Purpose of the Service
Direct message exchange and the arrival ID query interface (hereafter referred to as the service or “services”) are part of the electronic services of Finnish Customs. Using the service requires that the company has been registered as a customer of direct message exchange and uses certificate services approved by Customs.
In direct message exchange, the data system of the customer can send messages to the Customs systems over the Internet and retrieve response messages produced by Customs systems. As the name suggests, direct message exchange is intended for direct message exchange between Customs and the customer. The customer can use a service provider for transmitting or building and transmitting messages.
With the arrival ID interface, Customs’ data system can retrieve details on the consignment to be cleared from the customer’s data system, based on the arrival ID or the consignment note number.
The user’s obligations and liability
The user is obliged to observe the terms and conditions set for the use of the electronic IDs by the party that issued the IDs. Customs is not liable for any errors or misuse due to careless use or safekeeping of the IDs.
The user is responsible for the accuracy of the data he or she sends to the service as well as for the integrity and reliability of the messages. Unrelated messages nor messages or traffic that could overload the service or compromise the data security of the service shall not be sent to the service.
The user may not provide any misleading information regarding his or her company.
The user is responsible for the data security of his or her own data, systems and connections. The user is also responsible for the data security of the systems and connections of any third party (service provider) he or she uses. The user must see to it that the service provider’s service level is sufficient and that it is described in the agreement that the user signs with the service provider.
In direct message exchange, a server certificate is used for identification in the service and when making XML signatures for data contents that are sent to the service. Customs only accepts server certificates from the Digital and Population Data Services Agency (DVV). The VAT number of the customer company must be entered in the field ‘Subject’ as value of the attribute ‘SerialNumber.’
In the interface service of the Arrival ID query a server certificate granted by the Digital and Population Data Services Agency or other accepted server certificate must be used that complies with the eIDAS Regulation (Regulation (EU) No N:o 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services in relation to electronic transactions in the internal market and repealing Directive 1999/93/EC (EU) 910/2014).
The user is responsible for the use and renewal of the server certificate as well as for keeping the private key for the server certificate secret. The user is responsible for all transactions and actions performed using his or her server certificate as for his or her own, as well as for the costs arising from the use of the server certificate. This responsibility extends until the user has put his or her server certificate on the revocation list maintained by the producer of the certificate service and has notified Customs of the revocation of the certificate.
Some of the functions used via the service may require a user ID and/or a password. The user is responsible for keeping the user ID secret and for any use of the ID. The user shall immediately inform Customs if the user ID and the password have been lost or revealed to a third party. The user is responsible for all the costs arising from the use of his or her user ID until he or she has notified Customs that the user ID has been lost or revealed to a third party and Customs has acknowledged the receipt of this notification.
Customs’ obligations and liability
Customs is responsible for the data security of the service concerning the systems owned by Customs and the systems of third parties used in the production of the service.
All collected data is stored in accordance with legislation in force. By various administrative and technical measures, Customs aims to prevent and minimise threats of unauthorised access to data, misuse of data and inaccuracies in data.
When using the service, the user should be aware of the fact that no IT system is completely secure against misuse and that there are always risks involved when data is sent and processed, regardless of how the data is collected and processed.
Customs reserves the right, without prior notice, to change the layout, the content, the accessibility and the services of the service, or to withdraw the service. Customs also reserves the right to suspend the provision of the service during times when it is being serviced or updated. Customs informs of disruptions or interruptions in the service or of withdrawal of the service well in advance when possible, to minimise the damage to the user of the service.
Customs is not liable for any loss of data or delays caused by interruptions or disruptions in the system and will not compensate the user for any inconvenience, costs or indirect damages caused by interruptions in the service.
Customs is not liable for the actions of the service provider chosen by the message declarant. Furthermore, using a service provider will not affect the message declarant’s responsibilities in relation to Customs.
Customs is not liable for any third party material linked to Customs’ website or for any material otherwise published by a third party.
Customs provides information of its services on its website or at the customs offices.