These general conditions are a legal obligation detailing the conditions of use of our Service. For ease of reading, a summary appears in bold at the beginning of each article when it seems appropriate. We also invite you to read the Code of Trust, which, in plain language, presents the philosophy of our service and the commitments of stakeholders. Finally, our Privacy Policy explains exactly how we treat your personal data.
By clicking on the button “I share my information in a few clicks” (or similar wording), the User unreservedly accepts the present General Terms and Conditions between him and the company M-iTrust SAS (RCS Nanterre 842 232 878).
These general terms and conditions apply to the contract concluded between the company M-iTrust, simplified limited company, registered with the RCS of Nanterre under the number 842 232 878 and whose head office is: 73, Rue du Château in Boulogne-Billancourt (92100), represented by its Chairman-in-Office (hereinafter “MiTrust”), and the individual (hereinafter the “User”) using the Service offered by MiTrust in partnership with Online Services.
These General Conditions are the only ones applicable and replace all other conditions, except prior, express and written derogation. MiTrust may be required to modify some of the provisions of its General Terms and Conditions. Each use of the MiTrust Service is governed by the Terms and Conditions applicable at the time of use of the Service. By clicking on the button “I share my information in a few clicks” (or similar wording, such as “I share my RIB in a few clicks” or “I check my address in a few clicks”), the User accepts without reservation the General Conditions after having read them, he hence acknowledges that he is fully informed and that he is bound by all the provisions herein. By using the MiTrust Service, the User agrees to comply with these conditions.
This article defines the main terms used in the General Terms and Conditions (General Terms and Conditions, Personal Data, Login IDs, MiTrust Journey, Platform, Service, Online Service, Data Source).
For the purposes of these Terms and Conditions, the following words, in both the singular and the plural, shall have the meanings given to them by the following definitions:
The purpose of the Service is the sharing of the User’s Personal Data from a Data Source to an Online Service, in a simple, transparent and secure way, under the permanent control of the User.
The purpose of these General Conditions is to define the conditions under which MiTrust will provide the User with a set of Personal Data sharing services.
MiTrust has developed a Service that brings trust in the digital world by allowing the User to be identified and to transfer his Shared Data to online Services. MiTrust allows to retrieve this information from other service providers with whom the User already has a relationship, the Data Sources, and to transfer it in a simple, transparent and fully secure way to the Online Services, always under the strict control of the User and with his explicit consent.
The User is informed that access to the Service requires a computer, a tablet or a smartphone with a browser and an internet connection, which he already recognizes have.
The Service provided by MiTrust is entirely free of charge for the User. For your information, MiTrust charges the online Services that receive the Personal Data and may remunerate the Data Sources used.
This article describes the conditions of access to the MiTrust service (age, language, equipment).
To use the MiTrust Service, each User must be at least 15 years old, legally able to contract and use the Service in accordance with these Terms and Conditions.
The Service is available in French.
Computer and telecommunications equipment (computer, software, telecommunications, internet access, etc.) that allows access to the Service are the sole responsibility of the User, as well as all telecommunications costs incurred by their use.
In order to become a MiTrust User, each User must abide by these terms. You do not need to register or open an account with MiTrust.
This article describes in more detail the MiTrust Service, which is the sharing of data and / or personal documents. It describes the types of Data Sources and the technical modalities of connection to these sources (computer interface or web collection).
The User may use the MiTrust Service when an Online Service offers it as a means of obtaining certain Personal Data.
The Service that MiTrust carries out for the User and the Online Services consists of providing the Online Services with personal data (surname, first name, age, address, etc …) and / or personal documents (proof of address, RIB, etc.).
For this Service, MiTrust offers the User to connect to a Data Source, indicating his / her Usual Login IDs to access his / her online account. These Login IDs allow MiTrust:
MiTrust specifically indicates to the User which Personal Data will be retrieved and which Personal Data will be transmitted to the Online Service and seeks its consent at each stage of the Journey to perform these operations.
Data Sources
The service providers that can be used as Data Sources for the MiTrust Service are:
MiTrust reserves the right to add or remove certain categories of Data Sources or certain providers in the categories listed above. MiTrust aims to provide Users with the main service providers as a Data Source in order to share their Personal Data.
Depending on the level of trust required by the Online Service, only certain Data Sources may be offered to the User for a Transaction.
MiTrust always allows the User to select the Data Source he wishes for a Transaction and always seeks his explicit consent before collecting his Personal Data.
