These terms govern your use of "OneID", the identity service we provide which lets people ("users") prove who they are online, simply and securely, by connecting to their bank via open banking and giving their consent to us sharing personal data held by their bank with you.
By clicking the "I agree" button, completing the registration process or using OneID, you confirm that you: (i) have reviewed and accept these terms; and (ii) are authorised to act on behalf of the owner of the account you have just opened with us, and to bind them to these terms.
In consideration of the foregoing, the parties agree as follows:
- About us & our regulator
DIN has its registered office at 29 Wood Street, Stratford-upon-Avon, England, CV37 6JG and is registered with companies house under number 11800511. We are a registered ‘account information service provider’ (AISP) with the financial conduct authority (firm reference number 928911).
- Background checks
As part of setting up your OneID account we have to undertake some background checks on you in accordance with our regulatory obligations and our “know your customer” practices. Whilst we are doing this, your OneID account will be limited to five (5) transactions per day. "transactions" are requests made by users through OneID which involves OneID accessing personal data regarding that user ("user data"), typically from their bank or a credit reference agency (collectively, "identity provider(s)"), and forwarding it to you.
Once we have completed our checks, we will update your OneID dashboard and also email you to confirm the results. Assuming you have passed, the transaction limit on your OneID account will be lifted and you will be able to use OneID normally. If we need further information from you in order to make our decision, we will contact you and the transaction limit will remain in place.
If you fail our checks for any reason, we will notify you by email to the contact address you have provided and our notification will also serve as our notice of immediate termination both of the contract between us created by these terms and your right to use OneID.
- OneID terms and compliance with laws
Each time that you use OneID, you must do so in accordance with these terms and subject to the provisions of our privacy notice.
We encourage you to frequently review these terms and the privacy notice as they are both subject to change. Every time we change them, we will notify you by email to the contact address you have provided. You are under no obligation to use OneID and you can always stop using the service at any time if you disagree with any changes we make.
Please also see our FAQ pages for more information on OneID.
In relation to OneID, each party: (i) must comply with its own obligations under law; and (ii) may refrain from doing anything which would, or might (in its reasonable opinion) be contrary to any laws/regulations (including, in the case of DIN, those laws/regulations to which it is subject and those laws/regulations that otherwise impact upon any or all of DIN’s operations, OneID or any other OneID user(s)/participant(s)).
- The OneID service
- We will try to ensure that OneID is available to you at all times, although we can't promise that it will always be available or work perfectly (for example, in the case of updates, maintenance, fraud, or a fault in the systems used to provide it, or where there are problems with your systems, those of the ecommerce platforms you use to access OneID (if applicable), or those of an identity provider). These events are sometimes outside of our control.
- We may use third-party suppliers to support us in providing OneID. We take reasonable care in selecting our suppliers so as to protect your security and privacy and that of the users.
- We aim to make OneID easily accessible. If you have any difficulties when using it then please contact us at email@example.com.
- We expect OneID (including the app and/or extension which you downloaded as part of your OneID onboarding process (the "app")) to change over time and we reserve the right to make such changes as we see fit. References to OneID in these terms include the app unless expressly stated or the context requires otherwise. Changes to the app will be “pushed” out to you and you must accept them if you wish to continue to use OneID. If any change is likely to have a significant impact on your use of OneID, we will notify you by email to the contact address you have provided. You are under no obligation to use OneID and you can always stop using the service at any time if you disagree with any changes we make.
- The use of, or integration into, OneID by any identity provider or ecommerce platform does not constitute or imply any endorsement, sponsorship or recommendation of them by DIN.
