The following are the legal agreements, notices and policies within Digi-Sign, The Certificate Corporation:
Digi-Sign, The Certificate Corporation [Digi-Sign] warrants that if a customer is not 100% Satisfied with their purchase of any of its products or solutions, it will refund the entire amount paid to Digi-Sign regardless of whether the product or solution has been used or not. This courteous 100% refund policy is offered without exception.
Your payment obligations
You understand and agree that fees for products, products and solutions will be paid in advance and may be billed to the credit card or postal address you provide on the web site or by telephone or by fax on either on a monthly or an annual basis as requested by you. If your credit card is not valid or if payment is not made for any reason which causes your account balance to go into a negative state the subscriber may be considered in default under the Agreement. If any payment due to the Company under this Agreement is not paid when due, Subscriber agrees to pay interest on the past due amount on a daily basis from the due date until the date paid at a rate equal to the lesser of 1.5% per month or the maximum rate allowed by law.
Refunds, Credits and Cancellations. Some Products and Solutions are provided at no cost to the Subscriber. For Products and Solutions that require payment, refunds will be offered only where it has been proven that Digi-Sign has not delivered within the terms of the contract or statement made at the time of purchase.
Automatic renewal. These agreements will automatically renew at the annual service price unless Subscriber cancels the account on the web site or sends written notice that he or she does not want it to renew. The Customer may cancel the automatic renewal at any time via the Account Details form on our website.
WARRANTY DISCLAIMERS
YOU ACKNOWLEDGE THAT DIGI-SIGN SERVICES ARE PROVIDED "AS IS, AS AVAILABLE" WITHOUT ANY WARRANTY OF ANY KIND INCLUDING, WITHOUT LIMITATION, ANY WARRANTY WITH RESPECT TO THE QUALITY, PERFORMANCE OR FUNCTIONALITY OF THE DIGI-SIGN SERVICES OR WITH RESPECT TO THE QUALITY OR ACCURACY OF ANY INFORMATION OBTAINED FROM OR AVAILABLE THROUGH USE OF DIGI-SIGN SERVICES OR THAT DIGI-SIGN SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.DIGI-SIGN DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF QUIET ENJOYMENT AND NON-INFRINGEMENT AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, WARRANTIES OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY OF COMPUTER PROGRAMS AND INFORMATIONAL CONTENT, PRODUCTS OR SOFTWARE SOLD OR OTHERWISE MADE AVAILABLE ON THIS SITE.
DIGI-SIGN IS PROVIDING SOME PRODUCTS, SERVICES AND SOLUTIONS REMOTELY VIA THE INTERNET AND MULTIPLE PUBLIC AND PRIVATE FACILITIES, SOME OF WHICH ARE NOT WITHIN OUR CONTROL. THE COMPANY DOES NOT GUARANTEE THE QUALITY OR CONDITION OF THE SERVICE.
Default and Remedies
The customer will be in default under this Agreement if there is any one or more of the following actions:
1. Failure to pay any amount when due.
2. Subscriber fails to comply with any provision of these Agreements.
3. Any representation made by subscriber in this Agreement is or becomes untrue.
If Subscriber is in default in any way, the Company may immediately take any one or more of the following actions
1. Declare all unpaid amounts due and payable.
2. Terminate this Agreement with respect to all or any part of the Services.
3. Take any other lawful action the Company may deem appropriate to obtain damages for subscriber's breach.
NOTIFICATION and CHANGES
If we change our refund policy, we will post those changes on this page so our users are aware of what information we collect, how we use it and under which circumstances, if any, we disclose it. Users should check this policy frequently to keep abreast of any changes.
For questions about this refund statement, the practices of this site or any dealings with Digi-Sign Limited, contact us at:
Digi-Sign Limited
Sidthorpe Lane
Dublin 4
IRELAND
info@digi-sign.com [1]
Within the Digi-Sign Standard SLA is the Incident Management System [IMS]. IMS is an automated system that escalates all support Cases as follows:
The following is the Standard Service Level Agreement [SLA] in support of Digi-Sign's solutions and services. This SLA incorporates system and personnel reaction times and escalations.
With particular regard to any communication from a User to Digi-Sign regarding a support issue, the entire escalation procedure is managed by an automated system that escalates issues, without human intervention, and automatically notifies the User.
A more complete explanation of this automated escalation procedure is detailed under Sub-Section 1.7.1. Incident Management.
1. Digi-Sign Service Levels
These Service Levels describe the details of the Digi-ID™ & Digi-SSL service & solutions provided by Digi-Sign™ to its customers. The following items will be described in detail in their respective sub-sections:
1.1 Service functionalities
1.2 Service Availability
1.3 Service Reliability
1.4 Operations
1.5 Service Maintenance
1.6 Change Management
1.7 Incident Management
2. Service Functionalities
Digi-ID™ & Digi-SSL™ are managed services for the issuing, management and support of digital certificates. Storage and provision of the service is from the Digi-Sign™ appointed data centre.
3 Service Availability
The service is available 24 hours per day, 7 days per week. The guaranteed minimum availability is 97.995%.
The measure for availability of the service is the timeframe in which the service has been available for both inbound and outbound data traffic. Unavailability of the service is defined as the number of minutes the service has not been available to the customer, except unavailability caused by:
The customer is required to notify the Customer Service Desk when it determines a non-availability of the service. Only instances of non-availability reported by the customer to the Customer Service Desk that have been acknowledged by Digi-Sign as a service interruption will be taken in account in order to calculate service availability provided the unavailability is not caused by one of the above mentioned reasons.
4. Service Reliability
Maximum number of service interruptions: 1 interruption per calendar month.
5. Operations
The Customer Service Desk is available any business day from 09.00 until 17.00 GMT, with exception of National Holidays. Customer service desk phone numbers:
6. Service Maintenance
Where regular maintenance affects the operation of the service, the customer will be notified at least 48 hours prior to maintenance. Scheduled maintenance will be executed within the service window in 97% of all times.
7.Change Management
Any change request can be filed any business day from 09.00 until 17.00 GMT. Reaction time, realisation and costs (if applicable), depending on planning and impact will be by mutual agreement.
7.1 Incident Management
Digi-Sign will allocate sufficient resources to solve problems as soon as possible, with prevention of exceeding SLA parameters as the primary objective. All Incident Management cases are monitored, reported on, automatically updated and automatically escalated by the Digi-Sign Incident Management System [IMS].
There are Five Levels within the IMS:
7.1.1. Level 1 – Incident Logging
A member of the Support Team manually enters all User Support Requests/Cases, no matter how they are received, into the Digi-Sign™ IMS. The IMS automatically notifies the User of the Task ID/Case number.
If the Case is not resolved by the User confirming that they are satisfied with the Support received and regard the case as close, it is automatically escalated to Level 2.
7.1.2 Level 2 - Severity 1
After 4 hours, a Senior Technical Specialist is informed and starts monitoring the work of the Team member that is working on the Case. Severity 1 Problems are monitored continuously and the customer receives status updates.
7.1.3 Level 3 – Severity 2
After 24 hours, the Senior Technical Specialists assumes direct control of the Case. In case other products are related to the problem also the vendors will be part of the team.
7.1.4 Level 4 – Severity 3
After 48 hours, the Digi-Sign™ Management and a Director of Digi-Sign™ will be informed and will act as problem manager during the solution phase. The maximum time to solve for Severity 3 Problems is 48 hours, unless a work-around is available.
Digi-Sign's™ goal is to solve the problem within a 72 hour time period. After a total of 5 days, or 120 hours, if there is no approach defined by Digi-Sign to solve the problem the case is terminated/suspended indefinitely.
7.1.5 Level 5 – Termination
On the basis that Digi-Sign's Senior Management and a Board Member were unable to solve the Case within the mandatory 120 hours, the case is terminated or suspended indefinitely.
This could occur due to the following reasons: we were unable to contact the customer (absent, on holidays), and we have sent a final email stating that we have tried to resolve the matter but received no response.
If we actually cannot solve the problem, we confirm this with the customer within the 120 hours and provide another option on how to proceed with this problem.
It is the responsibility of the customer to request that the Case be re-opened and processed through the IMS again, with the exception that we are able to fix the problem, but not within the specified deadline, a new deadline should be set by senior management.
If such a request is made, the Case will be treated as a totally new case but will carry the same Task ID.
If after three attempts and a total of 360 hours of Support time has not resolved the case, the parties agree that the case cannot be solved and it is terminated.
Digi-Sign, The Certificate Corporation [Digi-Sign] is an equal opportunities and affirmative action employer. We are committed to building an organisation that makes full use of the talents, skills, experience, and different cultural perspectives available in a multi-ethnic society, and where people feel they are respected and valued, and can achieve their potential regardless of race, colour, nationality, national or ethnic origins.
The aims of this policy are to ensure that:
This policy has been endorsed by Patrick Reynolds and has the full support of the management/board.
The policy was approved on 1 April, 2006, following consultation with senior managers and employees.
Overall responsibility for the effectiveness of this policy lies with Idoia Osteikoetxea.
All staff are responsible for familiarising themselves with this policy. Managers must also make sure their workers know about, and follow, the policy.
For further information, please contact Idoia Osteikoetxea.
From The Director
For questions about this Equal Opportunities Policy, the practices of this site or any dealings with Digi-Sign Limited, contact us at:
Digi-Sign Limited
Sidthorpe Lane
Dublin 4
IRELAND
info@digi-sign.com [1]
Digi-Sign, The Certificate Corporation [Digi-Sign] is an equal opportunities and affirmative action employer. We are committed to building an organisation that makes full use of the talents, skills, experience, and different cultural perspectives available in a multi-ethnic society, and where people feel they are respected and valued, and can achieve their potential regardless of race, colour, nationality, national or ethnic origins.
The aims of this policy are to ensure that:
This policy has been endorsed by Patrick Reynolds and has the full support of the management/board.
The policy was approved on 1 April, 2006, following consultation with senior managers and employees.
Overall responsibility for the effectiveness of this policy lies with Idoia Osteikoetxea.
All staff are responsible for familiarising themselves with this policy. Managers must also make sure their workers know about, and follow, the policy.
For further information, please contact Idoia Osteikoetxea.
From The Director
For questions about this Equal Opportunities Policy, the practices of this site or any dealings with Digi-Sign Limited, contact us at:
Digi-Sign Limited
Sidthorpe Lane
Dublin 4
IRELAND
info@digi-sign.com [1]
[3] As described in the Proposal Document (‘the Proposal’) and in consideration of the payment of the fees in accordance with the Proposal (the "Charges") by the Subscriber ("You") of the Charges set out in clause 2, Digi-Sign, The Certificate Corporation ("We" or "Us") agrees to provide the Digi-CA™ [4] system to You (the "Services" or the "System") in accordance with the terms and conditions set out below. The Charges are in Euro.
[3] In consideration of the Services, You shall pay the Charges to Us in accordance with the Proposal. The Charges are set out exclusive of taxes and expenses. At the start of the Project, the Project Deposit Fee as set out in the Proposal will be billed by us and must be paid for by electronic bank transfer in full by You within fourteen (14) days of the date of our invoice. Subsequent Project Opening Fees and Project Interim Fees may also be required as indicated in the Proposal and shall be paid by electronic bank transfer on the date specified in the invoice. When the Project Completion Form is received and in accordance with the Proposal, the Project Closing Fee and the first Annual License Fee, as set out in the Proposal will be invoiced and shall be paid by electronic bank transfer on the date specified in the invoice. All subsequent Annual License Fees and any additional Fees will be invoiced in advance and shall be paid by electronic bank transfer on the date specified on the invoice.
In the event of late payment of any of the Charges, interest shall be charged at the rate of interest referred to in the European Communities (Late Payment in Commercial Transactions) Regulations 2002, from the date of invoice until the date of actual payment, such interest to accrue daily and both before and after judgement.
All Charges referred to in this Agreement are exclusive and net of any taxes, duties or such other additional sums which shall be paid by You including, but without prejudice to the generality of the foregoing, VAT (if applicable), excise tax, tax on sales, property or use, import or other duties levied in respect of this Agreement.
You shall reimburse us for any vouched expenses which we may reasonably incur in relation to the provision of the Services. On travel distances exceeding 2.5 hours, our senior Directors will travel business class and all hotel accommodation should b three star rated accommodation or higher.
The following link provides the Digi-Sign Certificate Practice Statement [CPS]:
The following Terms of Use apply to all Digital Certificates issued by Digi-Sign Limited:
"The rights in this digital certificate and data contained herein are the property of Digi-Sign Limited and its licensors and is protected under intranational copyright law in accordance with the provisions of the Berne Convention. Use of this digital certificate is restricted to parties who have entered into a Digital Certificate Subscription Agreement with Digi-Sign Limited and reliance upon this digital certificate is restricted to parties who have entered into a Relying Party Agreement with Digi-Sign Limited."
Please read this document carefully before proceeding. You must not validate, rely on or use a Digi-Sign issued Digital Certificate or access or use Digi-Sign's Repository or any Service provided by Digi-Sign before reading and accepting the terms of this Relying Party Agreement and reading and understanding the Digi-Sign Certification Practice Statement. In any event you will be deemed to have accepted the terms of this Agreement if you validate, rely on or use a Digital Certificate, access or use Digi-Sign's Repository or use the Digi-CA™ Service or Digi-CA™ Server.
1. Application of Terms
1.1 These terms and conditions set out in this Agreement govern the relationship between you (the "Relying Party") and Digi-Sign Limited ("Digi-Sign") with regard to the Relying Party's:
1.1.1 validation, reliance on or use of a Certificate and the information and public key contained within for purpose of verifying a Digital Signature and decrypting a message set out in that Certificate; and
1.1.2 access and use of the Repository.
1.2 By accessing a Certificate or the Repository, the Relying Party consents to the terms and conditions in this Agreement and is deemed to have read and understood the CPS.
2. Definitions
2.1 In this Agreement the following terms and expressions shall have the following meanings:
2.1.1 "Business Day" means Monday to Friday inclusive excluding any days on which the banks in Dublin are closed for business (other than for trading in Euros);
2.1.2 "Certificate Chain" means the chain of Digital Certificates which may arise due to the issuing of a Digital Certificate by a Subordinate Certification Authority.
2.1.3 "CPS" and "CPS"means the certification practice statement released by Digi-Sign as amended from time to time;
2.1.4 "CRL" means Digi-Sign's certificate revocation list;
2.1.5 "Digital Certificate" means an encrypted electronic data file (conforming to the X.509 version 3 ITU-T standard) issued by Digi-Sign in order to identify a person or entity or to provide SSL encryption using a Digital Signature or entity and which contains the identity of the person authorised to use the Digital Signature and a copy of their Public Key, a serial number, a time period during which the Digital Certificate may be used and a Digital Signature issued by Digi-Sign
2.1.6 "Digital Certificate Subscriber Agreement" means the agreement entered into between Digi-Sign and the Subscriber for the provision of a Digital Certificate;
2.1.7 "Digital Signature" means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using means that the signatory can maintain under its sole control and is linked in a way so as to make any subsequent changes that have been made to the electronic data detectable;
2.1.8 "Force Majeure Event" means any circumstances beyond the reasonable control of Digi-Sign including without prejudice to the generality of the foregoing any natural disaster, act or regulation of any governmental or supra-national authority, lack or shortage of materials supplied by a third party (other than where such circumstances arise due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or riot;
2.1.9 "Prescribed Details" means the following details:
(a) indication that Digital Certificate is issued as a "qualified certificate";
(b) Digi-Sign's name and state of establishment;
(c) name of Subscriber or Subscriber's pseudonym (to be identified as such);
(d) provision for inclusion of a specific attribute of Subscriber, if relevant and depending on purpose of Certificate;
(e) Public Key corresponding to the Private Key under the control of the Subscriber;
(f) indication of the beginning and end period of validity of the Digital Certificate;
(g) identity code of the Digital Certificate;
(h) Digi-Sign's Digital Signature;
(i) limitations on the scope of use of the Certificate, if any; and
(j) limitations on the value of transactions for which the Certificate can be used, if any.
2.1.10 "Private Key" means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, encrypt and decrypt files or messages and provide proof of identities to access secure websites;
2.1.11 "Public Key" means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures, encrypt and decrypt files or messages and verify identities to access secure websites;
2.1.12 "Repository" means a publicly available collection of databases for storing and retrieving Digital Certificates, CRL's and other information relating to Digital Certificates and which may be accessed via Digi-Sign's website;
2.1.13 "Subscriber" means a person who is issued a Digital Certificate signed by Digi-Sign and who has entered into a Digital Certificate Subscription Agreement;
2.1.14 "Subordinate Certification Authority" means Digi-Sign or any third party appointed by Digi-Sign to act as a certification authority;
2.2 in this Agreement unless otherwise specified;
2.2.1 references to clauses and schedules are to clauses of, and schedules to, this Agreement;
2.2.2 use of any gender includes the other genders;
2.2.3 references to a "person" shall be construed so as to include any individual, firm, company or other body corporate, government, state or agency of a state, local or municipal authority or government body or any joint venture, association, partnership or limited partnership (whether or not having separate legal personality);
2.2.4 a reference to any statute or statutory provision or regulations shall be construed as a reference to the same as it may have been, or may from time to time be, amended, modified or re-enacted;
2.2.5 any reference to a "day" (including within the phrase "Business Day") shall mean a period of 24 hours from midnight to midnight;
2.2.6 subject to clause 16, references to "indemnifying" any person against any circumstance include indemnifying and keeping him harmless from all actions, claims and proceedings from time to time made against him and all loss, damage, payments, cost or expenses suffered made or incurred by him as a consequence of that circumstance;
2.2.7 a reference to any other document referred to in this Agreement is a reference to that other document as amended, varied, novated or supplemented (other than in breach of the provisions of this Agreement) at any time;
2.2.8 headings and titles are for convenience only and do not affect the interpretation of this Agreement;
2.2.9 general words introduced by the word "other" shall not be given a restrictive meaning by reason of the fact that they are preceded by words indicating a particular class of acts, matters or things; and
2.2.10 references to "€" are to Euros and reference to any amount in such currency shall be deemed to include reference to an equivalent amount in any other currency.
3. Relying Party Obligations
3.1 In consideration of being permitted access to and use of the Repository and access to, use of and reliance on, a Digital Certificate Service the Relying Party agrees to do the following prior to relying upon a Digital Certificate:
3.1.1 where the Digital Certificate is issued by a third party, verify the Certificate Chain to ensure that the third party is a Subordinate Certification Authority and that the Digital Certificate was issued in accordance with the policies set out in the CPS;
3.1.2 check the Repository to ensure that the Digital Certificate is valid and operational; and
3.1.3 take any other steps which would be reasonable for the Relying Party to take in the given circumstances.
3.2 The Relying Party agrees not to use the Digital Certificate for any purpose other than the purpose set out in the relevant section of the CPS for that particular class and type of Digital Certificate and to comply with the policies and procedures set out in the CPS.
4. Digi-Sign Obligations
4.1 Digi-Sign agrees to :
4.1.1 update the CRL and Repository by registering all revocations of Digital Certificates used for SSL which have been made by Digi-Sign or notified to Digi-Sign by a Subscriber within the 34 hours immediately preceding the time of update in the CRL and Repository; and
4.1.2 validate information provided by each Subscriber on the Digi-Sign enrolment form prior to issuing a Certificate containing that information using the methods set out in the table at Section titled "Validation of Certificate Applications" of the CPS.
5. Relying Party Acknowledgements
5.1 The Relying Party acknowledges that:
5.1.1 the CRL is updated by Digi-Sign and therefore does not contain a real time record of all SSL Digital Certificate revocations.
5.1.2 the security or integrity of a Private key which corresponds to a Public key contained in a Digital Certificate may be compromised due to an act or omission of a third party which has not been authorised by Digi-Sign and agrees that Digi-Sign shall not be liable to the Relying Party for any losses suffered by the Relying Party as a result of such compromise;
5.1.3 Digi-Sign relies upon authorisation records, government records, third party business databases and domain name services to validate information contained in Digital Certificates and agrees that Digi-Sign shall not be liable for loss suffered by the Relying Party as a result of inaccuracies or deficiencies contained in those records or databases or inaccurate information supplied by providers of domain name services or any other third party; and
5.1.4 Digi-Sign performs differing degrees of validation of information in Digital Certificates depending on the level of warranty attached to the Digital Certificate and its intended use and agrees to take these factors into consideration when deciding whether or not to rely on a Digital Certificate.
6. Amendments to the CPS
Digi-Sign reserves the right to amend any section of the CPS at any time without prior notice to the Relying Party, including without limitation, the section of the CPS that sets all the validation procedures for Digital Certificates.
7. Repository
The Repository is made on as "as is" and "as available" basis over publicly accessible networks and Digi-Sign cannot be responsible for any failures in such network that may cause the Repository to be unavailable. Digi-Sign excludes any warranty as to the availability of the Repository and reserves the right to exclude access to or close the Repository without notice at any time.
8. Exclusion of Warranties
Save as expressly provided under this Agreement all other warranties either expressed or implied are hereby excluded to the fullest extent permissible by law.
9. Termination
9.1 This Agreement shall commence on the date hereof and shall continue in force until terminated by Digi-Sign in accordance with the provisions of clause 9.2 below.
9.2 Digi-Sign may terminate this Agreement for convenience at any time and for any reason and will notify the Relying Party of such termination in accordance with Clause 14 of this Agreement.
10. Consequences of Termination
10.1 If this Agreement is terminated by Digi-Sign in accordance with clause 9 above, the Relying Party shall not, from the date of such termination:
10.1.1 use or access the Repository; or
10.1.2 use, access or rely on a Digital Certificate or any Service provided by Digi-Sign, and Digi-Sign's obligations under this Agreement shall cease.
11. Limitation of Liability
11.1 Nothing in this Agreement shall exclude or limit either party's liability:
11.1.1 for death or personal injury resulting from the negligence of such party or its directors, officers, employees, contractors or agents (if any); or
11.1.2 in respect of fraud or of any statements made fraudulently by such party.
11.2 Subject to clause 11.1, Digi-Sign shall not be liable to the Relying Party whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Digi-Sign shall be liable to the Relying Party in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Digi-Sign's maximum liability to the Relying Party for SSL Certificates shall be limited to
11.2.1 €0.01 for a Trial Digi-SSL™ Certificate, and
11.2.2 €0.01 for a Digi-SSL™ Xs Certificate,
11.2.3 €10,000 for a Digi-SSL™ Xp Certificate and Digi-SSL™ Xg Certificate, and
11.4 Subject to clause 11.1, Digi-Sign shall not be liable to the Relying Party whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential.
