Product conditions registration and use of trust services
Version 1.0.3
23-12-2025
Table of Contents
- 1. Preface and general definitions
- 2. Costs related to using the service
- 3. What should you expect from us as a User?
- 4. What do We expect from you as a User?
- 5. Quitting the use of Vidua?
- 6. Modification of product conditions
1. Preface and general definitions
These are the Product conditions for Registration and use of Vidua qualified trust services. Vidua is a brand name and trademark owned by Cleverbase ID B.V. Cleverbase ID B.V. (hereinafter: Vidua or We) is an ETSI/eIDAS accredited Qualified Trust Service Provider under supervision of the Dutch national inspectorate for digital infrastructure (Rijksinspectie Digitale Infrastructuur, RDI). We are established at Maanweg 174, 2516 AB The Hague and registered at the Chamber of Commerce (Kamer van Koophandel) under number 67419925. Vidua also is the brand under which We deliver our services to you as a user.
Because Vidua provides multiple services, we have divided our Conditions per service. This way we keep them concise. These Product conditions are effective from the moment you start registering for a qualified certificate. They apply to:
- Registration for and holding of qualified certificates.
- The use of trust services using a qualified certificate. Currently these are qualified electronic signing and identification.
1.1 Which definitions do We use in this document?
Terms as defined in the General Terms and Conditions are also used here. In addition, we use the following definitions:
Certificate: an electronic document that connects cryptographic keys to a particular person and confirms that person’s identity, thereby connecting them to the use of a trust service. In the context of Vidua, every certificate is also a qualified certificate.
Certificate Holder: an entity which will be identified in a certificate if the holder’s identity is confirmed by Vidua. Where personal certificates are concerned, the Certificate Holder will be a natural person. Consequently, in the Citizen Domain, the Certificate Holder and the Subscriber are always the same person.
Qualified certificate: a certificate that complies with the highest trust norms as stated in the EU eIDAS regulation.
Qualified trust service: electronic service for qualified electronic signing or identification in conformance with the highest trust norms as stated in the EU eIDAS regulation.
EU trusted list: an EU Member State list including information related to the qualified trust service providers for which it is responsible, together with information related to the qualified trust services provided by them.
Certificate Revocation List (CRL): a publicly available list containing all certificates that have been issued by Cleverbase that are now no longer valid due to revocation or expiration.
1.2 Hierarchy of documentation
This document is written with due care. However, in case of disputes between documentation, the following hierarchy exists:
- The privacy statement
- The certification practice statement
- The identity proofing service practice statement
- PKI disclosure statement
- The terms & conditions in Dutch
- The terms & conditions in English
- The product conditions in Dutch
- The product conditions in English
- Other public outings by Cleverbase
2. Costs related to using the service
There are no costs related to registering for and holding a certificate for Users, nor for using trust services.
3. What should you expect from us as a User?
You can expect several things from us related to, the issuance and management of Certificates and the availability of our trust services.
3.1 Certificates
Vidua uses Certificates for creating electronic signatures and login. For each person, Vidua creates one or more Certificates. The Dutch government and the European Union impose strict rules on the issuance of Certificates. This entails obligations both for us as Vidua and for you as a user. Vidua complies with the obligations it has imposed on itself in its internal procedures. It also undertakes this towards its Users and the parties who rely on the certificates issued and managed by Vidua.
In its Certification Practice Statement (CPS), Vidua describes how she adheres to the applicable laws and regulations for Certificate issuance. In its Identity Proofing Service Practice Statement (IPSPS), Vidua describes how it adheres to the relevant laws and regulations for identity proofing services. Vidua reserves the right to change its Certification Practice Statement, its Identity Proofing Service Practice Statement, or the procedures thererin. In doing so, Vidua will always ensure that these procedures remain in line with the applicable laws and regulations.
For the purpose of certificate issuance, Vidua collects and retains some data about you as user. You can find more information about this in our Certification Practice Statement, Identity Proofing Service Practice Statement, and Privacy Statement.
3.2 Availability of services
The availability of the services concerning the issuance, use, and revocation of Certificates, is described in the Certification Practice Statement. The availability of the services concerning registration for the purpose of Certificate issuance, is described in the Identity Proofing Practice Statement.
4. What do We expect from you as a User?
4.1 Correct and complete information
Upon request by Vidua, the Certificate Holder will provide all the information necessary to execute the certificate service. The Certificate Holder will provide documented evidence in support of this information within fourteen days.
If any information in the certificate is incorrect or is no longer correct because of a change, the Certificate Holder shall immediately inform Vidua of this situation.
