Aller directement au contenu principal

TERMS OF USE – EU ADVANCED SIGNATURE WITH DOCUSIGN ID VERIFICATION

This Terms of Use was last updated on March 2, 2019.

If an agreement exists between You and DocuSign for the use of EU Advanced Signature with DocuSign ID Verification (“Agreement”), then, in the event of any inconsistency or conflict between this Terms of Use and the Agreement, the Agreement shall control with respect to EU Advanced Signature with DocuSign ID Verification.

This Terms of Use (“GTU”) defines the legal terms concerning the acquisition and use by you (“Signer,” “You,” and “Your”) of the Service and associated Certificate delivered via the Service from DocuSign France SAS, having its registered offices at Immeuble Central Park, 9-15 rue Mauric Mallet, 92130 Issy-les-Moulineaux, France registered to the registry of companies under the number 812 611 150 (R.C.S. Nanterre), and the respective obligations of the Customer and You.

By accepting this GTU or by clicking a box indicating your acceptance of this GTU, You agree to be bound by the terms of this GTU as of the date of Your accepting this GTU (“Effective Date”). Certificates are generated and managed in the context of the online advanced electronic signature service provided by DocuSign to the Customer. 

1. DEFINITIONS

“Certificate(s)” means the Certificate generated by the CA via the Service for a Signer, which attests the unique link between the Signer Information and a Public Key. The Public Key is uniquely associated with a Private Key managed by DocuSign France. In this case, the term “Certificate” means the certificate for electronic signature, as defined in Article 3-14 of eIDAS, generated by DocuSign France to the benefit of a Signer.

“Certification Authority” (or “CA”) is DocuSign France, the authority that generates Certificates and manages the Certificate lifecycle (e.g., issuance, renewal, revocation) on the request of the Registration Authority, in accordance with the rules and practices defined in its Certificate Policy(ies) and the associated Certification Practice Statement.

“Certificate Policy(ies)” (or “CP”) means the set of rules published by the CA. A Certificate Policy describes the general characteristics of the Certificates as well as the obligations and responsibilities of the CA, the RA, Signers, Certificate requesters and any other PKI component involved in the management of a Certificate lifecycle. The Certificate Policy(ies) of DocuSign and its(their) successive update(s) can be accessed on DocuSign’s website (https://www.docusign.fr/societe/certification-policies), and are an integral part of this GTU. For the purposes of this GTU, the applicable OID is 1.3.6.1.4.1.22234.2.14.3.33.

“Consent Protocol” means the procedure within the Service accessible via DocuSign Signature by which You consent to receive a Certificate with the Signer Information, to accept signing the eDocument via the Service, and to accept signing this GTU.

 “Customer(s)” means any legal entity or person(s) authorized as a DocuSign customer to use the Service that delivers an eDocument(s) to be signed by a Signer via the Service. The Customer, as described herein, is distinguishable from You as the Signer.

“DocuSign ID Verification” (or the “IDV Service”) means the DocuSign Service which provides identification verification services to parties executing eDocuments using DocuSign Signature.  The IDV Service allows a Customer to verify the identity of a Signer prior to Signer executing an eDocument sent by Customer through DocuSign Signature.

“DocuSign France” (or “DSF”) means DocuSign France SAS, an Affiliate of DocuSign.

“DocuSign Signature” means DocuSign’s on-demand electronic signature service, which provides online display, certified delivery, acknowledgement, electronic signature, and storage services for eDocuments via the Internet.

“eDocument(s)” mean(s) a document(s) in electronic form sent to the Service by Customer via DocuSign Signature in order to be signed by one or several Signer(s). The eDocument may also be signed by other signatories with a different level of security for the signature (basic, advanced or qualified).

“Private Key” means a mathematical key, associated to the Public Key, that is secret, uniquely contained within a hardware security module (HSM), and remotely activated by the Signer to sign eDocuments. For the purposes of this GTU, the Private Keys are generated for only the purpose of a single Transaction and are erased after the completion of such Transaction.

“Registration Authority” (or “RA”) is DocuSign, the entity that registers requests for the issuance of Certificates. The RA collects Signer Information to verify the name of the Signer and to constitute evidence of the Signer’s identity. The RA interacts directly with the CA and uses DocuSign Signature to interact with the Signer. 

