Leping

1 / 6

HANKELEPING nr 5-3/24-0035-1

HANKELEPINGU ERITINGIMUSED

Tellija Riigi Info- ja Kommunikatsioonitehnoloogia Keskus

Registrikood 77001613

Aadress Lõõtsa tn 8a, Tallinn, 11415

Tellija esindaja Ergo Tars, direktor

Esinduse alus Põhimäärus

Tellija Haridus- ja Teadusministeerium

Registrikood 70000740

Tellija esindaja Kristi Vinter-Nemvalts, kantsler

Esinduse alus Põhimäärus

Tellija Keskkonnaministeeriumi Infotehnoloogiakeskus

Registrikood 70009445

Tellija esindaja Marko Arula, direktor

Esinduse alus Põhimäärus

Tellija Regionaal- ja Põllumajandusministeerium

Registrikood 70000734

Tellija esindaja Marko Gorban, kantsler

Esinduse alus Põhimäärus

Tellija Põllumajanduse Registrite ja Informatsiooni Amet

Registrikood 70005967

Tellija esindaja Jaanus Hämmal, peadirektori asetäitja

Esinduse alus Põhimäärus

Tellija Rahandusministeeriumi Infotehnoloogiakeskus

Registrikood 70009244

Tellija esindaja Meelis Riimaa, direktor

Esinduse alus Põhimäärus

Tellija Registrite ja Infosüsteemide Keskus

Registrikood 70000310

Tellija esindaja Rivo Reitmann, direktor

Esinduse alus Põhimäärus

Tellija Riigi Infosüsteemi Amet

Registrikood 70006317

2 / 6

Tellija esindaja Gert Auväärt, peadirektori asetäitja küberturvalisuse alal

peadirektori ülesannetes

Esinduse alus Põhimäärus ja Majandus- ja infotehnoloogiaministri

personalikäskkiri nr 4-2/24

Tellija Sihtasutus Tartu Ülikooli Kliinikum

Registrikood 90001478

Tellija esindaja Kati Korm, infotehnoloogiajuht

Esinduse alus Juhatuse volikiri

Tellija Siseministeeriumi infotehnoloogia- ja arenduskeskus

Registrikood 70008440

Tellija esindaja Mart Nielsen, peadirektor

Esinduse alus Põhimäärus

Tellija Tallinna Tehnikaülikool

Registrikood 74000323

Tellija esindaja Tea Trahov, kantsler

Esinduse alus Volikiri

Tellija Tartu Ülikool

Registrikood 74001073

Tellija esindaja Kstina Noormets, kantsler

Esinduse alus Hankekord

Tellija Sihtasutus Põhja-Eesti Regionaalhaigla

Registrikood 90006399

Tellija esindaja Agris Peedu, juhatuse esimees

Esinduse alus Põhikiri

ja

SK ID Solutions AS, registrikoodiga 10747013, asukohaga Pärnu mnt 141, 11314 Tallinn, mida põhikirja

alusel esindab juhatuse liige Liisa Lukin (edaspidi nimetatud täitja), keda nimetatakse edaspidi Pool või koos

Pooled, sõlmisid käesoleva hankelepingu (edaspidi leping) alljärgnevas:

1. Lepingu ese ja dokumendid 1.1. Lepingu esemeks on lepingu kehtivuse perioodil Smart-ID teenus (edaspidi ka teenus) vastavalt

riigihanke „Smart-ID teenus“ (viitenumber 262384) alusdokumentides, raamlepingus ja käesolevas

lepingus sätestatule.

1.2. Lepingu lahutamatuteks osadeks on riigihanke alusdokumendid, pooltevahelised kirjalikud teated ning

kõik lepingu muudatused ja muud lisad.

1.3. Lepingu allkirjastamisel on lepingul järgmised lisad:

1.3.1. Lisa 1 – SK ID Solutions AS teenuse kasutamise üldtingimused;

1.4. Teenuse osutamisel kohaldub lepingu lisa 1 käesolevad lepingus sätestatud erisustega.

2. Lepingu kehtivus

2.1. Leping jõustub selle poolte poolt allkirjastamisest ja kehtib 24 kuud alates selle allkirjastamisest.

3 / 6

3. Teenuse osutamine

3.1. Teenust hakatakse täitja poolt osutama alates hankelepingu kehtima hakkamisest.

3.2. Teenus peab olema kättesaadav 24/7.

3.3. Täitja edastab igale tellijale iga arvelduse aluseks oleva kuu kohta osutatud teenuse statistika (päringute

koguarv, tellija päringute arv). Teenuse statistika on lepingu kontaktisiku(te)le kättesaadav täitja e-

teeninduskeskkonnas.

3.4. Tellijate IP-d ja RPUIID tunnused hoitakse täitja veebilehe www.skidsolutions.eu e-

teeninduskeskkonnas.

