data received via the Tupas service The identification transaction data the bank sends to the service provider in the Tupas service is only intended to be used in connection with the single transaction in which the Tupas service was used. The bank-specific standard terms and conditions may have various use restrictions concerning the data that was received via the Tupas service. The service provider is not allowed to use the received data for any other purposes, unless they have made a bank-specific, written contract that specifies otherwise. Using the Tupas identifiers to create new identifiers is only allowed if the Tupas provider bank and the service provider using the identification service have mutually, contractually agreed to trust initial identification which has been performed by the other. 5.8 Single Sign-On and Session Transfer Single Sign-On refers to a method by which the customer uses a single Tupas identification to sign on to several service providers. Single Sign-On is not allowed using Tupas identifiers. Session transfer refers to transferring from one service to another without a new Tupas identification so that the customer logs out from the first service and is only logged in to one service at a time. The conditions for session transfer are: each service provider whose service the customer can be transferred to must make a session transfer contract with the banks the service provider must record log files from all session transfers banks must have access to the session transfer logs, to investigate errors and cases of suspected misuse the customer should at all times be able to see which service he/she is logged in at the moment whenever binding legal transactions are made over transferred sessions, Tupas identification must be performed to validate the transaction.
14 13 (16) 6 Halting of the Tupas service and termination of the contract 6.1 Right to give notice The service provider and the bank agree on the details of the contract s termination and the bank's right to halt the use of the Tupas service. This agreement is entered in the bank-specific terms and conditions. 7 Technical security arrangements 7.1 Creation and implementation of bank identifiers and the service provider's keys The equipment and software used by the bank for the creation of the bank identifiers and the service provider's authentication keys are protected with physical and software security measures. The keys are stored within and their validity is confirmed from a special environment that is secured against unauthorised use. 7.2 Protection of identifiers and keys No confidential data processed in the system used to create and individualize keys is to be released outside the system in an unsecured manner. 7.3 IT security arrangements 7.4 Timestamp The system's security features ensure individual access control and traceability of each measure and task connected to the management of bank identifiers and keys. The Tupas service does not have its own timestamp service. Each party must independently maintain the clocks of the data systems connected to the service. 8 Certificate and blocking list profiles The data content of the Tupas certificate is described in the Tupas specification. 8 There is no separate blocking list for the certificates, because the unique certificate that is created each time can only be used once. The bank maintains a blocking service for its own bank identifiers. Tupas certificates are not granted for blocked bank identifiers. 9 Auditing and inspections 9.1 The statutory right of supervisory authorities for inspections The bank must ensure that its data system and the distribution system of bank identifiers and Tupas certificates can be inspected by the supervisory authorities. 8 Tupas identification service for service providers, service description and instructions for service providers.
15 14 (16) APPENDIX 1 BANK-SPECIFIC CONTACT INFORMATION HANDELSBANKEN NORDEA OP BANK GROUP Contract issues Local branch User ID and keys Collected from the bank Customer support and technical problems HelpDesk During weekdays Contract issues User ID and keys Local branch Delivered by mail to the contact person named in the contract. Customer support and technical problems Solo information for corporate customers In Finnish: (0.11 /min + local network/mobile call fee) During weekdays between 8 18 In Swedish: (0.11 /min + local network/mobile call fee) During weekdays In English: (0.11 /min + local network/mobile call fee) During weekdays Contract issues User ID and keys Customer support Local OP bank Collected from a branch of the bank OP Bank phone service: In Finnish: In Swedish: S-BANK Contract issues S-Bank electronic services (contact by or telephone) User ID and keys Delivered to the contact person named in the contract Customer support and technical issues ( /call /min)
