General Conditions of Sale – SaaS (Online Sales) v08/23
(Update date : August 2023)
See the previous version of our General Conditions of Sales – SaaS (Online Sales)
These General Conditions of Sale – SaaS (Online sales) (hereinafter the “General Conditions of Sale”) are exclusively intended to govern the online sale of Services offered by the company Cryptolog International, a simplified joint-stock company, located at 5-7 Faubourg Poissonnière, 75009 Paris, Paris Commercial Registry no 439 129 164 (hereinafter “Universign”) via the website www.universign.com (hereinafter the “Website”).
They are supplemented by the General Conditions of Use (hereinafter “GCU”) and the Specific Conditions of Use (hereinafter “SCU”) applicable to the Services subscribed to by the Buyer.
DEFINITIONS
Unless otherwise provided for, the terms beginning with a capital letter will have the meaning as defined in this article and may be used both in the singular and in the plural, depending on the context.
Buyer: refers to a buyer who has subscribed to one or more Services online, via an Online Order Form.
Anomaly: refers to any defect in the design or production of the Software Package, not including misuse by the Buyer, manifested by malfunctions which prevent the Service from functioning in accordance with its Documentation. This must be reproducible by Universign.
Authentication: refers to the process which allows for the electronic identification of a natural person to be confirmed.
Timestamping authority (or TSA): refers to the authority in charge of the application of the Timestamping Policy, the issuing and the proper management of timestamps. For the purposes hereof, the Timestamping Authority is the Universign TSA.
Certification Authority (or CA): refers to the authority in charge of creating, delivering, managing and revoking Certificates as part of the Certification Policy. For the purposes hereof, the Certification Authority issuing all Certificates associated with the service is the Universign Hardware CA.
General Conditions of Use (GCU): refers to the general conditions of use applicable to all Services provided by Universign. These are available on the Website.
Specific Conditions of Use: refers to the specific conditions of use for the Service they govern. They are available on the Website.
Timestamp: refers to a structure which links a Document to a specific moment, thereby establishing evidence that it existed at that time.
Electronic Document or Document: refers to the set of structured data which may be subject to computer processing by the Service.
Documentation: refers to the functional and technical documentation provided by Universign as part of the use of the Services.
Data: refers to the set of information and data transmitted by the Buyer, generated by the commissioning of the Service or processed therein.
Personal Data: refers to the set of personal information and data transmitted by the Buyer to Universign as required for performance of the Services.
Malfunction: refers to any Service interruption observed by Universign, resulting from a Client’s inability to connect to the Platform.
Online Order Form: refers to any quote accepted by the Buyer on the Website for the purchase of one or more Services hereunder.
Timestamping: refers to a process allowing for it to be certified that a Document existed at a given time, through the use of Timestamps.
Identification: refers to the process which consists in using Data or means of personal identification, allowing for the unambiguous determination of a natural or legal person, or a natural person representing a legal person.
Package: refers to a number of Timestamps or Signatures ordered on the Website.
Updates
The term “Updates” refers to the successive versions of the Platform provided by Universign, offering technical and/or functional improvements. Updates incorporate all changes made to the Platform, in order to update it with regard to regulatory developments or changes affecting the operating environment.
Certification Policy (CP): refers to the set of rules, identified by a number (OID) defining the requirements with which a CA must comply in the implementation and provision of services.
Timestamping Policy (TP): refers to the set of rules with which the TA must comply for the issuing of Timestamps as part of the performance of the Service.
Platform: refers to the technical infrastructure composed of the set of equipment, software packages, operating system, database and environment managed by Universign or its subcontractors, on which the use of the Software Package will be carried out. This allows for provision of Service in SaaS mode. It is remotely available directly via the internet on the Website, or through the use of a smartphone or tablet.
Software Package: refers to a set of programs, procedures, rules and, where applicable, documentation relating to the functioning of an information processing system.
SaaS (Software as a Service): refers to the mode of access to the Service. This access is carried out remotely via the internet by connecting to the shared Platform, hosted on Universign’s servers and those of their subcontractors.
Service(s): refers to the Electronic Signature or Timestamping service(s), as well as the associated services which Universign commits to provide to the Buyer in SaaS mode.
Electronic Signature: refers to the procedure allowing for the integrity of a signed Document to be guaranteed and for the signatory to be identified.