3.5. Rikke esinemisel edastatakse tellija poolt e-mailile [email protected] rikketeade. Rikketeatele

tuleb vastata 4 tunni jooksul. Rike tuleb kõrvaldada ühe tööpäeva jooksul alates rikketeate

edastamisest.

3.6. Teenust pakkuvad serverid peavad asuma Eestis.

3.7. Tellija Riigi Infosüsteemi Ameti suhtes ei kehti edasimüüja tingimused ning Riigi Infosüsteemi Amet

võib teenust edasi müüa teistele avalikku teenust pakkuvatele asutustele.

4. Tasu ja maksetingimused

4.1. Teenuse eest tasumisel lähtutakse täitja poolt pakkumuses esitatud hindadest (raamlepingu lisa 3).

4.2. Pakkumuses esitatud hinnad on fikseeritud kaheteistkümneks kuuks. Täitja võib esitada tellijatele

kirjaliku teatena uue hinnakirja hiljemalt 60 päeva enne 12-kuulise perioodi lõppu. Uut hinnakirja

rakendatakse peale 12 kuu möödumist hankelepingu sõlmimisest järgmise 12-kuulise perioodi jooksul

kuni lepingu lõppemiseni. Täitja poolt esitatav uus hinnakiri ei tohi ületada ega olla sama täitja avalikes

hinnakirjades kehtestatud hindadega.

4.3. Tasu arvutatakse tellijate sooritatud päringute arvu alusel. Sobiv teenuspakett valitakse iga kuu lõpus

vastavalt kuu jooksul toimunud päringute arvule. Juhul, kui tasu kuus ületab järgmise teenuspaketi

minimaalse kuutasu, maksab tellija soodsama teenuspaketi tasu (minimaalse kuutasu). Teenuspakettides

arvestatakse vaid tasulisi päringuid.

4.4. Teenuse tasud on lähtuvalt päringu mahtudest jagatud hinnatasemeteks. Täitjale makstakse teenuse

kasutamise eest tasu igakuiselt vastavalt teenuse päringute koguarvu teenuspaketile arvelduse aluseks

oleval kuul. Päringute koguarvu hulka arvestatakse kõik ühe teenuse päringud ühes kuus, mis on

teostatud kõigi tellijate poolt kogumina raamlepingu nr 5-3/24-0013-1 alusel sõlmitud hankelepingu

alusel.

4.5. Täitja esitab teenuse osutamise eest igale tellijale arve masinloetaval kujul (e-arvena) vastavalt tema

poolt kasutatud teenuse mahule ning lepingu kogukasutusest tulenevale teenuspaketile.

4.6. E-arve peab sisaldama vähemalt alljärgnevaid andmeid:

4.6.1. info e-arve esitaja kohta;

4.6.2. info maksja kohta;

4.6.3. riigihanke viitenumber;

4.6.4. riigihanke lepinguosa viitenumber 262384 001 001 0001 või 262384 001 002 0002;

4.6.5. hankelepingu number;

4.6.6. käibemaksukohustuslase number;

4.6.7. toote/teenuse nimetus;

4.6.8. käibemaks;

4.6.9. kogusumma.

4.7. Iga tellija tasub teenuse eest arvel märgitud kuupäevaks. Maksetähtaeg ei tohi olla lühem kui 30

kalendripäeva.

1 Lepinguosa viitenumber 262384 001 001 000 tuleb märkida järgmiste asutuste arvetele: Haridus- ja Teadusministeerium,

Keskkonnaministeeriumi Infotehnoloogiakeskus, Põllumajanduse Registrite ja Informatsiooni Amet,

Rahandusministeeriumi Infotehnoloogiakeskus, Regionaal- ja Põllumajandusministeerium, Registrite ja Infosüsteemide

Keskus, Riigi Info- ja Kommunikatsioonitehnoloogia Keskus, Riigi Infosüsteemi Amet, Siseministeeriumi

infotehnoloogia- ja arenduskeskus. 2 Lepinguosa viitenumber 262384 001 002 000 tuleb märkida järgmiste asutuste arvetele: SA Põhja-Eesti Regionaalhaigla,

SA Tartu Ülikooli Kliinikum, Tallinna Tehnikaülikool ja Tartu Ülikool.

4 / 6

5. Avalikud suhted

5.1. Pooled ei tegele seoses lepinguga avalike suhetega ega anna teateid pressile, elektroonilisele meediale,

üldsusele või teistele auditooriumidele, välja arvatud teise Poole eelneval kirjalikul nõusolekul.

Avaldada võib vaid teateid, mis on teise Poolega eelnevalt kooskõlastatud.

5.2. Kõik eelnimetatud kohustused kehtestab Täitja ka kõigile kolmandatele isikutele, keda ta kasutab oma

lepingujärgsete kohustuste täitmisel.