16 15 (16) SAMPO BANK Contract issues Local branch or phone (local network/mobile call fee) Mon Fri 8 17 User ID and keys Delivered on diskette in a sealed mail package Customer support and technical problems Private customers (local network/mobile call fee), Mon Fri 9 18 Corporate customers (local network/mobile fee), Mon Fri Corporate customers can contact customer support through the internet banking site, over a secure connection SAVINGS BANKS AND LOCAL CO-OPERATIVE BANKS Contract issues Local branch User ID and keys Collected from the bank Customer support and technical problems phone (1.17 /min + local network fee) TAPIOLA BANK Contract issues Tapiola electronic services User ID and keys Delivered to the contact person named in the contract Customer support and technical problems Private customers (Mon Fri) BANK OF ÅLAND Contract issues User ID Local branch Handed at the branch upon signing the contract. The identification key is mailed to the contact person named in the contract. Customer support and technical problems Contact Center customer service In Finnish: In Swedish: during weekdays Mon Thu , Fri
17 16 (16) APPENDIX 2 DOCUMENTS USED FOR INITIAL IDENTIFICATION Valid document usable in initial identification In the identification of customers, banks follow the Act on Preventing and Clearing Money Laundering and Terrorist Financing (503/2008) and the Standard 2.4 on customer identification and customer due diligence, issued by the Financial Supervisory Authority of Finland. The Federation of Finnish Financial Services issued guidelines for its members on 12 January 2008 regarding the prevention and investigation of money laundering and terrorist financing, delineates the documents that may be used in identity verification. Since 1 March 2010, initial identification in the Tupas identification service follows the Act on Strong Electronic Identification and Electronic Signatures (617/2009). Legal interpretations that are shared by the Ministry of the Interior and the Finnish Communications Regulatory Authority have been placed within parentheses in the following table. The documents that are acceptable in banking related identification have been listed by country. Country the document has been issued by Banking identifiers used in Tupas service Kela photocard Finland not acceptable acceptable Other bank services Driver s licence Finland if issued after 1 Oct 1990 may be defined acceptable in bankspecific guidelines (interpretation: if no mention of transfer to another country) acceptable ID card Passport EEA countries if issued after 1 Oct 1990 may be defined acceptable in bankspecific guidelines not acceptable Finland acceptable acceptable EEA country, Switzerland or San Marino Other EEA country, Switzerland or San Marino Other acceptable if a travel document and authenticity is verifiable from public sources not acceptable acceptable may be defined acceptable in bank-specific guidelines acceptable if a travel document and authenticity is verifiable from public sources acceptable if a travel document and authenticity is verifiable from public sources acceptable if authenticity verifiable from public sources acceptable if authenticity verifiable from public sources Alien s passport Finland acceptable if no mention of previous failure of identification acceptable if no mention of previous failure of identification Refugee s travel document Finland acceptable if no mention of previous failure of identification acceptable if no mention of previous failure of identification
NB: Unofficial translation; legally binding texts are those in Finnish and Swedish Act on Strong Electronic Identification and Electronic Signatures (617/2009) Chapter 1 General provisions Section 1 Scope
Terms and conditions for electronic communication 1. Scope of application These terms and conditions apply to electronic communication undertaken by the Customer or the User using ebanking or telephone
1 (10) Contractual terms of RAY Valid as of January 29, 2013 These contractual terms replace the contractual terms of RAY that entered into force on August 28, 2012. These terms shall also be applied to
TERMS AND CONDITIONS OF USE FOR THE NORDEA PAY APP 05.2016 Nordea Pay is an app that is downloadable on mobile devices transmitted by Nordea Bank Finland Plc. The app includes services offered by Nordea
TERMS AND CONDITIONS OF INTERNET AND TELEPHONE BANKING SERVICES FOR PRIVATE CUSTOMERS Effective as of 2014-07-10 1. DEFINITIONS 1.1. Terms and Conditions these Terms and Conditions of Internet and Telephone
NB: Unofficial translation legally binding only in Finnish and Swedish Ministry of the Interior, Finland Act on Detecting and Preventing Money Laundering and Terrorist Financing (503/2008; amendments up
ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING This Supplemental Terms and Conditions of Trading is supplemental to and forms part of the terms and conditions set out in the
Terms and Conditions for Remote Data Transmission (Status 31 October 2009) 1. Scope of services (1) The Bank is available to its Customers (account holders) for remote transmission of data by electronic
Nordea Bank Finland Plc s General 1 (11) Information about the service provider The main service provider referred to in these terms is Nordea Bank Finland Plc, a commercial bank from the city of Helsinki.
