General terms of use for partners
1 Legislative and regulatory framework
The following list refers to the main applicable Partner texts. The present conditions of use are in accordance with these texts. This list does not affect the law applicable to Service Providers according to their legal nature (principles of administrative law and private law):
Act No. 1.483 of 17/12/2019 relating to digital identity and its implementing legislation (currently being published).
Act No. 1.383 of 02/08/2011 for a Digital Principality, amended, which concerns trusted services in particular.
Act. No. 1.165 of 23/12/1993 on the protection of personal information, amended.
Sovereign Ordinance No. 8.099 of 16 June 2020 setting out the conditions for the application of Act No. 1.383 of 2 August 2011 for a digital Principality, as amended, relating to trusted services.
Ordinance No. 3.413 of 29/08/2011 on various measures relating to the relationship between the Public services and public service users, amended.
Ministerial Decree No. 2017-56 of 1 February 2017 implementing Sovereign Ordinance No. 3.413 of 29 August 2011 on various measures relating to the relationship between the Public services and the public service user, as amended.
Security policy for State information systems
Ministerial Decree No. 2020-461 of 6 July 2020 implementing Article 13 of Sovereign Ordinance No. 8.099 of 16 June 2020 setting out the conditions for the application of Act No. 1.383 of 2 August 2011 for a digital Principality, as amended, relating to trusted services.
General Security Reference System of the Principality of Monaco (RGSP) Rules applicable to information systems relating to trusted services for electronic transactions (RGSP).
Ministerial Decree No. 2020-462 of 6 July 2020 implementing Article 36 of Ministerial Decree No. 2020-461 of 6 July 2020 implementing Article 13 of Sovereign Ordinance No. 8.099 of 16 June 2020 setting out the conditions for the application of Act No. 1.383 of 2 August 2011 for a digital Principality, as amended, relating to trusted services.
Specifications and procedures for weak, substantial and high guarantee levels of electronic means of identification issued in the context of an electronic identification scheme.
2 Purpose of this document
The purpose of these General Terms and Conditions of Use (hereinafter referred to as "GTC") is to specify the terms of use of the MConnect authentication system by the Partners. This document also specifies the respective commitments and obligations of the various parties concerned.
MConnect is the technical means proposed by the Principality of Monaco for a user to identify himself/herself with his/her Monegasque regalian digital identity and access online services in a secure manner.
The present GTCs apply to any public or private Partner offering online services that require the authentication of their users or clients, and requesting the use of MConnect.
The Partner confirms that he/she has read and understood the entirety of these GTCs before using MConnect and undertakes to adhere to them.
3 Definitions
The terms Authentication, Electronic Identification, Digital Identification Means and Personal Identification Data refer to the definitions of Act No. 1.383 of 02/08/2011 for a Digital Principality, as amended.
The "weak," "substantial" and "high" identification levels of digital identity are those referred to in Article 3 of Act No. 1.483 of 17/12/2019 on digital identity and its implementing regulations (in the process of being published).
Words beginning with a capital letter in these terms and conditions of membership have the meaning defined below:
Public services/DSN: Prince's Government
DSN: Digital Services Department
Service Provider (SP)/Partner: refers to the entity using MConnect to access the online services it delivers.
MConnect: refers to the technical authentication means made available by the Digital Services Department (DSN) enabling Users to attest to their identity in the context of services offered by Service Providers and access them securely. MConnect is presented on the website
https://mconnect.gouv.mc
Online services: refers to, as defined by Ordinance No. 3.413 of 29/08/2011 on various measures relating to the relationship between the Public services and the public service user, as amended "[...] any information system enabling users to carry out administrative procedures or formalities and make payments electronically." It is a partner entity of MConnect which offers one or more services requiring the online Identification and/or Authentication of their users or customers.
User: refers to a natural person who identifies/authenticates with MConnect in order to benefit from and access one of the online services offered by the Partners.
4. General context
4.1 Introduction
The Principality of Monaco is engaged in a major digital transformation programme to support its economic development and the life experience of its population. Major programmes are being carried out in this regard under the initiative of the DITN (Digital Transition Office) to bring about the transformation of Monaco. The areas covered are, in particular, the smart city, e-government, e-education, e-health and e-security.