6. Konfidentsiaalsus

6.1. Pooled peavad lepingu täitmise käigust teineteiselt ükskõik mis vormis saadud kogu informatsiooni,

millele seda avaldanud lepingupool on osutanud kui konfidentsiaalsele või mille konfidentsiaalsust võib

mõistlikult eeldada, konfidentsiaalseks (sh isikuandmed) ja ei anna seda edasi kolmandatele isikutele

ilma teise poole kirjaliku nõusolekuta. Lepingus sätestatud konfidentsiaalsuse nõue ei laiene

informatsiooni avaldamisele poolte audiitoritele ja advokaatidele ning juhtudel, kui pool on

õigusaktidest tulenevalt kohustatud informatsiooni avaldama.

6.2. Täitja kasutab lepingu täitmise käigus saadud konfidentsiaalset informatsiooni üksnes lepingus

sätestatud eesmärkide täitmiseks. Täitja kohustub lepingu lõppemisel kustutama kõik talle lepingu

täitmisel teatavaks saanud konfidentsiaalse info, isikuandmed ja nimetatute koopiad, v.a juhul, kui

õigusaktidest tuleneb teisiti.

6.3. Pooled täidavad kõiki lepingu täitmise kohas kehtivaid isikuandmete töötlemisalaseid nõudeid, andmete

turvalisust puudutavaid ning isikuandmete kaitse alaseid Euroopa Liidu ja Eesti Vabariigi õigusakte ja

muid eeskirju.

6.4. Täitja kohustub võtma organisatsioonilisi, füüsilisi ja infotehnilisi turvameetmeid konfidentsiaalsete

andmete kaitseks juhusliku või tahtliku volitamata muutmise, juhusliku hävimise, tahtliku hävitamise,

avalikustamise jms eest.

6.5. Täitja kohustub mitte kasutama konfidentsiaalset teavet mitte ühelgi viisil isikliku kasu saamise

eesmärgil ega kolmandate isikute huvides.

6.6. Pooled on kohustatud hoidma saladuses teise poole poolt kasutatavaid töömeetodeid, töös kasutatud

protsesse, süsteeme jmt, millised neid kasutav pool on ise välja töötanud.

6.7. Pooled võivad teise poole kirjalikul nõusolekul võimaldada juurdepääsu konfidentsiaalsele

informatsioonile üksnes nendele töötajatele, kellel on selleks oma tööülesannete täitmiseks vajadus ning

tagavad, et need töötajad on teadlikud ja täidavad isikuandmete töötlemisalaseid nõudeid ning õigusakte.

6.8. Konfidentsiaalse informatsiooni avaldamiseks isikule, kes ei ole eelnevas lõikes nimetatud poole

töötaja, tuleb küsida teise poole luba kirjalikku taasesitamist võimaldavas vormis, v.a kui see on vajalik

lepingus toodud eesmärkide täitmiseks ning isikud on teadlikud ja täidavad isikuandmete

töötlemisalaseid nõudeid ning õigusakte.

6.9. Konfidentsiaalsusnõue kehtib nii lepingu täitmise ajal kui ka pärast seda tähtajatult.

6.10. Kõik eelnimetatud kohustused kehtestab täitja kõikidele kolmandatele isikutele, keda ta kasutab oma

lepingujärgsete kohustuste täitmisel.

6.11. Tulenevalt konfidentsiaalse informatsiooni laadist on tellijal õigus seada täiendavaid nõuded ja/või

juhised isikuandmete töötlemiseks.

7. Kolmandad isikud

7.1. Täitja ei või oma lepingujärgseid õiguseid ja kohustusi üle anda kolmandatele isikutele ilma tellija

kirjaliku nõusolekuta.

8. Teated ja kirjavahetus

8.1. Pooltevaheline suhtlus toimub selleks otstarbeks määratud poolte kontaktandmetel ja aadressidel. Pool

on kohustatud viivitamatult teatama kontaktandmete muutumisest teisele Poolele.

8.2. Pooltevahelised Lepinguga seotud teated peavad olema kirjalikku taasesitamist võimaldavas vormis,

välja arvatud juhtudel, kui teated on informatsioonilise iseloomuga, mille edastamisel teisele poolele ei

ole õiguslikke tagajärgi. Teade loetakse kätte saaduks, kui:

8.2.1. teade on üle antud allkirja vastu;

8.2.2. teade on edastatud tähitud kirjana poole postiaadressil ja teate postitamisest on möödunud 5 (viis)

kalendripäeva;

8.2.3. e-posti teel saadud teate saamisest on möödunud 1 (üks) tööpäev.

5 / 6

9. Poolte vastutus

9.1. Oluliseks lepingurikkumiseks loetakse mh järgmisi rikkumisi:

9.1.1. pool on rikkunud mis tahes lepingust tulenevat kohustust ega ole rikkumist kõrvaldanud teise

poole poolt antud täiendava tähtaja jooksul;

9.1.2. pool on rikkunud konfidentsiaalsus ja isikuandmete töötlemise kohustust;

9.1.3. pool on rikkunud avalikustamise keelu kohustust;

9.1.4. pool on andnud oma õigused ja kohustused üle kolmandatele isikutele ilma tellija nõusolekuta.

