TERMS OF USE – DOCUSIGN EU ADVANCED SIGNATURE SIGNER CERTIFICATE

This Terms of Use was last updated on June 26, 2018.

If an agreement exists between You and DocuSign for EU Advanced Signature (“Agreement”), then, in the event of any inconsistency or conflict between this Terms of Use and the Agreement, the Agreement shall control with respect to DocuSign EU Advanced Signature.

This Terms of Use ("General Terms of Use" or “GTU”), forms a legal agreement between You signing with a Certificate (“Signer,” “You,” and “Your”) and These GTU is made between DocuSign France SAS, Immeuble Central Park, 9-15 rue Maurice Mallet, 92130 Issy-les-Moulineaux, France (“DocuSign”), and define the legal terms concerning the acquisition and use by You of the Certificate delivered by DocuSign and the respective obligations of the Customer and You. By clicking a box You indicate Your acceptance of this General Terms of Use and You agree to be bound by the terms of this GTU as of the date of Your acceptance (“Effective Date”). Certificates are generated and managed in the context of the online electronic signature service provided by DocuSign.

1. DEFINITIONS

“Certificate(s)” mean(s) an electronic file issued by the CA and which attests the link between the Signer identity and the Public Key of the person associated with the Private Key of the Signer managed by DocuSign.  In this case, the term “Certificate” means the Certificate generated by DocuSign to the benefit of a Signer, and used for electronic signature by that Signer, via the Service, of an eDocument addressed thereto by a Customer. Each Certificate contains information such as the Signer Identity, the Public Key of the Signer, the term of the Certificate, the identity of the RA, and the signature of the issuing CA.

“Certificate Policy(cies) (CP)” means the set of rules identified by an OID (unique identifier) and published by the CA, describing the general characteristics of the Certificates it delivers. This document describes the obligations and responsibilities of the CA, the RA, the users of Certificates and all the PKI components involved in the overall lifecycle of a Certificate. The applicable version of the DocuSign CP can be viewed at the following address: www.docusign.fr/societe/certification-policies, and includes the successive versions published on this site.

“Certification Authority (or CA)” means one of the Public Key Infrastructure (PKI) authorities generating Certificates under the RA’s request and managing the Certificate lifecycle in accordance with the rules and practices defined in its Certificate Policy. In this case, DocuSign is the CA. 

“Consent Protocol” means the procedure according to which You consent to receive a Certificate with the Signer Identity, to accept signing the eDocument via the Service and to accept this GTU collected via the DocuSign Signature application. 

“Customer(s)” means any legal entity or person(s) authorized as a DocuSign customer to use the Service that delivers a(n) eDocument(s) to be signed to the Signer via the Service. The Customer is itself or is in a contractual relationship with the Registration Authority, and has been delegated the responsibility to manage the identity verification of a Signer and of the signature process of the eDocument by a Signer. The Customer, as described herein, is distinguishable from You as the Signer.

“DocuSign Signature” means DocuSign France on-demand electronic signature service, which provides online display, certified delivery, acknowledgement, electronic signature, and storage services for eDocuments via the Internet.The Customer connects itself to the Service in order to produce the eDocuments and present them to Signatories for signature.

“eDocument(s)” mean(s) a document(s) in electronic form that is deposited by the Customer via the Service and submitted to the RA via the DocuSign Signature application in order to be signed by the Signatory.  The eDocument may also be signed by other signatories and by the Customer.

“General Terms of Use (GTU)” means these legal terms and conditions, related to the use of the Service by the Signatory. This GTU is accepted by Signer on the DocuSign Signature application during the Consent Protocol.

“Private Key” means a mathematical key, associated to the Public Key that is uniquely contained within a certified hardware cryptographic module and remotely activated by the Signer to sign eDocuments.

“Public Key” means a mathematical key that is made public and is used to verify the electronic signature of an eDocument signed with a Private Key.

“Registration Authority (or RA) or Customer” means one of the entities of the PKI approved by the CA, in order to register the Certificates issuance requests, renewal and revocation to validate or reject them. Additionally the RA collects the Signer’s identity information and verifies the identity of Signers in accordance with the rules and practices defined in its applicable Certificate Policy. Unless otherwise agreed between DocuSign and the Customer, the RA is the Customer.

