General Terms and Conditions & Terms of use for cidaas ID validator

for using the cloud software cidaas ID validator

Version 2021-11-30 / state 30.11.2021

  1. Provider / scope of application of the terms of use
    1.1. The cloud software cidaas ID validator (hereinafter referred to as “cidaas ID validator”, “cidaas” or “software”) is offered by Widas ID GmbH, Maybachstraße 2, D-71299 Wimsheim, represented by CEOs Sadrick Widmann and Yael Widmann, telephone: +49 (0)7044 / 95103-100 (hereinafter referred to as “provider” or “Widas”). With cidaas, Widas offers a cloud software solution for an eIDAS compliant, digital Onboarding (digital Identification of a person).
    1.2. These terms of use (hereinafter also referred to as “GTC”) apply to all users of cidaas (hereinafter referred to as “Users”). They regulate the user relationship between provider and user with regard to all agreed contracts and services.
    1.3. These GTC shall apply exclusively; counter-confirmations or general terms and conditions of the user are expressly rejected. This shall also apply if the User’s offer is submitted or accepted with reference to the overriding validity of the User’s own GTC or if the Provider executes the delivery/service without reservation in the knowledge that the Customer’s terms and conditions conflict with or deviate from these GTC.
    1.4. With the conclusion of the contract, at the latest with the beginning of the use of cidaas, the user agrees to the exclusive validity of these terms of use.
    1.5. The current version of the Terms of Use at the time of registration, which is also available on the website and is printable.
    1.6. These General Terms and Conditions also apply to all future business relationships between the provider and the user, even if they are not expressly agreed upon again. The current version of the GTC at the time of conclusion of the contract shall apply.
    1.7. The provider does not conclude contracts with consumers (§ 13 BGB). The contractual partners of the contracts and business relations underlying these GTC are exclusively tradesmen or entrepreneurs (§ 14 BGB). By concluding the contract with the provider, the customer assures that he/she is acting as an entrepreneur within the meaning of § 14 BGB, i.e. that he/she is exercising his/her commercial or self-employed professional activity.
  2. Subject matter of the contract / services / functionalities / accessibility
    2.1. After conclusion of the contract, the Provider shall provide the user for the duration of the contract with the opportunity to access the cloud software solution cidaas online and to use the functionalities and services available there (e.g. social login & registration, multi-factor authentication, single sign on, etc.).
    2.2. A contractual relationship is established exclusively between the user and the provider. There is no contractual relationship with third parties, such as customers of the User. The Provider merely provides the functionalities to enable an eIDAS compliant identification of persons, its login, consent management. It is therefore exclusively the duty of the User to fulfill the legal and factual requirements with regard to the concrete use of the functionalities on his own responsibility. The User must therefore ensure, for example, that the transmission of personal data of his customers to him and to the Provider for the purpose of implementing the functionalities is lawful and permissible.
    2.3. cidaas ID validator performs the following steps to identify a natural person online, with similar security like a video ident method
    2.3.1. Verification, that it is a valid identification document (ID Card, Passport, recidency permit)
    2.3.2. Verification that the identification document belongs tot he to identified person.
    2.3.3. Liveness Detection of the person
    2.3.4. Verification that the previously specified person to be validated is the same
    2.4. With the purchase of one of the versions of cidaas, the user receives a simple, non-exclusive, revocable right of use (subscription) to this version, which is limited to the duration of the term of the agreement.
    2.5. Widas ID carries out an external audit by the conformity assessment body for the cidaas ID validator every 24 months. The status is monitored by the Bundesnetzagentur.
    2.6. The user does not acquire any claim to free functionalities and possibilities of use existing, remaining or being established in the future. Free usage options and functionalities can be adapted, i.e. either extended or discontinued at any time without prior notice.
    2.7. The provider can restrict access to the services at any time if the security of the network operation, the maintenance of the network integrity, in particular, the avoidance of serious disturbances of the network, the software or stored data require this and the interests of the user worthy of protection do not outweigh this in the weighing process.
