By accessing the Platform or using the Services or the API provided by Universign, Users agree to be bound by these ToU.
API: denotes the Application Programming Interface to Universign Services.
Certificate Revocation List (CRL): denotes the list containing all of the Certificates which are no longer trustworthy.
Certificate Policy (CP): denotes the document comprising all the commitments made by Universign in terms of security and organisation for the provision of Certificates.
Certification Authority (CA): denotes the authority responsible for applying the Certificate Policy, and for issuing and managing the Certificates properly. Under this agreement the Certification Authority is Universign.
Documentation: denotes all the operational and technical information given to the User to integrate the Services in its own information system
Electronic Certificate or Certificate: denotes an electronic document delivered by Universign which includes the identity of the Certificate holder and a cryptographic key, called the public key, used during the Electronic Signature verification to verify that the Signer is indeed the certificate holder.
Electronic Signature or Signature: denotes the process to ensure that the integrity of a Document is guaranteed and to identify the person who affixes their signature.
Electronic Document or Document: denotes all the structured data which may be subject to data processing by the Service.
Qualified Certificate: Electronic certificate meeting the requirements of Article 28 of European Regulation No 910/2014 of 23 July 2014 and Article 6 of Decree No 2001-272 of 30 March 2001.
Login: denotes the specific terms under which each User shall identify himself in order to connect to the Services.
Personal Data: denotes the data which, within the meaning of the “Loi Informatique et Libertés” ( Data protection Act) of 6 January 1978 (amended by the Law of 6 August 2004), allows to identify, directly or indirectly, a natural person.
Platform: denotes the technical infrastructure managed by Universign for the purpose of providing the Service. It is accessible via the API or Universign website.
Registration Operator: denotes the operator in charge of checking, at the time of the Certificate request, the identity of the Certificate requester.
Signature Policy (SP): denotes the document comprising all the commitments made by Universign with regard to the Signature of Documents.
Service: denotes all of the services and software solutions which Universign undertakes to provide to the User under this contract.
Signer: denotes the User who has signed a Document through the Service.
Time-stamping: denotes a process which certifies that data existed in electronic form at a given moment in time and ensures the integrity of this data.
Time-Stamping Authority (TSA): denotes the authority responsible for applying the Time-stamping Policy, and for issuing and managing the Time-Stamp Tokens properly. Under this contract the Timestamping Authority is Universign.
Time-stamp Policy (TP): denotes the document comprising all the commitments made by Universign with regard to the Time-stamping of Documents.
Token or Time-Stamp Token: denotes a structure signed by the TSA which links the digital fingerprint of a Document to a specific time, thus confirming the existence of the transaction at a given moment in time.
Universign: denotes the company CRYPTOLOG INTERNATIONAL SAS, with capital of €508,932 and headquarters located at 7 rue du Faubourg Poissonnière, 75009 Paris, registered in the Paris Register of Commerce and Companies under the number 439 129 164.
User: denotes any person with a Universign account.
Website or Universign Website: denotes Universign website.
NB: Words in the singular can also refer to the plural and vice versa.
Users may benefit from the Services offered to them on the Universign Platform subject to compliance with the following prerequisites:
The applicable TOU and the STU are those available online at the time of using the Service. The Users have the option to save and/or print these terms.
The contractual documents binding upon the Users are:
Previous versions of the Policies are accessible upon request to Universign.
ACCESSING THE SERVICE
Universign Services are accessible via the Platform and Universign’ API, twenty-four (24) hours a day and seven (7) days a week, with the exception of cases of force majeure, difficulties relating to the structure of communication networks and the cases provided for herein.
CREATING A UNIVERSIGN ACCOUNT
Accessing the Service requires creating an account on the website.
To access their Universign account, Users are required to authenticate themselves using their Login which they created freely when they created their account.
The User’s Login is strictly personal. It must meet the security criteria set by Universign and must not under any circumstances be communicated to a third party.
Universign will never request, for any reason whatsoever, that a User communicates their login to them and that any such request must be considered to be a fraudulent request.
The User is wholly responsible for retaining and using their Login. They must take all measures necessary to prevent non-authorised or fraudulent use of their account.
If the User notices or suspects non-authorised or fraudulent use of their Login or any other security breach, they must alert Universign immediately via their support service accessible on the Website.
From receipt of this notification, Universign will proceed, within a reasonable time period, to disable the User’s account.
Any access to the User’s account using their Login shall be deemed to be carried out by the User. The User is responsible for any actions carried out via their account, including access and use of the Service via the API and releases Universign from any liability in the event of damages caused by the User or a third party by such actions.
