Proof File: means a file generated and signed by DocuSign France at the time of signature of the Document that contains the information related to the authentication of the Signer, the process of signature of the Document and all operations performed on the Document. A dedicated Proof File is associated to each signed Document in order to ensure the proof and the traceability of the electronic signature operation in case of legal proceeding.
Certificate(s): means an electronic file issued by CA and which attests the link between the Signer identity and the Public Key of the person associated with the Private Key of the Signer managed by DocuSign France. In this case, the term “Certificate” means the Certificate generated by DocuSign France to the benefit of a Signer, and used for electronic signature by that Signer, via the Service, of an Document addressed thereto by a Client. Each Certificate contains information such as the Signer Identity, the Public Key of the Signer, the term of the Certificate, the identity of the RA, and the signature of the issuing CA.
Certification Policy (CP): mean the set of rules identified by an OID (unique identifier) and published by the CA, describing the general characteristics of the Certificates it delivers. A Certificate Policy describes the obligations and responsibilities of the CA, the RA, the users of Certificates and all the PKI components involved in the overall lifecycle of a Certificate. The applicable version of the DOCUSIGN FRANCE CP can be viewed at the following address: https://www.opentrustdtm.com/pc/, and includes the successive versions published on this site.
Certification Authority (or CA): means one of the Public Key Infrastructure (PKI) authorities generating Certificates under the RA’s request and managing the Certificate lifecycle in accordance with the rules and practices defined in its Certificate Policy. In this case, DocuSign France is the CA.
Client: means any legal entity that proposes a Document to be signed by the Signer via the “PROTECT & SIGN VIA DOCUSIGN” Service.
Document(s): mean(s) the document under electronic form that is elaborated by the Client and submitted to DocuSign in order to be signed by the Signatory/ies.
Signer Identity: means the identity built by the CA by using the data collected by the RA from the Signer as well as data defined by RA. This identity contained in the Certificate permits authenticating a Signer.
Platform: means the DocuSign DTM (Document Transaction Management) platform to which the Client connects itself in order to produce the Documents and present them to Signatories for signature.
Private Key: means a mathematical key, associated to the Public Key, that is uniquely contained within a certified hardware cryptographic module and remotely activated by the Signer to sign Documents.
Public Key: means a mathematical key that is made public and is used to verify the electronic signature of a Document signed with a Private Key
Registration Authority (or RA): means one of the entities of the PKI approved by the CA, in order to register the Certificates issuance requests, renewal and revocation to validate or reject them. Additionally, the RA collects the Signer’s identity information and verifies the identity of Signers in accordance with the rules and practices defined in its applicable Certificate Policy. The RA is the Client.
Service: means all of the services provided by DocuSign France as mentioned under this GTU, and particularly to enable the issuance and use of the Certificate and associated Private Key in order to permit the signature of a Document in accordance with the Consent Protocol.
Signature and Proof Management Policy (SPMP): means the document describing the technical processes used for the signature of Documents via the Platform by the RA and one or more Signers, in accordance with the Consent Protocol, and the creation and archiving of the Proof Files during the use of the Service. The SPMP applicable to Certificates and its successive updates can be accessed on the DocuSign France website, https://www.opentrustdtm.com/pc/, and are an integral part of this Agreement.
Signer(s) (or Signatory/ies): mean(s) the individual(s) (i) who log(s) on to DocuSign interface following the Client’s request, (ii) to whom the Client elaborates the Document(s), (iii) to whom the Client presents the Document(s) for signature, and (iv) who sign(s) the Document(s) after giving his/her/their consent according the Consent Protocol. The Signer’s identity is registered and verified by the RA before to the signature transaction performed by the Signer.
Signer Identity: means the electronic identity created by the RA based on the data defined or collected by the RA from the Signer. This identity contained in the Certificate permits identifying the Signatory.
3. PROCEDURE FOR REQUESTING CERTIFICATES VIA THE SERVICE
The Signer is informed and accepts that DocuSign France, following the execution of the Consent Protocol, generates the signature necessary to establish a signed and timestamped Document. To that extent that:
- The identity of the Signer is verified by the RA and then registered in DocuSign platform.