11.5 The Relying Party acknowledges that limitations on the use of the Certificate and limitations on the value of transactions for which the Certificate can be used are set out in each Certificate and agrees that Digi-Sign shall not be liable for any loss incurred (subject to clause 11.1 above) by the Relying Party from use of the Certificate which exceeds these limitations.
11.6 The parties acknowledge and agree that the limited warranty and limited liability set forth in this clause 8 are fundamental terms of this Agreement and are fair and reasonable having regard to the relationship between the parties and the benefits received by the Relying Party and obligations imposed on Digi-Sign under this Agreement.
12. Force Majeure
Digi-Sign shall not be liable for any breach of its obligations under this Agreement resulting from a Force Majeure Event.
13. Waiver
The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.
14. Notices
14.1 Notices to Digi-Sign
Any notice, request, instruction or other document to be given to Digi-Sign under this Agreement shall be delivered or sent by first class post or by facsimile transmission (such facsimile transmission notice to be confirmed by letter posted within 12 hours) to the address or to the facsimile number of Digi-Sign set out in this Agreement (or such other address or numbers as may have been notified to the Relying Party in writing) and any such notice or other document shall be deemed to have been served (if delivered) at the time of delivery (if sent by post) upon the expiration of 48 hours after posting or (if sent by facsimile transmission) upon the expiration of 12 hours after dispatch. The address for Digi-Sign Limited is Sidthorpe Lane, Dublin 4, Ireland, Tel: +353 (1) 685-3687, Fax: +353 (1) 685-3688 to be marked for the attention of The Digital Certificate Subscriber Agreement Administrator.
14.2 Notices to Relying Party
Any notice, request, instruction or other document to be given to the Relying Party under this Agreement shall be posted on Digi-Sign's website, situated at www.digi-sign.com [7] in the section "Repository" and shall be deemed to have been served at the time of entry of the notice on Digi-Sign's website.
15. Invalidity and Severability
If any provision of this Agreement (not being of a fundamental nature to its operation) shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable the invalidity or unenforceability of such provision shall not affect the other provisions of this agreement and all provisions not affected by such invalidity or unenforceability shall remain in full force and effect. The parties hereby agree to attempt to substitute for any invalid or unenforceable provision a valid or enforceable provision which achieves to the greatest extent possible the economic, legal and commercial objectives of the invalid or unenforceable provision.
16. Entire Agreement
16.1 This Agreement and all documents referred to herein contain the entire and exclusive agreement and understanding between the parties on the subject matter contained herein and supersedes all prior agreements, understandings and arrangements relating thereto. No representation, undertaking or promise shall be taken to have been given or implied from anything said or written in negotiations between the parties prior to this Agreement except as may be expressly stated in this Agreement.
16.2 Without prejudice to any liability for fraudulent misrepresentation, no party shall be under any liability or shall have any remedy in respect of misrepresentation or untrue statement unless and to the extent that a claim lies for breach of this Agreement.
17. Assignment
Neither party may assign or transfer or purport to assign or transfer a right or obligation under this Agreement without first obtaining the other party's written consent.
18. Variation
18.1 Any variations to this Agreement required by law shall take effect immediately. Digi-Sign shall provide written notice of such a variation to the Relying Party.
18.2 Subject to Clause 18.1, Digi-Sign may vary any term of this Agreement at any time on the provision of 20 Business Days written notice to the Relying Party of the variation.
19. Governing Law and Jurisdiction
This Agreement and all matters arising from or connected with it, are governed by and shall be construed in accordance with Irish law and the parties hereby submit to the non-exclusive jurisdiction of the Irish courts.
This relying party agreement was last updated on 28 April, 2008.
1. Application of Terms
1.1 These terms and conditions and schedules thereto, set out below govern the relationship between you (the 'Subscriber') and Digi-Sign Limited ('Digi-Sign').
2. Definitions and Interpretations
2.1 In this Agreement, unless the context requires otherwise, the following terms and expressions shall have the following meanings:
'Business Day' means Monday to Friday inclusive excluding any days on which the banks in Dublin are closed for business (other than for trading in Euros);
'Certificate Period' means the time period during which a Digital Certificate remains valid and may be used as set out in the Schedule;
'Charges' means the charges for the Subscriber Services as set out in Schedule 1 of this Agreement;
'Commencement Date' means the date when Digi-Sign receives the Subscriber's request for Subscriber Services set out in the Enrolment Form and sent to Digi-Sign via the online registration process;
'CP' means the Digi-Sign Certificate Policy [CP], a document setting out the policies under which Digi-Sign issues the Subscriber Services, as may be amended from time to time;
'CPS' means the Digi-Sign Certificate Practice Statement [CPS], a document setting out the working practices that Digi-Sign employs for the Subscriber Services and which defines the underlying certificate processes and Repository operations, as may be amended from time to time;
'Digi-Sign Group Company' means a Digi-Sign subsidiary or holding company, or a subsidiary of that holding company;
'Confidential Information' means all information obtained as a result of the parties entering into this agreement which relates to the provisions and subject matter of this Agreement (including but not limited to all Private Keys, personal identification numbers and passwords) and the business, systems or affairs of the other party and which is marked or designated in writing by the other party as being confidential.
'CRL' means a certificate revocation list that contains details of Digital Signatures that have been revoked by
Digi-Sign;
'Digital Certificate' means a digitally signed electronic data file (conforming to the X.509 version 3 ITU standard) issued by Digi-Sign in order to identify a person or entity seeking to conduct business over a communications network using a Digital Signature and which contains the identity of the person authorised to use the Digital Signature and a copy of their Public Key, a serial number, a time period during which the Digital Certificate may be used and a Digital Signature issued by Digi-Sign;
'Digital Signature' means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using the signatory's Private Key and is linked in a way so as to make any subsequent changes to the electronic data detectable;
'Domain Name' means a name registered with an Internet registration authority for use as part of a Subscriber's URL;
'Enrolment Form' means an electronic form on Digi-Sign's website completed by the Subscriber by providing the Subscriber Data and which identifies the requirements for the Subscription Service;
'Force Majeure Event' means, in relation to any party any circumstances beyond the reasonable control of that party including without prejudice to the generality of the foregoing any natural disaster, act or regulation of any governmental or supra-national authority, lack or shortage of materials supplied by a third party (other than where such circumstances arise due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or riot;
'Insolvency Event' means, in respect of any company that is party to this Agreement, that such company has ceased to trade, been dissolved, suspended payment of its debts or is unable to meet its debts as they fall due, has become insolvent or gone into liquidation (unless such liquidation is for the purposes of a solvent reconstruction or amalgamation), entered into administration, administrative receivership, receivership, a voluntary arrangement, a scheme of arrangement with creditors or taken any steps for its winding-up.
'Internet' means the global data communications network comprising interconnected networks using the TCP/IP standard;
'Issue Date' means the date of issue of a Digital Certificate to the Subscriber;
'Private Key' means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, and decrypt files or messages which have been encrypted with a Public Key;
'Public Key' means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures and encrypt files or messages;
'Repository' means a publicly available collection of databases for storing and retrieving Digital Certificates, CRL's and other information relating to Digital Certificates and which may be accessed via Digi-Sign's website;
'Schedule' means the schedule attached to this Agreement;
'Scope of Use' shall have the meaning, if any, set out in Schedule 1 to this Agreement;
'Site' means a place at which Digi-Sign agrees to provide the Subscription Service;
'Selected Subscriber Data' means all of the Subscriber Data set out in the Schedule to this Agreement marked with the initials 'SSD'
'Software' means any software provided by Digi-Sign to enable the Subscriber to access or use the Subscription Service;
'Subscriber' means the individual or body corporate named on the Enrolment Form during the online registration process and anyone that acts or purports to act with that person's authority or permission;
'Subscriber Data' means information about the Subscriber required by Digi-Sign to provide the Subscription Services, including without limitation, the information set out in the Schedule to this Agreement (which may or may not contain personal data for the purposes of the Data Protection Act 1998) which must be provided by the Subscriber on the Enrolment Form during the online registration process;
'Subscription Service' means the Digital Certificate subscription services and any solutions (including Digital Certificates, Public Keys and Private Keys) described in the Schedule to this Agreement;
'Third Party Data' means data, information or any other materials (in whatever form) not owned or generated by or on behalf of the Subscriber;
'URL' means a uniform resource locator setting out the address of a webpage or other file on the Internet.
2.2 Subject to Clause 16, references to 'indemnifying' any person against any circumstance include indemnifying and keeping him harmless from all actions, claims and proceedings from time to time made against him and all loss, damage, payments, cost or expenses suffered made or incurred by him as a consequence of that circumstance;
2.3 The schedule to this Agreement forms part of this Agreement and shall have the same force and effect as if expressly set out in the body of this Agreement, and any reference to this Agreement shall include the schedule. To the extent that there is an inconsistency between the terms of the body of this Agreement and its schedule, the terms of the body of this Agreement shall prevail.
3. Provision of Digital Certificate Subscription Services
3.1 Provided that Digi-Sign is able to validate, to its satisfaction, the Subscriber Data, Digi-Sign shall accept a Subscriber's application for the Subscription Service (as such application is set out in the Enrolment Form) and shall provide the Subscriber with the Subscription Service set out in the Schedule in accordance with the terms of this Agreement and the Schedule, save that Digi-Sign reserves the right to refuse a Subscriber's application for the Subscription Service by notifying the Subscriber as soon as reasonably possible.
3.2 Subscriber shall, in consideration for the provision of the Subscription Service and the licences granted under this Agreement, pay to Digi-Sign the Charges set out in the Schedule in accordance with clause 6 of this Agreement.
4. Use of the Subscription Service
4.1 The Subscription Service is provided by Digi-Sign for the Subscriber's own use and the Subscriber hereby agrees not to resell or attempt to resell (or provide in any form whether for consideration or not) the Subscription Service (or any part of it) to any third party and shall not allow any third party to use the Subscription Service without the written consent of Digi-Sign.
4.2 The Subscriber shall:
4.2.1 Use or access the Subscription Service only in conjunction with the Software or other software that may be provided by Digi-Sign from time to time or specified by Digi-Sign to be appropriate for use in conjunction with the Subscription Service.
4.2.2 be responsible, at its own expense, for access to the Internet and all other communications networks (if any) required in order to use the Subscription Service and for the provision of all computer and telecommunications equipment and software required to use the Subscription Service save where the same is not expressly provided under the terms of this Agreement;
4.2.3 obtain and keep in force any authorisation, permission or licence necessary for the Subscriber to use the Subscription Service save where Digi-Sign expressly agrees to obtain the same under the terms of this Agreement;
4.2.4 remain responsible for the generation of any Subscriber's Private Key and shall take all reasonable precautions to prevent any violation of, loss of control over, or unauthorised disclosure of confidential information relating to the Subscription Service; and
4.2.5 shall be solely responsible for any transactions of any kind entered into between the Subscriber and any third party using or acting in reliance on the Subscription Service and acknowledges that Digi-Sign shall not be a party to, or be responsible in any way for, any such transaction.
4.3 The Subscriber shall not use the Subscription Service to transmit (either by sending by email or uploading using any format of communications protocol), receive (either by soliciting an email or downloading using any format of communications protocol), view or in any other way use any information which may be illegal, offensive, abusive, contrary to public morality, indecent, defamatory, obscene or menacing, or which is in breach of confidence, copyright or other intellectual property rights of any third party, cause distress, annoyance, denial of any service, disruption or inconvenience, send or provide advertising or promotional material or other form of unsolicited bulk correspondence or create a Private key which is identical or substantially similar to any Public Key.
5. Licence of Digital Certificate Technology
5.1 Digi-Sign grants the Subscriber a revocable, non-exclusive, non-transferrable personal licence to use any Digital Certificates provided in accordance with the Subscription Service, any Digital Signature generated using the Subscriber's Public Key and Private Key and any manuals or other documents relating to the above insofar as is necessary for the Subscriber to utilise the Subscription Services.
5.2 The Subscriber shall not copy or decompile (except where such decompilation is permitted by Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society) enhance, adapt or modify or attempt to do the same to the Digital Certificates, Public Keys and Private Keys, or any Digital Signature generated using any Public Key or Private Key; or any documents or manuals relating to the same without Digi-Sign's prior written consent.
6. Charges and Payment Terms
6.1 The Charges shall be due to be paid by the Subscriber on or before the Issue Date.
6.2 Digi-Sign shall refund the Charges (including any Value Added Tax or any other appropriate sales, use tax or equivalent charge) paid to it by the Subscriber if within 20 Business Days of the Issue Date, the Subscriber has not used the Subscription Service and has, within this period, made a written request to Digi-Sign for revocation of the Digital Certificate issued to it or Digi-Sign revokes the Digital Certificate pursuant to Clause 7.3.
7. Security
7.1 The Subscriber shall take all reasonable measures to ensure the security and proper use of all personal identification numbers, Private Keys and passwords used in connection with the Subscription Service. The Subscriber shall also immediately inform Digi-Sign if there is any reason to believe that a personal identification number, Private Key or password has or is likely to become known to someone not authorised to use it, or is being, or is likely to be used in an unauthorised way, or if any of the Subscriber Data provided by the Subscriber using the on-line registration process or subsequently notified to Digi-Sign ceases to remain valid or correct or otherwise changes.
7.2 The Subscriber shall have sole responsibility for all statements, acts and omissions which are made under any password provided by it to Digi-Sign.
7.3 Digi-Sign reserves the right to revoke a Subscriber's Digital Certificate in the event that Digi-Sign has reasonable grounds to believe that:
7.3.1 a personal identification number, Private Key or password has, or is likely to become known to someone not authorised to use it, or is being or is likely to be used in an unauthorised way;
7.3.2 a Subscriber's Digital Certificate has not been issued in accordance with the policies set out in the Digi-Sign CPS;
7.3.3 the Subscriber has requested that its Digital Certificate be revoked;
7.3.4 there has been, there is, or there is likely to be a violation of, loss of control over, or unauthorised disclosure of Confidential Information relating to the Subscription Service; or
7.3.5 the Subscriber Data is no longer correct or accurate, save that Digi-Sign has no obligation to monitor or investigate the accuracy of information in a Digital Certificate after the Issue Date of that Digital Certificate; or
7.3.6 the Subscriber has used the Subscription Service with third party software not authorised by Digi-Sign for use with the Subscription Service.
and Digi-Sign may, in its absolute discretion after revocation of a Digital Certificate, reissue a Digital Certificate to the Subscriber or terminate this Agreement in accordance with the provisions of Clause 15.
7.4 The Subscriber agrees to discontinue all use of the Subscriber's Digital Certificate if the Subscriber's Digital Certificate is revoked in accordance with this Agreement, the Certificate Period expires, this Agreement is terminated, or any of the information constituting the Subscriber Data ceases to remain valid or correct or otherwise changes.
8. Confidentiality
8.1 Neither party shall use any Confidential Information other than for the purpose of performing its obligations under this Agreement save where Confidential Information is required for the provision of the Subscription Service.
8.2 Each party shall procure that any person to whom Confidential Information is disclosed by it complies with the restrictions set out in this clause 8 as if such person were a party to this Agreement.
8.3 Notwithstanding the previous provisions of this clause 8 either party may disclose Confidential Information if and to the extent required by law, for the purpose of any judicial proceedings or any securities exchange or regulatory or governmental body to which that party is subject, wherever situated, including (amongst other bodies) the Dublin Stock Exchange Limited or the Panel on Take-overs and Mergers, whether or not the requirement for information has the force of law, and if and to the extent the information has come into the public domain through no fault of that party.
8.4 The restrictions contained in this clause 8 shall continue to apply to each party for the duration of this Agreement and for the period of 5 years following the termination of this Agreement.
9. Subscriber Data
9.1 The Subscriber acknowledges that in order to provide the Subscription Service the Selected Subscriber Data shall be embedded in the Subscriber's Digital Certificates and the Subscriber hereby consents to the disclosure to third parties of such Selected Subscriber Data held therein.
9.2 The Subscriber hereby grants Digi-Sign permission to examine, evaluate, process and in some circumstances transmit to third parties located outside the European Union the Subscriber Data insofar as is reasonably necessary for Digi-Sign to provide the Subscription Service.
9.3 Digi-Sign shall in performing its obligations under this Agreement, comply with the Data Protection Act 1998 and any legislation or guidelines which amends or replaces such legislation and shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against actual loss or destruction of or damage to such data.
10. Intellectual Property Rights
10.1 Unless otherwise agreed in writing, the parties agree that Digital Certificates, Digi-Sign Public Keys, and
Digi-Sign Private Keys are the property of Digi-Sign and the Subscribers Private Keys are the property of the Subscriber.
10.2 The Subscriber agrees not to use the Digi-Sign name, brand, get-up or logo in any way except with Digi-Sign's prior written consent.
11. Digi-Sign Obligations
11.1 Digi-Sign agrees to:
11.1.1 provide the Subscription Service with the reasonable skill and care of a competent provider of similar Digital Certificate services save that Digi-Sign does not undertake to provide a fault free service;
11.1.2 investigate and verify prior to the Issue Date the accuracy of the information to be incorporated in the Digital Certificate in accordance with the procedures set out in the Schedule to this Agreement ;
11.1.3 use its reasonable endeavours to provide the Subscription Service by the date agreed in writing with the Subscriber but that Digi-Sign is under no obligation to meet any agreed date and has no liability to the Subscriber for failure to provide the Subscription Service (or any part thereof) by such date; and
11.1.4 maintain a copy in the Repository and details in the CRL of each Digital Certificate which has been revoked or has expired for a reasonable period after the Digital Certificate's revocation or expiry.
12. Subscriber Warranties, Representations and Indemnities
12.1 The Subscriber warrants, represents and undertakes that:
12.1.1 all Subscriber Data is, and any other documents or information provided by the Subscriber are, and will remain accurate and will not include any information or material (or any part thereof), the accessing or use of which would be unlawful, contrary to public interest or otherwise likely to damage the business or reputation of Digi-Sign in any way;
12.1.2 it has and will comply with all consumer and other legislation, instructions or guidelines issued by regulatory authorities, relevant licences and any other codes of practice which apply to the Subscriber or Digi-Sign (such codes of practice to be notified to the Subscriber by Digi-Sign in advance) and that the Subscriber has obtained all licences and consents necessary for performing its obligations to extend full co-operation at all times to third parties working from time to time with Digi-Sign; and
12.1.3 it has full power and authority to enter into this Agreement and to perform all of its obligations under this Agreement.
12.2 Subscriber shall promptly disclose in writing to Digi-Sign anything which constitutes a breach of, or is inconsistent with any of the warranties and undertakings in Clause 12.1.
12.3 The Subscriber shall indemnify Digi-Sign against any claims or legal proceedings which are brought or threatened against Digi-Sign by any third party as a result of the Subscriber's breach of the provisions of this Agreement.
Digi-Sign will notify the Subscriber of any such claims or proceedings and keep the Subscriber informed as to the progress of such claims or proceedings.
12.4 The Subscriber agrees not to make any representations regarding the Subscription Services to any third party except as agreed in writing by Digi-Sign.
13. Exclusion of Warranties
Save as expressly provided under this Agreement all other warranties either expressed or implied are hereby excluded to the fullest extent permissible by law.
14. Term and Termination
14.1 This Agreement shall commence on the Commencement Date and shall continue for the Certificate Period unless terminated earlier in accordance with this Clause 14.
14.2 Either party may terminate this Agreement for convenience by providing to the other 20 Business Day's written notice.
14.3 This Agreement may be terminated forthwith or on the date specified in the notice:
14.3.1 by either party if the other commits any material breach of any term of this Agreement and which (in the case of a breach capable of being remedied) shall not have been remedied within 20 Business Days of a written request by the other party to remedy the same or by either party, if in respect of the other party, an Insolvency Event occurs or that other party ceases to carry on its business;
14.3.2 by Digi-Sign in the event a Digital Certificate is revoked in accordance with the provisions of Clause 7.3 or if Digi-Sign is unable to validate, to its satisfaction, all or part of the Subscriber Data.
15. Consequences of Termination
15.1 If this Agreement is terminated by Digi-Sign under Clause 14 for any reason or under Clause 17.3 Digi-Sign may (in the event that a Subscriber's Digital Certificate has not already been revoked) revoke the Subscriber's Digital Certificate without further notice to the Subscriber and the Subscriber shall pay any Charges payable but not yet paid under this Agreement.
16. Limitation of Liability
16.1 Nothing in this Agreement shall exclude or limit the liability of either party for death or personal injury resulting from the negligence of that party or its directors, officers, employees, contractors or agents, or in respect of fraud or of any statements made fraudulently by either party;
16.2 Subject to clause 16.1 Digi-Sign shall not be liable to the Subscriber whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Digi-Sign shall be liable to the Subscriber in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Digi-Sign's maximum liability to the Subscriber shall be limited to the Charges paid by the Subscriber under this Agreement or €10,000, whichever is the greater.
16.3 Digi-Sign shall not be liable to the Subscriber for any loss suffered by the Subscriber due to use of the Digital Certificate outside the Scope of Use or for transactions outside the Maximum Transaction Value.
16.4 Without prejudice to Subscriber's rights to terminate this Agreement, Subscriber's sole remedy at law, in equity or otherwise in respect of any claim against Digi-Sign shall be limited to damages.
17. Force Majeure
17.1 Neither party hereto shall be liable for any breach of its obligations hereunder resulting from a Force Majeure Event.
17.2 Each of the parties hereto agrees to give written notice forthwith to the other upon becoming aware of a Force Majeure Event such notice to contain details of the circumstances giving rise to the Force Majeure Event and its anticipated duration. If such duration is more than 20 days then the party not in default shall be entitled to terminate this agreement, with neither party having any liability to the other in respect of such termination.
17.3 The party asserting a Force Majeure Event shall not be excused performance of its obligations unaffected by such a Force Majeure Event and shall endeavour to seek an alternative way of fulfilling its affected obligations without any materially adverse affect on the other party.
18. Waiver
The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.
19. Notices
19.1 Notices shall be in writing, and shall be sent to the other party marked for the attention of the person either at the address set out in 19.2 below in the case of Digi-Sign, or the address of the Subscriber as set out on the Enrolment Form. Notices may be sent be first-class mail or facsimile transmission provided that facsimile transmissions are confirmed within 12 hours by first-class mailed confirmation of a copy. Correctly addressed notices sent by first-class mail shall be deemed to have been delivered 48 hours after posting and correctly directed facsimile transmissions shall be deemed to have been received 12 hours after dispatch.