5. Acceptable use, and our suspension and other rights
- You must not:
- Use OneID or user data in any way which directly or indirectly: (i) is defamatory, obscene, infringing, harassing or racially or ethnically offensive; (ii) depicts sexually explicit images; (iii) promotes violence; (iv) is discriminatory based on race, gender, skin colour, religious belief, sexual orientation or disability; or (v) is otherwise unlawful, illegal, fraudulent, malicious or causes damage or injury to any person or property;
- Use OneID in any manner or for any purpose that misappropriates or otherwise infringes any intellectual property right or other right of any person;
- Remove any proprietary notices from any part of OneID or any materials provided or made available by us;
- Combine or integrate any part or element of OneID with any software, technology, services, or materials not approved in advance in writing by us;
- Provide or allow access to OneID, or any restricted access areas of the OneID website, to any third party, except to the extent required for any subcontractor of yours to carry out its obligations under its subcontract with you solely for your business purposes and subject to the other provisions of these terms;
- Use OneID in a way that could damage, disable, overburden, impair or compromise our systems or security or interfere with other persons (for example, we expect you to make fair and reasonable levels of use of OneID) and not repeatedly and unnecessarily access our service using robots or other similar technologies);
- Attempt to alter or decipher any transmissions to or from the servers running our service (for example, by trying to break the encryption protecting those transmissions); nor
- Attempt, nor allow anyone, to use or access OneID: (i) to copy, distribute, reproduce, alter, modify, reverse engineer, disassemble, decompile, transfer, exchange or translate the OneID service or related code; (ii) to create derivative versions of OneID; (iii) to rent, lease, sub-license, loan, translate, merge, adapt, vary or modify OneID; (iv) to permit OneID to be combined with, or become incorporated in, any other programs or services; (v) in connection with any data mining, robots or other data gathering or extraction methods; or (vi) to hack, penetration test, fault find, analyse, tamper with, or in any way look to subvert the operation, code and/or functionality of OneID; (vii) for anything other than its intended purpose.
- You must: (i) access and use OneID only for your legitimate business purposes and for (and strictly within the scope of) the uses disclosed and detailed in your OneID account application, assuming that those uses have passed our background checks (“permitted uses”) but not further, or otherwise; (ii) comply with any restrictions we impose from time to time regarding the range of goods or services, or other purposes, for which OneID may be used; (iii) provide us with volumetric forecasting at the time of signing up and on an ad hoc basis in advance in respect of any expected material peaks or troughs in transaction volumes (via firstname.lastname@example.org).
- We reserve the right to (and we accept no liability if we do) refuse, suspend or stop the use of all (or any part(s)) of OneID for you and/or any other user(s), at any time for non- or late payment or for business, security, operational, regulatory, legal, or any other reason including where we believe that: (i) you have caused or are likely to cause damage to the reputation or public perception of OneID and/or DIN; or (ii) your conduct is inconsistent with having the intention or ability to comply with these terms; (iii) you are subject to sanctions or if, for any other reason related to legal or regulatory requirements, it might be illegal for DIN to continue to provide the OneID service to you.
- We may decline or refuse to process any transaction at any time.
6. Proprietary rights and licence
- "OneID®" (the “brand”) is a registered trade mark of Digital Identity Net U.K. Limited.
- All copyright, database rights, the brand (and our other names and trade marks) and all other intellectual property and proprietary rights of any nature in OneID (including its icons, buttons and appearance, and the app), together with the underlying software code and all related documentation, are owned by us or our licensors.
- We grant you a non-exclusive, revocable, non-sublicensable, non-transferrable right, to:
- Download and use the app and/or extension, and to access and use OneID; and
- Subject to our branding rules (the current version of which can be seen here) and our directions from time to time, use the brand in your marketing activities,
In each case for the purpose of making OneID directly available to users through your ecommerce site for the permitted uses and promoting the same in a reasonable and responsible manner. No other or wider rights or licences are granted to you and all other rights are reserved.
Any use of the brand other than as stated above is strictly subject to our prior written approval. All goodwill arising from use of the brand and our other names and trade marks shall enure to us automatically upon creation.
