Registration
GENERAL TERMS OF USE FOR THE SI-PASS SYSTEM
GENERAL TERMS OF USE FOR THE SI-PASS SYSTEM
Authentication and e-Signature Service
By registering up or login to the SI-PASS system - Authentication and e-Signature Service (hereinafter: SI-PASS) - the user accepts the General Terms of Use. If the user does not accept the general terms of use, the usage of SI-PASS is not possible.
These terms of use apply to the relationship between SI-PASS and a user, namely for the authentication services.
1. DESCRIPTION OF SI-PASS
SI-PASS is a single point for verifying identity of various entities (citizens, business entities, public officials), which connects electronic identities (hereinafter: e-identities) of entities, identification and other data (attributes), which are stored with various e-identity and attribute providers, and electronic services of public administrations. The purpose of SI-PASS, which functions as a central system, is the integration of functionality of verifying the user’s identity for the IT solutions of the public sector (e-services), in that it provides a high level of trust and security. From the technical point of view, SI-PASS facilitates the management and support for the use of e-identities of various providers; it also supports different technical solutions (e.g. support for authentication via mobile phones) and their development. The Ministry of Public Administration is the provider of the SI-PASS system.
SI-PASS consists of SI-PASS user pages and systems for acquiring and transmitting data. In order to use the system, the user must login to the system. If an e-service requires a user account registration, the user has to sign up before he or she can login to the system A condition for registering up to the system is providing a valid email box and email address whereas providing a suitable e-identification means for the chosen method of login is needed for using the system.
2. GENERAL PROVISONS
The content of General Terms of Use (hereinafter: Terms of Use) of the SI-PASS system applies to the terms of use of the entire system; it represents a legally binding agreement between the SI-PASS administrator and the SI-PASS users.
SI-PASS administrator reserves the right not only to change any part of the system, but to delete any content without prior notification. In the case of suspecting abuse mentioned under paragraph 13 of Terms of Use, the provider reserves the right to limit or discontinue access to SI-PASS to a particular user account.
In order to provide to the user the best possible user experience the SI-PASS administrator is responsible for constantly updating the SI-PASS. The user acknowledges and agrees that the form and nature of the services provided by the administrator may change from time to time without prior notice.
3. DEFINITION OF TERMS
The Ministry of Public Administration serves as the administrator of the SI-PASS system.
The user is classified as anyone who visits SI-PASS and uses its services in any way.
The service provider is the public institution that offers an electronic service for which authentication via SI-PASS is required.
The method of logging in or the e-identification means is the e-identity, issued by the e-identity provider, which is used for logging in the SI-PASS system.
The e-identity provider is any issuer of e-identities and e-identification means which are used with the SI-PASS system.
The attribute provider is any database operator who enables the acquiring of attributes via SI-PASS.
Attributes are identification and other data, which SI-PASS acquires from the e-identity providers and attribute providers, and offers them to the user for the purpose of transmitting them to the service provider.
SI-PASS user account is an account which is created by the user upon registering and is used with login to SI-PASS.
The SI-PASS identifier is a unique identifier which is determined by the SI-PASS system upon registering.
The SI-PASS user pages are websites, through which the user with a SI-PASS user account can access his or hers SI-PASS system settings.
The use of the system is available to an undetermined number of users who use SI-PASS in accordance with these Terms of Use and other guidelines of the administrator.
4. SI-PASS ACCESSIBILITY
As a rule, the users can access SI-PASS 24 hours a day, every day. Due to technical reasons, the administrator reserves the right to short disruptions of access to SI-PASS. Because of reasons connected to maintenance or replacement of the equipment, the administrator reserves the right to longer disruptions of access to SI-PASS. The administrator does not vouch for SI-PASS accessibility in the case of eventual network outages of administrator lines or any other outages, errors, any technical disruptions or operation interruptions by a third party (electrical supply etc.) and force majeure.
5. USER ACCESS
Use and access to SI-PASS is provided 24 hours a day, except in instances mentioned under paragraph 4 of Terms of Use. In case of suspecting abuse mentioned under paragraph 13 of Terms of Use, the provider reserves the right to limit or discontinue access to SI-PASS for a particular user.
SI-PASS user:
logs in without a user account
logs in to an existing user account or
registers, i.e. creates a user account.
Possible changes to the use of content, and access to SI-PASS will be published by the administrator on SI-PASS websites.
6. SI-PASS LOGIN AND SI-PASS USER PAGES
The user can only have one user account to which his or her identity is linked. The identity is determined based on a secure method of login (e.g. qualified digital certificate). With this account, the user can connect or register one or more methods of login, which are supported by applications of particular service providers.
Via SI-PASS user pages, the user can manage his or her user account settings: changing password, managing registered methods of login and digital certificates issued by SI-PASS, adding or removing an email address, changing email address for receiving messages, managing consensuses for providing information, managing login and system usage notifications, examining the list of recent logins, and cancelling a user account.