Website: refers to the website https://www.universign.com.
Transaction: refers to the process between the Buyer and a third party, during which an Electronic Document offered by the Buyer is signed, through the use of the Service.
ARTICLE 1 – PURPOSE
The purpose of this document is to define the general conditions of sale applicable to Services ordered via the Website through an Online Order Form.
ARTICLE 2 – CONTRACTUAL DOCUMENTS
The contractual relationship between Universign and the Buyer is shaped by the following contractual documents, presented in descending order of legal value, (hereinafter the “Contract”):
- The Online Order Form accepted by the Buyer as part of an order carried out on the Website; and
- These General Conditions of Sale;
- The GCU and the SCU, which form an indivisible whole with the General Conditions of Sale.
In case of any contradiction between one or several provisions included in the aforementioned documents, the higher-ranking document will prevail.
The Buyer recognises that by accepting the Contract, they will have agreed to disregard any general conditions of purchase not expressly accepted by Universign.
In the latter case, all contractual documents listed above will prevail, notwithstanding any clause to the contrary, over the Buyer’s general conditions of purchase.
The Company reserves the right to modify these General Conditions of Sale at any moment, with no prior notice. The applicable General Conditions of Sale will be those currently in force on the date of the order placed by the Buyer.
The applicable General Conditions of Sale, as well as their previous versions, remain permanently accessible on the Website, in a format which may be printed and/or downloaded by the Buyer.
The Conditions of Sale are automatically approved by the Buyer as part of any order, and as such the Client declares to have read and accepted these without reserve.
ARTICLE 3 – ORDERS
A Buyer wishing to order a Service must:
- Complete the Registration form by filling in the necessary fields to create an account, or log in to the Website using their username;
- Complete the Online Order Form with the exact reference numbers of the chosen Services;
- Approve their order after having checked it;
- Accept these General Conditions of Sale; and
- Make the payment under the conditions provided for in these General Conditions of Sale.
An order will not be approved until after the full payment of the indicated amount has been received, in accordance with Article 6 of these General Conditions of Sale.
An order subject to these General Conditions of Sale cannot be modified during the Package’s period of validity.
ARTICLE 4 – ENTRY INTO FORCE – DURATION
The Services contracted on the Internal Site by the Buyer and Universign are valid for the duration of one (1) year, from the date of the order’s approval by Universign.
Any Timestamp tokens or Electronic Signatures acquired via a Package which are not used may not be recovered or reimbursed.
ARTICLE 5 – PRICES OF SERVICES
5-1 Sale prices
The sale prices are indicated, for each of the Services appearing on the Website, in euros and are exclusive of tax.
VAT is applied in accordance with European regulations.
The prices indicated include all order processing fees.
The total amount due from the Buyer is indicated on the order approval page.
5-2 Modification
Universign reserves the right to change their prices at any moment, while guaranteeing the Buyer that the price in force on the day of their order will apply.
ARTICLE 6 – PAYMENT AND AVAILABILITY OF INVOICES
The payment of Services is carried out on the date of the order, by bank card and via a system which ensures the security of the information transmitted.
The Buyer will be credited for the acquired services after their payment has been approved.
Upon receipt of payment, an invoice for the amount of the payment made will be available on the Buyer’s Universign account.
Upon the approval of an order, the Buyer will receive a confirmation email at the email address they have communicated to Universign. The Company will not be liable for any typing error made by the Buyer with regard to their email address.
ARTICLE 7 – DESCRIPTION OF THE SERVICES
7.1. Access
The Services can be accessed via the Website.
7.2 Specifics with regard to the Services provided
The description of the Electronic Signature and/or Timestamping Services ordered are detailed in the Annex “Description of Services which may be ordered online” of these General Conditions of Sale, and provided in accordance with the applicable GCU and SCU.
7.3. Availability
Access to the Platform is available 24 hours a day, 7 days a week.
The Buyer is informed that access to the Service is made via the internet. They are warned that technical issues may affect their connection and result in slowdowns or unavailability, making access impossible. Universign cannot be held liable for these slowdowns or availabilities, and reminds the Buyer of the importance of their choice of internet service provider.
Universign cannot be held liable for the proper functioning of the Buyer’s computing or telephone equipment, nor for their internet or mobile network access.