- You grant us a non-exclusive, non-transferable, sub-licensable, worldwide, royalty free right to use, store and copy your name, brand(s) and any other material (other than user data) which you provide to us in relation to your use of OneID (“your material”): (i) solely to the extent necessary for us to carry out our obligations and exercise our rights under these terms; and (ii) to promote OneID to users and in our general marketing activities (including on a customer page on our website) or as may otherwise be mutually agreed in writing (such agreement not to be unreasonably withheld, qualified or delayed). All goodwill arising from use of the branding elements of your materials shall ensure to you automatically upon creation.
- You must not: (i) use in your business any mark, logo, icon or word confusingly similar to the brand or any of our other business names, trade marks and logos (“brand elements”); (ii) do, or omit to do, or permit to be done, any act that will or may weaken, damage or be detrimental to any/all of the brand elements or the reputation or goodwill associated with DIN or the brand elements, or that may invalidate or jeopardise any registration of any of the brand elements; or (iii) apply for, or obtain, registration of any of the brand elements (in whole or in part) for any goods or services in any country.
- If you provide feedback or suggestions about any aspects(s) of OneID, then you hereby grant us a non-exclusive, royalty-free, transferable, sub-licensable, irrevocable and perpetual worldwide licence to use the feedback and suggestions without obligation to you.
- Save as expressly provided for above, neither party shall acquire any proprietary right, title or interest in and to, nor any right to use, any intellectual property rights of the other party.
- Each party will execute and do and procure the execution and doing of all such documents, acts and things as may be reasonably necessary to give full force and effect to the provisions of this clause 6.
7.1 For the purposes of these terms, “confidential information” means all information designated as confidential or otherwise of a confidential nature which a party (the “disclosing party”) provides to the other party (the “receiving party”), but excluding any information that: (a) is or becomes publicly available, except by breach of these terms; (b) is disclosed to the receiving party by a third party without restriction and the receiving party reasonably believes the third party is legally entitled to disclose such information on that basis; (c) was known to the receiving party without restriction prior to its receipt from the disclosing party; (d) is disclosed with the disclosing party’s prior written consent; and/or (e) is independently developed by the receiving party without reference to the disclosing party’s confidential information.
7.2 Each party as a receiving party undertakes that:
A) To the extent it comes into possession of the disclosing party’s confidential information in connection with these terms, it will use that confidential information solely for the purposes of and as contemplated by these terms, and will not use such confidential information for its own benefit nor disclose it to any third party without the disclosing party’s prior written consent, except that we may disclose confidential information to our suppliers to allow us to provide OneID, and to our professional advisers, on terms of confidentiality equivalent to those set out herein;
B) It will carry out its obligations hereunder using the same degree of care that is used in protecting its own proprietary information, but always with at least a reasonable degree of care.
7.3 Each party may disclose confidential information to the extent required to do so by law or regulation or the rules of any stock exchange save that, in such circumstances, that party will (except to the extent prohibited by law) promptly inform the other party and will: (i) co-operate with that other party contesting the requirement and/or seeking a protective or other appropriate remedy; and (ii) use all reasonable endeavours to minimise the extent of the disclosure and ensure that any information which it is required to disclose is held in confidence by the person/entity to whom it is disclosed.
7.4 Subject always to compliance with the other provisions of this clause 7, each party may retain copies of the other party’s confidential information to the extent reasonably necessary for its accounting, record keeping, legal and regulatory purposes.
8. Data protection
In relation to OneID each party acts as an independent data controller of the user data it processes for the purposes of applicable data protection legislation ("DP law").
In this clause 8, “user data” includes not just the personal data which we obtain from identity providers and disclose to you through OneID with a user’s consent, but also any other data shared between the parties relating to users which is regarded as personal data under DP law, such as the tokens we create and share with you to help protect users’ privacy.
- We are the data controller of user data where it is used by us in relation to OneID. You acknowledge that we will acquire user data from an identity provider (and that the identity provider acts as an independent controller of user data prior to disclosure of the same) and you act as an independent controller of user data on receipt of the same via OneID.