7. AUTHENTICATION AND LOGGING IN TO THE APPLICATION OF A SERVICE PROVIDER, AND ACQUIRING OF ATTRIBUTES
For logging in to the application of a service provider, the user uses one of the login methods, which are supported by a particular application. The information needed by the application is acquired from e-identity and attributes providers’ external sources. The information depends on adhering to legal and technical conditions of a service provider.
Insight into the external source of attributes is always carried out for the entire selection of attributes, which are supported by an external source; only those attributes that are vital for the carrying out of a service are transmitted to the application of a service provider. The data are transmitted in a way that they are presented to the user and he or she determines their transmission to the application of a service provider. The user with a user account can determine whether or not all further transmissions of the data to a particular service provider will be made automatically. The user who manually enters his or her Personal Identification Number or Tax Identification Number during login process can determine whether or not the entered data are stored in the SI-PASS and used for all further logins, if they correspond to the data stored in official registers.
8. TERMS OF USE: AGE AND RESPONSIBILITY
There are no age limitations for the use of SI-PASS. The use of SI-PASS is intended solely for the users’ own use. Registering others in the SI-PASS user account is not permitted; the user guarantees this by taking full indemnification and in case of a disagreement assumes passive legitimisation. Authorisation or registration of other persons or in any way redirecting a user login is not permitted.
9. OTHER RULES OF USE
In order to ensure quality usage of SI-PASS, the user will comply with all instructions and other rules of use published on SI-PASS user pages (https://sicas.gov.si/) when accessing and using SI-PASS.
10. TECHNICAL RECOMMENDATIONS
SI-PASS websites are tested for use on the following browsers: Chrome (v. 45 and later), Mozilla Firefox (v. 41.0 and later), Internet Explorer (IE9 and later), Edge (v. 44 and later), Safari (v. 8 and later) and Opera (v. 33 and later).
SI-PASS websites can be used on older versions of browsers; however, the pages can look disfigured.
Methods of login to a particular application, which are available to the user, depend on the provider of a particular service and encompass one or more of the following methods of login: user name and password, smsPASS one time password, Arnes AAI, Microsoft, Facebook or Google user account, digital certificate, and crossborder EU authentication.
11. INTERNET COOKIES AND ACQUIRING INFORMATION PUBLICLY AVAILABLE
SI-PASS webpages use the following cookies which are vital for the functioning of the system:
Cookie |
Type |
Duration |
Purpose |
SICASNODE |
Temporary or session cookies |
Until logging off or closing the browser. |
Load balancing |
SICESNODE |
Temporary or session cookies |
Until logging off or closing the browser. |
Load balancing |
JSESSIONID |
Temporary or session cookies |
Until logging off or closing the browser. |
Basic user login |
RETURN_POLICY |
Temporary or session cookies |
Until logging off or closing the browser. |
Basic user login |
_shibsession |
Temporary or session cookies |
Until logging off or closing the browser. |
User pages login |
SSO_sessionId |
Temporary or session cookies |
Until logging off or closing the browser. |
Single-Sign-On user login |
SICAS_lang |
Temporary or session cookies |
Until logging off or closing the browser. |
Language setting |
SICAS_CT |
Temporary or session cookies |
Until logging off or closing the browser. |
Login mode setting |
SICAS_EM |
Temporary or session cookies |
Until logging off or closing the browser. |
Email setting |
SICAS_TERMS |
Permanent or stored cookies |
3 months |
Terms of use accepting |
Cookies are files which are intended for better communication with and improvement of the functioning of the webpage, as well as for preparation of efficient services. Through those files, SI-PASS system acquires publicly available information (type of browser, operating system etc.); however, identification or collection of personal information of persons hiding behind that information, or persons using terminal equipment, does not take place. This information cannot be linked to personal information, which particular users have made available. Cookies used with the SI-PASS system are necessary, in order to ensure the services of an information society explicitly requested by the SI-PASS system or the user, and which fall under the exceptions determined in Article 157 of Electronic Communications Act (ZEKom-1). The act states that the webpage administrator can use cookies without acquiring consensus of use from the user.
12. LIMITATION OF LIABILITY / REJECTION OF LIABILITY
The user must take into consideration that:
from the accessibility viewpoint, web technologies which enable identification and transmission of information are not 100% reliable. The administrator is not liable in case of potential outages of operation due to the transmission line of the provider;
the administrator is not liable for improper workings of the services, which is the result of the user’s lack of knowledge or misuse;
the user requires suitable software and hardware (computer, browser, e-identification means) in order to use SI-PASS;
the administrator cannot guarantee the workings of the services in case of a network outage by the contractors, power outage or any other technical disturbances which could temporarily hinder the workings of the services;
all information published on SI-PASS user pages is purely informative. The administrator strives for an optimal presentation of the webpages and their workings, keeping the information published on those pages complete and up to date; however, the administrator is not liable for their inaccurateness, currency and incompleteness.
in any case the administrator is not liable for any direct or indirect damage or inconvenience (loss of profit, business risks, loss of software or other dataware), which could result due to technical problems or the user’s inability to use SI-PASS or connections located on user webpages,
SI-PASS acquires the attributes from an external source; however, the SI-PASS administrator is not liable for their content. For that content this Terms of Use and limitation of liability does not apply.