Universign offers the Buyer all information regarding the availability of the Service on the Website. Universign offers the opportunity to subscribe to a notification system for incidents related to the Service’s operation, via this Website.
It is specified that the Buyer remains responsible for the telecommunication costs of their internet service provider when using the Service.
7.4. Online support and Updates
Universign undertakes to provide online support and Updates in order to continually improve the quality and/or features of the Service for their Clients.
7.4.1. Online support
As part of the Contract, Universign ensures support for the Services, through a team of support technicians.
The support service is exclusively contactable by email from 9 a.m. to 6 p.m., from Monday to Friday, excluding public holidays (Metropolitan French time) at the address support@universign.eu.
This support consists in providing responses to Malfunctions and Anomalies encountered and declared by the Buyer while using the Services.
The online support services do not cover problems related to equipment and software not provided by Universign, nor those related to the Buyer’s networks.
7.4.2. Provision of Updates
Universign undertakes to implement all means at its disposal in order to ensure that any Updates carried out do not affect the Service’s level of compliance with regulations and standards.
In the event that an Update degrades the performance and/or features of the Service and specifically affects the Buyer’s use of the Service, Universign undertakes to maintain, within the conditions provided herein, the previous functional version of the Service for a period of six (6) months, or until a new functional Update is released.
All Updates are unilaterally decided on by Universign.
Corrective Updates
Corrective maintenance exclusively concerns the Software Package.
Universign ensures the correction of any Anomalies identified. Universign may also communicate a workaround solution for Anomalies identified by the Buyer. The Anomaly must be indicated to Universign with enough information for the latter to take action.
Progressive Updates
Progressive maintenance is carried out via the provision of the latest version of the Software Package, via the Platform.
7.4.3. Technical limits to online support and the provision of Updates
Any Universign intervention resulting from the following causes are excluded from the provision of online support:
- Any use of the Software Package which does not comply with the Documentation, the instructions for use or its intended purpose, or any abnormal use for any reason whatsoever (negligence, operating error, accident, etc.);
- A compatibility problem between the Service and any other Buyer equipment resulting in the latter’s failure to comply with the technical prerequisites;
- A failure of one of the elements constituting the Buyer’s software environment (operating system, other software or software packages, network systems, etc.); and/or
- More generally, any non-compliance with the Buyer’s obligations under the Contract.
ARTICLE 8 – LIABILITY – WARRANTY
Universign undertakes to take all reasonable care possible in the performance of the Services, in accordance with the rules of its profession and in partnership with the Buyer, but may only be held to an obligation of means with regard to the latter.
Universign may not be held liable for any damages other than those directly resulting from a fault in the performance of the Service ordered.
Universign may not be held liable for any use of the Service which does not comply with the GCU and SCU.
Should Universign’s liability be retained, for whatever reason and regardless of the legal basis invoked or retained, all combined damages will be limited to the amount excluding tax received by Universign for the disputed order, by express agreement.
ARTICLE 9 – INTELLECTUAL PROPERTY RIGHTS
If the Website, trademarks, drawings, images, texts, logos, graphic charters, software and programs, databases, sounds, videos, domain names, designs or any other information or medium (with this list being understood as non-exhaustive) required for the provision of the Service are the exclusive property of Universign and are protected by their authors’ rights, trademarks, patents and any other intellectual or industrial property rights granted to them in accordance with the laws in force. The Buyer will therefore refrain from any reproduction or use of said works without the express, written and prior authorisation of Universign, which may be conditional on financial compensation.
The rights granted to the Buyer under the Contract exclusively extend to a right of use for the Service and the associated Documentation, for the duration of the Contract.
ARTICLE 10 – LIMITATION OF SERVICE ACCESS
In the event of a breach by one of the Parties of an essential obligation provided for in the Contract, which is not corrected within a period of thirty (30) calendar days after the delivery of a registered letter with acknowledgement of receipt notifying them of the breach in question, the other Party may exercise their right to terminate the contract, subject to the damages and interests to which it may be entitled hereunder.
The restriction or prohibition of access to the contractual Services, or the termination thereof, for whatever reason, will not give rise to the reimbursement of sums collected by Universign.