215 ACT of 15 March 2002 on electronic signature and on the amendment and supplementing of certain acts as amended by Act No. 679/2004 Coll., Act No. 25/2006 Coll., Act No. 275/2006 Coll., Act No. 214/2008
LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,
CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER
1 (8) Basic Public Services, Legal Rights and Permits 22.9.2015 Supervision of trades GENERAL INSTRUCTIONS FOR OBLIGED ENTITIES REGARDING THE PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING Money
Client Information Terms & Conditions? www.nockolds.co.uk 1. Introduction As from 1 June 2012 all work we do for you is governed by these terms of business. Attached to these terms is a letter that contains
Record no. 954/302/2010 13 February 2015 Requirements set for account holders and representatives of emissions trading accounts These requirements are based on the Commission s Registry Regulation 1. The
ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) On basis of article 153 of the National Assembly of Slovenia Rules of Procedure the National Assembly of the Republic
Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.
General terms and conditions for corporate accounts These General terms and conditions for corporate accounts were adopted on 15 November 2012. These terms and conditions will be applied to companies account
General Terms on Deposit Accounts 1. General... 2 2. About Arion Bank hf.... 2 3. Communicating with Arion Bank, passing on information, languages etc.... 2 4. Opening an account and powers of attorney...
1 st. of April 2016 This bulletin contains general advance information on payment services which the Bank must provide to a consumer customer before entering into a master agreement (hereinafter the "Bulletin
Page 1 / 9 General card terms for corporate customers Valid from 16.2.2014 1. Scope and definitions These General Terms and Conditions for Corporate Cards apply to cards issued by (referred to herein as
Part E of the account agreement: 1. Cardholder: The person(s) to whom the card(s) was/were issued The Company: The card issuer, DNB Bank ASA. Card Acceptor: Place of business that accepts the card as a
TRANSLATION FROM RUSSIAN Amendments and Modifications to Internal Procedure Rules of AS Talveaed. General Part Division I New clauses 7-18 are added: 7 TLVD&EasyPay electronic system of express payments
LiteForex Group of Companies hereinafter referred to as Company offers a service package, hereinafter called Investment Accounts Service in the manner and conditions described in these Regulations Registration
Version 2009 Version 2013 1. Purpose These Terms and Conditions supplement the General Terms and Conditions of the Raiffeisen bank and regulate the communication between the customer and the Raiffeisen
NB: Unofficial translation; legally binding texts are those in Finnish and Swedish Domain Name Act (228/2003; amendments up to 397/2009 included) General provisions Section 1 Objectives The objective of
REGULATIONS FOR SAVINGS ACCOUNT AND ELECTRONIC BANKING SERVICES IN PKO BANK POLSKI SA Table of Contents PART I GENERAL PROVISIONS... 1 SUBJECT OF THE REGULATIONS AND DEFINITIONS... 1 PART II ACCOUNT...