9.2. Lepingu tingimuste olulise rikkumise korral on poolel õigus nõuda lepingut rikkunud poolelt igakordsel

rikkumisel leppetrahvi kuni 10 000 eurot.

9.3. Lepingu tingimuste rikkumise korral on lisaks lepingus nimetatud leppetrahvidele ja viivistele pooltel

muude õiguskaitsevahendite kõrval õigus nõuda tekitatud kahju hüvitamist täies ulatuses ja/või leping

ilma etteteatamistähtajata üles öelda.

10. Lepingu muutmine ja lõpetamine

10.1. Lepingut võib muuta Poolte kirjalikul kokkuleppel. Muudatused jõustuvad pärast nende allkirjastamist

mõlema Poole poolt või Poolte poolt määratud tähtajal. Kirjaliku vormi mittejärgimisel on muudatused

tühised.

10.2. Lepingu lõpetamine toimub, kas lepingus sätestatud tingimuste ja/või kehtiva seadusandluse alusel.

Tellijad Täitja

(digitaalselt allkirjastatud)

Riigi Info- ja Kommunikatsioonitehnoloogia Keskus

Ergo Tars, direktor

(digitaalselt allkirjastatud)

SK ID Solutions AS

Liisa Lukin, juhatuse liige

(digitaalselt allkirjastatud)

Haridus- ja Teadusministeerium

Kristi Vinter-Nemvalts, kantsler

(digitaalselt allkirjastatud)

Keskkonnaministeeriumi Infotehnoloogiakeskus

Marko Arula, direktor

(digitaalselt allkirjastatud)

Regionaal- ja Põllumajandusministeerium

Marko Gorban, kantsler

(digitaalselt allkirjastatud)

Põllumajanduse Registrite ja Informatsiooni Amet

Jaanus Hämmal, peadirektori asetäitja

(digitaalselt allkirjastatud)

Rahandusministeeriumi Infotehnoloogiakeskus

Meelis Riimaa, direktor

(digitaalselt allkirjastatud)

Registrite ja Infosüsteemide Keskus

Rivo Reitmann, direktor

(digitaalselt allkirjastatud)

Riigi Infosüsteemi Amet

Joonas Heiter, peadirektori asetäitja riigi infosüsteemi alal

peadirektori ülesannetes

(digitaalselt allkirjastatud)

6 / 6

Sihtasutus Tartu Ülikooli Kliinikum

Kati Korm, infotehnoloogiajuht

(digitaalselt allkirjastatud)

Siseministeeriumi infotehnoloogia- ja arenduskeskus

Mart Nielsen, peadirektor

(digitaalselt allkirjastatud)

Tallinna Tehnikaülikool

Tea Trahov, kantsler

(digitaalselt allkirjastatud)

Tartu Ülikool

Kstina Noormets, kantsler

(digitaalselt allkirjastatud)

Sihtasutus Põhja-Eesti Regionaalhaigla

Agris Peedu, juhatuse esimees

GENERAL TERMS OF SUBSCRIBER AGREEMENT

Effective date: 1 July 2023

1. Version information

Date Version Changes

1 July 2023 4.1 - Added section 9.8 together with Annex 1

- Added section 18.3

- Updated contact details and repository addresses

- Removed Proxy Certificate Validation Service

- Prevailing language changed to English

13 June 2018 4.0 - Added principles for use of Mobile-ID Service

- Removed User-Based Authentication Service

- Updated section 12.2, 12.4 and 12.6

- Added section 8.5, 8.6, 8.7, 8.12, 12.5

- Linguistic improvements

1 March 2017 3.0 - Added principles of use of Smart-ID Service

- Updated sections 2, 3.2, 4.4, 8.7, 8.8, 9.2.3, 9.6, 10, 11.4,

14.6, 14.7, 16.2, 16.4, 16.5, 17.9

- Linguistic improvements

1 July 2016 2.0 - Updated principles for use of Services

- Added terms of use for Time-Stamping Service, User-Based

Authentication Service and Proxy Certificate Validation

Service and adjusted to adapt to other contract provisions

as new services are added

- Updated Service outage provisions

- Updated Subscriber obligations

- Updated structure and title, added version information

1 September 2011 1.0 - Changes to price list and pricing plans

- Added the concept of third party outage

- Linguistic improvements

2. Definitions

SK SK ID Solutions AS

Subscriber Adult natural person with active legal capacity or legal entity specified in the Subscriber Agreement.

Parties SK and Subscriber

Agreement Agreement comprised of Subscriber Agreement, General Terms of Subscriber Agreement, Price List and amendments thereto.

3. General

3.1. SK and Subscriber enter into an Agreement for the use of Services.

3.2. After the Agreement is concluded, SK will grant the Subscriber access to Services within 5 (five)

Business Days.