“Signer(s)” means any individual who signs eDocuments with the Service. 

“Signer Information” means the personal data (including full name and email address) used to identify a Signer.

“Service” means the DocuSign EU Advanced Signature which, when used with the IDV Service, allows Signers to use DocuSign Signature to: (a) verify Signer identification and; (b) digitally sign eDocuments.

“Transaction(s)” means the performance of a signature process, defined by a set of eDocuments submitted for electronic signature, by one or more Signers via DocuSign Signature.

2. PROCEDURE FOR REQUESTING CERTIFICATES VIA THE SERVICE.

2.1 You are informed and You accept that DocuSign France, following the execution of the identification verification through the IDV Service and Consent Protocol, generates a Certificate, with associated Private and Public Key, and the signature necessary to establish a signed and time-stamped eDocument.   

2.2 You are informed of and you accept that  

  • (a) You may view an eDocument transmitted by Customer to You via DocuSign prior to signing such   eDocument using the Consent Protocol;   

  • (b) Before the Customer permits You to sign an eDocument sent by such Customer, the Customer will require You to verify Your identity by way of the IDV Service; 

  • (c) You will select a method of identification to be verified by the IDV Service.  Upon the verification of Your Signer Information by the IDV Service, the RA shall present the Consent Protocol to You to enable You to continue with the signing process. You may accept or refuse to sign the eDocument and this GTU via DocuSign Signature through the Consent Protocol interface;  

  • (d) In the event your identity is verified through the IDV Service, a dedicated signing Private Key is uniquely generated and securely assigned to You for the duration of the eDocument and GTU signature transaction. The Private Key is generated, stored and destroyed upon the completion of the Transaction so that it cannot be used for any other Transaction. The Private Key is associated with a Certificate, generated by the CA, and contains Your Signer Information;

  • (e)  In the event of a successful Transaction, the Certificate is assigned to You to evidence your digital signature of the eDocument; and

  • (f)  Once signed, the eDocument can be downloaded from DocuSign Signature by the Customer and Signer immediately after the signature process. You will receive an email after completion of the Transaction giving you access to the signed eDocuments.

3. CERTIFICATE ISSUANCE.

You must verify the content of the information in the Certificate (including the "subject" field of the Certificate, which contains Your complete first and last name) which is presented to You through the Consent Protocol. In case of any problem with the Certificate content, You shall immediately cancel the signature operation and inform the Customer. 

4. CERTIFICATE PUBLICATION.

The Certificate is not published by the CA or the RA. The Certificate is contained in the signed eDocument.

5. CERTIFICATE PERIOD OF VALIDITY.

Certificates shall be valid for five (5) minutes.  Upon expiry of this Certificate period of validity, the signatures of eDocuments may be verified with verification software, notably in order to verify that at the eDocument time of signature, the Certificate was valid at the moment of the signature.  

6. EFFECTIVE DATE.

The GTU shall take effect from the Effective Date, coinciding with the Certificate request date.

7. OBLIGATIONS OF SIGNER. 

By accepting this GTU, You acknowledge and agree to:

  • (a) Ensure the security and confidentiality of the activation data (e.g., password, OTP code, passport or any valid government ID document) You use as part of the authentication process within the Service;

  • (b) Be in possession of any activation data requested by the IDV Service ;  

  • (c) If applicable, ensure the security and confidentiality of any authentication credential provided by the Customer in order for You to use the Service;

  • (d) If applicable, ensure the security and confidentiality of any links you receive to access the Service;

  • (e) Verify the authenticity and accuracy of Signer Information presented to You through the Consent Protocol and contained in the Certificate; and 

  • (f) Provide a valid copy of Your official ID document when requested within the Service.

8. LIMITATIONS OF LIABILITY.

DocuSign's sole liability to You shall be for direct and foreseeable damages in case of breach of its statutory obligations. Any other liability arising from or related to the use of the Service, including without limitation any liability related to the use of the Public Keys, Private Keys, the Certificates and/or the eDocuments contents shall fall to the Customer, and is subject to the terms agreed between You and the Customer.

9. FORCE MAJEURE.

Neither party shall be liable for any non-fulfilment or delay in the fulfilment of one or more obligations under this GTU due to a case of force majeure as defined under Article 1218 of the French Civil Code.

