“Certificate(s)” mean(s) an electronic file issued by the CA and which attests the link between the Signer identity and the Public Key of the person associated with the Private Key of the Signer managed by DocuSign. In this case, the term “Certificate” means the Certificate generated by DocuSign to the benefit of a Signer, and used for electronic signature by that Signer, via the Service, of an eDocument addressed thereto by a Customer. Each Certificate contains information such as the Signer Identity, the Public Key of the Signer, the term of the Certificate, the identity of the RA, and the signature of the issuing CA.
“Certificate Policy(cies) (CP)” means the set of rules identified by an OID (unique identifier) and published by the CA, describing the general characteristics of the Certificates it delivers. This document describes the obligations and responsibilities of the CA, the RA, the users of Certificates and all the PKI components involved in the overall lifecycle of a Certificate. The applicable version of the DocuSign CP can be viewed at the following address: www.docusign.fr/societe/certification-policies, and includes the successive versions published on this site.
“Certification Authority (or CA)” means one of the Public Key Infrastructure (PKI) authorities generating Certificates under the RA’s request and managing the Certificate lifecycle in accordance with the rules and practices defined in its Certificate Policy. In this case, DocuSign is the CA.
“Consent Protocol” means the procedure according to which You consent to receive a Certificate with the Signer Identity, to accept signing the eDocument via the Service and to accept this GTU collected via the DocuSign Signature application.
“Customer(s)” means any legal entity or person(s) authorized as a DocuSign customer to use the Service that delivers a(n) eDocument(s) to be signed to the Signer via the Service. The Customer is itself or is in a contractual relationship with the Registration Authority, and has been delegated the responsibility to manage the identity verification of a Signer and of the signature process of the eDocument by a Signer. The Customer, as described herein, is distinguishable from You as the Signer.
“DocuSign Signature” means DocuSign France on-demand electronic signature service, which provides online display, certified delivery, acknowledgement, electronic signature, and storage services for eDocuments via the Internet. The Customer connects itself to the Service in order to produce the eDocuments and present them to Signatories for signature.
“eDocument(s)” mean(s) a document(s) in electronic form that is deposited by the Customer via the Service and submitted to the RA via the DocuSign Signature application in order to be signed by the Signatory. The eDocument may also be signed by other signatories and by the Customer.
“Private Key” means a mathematical key, associated to the Public Key that is uniquely contained within a certified hardware cryptographic module and remotely activated by the Signer to sign eDocuments.
“Public Key” means a mathematical key that is made public and is used to verify the electronic signature of an eDocument signed with a Private Key.
“Registration Authority (or RA) or Customer” means one of the entities of the PKI approved by the CA, in order to register the Certificates issuance requests, renewal and revocation to validate or reject them. Additionally the RA collects the Signer’s identity information and verifies the identity of Signers in accordance with the rules and practices defined in its applicable Certificate Policy. Unless otherwise agreed between DocuSign and the Customer, the RA is the Customer.
“Service” means all of the services provided by DocuSign as mentioned under this GTU, and particularly to enable the issuance and use of the Certificate and associated Private Key in order to permit the signature of an eDocument in accordance with the Consent Protocol.
“Signer(s) (or Signatory)” mean(s) any individual who uses the Service at the Customer’s request in order to sign the eDocument(s) that is prepared by the Customer and at the request of the Customer presented via the Service thereto after giving his/her/their consent according the Consent Protocol.
“Signer Identity” means the electronic identity built by the RA by using the data collected by the RA from the Signer as well as data defined by RA. This identity contained in the Certificate permits identifying a Signer. The Signer’s identity is registered and verified by the RA before the signature transaction being performed by the Signer.
2. PROCEDURE FOR REQUESTING CERTIFICATES VIA THE SERVICE
2.1 You are informed and You accept that DocuSign, following the execution of the Consent Protocol, generates the signature necessary to establish a signed and time stamped eDocument.
2.2 And to that extent that:
- (a) Your identity is verified by the RA and then registered in DocuSign Signature.
- (b) The information to contact and authenticate You (email, telephone number, or other authentication method) required for the Consent Protocol is verified by the RA and then registered in the Service.
- (c) A signing Private Key is uniquely and in a secure way assigned to You for the duration of the eDocument signature transaction. The Private Key is generated, stored and destroyed after the signature transaction in a way that it cannot be used for any other transaction.
- (d) A Certificate is assigned to You in order to prove that the eDocument is effectively signed by You;
- (e) You execute the Consent Protocol presented by the Service in order to indicate Your acceptation or refusal to sign the eDocument.
- (f) Once signed, the eDocument can be downloaded from DocuSign Signature by You and the Customer immediately after the signature process.
3. CERTIFICATE ISSUANCE
You must verify the content of the information to be set in the Certificate (primarily the "subject" field of the Certificate, which contains Your complete First and Last Name of You as the Signer) which are presented to You through the Consent Protocol. In case of any problem with the Certificate content, You shall immediately report it to the Customer.
4. CERTIFICATE PUBLICATION
The Certificate is not published by the CA or the RA. The Certificate is contained in the signed eDocument.
5. CERTIFICATE PERIOD OF VALIDITY
Certificates shall be valid for five (5) minutes. Said period shall begin on the date the Certificate is created by the CA. Upon expiry of this Certificate period of validity, the signatures of eDocuments may be verified with the verification software indicated by the Customer (usually Adobe Reader), notably in order to verify that on the eDocument date of signature, the Certificate was valid.