USING THE SERVICE
The User is obliged to provide precise information to Universign for the use of the Service. The User is prohibited from using the Service in an unusual or abusive manner. In particular, the User is obliged to access the Service via the API in a manner compliant with the Documentation.
The User is prohibited from any fraudulent use of the Service. In particular, the User is obliged not to misuse the methods for authenticating the Signers.
In general, the User is prohibited from any activity on the Service which could breach the applicable laws and regulations.
SERVICE DELIVERY AND DEVELOPMENT
The Service offered on the Universign Platform is a service delivered as a SaaS (Software as a Service). It is subject to regular Updates, with the aim to improve the quality and/or functionality of the Service for all of its Users.
Universign reserves the right to add or to modify, at any time, the Platform and the Services available on it based on technological developments and shall inform the Users of them by all appropriate means.
These updates shall be considered to be part of the Service and shall be subject to these ToU.
It is recommended to consult the website regularly as this is where information on the developments made will be published.
Universign reserves the right, without warning or compensation, to temporarily close Universign Platform on the Website or access to the services, specifically for any update of the Service, maintenance operations, modifications or changes to the operational methods, the Platform and the access hours – this list is not exhaustive.
Universign shall not be liable for damages of any nature which may result from these changes and/or the temporary unavailability of the Platform, the Website or the associated Services.
Universign strives to provide a Service of quality in accordance with the policy in force, available on the Universign Website on the day of using the Services.
Due to the nature and the complexity of the internet and, in particular, its technical performance and response times for consulting, checking or transferring data, Universign undertakes to do its best, in accordance with industry rules, to enable access to, and the use of, the Service. In effect, Universign cannot ensure absolute accessibility to, or availability of, the Website allowing access to the Service.
Universign cannot be held liable for the proper operation of the Users’ IT equipment, mobile telephone or their access to the internet or to a mobile telephone network.
The User continues to be liable for the telecommunication costs of their internet service provider during the use of the Universign Service.
Universign prices are governed by the pricing conditions available on Universign website and in accordance with the Terms of Sale.
Universign will exercise due care in providing a technical service which enables the User to use the Electronic Signature and/or Document Time-stamping Services.
Universign does not alter the content of the Documents, besides from inserting the Signatures and the Time-Stamp Tokens. Universign cannot be held liable with regard to the information contained in the Documents that it has no knowledge thereof.
Universign cannot be held liable for the consequences which could result thereof, particularly with regard to decisions which could be made or actions which could be taken from these Documents (whether or not they are signed or timestamped).
Universign cannot be held liable in relation to the value or validity of the content of the Documents or for an error therein.
Universign liability cannot be sought in the case of illegal, fraudulent or abusive use or usage due to voluntary or involuntary disclosure to a third party of the User’s login for the Universign account.
Universign cannot be held liable for inappropriate use of its Services.
Under no circumstances shall Universign be liable for any indirect damages such as loss of profits, turnover, data or use thereof or any other indirect damages resulting from the use, delivery or delivery performance of the Services offered.
Universign liability for any other cause of action shall be limited to the amount paid in the previous twelve months by the User to use the Services.
USERS’ GUARANTEES TO THE SERVICE
The Users guarantee Universign:
The User shall be solely liable for Use of the Service outside of these guarantees.
Universign guarantees the User:
– that the services provided comply with the Certification and Time-stamping Policies accessible on Universign website on the day the Service is used;
– the confidentiality of the information sent to them in application of the French law in force, specifically with regard to the privacy, with the exception of information allowing the Signer to be identified.
Universign does not check that the Services used correspond to User’s needs or to the legal regimes applicable to the Documents.
Consequently, the provision of the Service by Universign shall not relieve the Users of conducting an analysis or checks regarding the legal or regulatory requirements in force and applicable to them and to the Documents.
Universign excludes any guarantee, specifically for hidden defect, for compliance with any requirement or use whatsoever, for proper operation or pertaining to the accuracy of the information provided (except those originating form authorised secure sources), and disclaims any liability in the case of negligence on the part of the Users.
As data controller, Universign carries out Personal Data processing with the principal purposes of:
The information collected is sent to authorized services and could be sent to commercial partners for the purposes of service provision.
Universign collects and processes Personal Data pursuant to Law No 78-17 of 6 January 1978 amended, called the “Loi Informatique et Libertés” (French Data Protection Act). The data collected by Universign as part of the Service are retained for the time required for the Users to use their Universign account.
Persons concerned by the data processing have the right to access their Personal Data and a right to correct these data which allows them, where necessary, to have corrected, removed, supplemented, updated or locked data which is inaccurate, incomplete, ambiguous or out of date.