19.2 The address for Digi-Sign Limited is Sidthorpe Lane, Dublin 4, Ireland, Tel: +353 (1) 685-3687, Fax: +353 (1) 685-3688 to be marked for the attention of The Digital Certificate Subscriber Agreement Administrator.
20. Invalidity and Severability
If any provision of this Agreement (not being of a fundamental nature to its operation) is judged to be invalid, illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions will not be prejudiced.
21. Entire Agreement
21.1 This Agreement and Schedules and all documents referred to herein contain the entire and exclusive agreement and understanding between the parties on the subject matter contained herein and supersedes all prior agreements, understandings and arrangements relating thereto. No representation, undertaking or promise shall be taken to have been given or implied from anything said or written in negotiations between the parties prior to this Agreement except as may be expressly stated in this Agreement.
21.2 Without prejudice to any liability for fraudulent misrepresentation, no party shall be under any liability or shall have any remedy in respect of misrepresentation or untrue statement unless and to the extent that a claim lies for breach of this Agreement.
22. Assignment
Neither party may assign or transfer or purport to assign or transfer a right or obligation under this Agreement without first obtaining the other party's written consent.
23. Governing Law and Jurisdiction
This Agreement and all matters arising from or connected with it, are governed by and shall be construed in accordance with Irish law and the parties hereby submit to the non-exclusive jurisdiction of the Irish courts.
24. Rights of Third Parties
For the avoidance of doubt no third party shall be entitled (for the purposes of the Contracts (Rights of Third Parties) Act 1999) to any rights under this Agreement which it may enter against Digi-Sign.
Schedule 1 Client Certificate
1. Definitions used in this Schedule
'Client Certificate' means the Digital Certificate produced pursuant to the service described in this Schedule;
2. The Subscription Service
2.1 Digi-Sign shall provide the Subscriber with a Client Certificate which will enable the Subscriber to encrypt and add a Digital Signature to an email sent by the Subscriber; gain access to a pre-configured network, internet or extranet; and/or authenticate a user to a Virtual Private Network [VPN].
2.2 The Subscriber's web browser will automatically generate a Private Key/Public Key pair during the signing up process. A PKCS #10 Digital Certificate request containing the Public Key shall be submitted to Digi-Sign during the online sign up process.
3. Scope of Use
3.1 The Subscriber shall only use the Client Certificate in conjunction with S/MIME compliant software for the purposes of encrypting an email or adding a digital signature to an email which the Subscriber wishes to send to a third party.
3.2 The Subscriber shall only use the Client Certificate with Digi-Sign software, or Digi-Sign approved software.
3.3 The total value of any transaction entered into by the Subscriber whilst using the Free Secure Email Certificate shall not exceed £0.01.
4. Charges
4.1 The Charges for the Subscription Service are defined on the official website and during the on-line registration.
4.2 The Charges set out at paragraph 4.1 above are exclusive of Value Added Tax or any other appropriate sales, use tax or equivalent charge applicable in any country where the Subscription Services is provided. Such applicable tax shall be notified to the Subscriber by Digi-Sign and shall be payable by the Subscriber.
5. Certificate Period
The Certificate Period shall commence on the Issue Date and shall continue for 365 days or until revocation of the Digital Certificate by Digi-Sign in accordance with the terms of this Agreement, whichever is earlier.
6. Subscriber Data
The Subscriber shall provide the following Subscriber Data: Full name (SSD), Email address (SSD), Subscriber Public Key (SSD), Challenge password
Items marked as SSD will either be embedded into the Subscriber's Client Certificate.
This Certificate Subscriber Agreement was last updated on 28 April, 2008.
[8] This section describes the certificate application process, including the information required to make and support a successful application.
4.1 Certificate Application Requirements
The Affiliate, Reseller or Partner [ARP] may issue Certificates to Private Organisations that satisfy the following requirements:
a) The Private Organisation is a legally recognised entity whose existence was created by a filing with (or an act of) the Incorporating Agency in its Jurisdiction of Incorporation (e.g., by issuance of a certificate of incorporation);
b) The Private Organisation has designated with the Incorporating Agency a Registered Agent, Registered Office (as required under the laws of the Jurisdiction of Incorporation) or equivalent;
c) The Private Organisation is not designated on the records of the Incorporating Agency by labels such as “inactive,” “invalid,” “not current,” or the equivalent;
d) The Private Organisation’s Jurisdiction of Incorporation and/or its Place of Business is not in any country where Digi-Sign is prohibited from doing business or issuing a certificate by the laws of Digi-Sign’s jurisdiction; and
e) The Private Organisation is not listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of Digi-Sign’s jurisdiction.
ARP may issue Certificates to Government Entities that satisfy the following requirements:
a) The legal existence of the Government Entity is established by the law of the Jurisdiction of Incorporation;
b) The Government Entity is not in any country where Digi-Sign is prohibited from doing business or issuing a certificate by the laws of Digi-Sign’s jurisdiction; and
c) The Government Entity is not listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of Digi-Sign’s jurisdiction.
All qualifying Certificate applicants must complete the enrolment process, which may include:
• Generate a RSA key pair and demonstrate to ARP ownership of the private key half of the key pair through the submission of a valid PKCS#10 Certificate Signing Request [CSR], or SPKAC request for certain certificates.
• Make all reasonable efforts to protect the integrity of the private key half of the key pair
• Submit to Digi-Sign a certificate application request, including application information as detailed in the Digi-Sign CPS, a public key half of a key pair, and agree to the terms of the relevant subscriber agreement
• Provide proof of identity through the submission of official documentation if, and as, requested by Digi-Sign during the enrolment process
Certificate applications are submitted to the Digi-Sign approved Registration Agent [RA] or Light Registration Agent [LRA].
4.1.1 ARP Customer Certificate Applications
ARP Customers may act as RAs under the practices and policies stated within the Digi-Sign CPS. The RA may make the application on behalf of the applicant pursuant to this ARP contract.
Under such circumstances, the RA is responsible for all the functions on behalf of the applicant and such responsibilities are detailed and maintained within the this ARP contract.
4.1.2 Digi-CA™ Service Account Holder Certificate Applications
Digi-CA™ Service Account Holders act as RAs under the practices and policies stated within the CPS. The RA makes the application for a secure server certificate to be used by a named server, or a secure email certificate to be used by a named employee, partner or extranet user under a domain name that the ARP has validated either belongs to, or may legally be used by the Digi-CA™ Service Account holding organisation.
4.1.3 Methods of application
Generally, applicants will complete the online forms made available by the ARP or by approved RAs at the respective official websites. Under special circumstances, the applicant may submit an application via email; however, this process is available at the discretion of the ARP or its RAs.
Digi-CA™ Service Account Holder applications are made through the Digi-CA™ Service Management Console – a web based console hosted and supported by Digi-Sign.
4.2 Application Validation
Prior to issuing a Certificate, the ARP employs controls to validate the identity of the subscriber information featured in the certificate application.
4.2. ARP Certificates Validation Process
Before issuing a Certificate, the ARP ensures that all Subject organisation information in the Certificate conforms to the requirements of, and has been verified in accordance with, these guidelines and matches the information confirmed and documented by the ARP pursuant to its verification processes.
As a general rule, the ARP is responsible for taking all verification steps reasonably necessary to satisfy each of the Verification Requirements set forth below. The Acceptable Methods of Verification set forth in each of Sections 4.2.1 through 4.2.11 below (which usually include alternatives) are considered to be acceptable methods of verification that may be employed by the ARP. In all cases, however, the ARP will take any additional verification steps that may be reasonably necessary under the circumstances to satisfy the applicable Verification Requirement.
4.2.1. Verification of Applicant’s Legal Existence and Identity
(a) Verification Requirements. To verify Applicant’s legal existence and identity, the ARP will do the following:
(1) Legal Existence: Verify that the Applicant is a legally recognised entity, in existence and validly formed (e.g., incorporated) with the Incorporating Agency in Applicant’s Jurisdiction of Incorporation, and not designated on the records of the Incorporating Agency by labels such as “inactive,” “invalid,” “not current,” or the equivalent.
(2) Organisation Name: Verify that the Applicant’s formal legal name as recorded with the Incorporating Agency in Applicant’s Jurisdiction of Incorporation matches Applicant’s name in the Certificate Request.
(3) Registration Number: Obtain the specific unique Registration Number assigned to Applicant by the Incorporating Agency in the Applicant’s Jurisdiction of Incorporation
(4) Registered Agent: Obtain the identity and address of the Applicant’s Registered Agent or Registered Office (as applicable) in the Applicant’s Jurisdiction of Incorporation.
(b) Acceptable Method of Verification. All of the foregoing will be verified directly with or obtained directly from the Incorporating Agency in the Applicant’s Jurisdiction of Incorporation. Such verification may be through use of a Qualified Government Information Source operated by or on behalf of the Incorporating Agency, or by direct contact with the Incorporating Agency in person or via mail, email, web address, or telephone using an address or phone number obtained from a Qualified Independent Information Source.
4.2.2 Verification of Applicant’s Legal Existence and Identity – Assumed Name
(a) Verification Requirements. If, in addition to the Applicant’s formal legal name as recorded with the Incorporating Agency in Applicant’s Jurisdiction of Incorporation, Applicant’s identity as asserted in the Certificate is to contain any assumed name (also known as “doing business as”, “DBA”, or “d/b/a” in the US and “trading as” in the UK) under which Applicant conducts business, the ARP will verify that: (i) the Applicant has registered its use of the assumed name with the appropriate government agency for such filings in the jurisdiction of its Place of Business (as verified in accordance with these guidelines), and (ii) that such filing continues to be valid.
(b) Acceptable Method of Verification. To verify any assumed name under which Applicant conducts business:
(1) The ARP may verify the assumed name through use of a Qualified Government Information Source operated by or on behalf of an appropriate government agency in the jurisdiction of the Applicant’s Place of Business, or by direct contact with such government agency in person or via mail, email, web address, or telephone; or
(2) The ARP may verify the assumed name through use of a Qualified Independent Information Source [QIIS] provided that the QIIS has verified the assumed name with the appropriate government agency.
(3) The ARP may rely on a Verified Legal Opinion, or a Verified Accountant Letter that indicates the assumed name under which Applicant conducts business, the government agency such assumed name is registered with, and that such filing continues to be valid.
4.2.3 Verification of Applicant’s Physical Existence
(a) Address of Applicant’s Place of Business
(1) Verification Requirements. To verify Applicant’s physical existence and business presence, the ARP will verify that the physical address provided by Applicant is an address where Applicant conducts business operations (e.g., not a mail drop or P.O. Box), and is the address of Applicant’s Place of Business.
(2) Acceptable Methods of Verification. To verify the address of Applicant’s Place of Business:
(A) For Applicants whose Place of Business is in the same country as the Applicant’s Jurisdiction of Incorporation:
(1) For Applicants listed at the same Place of Business address in the current version of at least one QIIS, the ARP will confirm that the Applicant’s address as listed in the Certificate Request is a valid business address for Applicant by reference to such QIIS, and may rely on Applicant’s representation that such address is its Place of Business;
(2) For Applicants who are not listed at the same Place of Business address in the current version of at least one QIIS, the ARP will confirm that the address provided by the Applicant in the Certificate Request is in fact Applicant’s business address by obtaining documentation of a site visit to the business address which will be performed by a reliable individual or firm. The documentation of the site visit will:
(a) Verify that the Applicant’s business is located at the exact address stated in the Certificate Request (e.g., via permanent signage, employee confirmation, etc.);
(b) Identify the type of facility (e.g., office in a commercial building, private residence, storefront, etc.) and whether it appears to be a permanent business location;
(c) Indicate whether there is a permanent sign (that cannot be moved) that identifies the Applicant
(d) Indicate whether there is evidence that Applicant is conducting ongoing business activities at the site (e.g., that it is not just a mail drop, P.O. box, etc.), and
(e) Include one or more photos of (i) the exterior of the site (showing signage indicating the Applicant’s name, if present, and showing the street address if possible), and (ii) the interior reception area or workspace.
(3) For all Applicants, the ARP may alternatively rely on a Verified Legal Opinion or a Verified Accountant Letter that indicates the address of Applicant’s Place of Business and that business operations are conducted there.
(B) For Applicants whose Place of Business is not in the same country as the Applicant’s Jurisdiction of Incorporation, the ARP will rely on a Verified Legal Opinion that indicates the address of Applicant’s Place of Business and that business operations are conducted there.
(b) Telephone Number for Applicant’s Place of Business
(1) Verification Requirements. To further verify Applicant’s physical existence and business presence, as well as to assist in confirming other verification requirements, the ARP will verify that the telephone number provided by Applicant is a main phone number for Applicant’s Place of Business.
(2) Acceptable Methods of Verification. To verify Applicant’s telephone number, the ARP will perform A and one of B, C, or D as listed below:
(A) Confirm Applicant’s telephone number by calling it and obtaining an affirmative response sufficient to enable a reasonable person to conclude that the Applicant is reachable by telephone at the number dialed; and
(B) Confirm that the telephone number provided by the Applicant is listed as the Applicant’s telephone number for the verified address of its Place of Business in records provided by the applicable phone company or alternatively in at least one QIIS; or
(C) During a site visit, the person who is conducting the site visit will confirm the Applicant’s main telephone number by calling it and obtaining an affirmative response sufficient to enable a reasonable person to conclude that the Applicant is reachable by telephone at the number dialled. The ARP will also confirm that the Applicant’s main telephone number is not a mobile phone; or
(D) Rely on a Verified Legal Opinion or a Verified Accountant Letter to the effect that the Applicant telephone number provided is a main phone number for Applicant’s Place of Business;
4.2.4 Verification of Applicant’s Operational Existence
(a) Verification Requirements. If the Applicant has been in existence for less than three (3) years, as indicated by the records of the Incorporating Agency, and is not listed in the current version of one QIIS, the ARP will verify that the Applicant has the ability to engage in business.
(b) Acceptable Methods of Verification. To verify the Applicant’s operational existence, the ARP will perform one of the following:
(1) Verify the Applicant has an active current Demand Deposit Account with a Regulated Financial Institution. The ARP will receive authenticated documentation directly from a Regulated Financial Institution verifying that the Applicant has an active current Demand Deposit Account with the institution.
(2) Rely on a Verified Legal Opinion or a Verified Accountant Letter to the effect that the Applicant has an active current Demand Deposit Account with a Regulated Financial Institution;
4.2.5 Verification of Applicant’s Domain Name
(a) Verification Requirements. To verify Applicant’s registration or exclusive control of the domain name(s) to be listed in the Certificate, the ARP will verify that each such domain name satisfies the following requirements:
(1) The domain name is registered with an Internet Corporation for Assigned Names and Numbers (ICANN)-approved registrar or a registry listed by the Internet Assigned Numbers Authority (IANA);
(2) Domain registration information in the WHOIS database should be public and should show the name, physical address, and administrative contact information for the organisation.
(3) The Applicant:
(A) is the registered holder of the domain name; or
(B) has been granted the exclusive right to use the domain name by the registered holder of the domain name;
(4) The Applicant is aware of its registration or exclusive control of the domain name.
(b) Acceptable Methods of Verification
(1) Applicant as Registered Holder. Acceptable methods by which the ARP may verify that the Applicant is the registered holder of the domain name includes the following:
(A) Performing a WHOIS inquiry on the Internet for the domain name supplied by the Applicant, and obtaining a response indicating that the Applicant is the entity registered to the domain name; or
(B) Communicating with the contact listed on the WHOIS record to confirm that the Applicant is the registered holder of the domain name and having the contact update the WHOIS records to reflect the proper domain registration;
(C) In cases where domain registration information is private, the ARP may contact the applicant through the domain registrar by email or paper mail if the domain registrar offers services to forward such communication to the registered domain holder.
(2) Applicant’s Exclusive Right to Use. In cases where Applicant is not the registered holder of the domain name, the ARP will verify the Applicant’s exclusive right to use a domain name.
(A) In cases where the registered domain holder can be contacted using information obtained from WHOIS, or through the domain registrar, Digi-Sign will obtain positive confirmation from the registered domain holder by paper mail, email, telephone, or facsimile that the applicant has been granted the exclusive right to use the requested Fully Qualified Domain Name (FQDN).
If the Top-Level Domain is a generic top-level domain (gTLD) such as .com, .net, or .org in accordance to RFC 1591, the ARP will obtain positive confirmation with the second level domain registration holder unless explicitly delegated by the holder. For example, if the requested FQDN is www1.www.example.com, the ARP will obtain positive confirmation from the domain holder of example.com.
If the Top-Level Domain is a 2 letter Country Code Top-Level Domain (ccTLD), Digi-Sign will obtain positive confirmation with the domain holder at the domain level appropriate based on the rules of the ccTLD. For example, if the requested FQDN is www.mysite.users.internet.co.uk [9], the ARP will obtain positive confirmation from the domain holder of internet.co.uk.
In addition, the ARP will also verify the Applicant‘s exclusive right to use the domain name using one of the following methods:
(1) Relying on a Verified Legal Opinion to the effect that the Applicant has the exclusive right to use the specified domain name in identifying itself on the Internet; or
(2) Relying on a representation from the Contract Signer, or the Certificate Approver if expressly authorised in a mutually agreed upon contract, coupled with a practical demonstration by the Applicant establishing that it controls the confirmed domain name by making an agreed-upon change in information found online on a web page identified by a uniform resource identifier containing the Applicant’s FQDN;
(B) In cases where the registered domain holder cannot be contacted, the ARP will:
(1) Rely on a Verified Legal Opinion to the effect that the Applicant has the exclusive right to use the specified domain name in identifying itself on the Internet, and
(2) Rely on a representation from the Contract Signer, or the Certificate Approver if expressly authorised in a mutually agreed upon contract, coupled with a practical demonstration by the Applicant establishing that it controls the confirmed domain name by making an agreed-upon change in information found online on a web page identified by a uniform resource identifier containing the Applicant’s FQDN;
(3) Knowledge. Acceptable methods by which the ARP may verify the Applicant is aware that it has exclusive control of the domain name include the following:
(A) Relying on a Verified Legal Opinion to the effect that the Applicant is aware that it has exclusive control of the domain name; or
(B) Obtaining a confirmation from the Contract Signer or Certificate Approver verifying that the Applicant is aware that it has exclusive control of the domain name.
(4) Mixed Character Set Domain Names. Certificates may include domain names containing mixed character sets only in compliance with the rules set forth by the domain registrar. The ARP will visually compare any domain names with mixed character set with known high risk domains. If similarity is found then the Certificate Request will be flagged as High Risk. The ARP must perform reasonably appropriate additional authentication and verification to be certain beyond reasonable doubt that the Applicant and the target in question are the same organisation.
4.2.6 Verification of Name, Title, and Authority of Contract Signer and Certificate Approver
(a) Verification Requirements. For both the Contract Signer and the Certificate Approver, the ARP will verify the following:
(1) Name, Title and Agency. the ARP will verify the name and title of the Contract Signer and the Certificate Approver, as applicable. The ARP will also verify that the Contract Signer and the Certificate Approver are agents representing the Applicant.
(2) Authorisation of Contract Signer. The ARP will verify, through a source other than the Contract Signer, that the Contract Signer is expressly authorised by the Applicant to enter into the Subscriber Agreement (and any other relevant contractual obligations) on behalf of the Applicant, including a contract that designates one or more Certificate Approvers on behalf of Applicant (“Signing Authority”).
(3) Authorisation of Certificate Approver. The ARP will verify, through a source other than the Certificate Approver, that the Certificate Approver is expressly authorised by the Applicant to do the following, as of the date of the Certificate Request (“Authority”):
(a) Submit, and if applicable authorise a Certificate Requester to submit, the Certificate Request on behalf of the Applicant; and
(b) Provide, and if applicable authorise a Certificate Requester to provide, the information requested from the Applicant by the ARP for issuance of the Certificate; and
(c) Approve Certificate Requests submitted by a Certificate Requester
(b) Acceptable Methods of Verification – Name, Title and Agency. Acceptable methods of verification of the name, title, and agency status of the Contract Signer and the Certificate Approver include:
(1) Name and Title: the ARP may verify the name and title of the Contract Signer and the Certificate Approver by any appropriate method designed to provide reasonable assurance that a person claiming to act in such role is in fact the named person designated to act in such role.
(2) Agency: the ARP may verify agency of the Contract Signer and the Certificate Approver by:
(A) Contacting the Applicant’s Human Resources Department by phone or mail (at the phone number or address for Applicant’s Place of Business and obtaining confirmation that the Contract Signer and/or the Certificate Approver, as applicable, is an employee; or
(B) Obtaining an Independent Confirmation From Applicant, or a Verified Legal Opinion (as described in Section 4.2.9(a)), or a Verified Accountant Letter (as described in Section 4.2.9(b)) verifying that the Contract Signer and/or the Certificate Approver, as applicable, is either an employee or has been otherwise been appointed as an agent of Applicant
The ARP may also verify the agency of the Certificate Approver via a certification from the Contract Signer (including in a contract between the ARP and the Applicant signed by the Contract Signer), provided that the employment or agency status and Signing Authority of the Contract Signer has been verified.
(c) Acceptable Methods of Verification - Authorisation. Acceptable methods of verification of the Signing Authority of the Contract Signer, and the Authority of the Certificate Approver, as applicable, include:
(1) Legal Opinion: The Signing Authority of the Contract Signer, and/or the Authority of the Certificate Approver, may be verified by reliance on a Verified Legal Opinion (as described in Section 4.2.9(a));
(2) Accountant Letter: The Signing Authority of the Contract Signer, and/or the Authority of the Certificate Approver, may be verified by reliance on a Verified Accountant Letter (as described in Section 4.2.9 (b));
(3) Corporate Resolution: The Signing Authority of the Contract Signer, and/or the Authority of the Certificate Approver, may be verified by reliance on a properly authenticated corporate resolution that confirms that the person has been granted such Signing Authority, provided that such resolution is (1) certified by the appropriate corporate officer (e.g., secretary), and (2) the ARP can reliably verify that the certification was validly signed by such person, and that such person does have the requisite authority to provide such certification.
(4) Independent Confirmation from Applicant: The Signing Authority of the Contract Signer, and/or the Authority of the Certificate Approver, may be verified by obtaining an Independent Confirmation From Applicant.