6. EFFECTIVE DATE AND DURATION
The present GTU shall take effect from the Effective Date, coinciding with the Certificate request date and shall apply during the archiving period of the eDocuments.
7. OBLIGATIONS OF SIGNER
By accepting this GTU, You acknowledge and agree to:
- (a) Ensure the security and confidentiality of the activation data (e.g. password) which You shall use to sign the eDocument.
- (b) If applicable, ensure the security and confidentiality of the login and password provided by RA in order to use Your dedicated area in the DocuSign Signature application.
- (c) Verify the content of the Certificate and alerting RA in case of issue noticed on such content.
- (d) Verify the authenticity and accuracy of the information relative to the Signer Identity presented by DocuSign during the Consent protocol and contained in the Certificate.
8. LIMITATIONS OF LIABILITY
DocuSign acts on behalf and in the name of the Registration Authority both as a service provider and as a Certification Authority subject to legal and regulatory obligations. As a Certification Authority, DocuSign's sole liability towards You shall be for direct and foreseeable damages in case of breach of its statutory obligations. Any other liability arising from the use of the Service, including without limitation any liability related to the use of the Public and Private Keys, the Certificates and/or the eDocuments contents shall fall to the Registration Authority and is subject to the terms agreed between You and the Registration Authority.
9. FORCE MAJEURE
Neither party shall be liable for any non-fulfilment or delay in the fulfillment of one or more obligations under this GTU due to a case of force majeure as defined under article 1218 of the French civil code.
10. PROTECTION OF PERSONAL DATA
The personal data collected from Signer by Customer, acting as RA, is processed by the Customer for the sole purposes of (a) authentication and identification of the Signer, (b) creation of the Signer Identity filled in the Certificate and (c) authentication of the Signer during Consent Protocol. Your personal data is stored for the sole purposes of (i) creation of the Signer Identity filled in the Certificate and (ii) authentication of the Signer during Consent Protocol.
Any opposition to the retention of Your personal data shall prevent the issuance of a Certificate. Your personal data are also retained by the Certification Authority, as per the RA request. The RA defines its own personal data retention period, depending on the legal requirements as regard to the eDocuments.
11. INTELLECTUAL PROPERTY
You acknowledge and agree that DocuSign shall retain all intellectual property rights (patents, registered trademarks and other rights) for the elements comprising the Service as well as the documentation, concepts, techniques, inventions, processes, software or work performed in connection with the Certificates and related Services made available by DocuSign, irrespective of the form, programming language, program medium or language used. This GTU does not confer to You and/or Customer any intellectual property right with regard to the Certificates and the related Services.
12. GOVERNING LAW
12.1. If You are acting for professional purposes, the following paragraph shall apply to You: This agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation are governed by and construed in accordance with the law of France. Each party irrevocably agrees that the commercial courts of Paris shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation. The provisions of the 1980 U.N. Convention on Contracts for the International Sale of Goods are expressly excluded and do not apply to this Agreement. Any legal action arising under this Agreement must be initiated within two years after the cause of action arises.
12.2. If You are not acting for professional purposes, this paragraph shall apply to You to the exclusion of the above paragraph: this Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation are governed by and construed in accordance with the law of France. The French courts as identified by the applicable rules for jurisdiction where a consumer is a party to a dispute shall have exclusive authority to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation.
13. CUSTOMER SUPPORT
The Customer is responsible to provide You the technical support which could be necessary and to deal with any request in this respect in accordance with the support service terms and conditions agreed between the Customer and DocuSign.
The waiver by either party of any breach of any provision of this GTU does not waive any other breach. The failure of any party to insist on strict performance of any covenant or obligation in accordance with this GTU will not be a waiver of such party’s right to demand strict compliance in the future, nor will the same be construed as a novation of this GTU.
If any part of this GTU is found to be illegal, unenforceable, or invalid, the remaining portions of this GTU will remain in full force and effect, unless such unenforceable, illegal or illegal provision was an essential obligation of DocuSign, in which case, these GTU will terminate automatically.
16. MODIFICATION OF GTU
DocuSign shall have the right, to change, modify, or amend any portion of this GTU at any time by posting sufficient prior notification on the DocuSign website or otherwise communicating the notification to You to the sole extent that it implies a substantial modification of the GTU. The changes will become effective after expiration of the notification period, and shall be deemed accepted by You if You continue using the Service after such period. In the event that You do not agree with any such modification, You shall discontinue Your use of EU Advanced Signature.
17. ENTIRE AGREEMENT
This GTU, which includes the language and paragraphs preceding Section 1, is the final, complete, and exclusive expression of the agreement between these parties regarding the EU Advanced Signature provided under this GTU. This GTU supersedes, and the parties disclaim any reliance on, all previous oral and written communications (including any confidentiality agreements pertaining to EU Advanced Signature under this GTU, representations, proposals, understandings, and negotiations with respect to the matter hereof) and apply to the exclusion of any other terms that You seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing.
18. LANGUAGES AND TRANSLATIONS
DocuSign may provide translations of this GTU or other terms or policies. Translations are provided for informational purposes and if there is an inconsistency or conflict between a translation and the French version, the French version will control.