10. PROTECTION OF PERSONAL DATA.

The personal data collected from Signer by DocuSign France and DocuSign, acting as CA and RA respectively, is processed for the sole purposes of (a) authentication and identification of the Signer, (b) creation of the Signer Information filled in the Certificate, and (c) authentication of the Signer during the Consent Protocol. Your personal data is stored for the sole purposes of (i) creation of the Signer Information filled in the Certificate, (ii) authentication of the Signer during Consent Protocol, and (iii) fulfilling DocuSign France’s obligations as a CA, including creation of the Proof File. 

DocuSign and DocuSign France process Your personal data in accordance with applicable French and European law and regulations regarding personal data and privacy protection and You, as Signer, have the right to access and rectify your personal data and to oppose the processing of your personal data on legitimate grounds in accordance with DocuSign’s Privacy Policy.

Any opposition to the retention of Your personal data shall prevent the issuance of a Certificate. Your personal data may also be retained by the Customer. The Customer defines its own personal data retention period, depending on the legal requirements regarding the eDocuments.

11. INTELLECTUAL PROPERTY.

You acknowledge and agree that DocuSign shall retain all intellectual property rights (patents, registered trademarks and other rights) for the elements comprising the Service as well as the documentation, concepts, techniques, inventions, processes, software or work performed in connection with the Certificates and related services made available by DocuSign, irrespective of the form, programming language, program medium or language used. This GTU does not confer to You any intellectual property rights with regard to the Certificates, the Service and any related services. 

12. GOVERNING LAW.

12.1 If You are acting for professional purposes, the following paragraph shall apply to You: This GTU and any disputes or claims arising out of or in connection with it or its subject matter or formation are governed by and construed in accordance with the law of France. Each party irrevocably agrees that the commercial courts of Paris shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this GTU or its subject matter or formation. The provisions of the 1980 U.N. Convention on Contracts for the International Sale of Goods are expressly excluded and do not apply to this Agreement. Any legal action arising under this GTU must be initiated within two (2) years after the cause of action arises. 

12.2 If You are not acting for professional purposes, this paragraph shall apply to You to the exclusion of the above paragraph: this GTU and any disputes or claims arising out of or in connection with it or its subject matter or formation are governed by and construed in accordance with the law of France. The French courts as identified by the applicable rules for jurisdiction where a consumer is a party to a dispute shall have exclusive authority to settle any dispute or claim arising out of or in connection with this GTU or its subject matter or formation. 

13. CUSTOMER SUPPORT.

The Customer is responsible for providing You with any technical support, and will address any request in accordance with the support service terms and conditions agreed to between the Customer and DocuSign.

14. WAIVER.

The waiver by either party of any breach of any provision of this GTU does not waive any other breach. The failure of any party to insist on strict performance of any covenant or obligation in accordance with this GTU will not be a waiver of such party’s right to demand strict compliance in the future, nor will the same be construed as a novation of this GTU.

15. SEVERABILITY.

If any part of this GTU is found to be illegal, unenforceable, or invalid, the remaining portions of this GTU will remain in full force and effect, unless such unenforceable or illegal provision was an essential obligation of DocuSign, in which case, this GTU will terminate automatically.  

16. MODIFICATION OF GTU.

DocuSign shall have the right to change, modify, or amend any portion of this GTU at any time by posting sufficient prior notification on the DocuSign website or otherwise communicating the notification to You to the sole extent that it implies a substantial modification of the GTU. The changes will become effective after expiration of the notification period, and shall be deemed accepted by You if You continue using the Service after such period. In the event that You do not agree with any such modification, You shall discontinue Your use of the Service. 

17. ENTIRE AGREEMENT.

This GTU, which includes the language and paragraphs preceding Section 1, is the final, complete, and exclusive expression of the agreement between these parties regarding the Service provided under this GTU. This GTU supersedes, and the parties disclaim any reliance on, all previous oral and written communications (including any confidentiality agreements pertaining to the Service under this GTU, representations, proposals, understandings, and negotiations with respect to the matter hereof) and apply to the exclusion of any other terms that You seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing. 

18. LANGUAGES AND TRANSLATIONS.

DocuSign may provide translations of this GTU or other terms or policies. Translations are provided for informational purposes and if there is an inconsistency or conflict between a translation and the French version, the French version will control.