The digital economy requires a climate of trust in the online environment between its various players. Digital trust is notably provided in the Principality by a legislative framework and a technical infrastructure:
• A legislative and regulatory framework that is conducive to the development of trust and digital exchanges.
• A platform of trusted services, MConnect, which enables the identity of economic players and populations to be certified and guarantees the security of transactions and e-services.
The digital identity and trusted services platform entitled M-Road :
• creates and assigns a digital identity to any person of Monegasque nationality and any person holding a residence permit.
• operates a National Digital Identity Register, in which the digital identities allocated by the registration authorities of the State and Municipal executive services will be centralised.
• is based on the attribution of regalian identity, in relation to the system for issuing secure documents: electronic Monegasque ID cards by the Commune and residence permits by the Police Department.
• Offers trusted services such as the MConnect authentication modules to public and private Service Providers who request them and who have been authorised by the Public services.
4.2 The benefits of MConnect
Public and private Partners benefit from :
• secure identification of persons, derived from the regalian identity.
• Verified attributes of the core identity: All the information necessary to identify a unique person. It is comprised of the birth name, first names, customary name, date/place/time of birth, and sex.
• increased security; identity theft is no longer possible.
• ease of use, using open and standard protocols (OIDC).
• authentication levels aimed at substantial and high levels, in accordance with the Principality of Monaco's General Security Reference System (RGSP) and Act. No. 1.483 of 17/12/2019 relating to digital identity and its implementing legislation (currently being published).
The advantages for your users and customers:
• use of a single account to access all of its online services
• easier access from a mobile phone
• a simple experience: users no longer need to fill in or justify their identity, as they identify themselves using their ID.
5 Principles and eligibility criteria
5.1 Summary
Companies or associations may join MConnect as Partners when they offer online services whose use requires verification of the identity of their Users.
It is aimed at establishments in Monaco, registered in the RCI, and associations, federations and groups in Monaco.
The Partners undertake to :
• Comply with the technical requirements, based on the Open ID Connect protocol, provided by the public services at the time of the MConnect use requests (document: Manual for the use of an e-service with MConnect).
• Retain the data obtained within the framework of MConnect only for the duration of the contractual relationship with their user.
•. Respect the legislation in force, such as notices from the RGSP and the CCIN (The Data Protection Authority of Monaco)
• Not sell personal data obtained in the context of connection to MConnect.
• To maintain an option for its customers to use another means of authentication than MConnect.
• Respect the principles set out in this document and the visual elements (the MConnect button and logo).
The Digital Services Department (DSN)
will receive and process applications for joining MConnect. The DSN will contact the manager of the partner project.
Applications are analysed by the DITN’s legal department and the MConnect team, in order to ensure the relevance and consistency of the Online Service Provider's request with the use of MConnect authentication.
Ineligible applicants or applications that do not meet the eligibility criteria will be rejected.
5.2 Roles and commitment of the Digital Services Department
The DSN operates the MConnect platform and as such is committed to the following:
• the MConnect platform has undergone security certification, undertaken with a qualified Information Systems Security Audit Service Provider (PASSI) in Monaco in accordance with the Principality of Monaco's General Security Requirements (RGSP).
• The MConnect platform has been the subject of a request for an opinion from the Data Protection Authority of Monaco (CCIN)
• The DSN studies the requests for use of MConnect in conjunction with the eligible organisations that request it and will provide its opinion (acceptance or refusal).
• It is expressly mentioned that the DSN may refuse a request for authorisation of an entity that does not comply with the regulations applicable to the protection of personal data, taking into account, on the one hand, the central place occupied by identification data in MConnect and, on the other hand, the need for security, including public security, inherent in this platform. Furthermore, the DSN must be informed by the entity requesting authorisation of any sanctions or convictions to which it may have been subject as a result of a breach of the regulations applicable to the protection of personal data and which may have an impact on the use of MConnect. Where applicable, the requesting entity and the DSN shall meet, so that the DSN is in a position to assess the consequences of these sanctions or convictions for the entitlement of the said entity to join MConnect as a Service Provider.
• The DSN shall endeavour to guarantee availability of the MConnect service of 99.5% per year.
• The DSN may undertake any testing, monitoring and/or maintenance operations according to a schedule that it freely determines. In order to ensure that these operations result in limited interruptions to service, they shall preferably be scheduled during periods when the MConnect platform is less in demand. The DSN shall notify the Service Provider by e-mail in advance of the date of such an operation. The DSN will give varying amounts of notice depending on the nature and scope of the operation.
