Purpose of the service
Direct message exchange (hereafter referred to as the service) is an electronic service of Finnish Customs. In direct message exchange, the data system of the customer can send messages to the Customs systems over the Internet and retrieve response messages produced by Customs systems. The service requires that the customer has been registered as a customer of direct message exchange by Customs and that the customer uses certificate services approved by Customs.
The user’s obligations and responsibility
The customer is responsible for the accuracy of the data he or she sends to the service as well as for the integrity and reliability of the messages. Unrelated messages or messages or traffic that could overload the service or compromise the data security of the service shall not be sent to the service.
The customer may not provide any misleading information regarding his or her company.
The customer is responsible for the data security of his or her own data, systems and connections. The customer is also responsible for the data security of the systems and connections of any third party (service provider) he or she uses. The customer must see to that the service provider’s service level is sufficient and that it is described in the agreement that the customer signs with the service provider.
Authentication to the service and the use of an electronic XML signature for signing the data contents sent to the service requires a server certificate. The customer is responsible for the use and renewal of the server certificate. In particular, the customer is responsible for keeping the private key for the server certificate secret.
The customer is responsible for all transactions and actions performed using his or her server certificate as for his or her own, as well as for the costs arising from the use of the server certificate. This responsibility extends until the customer has put his or her server certificate on the revocation list maintained by the producer of the certificate service and has notified Customs of the revocation of the certificate.
Some of the functions used via the service may require a user ID and/or a password. The customer is responsible for keeping his or her unique user ID secret and for any use under the user ID. The customer shall immediately inform Customs if the user ID and the password have been lost or revealed to a third party. The customer is responsible for all the costs arising from the use of his or her user ID until he or she has notified Customs that the user ID has been lost or revealed to a third party and Customs has acknowledged the receipt of this notification.
The obligations and responsibility of Customs
Customs is responsible for the data security of the service concerning the systems owned by Customs and the systems of third parties used in the production of the service.
All collected data is stored in accordance with legislation in force. By various administrative and technical measures, Customs aims to prevent and minimise threats of unauthorised access to data, misuse of data and inaccuracies in data.
When using the service, the customer should be aware of the fact that no IT system is completely secure against misuse and that there are always risks involved when data is sent and processed, regardless of how the data is collected and processed.
Customs is not liable for any loss of data or delays caused by interruptions or disruptions in the system and will not compensate the customer for any inconvenience, costs or indirect damages caused by interruptions in the service.
Customs is not liable for the actions of the service provider chosen by the message declarant. Furthermore, using a service provider will not affect the message declarant’s responsibilities in relation to Customs.
Customs is not liable for any third party material linked to the Customs website or to any material otherwise published by a third party.
Customs provides information of its services on its website or at the customs offices.