Persons concerned also have the right to object to the processing of their data for lawful reasons, except if these data are collected to comply with a legal obligation or if the data are required to perform a contract to which the data subject is a party or even if the data are used for a purpose for which the data subject has undoubtedly given his agreement.
These rights can be exercised by sending a copy of their ID document to Universign at the following address: Universign 7, rue du Faubourg Poissonnière 75009 Paris.
The website, branding, drawings, templates, images, text, photos, logos, graphical charts, software and program, search engines, databases, sounds, videos, domain names, design or any other information or material (presented by Universign, although this is a non-exhaustive list) are the exclusive property of Universign and are protected by their copyrights, branding, patents and any other intellectual or industrial property right granted to them in accordance with the laws in force.
Any total or partial reproduction and/or representation of one of these elements, without specific and prior authorization from Universign, is forbidden and would constitute an infringement punishable under the French Intellectual Property Code.
As a result, the User is prohibited from any action or activity that might adversely affect directly or otherwise the intellectual property rights of Universign
The User is prohibited to download, reproduce, transmit, send, distribute or use the content on Universign Platform, the API or the Website.
ELEMENTS UPLOADED BY THE USER
The User remains the owner of the elements which he or she uploads on Universign Platform, for which it holds exclusive ownership of, and which are protected by copyright, branding, patent or any other intellectual or industrial property right granted or soon to be granted, to them in accordance with the laws in force. Universign accepts solely to retain and archive the elements uploaded on Universign Platform.
The User commits to take all necessary measures to protect these rights with regard to all third parties and shall warrants Universign that the use of these elements shall not be perturbed or interrupted by any third party’s claim of adverse rights.
The information transmitted or collected by Universign through use of the Services are considered to be confidential and fall within professional secrecy and shall not be the subject of any external communication, beyond the exceptions connected with the provisions of the French Data Protection Law.
This provision does not prevent communications ordered by judicial or administrative proceedings.
Cases of force majeure or acts of God are explicitly considered to be those which are normally held to be so by the case law of the French courts and tribunals.
In the event of interpretation difficulties resulting from a contradiction between any of the titles of a clause and any one of the clauses, the titles shall be declared non-existent.
If one or several of the stipulations herein are held to be invalid or declared as such by application of a law or regulation or following a final non-appealable decision by a court, the other stipulations shall maintain their force and their scope.
These ToU and STU for the Service, as well as the relationship between the User and Universign in respect hereof, are governed by French law. This also applies to the substantive rules and the procedural rules and notwithstanding the places of performance of the substantive and ancillary obligations.
These terms are subject to French law. Only the French version of this document is binding upon the parties, even if translations exist, these being expressly provided purely for convenience and cannot have any legal effect, specifically with regard to the interpretation of the contract or the joint intention of the parties.
In the case of difficulties arising in executing and/or interpreting the contractual documents and before any action, the Parties pledge to use amicable settlement.
In the case of failure to reach an amical solution, each of them shall regain its complete freedom of legal action.
All dispute arising in connection with theses ToU will be settled by the jurisdiction of the appropriate court that reports to the Paris Court of Appeal
For any claim, you can contact Universign by sending a letter to 7 rue du Faubourg Poissonnière 75009 Paris or via the forms available on the Website.
As Trust Services Provider, Universign undertakes to comply with the rules and requirements provided for in the policies identified in the following table:
|126.96.36.199.4.1.158188.8.131.52.1||ETSI EN 319 411-1||CP of the CA hardware root, level NCP+|
|184.108.40.206.4.1.158220.127.116.11.2||ETSI EN 319 411-1||CP of the CA software root, level NCP+|
|18.104.22.168.4.1.15822.214.171.124.1||ETSI EN 319 411-2||CP for certificates for natural persons, level QCP-n|
|126.96.36.199.4.1.158188.8.131.52.5||ETSI EN 319 411-2||CP for certificates for an entity or an organisation, level QCP-l|
|184.108.40.206.4.1.158220.127.116.11.3||ETSI EN 319 411-1||CP for certificates for natural persons, level LCP|
|18.104.22.168.4.1.15822.214.171.124.4||ETSI EN 319 411-1||CP for certificates for an entity or an organisation, level LCP|
|126.96.36.199.4.1.158188.8.131.52||ETSI EN 319 411-1||CP of the timestamping authority, level NCP+|
|184.108.40.206.4.1.158220.127.116.11||ETSI EN 319 421||TP|
These policies are published on Universign website. Universign is audited every year on the basis of these policies by a conformity assessment body.
When Universign issues a Certificate for the User, it informs him/her by e-mail that his/her Certificate is available.
The User may retrieve their Certificate from the Universign Platform.
The User must inform Universign of any inaccuracy or error in the Certificate within 48 hours. After this period, the Certificate is deemed to be accepted.