• In the event of a malfunction of MConnect, the DSN may intervene at any time in order to manage the incident as quickly as possible.
• The DSN will be available during the service opening hours (9 a.m.-12 p.m./2 p.m. - 6 p.m. on working days) to take the Service Provider's requests into account.
• The DSN will include the Service Provider Partner in the list of compatible Online Services on mconnect.gouv.mc
• The inclusion of MConnect on a Partner's Online Service shall not give rise to any financial compensation between the DSN and the Partner.
5.3. Roles and commitment of the Partner Service Provider
The Service Provider using MConnect commits to the following:
• The Partner shall use MConnect in accordance with these General Terms and Conditions of Use and the technical requirements (document: Manual for the use of an e-service with MConnect).
• When the Partner's service must be approved in application of the regulations in force, this approval constitutes a prerequisite for the use of MConnect. The approval decision must be communicated to the DSN. In the event of renewal or change in the scope of the approved service, the Partner shall transmit the new approval decision to the DSN. In the event of the suspension or loss of this approval, the Partner undertakes to inform the DSN as soon as possible. The DSN then reserves the right to deactivate it.
• The online service must comply with the practices and request for advice from the CCIN.
• Any entity wishing to be authorised in connection with MConnect as a Service Provider must indicate for what purpose and service the User's identification data will be processed. If the Service Provider wishes to change the purpose or the service concerned, it must make a new request for authorisation.
• The Partner alone shall define the MConnect identification data to be used to enable it to make the connection with the business identifiers of its customers/users.
• The Partner undertakes to use the data received from MConnect in accordance with the regulations.
• The Partner undertakes to inform its users of the possibility of connecting to its service with MConnect and the Monegasque digital identity. The Partner shall also inform them that when they use MConnect they are subject to the general conditions of use of MConnect, in addition to the general conditions applicable to the online service offered by the Service Provider. The Partner shall make these known to, and have them accepted by, each User.
• The Partner must ensure that the use of MConnect complies with the legal and regulatory obligations to which it is subject due to its status or activity.
• The Partner is recommended to take all necessary measures to ensure the traceability of the activities related to its service, its users and it being specified that it is the Partner's responsibility to store this information, whether for evidential or other purposes.
• The Partner shall authorise the DSN to use its corporate or commercial name in the context of MConnect, so that it may be included in the list of Partners.
6 Personal data
• The DSN alone shall determine the means of implementing the processing of personal data collected for Identification/Authentication purposes in the context of MConnect. Consequently, the DSN is the data controller, in accordance with the provisions of Act No. 1.165 of 23 December 1993 on the protection of personal data.
• The processing is part of the Public services’ missions. It is justified by the fulfilment of a legitimate interest pursued by the Public services through the development of digital tools and processes in order to offer trusted digital services benefiting from a high level of security and data integrity, in accordance with Act No. 1.482 on a Digital Principality and Act No. 1.483 on digital identity.
• MConnect shall transmit the following information to the Partner Service Provider comprising the core identity
o family_name: Registered surname; given_name: First names; birth_name: name given at birth; name: First name(s) + Surname
o preferred_username: User's unique key
o birth_datetime: Date and time of birth
o birth_place: Place of birth
o gender: Gender
o sub: Unique identifier of the authenticated user. Its value is the unique key of the user prefixed by a technical identifier.
o Authority: Registration Authority (City Hall or DSP) and status of the digital identity (active, suspended or inactive)
• The Partner is the recipient of the Identification Data of its users when they access its service via MConnect. This partner has the quality of a third party. The Partner alone shall determine the purposes and means of the processing of personal data of which the Partner is the recipient. Consequently, the Partner is responsible for the processing. In this capacity, the Partner undertakes to comply with the Regulations on the protection of personal data and in particular to manage the exercise of the rights of its users.
• If it occurs that the Partner is subject to an enforceable sanction or conviction due to a breach of the Regulations on the protection of personal data and that this breach has an impact on the online service, the Partner shall undertake to approach the DSN so that the latter is able to assess the consequences of the sanction or conviction on the continuation or otherwise of the relation between the Partner and MConnect.