ARTICLE 11 – CONFIDENTIALITY
Each party is forbidden from communicating, directly or indirectly, all or part of the information of any nature, whether commercial, industrial, technical, financial, personal or otherwise, which may have been communicated by the other Party or of which they may become aware during the performance of the Service(s) forming the subject of this Contract, to anyone.
Universign and the Buyer undertake to ensure, within the meaning of Article 1204 of the French Civil Code, the compliance of their duly authorised employees, agents or subcontractors with the above-mentioned confidentiality commitment.
ARTICLE 12 – RIGHT OF WITHDRAWAL
The nature of the Services implies that its performance will begin from the moment of the order’s payment, which the Buyer, who is considered as a consumer within the meaning of the applicable laws and case law, recognises and accepts. Consequently, the right of withdrawal may not be exercised.
ARTICLE 13 – PERSONAL DATA
In all circumstances, the Parties shall comply with the regulations applicable to them with regard to the protection of Personal Data, including the provisions of the amended French Data Protection Act No 78-17 of 6 January 1978, of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, “GDPR”) and of Order No 2018-1125 of 12 December 2018, and will undertake to process Personal Data diligently and confidentially.
13.1. Universign acting as Personal Data Controller
Universign processes Personal Data necessary to:
• Guarantee compliance with applicable legal or regulatory requirements for trust service providers;
• Constitute and preserve audit trails and evidence files;
• Guarantee the neutrality of Signature operations.
In this regard, Universign acts as “Data controller” within the meaning of the amended Law No 78-17 of 6 January 1978 and of the GDPR.
The characteristics of this processing and their means of implementation are specified in the Annex “Processing and security of Contractual Personal Data”.
13.2. Universign acting as joint Personal Data Controller
Where necessary, if the Client has subscribed to the Storage and Preservation of signed Documents service, the processing of Personal Data carried out will be implemented under the joint responsibility of Universign and the Client.
This joint responsibility is understood within the meaning of the GDPR.
The characteristics of this processing and its means of implementation are specified in the Annex “Processing and security of Contractual Personal Data”.
ARTICLE 14 – MISCELLANEOUS PROVISIONS
Force Majeure: In the event of a case of force majeure, in the usual sense as understand by the case law of French courts, Universign cannot be held liable for a breach of one of its obligations hereunder, for the duration of such an impediment.
Preservation-Evidence: Universign preserves the order summary and invoices on a durable medium, constituting a reliable copy. Universign’s digitalised records will be considered by the Buyer as evidence of communications, orders, payments and transactions between the latter and Universign.
Partial nullity: In the event of any difficulty in interpretation resulting from a contradiction between any of the titles appearing at the heading of a clause and the content of a clause, the titles will be declared not to exist.
If one of the clauses of these General Conditions of Sale is considered null and void, in application of a law or a regulation, or following a court decision, it will be deemed not to have been written and the other clauses will remain in force.
Parties Commitments: The Parties agree that the payment of the Services signifies that the Buyer has read and accepted the General Conditions of Sale, the GCU and the SCU in force on the date of the order’s approval. The Buyer is informed that all of these applicable documents can be accessed on the Website, in accordance with Articles 1125 and 1127-1 of the French Civil Code.
Previous versions of these documents are also available on the Website. The Parties agree that these are made available for information purposes only and do not imply any applicability for these previous versions.
It is understood that any new version of these documents cancels and replaces the General Conditions previously accepted between the Parties, having the same subject and currently in progress. It will prevail over any unilateral document of either Party.
Transfer, subrogation and substitution:The Contract may not be subject to any total or partial transfer on the part of the Buyer, in any case, whether for payment or for free, without the written, express and prior agreement of Universign.
Notification: Any claim or notification from a Buyer must be addressed to Universign by mail to their headquarters at 7 Rue du Faubourg Poissonnière 75009 Paris, or via the forms available on the Website.
ARTICLE 15 – APPLICABLE LAW AND JURISDICTION
These General Conditions of Sale are governed by French law. This applies in both substance and form, notwithstanding the places of performance for substantive or ancillary obligations.
Only the French version of this document is enforceable, any translation being made, by express agreement, for convenience only.
In case of any difficulties in the performance and/or interpretation of the documents constituting the Contract, and prior to referral to the competent courts, the Buyer will approach Universign in order to mobilise their best efforts to put an end to their dispute.