    2.8. The provider does not guarantee a certain availability for the free use of cidaas ID validator. The provider endeavours to provide a maximum of accessibility within his sphere of influence. Within the scope of the use of chargeable services, the Provider guarantees availability within the scope of its own sphere of influence, subject to the proviso that minor periods of unavailability for the purpose of system maintenance cannot be excluded. The Provider shall carry out such maintenance measures outside normal business hours, as far as possible and reasonable. If, as a result of such maintenance work, unavailability of more than one hour’s duration is foreseeable, the Provider shall announce this in advance on the website or by e-mail. The Provider has no influence on the availability, stability and functionality of the Internet as a whole or the infrastructure of third parties (access providers, backbones, DNS servers or similar) required to establish a connection to the service of the Provider and can therefore not be held liable for such circumstances.
    2.9. There is no claim to updates or adjustments beyond the legal warranty.
    2.10. The use of the identification process compliant with the eIDAS is limited to proper identification documents (gem. „Amtsblatt der Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen“ Art. 5 Anforderungen an geeignete Identitätsdokumente)
    2.11. The published practices statement of the cidaas ID validator is applied
    2.12. The provider has a help desk through which the user can report support and complaints (incidents). The provider is alerted via an incident management tool so that the requests can be responded to within the time defined in the SLA. The more precise specification for the availability of the help desk or the hotline can be found in the SLA.
  3. Registration / Conclusion of contract
    3.1. All offers of the provider are subject to change and non-binding unless a binding assurance is expressly given in writing. They merely represent the invitation to submit an offer by the user. An order is only binding if the provider confirms it or fulfills it by providing the service.
    3.2. The contract is concluded through the user’s order on the one hand (=offer) and execution or confirmation of the order by the provider on the other hand (=acceptance).
    3.3. Insofar as employees of the supplier give guarantees prior to the conclusion of the contract, these shall only be effective if they are confirmed in writing by the management of the supplier.
    3.4. The content of the contract between the provider and the user results from the subject of the order, in particular, the relevant software version and the stated price, the service description for cidaas as well as these GTCs.
  4. Duties & assurances of the user
    4.1. The User assures that all data and information provided by him/her are true, that he/she does not provide false or misleading information, that he/she is of full age or of full legal capacity at the time of registration or that he/she is acting with the permission of his/her legal representative and that he/she has the appropriate authorisation (power of representation) to act on behalf of the company, enterprise or legal entity for which the account is created or for which the contract is concluded. The represented company is always referred to in these GTCs as “user” in the same way as the person acting on its behalf. The User undertakes to provide evidence of all assurances made in this clause to the Provider upon request. If the relevant data changes after registration, the user must update the data immediately. The Provider is entitled to delete accounts if the data provided, which are essential for the execution of the contract or the provision and implementation of the service owed, should prove to be untrue or if there is a justified suspicion that such data are untrue.
    4.2. The user undertakes not to store on the storage space provided any unlawful content that violates the law, official requirements or the rights of third parties.
    4.3. The user assures that he/she will choose a secure password in accordance with the state of the art and that he/she will keep it secret from third parties. If the User knows or has reason to suspect that third parties have gained possession of the access data, the User must inform the Provider immediately. The Provider has no opportunity to view the password.
    4.4. The User is obliged to notify the Provider immediately of any recognisable defects and to keep his hardware and software up to date (in particular security software and browser).
    4.5. The user is forbidden to misuse the services provided or to change or restrict their functionality by using the software in a way that is not intended or by using it in a way that is not specified.
    4.6. The user undertakes to use the software only within the scope of the contractually agreed scope of services and only for his own purposes. Use of the Account by or for third parties and the disclosure of access data is prohibited.
    4.7. The user is responsible for ensuring that the personal data collected from his customers and from himself in the context of the use of the software and processed by him or by the provider as agreed are collected and processed in a lawful and permissible manner. Should the Provider, as the processor of such data on behalf of third parties (e.g. by affected persons or by supervisory authorities), be exposed to claims by third parties, the User shall indemnify the Provider in full against such claims.
    4.8. According to the ” Amtsblatt der Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen” para. 8 “Reporting of suspected cases of fraud”, the user is obliged to set these in the admin dashboard. The cidaas ID validator thus enables a report to
    4.9. Decompilation of the software is only permitted if the requirements and conditions are specified in § 69 e para. 1 UrhG (German Copyright Act) are met. The information thus obtained may not be used or passed on contrary to the provisions of § 69 e para. 2 UrhG.
  5. Technical requirements
    5.1. In order to use the software, the user club must have a standard Internet connection and a standard Internet browser or must use the Web APIs of cidaas.