(5) Contract between CA and Applicant: The Authority of the Certificate Approver may be verified by reliance on a contract between Digi-Sign and the Applicant that designates the Certificate Approver with such Authority, provided the contract is signed by the Contract Signer and provided that the agency and Signing Authority of the Contract Signer has been verified.
(d) Pre-Authorised Certificate Approver. Where the ARP and the Applicant contemplate the submission of multiple future Certificate Requests, then, after the ARP:
(1) Has verified the name and title of the Contract Signer and that he/she is an employee or agent of the Applicant, and
(2) Has verified the Signing Authority of such Contract Signer in accordance with one of the procedures in the preceding Subsection (c) above,
The ARP and the Applicant may enter into a written agreement, signed by the Contract Signer on behalf of the Applicant, whereby, for a specified term, the Applicant expressly authorises one or more Certificate Approver(s) designated in such agreement to exercise Authority with respect to each future Certificate Application submitted on behalf of the Applicant and properly authenticated as originating with, or otherwise being approved by, such Certificate Approver(s).
Such an agreement will provide that the Applicant shall be obligated under the Subscriber Agreement for all Certificates issued at the request of, or approved by, such Certificate Approver(s) until such Authority is revoked, and will include mutually agreed-upon provisions for (i) authenticating the Certificate Approver when Certificate Requests are approved, (ii) periodic re-confirmation of the Authority of the Certificate Approver, (iii) secure procedure by which the Applicant can notify the ARP that the Authority of any such Certificate Approver is revoked, and (iv) such other appropriate precautions as are reasonably necessary.
4.2.7 Verification of Signature on Subscriber Agreement and Certificate Requests
Both the Subscriber Agreement and each Certificate Request must be signed. The Subscriber Agreement must be signed by an authorised Contract Signer. The Certificate Request will be signed by the Certificate Requester submitting the document. If the Certificate requester is not also an authorised Certificate Approver, an authorised Certificate Approver must independently approve the Certificate Request. In all cases, the signature must be a legally valid and enforceable seal or handwritten signature (for a paper Subscriber Agreement and/or Certificate Request), or a legally valid and enforceable electronic signature (for an electronic Subscriber Agreement and/or Certificate Request), that binds the Applicant to the terms of each respective document.
(a) Verification Requirements
(1) Signature. The ARP will authenticate the signature of the Contract Signer on the Subscriber Agreement and the signature of the Certificate Requester on each Certificate Request in a manner that makes it reasonably certain that the person named as the signer in the applicable document is, in fact, the person who signed the document on behalf of the Applicant.
(2) Approval Alternative: In cases where an Certificate Request is signed and submitted by a Certificate Requester who does not also function as a Certificate Approver, approval and adoption of the Certificate Request by a Certificate Approver in accordance with the requirements of Section 4.2.6 can substitute for authentication of the signature of the Certificate Requester on such Certificate Request.
(b) Acceptable Methods of Signature Verification. Acceptable methods of authenticating the signature of the Certificate Requester or Contract Signer include:
(1) A phone call to the Applicant’s or Agent’s phone number, as verified in accordance with the Guidelines, asking to speak to the Certificate Requester or Contract Signer, as applicable, followed by a response from someone who identifies themselves as such person confirming that he/she did sign the applicable document on behalf of the Applicant.
(2) A letter mailed to the Applicant’s or Agent’s address, as verified through independent means in accordance with these guidelines, c/o of the Certificate Requester or Contract Signer, as applicable, followed by a phone or mail response from someone who identifies themselves as such person confirming that he/she did sign the applicable document on behalf of the Applicant.
(3) Use of a signature process that establishes the name and title of the signer in a secure manner, such as through use of an appropriately secure login process that identifies the signer before signing, or through use of a digital signature made with reference to an appropriately verified certificate.
(4) Notarisation by a notary, provided that the ARP independently verifies that such notary is a legally qualified notary in the jurisdiction of the Certificate Requester or Contract Signer;
4.2.8 Verification of Approval of Certificate Request
(a) Verification Requirements. In cases where an Certificate Request is submitted by a Certificate Requester, before the ARP may issue the requested Certificate, the ARP will verify that an authorised Certificate Approver reviewed and approved the V Certificate Request.
(b) Acceptable Methods of Verification. Acceptable methods of verifying the Certificate Approver’s approval of an Certificate Request include:
(1) Contacting the Certificate Approver by phone or mail at a verified phone number or address for the applicant and obtaining oral or written confirmation that the Certificate Approver has reviewed and approved the Certificate Request;
(2) Notifying the Certificate Approver that one or more new Certificate Requests are available for review and approval at a designated access-controlled and secure website, followed by a login by and an indication of approval from the Certificate Approver in the manner required by the website; or
(3) Verifying the signature of the Certificate Requestor on the Certificate Request in accordance with Section 4.2.7 of The Guidelines.
4.2.9 Verification of Certain Information Sources
(a) Verified Legal Opinion
(1) Verification Requirements. Before relying on any legal opinion submitted to the ARP, the ARP will verify that such legal opinion meets the following requirements (“Verified Legal Opinion”):
(A) Status of Author. The ARP will verify that the legal opinion is authored by an independent legal practitioner retained by and representing the Applicant (or an in-house legal practitioner employed by the Applicant) (Legal Practitioner) who is either:
(i) A lawyer (or solicitor, barrister, advocate, or equivalent) licensed to practice law in the country of the Applicant’s Jurisdiction of Incorporation or any jurisdiction where the Applicant maintains an office or physical facility; or
(ii) A notary that is a member of the International Union of Latin Notaries, and is licensed to practice in the country of Applicant’s Jurisdiction of Incorporation or any jurisdiction where the Applicant maintains an office or physical facility (and that such jurisdiction recognises the role of the Latin Notary).
(B) Basis of Opinion. The ARP will verify that the Legal Practitioner is acting on behalf of the Applicant and that the conclusions of the Verified Legal Opinion are based on the Legal Practitioner’s stated familiarity with the relevant facts and the exercise of the Legal Practitioner’s professional judgment and expertise.
(C) Authenticity. The ARP will confirm the authenticity of the Verified Legal Opinion.
(2) Acceptable Methods of Verification. Acceptable methods of establishing the foregoing requirements for a Verified Legal Opinion include:
(A) Status of Author. The ARP will verify the professional status of the author of the legal opinion by directly contacting the authority responsible for registering or licensing such Legal Practitioner(s) in the applicable jurisdiction.
(B) Basis of Opinion. The text of the legal opinion will make clear that the Legal Practitioner is acting on behalf of the Applicant and that the conclusions of the legal opinion are based on the Legal Practitioner’s stated familiarity with the relevant facts and the exercise of the practitioner’s professional judgment and expertise. The legal opinion may also include disclaimers and other limitations customary in the Legal Practitioner’s jurisdiction, provided that the scope of the disclaimed responsibility is not so great as to eliminate any substantial risk (financial, professional, and/or reputational) to the Legal Practitioner should the legal opinion prove to be erroneous.
(C) Authenticity. To confirm the authenticity of the legal opinion, The ARP will call or send a copy of the legal opinion back to the Legal Practitioner at the address, phone number, facsimile, or (if available) e-mail address for the Legal Practitioner listed with the authority responsible for registering or licensing such Legal Practitioner and obtain confirmation from the Legal Practitioner or the Legal Practitioner’s assistant that the legal opinion is authentic.
(b) Verified Accountant Letter
(1) Verification Requirements. Before relying on any accountant letter submitted to the ARP, the ARP will verify that such accountant letter meets the following requirements (“Verified Accountant Letter”):
(A) Status of Author. The ARP will verify that the accountant letter is authored by an independent professional accountant retained by and representing the Applicant (or an in-house professional accountant employed by the Applicant) (Accounting Practitioner) who is a certified public accountant, chartered accountant, or equivalent licensed by a full member of the International Federation of Accountants [IFAC] to practice accounting in the country of the Applicant’s Jurisdiction of Incorporation or any jurisdiction where the Applicant maintains an office or physical facility; or
(B) Basis of Opinion. The ARP will verify that the Accounting Practitioner is acting on behalf of the Applicant and that the conclusions of the Verified Accountant Letter are based on the Accounting Practitioner’s stated familiarity with the relevant facts and the exercise of the Accounting Practitioner’s professional judgment and expertise.
(C) Authenticity. The ARP will confirm the authenticity of the Verified Accountant Letter.
(2) Acceptable Methods of Verification. Acceptable methods of establishing the foregoing requirements for a Verified Accountant Letter are:
(A) Status of Author. The ARP will verify the professional status of the author of the accountant letter by directly contacting the authority responsible for registering or licensing such Accounting Practitioner (s) in the applicable jurisdiction.
(B) Basis of Opinion. The text of the accountant letter will make clear that the Accounting Practitioner is acting on behalf of the Applicant and that the information in the accountant letter is based on the Accounting Practitioner’s stated familiarity with the relevant facts and the exercise of the practitioner’s professional judgment and expertise. The accountant letter may also include disclaimers and other limitations customary in the Accounting Practitioner’s jurisdiction, provided that the scope of the disclaimed responsibility is not so great as to eliminate any substantial risk (financial, professional, and/or reputational) to the Accounting Practitioner should the accountant letter prove to be erroneous. Acceptable forms of an accountant letter is attached as Appendix D
(C) Authenticity. To confirm the authenticity of the accountant’s opinion, the ARP will call or send a copy of the accountant letter back to the Accounting Practitioner at the address, phone number, facsimile, or (if available) e-mail address for the Accounting Practitioner listed with the authority responsible for registering or licensing such Accounting Practitioner and obtain confirmation from the Accounting Practitioner or the Accounting Practitioner’s assistant that the accountant letter is authentic.
(c) Independent Confirmation From Applicant. An “Independent Confirmation From Applicant” is a confirmation of a particular fact (e.g., knowledge of its exclusive control of a domain name, confirmation of the employee or agency status of a Contract Signer or Certificate Approver, confirmation of the Authority of a Certificate Approver, etc.) that:
(i) Received by the ARP from a person employed by the Applicant (other than the person who is the subject of the inquiry) that has the appropriate authority to confirm such a fact (“Confirming Person”), and who represents that he/she has confirmed such fact;
(ii) Received by the ARP in a manner that authenticates and verifies the source of the confirmation; and
(iii) Binding on the Applicant.
An Independent Confirmation From Applicant may be obtained via the following procedure:
(1) Confirmation Request: the ARP will initiate an appropriate out-of-band communication requesting verification or confirmation of the particular fact in issue (“Confirmation Request”) as follows:
(A) Addressee: The Confirmation Request will be directed to:
(i) A position within Applicant’s organisation that qualifies as a Confirming Person (e.g., Secretary, President, CEO, CFO, COO, CIO, CSO, Director, etc.) and is identified by name and title in a current Qualified Government Information Source (e.g., an SEC filing), a Qualified Independent Information Source, a Verified Legal Opinion, a Verified Accountant Letter, or by contacting the Applicant’s Human Resources Department by phone or mail (at the phone number or address for Applicant’s Place of Business, verified in accordance with these guidelines); or
(ii) Applicant’s Registered Agent or Registered Office in the Jurisdiction of Incorporation as listed in the official records of the Incorporating Agency, with instructions that it be forwarded to an appropriate Confirming Person.
(B) Means of Communication: The Confirmation Request will be directed to the Confirming Person in a manner reasonably likely to reach such person. The following options are acceptable:
(i) By paper mail, addressed to the Confirming Person at:
(a) The address of Applicant’s Place of Business as verified by the ARP in accordance with these guidelines; or
(b) The business address for such Confirming Person specified in a current Qualified Government Information Source (e.g., an SEC filing), a Qualified Independent Information Source, a Verified Legal Opinion, or a Verified Accountant Letter; or
(c) The address of Applicant’s Registered Agent or Registered Office listed in the official records of the Jurisdiction of Incorporation; or
(ii) By e-mail addressed to the Confirming Person at the business e-mail address for such person listed in a current Qualified Government Information Source, a Qualified Independent Information Source, a Verified Legal Opinion, or a Verified Accountant Letter; or
(iii) By telephone call to the Confirming Person, where such person is contacted by calling the main phone number of Applicant’s Place of Business (verified in accordance with these guidelines) and asking to speak to such person, and a person taking the ARP identifies himself as such person; or
(iv) By facsimile to the Confirming Person at the Place of Business. The facsimile number must be listed in a current Qualified Government Information Source, a QIIS, a Verified Legal Opinion, or a Verified Accountant Letter. The cover page must be clearly addressed to the Confirming Person.
(2) Confirmation Response: the ARP will receive a response to the Confirmation Request from a Confirming Person that confirms the particular fact in issue. Such response may be provided to Digi-Sign by telephone, by e-mail, or by paper mail, so long as Digi-Sign can reliably verify that it was provided by a Confirming Person in response to the Confirmation Request.
(d) Qualified Independent Information Sources [QIIS]. A regularly-updated and current online publicly available database designed for the purpose of accurately providing the information for which it is consulted, and which is generally recognised as a dependable source of such information. A Commercial database is QIIS if the following are true:
(1) data that will be relied upon has been independently verified by other independent information sources;
(2) the database distinguishes between self-reported data and data reported by independent information sources;
(3) the database provider identifies how frequently they update the information in their database;
(4) changes in the data that will be relied upon will be reflected in the database in no more than 12 months; and
(5) the database provider uses authoritative sources independent of the subject or multiple corroborated sources to which the data pertains.
Databases in which the ARP or its owners or affiliated companies maintain a controlling interest, or in which any registration agents [Ras] or subcontractors to whom Digi-Sign has outsourced any portion of the vetting process (or their owners or affiliated companies) maintain any ownership or beneficial interest do not qualify as a QIIS. Digi-Sign may check the accuracy of the database and ensure its data is acceptable.
(e) Qualified Government Information Source [QGIS]. A regularly-updated and current online publicly available database designed for the purpose of accurately providing the information for which it is consulted, and which is generally recognised as a dependable source of such information provided they are maintained by a Government Entity, the reporting of data is required by law and false or misleading reporting is punishable with criminal or civil penalties.
4.2.10 Other Verification Requirements
(a) High Risk Status
(1) Verification Requirements. The ARP will seek to identify Applicants likely to be at a high risk of being targeted for fraudulent attacks (“High Risk Applicants”), and conduct such additional verification activity and take such additional precautions as are reasonably necessary to ensure that such Applicants are properly verified under these guidelines.
(2) Acceptable Methods of Verification. The ARP may identify High Risk Applicants by checking appropriate lists of organisation names that are most commonly targeted in phishing and other fraudulent schemes, and automatically flagging Certificate Requests from Applicants named on these lists for further scrutiny before issuance. Examples of such lists include:
(A) Lists of phishing targets published by the Anti-Phishing Work Group [APWG]; and
(B) Internal databases maintained by the ARP that include previously revoked Certificates and previously rejected Certificate Requests due to suspected phishing or other fraudulent usage;
The information should then be used to flag suspicious new Certificate Requests. If an Applicant is flagged as a High Risk Applicant, the ARP will perform reasonably appropriate additional authentication and verification to be certain beyond reasonable doubt that the Applicant and the target in question are the same organisation.
(b) Denied Lists and Other Legal Black Lists
(1) Verification Requirements. The ARP will verify that if the Applicant, the Contract Signer or Certificate Approver, or if the Applicant’s Jurisdiction of Incorporation or Place of Business is on any such list:
(a) Is identified on any government denied list, list of prohibited persons, or other list that prohibits doing business with such organisation or person under the laws of the country of the ARP’s jurisdiction(s) of operation; and
(b) Has its Jurisdiction of Incorporation or Place of Business in any country with which the laws of the ARP’s jurisdiction prohibit doing business
The ARP will not issue any Certificate to the Applicant if either the Applicant, the Contract Signer, or Certificate Approver or if the Applicant’s Jurisdiction of Incorporation or Place of Business is on any such list.
(2) Acceptable Methods of Verification. The ARP will take reasonable steps to verify with the following lists and regulations:
If the ARP has operations in the U.S., the ARP will take reasonable steps to verify with the following US Government Denied lists and regulations:
(A) BIS Denied Persons List - http://www.bis.doc.gov/dpl/thedeniallist.asp [10]
(B) BIS Denied Entities List - http://www.bis.doc.gov/Entities/Default.htm [11]
(C) US Treasury Department List of Specially Designated Nationals and Blocked Persons - http://www.treas.gov/ofac/t11sdn.pdf [12]
(D) US Government export regulations
(3) If the ARP has operations in any other country other than the US, the ARP may take reasonable steps to verify with all equivalent denied lists and export regulations (if any) in such other country.
4.2.11 Final Cross-Correlation and Due Diligence
(a) The results of the verification processes and procedures outlined in this CPS and these guidelines are intended to be viewed both individually and as a group. Thus, after all of the verification processes and procedures are completed, the ARP will have a person who is not responsible for the collection of information review all of the information and documentation assembled in support of the Certificate and look for discrepancies or other details requiring further explanation except for Subscriber Certificates approved by an Enterprise RA.
(b) The ARP will obtain and document further explanation or clarification from the Applicant, Certificate Approver, Certificate Requester, Qualified Independent Information Sources, and/or other sources of information, as necessary to resolve the discrepancies or details requiring further explanation.
(c) The ARP will refrain from issuing an Certificate until the entire corpus of information and documentation assembled in support of the Certificate is such that issuance of the Certificate will not communicate inaccurate factual information that the ARP knows, or by the exercise of due diligence should discover, from the assembled information and documentation. If satisfactory explanation and/or additional documentation are not received within a reasonable time, Digi-Sign may decline the Certificate Request and notify the Applicant accordingly.
(d) The ARP will perform the requirements of this Final Cross-Correlation and Due Diligence section 4.2.11 through employees under its control and having appropriate training, experience, and judgment in confirming organisational identification and authorisation. Notwithstanding the foregoing, in the case of Enterprise Certificates to be issued in compliance with the requirements of Section 30 of these guidelines, the Enterprise RA may perform the requirements of this Final Cross-Correlation and Due Diligence section.
4.3 Validation Information for Certificate Applications
Applications for the ARP certificates are supported by appropriate documentation to establish the identity of an applicant.
From time to time, the ARP may modify the requirements related to application information for individuals, to respond to the ARP’s requirements, the business context of the usage of a digital certificate, or as prescribed by law.
4.3.1 Application Information for Organisational Applicants
Application information shall include, but not be limited to, the following information:
a) Organisation Name: Applicant’s formal legal organisation name to be included in Certificate, as recorded with the Incorporating Agency in Applicant’s Jurisdiction of Incorporation (for Private Organisations), or as specified in the law of Applicant’s Jurisdiction of Incorporation (for Government Entities);
b) Assumed Name (Optional): Applicant’s assumed name (e.g., d/b/a name) to be included in the Certificate, as recorded in the jurisdiction of Applicant’s Place of Business, if applicable;
c) Domain Name: Applicant’s domain name to be included in the Certificate;
d) Jurisdiction of Incorporation: Applicant’s Jurisdiction of Incorporation to be included in the Certificate, and consisting of:
i. City or town (if any),
ii. State or province (if any), and
iii. Country.
e) Incorporating Agency: The name of the Applicant’s Incorporating Agency;
f) Registration Number: The unique registration number assigned to Applicant by the Incorporating Agency in Applicant’s Jurisdiction of Incorporation and to be included in the Certificate (for Private Organisation Applicants only).
g) Applicant Address: The address of Applicant’s Place of Business, including –
i. Building number and street,
ii. City or town,
iii. State or province (if any),
iv. Country,
v. Postal code or zip code), and
vi. Main telephone number.
h) Certificate Approver: Name and contact information of the Certificate Approver submitting and signing, or that has authorised the Certificate Requester to submit and sign, the Certificate Application on behalf of the Applicant; and
i) Certificate Requester: Name and contact information of the Certificate Requester submitting the Certificate Request on behalf of the Applicant, if other than the Certificate Approver.
The following elements are critical information elements for a Digi-Sign certificate issued to an Organisation.
4.3.2 Validity Period for Validated Data
The maximum validity period for validated data that can be used to support issuance of an Certificates (before revalidation is required) is as follows:
a) Legal existence and identity – three (3) years;
b) Assumed name – three (3) years;
c) Address of Place of Business – three (3) years, but thereafter data may be refreshed by checking a Qualified Independent Information Source, even where a site visit was originally required;
d) Telephone number for Place of Business – three (3) years;
e) Bank account verification – three (3) years;
f) Domain name – three (3) years;
g) Identity and authority of Certificate Approver – three (3) years, unless a contract is in place between the ARP and the Applicant that specifies a different term, in which case, the term specified in such contract will control. For example, the contract may use terms that allow the assignment of roles that are perpetual until revoked, or until the contract expires or is terminated.
4.3.3 Reuse and Updating Information and Documentation
The ARP may issue multiple Certificates listing the same Subject and based on a single Certificate Request, subject to the aging and updating requirement in (b) below.
a) Each Certificate issued by the ARP will be supported by a valid current Certificate Request and a Subscriber Agreement signed by the Applicant Representative on behalf of the Applicant.
b) The age of information used by the ARP to verify such an Certificate Request will not exceed the Maximum Validity Period for such information set forth in these guidelines, based on the earlier of the date the information was obtained (e.g., the date of a confirmation phone call) or the date the information was last updated by the source (e.g., if an online database was accessed by the ARP on July 1, but contained data last updated by the vendor on February 1, then the date of information would be considered to be February 1).
c) In the case of outdated information, the ARP will repeat the verification processes required as set out in these guidelines.
4.4 Validation Requirements for Certificate Applications
Upon receipt of an application for a digital certificate and based on the submitted information, Digi-Sign confirms the following information:
(1) Applicant’s existence and identity, including:
a. Applicant’s legal existence and identity (as established with an Incorporating Agency);
b. Applicant’s physical existence (business presence at a physical address); and
c. Applicant’s operational existence (business activity)
(2) Applicant is a registered holder or has exclusive control of the domain name to be included in the Certificate
(3) Applicant’s authorisation for the Certificate, including:
a. the name, title, and authority of the Contract Signer, Certificate Approver, and Certificate Requester;
b. that Contract Signer signed the Subscriber Agreement; and
c. that a Certificate Approver has signed or otherwise approved the Certificate Request
For all Digi-Sign Certificates, the subscriber has a continuous obligation to monitor the accuracy of the submitted information and notify Digi-Sign of any changes that would affect the validity of the certificate. Failure to comply with the obligations as set out in the subscriber agreement will result in the revocation of the Subscriber's Digital Certificate without further notice to the Subscriber and the Subscriber shall pay any Charges payable but that have not yet been paid under the Agreement.