Office of Employee Benefits Administrative Manual PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT 150 EFFECTIVE DATE: AUGUST 1, 2009 REVISION DATE: PURPOSE: Ensure that the Office of Employee Benefits
General Terms and Conditions Regarding Accepting Ticket solutions for Meal and/or Sports and Cultural Services 1. Purpose and Scope 1.1 The General Terms and Conditions shall be applicable to a contractual
INFORMATION SECURITY MANAGEMENT OF A NUCLEAR FACILITY 1 Introduction 3 2 Scope of application 3 3 Information security management 3 3.1 General requirements 3 3.2 Information security management system
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Combating Money Laundering and Terrorist
(Unofficial translation by the Financial and Capital Market Commission) Text consolidated with amending laws of 12 December 2008; 01 December 2009; 10 December 2009. If a whole or part of a section has
OP Corporate Bank plc Latvia Branch (former name: Pohjola Bank plc Latvia Branch) TERMS AND CONDITIONS OF THE ELECTRONIC SERVICES AGREEMENT TABLE OF CONTENT 1 DEFINITIONS... 3 2 GENERAL... 4 3 USE OF NETBANK
1 Terms and conditions of investment service May 2014 2 Contents 1. Purpose and scope of application of the terms and conditions of agreement... 4 2. Definitions... 4 Client... 4 Client s Representative...
Online Access Agreement Please read this Agreement carefully before using this website and keep a copy for your records. By using this website, you agree to the terms and conditions set forth herein and
Guidelines on the way of developing the instruction specifying the method of managing the computer system used for personal data processing, with particular consideration of the information security requirements.
E-invoice in file transfer Service description Content Receiving invoices through Netbank or file transfer... 3 Who can use the service?... 3 How to adopt the service... 4 File formats... 4 Finvoice...
CONSULTATION PAPER P018-2014 SEPTEMBER 2014 NOTICE ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing in 2004 1 ( Guidelines ) to promote sound risk management practices for the outsourcing
Regulations concerning measures to combat money laundering and the financing of terrorism, etc. Translation as of April 2009. This translation is for information purposes only. Legal authenticity remains
Finansinspektionen s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished for information purposes only and is not itself a legal document. Finansinspektionen's
ComSign Ltd. Certification Practice Statement (CPS) Procedures relating to issuing electronic certificates that comply with provisions of the Electronic Signature Law and its regulations. Version 3. 1.1.
1 I. SCOPE OF APPLICATION OF THE GENERAL TERMS OF ORDERS AND DEFINITIONS 1 Purpose and scope of application of the Terms of Orders These Terms of Orders shall be applied to the Order Relationship on the
GENERAL DELIVERY TERMS OF ALSO EESTI OÜ Valid as of 01.01.2015 1. Scope of application These delivery terms regulate the sale of products and provision of services (hereinafter the Products) by ALSO Eesti
Foort Tayler Terms of business for probate and wills We have prepared this document to make our terms and conditions of business as clear and understandable as possible, and to anticipate, as best we can,
Russian Federation Federal Law No. 161-FZ of June 27, 2011, "On the National Payment System" Adopted by the State Duma on June 14, 2011 Approved by the Federation Council on June 22, 2011 Chapter 1. General
INTERNATIONAL MONEY EXPRESS (IME) LIMITED ONLINE REMIT USER AGREEMENT This User Agreement is version 1.01 and is effective from This Agreement Between International Money Express (IME) Limited (hereafter
Contract on the use of the myaxa client portal by a company Please fill in this contract completely and electronically. Afterwards, please send it with your signature to one of the following addresses:
PostSignum CA Certification Policy applicable to qualified personal certificates Version 3.0 7565 Page 1/60 TABLE OF CONTENTS 1 Introduction... 5 1.1 Review... 5 1.2 Name and clear specification of a document...
ONLINE EXPRESS INTERNET BANKING CUSTOMER AGREEMENT This Agreement is entered into between Farmers Trust & Savings Bank (the "Bank") and any customer of the Bank who subscribes to the Bank s Online Express
1 NB: Unofficial translation Ministry of Trade and Industry, Finland ELECTRICITY MARKET ACT (386/1995; amendments up to 1172/2004 included) In accordance with a decision by Parliament, the following is
Pursuant to the provisions of the Article 99 of the Capital Markets Act (Official Gazette 88/08, 146/08), the Management Board of the Croatian Financial Services Supervisory Agency issued at its session
Trading Terms and Conditions for the @FAKTURA.24 Service of Česká spořitelna, a.s. 1. Definition of scope I. INITIAL PROVISIONS 1.1. The Trading Terms and Conditions for the @FAKTURA.24 Service of Česká
Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)
TERMS AND CONDITIONS OF CASH TRANSACTIONS IN DOMESTIC TRANSACTIONS AT PKO BP SA BANK TABLE OF CONTENTS Section 1... 1 GENERAL PROVISIONS... 1 I. Acceptance and execution of the payment order by the Bank...