3.3. SK will provide Services and the Subscriber undertakes to use Services in accordance with the

terms defined in the Agreement.

3.4. The Subscriber undertakes to review and comply with the terms of use, principles and technical

specifications of the Services as published on SK's website.

3.5. In case of discrepancies between the General Terms of Subscriber Agreement and the Subscriber

Agreement, the Subscriber Agreement will prevail.

4. Principles for Use of Validity Confirmation Service

4.1. Validity Confirmation Service provides validity information of Certificates issued by SK.

Subscriber Agreement Framework agreement entered into between SK and Subscriber in relation to the Subscriber relationship that defines the Subscriber's data, services used and special provisions. The Subscriber Agreement is part of the Agreement.

General Terms of Subscriber Agreement

Present document which stipulates the assumptions and legal basis for the contractual relationship between Parties and defines the principles and general terms of use of services provided by SK. The General Terms of Subscriber Agreement is part of the Agreement.

Price List Part of the Agreement that defines the prices of Services and terms for implementation.

Certificate Digital data enabling to create electronic signatures,

electronic identity verification, device identification, secure data transmission, code signing and/or data encryption and where the public key is linked to the natural or legal person who owns the certificate.

Middleware Additional functionality provided by SK that uses Services (e.g. signature creation, Mobile-ID requests).

Services Validity Confirmation Service, Time-Stamping Service, Mobile-ID Service, Smart-ID Service that SK provides to Subscribers and that Subscribers may use together or separately or via Middleware.

Evidential value of validity confirmation

A set of data linking the signed document to the time that the certificate used to create the electronic signature was valid.

User End-user of the Services via the Subscriber's information system or application.

Charges Monthly charges for use of the Services.

SK website www.skidsolutions.eu

Business Day Means 9:00 a.m. - 6:00 p.m. Eastern European Time (UTC+2), Monday to Friday, except Estonian public holidays.

4.2. If the request contains a nonce field — a hash of the signed document — the service referred to

in sections 4.1 will issue an additional confirmation on the existence of the document at the time

of request.

4.3. Use of the Validity Confirmation Service is according to protocol defined in IETF RFC 6960 or

newer.

4.4. Evidential value of validity confirmation:

4.4.1. SK maintains a log system to ensure the evidential value of validity confirmation, retaining

audit trails for the validity of all Certificates and validity confirmations issued. The audit

trails are linked together sorted by time in the log system. The log entry records the time,

activity performed, activity authorisation method and identifier, requested Certificate

identifier and the nonce value of the request.

4.4.2. SK ensures the retention and availability of audit trails for validity confirmations issued

within 10 (ten) years from making the validity confirmation available to the Subscriber.

4.5. Technical parameters and service certificates of the Validity Confirmation Service are published

on SK's website.

4.6. General Terms of Subscriber Agreement also apply if the service referred to in sections 4.1 is used

via the Middleware provided by SK. The Middleware is subject to the terms of Service described

in section 9.

5. Principles for Use of Time-Stamping Service

5.1. Time-Stamping Service is a service issuing time stamps. Time stamps confirm that certain data

exist at a certain time.

5.2. Use of the Time-Stamping Service is according to protocol described in IETF RFC 3161 or newer.

5.3. The service is based on SK's Time-Stamping Authority Practice Statement and usage is subject to

SK's Terms and Conditions for Use of Time-Stamping Service. These documents are available at

https://www.skidsolutions.eu/en/repository/tsa/.

5.4. Technical parameters of the Time-Stamping Service and the service certificate of the Time-

Stamping Service are published on SK's website.

5.5. General Terms of Subscriber Agreement also apply if the service referred to in section 5.1 is used

via the Middleware provided by SK. The Middleware is subject to the terms of Service described

in section 9.

6. Principles for Use of Mobile-ID Service

6.1. Mobile-ID is an electronic identity issued for Users by mobile operator. Mobile-ID Service enables

a Subscriber to implement the support for authentication and electronic signature functionality

for Mobile-ID Users in the Subscriber’s information system or application. The exact list of

supported mobile operators is published on SK’s website.

6.2. Use of Mobile-ID Service is according to the Mobile-ID technical specification, which is published

on SK´s website.

6.3. Technical parameters and the service certificate of the Mobile-ID Service are published on SK´s

website.

6.4. General Terms of Subscriber Agreement also apply if the service referred to in section 5.1 is used

via the Middleware provided by SK. The Middleware is subject to the terms of Service described

in section 9.

7. Principles for Use of Smart-ID Service

7.1. Smart-ID is an electronic identity issued for Users by SK. Smart-ID Service enables a Subscriber to

implement the support for authentication and electronic signature functionality for Smart-ID

Users in the Subscriber’s information system or application.

7.2. Use of Smart-ID Service is according to the Smart-ID technical specification, which is published on

SK´s website.

7.3. Technical parameters and the service certificate of the Smart-ID Service are published on SK´s

website.