4.2 Continuity of use
After expiration of the validity of the certificate, the certificate can no longer be used. As Certificate Holder, you are responsible for the timely renewal of Certificates. As a Certificate Holder cannot derive any rights from an internal policy, Vidua will inform the Certificate Holder about the expiration of the certificate at the end of the validity period.
You are also responsible for emergency replacement if the key material is compromised or some other calamity occurs.
4.3 Revocation and correct use
The User prevents improper use of the Certificate. A Certificate is issued for a predetermined purpose. The purposes for which Vidua issues Certificates, are described in its Certification Practice Statement. As a User, you may not use the Certificate for any purpose other than that for which the Certificate was issued.
The User ensures that no unauthorized or unlawful use is made of the services or certificates. In any case, she ensures that no action is taken in violation of the law or regulations, that no criminal offenses are committed or assisted in, and that no damage is caused to Vidua, its reputation or integrity. This entails that the User takes reasonable measures to:
- ensure the confidentiality of the PIN, including at least:
- preventing someone else from viewing the entry of the PIN,
- not writing down the PIN
- not providing the PIN to another person;
- ensure confidentiality of the use of the Vidua app.
You, as the Certificate Holder, will cease the use of the certificate and revoke it as soon as possible if:
- the key material might have been compromised,
- the PIN may have been compromised,
- you no longer have access to the key material yourself (for example: you have lost your mobile phone),
- the information in the certificate is not or no longer correct, or
- there is any other reason that justifies revocation of the certificate.
There are also situations in which Vidua is forced to revoke Certificates. These situations are described in the Certification Practice Statement.
After revocation of a Certificate, a new registration will allow the use of services to be resumed.
4.4 Other rules regarding the services and Certificates
A certificate is not designated as an identity document in the Dutch Compulsory Identification Act (Wid). Therefore, it can not be used to identify persons in cases where the law requires that the identity of the person in question is known and is established by means of a document designated in the Compulsory Identification Act (Wet op de identificatieplicht). Perhaps superfluously, it follows that a certificate may not be used in the provision of government services where the law requires the identity of persons with a document designated in the Dutch Compulsory Identification Act.
4.5 Relying party
When the relying party verifies the certificate status, it will have to verify the electronic signature and the corresponding certification path. There are several ways to verify a certificate status. In its Certification Practice Statement, Vidua describes how the certificate status can be verified for the different Certificates it issues. Additionally, a relying party should be aware that in order to rely on a Certificate as being a Qualified EU Certificate, the CA (trust anchor) used to validate the certificate should be identified in a digital service ID of the EU Trust List with the service type ID (https://uri.etsi.org/TrstSvc/Svctype/CA/QC/)[https://uri.etsi.org/TrstSvc/Svctype/CA/QC/]. ETSI TS 119 615 offers guidelines for relying parties who want to validate Certificates against the EU trust services.
Furthermore, it is recommended that the relying party is aware of the limitations of the use of the certificate, as can be derived from the certificate itself and from the Certification Practice Statement.
5. Quitting the use of Vidua?
You may decide to no longer be a User of these services. The services you are using from Vidua and for which you have entered into a subscription agreement with us can be terminated. You can submit your termination request by email.
5.1 Termination by Vidua
If a certificate is revoked by Vidua, then your subscription agreement as a User with Vidua will remain in force and effect. Vidua retains the right to terminate your use of services for reasons mentioned in paragraph 7.3 of the terms and conditions.
6. Modification of product conditions
Vidua may be required to change its services or parts of its services, for example because of new laws or regulations, to offer continued availability, or for improvement of those services. It is Vidua’s policy that for you as a User, the Product Conditions that you initially accepted when you started using our services, remain valid. Therefore, Vidua aims only to change its services within the framework of the Product Conditions that you have explicitly accepted. In the exceptional case that Vidua has to make a change that will cause a change in the Product Conditions for you as a User, you will be informed of this change in advance through the website www.vidua.nl. The changes will then go into effect 30 calendar days after Vidua has informed you, for all the current subscription agreements and for all the services still obtained by you.
When certain conditions or agreements in these Product Conditions are not valid or can be destroyed, then this does not affect the validity of the other conditions and agreements described here. For the condition or agreement that is then no longer valid, Vidua shall have the right to propose a new condition and agreement that approaches the content and purport of the previous agreement as much as possible.
Deviation from these conditions is only possible if Vidua confirms this in writing prior to acceptance. What is then agreed upon in writing between Vidua and the User, and deviates from what has been determined here, will prevail. The remaining conditions, from which no deviation is agreed, will remain in force and effect.