    5.2. Furthermore, it shall be the responsibility of the User to ascertain prior to the purchase of the software whether the hardware and software used by the User enable the use of the software.
    5.3. The provider points out that the user may incur additional connection costs when calling up services via the Internet using a corresponding Internet or telecommunications connection. Such costs are solely based on the respective provisions of the Customer’s contract with his Internet or service provider.
  6. Subscriptions / validity durations
    6.1. As a rule, subscriptions do not have a fixed term. Rather, they run for an indefinite duration. The contract for the subscription ends when the Provider or the User terminates the subscription with a notice period of one month to the end of the following month in text form (i.e. at least by e-mail).
    6.2. The contractual term applicable to the respective offer or the respective subscription model can be found in the respective offer presentation.
  7. Prices and terms of payment
    7.1. The prices of the individual offers are based on the respective offer presentation.
    7.2. The prices for subscriptions to certain versions may decrease or increase during the course of a subscription. Such changes do not affect current subscriptions.
    7.3. The prices quoted are all-inclusive of the applicable statutory value-added tax. There are no shipping costs.
    7.4. The term of a subscription cannot be interrupted. Therefore, no reimbursement of subscription fees for such interruptions shall be considered.
    7.5. The Provider may offer various payment options (e.g. credit card, SEPA direct debit or Paypal, payment via iTunes, via Google Checkout or other central login and payment services), without being obliged to do so. For payment processing via payment service providers (e.g. PayPal), the terms of use and business conditions of the payment service provider concerned shall apply exclusively; if applicable, the user must also have a user account with the payment service provider.
    7.6. After purchase, the user will receive an invoice for the services ordered in the electronic form to the e-mail address provided by him.
    7.7. Objections to the billing of the services provided by the provider must be raised by the user in writing to the office indicated on the invoice within a period of eight weeks after receipt of the invoice. After expiry of the aforementioned period, the invoice shall be deemed to have been approved by the user. The provider shall specifically draw the customer’s attention to the significance of his conduct when sending the invoice.
    7.8. If the user does not properly meet his payment obligations or if amounts paid are charged back or debited back, the provider is entitled, without prejudicing further claims, to block the user’s access to cidaas. If the user settles the outstanding claim, the access will be unblocked again.
  8. Usage rights of the software
    8.1. The use of the software is permitted for all persons under 8.5 All trademark rights, rights to business designations, rights to names, trademark rights, copyrights, ancillary copyrights and other rights to the software itself, the individual graphic and textual elements and the functionalities and services are the sole property of the Provider and may not be used, distributed, copied, reproduced, made publicly accessible, performed, broadcast or otherwise exploited without the prior consent of the Provider in text form.
    8.2. Any other or further use or exploitation is not permitted and is illegal. The provider does not grant the user such other or further rights of use.
    8.3. Subject to any legal restrictions (e.g. copyright), the provisions of clauses 9.1 to 9.2 shall also apply to all individual components and parts of the software unless the part in itself does not enjoy copyright or other legal (e.g. ancillary copyright) protection.
    8.4. The Provider reserves the right to block access to the software if the User has acted contrary to clauses 9.1. to 9.3. or has enabled third parties to use or exploit the software or parts thereof without authorization.
    8.5. All trademark rights, rights to business designations, rights to names, trademark rights, copyrights, ancillary copyrights and other rights to the software itself, the individual graphic and textual elements and the functionalities and services are the sole property of the Provider and may not be used, disseminated, copied, reproduced, made publicly accessible, performed, broadcast or otherwise exploited in text form without the prior consent of the Provider.
  9. Blocking or deleting of accounts by the provider
    9.1. The provider is entitled to temporarily block the account with immediate effect if there is reasonable suspicion that the stored data is illegal or infringes the rights of third parties. Reasonable suspicion of illegality or infringement of rights exists in particular if courts, authorities or other third parties inform the provider of this. The provider shall notify the user of the block and the reason for it without delay. The block shall be lifted as soon as the suspicion is rebutted.
    9.2. Furthermore, the provider is entitled to block an account if the user culpably violates these terms of use.
    9.3. The provider will take the interests of the user, in particular against the background of the seriousness of the violation, into account appropriately in its decision and, as far as possible, give the user a reasonable opportunity to comment before the account is blocked. In the request for comments, the provider will point out to the user that the account may be deleted if the user does not cooperate in clarifying the facts or does not immediately remedy the breach of duty or rights. The block shall be lifted as soon as the breach of duty has been remedied.