13. THE USERS COMMIT:
not to use SI-PASS for illegal purposes;
not to try and acquire, gather and/or store personal information of other users;
not to use computer codes, malware or anything that could disrupt, disable or damage SI-PASS user pages, the service itself, the administrator and its software and hardware.
14. THE PURPOSE OF PROCESING AND PROTECTING PERSONAL INFORMATION
The administrator commits to diligently protect the user’s information and will use them solely for the needs of carrying out the service. The user confirms of being, prior to signing up, adequately acquainted with the extent and purpose of processing personal information, which he or she has or will make accessible to the administrator upon signing up or logging in, and that he or she agrees with the before mentioned.
The administrator will gather, store and otherwise process SI-PASS user information with the following purpose:
a) general information about the user’s account, intended for quality maintenance of SI-PASS, more specifically:
managing the registered users’ database; for this purpose the SI-PASS identifier, the name of the user account (email address), and information on account usage are being stored;
preparing anonymous statistical analyses (total number of users, number of new users in a specific time frame, use of user pages etc.).
The information will be kept secure consistent with the legislation in force which deals with protection of personal information, and will not be transmitted to a third party, unless defined otherwise by law. The provider will also keep the gathered information only as long as it takes to fulfil the purpose for which the information was gathered.
b) personal information, intended for user authentication
During the registration and log in procedure, the user submits specific personal information and is responsible for its authenticity.
Upon registering up, the user with a user account confirms that the provider can process personal information which is entered into SI-PASS, namely the personal information the administrator keeps:
one or more email addresses,
one or more mobile phone numbers (optional),
hashed values of identifiers of registered method of login and
hashed value of a Tax Identification Number in case of logging in with e-identification means which is connected to the user’s Tax Identification Number (e.g. qualified digital certificate).
The administrator will never misuse users’ personal information, send unwanted commercial electronic messages or in any way infringe their privacy.
The information will be kept consistent with the legislation in force which deals with protection of personal information and will not be transmitted to a third party contrary to paragraph 7 of Terms and Use, unless defined otherwise by law.
Consistent with the legislation in force, an individual can examine, copy, complement, correct and delete transmitted personal information, during the time of its management.
c) personal information acquired via a reliable method of login
In case of the user logs in with a e-identification means connected with the user’s Tax Identification Number (e.g. qualified digital certificate) to an application, which requires at least one of the data stated below, the following data of the users from the Republic of Slovenia is acquired from the Central Population Register (CRP):
Personal Identification Number
name and surname
permanent residential address
gender
place of birth
citizenship
date of death.
The connecting code is the user’s Tax Identification Number, which is acquired by SI-PASS based on the used e-identification means.
If the user logs in on behalf of a business entity, the following information is acquired from the Slovenian Business Register (PRS):
registration number
name
address.
The connecting code is the business entity’s Tax Identification Number. In case the user is a legal representative of the business entity, the PRS acquires that information as well.
The administrator will transmit personal information to third parties only as determined in paragraph 7 of Terms of use or consistent with the legislation in force. Upon user logout this personal information will not be stored.
d) personal information verified in official registers
If the user manually enters his or her Personal Identification Number or Tax Identification Number during login process the entered data are verified in official registers.
Personal Identification Number is verified in a way that the following data of the users from the EU are acquired from the Central Population Register:
Personal Identification Number
name and surname
date of birth.
Acquired data are compared to the data user entered and to the data acquired in a crossborder EU authentication. If the data match they can be transmitted to the application. The connecting code is the user’s Personal Identification Number which the user enters during SI-PASS login.
Tax Identification Number is verified in a way that the following data of the users from the EU are compared to the data stored in the Tax Register:
Tax Identification Number
name and surname
date of birth.
The data stored in the Tax Register are compared to the data user entered and to the data acquired in a crossborder EU authentication. If the data match they can be transmitted to the application.
15. TECHNICAL SUPPORT
In case the users encounter problems or have questions, they can send an email to ekc@gov.si or call +386 1 478 8590.
16. VIOLATION OF TERMS OF USE
The administrator reserves the right to deny access to SI-PASS to users in violation or conflict with Terms of Use.
If the users cause any damage to the administrator with their actions, they will be held morally, materially and criminally fully liable.
Report any possible infringements in using SI-PASS by other users to the administrator via email to ekc@gov.si or in writing to the Ministry of Public Administration, Tržaška cesta 21, SI-1000 Ljubljana.
17. MODIFICATIONS AND COMPLEMENTIONS OF GENERAL TERMS OF USE
The administrator can modify and complement the current Terms of Use without prior notification or conformation from the users.