“Service”** means all of the services provided by DocuSign as mentioned under this GTU, and particularly to enable the issuance and use of the Certificate and associated Private Key in order to permit the signature of an eDocument in accordance with the Consent Protocol.

“Signer(s) (or Signatory)” mean(s) any individual who uses the Service at the Customer’s request in order to sign the eDocument(s) that is prepared by the Customer and at the request of the Customer presented via the Service thereto after giving his/her/their consent according the Consent Protocol. 

“Signer Identity” means the electronic identity built by the RA by using the data collected by the RA from the Signer as well as data defined by RA. This identity contained in the Certificate permits identifying a Signer. The Signer’s identity is registered and verified by the RA before the signature transaction being performed by the Signer.

2.  PROCEDURE FOR REQUESTING CERTIFICATES VIA THE SERVICE

2.1  You are informed and You accept that DocuSign, following the execution of the Consent Protocol, generates the signature necessary to establish a signed and time stamped eDocument.

2.2  And to that extent that: 

(a)  Your identity is verified by the RA and then registered in DocuSign Signature. 

(b)  The information to contact and authenticate You (email, telephone number, or other authentication method) required for the Consent Protocol is verified by the RA and then registered in the Service. 

(c)  A signing Private Key is uniquely and in a secure way assigned to You for the duration of the eDocument signature transaction. The Private Key is generated, stored and destroyed after the signature transaction in a way that it cannot be used for any other transaction. 

(d)  A Certificate is assigned to You in order to prove that the eDocument is effectively signed by You; 

(e) You execute the Consent Protocol presented by the Service in order to indicate Your acceptation or refusal to sign the eDocument.

(f)  Once signed, the eDocument can be downloaded from DocuSign Signature by You and the Customer immediately after the signature process. 

3. CERTIFICATE ISSUANCE

You must verify the content of the information to be set in the Certificate (primarily the "subject" field of the Certificate, which contains Your complete First and Last Name of You as the Signer) which are presented to You through the Consent Protocol. In case of any problem with the Certificate content, You shall immediately report it to the Customer. 

4. CERTIFICATE PUBLICATION

The Certificate is not published by the CA or the RA. The Certificate is contained in the signed eDocument.

5. CERTIFICATE PERIOD OF VALIDITY 

Certificates shall be valid for five (5) minutes. Said period shall begin on the date the Certificate is created by the CA. Upon expiry of this Certificate period of validity, the signatures of eDocuments may be verified with the verification software indicated by the Customer (usually Adobe Reader), notably in order to verify that on the eDocument date of signature, the Certificate was valid. 

6.  EFFECTIVE DATE AND DURATION 

The present GTU shall take effect from the Effective Date, coinciding with the Certificate request date and shall apply during the archiving period of the eDocuments.

7. OBLIGATIONS OF SIGNER 

By accepting this GTU, You acknowledge and agree to: 

(a)  Ensure the security and confidentiality of the activation data (e.g. password) which You shall use to sign the eDocument. 

(b)  If applicable, ensure the security and confidentiality of the login and password provided by RA in order to use Your dedicated area in the DocuSign Signature application. 

(c)  Verify the content of the Certificate and alerting RA in case of issue noticed on such content. 

(d)  Verify the authenticity and accuracy of the information relative to the Signer Identity presented by DocuSign during the Consent protocol and contained in the Certificate. 

8. LIMITATIONS OF LIABILITY

DocuSign acts on behalf and in the name of the Registration Authority both as a service provider and as a Certification Authority subject to legal and regulatory obligations. As a Certification Authority, DocuSign's sole liability towards You shall be for direct and foreseeable damages in case of breach of its statutory obligations. Any other liability arising from the use of the Service, including without limitation any liability related to the use of the Public and Private Keys, the Certificates and/or the eDocuments contents shall fall to the Registration Authority and is subject to the terms agreed between You and the Registration Authority. 

9. FORCE MAJEURE 

Neither party shall be liable for any non-fulfilment or delay in the fulfillment of one or more obligations under this GTU due to a case of force majeure as defined under article 1218 of the French civil code.