    9.4. The Provider may delete the account if the User does not immediately remedy the breach of duty or does not cooperate in clarifying the facts despite being requested to do so.
    9.5. In case of doubt, the burden of proof shall rest with the User. The User must demonstrate and prove that, contrary to the suspicion of the Provider, he has acted in accordance with the applicable law or these Terms and Conditions of Use or that there is no reason for blocking or deleting the data.
    9.6. Irrespective of the right to block or delete the account, the Provider shall remain entitled to terminate the contractual relationship with the User as a whole and/or to assert other claims, in particular claims for damages against the User.
  10. Compensation / Indemnification / Third Party Rights
    10.1. The user is obliged to compensate the provider for any damages incurred by the provider as a result of a culpable breach of the user’s obligations.
    10.2. In the event that the user fails to comply with his obligations, the User shall fully indemnify the provider from his liability towards third parties. He will reimburse the provider for any damages incurred as a result, including lawyers’ fees, consequential damages, loss of profit, etc. upon proof. This shall only not apply if the user is demonstrably not responsible for the breach of duty.
    10.3. If the use of the software by the user infringes the rights of third parties, the User shall immediately cease the use contrary to the contract or illegal use upon request by the provider.
  11. Termination / deletion of account
    11.1. The possibility of using the account exists for an indefinite period. If the Customer purchases services that are subject to a charge, such as a subscription, the contractual periods specifically regulated therein shall apply.
    11.2. The user has the right to delete his Account at any time. The deletion of the Account can be carried out by the user in the user profile administration.
    11.3. If the User terminates chargeable functionalities himself prematurely by cancellation or otherwise, there is no entitlement to a proportional repayment of already paid services, unless the Provider is responsible for the premature termination.
    11.4. The provider has the right to terminate the free use of the functionality at any time and to delete the user’s account without notice. Irrespective of this, the Provider can terminate the usage option at any time with effect from the end of the User’s current subscription, subject to agreed notice periods.
    11.5. The right to terminate for good cause remains unaffected. Good cause shall be deemed to exist for the Provider in particular if


    • the user has persistently violated essential provisions of these terms of use, in particular with regard to clause 4, or
    • an application is filed for the opening of insolvency proceedings against the assets of the user, insolvency proceedings are opened by a competent court or the opening is refused for lack of assets, or
    • the user fails to make due payments despite a reminder and the setting of a grace period or culpably violates the contractual provisions concerning the use of the software despite a warning and the granting of a reasonable grace period, or
    • there are circumstances which enable the Provider to reasonably conclude that the User is no longer able to fulfill his contractual obligations to the Provider due to lack of liquid funds and the User does not prove the contrary within 14 days after being requested by the Provider to provide reasonable assurance.
  12. Liability of the provider
    12.1. In the case of contracts for chargeable products, the provider is liable for damages to the user which are caused intentionally or by gross negligence, which are the consequence of the absence of a guaranteed quality of the object of performance, which is the consequence of a culpable injury to health, body or life, or for which liability is provided for under the Product Liability Act, always in accordance with the statutory provisions.
    12.2. In the event of a breach of material contractual obligations (so-called cardinal obligations) due to simple negligence, liability – insofar as the damage does not affect life, limb or health or a promised guarantee – is limited to such damage that must typically and foreseeably be expected to occur in the course of the provision of services such as the respective contractual service. Cardinal obligations are such contractual obligations whose fulfillment is essential for the proper execution of the contract and on whose observance the contractual partner may regularly rely upon, and whose violation, on the other hand, endangers the achievement of the purpose of the contract.
    12.3. In the case of contracts for free services, the Provider shall only be liable for intent and gross negligence, irrespective of the provisions of clauses 14.1. to 14.2. in accordance with the legal liability standard of § 521 BGB.
    12.4. Apart from this, liability – regardless of the legal grounds – of both the provider and his vicarious agents and assistants is excluded.
    12.5. If damages to the user result from the loss of data, the provider shall not be liable for this, provided that the provider has made a regular, complete and, in accordance with the value of the data, appropriately frequent backup of all relevant data.