Universign will provide a consultation service available on the Universign website to enable the validity check of the Certificates it has issued, for level 2 and 3 Electronic Signatures.
This service is available 24/7.
The information made available to the Certificate User by Universign enables the User to verify and validate, prior to its use, the status of a certificate and the corresponding certificate chain, specifically to verify the signatures in the certificate chain and the signatures guaranteeing the origin and integrity of the CRL.
In the event that the CA ceases its activities, Universign shall take the necessary steps to transfer its obligations to a competent body for the time periods it has committed to with regard to the Users, in accordance with its Certification Policies.
When the User uses a Qualified Certificate, Universign guarantees the User:
The Electronic Signature Service provides the User with a solution for creating an Electronic Signature and for the Signer to attach their Electronic Signature to all types of Documents.
The Signature Service is directly accessible via the Universign Platform and on Universign website, Universign apps or through Universign API integrated with the User’s software. Universign Signature Service enables three categories of Electronic Signatures to be implemented, classified in accordance with the regulatory and normative requirements to which they comply.
LEVEL 1 ELECTRONIC SIGNATURE
By using the level 1 Signature, the User is solely responsible for the Signer identification using its own organizational and technical processes. Indirect authentication of a declared Signer is carried out by Universign.
In using this level of Signature, Universign cannot guarantee the identity of the Signer, as the only elements of identification provided are those sent by the User. User will ensure, through their own methods and under their own responsibility, the identity of the Signer.
Universign bears no responsibility for the identification of the Signer except for that of using the identification data provided by the User and of retaining the data relating to this process.
LEVEL 2 ELECTRONIC SIGNATURE
In implementing the level 2 Electronic Signature, the Signer identification is carried out remotely by Universign via a scanned copy of the Signer’s ID sent to Universign. Authentication of the Signer is carried out by Universign.
In using this level of Signature, even if Universign proceeds with verifying an identification document (ID card, passport, …) remotely, it cannot fully guarantee the identity of the Signer. Consequently, it is incumbent upon the Users to ensure, through their own methods and under their own responsibility, the identity of the Signer.
Universign bears no responsibility for the identity of the Signer except for the responsibility of verifying the validity of the identification document against the copy sent to it and of retaining the technical data related to this process.
The level 2 Electronic Signature is implemented using Certificates in accordance with the requirements of the standard ETSI EN 319 411-1.
LEVEL 3 ELECTRONIC SIGNATURE
In implementing the level 3 Electronic Signature, the Signer Identification is carried out, in their presence, by a Registration Operator and then remotely by Universign via a scanned copy of the Signer’s identification document which has been sent to it.
The Registration Operator is responsible for carrying out a physical face-to-face identification of the Signer.
The level 3 Electronic Signature is implemented using Qualified Certificates in accordance with the requirements of the standard ETSI EN 319 411-2.
Universign stores the Documents signed using the Electronic Signature Service in such a way as to preserve their integrity.
The storage enables the signed Documents to be consulted online, as well as their retention, restitution and/or their destruction.
Universign reserves the right to deposit the stored Documents with specialist third-party companies.
The User’s Documents are archived starting from the date of their deposit and up until the User’s account is closed.
Outside of the Service, it is the responsibility of the User to make all provisions to ensure the preservation of the Document.
Universign stores the signed Documents in their original format by taking the security measures required to ensure their integrity and their confidentiality.
Except for cases where verifying the identity of the Signer is included as part of the Service offered, Universign cannot, in any case, be held liable in this respect. It is the User’s responsibility to ensure this through their own means.
As part of using the Electronic Signature Services any delegation of signature is prohibited.
Pursuant to the CP, data in the event logs are retained for the period required for the provision of proof in the case of a dispute about the validity of a Document signed using the Service and in the event of any judicial or administrative requirement.
Universign Timestamping Service allows the timestamping of all types of Documents via Universign Platform or through Universign API integrated into the User’s software. It includes the generation and the delivery of a Token.
Universign recommends that the User of the Time-stamping Service verifies and validates the Certificate used to deliver the Token at the time of the time-stamping request.
Universign guarantees that the Tokens produced by its Time-stamping Service are accurate within one (1) second with respect to universal time.
Universign retains the audit files from the Time-Stamping Token creation for a period of six (6) years after its end-of-life.
Universign guarantees that in case of an event affecting the Time-Stamping Service security, and which could have an effect on tokens issued by Universign, the appropriate information will be made available to Users through the Universign website.
Universign guarantees access to the information required by Users for verifying the Electronic Signature of Certificates used for Time-stamping Documents.
Pursuant to the TP, the data in the event logs are retained for a period of 6 years