7.4. SK maintains a log system to ensure the evidential value of Smart-ID transactions (User

authentication and electronic signature). The log entry records the User, the time, the activity

performed and the Subscriber´s identifier.

7.4.1. SK ensures the retention and availability of logs for Smart-ID transactions for 10 (ten) years

from the time the Smart-ID User performed authentication and/or electronic signature.

7.5. SK is liable for the integrity of Smart-ID User´s data through the lifecycle.

8. Obligations Related to Use of Services

8.1. The Subscriber undertakes to review and comply with terms of use of the Services. Terms and

Conditions for Use of Time-Stamping Service are available at

https://www.skidsolutions.eu/en/repository/tsa/.

8.2. The Subscriber undertakes in using Services to apply measures to ensure conformity of requests

sent to the Service with protocols supported by the Service and correct interpretation of

responses to requests (incl. verification of service certificate authenticity).

8.3. The Subscriber undertakes to apply measures to avoid access to the Services by third parties.

8.4. By using the Services the Subscriber guarantees that personal data of Users are protected

pursuant to law.

8.5. When using the Mobile-ID and Smart-ID Service Subscriber may request User’s personal data

from the Services only if User has initiated the authentication or electronic signing transaction.

User consent to transmit the personal data to Subscriber is granted to SK by entering PIN code.

8.6. Subscriber is prohibited to request User’s personal data from the Services without User’s consent

except when User’s personal data is requested to prepare the authentication or electronic signing

transaction. The User consent request must be followed.

8.7. If there is no User consent granted as stipulated in sections 8.5 and 8.6, Subscriber is not entitled

to maintain the User data.

8.8. When creating electronic signatures the Subscriber in its information system or application

must ensure the following:

8.8.1. Validity confirmation is required at the first opportunity;

8.8.2. Measures are applied to unambiguously interpret the electronically signed data;

8.8.3. Users are provided with a function to ascertain the authenticity of electronically signed

data and attributes are added to the signature (signing location, role/resolution), if any;

8.8.4. Data provided to the User prior to electronic signature correspond to the data transmitted

to be actually signed;

8.8.5. Users have access to the electronically signed document created through the process.

8.9. In case of Mobile-ID and Smart-ID authentication and electronic signing, the Subscriber

undertakes to ensure that the verification number is visibly displayed to the User and the User is

asked to check if it matches prior to entering their PIN.

8.10. The Subscriber does not have the right to assign the Agreement or rights and obligations arising

thereof to third parties without the written consent of SK. Any assignment of rights acquired and

obligations assumed under the Agreement to third parties on the part of the Subscriber without

SK's consent will be void.

8.11. The Subscriber does not have the right to resell the Services to third parties without written

consent of SK.

8.12. SK is entitled to monitor the fulfilment of Subscriber’s obligations as stipulated in section 8.

9. Scheduled and Unscheduled Outages

9.1. SK will notify the Subscriber of scheduled Service outages using the method specified in section

13.5 of the Agreement, including reasons and estimated Service restoration time at least 7 (seven)

calendar days before such outage.

9.2. SK will ensure that scheduled Service outages per Service:

9.2.1. Do not exceed 2 (two) times per calendar month;

9.2.2. Do not exceed 12 (twelve) times per year;

9.2.3. Occur between the hours of 11:00 p.m. to 7:00 a.m., except on Fridays

9.2.4. Are limited to 3 (three) hours at a time and no more than 6 (six) hours per month.

9.3. SK will notify Subscribers of unscheduled outages at the earliest opportunity using the method

specified in section 13.5.

9.4. SK will ensure that the duration of unscheduled outages per Service does not exceed:

9.4.1. 45 (forty-five) minutes at a time on Business Days and 90 (ninety) minutes total per month;

9.4.2. 3 (three) hours at a time outside of Business Day and 6 (six) hours total per month.

9.5. Service malfunction is a situation where the number of failed requests during a period described

in sections 9.4.1 and 9.4.2 is below 10% of total requests per Service. Service malfunction is not

deemed an unscheduled Service outage.

9.6. The malfunction of notification services (i.e. Google Cloud Messaging, Firebase Cloud Messaging)

that are used to send authentication/signing requests to the Smart-ID application in the User´s

device, is not deemed an unscheduled Service outage.

9.7. Interruptions in the services provided by the mobile operator (SMSC, network etc) shall not be

considered as interruption of the Mobile-ID Service.

9.8. Availability requirements for qualified and qualified increased security electronic identification

Services for Subscribers subject to Latvian Law on Electronic Identification of Natural Persons shall

be set in Appendix 1.

10. Service Suspension

10.1. SK is entitled to suspend Services to the Subscriber in the following cases:

10.1.1. Subscriber breaches the terms of the Agreement;

10.1.2. Subscriber is more than 1 (one) month late with invoice payment;

10.2. SK will notify the Subscriber of any need to suspend the Service within a reasonable period of

time. Services are suspended after the Subscriber fails to rectify the situation giving rise to Service

suspension within a reasonable period of time set by SK.