1. Application of Terms
1.1 These terms and conditions and schedules thereto, set out below govern the relationship between you (the 'Subscriber') and Digi-Sign Limited ('Digi-Sign').
2. Definitions and Interpretations
2.1 In this Agreement, unless the context requires otherwise, the following terms and expressions shall have the following meanings:
'Business Day' means Monday to Friday inclusive excluding any days on which the banks in Dublin are closed for business (other than for trading in Euros);
'Certificate Period' means the time period during which a Digital Certificate remains valid and may be used as set out in the Schedule;
'Charges' means the charges for the Subscriber Services as set out in Schedule 1 of this Agreement;
'Commencement Date' means the date when Digi-Sign receives the Subscriber's request for Subscriber Services set out in the Enrolment Form and sent to Digi-Sign via the online registration process;
'CP' means the Digi-Sign Certificate Policy [CP], a document setting out the policies under which Digi-Sign issues the Subscriber Services, as may be amended from time to time;
'CPS' means the Digi-Sign Certificate Practice Statement [CPS], a document setting out the working practices that Digi-Sign employs for the Subscriber Services and which defines the underlying certificate processes and Repository operations, as may be amended from time to time;
'Digi-Sign Group Company' means a Digi-Sign subsidiary or holding company, or a subsidiary of that holding company;
'Confidential Information' means all information obtained as a result of the parties entering into this agreement which relates to the provisions and subject matter of this Agreement (including but not limited to all Private Keys, personal identification numbers and passwords) and the business, systems or affairs of the other party and which is marked or designated in writing by the other party as being confidential.
'CRL' means a certificate revocation list that contains details of Digital Signatures that have been revoked by
Digi-Sign;
'Digital Certificate' means a digitally signed electronic data file (conforming to the X.509 version 3 ITU standard) issued by Digi-Sign in order to identify a person or entity seeking to conduct business over a communications network using a Digital Signature and which contains the identity of the person authorised to use the Digital Signature and a copy of their Public Key, a serial number, a time period during which the Digital Certificate may be used and a Digital Signature issued by Digi-Sign;
'Digital Signature' means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using the signatory's Private Key and is linked in a way so as to make any subsequent changes to the electronic data detectable;
'Domain Name' means a name registered with an Internet registration authority for use as part of a Subscriber's URL;
'Enrolment Form' means an electronic form on Digi-Sign's website completed by the Subscriber by providing the Subscriber Data and which identifies the requirements for the Subscription Service;
'Force Majeure Event' means, in relation to any party any circumstances beyond the reasonable control of that party including without prejudice to the generality of the foregoing any natural disaster, act or regulation of any governmental or supra-national authority, lack or shortage of materials supplied by a third party (other than where such circumstances arise due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or riot;
'Insolvency Event' means, in respect of any company that is party to this Agreement, that such company has ceased to trade, been dissolved, suspended payment of its debts or is unable to meet its debts as they fall due, has become insolvent or gone into liquidation (unless such liquidation is for the purposes of a solvent reconstruction or amalgamation), entered into administration, administrative receivership, receivership, a voluntary arrangement, a scheme of arrangement with creditors or taken any steps for its winding-up.
'Internet' means the global data communications network comprising interconnected networks using the TCP/IP standard;
'Issue Date' means the date of issue of a Digital Certificate to the Subscriber;
'Private Key' means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, and decrypt files or messages which have been encrypted with a Public Key;
'Public Key' means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures and encrypt files or messages;
'Repository' means a publicly available collection of databases for storing and retrieving Digital Certificates, CRL's and other information relating to Digital Certificates and which may be accessed via Digi-Sign's website;
'Schedule' means the schedule attached to this Agreement;
'Scope of Use' shall have the meaning, if any, set out in Schedule 1 to this Agreement;
'Site' means a place at which Digi-Sign agrees to provide the Subscription Service;
'Selected Subscriber Data' means all of the Subscriber Data set out in the Schedule to this Agreement marked with the initials 'SSD'
'Software' means any software provided by Digi-Sign to enable the Subscriber to access or use the Subscription Service;
'Subscriber' means the individual or body corporate named on the Enrolment Form during the online registration process and anyone that acts or purports to act with that person's authority or permission;
'Subscriber Data' means information about the Subscriber required by Digi-Sign to provide the Subscription Services, including without limitation, the information set out in the Schedule to this Agreement (which may or may not contain personal data for the purposes of the Data Protection Act 1998) which must be provided by the Subscriber on the Enrolment Form during the online registration process;
'Subscription Service' means the Digital Certificate subscription services and any solutions (including Digital Certificates, Public Keys and Private Keys) described in the Schedule to this Agreement;
'Third Party Data' means data, information or any other materials (in whatever form) not owned or generated by or on behalf of the Subscriber;
'URL' means a uniform resource locator setting out the address of a webpage or other file on the Internet.
2.2 Subject to Clause 16, references to 'indemnifying' any person against any circumstance include indemnifying and keeping him harmless from all actions, claims and proceedings from time to time made against him and all loss, damage, payments, cost or expenses suffered made or incurred by him as a consequence of that circumstance;
2.3 The schedule to this Agreement forms part of this Agreement and shall have the same force and effect as if expressly set out in the body of this Agreement, and any reference to this Agreement shall include the schedule. To the extent that there is an inconsistency between the terms of the body of this Agreement and its schedule, the terms of the body of this Agreement shall prevail.
3. Provision of Digital Certificate Subscription Services
3.1 Provided that Digi-Sign is able to validate, to its satisfaction, the Subscriber Data, Digi-Sign shall accept a Subscriber's application for the Subscription Service (as such application is set out in the Enrolment Form) and shall provide the Subscriber with the Subscription Service set out in the Schedule in accordance with the terms of this Agreement and the Schedule, save that Digi-Sign reserves the right to refuse a Subscriber's application for the Subscription Service by notifying the Subscriber as soon as reasonably possible.
3.2 Subscriber shall, in consideration for the provision of the Subscription Service and the licences granted under this Agreement, pay to Digi-Sign the Charges set out in the Schedule in accordance with clause 6 of this Agreement.
4. Use of the Subscription Service
4.1 The Subscription Service is provided by Digi-Sign for the Subscriber's own use and the Subscriber hereby agrees not to resell or attempt to resell (or provide in any form whether for consideration or not) the Subscription Service (or any part of it) to any third party and shall not allow any third party to use the Subscription Service without the written consent of Digi-Sign.
4.2 The Subscriber shall:
4.2.1 Use or access the Subscription Service only in conjunction with the Software or other software that may be provided by Digi-Sign from time to time or specified by Digi-Sign to be appropriate for use in conjunction with the Subscription Service.
4.2.2 be responsible, at its own expense, for access to the Internet and all other communications networks (if any) required in order to use the Subscription Service and for the provision of all computer and telecommunications equipment and software required to use the Subscription Service save where the same is not expressly provided under the terms of this Agreement;
4.2.3 obtain and keep in force any authorisation, permission or licence necessary for the Subscriber to use the Subscription Service save where Digi-Sign expressly agrees to obtain the same under the terms of this Agreement;
4.2.4 remain responsible for the generation of any Subscriber's Private Key and shall take all reasonable precautions to prevent any violation of, loss of control over, or unauthorised disclosure of confidential information relating to the Subscription Service; and
4.2.5 shall be solely responsible for any transactions of any kind entered into between the Subscriber and any third party using or acting in reliance on the Subscription Service and acknowledges that Digi-Sign shall not be a party to, or be responsible in any way for, any such transaction.
4.3 The Subscriber shall not use the Subscription Service to transmit (either by sending by email or uploading using any format of communications protocol), receive (either by soliciting an email or downloading using any format of communications protocol), view or in any other way use any information which may be illegal, offensive, abusive, contrary to public morality, indecent, defamatory, obscene or menacing, or which is in breach of confidence, copyright or other intellectual property rights of any third party, cause distress, annoyance, denial of any service, disruption or inconvenience, send or provide advertising or promotional material or other form of unsolicited bulk correspondence or create a Private key which is identical or substantially similar to any Public Key.
5. Licence of Digital Certificate Technology
5.1 Digi-Sign grants the Subscriber a revocable, non-exclusive, non-transferrable personal licence to use any Digital Certificates provided in accordance with the Subscription Service, any Digital Signature generated using the Subscriber's Public Key and Private Key and any manuals or other documents relating to the above insofar as is necessary for the Subscriber to utilise the Subscription Services.
5.2 The Subscriber shall not copy or decompile (except where such decompilation is permitted by Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society) enhance, adapt or modify or attempt to do the same to the Digital Certificates, Public Keys and Private Keys, or any Digital Signature generated using any Public Key or Private Key; or any documents or manuals relating to the same without Digi-Sign's prior written consent.
6. Charges and Payment Terms
6.1 The Charges shall be due to be paid by the Subscriber on or before the Issue Date.
6.2 Digi-Sign shall refund the Charges (including any Value Added Tax or any other appropriate sales, use tax or equivalent charge) paid to it by the Subscriber if within 20 Business Days of the Issue Date, the Subscriber has not used the Subscription Service and has, within this period, made a written request to Digi-Sign for revocation of the Digital Certificate issued to it or Digi-Sign revokes the Digital Certificate pursuant to Clause 7.3.
7. Security
7.1 The Subscriber shall take all reasonable measures to ensure the security and proper use of all personal identification numbers, Private Keys and passwords used in connection with the Subscription Service. The Subscriber shall also immediately inform Digi-Sign if there is any reason to believe that a personal identification number, Private Key or password has or is likely to become known to someone not authorised to use it, or is being, or is likely to be used in an unauthorised way, or if any of the Subscriber Data provided by the Subscriber using the on-line registration process or subsequently notified to Digi-Sign ceases to remain valid or correct or otherwise changes.
7.2 The Subscriber shall have sole responsibility for all statements, acts and omissions which are made under any password provided by it to Digi-Sign.
7.3 Digi-Sign reserves the right to revoke a Subscriber's Digital Certificate in the event that Digi-Sign has reasonable grounds to believe that:
7.3.1 a personal identification number, Private Key or password has, or is likely to become known to someone not authorised to use it, or is being or is likely to be used in an unauthorised way;
7.3.2 a Subscriber's Digital Certificate has not been issued in accordance with the policies set out in the Digi-Sign CPS;
7.3.3 the Subscriber has requested that its Digital Certificate be revoked;
7.3.4 there has been, there is, or there is likely to be a violation of, loss of control over, or unauthorised disclosure of Confidential Information relating to the Subscription Service; or
7.3.5 the Subscriber Data is no longer correct or accurate, save that Digi-Sign has no obligation to monitor or investigate the accuracy of information in a Digital Certificate after the Issue Date of that Digital Certificate; or
7.3.6 the Subscriber has used the Subscription Service with third party software not authorised by Digi-Sign for use with the Subscription Service.
and Digi-Sign may, in its absolute discretion after revocation of a Digital Certificate, reissue a Digital Certificate to the Subscriber or terminate this Agreement in accordance with the provisions of Clause 15.
7.4 The Subscriber agrees to discontinue all use of the Subscriber's Digital Certificate if the Subscriber's Digital Certificate is revoked in accordance with this Agreement, the Certificate Period expires, this Agreement is terminated, or any of the information constituting the Subscriber Data ceases to remain valid or correct or otherwise changes.
8. Confidentiality
8.1 Neither party shall use any Confidential Information other than for the purpose of performing its obligations under this Agreement save where Confidential Information is required for the provision of the Subscription Service.
8.2 Each party shall procure that any person to whom Confidential Information is disclosed by it complies with the restrictions set out in this clause 8 as if such person were a party to this Agreement.
8.3 Notwithstanding the previous provisions of this clause 8 either party may disclose Confidential Information if and to the extent required by law, for the purpose of any judicial proceedings or any securities exchange or regulatory or governmental body to which that party is subject, wherever situated, including (amongst other bodies) the Dublin Stock Exchange Limited or the Panel on Take-overs and Mergers, whether or not the requirement for information has the force of law, and if and to the extent the information has come into the public domain through no fault of that party.
8.4 The restrictions contained in this clause 8 shall continue to apply to each party for the duration of this Agreement and for the period of 5 years following the termination of this Agreement.
9. Subscriber Data
9.1 The Subscriber acknowledges that in order to provide the Subscription Service the Selected Subscriber Data shall be embedded in the Subscriber's Digital Certificates and the Subscriber hereby consents to the disclosure to third parties of such Selected Subscriber Data held therein.
9.2 The Subscriber hereby grants Digi-Sign permission to examine, evaluate, process and in some circumstances transmit to third parties located outside the European Union the Subscriber Data insofar as is reasonably necessary for Digi-Sign to provide the Subscription Service.
9.3 Digi-Sign shall in performing its obligations under this Agreement, comply with the Data Protection Act 1998 and any legislation or guidelines which amends or replaces such legislation and shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against actual loss or destruction of or damage to such data.
10. Intellectual Property Rights
10.1 Unless otherwise agreed in writing, the parties agree that Digital Certificates, Digi-Sign Public Keys, and
Digi-Sign Private Keys are the property of Digi-Sign and the Subscribers Private Keys are the property of the Subscriber.
10.2 The Subscriber agrees not to use the Digi-Sign name, brand, get-up or logo in any way except with Digi-Sign's prior written consent.
11. Digi-Sign Obligations
11.1 Digi-Sign agrees to:
11.1.1 provide the Subscription Service with the reasonable skill and care of a competent provider of similar Digital Certificate services save that Digi-Sign does not undertake to provide a fault free service;
11.1.2 investigate and verify prior to the Issue Date the accuracy of the information to be incorporated in the Digital Certificate in accordance with the procedures set out in the Schedule to this Agreement ;
11.1.3 use its reasonable endeavours to provide the Subscription Service by the date agreed in writing with the Subscriber but that Digi-Sign is under no obligation to meet any agreed date and has no liability to the Subscriber for failure to provide the Subscription Service (or any part thereof) by such date; and
11.1.4 maintain a copy in the Repository and details in the CRL of each Digital Certificate which has been revoked or has expired for a reasonable period after the Digital Certificate's revocation or expiry.
12. Subscriber Warranties, Representations and Indemnities
12.1 The Subscriber warrants, represents and undertakes that:
12.1.1 all Subscriber Data is, and any other documents or information provided by the Subscriber are, and will remain accurate and will not include any information or material (or any part thereof), the accessing or use of which would be unlawful, contrary to public interest or otherwise likely to damage the business or reputation of Digi-Sign in any way;
12.1.2 it has and will comply with all consumer and other legislation, instructions or guidelines issued by regulatory authorities, relevant licences and any other codes of practice which apply to the Subscriber or Digi-Sign (such codes of practice to be notified to the Subscriber by Digi-Sign in advance) and that the Subscriber has obtained all licences and consents necessary for performing its obligations to extend full co-operation at all times to third parties working from time to time with Digi-Sign; and
12.1.3 it has full power and authority to enter into this Agreement and to perform all of its obligations under this Agreement.
12.2 Subscriber shall promptly disclose in writing to Digi-Sign anything which constitutes a breach of, or is inconsistent with any of the warranties and undertakings in Clause 12.1.
12.3 The Subscriber shall indemnify Digi-Sign against any claims or legal proceedings which are brought or threatened against Digi-Sign by any third party as a result of the Subscriber's breach of the provisions of this Agreement.
Digi-Sign will notify the Subscriber of any such claims or proceedings and keep the Subscriber informed as to the progress of such claims or proceedings.
12.4 The Subscriber agrees not to make any representations regarding the Subscription Services to any third party except as agreed in writing by Digi-Sign.
13. Exclusion of Warranties
Save as expressly provided under this Agreement all other warranties either expressed or implied are hereby excluded to the fullest extent permissible by law.
14. Term and Termination
14.1 This Agreement shall commence on the Commencement Date and shall continue for the Certificate Period unless terminated earlier in accordance with this Clause 14.
14.2 Either party may terminate this Agreement for convenience by providing to the other 20 Business Day's written notice.
14.3 This Agreement may be terminated forthwith or on the date specified in the notice:
14.3.1 by either party if the other commits any material breach of any term of this Agreement and which (in the case of a breach capable of being remedied) shall not have been remedied within 20 Business Days of a written request by the other party to remedy the same or by either party, if in respect of the other party, an Insolvency Event occurs or that other party ceases to carry on its business;
14.3.2 by Digi-Sign in the event a Digital Certificate is revoked in accordance with the provisions of Clause 7.3 or if Digi-Sign is unable to validate, to its satisfaction, all or part of the Subscriber Data.
15. Consequences of Termination
15.1 If this Agreement is terminated by Digi-Sign under Clause 14 for any reason or under Clause 17.3 Digi-Sign may (in the event that a Subscriber's Digital Certificate has not already been revoked) revoke the Subscriber's Digital Certificate without further notice to the Subscriber and the Subscriber shall pay any Charges payable but not yet paid under this Agreement.
16. Limitation of Liability
16.1 Nothing in this Agreement shall exclude or limit the liability of either party for death or personal injury resulting from the negligence of that party or its directors, officers, employees, contractors or agents, or in respect of fraud or of any statements made fraudulently by either party;
16.2 Subject to clause 16.1 Digi-Sign shall not be liable to the Subscriber whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Digi-Sign shall be liable to the Subscriber in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Digi-Sign's maximum liability to the Subscriber shall be limited to the Charges paid by the Subscriber under this Agreement or €10,000, whichever is the greater.
16.3 Digi-Sign shall not be liable to the Subscriber for any loss suffered by the Subscriber due to use of the Digital Certificate outside the Scope of Use or for transactions outside the Maximum Transaction Value.
16.4 Without prejudice to Subscriber's rights to terminate this Agreement, Subscriber's sole remedy at law, in equity or otherwise in respect of any claim against Digi-Sign shall be limited to damages.
17. Force Majeure
17.1 Neither party hereto shall be liable for any breach of its obligations hereunder resulting from a Force Majeure Event.
17.2 Each of the parties hereto agrees to give written notice forthwith to the other upon becoming aware of a Force Majeure Event such notice to contain details of the circumstances giving rise to the Force Majeure Event and its anticipated duration. If such duration is more than 20 days then the party not in default shall be entitled to terminate this agreement, with neither party having any liability to the other in respect of such termination.
17.3 The party asserting a Force Majeure Event shall not be excused performance of its obligations unaffected by such a Force Majeure Event and shall endeavour to seek an alternative way of fulfilling its affected obligations without any materially adverse affect on the other party.
18. Waiver
The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.
19. Notices
19.1 Notices shall be in writing, and shall be sent to the other party marked for the attention of the person either at the address set out in 19.2 below in the case of Digi-Sign, or the address of the Subscriber as set out on the Enrolment Form. Notices may be sent be first-class mail or facsimile transmission provided that facsimile transmissions are confirmed within 12 hours by first-class mailed confirmation of a copy. Correctly addressed notices sent by first-class mail shall be deemed to have been delivered 48 hours after posting and correctly directed facsimile transmissions shall be deemed to have been received 12 hours after dispatch.
19.2 The address for Digi-Sign Limited is Sidthorpe Lane, Dublin 4, Ireland, Tel: +353 (1) 685-3687, Fax: +353 (1) 685-3688 to be marked for the attention of The Digital Certificate Subscriber Agreement Administrator.
20. Invalidity and Severability
If any provision of this Agreement (not being of a fundamental nature to its operation) is judged to be invalid, illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions will not be prejudiced.
21. Entire Agreement
21.1 This Agreement and Schedules and all documents referred to herein contain the entire and exclusive agreement and understanding between the parties on the subject matter contained herein and supersedes all prior agreements, understandings and arrangements relating thereto. No representation, undertaking or promise shall be taken to have been given or implied from anything said or written in negotiations between the parties prior to this Agreement except as may be expressly stated in this Agreement.
21.2 Without prejudice to any liability for fraudulent misrepresentation, no party shall be under any liability or shall have any remedy in respect of misrepresentation or untrue statement unless and to the extent that a claim lies for breach of this Agreement.
22. Assignment
Neither party may assign or transfer or purport to assign or transfer a right or obligation under this Agreement without first obtaining the other party's written consent.
23. Governing Law and Jurisdiction
This Agreement and all matters arising from or connected with it, are governed by and shall be construed in accordance with Irish law and the parties hereby submit to the non-exclusive jurisdiction of the Irish courts.
24. Rights of Third Parties
For the avoidance of doubt no third party shall be entitled (for the purposes of the Contracts (Rights of Third Parties) Act 1999) to any rights under this Agreement which it may enter against Digi-Sign.
Secure Server Certificate Schedule: Digi-SSL™ Solution Type
1. Definitions used in this Schedule
"Fully Qualified Domain Name" means a URL that includes a second level Domain Name and that fully identifies a directory on the Server;
"Root Domain Name" means the highest level of a URL that identifies multiple directories on the Server;
"Secure Server Certificate" means the Digital Certificate produced pursuant to the Subscription Service described in this Schedule;
"Certificate Signing Request" means an electronic data file created by the Subscriber using the Subscriber's installed SSL or TLS enabled web server software;
"Server" means the Subscriber's server operating at either a Root Domain Name or Fully Qualified Domain Name provided by the Subscriber to Digi-Sign and which is crytographically bound to the public key set out in the Secure Server Certificate.
2. The Subscription Service
2.1 Digi-Sign shall provide a Secure Server Certificate designed for installation within the Subscriber's SSL enabled web server software and for use with an SSL v2.0 (or above) or TLS v 1.0 enabled web browser. The Secure Server Certificate shall, in accordance with the Charges paid by the Subscriber either; cryptographically bind a Public Key to a the Server operating at a Fully Qualified Domain Name; or cryptographically bind a Public Key to a the Server operating at a Root Domain Name. In both cases, the Public Key is used in the SSL/TLS Protocol to authenticate the Server and establish an encrypted session between an SSL v2.0 enabled web browser and the Subscriber's Server.
3. Scope of Use
3.1 The Subscriber may only use the Secure Server Certificate for the purpose of authenticating only one Server and establishing an encrypted session between an SSL v2.0 enabled web browser and the Subscriber.
3.2 The total value of any transaction entered into by the Subscriber whilst using the Secure Server Certificate must not exceed €2,500.
3.3 Digi-Sign's maximum liability to the Subscriber shall be limited to the Charges paid by the Subscriber under this Agreement or €2,500, whichever is the greater.