• Each party shall inform the other party of security incidents notified to the competent authorities, where these concern the use of MConnect, in order to adopt the appropriate protective measures.
7 Cost of the service
• Participation in MConnect shall not give rise to any financial compensation between the DSN and the Partner.
8 Liability – Waiver
• The DSN shall be liable for damage caused intentionally or negligently to the Service Provider as a result of a breach of its obligations under these terms and conditions. Where applicable, only material damage directly suffered by the Service Provider may be taken into account and any compensation for any commercial damage (such as damage to reputation, loss of customers, etc.) is expressly excluded.
• The DSN shall not be held liable in the event of the use of an authentication method other than MConnect.
• The Partner is responsible for any breach of these general terms and conditions of use of MConnect for which it is responsible. In the event of a breach on its part, the suspension or deactivation of its use of MConnect will be implemented by the Public services.
• Under no circumstances shall the DSN intervene in any way whatsoever in the contractual relations that may be established between the Partners and their customers authenticated by MConnect.
• Given the legal nature of MConnect, the DSN's liability can only be incurred on the basis of the principles of administrative law applicable to public administrative services.
9 General provisions
9.1 Duration:
Subject to the cases of termination indicated below, the Partner shall adhere to these general terms and conditions of use of MConnect for an indefinite period.
9.2 Termination of the general terms and conditions of suspension or deactivation of access to the Teleservice
9.2.1 Termination by the Service Provider
The Partner may withdraw freely from MConnect.
Its decision must be notified by e-mail to: dsn@gouv.mc.
Its request will be executed on the date specified in the termination letter or, failing that, after a period of two (2) months of receipt of this notification by the DSN.
Any operation carried out during this period shall remain valid, and must be traceable in the event of a legal claim within the legal time limits.
9.2.2 Suspension or deactivation by the DSN
In the event of a breach of these general terms and conditions of use by the Partner, the DSN reserves the right to suspend or deactivate the service(s) of the Service Provider concerned from MConnect. This decision may be taken without delay, without notice and without compensation to the Partner.
Depending on the seriousness of the breach, the DSN may allow the Partner a maximum period of fifteen (15) days from the notification of the DSN to remedy the notified breach. During this period, access to MConnect by the Partner's users will be suspended for the service(s) concerned by the breach.
After this period, if the Partner has not remedied the breach, the service concerned will be deactivated from MConnect.
In any case, the DSN may unilaterally suspend or deactivate the Partner from MConnect for reasons of public interest or
public safety. The DSN shall inform the Partner of this as soon as possible by the means it considers most appropriate. This decision shall not give rise to any compensation for the Partner.
The DSN may modify these general terms and conditions of use at any time, whether for the purpose of bringing MConnect into compliance with a legislative or regulatory text, or for other reasons. If the modification of the general terms and conditions of use implies changes to MConnect that affect the Partner, reasonable notice shall be given.
9.3 Management of the General Terms and Conditions of Use
Information regarding the modification of the general terms and conditions of use will be communicated by any means deemed appropriate by DSN. It is the responsibility of the Partner to refer to the latest version of the general terms and conditions of use before using MConnect. The general terms and conditions of use can be accessed at any time on the website https://mconnect.gouv.mc/devenir-partenaire in the "Become a Partner" section
9.4 Intellectual Property
The MConnect trademarks and/or logos owned by the Public services, appearing on all media, are trademarks that are protected by the legal provisions applicable in Monaco. Any representation or reproduction, in whole or in part, without the express prior authorisation of the Public services is prohibited and constitutes a criminal offence punishable by the Monegasque Courts and Tribunals.
9.5 Applicable law and dispute settlement
The parties shall expressly agree that only Monegasque legislation and regulations are applicable. They undertake to seek an amicable agreement in the event of a dispute. At the initiative of the requesting party, a meeting shall be organised. Any agreement to settle the dispute must be recorded in writing in a document signed by an accredited representative of both parties. In the event of a dispute relating to the interpretation, formation or performance of the Contract and failing to reach an amicable agreement, the parties shall give express and exclusive jurisdiction to the competent courts in the Principality of Monaco.
9.6 Entirety of the general conditions of use
The Partner's request for inclusion in MConnect implies the Partner's full and unreserved acceptance of the applicable general terms of use, which consist of this document, the editorial content of the mconnect.gouv.mc site and the Manual for use of an e-service with MConnect.