The Buyer, who must imperatively be considered a consumer within the meaning of applicable law, is informed that they have the right to appoint a consumer ombudsman, under the conditions provided under Title 1 of Book 6 of the French Consumer Code.
IN THE EVENT OF DISPUTE, AND AFTER AN ATTEMPT TO FIND AN AMICABLE SOLUTION, EXPRESS JURISDICTION IS ATTRIBUTED TO THE COMMERCIAL COURT OF PARIS, NOTWITHSTANDING A PLURALITY OF DEFENDANTS OR THE INTRODUCTION OF THIRD PARTIES, EVEN FOR EMERGENCY, PROTECTIVE, SUMMARY OR EX-PARTE PROCEEDINGS. IN CASE OF THE BUYER’S OPPOSITION TO A REQUEST FOR AN ORDER FOR PAYMENT, EXPRESS JURISDICTION IS ALSO ATTRIBUTED TO THE COMMERCIAL COURT OF PARIS.
Annex 1: Description of services which may be ordered online
The service(s) provided which may be ordered online by the Buyer, via the Website, are:
- The Electronic Signature of Documents;
- The issuing of Electronic Certificates for Signatories (for level 2 Signatures);
- The Electronic Timestamping of Documents;
Electronic Certificates may be issued subject to subscription to certification services by their holders and to the competition of their registration file.
1. ELECTRONIC SIGNATURE SERVICE
The Service offered by Universign allows for the implementation of different categories of Electronic Signatures, classified according to the requirements of the regulations and standards to which they comply.
Universign commits to keep the Service up-to-date and to develop it according to applicable regulations. Throughout the duration of the contractual relationship with the Buyer, Universign guarantees the compliance of the Service with the French and European regulations applicable to the latter as a provider of Electronic Signature and Certification services, throughout the duration of the Contract.
2. Level 1 Electronic Signature
Universign cannot guarantee the identity of the signatory or their authorisations in the implementation of the level 1 Electronic Signature. The identification of the signatory is the responsibility of the Buyer, via their own specific organisational and technical processes, with the only elements of Identification being those which it communicates. Consequently, the Buyer is responsible for ensuring the identity of the signatory, by its own means and under its own liability. The identification information which appear above the Electronic Signature are those transmitted to Universign by the Buyer.
Universign’s liability may not be invoked, in any case, for the verification of the signatory’s identity.
Authentication of the declared signatory is carried out by Universign via a confidential code delivered by SMS to the signatory’s mobile telephone number, on the basis of the telephone number transmitted by the Buyer or provided by the signatory.
The level 1 Electronic Signature complies with the criteria required for the simple or advanced Electronic Signature within the meaning of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions within the internal market. However, this is subject to the Buyer’s implementation of sufficiently reliable signatory identification procedures.
This cannot be considered to comply with the provisions of Article 25.2 of said text, regarding the assumption of reliability of the Electronic Signature.
3. Level 2 Electronic Signature
For the implementation of the level 2 Electronic Signature, the signatory’s Identification is carried out remotely by Universign on the basis of an electronic copy of their identity document.
Direct authentication of the signatory is carried out by Universign via a confidential code delivered by SMS to the signatory’s mobile telephone number.
Their identity is recorded by Universign for the purpose of issuing a Certificate in their name.
Within the context of this Signature, the remote verification of an identity document may not fully guarantee the identity of the signatory. Consequently, it is the Buyer’s responsibility to implement additional Identification processes under their own liability.
Universign is not responsible for the Identification of the signatory, beyond verifying consistency between the identification information declared by the signatory or the Buyer and their proof of identity, for which it will have been delivered a copy.
The level 2 Electronic Signature is an advanced Electronic signature within the meaning of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions within the internal market.
This cannot be considered to comply with the provisions of Article 25.2 of said text, regarding the assumption of reliability of the Electronic Signature.
The level 2 Electronic Signature is carried out via Certificates issued by a Certification Authority, featured on the trust list within the meaning of Article 22 of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions within the internal market. These certificates comply with the requirements of ETSI standard EN 319 411-1.
4. TIMESTAMPING SERVICE
This service allows for Documents to be timestamped via Timestamps issued in accordance with the Timestamping Policy, which describes the implementation and organisation of the Service in more detail.