4. Charges
4.1 The Charges for the Subscription Service are defined on the official website and during the on-line registration.
4.2 The Charges set out at paragraph 4.1 above are exclusive of Value Added Tax or any other appropriate sales, use tax or equivalent charge applicable in any country where the Subscription Services is provided. Such applicable tax shall be notified to the Subscriber by Digi-Sign and shall be payable by the Subscriber.
5. Certificate Period
The Certificate Period shall commence on the Issue Date and shall continue for the period specified by the Subscriber in the Enrolment Form during on-line registration and paid for by the Subscriber in accordance with the Charges set out at paragraph 4 above or until revocation of the Digital Certificates by Digi-Sign in accordance with the terms of this Agreement, whichever is earlier.
6. Subscriber Data
6.1 The Subscriber shall provide the following Subscriber Data: Certificate Signing Request (CSR) (SSD), Company Name (SSD), Street address 1, Street Address 2, PO Box, City (SSD), County/State (SSD), Postal/Zip code, Domain Name (SSD), an account username, an account password, Administrator contact details, and an acknowledgement of Subscriber's consent to the terms of this Agreement. Items marked as SSD will either be embedded into the Subscriber's Secure Server Certificate and all other data referenced in paragraph.
6.2 The Subscriber acknowledges that in order to provide the Subscription Services the Subscriber Data provided by the Subscriber on the Enrolment Form during the on-line registration process may be held in the Directory and the Subscriber hereby consents to the disclosure to third parties of such Subscriber Data held therein.
This Certificate Subscriber Agreement was last updated on 28 April, 2008.
1. Application of Terms
1.1 These terms and conditions and schedules thereto, set out below govern the relationship between you (the 'Subscriber') and Digi-Sign Limited ('Digi-Sign').
2. Definitions and Interpretations
2.1 In this Agreement, unless the context requires otherwise, the following terms and expressions shall have the following meanings:
'Business Day' means Monday to Friday inclusive excluding any days on which the banks in Dublin are closed for business (other than for trading in Euros);
'Certificate Period' means the time period during which a Digital Certificate remains valid and may be used as set out in the Schedule;
'Charges' means the charges for the Subscriber Services as set out in Schedule 1 of this Agreement;
'Commencement Date' means the date when Digi-Sign receives the Subscriber's request for Subscriber Services set out in the Enrolment Form and sent to Digi-Sign via the online registration process;
'CP' means the Digi-Sign Certificate Policy [CP], a document setting out the policies under which Digi-Sign issues the Subscriber Services, as may be amended from time to time;
'CPS' means the Digi-Sign Certificate Practice Statement [CPS], a document setting out the working practices that Digi-Sign employs for the Subscriber Services and which defines the underlying certificate processes and Repository operations, as may be amended from time to time;
'Digi-Sign Group Company' means a Digi-Sign subsidiary or holding company, or a subsidiary of that holding company;
'Confidential Information' means all information obtained as a result of the parties entering into this agreement which relates to the provisions and subject matter of this Agreement (including but not limited to all Private Keys, personal identification numbers and passwords) and the business, systems or affairs of the other party and which is marked or designated in writing by the other party as being confidential.
'CRL' means a certificate revocation list that contains details of Digital Signatures that have been revoked by
Digi-Sign;
'Digital Certificate' means a digitally signed electronic data file (conforming to the X.509 version 3 ITU standard) issued by Digi-Sign in order to identify a person or entity seeking to conduct business over a communications network using a Digital Signature and which contains the identity of the person authorised to use the Digital Signature and a copy of their Public Key, a serial number, a time period during which the Digital Certificate may be used and a Digital Signature issued by Digi-Sign;
'Digital Signature' means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using the signatory's Private Key and is linked in a way so as to make any subsequent changes to the electronic data detectable;
'Domain Name' means a name registered with an Internet registration authority for use as part of a Subscriber's URL;
'Enrolment Form' means an electronic form on Digi-Sign's website completed by the Subscriber by providing the Subscriber Data and which identifies the requirements for the Subscription Service;
'Force Majeure Event' means, in relation to any party any circumstances beyond the reasonable control of that party including without prejudice to the generality of the foregoing any natural disaster, act or regulation of any governmental or supra-national authority, lack or shortage of materials supplied by a third party (other than where such circumstances arise due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or riot;
'Insolvency Event' means, in respect of any company that is party to this Agreement, that such company has ceased to trade, been dissolved, suspended payment of its debts or is unable to meet its debts as they fall due, has become insolvent or gone into liquidation (unless such liquidation is for the purposes of a solvent reconstruction or amalgamation), entered into administration, administrative receivership, receivership, a voluntary arrangement, a scheme of arrangement with creditors or taken any steps for its winding-up.
'Internet' means the global data communications network comprising interconnected networks using the TCP/IP standard;
'Issue Date' means the date of issue of a Digital Certificate to the Subscriber;
'Private Key' means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, and decrypt files or messages which have been encrypted with a Public Key;
'Public Key' means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures and encrypt files or messages;
'Repository' means a publicly available collection of databases for storing and retrieving Digital Certificates, CRL's and other information relating to Digital Certificates and which may be accessed via Digi-Sign's website;
'Schedule' means the schedule attached to this Agreement;
'Scope of Use' shall have the meaning, if any, set out in Schedule 1 to this Agreement;
'Site' means a place at which Digi-Sign agrees to provide the Subscription Service;
'Selected Subscriber Data' means all of the Subscriber Data set out in the Schedule to this Agreement marked with the initials 'SSD'
'Software' means any software provided by Digi-Sign to enable the Subscriber to access or use the Subscription Service;
'Subscriber' means the individual or body corporate named on the Enrolment Form during the online registration process and anyone that acts or purports to act with that person's authority or permission;
'Subscriber Data' means information about the Subscriber required by Digi-Sign to provide the Subscription Services, including without limitation, the information set out in the Schedule to this Agreement (which may or may not contain personal data for the purposes of the Data Protection Act 1998) which must be provided by the Subscriber on the Enrolment Form during the online registration process;
'Subscription Service' means the Digital Certificate subscription services and any solutions (including Digital Certificates, Public Keys and Private Keys) described in the Schedule to this Agreement;
'Third Party Data' means data, information or any other materials (in whatever form) not owned or generated by or on behalf of the Subscriber;
'URL' means a uniform resource locator setting out the address of a webpage or other file on the Internet.
2.2 Subject to Clause 16, references to 'indemnifying' any person against any circumstance include indemnifying and keeping him harmless from all actions, claims and proceedings from time to time made against him and all loss, damage, payments, cost or expenses suffered made or incurred by him as a consequence of that circumstance;
2.3 The schedule to this Agreement forms part of this Agreement and shall have the same force and effect as if expressly set out in the body of this Agreement, and any reference to this Agreement shall include the schedule. To the extent that there is an inconsistency between the terms of the body of this Agreement and its schedule, the terms of the body of this Agreement shall prevail.
3. Provision of Digital Certificate Subscription Services
3.1 Provided that Digi-Sign is able to validate, to its satisfaction, the Subscriber Data, Digi-Sign shall accept a Subscriber's application for the Subscription Service (as such application is set out in the Enrolment Form) and shall provide the Subscriber with the Subscription Service set out in the Schedule in accordance with the terms of this Agreement and the Schedule, save that Digi-Sign reserves the right to refuse a Subscriber's application for the Subscription Service by notifying the Subscriber as soon as reasonably possible.
3.2 Subscriber shall, in consideration for the provision of the Subscription Service and the licences granted under this Agreement, pay to Digi-Sign the Charges set out in the Schedule in accordance with clause 6 of this Agreement.
4. Use of the Subscription Service
4.1 The Subscription Service is provided by Digi-Sign for the Subscriber's own use and the Subscriber hereby agrees not to resell or attempt to resell (or provide in any form whether for consideration or not) the Subscription Service (or any part of it) to any third party and shall not allow any third party to use the Subscription Service without the written consent of Digi-Sign.
4.2 The Subscriber shall:
4.2.1 Use or access the Subscription Service only in conjunction with the Software or other software that may be provided by Digi-Sign from time to time or specified by Digi-Sign to be appropriate for use in conjunction with the Subscription Service.
4.2.2 be responsible, at its own expense, for access to the Internet and all other communications networks (if any) required in order to use the Subscription Service and for the provision of all computer and telecommunications equipment and software required to use the Subscription Service save where the same is not expressly provided under the terms of this Agreement;
4.2.3 obtain and keep in force any authorisation, permission or licence necessary for the Subscriber to use the Subscription Service save where Digi-Sign expressly agrees to obtain the same under the terms of this Agreement;
4.2.4 remain responsible for the generation of any Subscriber's Private Key and shall take all reasonable precautions to prevent any violation of, loss of control over, or unauthorised disclosure of confidential information relating to the Subscription Service; and
4.2.5 shall be solely responsible for any transactions of any kind entered into between the Subscriber and any third party using or acting in reliance on the Subscription Service and acknowledges that Digi-Sign shall not be a party to, or be responsible in any way for, any such transaction.
4.3 The Subscriber shall not use the Subscription Service to transmit (either by sending by email or uploading using any format of communications protocol), receive (either by soliciting an email or downloading using any format of communications protocol), view or in any other way use any information which may be illegal, offensive, abusive, contrary to public morality, indecent, defamatory, obscene or menacing, or which is in breach of confidence, copyright or other intellectual property rights of any third party, cause distress, annoyance, denial of any service, disruption or inconvenience, send or provide advertising or promotional material or other form of unsolicited bulk correspondence or create a Private key which is identical or substantially similar to any Public Key.
5. Licence of Digital Certificate Technology
5.1 Digi-Sign grants the Subscriber a revocable, non-exclusive, non-transferrable personal licence to use any Digital Certificates provided in accordance with the Subscription Service, any Digital Signature generated using the Subscriber's Public Key and Private Key and any manuals or other documents relating to the above insofar as is necessary for the Subscriber to utilise the Subscription Services.
5.2 The Subscriber shall not copy or decompile (except where such decompilation is permitted by Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society) enhance, adapt or modify or attempt to do the same to the Digital Certificates, Public Keys and Private Keys, or any Digital Signature generated using any Public Key or Private Key; or any documents or manuals relating to the same without Digi-Sign's prior written consent.
6. Charges and Payment Terms
6.1 The Charges shall be due to be paid by the Subscriber on or before the Issue Date.
6.2 Digi-Sign shall refund the Charges (including any Value Added Tax or any other appropriate sales, use tax or equivalent charge) paid to it by the Subscriber if within 20 Business Days of the Issue Date, the Subscriber has not used the Subscription Service and has, within this period, made a written request to Digi-Sign for revocation of the Digital Certificate issued to it or Digi-Sign revokes the Digital Certificate pursuant to Clause 7.3.
7. Security
7.1 The Subscriber shall take all reasonable measures to ensure the security and proper use of all personal identification numbers, Private Keys and passwords used in connection with the Subscription Service. The Subscriber shall also immediately inform Digi-Sign if there is any reason to believe that a personal identification number, Private Key or password has or is likely to become known to someone not authorised to use it, or is being, or is likely to be used in an unauthorised way, or if any of the Subscriber Data provided by the Subscriber using the on-line registration process or subsequently notified to Digi-Sign ceases to remain valid or correct or otherwise changes.
7.2 The Subscriber shall have sole responsibility for all statements, acts and omissions which are made under any password provided by it to Digi-Sign.
7.3 Digi-Sign reserves the right to revoke a Subscriber's Digital Certificate in the event that Digi-Sign has reasonable grounds to believe that:
7.3.1 a personal identification number, Private Key or password has, or is likely to become known to someone not authorised to use it, or is being or is likely to be used in an unauthorised way;
7.3.2 a Subscriber's Digital Certificate has not been issued in accordance with the policies set out in the Digi-Sign CPS;
7.3.3 the Subscriber has requested that its Digital Certificate be revoked;
7.3.4 there has been, there is, or there is likely to be a violation of, loss of control over, or unauthorised disclosure of Confidential Information relating to the Subscription Service; or
7.3.5 the Subscriber Data is no longer correct or accurate, save that Digi-Sign has no obligation to monitor or investigate the accuracy of information in a Digital Certificate after the Issue Date of that Digital Certificate; or
7.3.6 the Subscriber has used the Subscription Service with third party software not authorised by Digi-Sign for use with the Subscription Service.
and Digi-Sign may, in its absolute discretion after revocation of a Digital Certificate, reissue a Digital Certificate to the Subscriber or terminate this Agreement in accordance with the provisions of Clause 15.
7.4 The Subscriber agrees to discontinue all use of the Subscriber's Digital Certificate if the Subscriber's Digital Certificate is revoked in accordance with this Agreement, the Certificate Period expires, this Agreement is terminated, or any of the information constituting the Subscriber Data ceases to remain valid or correct or otherwise changes.
8. Confidentiality
8.1 Neither party shall use any Confidential Information other than for the purpose of performing its obligations under this Agreement save where Confidential Information is required for the provision of the Subscription Service.
8.2 Each party shall procure that any person to whom Confidential Information is disclosed by it complies with the restrictions set out in this clause 8 as if such person were a party to this Agreement.
8.3 Notwithstanding the previous provisions of this clause 8 either party may disclose Confidential Information if and to the extent required by law, for the purpose of any judicial proceedings or any securities exchange or regulatory or governmental body to which that party is subject, wherever situated, including (amongst other bodies) the Dublin Stock Exchange Limited or the Panel on Take-overs and Mergers, whether or not the requirement for information has the force of law, and if and to the extent the information has come into the public domain through no fault of that party.
8.4 The restrictions contained in this clause 8 shall continue to apply to each party for the duration of this Agreement and for the period of 5 years following the termination of this Agreement.
9. Subscriber Data
9.1 The Subscriber acknowledges that in order to provide the Subscription Service the Selected Subscriber Data shall be embedded in the Subscriber's Digital Certificates and the Subscriber hereby consents to the disclosure to third parties of such Selected Subscriber Data held therein.
9.2 The Subscriber hereby grants Digi-Sign permission to examine, evaluate, process and in some circumstances transmit to third parties located outside the European Union the Subscriber Data insofar as is reasonably necessary for Digi-Sign to provide the Subscription Service.
9.3 Digi-Sign shall in performing its obligations under this Agreement, comply with the Data Protection Act 1998 and any legislation or guidelines which amends or replaces such legislation and shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against actual loss or destruction of or damage to such data.
10. Intellectual Property Rights
10.1 Unless otherwise agreed in writing, the parties agree that Digital Certificates, Digi-Sign Public Keys, and
Digi-Sign Private Keys are the property of Digi-Sign and the Subscribers Private Keys are the property of the Subscriber.
10.2 The Subscriber agrees not to use the Digi-Sign name, brand, get-up or logo in any way except with Digi-Sign's prior written consent.
11. Digi-Sign Obligations
11.1 Digi-Sign agrees to:
11.1.1 provide the Subscription Service with the reasonable skill and care of a competent provider of similar Digital Certificate services save that Digi-Sign does not undertake to provide a fault free service;
11.1.2 investigate and verify prior to the Issue Date the accuracy of the information to be incorporated in the Digital Certificate in accordance with the procedures set out in the Schedule to this Agreement ;
11.1.3 use its reasonable endeavours to provide the Subscription Service by the date agreed in writing with the Subscriber but that Digi-Sign is under no obligation to meet any agreed date and has no liability to the Subscriber for failure to provide the Subscription Service (or any part thereof) by such date; and
11.1.4 maintain a copy in the Repository and details in the CRL of each Digital Certificate which has been revoked or has expired for a reasonable period after the Digital Certificate's revocation or expiry.
12. Subscriber Warranties, Representations and Indemnities
12.1 The Subscriber warrants, represents and undertakes that:
12.1.1 all Subscriber Data is, and any other documents or information provided by the Subscriber are, and will remain accurate and will not include any information or material (or any part thereof), the accessing or use of which would be unlawful, contrary to public interest or otherwise likely to damage the business or reputation of Digi-Sign in any way;
12.1.2 it has and will comply with all consumer and other legislation, instructions or guidelines issued by regulatory authorities, relevant licences and any other codes of practice which apply to the Subscriber or Digi-Sign (such codes of practice to be notified to the Subscriber by Digi-Sign in advance) and that the Subscriber has obtained all licences and consents necessary for performing its obligations to extend full co-operation at all times to third parties working from time to time with Digi-Sign; and
12.1.3 it has full power and authority to enter into this Agreement and to perform all of its obligations under this Agreement.
12.2 Subscriber shall promptly disclose in writing to Digi-Sign anything which constitutes a breach of, or is inconsistent with any of the warranties and undertakings in Clause 12.1.
12.3 The Subscriber shall indemnify Digi-Sign against any claims or legal proceedings which are brought or threatened against Digi-Sign by any third party as a result of the Subscriber's breach of the provisions of this Agreement.
Digi-Sign will notify the Subscriber of any such claims or proceedings and keep the Subscriber informed as to the progress of such claims or proceedings.
12.4 The Subscriber agrees not to make any representations regarding the Subscription Services to any third party except as agreed in writing by Digi-Sign.
13. Exclusion of Warranties
Save as expressly provided under this Agreement all other warranties either expressed or implied are hereby excluded to the fullest extent permissible by law.
14. Term and Termination
14.1 This Agreement shall commence on the Commencement Date and shall continue for the Certificate Period unless terminated earlier in accordance with this Clause 14.
14.2 Either party may terminate this Agreement for convenience by providing to the other 20 Business Day's written notice.
14.3 This Agreement may be terminated forthwith or on the date specified in the notice:
14.3.1 by either party if the other commits any material breach of any term of this Agreement and which (in the case of a breach capable of being remedied) shall not have been remedied within 20 Business Days of a written request by the other party to remedy the same or by either party, if in respect of the other party, an Insolvency Event occurs or that other party ceases to carry on its business;
14.3.2 by Digi-Sign in the event a Digital Certificate is revoked in accordance with the provisions of Clause 7.3 or if Digi-Sign is unable to validate, to its satisfaction, all or part of the Subscriber Data.
15. Consequences of Termination
15.1 If this Agreement is terminated by Digi-Sign under Clause 14 for any reason or under Clause 17.3 Digi-Sign may (in the event that a Subscriber's Digital Certificate has not already been revoked) revoke the Subscriber's Digital Certificate without further notice to the Subscriber and the Subscriber shall pay any Charges payable but not yet paid under this Agreement.
16. Limitation of Liability
16.1 Nothing in this Agreement shall exclude or limit the liability of either party for death or personal injury resulting from the negligence of that party or its directors, officers, employees, contractors or agents, or in respect of fraud or of any statements made fraudulently by either party;
16.2 Subject to clause 16.1 Digi-Sign shall not be liable to the Subscriber whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Digi-Sign shall be liable to the Subscriber in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Digi-Sign's maximum liability to the Subscriber shall be limited to € 00.01.
16.3 Digi-Sign shall not be liable to the Subscriber for any loss suffered by the Subscriber due to use of the Digital Certificate outside the Scope of Use or for transactions outside the Maximum Transaction Value.
16.4 Without prejudice to Subscriber's rights to terminate this Agreement, Subscriber's sole remedy at law, in equity or otherwise in respect of any claim against Digi-Sign shall be limited to damages.
17. Force Majeure
17.1 Neither party hereto shall be liable for any breach of its obligations hereunder resulting from a Force Majeure Event.
17.2 Each of the parties hereto agrees to give written notice forthwith to the other upon becoming aware of a Force Majeure Event such notice to contain details of the circumstances giving rise to the Force Majeure Event and its anticipated duration. If such duration is more than 20 days then the party not in default shall be entitled to terminate this agreement, with neither party having any liability to the other in respect of such termination.
17.3 The party asserting a Force Majeure Event shall not be excused performance of its obligations unaffected by such a Force Majeure Event and shall endeavour to seek an alternative way of fulfilling its affected obligations without any materially adverse affect on the other party.
18. Waiver
The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.
19. Notices
19.1 Notices shall be in writing, and shall be sent to the other party marked for the attention of the person either at the address set out in 19.2 below in the case of Digi-Sign, or the address of the Subscriber as set out on the Enrolment Form. Notices may be sent be first-class mail or facsimile transmission provided that facsimile transmissions are confirmed within 12 hours by first-class mailed confirmation of a copy. Correctly addressed notices sent by first-class mail shall be deemed to have been delivered 48 hours after posting and correctly directed facsimile transmissions shall be deemed to have been received 12 hours after dispatch.
19.2 The address for Digi-Sign Limited is Sidthorpe Lane, Dublin 4, Ireland, Tel: +353 (1) 685-3687, Fax: +353 (1) 685-3688 to be marked for the attention of The Digital Certificate Subscriber Agreement Administrator.
20. Invalidity and Severability
If any provision of this Agreement (not being of a fundamental nature to its operation) is judged to be invalid, illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions will not be prejudiced.
21. Entire Agreement
21.1 This Agreement and Schedules and all documents referred to herein contain the entire and exclusive agreement and understanding between the parties on the subject matter contained herein and supersedes all prior agreements, understandings and arrangements relating thereto. No representation, undertaking or promise shall be taken to have been given or implied from anything said or written in negotiations between the parties prior to this Agreement except as may be expressly stated in this Agreement.
21.2 Without prejudice to any liability for fraudulent misrepresentation, no party shall be under any liability or shall have any remedy in respect of misrepresentation or untrue statement unless and to the extent that a claim lies for breach of this Agreement.
22. Assignment
Neither party may assign or transfer or purport to assign or transfer a right or obligation under this Agreement without first obtaining the other party's written consent.
23. Governing Law and Jurisdiction
This Agreement and all matters arising from or connected with it, are governed by and shall be construed in accordance with Irish law and the parties hereby submit to the non-exclusive jurisdiction of the Irish courts.
24. Rights of Third Parties
For the avoidance of doubt no third party shall be entitled (for the purposes of the Contracts (Rights of Third Parties) Act 1999) to any rights under this Agreement which it may enter against Digi-Sign.
Secure Server Certificate Schedule: Digi-SSL™ Solution Type
1. Definitions used in this Schedule
"Fully Qualified Domain Name" means a URL that includes a second level Domain Name and that fully identifies a directory on the Server;
"Root Domain Name" means the highest level of a URL that identifies multiple directories on the Server;
"Secure Server Certificate" means the Digital Certificate produced pursuant to the Subscription Service described in this Schedule;
"Certificate Signing Request" means an electronic data file created by the Subscriber using the Subscriber's installed SSL or TLS enabled web server software;
"Server" means the Subscriber's server operating at either a Root Domain Name or Fully Qualified Domain Name provided by the Subscriber to Digi-Sign and which is crytographically bound to the public key set out in the Secure Server Certificate.