10.3. SK is entitled to suspend Services without prior written notice in cases in which a Subscriber's

actions may pose a risk to the functioning of the Services and their availability to other Subscribers

(e.g. DDOS attack). SK will notify the Subscriber about the suspension as soon as reasonably

possible.

10.4. The Subscriber undertakes to notify SK of having rectified the situation giving rise to Service

suspension.

10.5. SK will terminate the suspension of Services if the Subscriber adequately rectifies the situation

giving rise to Service suspension.

11. Service Price and Billing

11.1. SK is entitled to payment from the Subscriber in exchange for performing Services according to

the Price List published on SK's website. When the Agreement is concluded, the Subscriber selects

a pricing plan that is documented in the Subscriber Agreement. Subscribers may only change their

pricing plan at the conclusion of a calendar month.

11.2. SK issues monthly invoices to the Subscriber for the Services by the 10th (tenth) day of the month

following use of the Services.

11.3. When the Agreement becomes ineffective or otherwise terminated, the Subscriber will be

charged in full for the calendar month when Services commenced or the Agreement was

terminated.

11.4. The Subscriber must pay the invoice for Services to SK within 14 (fourteen) days of the invoice

issue date.

11.5. SK is entitled to late payment interest from the Subscriber. Interest will accrue from the calendar

day following the due date at the rate of 0.15% on the outstanding amount for each calendar day

of delay.

11.6. Pricing plans for Service vary according to the “request prices” as per the Price List and a minimum

number of requests. Charges are calculated on the basis of requests made by the Subscriber. If

the number of requests by the Subscriber is below the minimum specified in the pricing plan, the

Charges will be calculated based on the minimum number of requests fixed in the pricing plan.

11.7. Requests made via the Middleware provided by SK are classified as either Validity Confirmation

Service, Time-Stamping Service or Mobile-ID Service requests and are priced according to the

Price List. SK may charge extra fees for using Middleware.

11.8. Pricing for Services does not include audit trail extracts on validity confirmations, log extracts on

time stamps and/or Certificate validity requests and/or Smart-ID and/or Mobile-ID transactions

data from SK's log system and/or other related services. Extracts from audit trails constitute a

separate service and SK may charge an extra fee.

12. Confidentiality and Use of Data

12.1. Parties undertake to maintain confidentiality of the information of the other Party and its

customers, business partners, employees, financial condition and transactions that are disclosed

due to conclusion, performance, amendment or termination of the Agreement and undertake

not to disclose such information to third parties without the other Party's consent for an unlimited

term even after the expiry of the Agreement.

12.2. Parties are entitled to refer to the existence of the Agreement, if explicitly set forth in the

Subscriber Agreement, but not to any details as to the substance or technical data of the

Agreement. This confidentiality requirement will not extend to disclosures to Parties' auditors,

organisations exercising supervision under law and legal advisers.

12.3. SK is entitled to use Subscriber data on Service applications as examples of applications to present

its Services and technology unless otherwise provided in the Subscriber Agreement.

12.4. SK guarantees that data transmitted by the Subscriber to Services is only used to provide Services

and is not accessible to third parties.

12.5. SK is not entitled to monitor or analyse User’s data on an individual level for SK’s business interest.

12.6. SK guarantees personal data protection according to law and Principles of Processing Personal

Data that are available on SK's website.

13. Notification Obligation and Document Format

13.1. The Subscriber undertakes to notify SK of any changes in Subscriber Agreement data and

promptly send the new data to SK on the email address specified in the Subscriber Agreement or

through SK's online customer service system. Change of data is deemed to be any change of

Subscriber's data, including authorised person, contact person, computer network address and

data forming the basis for the selected pricing plan (estimated request volume).

13.2. Unless otherwise communicated by the other Party, either Party will be entitled to assume that

contact details are unchanged and also that authorisation of contact persons is unchanged and

not revoked.

13.3. The Subscriber is liable for any consequences related to the operability and usage of the email

address they have provided to SK (incl. those arising from transactions entered into via the email

address). The Subscriber's liability extends to cases where a third party has used the Subscriber's

email address.

13.4. SK will notify the Subscriber via the contact details specified in the Subscriber Agreement and/or

through SK's online customer service system of any substantive changes to the Agreement

according to the provisions of section 16.1 and/or 16.2 of the Agreement.

13.5. Notifications related to the Agreement aimed to disclose information between Parties will be sent

via email, additionally via SK's website or SK's online customer service system.

14. Parties' Liability

14.1. Parties are held liable for direct material damages caused to the other Party or a third party by

non-performance or undue performance of obligations undertaken with the Agreement pursuant

to this Agreement and legislation.

14.2. SK is liable for the correctness of information issued by Services.

14.3. SK is not liable for the substance of the transaction based on the issued validity confirmation or

time stamps.

