Terms and conditions for ETSI certified identity verification
Start here
These terms and conditions apply between the legal entity who wishes to establish a business relationship with you ("Customer") and you, the natural person undergoing remote identity verification via Onfido ("you" or the "Applicant") for use of the Customer’s services, and govern your access to, and use of, the remote identity verification products and services provided by Onfido vis-à-vis the Customer ("Identity Services").
In the event of conflict between these terms and conditions and any other written agreement between you and the Customer relating to use of the Identity Services, the latter shall prevail.
For the avoidance of doubt, Onfido is not a party to these terms and conditions and the provision of services by Onfido to the Customer are governed solely by the services agreement for Identity Services entered into directly between Onfido and the Customer ("Onfido Services Agreement"). Neither party shall have any right to enforce these terms and conditions directly against Onfido or any Onfido group entity. These terms and conditions are intended solely for the benefit of the Customer and Applicant, as the parties hereto, and no third party rights or obligations are created.
These terms and conditions and the Onfido Remote IDV Practice Statement & Security Policy ("Onfido Practice Statement") may be updated from time to time. Notice of such changes will be provided by updating the "Last Updated" date at the bottom of these terms and conditions.
1. Use of Onfido Identity Services
Onfido’s Identity Services must only be used for legitimate, professional, informational, internal business operations purposes by the Customer and must not be used in any event for the reselling or otherwise making the Identity Services available to any third parties. You may only use the Identity Services for the purpose of establishing, validating or otherwise amending your business relationship with the Customer.
Onfido Customers are relying parties for the use of Identity Services. Onfido Customers should review their Onfido Services Agreement for information regarding their permitted use of the Identity Services.
2. Onfido Identity Services process
The Identity Services process is as set out in the Onfido Practice Statement and includes the following steps:
- Initiating the identity proofing process;
- Collecting the identity evidence;
- Validating the identity evidence provided;
- Binding the identity evidence to the Applicant to confirm that the Applicant is in possession of the identity evidence; and
- Issuing the identity proofing result.
3. Obligations of the Applicant
The Applicant must provide the following identity information as part of the Identity Services process:
- a photograph and video of the identity document (see Onfido’s list of supported documents for a list of identity documents that are supported by Onfido);
- a video of the Applicant’s face,
and agrees and confirms that:
- its identity, as established by the information and documents submitted, matches the identity claimed while using Onfido Identity Services;
- all information provided is complete and correct; and
- it will comply with all applicable local, state, national and foreign laws, treaties, regulations and conventions in connection with its use of Onfido Identity Services.
In addition, the Applicant must NOT:
- use Onfido Identity Services for any fraudulent, commercial or competitive purpose;
- falsely claim an identity other than its own or one that it is establishing on behalf of another person with their specific authority;
- falsely claim that it is associated with another person or entity
- modify, frame, render (or re-render), mirror, truncate, inject, filter or change any content or information contained in Onfido’s Identity Services;
- use any deep-link, page-scrape, robot, crawl, index, spider, click spam, macro programs, Internet agent, or other automatic device, program, algorithm or methodology which does the same things, to service, access, copy, acquire information, generate impressions or clicks, input information, store information, search, generate searches, or monitor Onfido Identity Services or any portion thereof;
- disguise the origin of information transmitted to, from, or through the application or website or provided for the purpose of Onfido Identity Services;
- circumvent any measures aimed at preventing violations of these terms and conditions.
4. Hardware and software requirements
The hardware and software required to run the Identity Services is a trusted device (i.e. desktop, smartphone) with camera and video technology, Internet access, and the application or webpage of the Customer where the Onfido technology is integrated.
To ensure the security of the Identity Services process and best practice:
- the images and videos captured must include the complete document and a full headshot of the face and must be unobscured, sharp, with high contrast, well lit, and not blurry or occluded;
- the Applicant should use the latest versions of the Customer application and/or the supported browsers (see list of Onfido supported browsers); and
- the device used should be up-to-date with the latest security patches.
Further information on software requirements for Customers is available in Onfido’s Developer Hub.
5. Availability of Identity Services
Unless otherwise stated in the Onfido Services Agreement, Onfido’s Identity Services will be available 24 hours a day, 7 days a week, 365 days per year excluding maintenance windows, or any downtime caused by Customer usage in contravention of the Onfido Services Agreement, any internet latency, internet outage, DoS, or any other reason outside of Onfido’s control.
6. Liability and damages
As set out in any applicable agreement between you and the Customer relating to the use of Identity Services, and which incorporates these terms and conditions.
7. Conformity assessment
Onfido’s Identity Services have been assessed to be conformant with the Onfido Practice Statement and the following standards and regulations:
- Commission Implementing Regulation (EU) 2015/1502;
- ETSI TS 119 461, v 1.1.1; and
- ETSI EN 319 401, v 2.3.1,
according to Art 24.1.d of the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS).
In addition, Onfido’s Identity Services have been assessed to be conformant with the Romanian specific regulation (Decision no 564/2021).
8. Data protection
The personal information shared with Onfido for the purpose of Identity Services are listed in the Onfido Privacy Policy and will be processed in accordance with regulation EU 2016/679 and the Onfido Privacy Policy.
For any Applicants located in the United States, you will also be asked to read, understand and accept the Onfido Facial Scan Policy and Release, Onfido Privacy Policy and Onfido Terms of Service within the Customer application or web page during the Identity Services process. For more information on Onfido’s privacy notices and consent requirements for the collection and processing of biometrics of US Users, please see Onfido’s guidance here.
9. Retention of event logs
Event logs will be retained by Onfido at the discretion of the Customer and in accordance with applicable law, up to a maximum retention period of 3 years.
10. Applicable legal system
As set out in any applicable agreement between you and the Customer relating to use of the Identity Services, and which incorporates these terms and conditions.
11. Procedures for complaints and dispute settlement
As set out in any applicable agreement between you and the Customer relating to use of the Identity Services, and which incorporates these terms and conditions.
12. Contact information
As set out in any applicable agreement between you and the Customer relating to use of the Identity Services, and which incorporates these terms and conditions.
Last updated 11 December 2023