2. The Subscription Service
2.1 Digi-Sign shall provide a Secure Server Certificate designed for installation within the Subscriber's SSL enabled web server software and for use with an SSL v2.0 (or above) or TLS v 1.0 enabled web browser. The Secure Server Certificate shall, in accordance with the Charges paid by the Subscriber either; cryptographically bind a Public Key to a the Server operating at a Fully Qualified Domain Name; or cryptographically bind a Public Key to a the Server operating at a Root Domain Name. In both cases, the Public Key is used in the SSL/TLS Protocol to authenticate the Server and establish an encrypted session between an SSL v2.0 enabled web browser and the Subscriber's Server.
3. Scope of Use
3.1 The Subscriber may only use the Secure Server Certificate for the purpose of authenticating only one Server and establishing an encrypted session between an SSL v2.0 enabled web browser and the Subscriber.
3.2 The total value of any transaction entered into by the Subscriber whilst using the Secure Server Certificate must not exceed € 00.01
3.3 Digi-Sign's maximum liability to the Subscriber shall be limited to the Charges paid by the Subscriber under this Agreement or € 00.01
4. Charges
4.1 The Charges for the Subscription Service are defined on the official website and during the on-line registration.
4.2 The Charges set out at paragraph 4.1 above are exclusive of Value Added Tax or any other appropriate sales, use tax or equivalent charge applicable in any country where the Subscription Services is provided. Such applicable tax shall be notified to the Subscriber by Digi-Sign and shall be payable by the Subscriber.
5. Certificate Period
The Certificate Period shall commence on the Issue Date and shall continue for the period specified by the Subscriber in the Enrolment Form during on-line registration and paid for by the Subscriber in accordance with the Charges set out at paragraph 4 above or until revocation of the Digital Certificates by Digi-Sign in accordance with the terms of this Agreement, whichever is earlier.
6. Subscriber Data
6.1 The Subscriber shall provide the following Subscriber Data: Certificate Signing Request (CSR) (SSD), Company Name (SSD), Street address 1, Street Address 2, PO Box, City (SSD), County/State (SSD), Postal/Zip code, Domain Name (SSD), an account username, an account password, Administrator contact details, and an acknowledgement of Subscriber's consent to the terms of this Agreement. Items marked as SSD will either be embedded into the Subscriber's Secure Server Certificate and all other data referenced in paragraph.
6.2 The Subscriber acknowledges that in order to provide the Subscription Services the Subscriber Data provided by the Subscriber on the Enrolment Form during the on-line registration process may be held in the Directory and the Subscriber hereby consents to the disclosure to third parties of such Subscriber Data held therein.
This Certificate Subscriber Agreement was last updated on 28 April, 2008.
[13] As described in the Proposal Document (‘the Proposal’) and in consideration of the payment of the fees in accordance with the Proposal (the "Charges") by the Subscriber ("You") of the Charges set out in clause 2, Digi-Sign, The Certificate Corporation ("We" or "Us") agrees to provide the AACD™ [14] system to You (the "Services" or the "System") in accordance with the terms and conditions set out below. The Charges are in Euro.
[13] In consideration of the Services, You shall pay the Charges to Us in accordance with the Proposal. The Charges are set out exclusive of taxes and expenses. At the start of the Project, the Project Deposit Fee as set out in the Proposal will be billed by us and must be paid for by electronic bank transfer in full by You within fourteen (14) days of the date of our invoice. Subsequent Project Opening Fees and Project Interim Fees may also be required as indicated in the Proposal and shall be paid by electronic bank transfer on the date specified in the invoice. When the Project Completion Form is received and in accordance with the Proposal, the Project Closing Fee and the first Annual License Fee, as set out in the Proposal will be invoiced and shall be paid by electronic bank transfer on the date specified in the invoice. All subsequent Annual License Fees and any additional Fees will be invoiced in advance and shall be paid by electronic bank transfer on the date specified on the invoice.
In the event of late payment of any of the Charges, interest shall be charged at the rate of interest referred to in the European Communities (Late Payment in Commercial Transactions) Regulations 2002, from the date of invoice until the date of actual payment, such interest to accrue daily and both before and after judgement.
All Charges referred to in this Agreement are exclusive and net of any taxes, duties or such other additional sums which shall be paid by You including, but without prejudice to the generality of the foregoing, VAT (if applicable), excise tax, tax on sales, property or use, import or other duties levied in respect of this Agreement.
You shall reimburse us for any vouched expenses which we may reasonably incur in relation to the provision of the Services. On travel distances exceeding 2.5 hours, our senior Directors will travel business class and all hotel accommodation should b three star rated accommodation or higher.
1. Application of Terms
1.1 These terms and conditions and schedules thereto, set out below govern the relationship between you (the 'Subscriber') and Digi-Sign Limited ('Digi-Sign').
2. Definitions and Interpretations
2.1 In this Agreement, unless the context requires otherwise, the following terms and expressions shall have the following meanings:
'Business Day' means Monday to Friday inclusive excluding any days on which the banks in Dublin are closed for business (other than for trading in Euros);
'Certificate Period' means the time period during which a Digital Certificate remains valid and may be used as set out in the Schedule;
'Charges' means the charges for the Subscriber Services as set out in Schedule 1 of this Agreement;
'Commencement Date' means the date when Digi-Sign receives the Subscriber's request for Subscriber Services set out in the Enrolment Form and sent to Digi-Sign via the online registration process;
'CP' means the Digi-Sign Certificate Policy [CP], a document setting out the policies under which Digi-Sign issues the Subscriber Services, as may be amended from time to time;
'CPS' means the Digi-Sign Certificate Practice Statement [CPS], a document setting out the working practices that Digi-Sign employs for the Subscriber Services and which defines the underlying certificate processes and Repository operations, as may be amended from time to time;
'Digi-Sign Group Company' means a Digi-Sign subsidiary or holding company, or a subsidiary of that holding company;
'Confidential Information' means all information obtained as a result of the parties entering into this agreement which relates to the provisions and subject matter of this Agreement (including but not limited to all Private Keys, personal identification numbers and passwords) and the business, systems or affairs of the other party and which is marked or designated in writing by the other party as being confidential.
'CRL' means a certificate revocation list that contains details of Digital Signatures that have been revoked by
Digi-Sign;
'Digital Certificate' means a digitally signed electronic data file (conforming to the X.509 version 3 ITU standard) issued by Digi-Sign in order to identify a person or entity seeking to conduct business over a communications network using a Digital Signature and which contains the identity of the person authorised to use the Digital Signature and a copy of their Public Key, a serial number, a time period during which the Digital Certificate may be used and a Digital Signature issued by Digi-Sign;
'Digital Signature' means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using the signatory's Private Key and is linked in a way so as to make any subsequent changes to the electronic data detectable;
'Domain Name' means a name registered with an Internet registration authority for use as part of a Subscriber's URL;
'Enrolment Form' means an electronic form on Digi-Sign's website completed by the Subscriber by providing the Subscriber Data and which identifies the requirements for the Subscription Service;
'Force Majeure Event' means, in relation to any party any circumstances beyond the reasonable control of that party including without prejudice to the generality of the foregoing any natural disaster, act or regulation of any governmental or supra-national authority, lack or shortage of materials supplied by a third party (other than where such circumstances arise due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or riot;
'Insolvency Event' means, in respect of any company that is party to this Agreement, that such company has ceased to trade, been dissolved, suspended payment of its debts or is unable to meet its debts as they fall due, has become insolvent or gone into liquidation (unless such liquidation is for the purposes of a solvent reconstruction or amalgamation), entered into administration, administrative receivership, receivership, a voluntary arrangement, a scheme of arrangement with creditors or taken any steps for its winding-up.
'Internet' means the global data communications network comprising interconnected networks using the TCP/IP standard;
'Issue Date' means the date of issue of a Digital Certificate to the Subscriber;
'Private Key' means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, and decrypt files or messages which have been encrypted with a Public Key;
'Public Key' means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures and encrypt files or messages;
'Repository' means a publicly available collection of databases for storing and retrieving Digital Certificates, CRL's and other information relating to Digital Certificates and which may be accessed via Digi-Sign's website;
'Schedule' means the schedule attached to this Agreement;
'Scope of Use' shall have the meaning, if any, set out in Schedule 1 to this Agreement;
'Site' means a place at which Digi-Sign agrees to provide the Subscription Service;
'Selected Subscriber Data' means all of the Subscriber Data set out in the Schedule to this Agreement marked with the initials 'SSD'
'Software' means any software provided by Digi-Sign to enable the Subscriber to access or use the Subscription Service;
'Subscriber' means the individual or body corporate named on the Enrolment Form during the online registration process and anyone that acts or purports to act with that person's authority or permission;
'Subscriber Data' means information about the Subscriber required by Digi-Sign to provide the Subscription Services, including without limitation, the information set out in the Schedule to this Agreement (which may or may not contain personal data for the purposes of the Data Protection Act 1998) which must be provided by the Subscriber on the Enrolment Form during the online registration process;
'Subscription Service' means the Digital Certificate subscription services and any solutions (including Digital Certificates, Public Keys and Private Keys) described in the Schedule to this Agreement;
'Third Party Data' means data, information or any other materials (in whatever form) not owned or generated by or on behalf of the Subscriber;
'URL' means a uniform resource locator setting out the address of a webpage or other file on the Internet.
2.2 Subject to Clause 16, references to 'indemnifying' any person against any circumstance include indemnifying and keeping him harmless from all actions, claims and proceedings from time to time made against him and all loss, damage, payments, cost or expenses suffered made or incurred by him as a consequence of that circumstance;
2.3 The schedule to this Agreement forms part of this Agreement and shall have the same force and effect as if expressly set out in the body of this Agreement, and any reference to this Agreement shall include the schedule. To the extent that there is an inconsistency between the terms of the body of this Agreement and its schedule, the terms of the body of this Agreement shall prevail.
3. Provision of Digital Certificate Subscription Services
3.1 Provided that Digi-Sign is able to validate, to its satisfaction, the Subscriber Data, Digi-Sign shall accept a Subscriber's application for the Subscription Service (as such application is set out in the Enrolment Form) and shall provide the Subscriber with the Subscription Service set out in the Schedule in accordance with the terms of this Agreement and the Schedule, save that Digi-Sign reserves the right to refuse a Subscriber's application for the Subscription Service by notifying the Subscriber as soon as reasonably possible.
3.2 Subscriber shall, in consideration for the provision of the Subscription Service and the licences granted under this Agreement, pay to Digi-Sign the Charges set out in the Schedule in accordance with clause 6 of this Agreement.
4. Use of the Subscription Service
4.1 The Subscription Service is provided by Digi-Sign for the Subscriber's own use and the Subscriber hereby agrees not to resell or attempt to resell (or provide in any form whether for consideration or not) the Subscription Service (or any part of it) to any third party and shall not allow any third party to use the Subscription Service without the written consent of Digi-Sign.
4.2 The Subscriber shall:
4.2.1 Use or access the Subscription Service only in conjunction with the Software or other software that may be provided by Digi-Sign from time to time or specified by Digi-Sign to be appropriate for use in conjunction with the Subscription Service.
4.2.2 be responsible, at its own expense, for access to the Internet and all other communications networks (if any) required in order to use the Subscription Service and for the provision of all computer and telecommunications equipment and software required to use the Subscription Service save where the same is not expressly provided under the terms of this Agreement;
4.2.3 obtain and keep in force any authorisation, permission or licence necessary for the Subscriber to use the Subscription Service save where Digi-Sign expressly agrees to obtain the same under the terms of this Agreement;
4.2.4 remain responsible for the generation of any Subscriber's Private Key and shall take all reasonable precautions to prevent any violation of, loss of control over, or unauthorised disclosure of confidential information relating to the Subscription Service; and
4.2.5 shall be solely responsible for any transactions of any kind entered into between the Subscriber and any third party using or acting in reliance on the Subscription Service and acknowledges that Digi-Sign shall not be a party to, or be responsible in any way for, any such transaction.
4.3 The Subscriber shall not use the Subscription Service to transmit (either by sending by email or uploading using any format of communications protocol), receive (either by soliciting an email or downloading using any format of communications protocol), view or in any other way use any information which may be illegal, offensive, abusive, contrary to public morality, indecent, defamatory, obscene or menacing, or which is in breach of confidence, copyright or other intellectual property rights of any third party, cause distress, annoyance, denial of any service, disruption or inconvenience, send or provide advertising or promotional material or other form of unsolicited bulk correspondence or create a Private key which is identical or substantially similar to any Public Key.
5. Licence of Digital Certificate Technology
5.1 Digi-Sign grants the Subscriber a revocable, non-exclusive, non-transferrable personal licence to use any Digital Certificates provided in accordance with the Subscription Service, any Digital Signature generated using the Subscriber's Public Key and Private Key and any manuals or other documents relating to the above insofar as is necessary for the Subscriber to utilise the Subscription Services.
5.2 The Subscriber shall not copy or decompile (except where such decompilation is permitted by Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society) enhance, adapt or modify or attempt to do the same to the Digital Certificates, Public Keys and Private Keys, or any Digital Signature generated using any Public Key or Private Key; or any documents or manuals relating to the same without Digi-Sign's prior written consent.
6. Charges and Payment Terms
6.1 The Charges shall be due to be paid by the Subscriber on or before the Issue Date.
6.2 Digi-Sign shall refund the Charges (including any Value Added Tax or any other appropriate sales, use tax or equivalent charge) paid to it by the Subscriber if within 20 Business Days of the Issue Date, the Subscriber has not used the Subscription Service and has, within this period, made a written request to Digi-Sign for revocation of the Digital Certificate issued to it or Digi-Sign revokes the Digital Certificate pursuant to Clause 7.3.
7. Security
7.1 The Subscriber shall take all reasonable measures to ensure the security and proper use of all personal identification numbers, Private Keys and passwords used in connection with the Subscription Service. The Subscriber shall also immediately inform Digi-Sign if there is any reason to believe that a personal identification number, Private Key or password has or is likely to become known to someone not authorised to use it, or is being, or is likely to be used in an unauthorised way, or if any of the Subscriber Data provided by the Subscriber using the on-line registration process or subsequently notified to Digi-Sign ceases to remain valid or correct or otherwise changes.
7.2 The Subscriber shall have sole responsibility for all statements, acts and omissions which are made under any password provided by it to Digi-Sign.
7.3 Digi-Sign reserves the right to revoke a Subscriber's Digital Certificate in the event that Digi-Sign has reasonable grounds to believe that:
7.3.1 a personal identification number, Private Key or password has, or is likely to become known to someone not authorised to use it, or is being or is likely to be used in an unauthorised way;
7.3.2 a Subscriber's Digital Certificate has not been issued in accordance with the policies set out in the Digi-Sign CPS;
7.3.3 the Subscriber has requested that its Digital Certificate be revoked;
7.3.4 there has been, there is, or there is likely to be a violation of, loss of control over, or unauthorised disclosure of Confidential Information relating to the Subscription Service; or
7.3.5 the Subscriber Data is no longer correct or accurate, save that Digi-Sign has no obligation to monitor or investigate the accuracy of information in a Digital Certificate after the Issue Date of that Digital Certificate; or
7.3.6 the Subscriber has used the Subscription Service with third party software not authorised by Digi-Sign for use with the Subscription Service.
and Digi-Sign may, in its absolute discretion after revocation of a Digital Certificate, reissue a Digital Certificate to the Subscriber or terminate this Agreement in accordance with the provisions of Clause 15.
7.4 The Subscriber agrees to discontinue all use of the Subscriber's Digital Certificate if the Subscriber's Digital Certificate is revoked in accordance with this Agreement, the Certificate Period expires, this Agreement is terminated, or any of the information constituting the Subscriber Data ceases to remain valid or correct or otherwise changes.
8. Confidentiality
8.1 Neither party shall use any Confidential Information other than for the purpose of performing its obligations under this Agreement save where Confidential Information is required for the provision of the Subscription Service.
8.2 Each party shall procure that any person to whom Confidential Information is disclosed by it complies with the restrictions set out in this clause 8 as if such person were a party to this Agreement.
8.3 Notwithstanding the previous provisions of this clause 8 either party may disclose Confidential Information if and to the extent required by law, for the purpose of any judicial proceedings or any securities exchange or regulatory or governmental body to which that party is subject, wherever situated, including (amongst other bodies) the Dublin Stock Exchange Limited or the Panel on Take-overs and Mergers, whether or not the requirement for information has the force of law, and if and to the extent the information has come into the public domain through no fault of that party.
8.4 The restrictions contained in this clause 8 shall continue to apply to each party for the duration of this Agreement and for the period of 5 years following the termination of this Agreement.
9 Subscriber Data
9.1 The Subscriber acknowledges that in order to provide the Subscription Service the Selected Subscriber Data shall be embedded in the Subscriber's Digital Certificates and the Subscriber hereby consents to the disclosure to third parties of such Selected Subscriber Data held therein.
9.2 The Subscriber hereby grants Digi-Sign permission to examine, evaluate, process and in some circumstances transmit to third parties located outside the European Union the Subscriber Data insofar as is reasonably necessary for Digi-Sign to provide the Subscription Service.
9.3 Digi-Sign shall in performing its obligations under this Agreement, comply with the Data Protection Act 1998 and any legislation or guidelines which amends or replaces such legislation and shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against actual loss or destruction of or damage to such data.
10. Intellectual Property Rights
10.1 Unless otherwise agreed in writing, the parties agree that Digital Certificates, Digi-Sign Public Keys, and
Digi-Sign Private Keys are the property of Digi-Sign and the Subscribers Private Keys are the property of the Subscriber.
10.2 The Subscriber agrees not to use the Digi-Sign name, brand, get-up or logo in any way except with Digi-Sign's prior written consent.
11. Digi-Sign Obligations
11.1 Digi-Sign agrees to:
11.1.1 provide the Subscription Service with the reasonable skill and care of a competent provider of similar Digital Certificate services save that Digi-Sign does not undertake to provide a fault free service;
11.1.2 investigate and verify prior to the Issue Date the accuracy of the information to be incorporated in the Digital Certificate in accordance with the procedures set out in the Schedule to this Agreement ;
11.1.3 use its reasonable endeavours to provide the Subscription Service by the date agreed in writing with the Subscriber but that Digi-Sign is under no obligation to meet any agreed date and has no liability to the Subscriber for failure to provide the Subscription Service (or any part thereof) by such date; and
11.1.4 maintain a copy in the Repository and details in the CRL of each Digital Certificate which has been revoked or has expired for a reasonable period after the Digital Certificate's revocation or expiry.
12. Subscriber Warranties, Representations and Indemnities
12.1 The Subscriber warrants, represents and undertakes that:
12.1.1 all Subscriber Data is, and any other documents or information provided by the Subscriber are, and will remain accurate and will not include any information or material (or any part thereof), the accessing or use of which would be unlawful, contrary to public interest or otherwise likely to damage the business or reputation of Digi-Sign in any way;
12.1.2 it has and will comply with all consumer and other legislation, instructions or guidelines issued by regulatory authorities, relevant licences and any other codes of practice which apply to the Subscriber or Digi-Sign (such codes of practice to be notified to the Subscriber by Digi-Sign in advance) and that the Subscriber has obtained all licences and consents necessary for performing its obligations to extend full co-operation at all times to third parties working from time to time with Digi-Sign; and
12.1.3 it has full power and authority to enter into this Agreement and to perform all of its obligations under this Agreement.
12.2 Subscriber shall promptly disclose in writing to Digi-Sign anything which constitutes a breach of, or is inconsistent with any of the warranties and undertakings in Clause 12.1.
12.3 The Subscriber shall indemnify Digi-Sign against any claims or legal proceedings which are brought or threatened against Digi-Sign by any third party as a result of the Subscriber's breach of the provisions of this Agreement.
Digi-Sign will notify the Subscriber of any such claims or proceedings and keep the Subscriber informed as to the progress of such claims or proceedings.
12.4 The Subscriber agrees not to make any representations regarding the Subscription Services to any third party except as agreed in writing by Digi-Sign.
13. Exclusion of Warranties
Save as expressly provided under this Agreement all other warranties either expressed or implied are hereby excluded to the fullest extent permissible by law.
14. Term and Termination
14.1 This Agreement shall commence on the Commencement Date and shall continue for the Certificate Period unless terminated earlier in accordance with this Clause 14.
14.2 Either party may terminate this Agreement for convenience by providing to the other 20 Business Day's written notice.
14.3 This Agreement may be terminated forthwith or on the date specified in the notice:
14.3.1 by either party if the other commits any material breach of any term of this Agreement and which (in the case of a breach capable of being remedied) shall not have been remedied within 20 Business Days of a written request by the other party to remedy the same or by either party, if in respect of the other party, an Insolvency Event occurs or that other party ceases to carry on its business;
14.3.2 by Digi-Sign in the event a Digital Certificate is revoked in accordance with the provisions of Clause 7.3 or if Digi-Sign is unable to validate, to its satisfaction, all or part of the Subscriber Data.
15. Consequences of Termination
15.1 If this Agreement is terminated by Digi-Sign under Clause 14 for any reason or under Clause 17.3 Digi-Sign may (in the event that a Subscriber's Digital Certificate has not already been revoked) revoke the Subscriber's Digital Certificate without further notice to the Subscriber and the Subscriber shall pay any Charges payable but not yet paid under this Agreement.
16. Limitation of Liability
16.1 Nothing in this Agreement shall exclude or limit the liability of either party for death or personal injury resulting from the negligence of that party or its directors, officers, employees, contractors or agents, or in respect of fraud or of any statements made fraudulently by either party;
16.2 Subject to clause 16.1 Digi-Sign shall not be liable to the Subscriber whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Digi-Sign shall be liable to the Subscriber in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Digi-Sign's maximum liability to the Subscriber shall be limited to the Charges paid by the Subscriber under this Agreement or €10,000, whichever is the greater.
16.3 Digi-Sign shall not be liable to the Subscriber for any loss suffered by the Subscriber due to use of the Digital Certificate outside the Scope of Use or for transactions outside the Maximum Transaction Value.
16.4 Without prejudice to Subscriber's rights to terminate this Agreement, Subscriber's sole remedy at law, in equity or otherwise in respect of any claim against Digi-Sign shall be limited to damages.