Sharing of Personal Data
MiTrust offers the User to connect to different Data Sources with which he is already in contact, to recover some of his Personal Data, in the form of data or documents, in order to share them. In particular:
MiTrust reserves the right to add or remove certain types of data or documents. MiTrust aims to meet the needs of Online Services and to facilitate the life of Users in the communication of their Personal Data.
MiTrust always presents to the User the Shareable Data that it is about to share for a Transaction and always asks for its explicit consent before actually transferring its Personal Data.
Regarding identity data in particular, the Service makes it possible to:
MiTrust systematically asks for the consent of the User at each stage of the Journey, and ensures the best confidentiality of the Personal Data entrusted by the User, in particular by ensuring not to retain login credentials or Personal Data beyond the completion of the transaction.
Information and consent
MiTrust undertakes to be transparent about the data processing performed and does not carry out any treatment without the prior consent of the User.
MiTrust thus explicitly requests the consent of the User:
MiTrust displays the Personal Data retrieved so that the User can select the relevant data to be shared for the current Transaction, for example when several mailing addresses are attached to a User’s account with the Data Source.
Privacy and confidentiality protections
MiTrust fully respects the privacy of the User and ensures that no use of the User’s Personal Data is made without his full agreement.
To limit the risks associated with the use of the User’s Personal Data:
MiTrust stores for each Transaction Audit Traces for the sole purpose of maintenance and processing of requests for the exercise of rights relating to the protection of Personal Data. These Audit Traces do not contain Personal Data except in the case of a web collection. The Login ID of the Transaction is then kept, but in a “pseudonymized” form that allows you to find the Transaction but no longer allows you to log in to the User’s account.
This article describes the rights the User has over their Personal Data, and the methods of collecting the information that the User wishes to share. In particular, MiTrust refrains from carrying out any action or collection that is not explicitly consented to by the User. Specific notices describe MiTrust’s use of automatic document data extraction and the User’s voluntary submission of an Error Report to MiTrust for technical maintenance.
Computer Interface (API, Application Programing Interface)
MiTrust may collect Shareable Data by means of a connection to the Data Source’s computer system, through what is called an API. MiTrust has a contractual relationship with the Data Source and computer access to its API. In most cases, the User must enter their Login Credentials with the Data Source in the Data Source’s IT environment, in order to allow MiTrust to retrieve the Personal Data explicitly requested.
MiTrust then has no knowledge of Login Credentials.
Web collection
MiTrust may collect Shareable Data on the User’s customer area made available by the Data Source. MiTrust has no contractual relationship with the Data Source and acts on behalf of the User. The User must enter their Login Credentials with the Data Source in the MiTrust IT environment, in order to allow MiTrust to connect to their customer area and retrieve the Personal Data explicitly requested.
By entering Connection Identifiers, the User gives MiTrust delegation to perform all the actions necessary to retrieve on their behalf the Personal Data explicitly requested and which are hosted on the Data Source site. MiTrust is not authorized to carry out any action whatsoever on the Data Source site, on behalf of the User, which would not be necessary for the recovery of the Personal Data explicitly requested in the Transaction and for which it gave his consent. MiTrust does not store Login Credentials, which are immediately encrypted upon entry and are not retained after a Transaction; only a “pseudonymized” trace of the identifier is kept under the Audit Trail (see Article 8).
In any case, MiTrust never acquires any right over the Personal Data of Users. MiTrust ensures the strict confidentiality of the Personal Data of the User, as well as information concerning the activity of the User.
As part of a Transaction, the User authorizes MiTrust to carry out an exclusively automated reading and analysis of certain documents for the sole purpose of retrieving the Personal Data he wishes to share. All automatic processing is done on behalf, at the request and in the name of the User.
Data Synchronization
The Online Service may offer the User to synchronize his data via MiTrust. In this case, at the end of the initial Transaction, MiTrust will transmit to the Online Service, with the User’s consent, a connection token that will allow the Online Service to re-execute the Transaction at a later date, by transmitting this token back to MiTrust.
This operation may be repeated several times at the request of the Online Service, for a minimum period of 90 days, which may be extended, at the initiative and under the responsibility of the Online Service. The terms and conditions of the Online Service, and not those of MiTrust, shall apply to the conditions of extension of the validity period of this token.
The token, which may contain the User’s Data Source Login Information, is unreadable by the Online Service. Withdrawal of the User’s consent to this token is the responsibility of the Online Service.
Identity Verification
MiTrust offers various identity verification services based on photo or video analysis of the User’s ID, as well as facial verification (photo or video selfie).