10. PROTECTION OF PERSONAL DATA

The personal data collected from Signer by Customer, acting as RA, is processed by the Customer for the sole purposes of (a) authentication and identification of the Signer, (b) creation of the Signer Identity filled in the Certificate and (c) authentication of the Signer during Consent Protocol. Your personal data is stored for the sole purposes of (i) creation of the Signer Identity filled in the Certificate and (ii) authentication of the Signer during Consent Protocol. 

The Registration Authority processes Your personal data in accordance with the applicable French and European law and regulations regarding personal data and privacy protection and You, as Signer, have the right to access and rectify your personal data and to oppose to the processing of your personal data on legitimate grounds. Please refer to the Registration Authority privacy policy for more information in this respect. 

Any opposition to the retention of Your personal data shall prevent the issuance of a Certificate. Your personal data are also retained by the Certification Authority, as per the RA request. The RA defines its own personal data retention period, depending on the legal requirements as regard to the eDocuments.

11. INTELLECTUAL PROPERTY

You acknowledge and agree that DocuSign shall retain all intellectual property rights (patents, registered trademarks and other rights) for the elements comprising the Service as well as the documentation, concepts, techniques, inventions, processes, software or work performed in connection with the Certificates and related Services made available by DocuSign, irrespective of the form, programming language, program medium or language used. This GTU does not confer to You and/or Customer any intellectual property right with regard to the Certificates and the related Services. 

12. GOVERNING LAW

12.1 If You are acting for professional purposes, the following paragraph shall apply to You: This agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation are governed by and construed in accordance with the law of France. Each party irrevocably agrees that the commercial courts of Paris shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation. The provisions of the 1980 U.N. Convention on Contracts for the International Sale of Goods are expressly excluded and do not apply to this Agreement. Any legal action arising under this Agreement must be initiated within two years after the cause of action arises.  

12.2 If You are not acting for professional purposes, this paragraph shall apply to You to the exclusion of the above paragraph:this Agreement and any disputes or claims arising out of or in connection with it or its subject matter or formation are governed by and construed in accordance with the law of France. The French courts as identified by the applicable rules for jurisdiction where a consumer is a party to a dispute shall have exclusive authority to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation. 

13.  CUSTOMER SUPPORT

The Customer is responsible to provide You the technical support which could be necessary and to deal with any request in this respect in accordance with the support service terms and conditions agreed between the Customer and DocuSign.

14. WAIVER

The waiver by either party of any breach of any provision of this GTU does not waive any other breach.  The failure of any party to insist on strict performance of any covenant or obligation in accordance with this GTU will not be a waiver of such party’s right to demand strict compliance in the future, nor will the same be construed as a novation of this GTU.

15. SEVERABILITY 

If any part of this GTU is found to be illegal, unenforceable, or invalid, the remaining portions of this GTU will remain in full force and effect, unless such unenforceable, illegal or illegal provision was an essential obligation of DocuSign, in which case, these GTU will terminate automatically.  

16. MODIFICATION OF GTU

DocuSign shall have the right, to change, modify, or amend any portion of this GTU at any time by posting sufficient prior notification on the DocuSign website or otherwise communicating the notification to You to the sole extent that it implies a substantial modification of the GTU. The changes will become effective after expiration of the notification period, and shall be deemed accepted by You if You continue using the Service after such period. In the event that You do not agree with any such modification, You shall discontinue Your use of EU Advanced Signature. 

17. ENTIRE AGREEMENT

This GTU, which includes the language and paragraphs preceding Section 1, is the final, complete, and exclusive expression of the agreement between these parties regarding the EU Advanced Signature provided under this GTU.  This GTU supersedes, and the parties disclaim any reliance on, all previous oral and written communications (including any confidentiality agreements pertaining to EU Advanced Signature under this GTU, representations, proposals, understandings, and negotiations with respect to the matter hereof) and apply to the exclusion of any other terms that You seek to impose or incorporate, or which are implied by trade, custom, practice or course of dealing. 

18. LANGUAGES AND TRANSLATIONS

DocuSign may provide translations of this GTU or other terms or policies.  Translations are provided for informational purposes and if there is an inconsistency or conflict between a translation and the French version, the French version will control.