The Timestamping Service is synchronised with universal coordinated time, to ensure accuracy of the Timestamp down to one (1) second.
The timestamping provided by Universign complies with the criteria required for qualified electronic timestamping within the meaning of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions within the internal market. It benefits from the assumption provided for in Article 41 of said text.
Subject to the buyer’s compliance with these General Conditions, Universign guarantees the enforceability of
Timestamps created via the Service, within the meaning of the European regulation.
The Buyer undertakes to verify the validity of Timestamps from their receipt. Except as provided for within the Timestamping Policy, Timestamps may be verified for five (5) years from their date of issue.
Annex 2: Processing and security of personal data
For the implementation of the service, the User freely and explicitly consents to Universign’s processing of their Personal Data, after having been informed of the characteristics of this processing. The use of the Service is subject to this consent.
The characteristics of User Personal Data processing are specified in this annex.
1. NATURE OF THE PERSONAL DATA PROCESSING IMPLEMENTED BY UNIVERSIGN
As part of the performance hereunder, the Parties agree that the following processing is implemented throughout the cited duration.
Purposes | Duration of Data preservation before its deletion |
To create Users’ Universign accounts and manage their access to the Service(s) | 12 months after the end of relations with Universign |
To allow for the use of Universign Services | 12 months after the end of relations with Universign |
To create electronic signature or seal certificates | 17 years after the date of issue of the certificate |
To preserve proof of electronic transactions for the purposes of audits carried out by supervisory bodies or to be produced in case of dispute | 15 years after the Transaction |
To allow for Users to request information about Universign Services | 12 months after the end of relations with Universign |
To identify Users’ needs through cookies in order to provide them with the most appropriate services | 13 months after the cookie’s installation |
To provide technical support and allow for the proper functioning and security of the Service | 12 months after the end of relations with Universign |
To improve the Services, and to adapt their features and develop new ones | 12 months after the end of relations with Universign |
To offer personalised content to offer the most relevant Services and/or those which meet the expectations of Users | 12 months after the end of relations with Universign |
To notify of any modifications, updates and other announcements concerning the Services | 12 months after the end of relations with Universign |
In order to carry out the Service, Universign will process Personal Data according to the means provided for herein.
2. JOINT RESPONSIBILITY FOR THE PROCESSING OF PERSONAL DATA
As part of the joint responsibility for processing carried out, where necessary, for the Storage and Preservation of documents, the responsibilities between joint controllers are shared as follows:
Distribution of responsibilities | ||
Obligations | Client | Universign |
To determine the purpose of the processing | Yes | Yes |
To determine the means of processing | No | Yes |
To implement procedures for the exercise of individuals’ rights over their Personal Data | Yes, in partnership with Universign | Yes |
To establish the duration of preservation | Yes | No |
Destruction and/or recovery of data | Yes for the decision | Yes for the performance |
Duty of cooperation with Data Protection Authorities | Yes | Yes |
Auditing | Yes | Yes |
Information about recipients | No | Yes |
Choice of server hosting location | No | Yes |
PIA | No | Yes |
Security and Confidentiality | No | Yes |
Reversibility/Portability | Yes for the decision | Yes for the performance |
Traceability | No | Yes |
Service continuity, backups and integrity | No | Yes |
3. INFORMING THE INDIVIDUALS CONCERNED
Each Party must implement the necessary measures in order to inform individuals whose Personal Data has been collected, in accordance with the regulations in force. In particular, said individuals are informed of the purpose of processing, as well as the rights at their disposal (right of access, to rectification and to deletion). The retention period for Personal Data is determined according to the purpose of the processing.
Universign undertakes not to use Client Personal Data for the purposes of commercial solicitation.
4. LOCATION OF PERSONAL DATA
In case of transfer or hosting of Personal Data outside of the European Union, Universign will inform the Client and the individuals concerned.
Universign ensures that sufficient guarantees are provided to govern the transfers of Personal Data to non-member states, in particular via the implementation of Binding Corporate Rules (“BCR”) or through the use of standard contractual clauses adopted by the European Commission.
5. SECURITY OF PERSONAL DATA
In order to guarantee the secrecy, security and confidentiality of the Personal Data to which it has access as part of the Contract, Universign undertakes to take and maintain in a state-of-the-art condition all useful precautions, to preserve the security of Personal Data, and in particular to avoid these being distorted or damaged and to prevent any access thereto which has not been authorised in advance.