In this context, the data related to the identity verification may be kept for a few days for customer support purposes, in particular to explain the causes of a possible validation failure (e.g.: cause of the failure in case of suspected fraud, in case of lack of recognition, etc.), then automatically deleted (retention period specified in the privacy policy).
In all cases, MiTrust never acquires any rights to Users’ Personal Data. MiTrust ensures the strict confidentiality of the User’s Personal Data, as well as of information concerning the User’s activity.
In certain exceptional situations (for example as a result of a technical error during a Transaction), it may be proposed to the User to send, with its explicit consent, an Error Report to MiTrust. This report will allow MiTrust to simulate all or part of the Transaction for technical investigation and maintenance purposes.
These operations will be carried out by technicians subject to a specific confidentiality commitment, following a reinforced security procedure, using secure and automated tools, implementing data anonymization procedures that avoid the display of Login IDs and Data. Personal in clear (blurring, obfuscation, truncation of data).
The login credentials associated with such a transaction will be encrypted and kept for 7 days and then automatically deleted.
The MiTrust Service is hosted in France, on a high-availability cloud service offering recognized and certified security features, but some data may be subject, for technical reasons, to a strictly regulated and regulatory international transfer.
The MiTrust Platform that processes Personal Data for the purposes of the Service is hosted on servers in France but with the possibility of transfer of certain data outside France by the host during maintenance operations or for technical reasons.
These transfers will be carried out in accordance with the legal and regulatory provisions applicable in France and within the EU, in particular through the implementation of adequate guarantees to ensure the protection of the transferred data. The User is informed of the possibility of such a transfer and consents by accepting these Terms and Conditions.
Infrastructures
MiTrust’s infrastructures are hosted on cloud-based high-availability Platform as a Service (PaaS) cloud services. These services run in data centers that meet industry-leading security and reliability standards, such as ISO / IEC 27001: 2013 and NIST SP 800-53 with 24-hour business continuity, 7 days out of 7. All data transmissions over the internet are encrypted (SSL SHA-256).
MiTrust is committed to ensuring the operation of its platform to allow the User to access the Service 7 days a week and 24 hours a day. In the event of a technical failure affecting the access to the Site or the functioning of the Platform for reasons beyond MiTrust’s control, such as the interruption of telecommunication systems, the interruption of the Internet or the interruption of the services of its IT service providers, for any reason whatsoever , MiTrust is committed to implementing all the means at its disposal for:
The occurrence of the events referred to in the preceding paragraph will have no consequences on the continuation of this contract and may not give rise to a claim on the part of the User, these events being held as constituting force majeure.
The User is responsible for the relevance of the information transmitted to MiTrust, the use he makes of the Service, and his decision to share his data with an Online Service. In particular, the User takes care not to violate the conditions of use of the Data Sources that he selects.
Responsibility for the content
The User is solely responsible for the relevance and validity of the information, including the Data Source Connection Identifiers sent to MiTrust in connection with the use of the Service. MiTrust cannot be held responsible for the consequences of an incorrect use of the Service by the User.
In particular, it is the responsibility of the User to verify that the Login IDs that he uses and the Personal Data he shares via the Service:
The User is also required to carefully check the Personal Data that has been recovered by MiTrust before giving his consent for transmission to the Online Service. MiTrust cannot be held responsible for the consequences of the transmission of Personal Data that does not correspond to the User while the latter has been able to take cognizance of this Personal Data and has explicitly agreed to transfer them to the Online Service.
MiTrust acknowledges and agrees that no proprietary rights in the data or documents processed by the Service will be transferred to or transferred by the User.
Collection of Personal Data
The User is entirely responsible for the use he makes of the Service, in particular, he will take care not to violate the conditions of use of the Data Sources he selects. MiTrust cannot be held responsible for the fraudulent use by a User of login credentials that do not belong to him.
The User entrusts MiTrust with the login credentials required for the connection on his client area to the Data Source he has chosen to collect the Personal Data.
The User undertakes to use MiTrust’s collection tools only to collect Personal Data that corresponds to him and that he has the right to download. The User expressly acknowledges that the General Conditions that he has signed with the Data Source authorize him to entrust his login credentials to MiTrust and to give him a delegation to collect the Personal Data.
MiTrust declines any responsibility in the event of non-compliance by the User with the above conditions and cannot be held responsible for any malicious or fraudulent use by the User, especially if he has entrusted MiTrust with login credentials that does not belong to him.