Work Pass Division 18 Havelock Road Singapore 059764 Tel: 6438 5122 www.mom.gov.sg firstname.lastname@example.org Declaration Form for EP Online/ WP Online User Agreement You may need about 2 minutes to complete this
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
Page 1 of 9 GRTGAZ NETWORK TRANSMISSION CONTRACT APPENDIX A3 STANDARD EVIDENCE AGREEMENT English translation for information. Disclaimer The present translation is not binding and is provided by GRTgaz
Online (Internet) Banking Agreement and Disclosure This Online (Internet) Banking Agreement and Disclosure ( the Agreement") explains the terms and conditions governing the basic Online Banking services
Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions
REPUBLIC OF SERBIA ELECTRONIC SIGNATURE LAW JUGOSLOVENSKI PREGLED Belgrade, 2009 ELECTRONIC SIGNATURE LAW Note: This is a true translation of the original Law, but it is not legally binding. Original title:
(Unofficial translation) Published in the newspaper Latvijas Vēstnesis1 No. 342/346 on 30 December 1997, taking effect on 1 July 1998. As amended by: Law of 01.06.2000 (L.V., 20 June, No. 230/232; Ziņotājs,
General Terms and Conditions These General Terms and Conditions (hereinafter referred to as GTC) establish the relationship for service providing between: till3am s.r.o. IČ 60193336, DIČ (VAT) CZ60193336,
FAST 5 Format of Board Resolution to be submitted by the Company along with the SBI FAST (CMP Internet Portal) Registration Form Resolved that: The Company do avail the SBI FAST (CMP Internet Portal) services
365 Phone, Online and Mobile Banking Terms and Conditions - Republic of Ireland Effective from 25 th November 2013 1.0 Definitions of Terms used in this Document 2.0 Accounts 3.0 Mandates 4.0 SEPA Transfers
Paying and Terms Postage Meter Users Effective January 11, 2016 Trade-mark of Canada Post Corporation. OM Official mark of Canada Post Corporation. canadapost.ca/postalservices T455625 Postage Meter Users
Estonie Loi sur la signature électronique Entrée en vigueur le 15 décembre 2000 Estonia - Digital Signatures Act Passed 8 March 2000 (RT I 2000, 26, 150), entered into force 15 December 2000. Chapter I
Instructions for merchants Acquiring payments on the Internet or in mail and telephone orders This handbook is intended for everyone whose work includes acquiring of MasterCard and Visa payments on the
DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed
Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment
LICENCE AGREEMENT FOR THE USE OF THE EKOENERGY LABEL Version for suppliers of electricity (to end-consumers) Contact email@example.com for more information INTRODUCTION EKOenergy is a label for electricity.
GENERAL TERMS AND CONDITIONS FOR OUTGOING AND INCOMING CURRENCY PAYMENTS These general terms and conditions for currency payments have been drawn up by Danske Bank A/S, Helsinki Branch based on the drafted
BANK AUSTRIA This English translation is provided for your convenience only. In the event of discrepancies the German original text shall prevail over the English translation. 1 GENERAL INFORMATION 1.1
GENERAL TERMS AND CONDITIONS FOR SERVICES OF SWITCH, WERDSTRASSE 2, 8021 ZURICH VERSION 1.0 These General Terms and Conditions replace the previous General User Regulations for the Services of SWITCH of
These general terms and conditions have been drawn up by Danske Bank based on the drafted model terms and conditions by the Federation of Finnish Financial Services. If inconsistency between the different