- Each party must: (i) comply with its respective obligations under all DP laws and make due notification(s) to any relevant regulator; and (ii) implement and maintain such technical and organisational measures as are required to enable user data to be processed in compliance with DP law.
- Each party is responsible for its own compliance with DP law and neither party relies on the other in this respect save that each party will (both during and after termination of the contractual relationship formed by these terms):
- Promptly notify the other party if it receives: (i) a request from a user to exercise their rights under DP law in respect of that other party's processing of their user data; or (ii) any other correspondence from a user or regulator in respect of that other party's processing of user data;
- Provide reasonable assistance to the other party as is necessary to enable that other party to comply with a request from a user to exercise his/her rights under DP law and to respond to any other queries or complaints from users or a regulator in compliance with DP laws; and
- Notify the other promptly (and in any event within seventy-two (72) hours) upon becoming aware of any actual personal data breach affecting user data and, together with such notice, shall provide a written description of the user data breach particulars required by DP law.
- You must:
- Ensure that you have identified an appropriate legal basis under and, where applicable, a derogation from, DP law in respect of any use/disclosure of user data you make under these terms;
- Ensure that all fair processing notices have been given (and/or, as applicable, valid consents obtained that have not been withdrawn) and are sufficient in scope and kept up-to-date in order to meet the requirements of DP law to enable us to process user data in accordance with DP law as contemplated by these terms; and
- Ensure you are not subject to any prohibition or restriction which would: (i) prevent or restrict you from (as the case may be) receiving user data from, or disclosing or transferring user data to, us, as required under these terms; or (ii) prevent or restrict us from processing the user data, as envisaged under these terms.
9. Warranties and disclaimers
- Each party represents, warrants, and undertakes to the other party that: (i) it has obtained, and shall maintain, all consents, rights and approvals necessary to perform its obligations and grant rights and licences under these terms; (ii) it has in entering into and performing these terms complied, and shall continue to comply, with, all laws to which it is subject; and (iii) it has and shall maintain full capacity, power and authority to enter into and perform these terms.
- Except as expressly and specifically provided in these terms: (i) OneID is provided "as is" and "as available" without warranty of any kind; and (ii) all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from these terms.
- Whilst we operate OneID using a reasonable level of skill and care and we hope that you will enjoy using it, we cannot and do not promise that OneID or the information, content or materials displayed on it are accurate, sufficient, uninterrupted or error-free. DIN does not warrant, represent or undertake that OneID will be fit for any particular purpose or requirement; or satisfy any legal or regulatory requirement binding upon you or your commercial or other needs.
- We rely upon the user data held with by identity providers being accurate and up to date. We do not check user data for accuracy, legality or otherwise and you acknowledge and agree that we are not able to, and do not, guarantee the validity or accuracy or any user data provided through OneID, nor are we responsible for the actions of users. It is a user’s responsibility to check that their user data is accurate and up to date, and you must contact the user in the first instance to correct it if there are any errors or if there are other issues regarding a user’s acts or omissions.
- DIN does not make any commitments in relation to OneID about specific functions being maintained, reliability or availability, nor do we guarantee to continue to make OneID available in any particular form. We do not guarantee availability of any particular identity provider(s) on OneID as these may change from time to time. We have no obligation to resume provision of OneID if it is suspended or stopped for you or any other user(s).
- OneID has not been developed to meet your particular circumstances. It is your responsibility to ensure that it meets your needs.
10. Duration of our relationship
10.1 Our contract with you in respect of OneID commences when you click to agree to these terms and it continues until whichever is the earlier of: (i) you notifying us that you wish to terminate the contract by sending us an email to email@example.com; (ii) you deleting or disabling the app; and (iii) us giving you notice of termination by email to the contact address you have provided, which we may do at any time for any reason.
10.2 Termination of the contract will be without prejudice to the parties’ accrued rights and remedies including in respect of the circumstances giving rise to termination and transaction fees accrued up to the effective date of termination.
