2. Subject of the authentication service
XignSys GmbH provides a service for the authentication of users on behalf of our cooperation partners, as well as the transmission of personal data to the cooperation partner, if applicable. XignSys GmbH is a pure commissioned data processor within the meaning of Art. 28 et seq. Data Protection Regulation (DSGVO) and performs the authentication service on behalf of and for its cooperation partners as obligated parties under data protection law.
3. User authentication process
User authentication is carried out at the request of the cooperation partner of XignSys GmbH who wishes to carry out authentication or is obliged to authenticate the user on the basis of statutory provisions (e.g. from the GWG, TKG, eIDAS/VDG, De-Mail-Gesetz, etc.) in order to fulfill the desired contractual purpose. The authentication service provided by XignSys GmbH is carried out as part of an overall system for establishing the identity of users, with the aid of the personal smartphone and the personalized Xign.Me app installed on it. The data required for user authentication is only collected and processed in accordance with the relevant laws (e.g. GWG, TKG, eIDAS, VDG, De-Mail-Gesetz, etc.) or on the basis of the express consent of the user. After successful user authentication and the user's consent, identity data is transmitted from the identity provider to the cooperation partner.
4. Availability of the authentication service
XignSys GmbH reserves the right to discontinue, change or otherwise modify its authentication service at any time. This applies in particular in the event that the legal and/or statutory, as well as regulatory framework conditions regarding the permissibility of the authentication services through the XignIn technology change. XignSys GmbH endeavors to provide its entire service offering without interruptions. However, XignSys GmbH cannot assume any liability for the constant availability of its service offer. The availability of the service offer can be limited in particular at short notice if this is necessary with regard to the security or integrity of the servers, the performance of technical repair or maintenance work.
6. Cooperation and other obligations
7. Notification and information obligations
The user must immediately perform a new personalization if the loss or theft of the authentication means, misuse or other unauthorized use of the authentication means, access information or personalization information is detected. Furthermore, as soon as there is a suspicion that another person has gained unauthorized possession of the authentication means or knowledge of the knowledge factor or personalization information, or is using the authentication means, knowledge factor or personalization information, the user must also perform re-personalization of the smartphone.
8. Data protection
XignSys GmbH collects, processes and uses personal data of users exclusively for the purpose of providing the authentication service. Any further use of the data will only take place with the express consent of the user. With regard to the details, reference is made to the current data protection declaration of XignSys GmbH, which can be accessed at any time on the website of XignSys GmbH.
XignSys GmbH shall be liable in accordance with the statutory provisions for damage caused by fraudulent conduct as well as for damage caused by intent or gross negligence on the part of the staff of XignSys GmbH. In the event of simple negligence, the Contractor shall only be liable in the event of a breach of essential contractual obligations (so-called cardinal obligation, i.e. an obligation the fulfillment of which makes the proper execution of the contract possible in the first place and on the fulfillment of which the contractual partner regularly relies and may rely). XignSys GmbH shall be liable in accordance with the statutory provisions for personal injury and damages under the Product Liability Act.
10. Place of jurisdiction
Last updated: April 2021