17. Force Majeure
17.1 Neither party hereto shall be liable for any breach of its obligations hereunder resulting from a Force Majeure Event.
17.2 Each of the parties hereto agrees to give written notice forthwith to the other upon becoming aware of a Force Majeure Event such notice to contain details of the circumstances giving rise to the Force Majeure Event and its anticipated duration. If such duration is more than 20 days then the party not in default shall be entitled to terminate this agreement, with neither party having any liability to the other in respect of such termination.
17.3 The party asserting a Force Majeure Event shall not be excused performance of its obligations unaffected by such a Force Majeure Event and shall endeavour to seek an alternative way of fulfilling its affected obligations without any materially adverse affect on the other party.
18. Waiver
The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.
19. Notices
19.1 Notices shall be in writing, and shall be sent to the other party marked for the attention of the person either at the address set out in 19.2 below in the case of Digi-Sign, or the address of the Subscriber as set out on the Enrolment Form. Notices may be sent be first-class mail or facsimile transmission provided that facsimile transmissions are confirmed within 12 hours by first-class mailed confirmation of a copy. Correctly addressed notices sent by first-class mail shall be deemed to have been delivered 48 hours after posting and correctly directed facsimile transmissions shall be deemed to have been received 12 hours after dispatch.
19.2 The address for Digi-Sign Limited is Sidthorpe Lane, Dublin 4, Ireland, Tel: +353 (1) 685-3687, Fax: +353 (1) 685-3688 to be marked for the attention of The Digital Certificate Subscriber Agreement Administrator.
20. Invalidity and Severability
If any provision of this Agreement (not being of a fundamental nature to its operation) is judged to be invalid, illegal or unenforceable, the continuation in full force and effect of the remainder of the provisions will not be prejudiced.
21. Entire Agreement
21.1 This Agreement and Schedules and all documents referred to herein contain the entire and exclusive agreement and understanding between the parties on the subject matter contained herein and supersedes all prior agreements, understandings and arrangements relating thereto. No representation, undertaking or promise shall be taken to have been given or implied from anything said or written in negotiations between the parties prior to this Agreement except as may be expressly stated in this Agreement.
21.2 Without prejudice to any liability for fraudulent misrepresentation, no party shall be under any liability or shall have any remedy in respect of misrepresentation or untrue statement unless and to the extent that a claim lies for breach of this Agreement.
22. Assignment
Neither party may assign or transfer or purport to assign or transfer a right or obligation under this Agreement without first obtaining the other party's written consent.
23. Governing Law and Jurisdiction
This Agreement and all matters arising from or connected with it, are governed by and shall be construed in accordance with Irish law and the parties hereby submit to the non-exclusive jurisdiction of the Irish courts.
24. Rights of Third Parties
For the avoidance of doubt no third party shall be entitled (for the purposes of the Contracts (Rights of Third Parties) Act 1999) to any rights under this Agreement which it may enter against Digi-Sign.
Secure Server Certificate Schedule: Digi-SSL Trial™ Solution Type
1. Definitions used in this Schedule
"Fully Qualified Domain Name" means a URL that includes a second level Domain Name and that fully identifies a directory on the Server;
"Root Domain Name" means the highest level of a URL that identifies multiple directories on the Server;
"Secure Server Certificate" means the Digital Certificate produced pursuant to the Subscription Service described in this Schedule;
"Certificate Signing Request" means an electronic data file created by the Subscriber using the Subscriber's installed SSL or TLS enabled web server software;
"Server" means the Subscriber's server operating at either a Root Domain Name or Fully Qualified Domain Name provided by the Subscriber to Digi-Sign and which is crytographically bound to the public key set out in the Secure Server Certificate.
2. The Subscription Service
2.1 Digi-Sign shall provide a Secure Server Certificate designed for installation within the Subscriber's SSL enabled web server software and for use with an SSL v2.0 (or above) or TLS v 1.0 enabled web browser. The Secure Server Certificate shall either; cryptographically bind a Public Key to a the Server operating at a Fully Qualified Domain Name; or cryptographically bind a Public Key to a the Server operating at a Root Domain Name. In both cases, the Public Key is used in the SSL/TLS Protocol to authenticate the Server and establish an encrypted session between an SSL v2.0 enabled web browser and the Subscriber's Server.
3. Scope of Use
3.1 The Secure Server Certificate is provided for test purposes only. The Subscriber may only use the Secure Server Certificate for the purpose of testing the compatibility and suitability of Digi-Sign Secure Server Certificates.
3.2 The Subscriber will not use the Secure Server Certificate to enter into any transactions of value without the explicit and written consent of Digi-Sign.
3.3 Digi-Sign's maximum liability to the Subscriber shall be limited to the Charges paid by the Subscriber under this Agreement or €0.01 whichever is the greater.
4. Charges
4.1 There is no charge for the provision of the Secure Server Certificate pertaining to this schedule.
5. Certificate Period
The Certificate Period shall commence on the Issue Date and shall continue for the period of 14 days or until revocation of the Digital Certificates by Digi-Sign in accordance with the terms of this Agreement, whichever is earlier.
6. Subscriber Data
6.1 The Subscriber shall provide the following Subscriber Data: Certificate Signing Request (CSR) (SSD), Company Name (SSD), Street address 1, Street Address 2, PO Box, City (SSD), County/State (SSD), Postal/Zip code, Domain Name (SSD), an account username, an account password, Administrator contact details, and an acknowledgement of Subscriber's consent to the terms of this Agreement. Items marked as SSD will either be embedded into the Subscriber's Secure Server Certificate and all other data referenced in paragraph.
6.2 The Subscriber acknowledges that in order to provide the Subscription Services the Subscriber Data provided by the Subscriber on the Enrolment Form during the on-line registration process may be held in the Directory and the Subscriber hereby consents to the disclosure to third parties of such Subscriber Data held therein.
This Certificate Subscriber Agreement was last updated on 28 April, 2008.
At Digi-Sign, The Certificate Corporation [Digi-Sign] we aim to offer you the highest standard of customer service. However, in the unlikely event that you do have reason to make a complaint about the service you have received from us, you should email complaints@digi-sign.com [15] with details of your complaint or telephone our customer careline on +353 (1) 685-3680 between the hours of 9.00am - 5.00pm GMT, Monday - Friday.
We guarantee that we will investigate your complaint thoroughly. We will acknowledge your complaint within 3 working days giving the name of the person dealing with your complaint and provide you with a full response within 10 working days.
For questions about this Complaint Policy, the practices of this site or any dealings with Digi-Sign Limited, contact us at:
Digi-Sign Limited
Sidthorpe Lane
Dublin 4
IRELAND
complaints@digi-sign.com [15]
Digi-CA™ is a suite of Certification Authority [CA] systems from Digi-Sign Limited that has a contractual responsibility to issue digital certificates to Subscribers (end entity web sites) under the provisions stated within the Certificate Practice Statement [CPS]. At the point of issuance Digi-Sign asserts that it has validated in accordance to the practices stated within the CPS for each solution type. This assertion states that the domain name used in the application is the legal property, or has been duly licensed / provided to, the Subscriber and the Subscriber is a legally accountable entity.
During application the Subscriber must provide certain information for use in the validation process. Part of this information may be present within the issued digital certificate in order to meet the EU directive for a Fully Qualified Certificate and may be viewed by double clicking the Digi-SSL™ padlock or clicking the Digi-Seal™ image. Information not displayed through either of these methods falls under the Data Protection Act and is not publicly available.
The Subscriber may use Digi-Sign services within the stipulations of the
Such stipulations do not allow the Subscriber to use the services to breach local legislation or trading laws.
As a person relying on the Digi-Sign services you are protected under the and have the right to report an alleged breach of service agreement by a Subscriber. Digi-Sign will investigate the complaint and take action accordingly.
If you have a complaint against any Subscriber please contact with the following information:
Please note that Digi-Sign requires legally admissible evidence to consolidate any complaint made against a Subscriber. For further advice please contact
At Digi-Sign, The Certificate Corporation [Digi-Sign] we aim to offer you the highest standard of customer service. However, in the unlikely event that you do have reason to make a complaint about the service you have received from us, you should email complaints@digi-sign.com [15] with details of your complaint or telephone our customer careline on +353 (1) 662-1249 between the hours of 9.00am - 5.00pm GMT, Monday - Friday.
We guarantee that we will investigate your complaint thoroughly. We will acknowledge your complaint within 3 working days giving the name of the person dealing with your complaint and provide you with a full response within 10 working days.
For questions about this Complaint Policy, the practices of this site or any dealings with Digi-Sign Limited, contact us at:
Digi-Sign Limited
Sidthorpe Lane
Dublin 4
IRELAND
complaints@digi-sign.com [15]
As part of the Digi-Sign pledge to our customers, we recognise and respect your right to privacy. This privacy policy statement informs our customers of the privacy practices employed in the provision of Digi-Sign's solutions, services and website. Questions relating to this policy statement should be directed towards the Digi-Sign support team at info@digi-sign.com [1].
CPS and Associated Agreements
This Privacy Policy statement supplements the practices and policies stated within the Subscriber Agreement (and associated solution Schedules), Relying Party Agreement and Digi-Sign Certification Practice Statement (CPS). Please refer to these documents for the practices employed by Digi-Sign for the issuing, management and revocation of certificate based solutions.
http://www.digi-sign.com/repository [16]
Informational Collection and Use
Digi-Sign do not collect any information on its customers without consent. As part of the service offerings, customers will be prompted for information when enrolling for a certificate, downloading a solution or requesting further information. No information is collected about a customer if just browsing the website.
Anti-Spam Policy
Digi-Sign does not employ the use of spam for propogating its solution awareness or special offers.
Certificate enrolment
When enrolling for a certificate, customers will be required to provide certain information as per the requirements for the certificate solution type. The exact informational requirements are set out in the relevant Subscriber Agreement and associated schedules and listed in the Digi-Sign CPS. Some of the submitted details will be displayed within the certificate and as a result will be publicly available. Details that will become public are clearly stated as 'public' in the enrollment process, Subscriber Agreement and associated schedules.
Solution Download
When downloading a Digi-Sign solution, you will be required to submit personal information as specified on the download page. This information will be used by Digi-Sign to contact the customer about the services on our site for which they have expressed interest, including solution updates and associated promotional material. It also aids Digi-Sign in providing improved global services by collating general demographic information. Please refer to the opt-out policy described later in this policy statement.
Information Request
Digi-Sign provide the ability to request further information or ask questions to the support team by displaying email links throughout the website. If a customer elects to use such links they may be requested to provide additional information depending on the nature of the contact. Typically, such additional information may include further contact details, and in the case of technical support, additional information about the customer's PC configuration may be required to aid a prompt a accurate response to the query.
Cookies
A cookie is a piece of data stored on a computer's hard disk containing information about the owner. At the time of publishing this statement Digi-Sign does not employ the use of cookies for measuring the success of advertising and affiliate network membership. Our partners may use cookies. Digi-Sign do not exercise any access or control of such cookies.
Log Files
Digi-Sign use log files comprising of IP addresses to analyse trends, administer the site, track movements throughout the site, calculate the number of document and file downloads, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Sharing
Digi-Sign will share aggregated demographic information with our partners. This is not linked to any personal information that can identify any individual person.
External Links
The Digi-Sign website contains links to external websites. Digi-Sign is not responsible for the privacy practices of such other sites. This privacy statement applies solely to information collected by this website. Digi-Sign have no control over the accuracy of information displayed by such websites.
Security
This website takes every precaution to protect our customer's information. When customers submit sensitive information via the website, such information is protected both online and off-line.
During certificate enrolment, where sensitive information is required, the transmission of information is encrypted and protected using Secure Sockets Layer (SSL). This includes the submission of any payment information such as credit card details.
Digi-Sign use SSL encryption to protect sensitive information online and do everything in our power to protect user-information off-line. All of our customer's information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example billing administration or the development team) are granted access to personally identifiable information. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to customer information. Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers' information is protected. The servers that we store personally identifiable information on are kept in a secure environment, behind a locked cage. The cryptographic keys used to issue certificates are maintained in the secure environment of FIPS-140 level 4 accredited IBM 4758 crypto devices.
Supplementation of Information (validation of submitted details)
In order for Digi-Sign to properly fulfil its obligation to our customers, it is necessary for us to supplement the information we receive with information from 3rd party sources.
For example, prior to the issuance of some certificate types Digi-Sign may use the WHOIS database, Government sourced companies house database or Dun & Bradstreet company lookup information to validate the accuracy of supplied data. This is an integral aspect of the service provided by Digi-Sign.
Service Updates
Established customers will occasionally receive information on solutions, services, special deals, and a newsletter. Out of respect for the privacy of our customers we present the option not to receive these types of communications. We also send the user service announcement updates. Customers are not able to unsubscribe from service announcements, which may contain important security information about the service.
Updating Customer Information
If a customer's personally identifiable information or certificate specific information changes they may update the original information provided. Changes can be made by logging into the Members area and using the services provided in the Manage Account section.
Choice / Opt out
Customers are given the opportunity to 'opt-out' of having information used for purposes not directly related to the Digi-Sign service offering at the point where the information is requested. For example, all certificate enrolment and solution downloads has an 'opt-out' mechanism so customers who buy a solution from us, but would prefer not to receive any marketing material, can request to have their email address kept off of our lists.
If customers no longer wish to receive our newsletter or promotional materials from our partners, they may opt-out of receiving these communications by emailing Digi-Sign at info@digi-sign.com [1].
Customers of our site are always notified when their information is being collected by any outside parties. We do this so our customers can make an informed choice as to whether they should proceed with services that require an outside party, or not.
Certificate Revocation & Expiry
Access to all issued certificates is provided through the Digi-Sign public repository. Because of the nature of the service provided, there may be circumstances under which a certificate is revoked (cancelled). Furthermore, as the lifetime of all certificates is finite (lasting usually 1 year), certificates will expire.
Digi-Sign still provides public access to both revoked and expired certificates to ensure a party relying on the certificate may still be able to retrieve the certificate and verify a signature made with the certificate. Such certificates are flagged as revoked or expired within the repository.
Customer consent
By using our Web site, customers consent to the collection and use of this information by Digi-Sign Limited. If any subsequent changes are made to our privacy policy, we will post those changes on the policy update page so that customers are always aware of what information is collected, how it is used and under what circumstances it may be disclosed.
Welcome to www.digi-sign.com [7], the official web site of Digi-Sign Limited ("Digi-Sign"). Please take time to read these important terms and conditions of use of our web site (the "Digi-Sign Site").
1. Application of Terms
1.1 These Website Terms and Conditions (the "Terms") govern the relationship between you and Digi-Sign with regard to your use of the Digi-Sign Site
1.2 By accessing any part of the Digi-Sign Site, you consent to the Terms. Digi-Sign reserves the right to change the Terms from time to time without prior notice and accordingly you should check the Terms each time you access the Digi-Sign Site.
2. Use of the Website
2.1 The Digi-Sign Site is provided "as is" and for your own personal, non-commercial use only. You may download, display, reformat or print parts of the Digi-Sign Site for your own personal, non-commercial use.
2.2 You agree not to modify, copy, distribute, transmit, display, reproduce, publish, license or otherwise use the content of the Digi-Sign Site for resale, redistribution or for any other commercial use.
2.3 You shall not use the Digi-Sign Site for any purpose that is unlawful, abusive, libelous or threatening or for the transmission of any virus or any other computer code, files, or programmes which are designed or likely to interrupt, damage, destroy any computer hardware or software or interfere in any way with the normal operations of the
Digi-Sign Site.
2.4 You acknowledge that the Digi-Sign Site has been specifically designed for use in the United Kingdom and agree not to use or access the Digi-Sign Site in and from jurisdictions in which it or its contents are restricted or prohibited by local law.
3. Digi-Sign Solutions and Services
3.1 You acknowledge that Digi-Sign offers certain solutions and services on the Digi-Sign Site and that if you use or rely on these solutions or services you shall be bound by a separate agreement between you and Digi-Sign, the terms of which you shall accept on enrollment for a solution or service or prior to reliance on a Digi-Sign solutions or service. This separate agreement contains the complete terms for use of or reliance on the relevant Digi-Sign solution or service including all warranties and representations relating to that solution or service. Digi-Sign does not give any warranties or representations in these Terms about the quality, functioning or accuracy of Digi-Sign's solutions or services.
4. Third party sites
4.1 You acknowledge that the Digi-Sign Site may contain links to websites operated by third parties ("Third Party Sites"). You further acknowledge that these links are for your convenience only and Digi-Sign does not endorse, nor purport to control, monitor or verify the contents of the Third Party Sites. Digi-Sign shall not be liable for the contents of the Third Party Sites or for any loss, damage or injury sustained by you arising out of use by you of a Third Party Site.
5. Intellectual Property Right Notice
5.1 You acknowledge and accept that all of the copyright, database rights and any other intellectual property rights which subsist in the design, layout, processes, functions, data and content of the Digi-Sign Site are the property of Digi-Sign, its information providers, advertisers and other licensors. No part of the Digi-Sign Site, or its content may be copied or reproduced (except for your personal use and as per clause 2.1 of these Terms).
5.2 Digi-Sign grants you a personal, non-exclusive, nontransferable license to access the Digi-Sign Site and use the Digi-Sign Site in accordance with these Terms.
5.3 Digi-CA™, Digi-CS™, Digi-SSL™, Digi-Access™, Digi-Mail™, Digi-ID™, Digi-CAST™, Digi-ISP™, Digi-Trust™, Digi-Token™, Digi-Card™, Digi-Flow™, Digi-Docs™,Digi-Pay™, Digi-Bill™ and Digi-Scan™ are trademarks of Digi-Sign.
All other trademarks contained in the Digi-Sign Site belong to their respective owners. You are not authorised under these Terms to use any of Digi-Sign's trademarks or any other trademarks contained in the Digi-Sign Site.
6. Disclaimer and exclusion of liability
6.1 Digi-Sign has taken all reasonable steps to ensure that the information on the Digi-Sign Site is accurate, complete and up to date and that the Digi-Sign Site functions correctly. However, no warranty, representation or assurance (whether express or implied) of any kind is given in this respect, nor that the Digi-Sign Site shall be compatible with your hardware and software and bug and/or virus-free, that it shall be accessible without interruption or that it or the information contained on it will meet your requirements.
6.2 YOU AGREE THAT DIGI-SIGN SHALL NOT BE LIABLE FOR ANY LOSS, DAMAGE OR INJURY WHATSOEVER (WHETHER DIRECT, INDIRECT, CONSEQUENTIAL OR FUTURE AND WHETHER OR NOT REASONABLY FORESEEABLE, CONTEMPLATABLE OR ACTUALLY CONTEMPLATED BY THE PARTIES) SUSTAINED BY YOU OR THIRD PARTIES ARISING OUT OF YOUR USE OF THE DIGI-SIGN SITE, WITH THE EXCEPTION THAT DIGI-SIGN DOES NOT PURPORT TO EXCLUDE LIABILITY IN RESPECT OF:
6.2.1 DEATH OR PERSONAL INJURY AS A RESULT OF ANY NEGLIGENCE; AND
6.2.2 FRAUD OR FRAUDULENT STATEMENTS ON THE PART OF ITS DIRECTORS, OFFICERS, EMPLOYEES, CONTRACTORS OR AGENTS.
6.3 WITHOUT PREJUDICE TO THE GENERALITY OF CLAUSE 6.2, YOU AGREE THAT DIGI-SIGN SHALL NOT BE LIABLE TO YOU FOR ANY LOSS OF PROFIT, LOSS OF REVENUE, LOSS OF ANTICIPATED SAVINGS, LOSS OR CORRUPTION OF DATA, LOSS OF CONTRACT OR OPPORTUNITY OR LOSS OF GOODWILL.
6.4 THE PARTIES AGREE THAT ALL STATUTORY WARRANTIES AND ANY OTHER WARRANTIES EITHER EXPRESSED OR IMPLIED ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMISSIBLE BY LAW.
7. Indemnity
7.1 YOU AGREE TO INDEMNIFY AND HOLD DIGI-SIGN HARMLESS FROM ANY CLAIM OR DEMAND MADE BY ANY THIRD PARTY ARISING OUT OF YOUR USE OF THE DIGI-SIGN SITE, YOUR USE OF ANY LINKS TO WEBSITES OPERATED BY THIRD PARTIES [AND DIGI-SIGN'S USE OF ANY INFORMATION SUPPLIED BY YOU]. YOU AGREE TO COOPERATE WITH DIGI-SIGN AND TO COMPLY WITH ITS REASONABLE INSTRUCTIONS TO LIMIT OR MINIMISE ANY LIABILITY OF DIGI-SIGN.
8. General
8.1 No third party shall have any rights to bring a claim under the Contracts (Rights of Third Parties) Act 1999 in respect of these Terms.
8.2 The rights and obligations created by these Terms are enforceable by and may be assigned by Digi-Sign. You may not assign your rights or obligations under these Terms.
8.3 To the extent that any of the provisions of these Terms are or become unenforceable, then it is the intention of the parties that such part be severed from the remaining part, and this shall not affect the validity or enforceability of the Terms as a whole or of any other provisions thereof.
9. Governing Law and Jurisdiction
9.1 The parties agree that these Terms are governed by Irish Law and the Irish Courts have exclusive jurisdiction.
If you have any complaint or query in relation to the Digi-Sign Site of these Terms, please email: info@digi-sign.com [1]
Links:
[1] mailto:info@digi-sign.com
[2] http://www.digi-sign.com/en/about/repository/equal
[3] https://www.digi-sign.com/downloads/download.php?id=digi-ca-pdf
[4] http://www2.digi-sign.com/en/digi-ca
[5] http://www.digi-sign.com/sla
[6] http://www2.digi-sign.com/downloads/pdf/Digi-CPS-v3.6.pdf
[7] http://www.digi-sign.com
[8] https://www.digi-sign.com/downloads/download.php?id=arp-validations-pdf
[9] http://www.mysite.users.internet.co.uk
[10] http://www.bis.doc.gov/dpl/thedeniallist.asp
[11] http://www.bis.doc.gov/Entities/Default.htm
[12] http://www.treas.gov/ofac/t11sdn.pdf
[13] https://www.digi-sign.com/downloads/download.php?id=aacd-digi-ssl-pdf
[14] http://www2.digi-sign.com/aacd
[15] mailto:complaints@digi-sign.com
[16] http://www.digi-sign.com/repository