10.3 The provisions of clauses 6, 7, 8, 10.2, 10.3, 10.4, 12, 13, 15 and 18 of these terms will survive termination.
10.4 On termination of the contract for any reason:
(a) All licences granted hereunder (other than the licence you grant to us under clause 6.6) immediately terminate; and
(b) You must immediately cease all access to and use of OneID (including associated software, the app, the brand and all related documentation); and
(c) We must without undue delay cease all access to and use of your materials; and
(d) You must remove OneID as an option from your ecommerce site;
(e) All transaction fees owing are immediately due for payment; and
(f) Each party shall return and make no further use of any equipment, property, information and other items (and all copies of them) belonging to the other party except in so far as they are legitimately and necessarily retained pursuant to clause 7.4 or as are required for regulatory or compliance purposes.
11. Transaction fees
We do not charge you a membership or subscription fee, but we do charge you a fee per transaction. The fee initially applicable to your use of OneID was confirmed as part of your OneID registration process and can be seen in your e-commerce platform provider’s admin section or in the OneID management console.
Accrued fees will be collected on our behalf either by the ecommerce platform(s) through which you access OneID or we will collect our fees directly ourselves. That said, you acknowledge and agree that we may nevertheless seek payment of accrued fees direct from you where they remain owing.
We reserve the right to change our fees from time to time by giving you not less than 30 days’ prior notice. We will give you this notice either by email to the contact email address you have provided or by posting details on our website. You are under no obligation to use OneID (or the app) and you can always stop using the service at any time if you disagree with any changes we make to our fees.
12.1 Nothing in these terms (other than clause 12.2 in the case of (e) below) will exclude or limit a party’s liability: (a) for death or personal injury resulting from the negligence of that party; or (b) in respect of any fraud or any statements made fraudulently by or on behalf of that party; or (c) to the extent to which it is otherwise prohibited from being excluded or limited by law; or (d) in respect of transaction fees; or (e) in respect of the indemnities given hereunder.
12.2 To the fullest extent permitted by law, neither party shall be liable whether in tort (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise for any special, indirect or consequential loss, costs, damages, charges or expenses however arising under or in connection with these terms.
- Subject to clauses 12.1 and 12.2, our liability to you for all loss suffered or liability incurred by you arising from or in connection with these terms or otherwise in relation to OneID, whether in contract, tort (including negligence), equity, for breach of statutory duty or otherwise, and whether or not reasonably foreseeable or within the reasonable contemplation of the parties, arising: (i) in relation to any particular transaction, will not exceed the fee we have charged you for that transaction; and (ii) in total and in the aggregate, in any calendar month, will be limited to a sum equivalent to the total of the transaction fees paid by you in that calendar month.
13.1 Each party (the "indemnifying party") shall indemnify the other party (the "indemnified party") from and against any final judgment by a court of competent jurisdiction, including reasonable legal fees, that any service, item or material provided by the indemnifying party under these terms infringes the intellectual property or other proprietary rights of a third party. This indemnity shall not apply to: (a) the extent that any infringement could have been avoided by use of an updated version of the affected material provided by the indemnifying party; and (b) any user data relayed/received by DIN.
Where DIN is the indemnifying party it may at its sole option and expense: (i) procure for you the right to continue to use the affected item; (ii) replace or modify the affected item with a functionally equivalent item; or (iii) terminate these terms with immediate effect.
13.2 You shall indemnify us from and against any losses, costs, expenses (including legal fees), liabilities, claims or counterclaims, damages, and disputes which are or will be suffered or incurred by us that arise out of or in connection with your relationship with a user (including where it relates to the provision of goods or services to a user, or use of user data provided by us to you via OneID).
13.3 You shall reimburse us for any costs and expenses (including legal fees) which are or will be suffered or incurred by us arising out of or in connection with any investigations into transactions which involve: suspected unauthorised, fraudulent or criminal activity by you or on your behalf or facilitated through your use of OneID; or, a breach of these terms by you.