Sharing of Personal Data
The User is solely responsible for his decision to share certain Personal Data with an Online Service.
Once the Transaction has been completed, the Shareable Data has been transmitted to the Online Service and is not stored by MiTrust. The main contact for the User to exercise his rights concerning his Personal Data, including Shareable Data, is the Online Service.
This contract between MiTrust and the User is valid for the completion of the Transaction, and, at the end of the Transaction, for the exercise of their rights relating to the protection of Personal Data.
MiTrust’s liability is limited to the commitments made in this Agreement. In particular, MiTrust’s liability does not include: direct or indirect damages resulting from the use or performance of the Service, financial or commercial losses, defects in character recognition, loss of data, limitations related to the use of the Internet.
The responsibility of MiTrust is limited to the commitments made in application of the Contract and cannot be committed because of:
MiTrust cannot be held responsible for any malfunctions or damage to the User’s computer system caused by the use of the Service, whether or not the Service is used, including any loss of data from the User.
MiTrust and the User expressly agree that any financial or commercial loss (eg loss of data, operating loss, loss of revenue, loss of profits, loss of customers or orders, loss of profits, any commercial disturbance ) or any action against the User by a third party (with the exception of the case referred to in the Article in the Case of Infringement of the Contract) constitutes indirect damage and does not give the right to compensation by MiTrust.
Use of the Service requires a connection and an Internet browser. The User accepts the limitations of the Internet, including:
The User agrees to bear the risk of imperfection or temporary unavailability of the Service.
MiTrust retains the entire intellectual property of the Service. The User acquires no other rights than those conferred by the Contract, and in particular prohibits to reproduce, arrange, decompile, disassemble or distribute the Service or any related support.
MiTrust retains, as the sole owner of the rights, the intellectual property of the Service and all the prerogatives attached thereto. Pursuant to the provisions of Article L. 122-6-1 of the Intellectual Property Code, MiTrust reserves the right to correct errors. MiTrust grants the User a personal, non-exclusive and non-transferable right to use the Service. The User will not acquire any other intellectual property rights or any other rights than those conferred by the Contract. It acquires no rights over trademarks, trade names, logos or other distinctive signs, factory secrets, patents, whether from MiTrust and / or its licensors.
The user is forbidden to:
The User undertakes to take all necessary measures to ensure that all persons living or working at home comply with the provisions of this article.
MiTrust complies with the legal and regulatory provisions concerning Personal Data, and ensures the User the exercise of the related rights (access, rectification, erasure, limitation, portability, opposition). These rights are exercised in priority with the Online Service with which the Shareable Data has been shared.
MiTrust has implemented a processing of personal data within the meaning of the legal and regulatory provisions in force, for which it is responsible, for the purposes of performing the Service with respect to the User. The implementation of this processing of personal data is necessary for the performance of the contract, that is to say, so that the User can benefit from the Service, and for the purposes of compliance by MiTrust with legal obligations and regulations imposed on it.
The personal data processed in this context are collected from or through the User. They are intended for Online Services and are not retained by MiTrust.
In accordance with the aforementioned legal and regulatory provisions, the persons concerned by this treatment have the right to query and access their personal data with the Online Service. They also enjoy, subject to the exceptions provided by law, the right to rectify, erase and limit the processing of their data to a certain extent, as well as the right to portability of their data. Data subjects also have the right to object to the processing of personal data concerning them and to the right to object to commercial and other prospecting. Data subjects also have the right to define guidelines on the fate of their personal data and how they want their rights to be exercised after their death.
These rights are exercised primarily with the Online Service with which the Shareable Data was shared. In the specific case where the rights are exercised with MiTrust, the User may exercise his rights with the DPO of MiTrust at the address dpo@m-itrust.com or by mail to DPO Consulting, 1-3 rue de Caumartin 75009 PARIS.
Finally, the persons concerned have the possibility to lodge a complaint with a national authority in charge of the protection of personal data (National Commission for Data Processing and Liberties or CNIL in France) if they consider that the processing their personal data is not carried out in accordance with the applicable provisions.
These Terms & Conditions are governed by French law. Any dispute that cannot be settled amicably will be submitted to the competent Paris courts designated according to the Code of Civil Procedure. Beforehand, any dispute between MiTrust and a User will be the subject of an attempt to settle amicably.
Claims or disputes arising from the interpretation or execution of this contract must be submitted, by registered letter with acknowledgment of receipt, to MiTrust – Réclamations (RCCI) – 73, Rue du Château – 92100 Boulogne-Billancourt – FRANCE.