Universign implements an information systems security policy and makes the documents regarding the security of Client’s Personal Data available to the latter, within the limits of any information which is confidential for Universign, or which may be subject to business secrecy.
6. PERSONAL DATA AND UNIVERSIGN STAFF
Universign is responsible for its staff, employees and subcontractors, and for the compliance of the latter with the obligations incumbent upon it as a result of this Contract.
In this regard, Universign staff may not access Personal Data, use these or modify these, unless authorised where strictly necessary for the purpose of the Service’s provision, for the prevention or processing of technical problems, or to ensure its security.
Universign staff are contractually subject to an obligation of confidentiality provided for in an employment contract, and dispose of the knowledge necessary to ensure the confidentiality of Personal Data.
Universign implements organisational and technical measures to ensure compliance by its staff with its obligations, including in terms of the control of persons authorised to access Personal Data, security of access and traceability.
7. PARTIES’ COOPERATION
The Parties undertake to cooperate in all circumstances involving the obligation of secrecy, confidentiality and security of Personal Data.
The Parties engage to cooperate loyally, and without delay, with the applicant or supervisory authorities acting within a legal framework.
The Parties undertake to mutually support and facilitate any operation relating to the exercise of rights by individuals concerned by the processing of Personal Data, including the rights of access, to rectification and to deletion, where they are unable to directly respond, except in the event of any legal, regulatory or normative obligation imposed upon them and rendering this commitment impossible.
8. NOTIFICATION OF PERSONAL DATA BREACHES
The Parties undertake to mutually inform each other of the occurrence of any breach of Personal Data which has or is likely to have direct or indirect consequences for said Personal Data, and/or likely to negatively affect the image, reputation or good name of either Party.
This notification must be carried out as soon as possible after the discovery of the breach of Personal Data, or following receipt of the supervisory authority’s request for information.
In the event of a breach of Personal Data, information will be provided on the nature of the breach, its probable origin, the categories and the approximate number of individuals concerned by the breach, and the categories and amount of Personal Data in question. The Party which becomes aware of the breach shall describe the probable consequences of this, and the measures taken – or which the Party proposes to take – to remedy this breach, including, if necessary, the measures to mitigate any possible negative consequences.
The Parties undertake to cooperate in good faith and to jointly decide on the measures rendered necessary as a result of the discovery of a breach of Personal Data where this breach affects or is likely to affect only the Client’s Personal Data.
9. SUBCONTRACTING
Within the context of the Services, Universign declares the following subcontractors:
The Storage of logs is subcontracted to:
• DATADOG France, 21 Rue de Châteaudun, 75009 Paris
The automatic validation of passports is subcontracted to:
• NETHEOS, Montpellier Commercial Registry No 453 023 681, Bât 18 1025, Avenue Henri Becquerel
The delivery of SMSs is subcontracted to the companies:
• CM TELECOM France, SAS, whose headquarters is located at 26-28 rue de Londres 75009, Paris, France – Commercial Registry No 802 946 715 R.C.S PARIS
• MIL’NR3, limited liability company whose headquarters is located at 13 Rue Gosselet – 59000 LILLE, France – METROPOLITAN LILLE Commercial Registry No 488 024 530; and
• NEXMO Inc, 217 Second Street, 4th Floor, San Francisco, CA 94105 U.S.A.
The Storage of signed Documents is subcontracted to the companies:
• OVH, Simplified joint-stock company whose headquarters is located at 2 Rue Kellermann – 59100 ROUBAIX, France – METROPOLITAN LILLE Commercial Registry No 424 761 419; and
• AMAZON WEB SERVICES EMEA, limited liability company, 38 Avenue John F. Kennedy, L-1855 Luxembourg
Necessary data for the payment and the invoicing of the Customer are sent to:
- Stripe Payments Europe, Ltd. C/O A&L Goodbody, Ifsc, North Wall Quay Dublin 1., Dublin 1, Dublin
Universign guarantees that the providers or subcontractors offer sufficient technical and organisational guarantees to ensure the protection Personal Data, and that their actions and the conditions of their services are compatible with its own commitments as defined herein. Universign remains entirely responsible for the performance of the Service.