  13. Data protection / confidentiality
    13.1. The User shall comply with the applicable provisions of data protection law when using the software. In this respect, the user is the responsible party within the meaning of Art. 4 No. 7 GDPR.
    13.2. The contracting parties shall conclude a separate contract for commissioned processing in accordance with Art. 28 GDPR.
    13.3. The Provider undertakes to maintain confidentiality about all confidential processes, in particular the User’s business secrets, which come to its knowledge in the course of the preparation, execution and fulfilment of this contract and not to disclose or otherwise exploit these except for the purpose of fulfilling the contract with the User.
    13.4. The User undertakes to obtain from its end customers (persons using the ID validator) informed consent for the processing of personal data before the start of the respective service to be provided by the Provider. With regard to informed consent, the end customer (using persons of the ID validator) shall at least be informed that the end customer (using persons of the ID validator) consents to the storage and processing of personal data entered him or automatically collected and recorded by him. The personal data defined in the consent template must be included in the consent form provided to the end-user. The consent also includes the fact that the provider stores, uses, processes and, if necessary, transmits the personal data to law enforcement agencies for up to 3 months beyond the end of the user relationship in order to clarify any misuse of the platform and for legal prosecution.
    13.5. The storage period must be specified in the consent form and kept to a minimum, as the requirement of data economy applies. In principle, the data recorded in the consent template (audio and video recordings) must be deleted no later than 3 months after the time of recording. The storage period of case-related data (ID data, device data, etc.) depends heavily on the user’s requirements and can thus be contractually agreed upon with the provider on an individual basis, taking into account data economy. The storage period for logs and evidence data is a maximum of 12 months unless a different storage period has been contractually agreed with the user based on legal requirements.
  14. EU platform for online dispute resolution:
    14.1. The EU provides an Internet platform for the online settlement of disputes (OS Platform). This OS platform is intended to settle disputes between consumers and online platforms for online purchase contracts or service contracts as quickly and effectively as possible. According to Art. 14 of the Regulation (EU) No. 524/2013 on Online Dispute Resolution in Consumer Matters (so-called ODR Regulation) we, therefore, refer you to the link to this OS platform. You can access the platform for online dispute resolution here: Link to the EU online dispute resolution platform
    14.2. Also in accordance with Article 14 of the ODR Regulation, we shall also provide the following e-mail address for your information: contact [at]
    14.3. We would like to point out that we are not obliged to take part in a dispute resolution procedure before a consumer dispute resolution agency, nor do we participate in such a procedure voluntarily.
  15. Amendments to these terms of use
    15.2. The provider reserves the right to change the terms of use. The user will be expressly informed of the changes in a suitable manner and the – highlighted – changed passages will be pointed out. As a rule, the notice shall be published by e-mail to the e-mail address provided by the user.
    15.2. The user may terminate the contract with the provider in text form within six (6) weeks of being informed of the new version at the time the new terms of use come into force. If the user does not give notice of termination, the amended terms of use shall become part of the contract. With the information about the changes, the provider undertakes to specifically inform the user of his special right of termination or the consequences of accepting the change in the terms of use.
  16. Severability clause
    If any of the provisions regulated here is or becomes invalid, the validity of the remaining provisions shall remain unaffected. In this case, the parties shall endeavour to replace the (partially) invalid provision by a provision whose economic success comes as close as possible to that of the (partially) invalid provision. The same shall apply in the event of contractual loopholes.
  17. Legal system / jurisdiction / assignment / set-off / communication
    17.1. These Terms of Use shall be governed exclusively by the laws of the Federal Republic of Germany, excluding international law, such as the UN Convention on Contracts for the International Sale of Goods (CISG).
    17.2. The place of jurisdiction for all disputes arising from this contract is the registered office of the Provider.
    17.3. Rights and obligations arising from these Terms of Use may not be assigned or otherwise transferred without the prior consent of the other party.
    17.4. The User may only declare offsetting with counterclaims that are undisputed or have been legally established.
    17.5. Unless otherwise agreed, the User may submit all declarations to the Provider by e-mail or send them by letter to the Provider. In turn, the Provider can send all declarations to the User to the e-mail address that the User has entered as the current e-mail address in his user account.
    17.6. If these Terms of Use are available in several language versions, only the German language version shall be legally binding.