14.4. SK is not liable for any breach of obligation set forth in section 8.4 by the Subscriber.

14.5. The Subscriber is entitled to claim within 30 (thirty) days as of the moment when the Subscriber

became or should have become aware of the claim for a contractual penalty for time exceeding

the permitted Service outage time provided in section 9, limited to:

14.5.1. 1% of Service Charges per minute of outage during the course of a Business Day; and,

14.5.2. 10% of Service Charges per hour of outage outside of a Business Day.

14.6. The aggregate liability for contractual penalties claimed from SK in any calendar month will not

exceed the monthly Service charge.

15. Force Majeure

15.1. Force majeure releases Parties from liability if performance of obligations arising from the

Agreement is hindered. Force majeure consists of circumstances independent of Parties' intent

that are unforeseeable, beyond Parties' intent and prevent them from performing obligations

arising from the Agreement.

15.2. A Party must notify the other Party of force majeure at the first opportunity via the contact details

specified in the Subscriber Agreement.

15.3. Force majeure will not release Parties from their obligation to undertake all possible measures to

prevent or mitigate damages arising from failure to perform or undue performance of the

Agreement.

15.4. In the event that force majeure applies for a duration in excess of 30 (thirty) days, a Party will be

entitled to unilaterally terminate the Agreement while providing written notice to the other Party.

16. Amendment to Agreement

16.1. SK is entitled to make unilateral substantive amendments to the Agreement at 3 (three) months’

notice to the Subscriber, but not more than twice per year. The Subscriber will be notified in

accordance with section 13.4 of the General Terms of Subscriber Agreement.

16.2. SK is entitled to make unilateral amendments in the process of providing Service, in Service

documentation and in Service parameters referred to in the Agreement, by giving notice to the

Subscriber via the SK website and/or SK online customer service system. If the amendments

require changes in the Subscriber´s application, the Subscriber will be notified in accordance with

section 13.4 of the General Terms of Subscriber Agreement.

16.3. If the Subscriber does not agree to the amendment of the part of the Agreement provided in

section 16.1 and/or 16.2 of the General Terms of Subscriber Agreement, the Subscriber will be

entitled to cancel the Agreement.

16.4. If an existing Subscriber orders additional Service, then the newest version of the General Terms

of Subscriber Agreement shall apply to the Subscriber.

16.5. Amendments and additions to the Subscriber Agreement (inter alia change of Subscriber's

contact data, technical parameters, pricing plan, ordering of additional Service) are performed

through SK’s online customer service system.

16.6. If any amendment to Subscriber Agreement data requires changes to Service configurations, SK

must implement such changes within 5 (five) Business Days.

17. Agreement Term and Termination

17.1. The Agreement is concluded for an unlimited term unless Parties define otherwise in the

Subscriber Agreement.

17.2. The Agreement will enter into force after confirmation of the Subscriber's purchase order by SK

unless otherwise agreed by Parties.

17.3. If the Subscriber is a natural person, the Agreement will terminate upon their death. If the

Subscriber is a legal entity, the Agreement will terminate upon their dissolution or bankruptcy.

The Agreement will also terminate upon the dissolution of SK, upon agreement by Parties or

unilateral cancellation on grounds set forth in the Agreement.

17.4. The Subscriber is entitled to unilaterally cancel the Agreement at 2 (two) weeks´ notice to SK

unless otherwise agreed by Parties.

17.5. SK is entitled to unilaterally cancel the Agreement in the following cases:

17.5.1. Services are discontinued, at minimum of 4 (four) months´ notice to the Subscriber of

Agreement cancellation;

17.5.2. The Subscriber uses Services for purposes other than those specified in the Agreement,

for illegal activity or in a manner that may cause substantial damage to SK or third parties

without providing any notice;

17.5.3. The Subscriber has failed to rectify the situation giving rise to Service suspension within

1 (one) month of Service suspension.

17.6. If a Party to the Agreement materially breaches any material provision of the Agreement, the

other Party will be entitled to suspend performance of the Agreement and cancel the Agreement

if the other Party has not rectified the breach within 5 (five) Business Days of receiving such

notice.

17.7. Agreement termination will not release the Subscriber from its obligation to pay invoices for

Services until the expiry date specified in the Agreement.

17.8. Expiry/cancellation of the Agreement will not have any impact on the enforcement or settlement

of obligations arising prior to the expiry of the Agreement.

17.9. Agreement termination will not release SK from its obligation to provide audit trails for evidential

value of validity confirmation for confirmations made during period when the Agreement was in

force.

18. Dispute Resolution

18.1. The Agreement shall be governed by Estonian law.

18.2. Any disputes arising from the Agreement shall be resolved via negotiation. If an agreement is not

reached, the dispute shall be resolved at Harju County Court.

18.3. The Subscriber shall in addition comply with applicable laws and regulations, which it is governed

by.

19. SK's Contact Details

19.1. SK online customer service system: www.skidsolutions.eu

19.2. Sales: [email protected]

19.3. Technical support: [email protected]