- The information to contact and authenticate the Signer (email, telephone number, or other authentication method) required for the Consent Protocol is verified by the RA and then registered in DocuSign platform.
- A signing Private Key is uniquely and in a secure way assigned to the Signer for the duration of the Document signature transaction. The Private Key is generated, stored and destroyed after the signature transaction in a way that it cannot be used for any other transaction.
- A Certificate is assigned to the Signer in order to permit to proove that the Document is effectively signed by the Signer;
- The Signer executes the Consent Protocol presented by the Service in order to indicate its acceptation or refusal to sign the Document.
- Once signed, the Document can be downloaded from the DocuSign Platform by the Signer and the Client immediately after the signature process.
- DocuSign generates, signs and archives a Proof File associated to the Document signature transaction in the sole purpose of creating the proof of validity of the signature in case of legal proceedings. The duration of archiving of such Proof File is determined by the Client depending on the legal requirements and impact related to the type of Document.
4. CERTIFICATE ISSUANCE
The Signer must verify the contents of the Certificate (primarily the "subject" field of the Certificate, which contains the complete Name and First name of said Signer). In case of any problem with the Certificate content, the Signer shall immediately report it to the Client.
5. CERTIFICATE PUBLICATION
Certificates are published neither by the CA nor by the RA. The Certificate is contained in the signed Document and the Signer identity in the Proof File.
6. CERTIFICATE PERIOD OF VALIDITY
Certificates shall be valid for 5 minutes. Said period shall begin on the date the Certificate is created by the CA. Upon expiry of this Certificate period of validity, the signatures of Documents may be verified with the verification software indicated by the Client (usually Adobe Reader), notably in order to verify that on the Document date of signature, the Certificate was valid.
7. EFFECTIVE DATE AND DURATION
8. OBLIGATIONS OF SIGNER
By accepting to use the GTU, the Signer accepts to be responsible for:
- Ensuring the security and confidentiality of the activation data (e.g. password) which Signer shall use to sign the Document.
- If applicable, ensuring the security and confidentiality of the login and password provided by RA in order to use its dedicated area in the DocuSign Platform;
- Verifying the content of the Certificate and alerting RA in case of issue noticed on such content.
- Verifying the authenticity and accuracy of the information relative to the Signer Identity presented by DocuSign France during the Consent protocol and contained in the Certificate.
9. LIABILITY OF CLIENT
With regard to the Signatory, all liability related to the use of the Service, including without limitation, all liability related to the Platform, the content and the legal requirement and impact of Documents, the Private keys and Public Keys, and the Certificates, falls to the sole Client, as DocuSign France acting only in the name and on behalf of the Client both as service provider and as CA.
10. SUPPORT SERVICE
The Client is responsible to provide the Signatory the technical support which could be necessary and to deal with any request in this respect in accordance with the support service terms and conditions agreed between the Client and DocuSign France.
12. PROTECTION OF PERSONAL DATA
The personal data collected from Signer by Client, acting as RA, is processed by the latter solely for the purposes of (i) authentication and identification of the Signer by the RA, (ii) creation of the Signer Identity filled in the Certificate and (iii) authentication of the Signer during Consent Protocol. The Signer’s personal data are stored solely for the purposes of (i) creation of the Signer Identity filled in the Certificate and (ii) authentication of the Signer during Consent Protocol.
The Client declares to treat personal data in compliance of the French law and the European regulation regarding protection for personal data.
Any opposition to the retention of personal data shall prevent the issuance of a Certificate. By accepting the GTU, the Signer accepts that the CA keeps, under the RA’s request, its personal data for a maximum of 5 years and that the RA keeps its personal data and Proof Files for a minimum of 3 years. The RA defines its own personal data’s retention period based on legal requirements related to the Document.
13. INTELLECTUAL PROPERTY
14. APPLICABLE LAW
In the event of a dispute relating to the performance or interpretation of this GTU, the Parties hereby give express and exclusive competence to French law and to French courts.