14 Monitoring, assistance and stats
14.1 to ensure the proper operation of OneID, we may at any time: (a) on reasonable notice (unless we consider that immediate action is required) audit or investigate your use of OneID and/or compliance with these terms; and/or (b) monitor your use of OneID.
14.2 If any audit/investigation or monitoring is undertaken by us, or a complaint or claim is raised with us by a user, identity provider or regulator, related to your access or use of OneID then you must timely provide all information and support reasonably requested by us regarding the investigation and resolution of that matter.
14.3 Except as provided for by applicable law(s), you agree that nothing in these terms will prevent or limit us from creating, using, disclosing and exploiting aggregated data and information of any sort relating to and/or resulting from any use of OneID which is aggregated and either anonymous or de-personalised.
15 Dispute resolution
If a dispute arises between you and us under or in connection with these terms, either party may notify the other in writing giving reasonable detail of the alleged dispute. Following a party's receipt of such notice, persons of sufficient seniority (as designated by each party) will negotiate in good faith in an attempt to amicably resolve the dispute within 14 days of the date of the notice. This clause will not prevent either party from seeking special/injunctive relief or commencing or continuing court proceedings or from exercising its rights under these terms including any suspension or termination rights.
16 Circumstances beyond a party’s control
Except for payment obligations, neither party shall be liable to the other party for any delay or failure to perform any obligation under these terms where the delay or failure arises as a result of circumstances beyond that party’s reasonable control.
- Third party sites and links
OneID may contain links to third-party websites, apps or other technology, such as those of identity providers and ecommerce platforms ("third-party sites"). Third-party sites are not under our control, and we are not responsible for and do not endorse their content, practices or privacy notices (if any). You need to make your own judgement on any third-party sites, including the purchase and use of any products, services or technology accessible through them.
18.1 Either party may subcontract any of its obligations under these terms but will remain liable for all subcontracted obligations and its subcontractors' acts or omissions in performance of the same. Other than that, neither party may transfer or assign these terms or any of its rights and obligations under these terms without the other party's prior written consent (not to be unreasonably withheld, qualified or delayed) except that either party may assign/novate these terms in their entirety to a successor in interest that is of good financial standing and has sufficient operational capability to carry out its obligations under these terms without requiring such consent but on advance written notice in the event of a reorganisation, merger, consolidation or sale of all or substantially all of its assets or business. The other party agrees to enter into such documentation as may be necessary to effect any such assignment/novation.
18.2 No delay or failure to exercise a right under these terms prevents the exercise of that or any other right on that or any other occasion.
- Each provision of these terms operates separately. If any court or competent authority decides that any of them are unlawful or unenforceable, the remaining provisions will remain in full force and effect.
- The parties are independent contracting parties. Nothing in these terms is intended to make either of them a joint venturer, partner, agent or fiduciary of the other nor grant any rights to, and these terms are not intended to operate for the benefit of, third parties.
- These terms contain the entire understanding of the parties about the subject matter referred to in these terms to the exclusion of all previous agreements, understandings, correspondence or commitments between the parties or any third parties purporting to represent them. Subject to clause 12.1(b), you acknowledge that in entering into these terms you have not relied on any representations made by us or any other entity, whether oral or written, that are not contained in these terms.
- These terms may only be varied as provided for herein and you may not seek unilaterally to impose new, additional or altered payment terms upon us (whether through purchase orders or otherwise), and you agree that any attempt to do so shall be void and of no effect.
- In interpreting these terms: (a) any reference to “includes”, “including” or derivatives of them means “including but not limited to”; (b) the singular includes the plural and vice versa; (c) a reference to a statute or statutory provision is a reference to it as amended or re-enacted and includes any subordinate legislation made under that statute or statutory provision, as amended or re-enacted; and (d) reference to writing or written includes email.
- These terms, their subject matter and formation, are governed by English law. The parties agree that the courts of England and wales will have exclusive jurisdiction.