REACH-IT Industry User Manual

Transcription

1 REACH-IT Industry User Manual Part 02 - Sign-up and account management

2 2 REACH-IT Industry User Manual Version: 2.1 Version Changes 2.1 April 2014 Updates related to REACH-IT 2.7 regarding Terms and Conditions, validation and ECHA regulatory contact person. 2.0 Document in new layout. Figures and links updated. 1.1 New format. Moved some content from part 01 to this part. 1.0 First version Part 02 - Sign-up and account management Reference: ECHA-12-G-17-EN Publ.date: April 2014 Language: EN European Chemicals Agency, 2014 Cover page European Chemicals Agency Reproduction is authorised provided the source is fully acknowledged in the form Source: European Chemicals Agency, and provided written notification is given to the ECHA Communication Unit (publications@echa.europa.eu). This document will be available in the following 22 languages: Bulgarian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovakian, Slovenian, Spanish and Swedish If you have questions or comments in relation to this document please send them (quote the reference and issue date) using the information request form. The information request form can be accessed via the Contact ECHA page at: European Chemicals Agency Mailing address: P.O. Box 400, FI Helsinki, Finland Visiting address: Annankatu 18, Helsinki, Finland

3 Part 02 - Sign-up and account management Release date: April Table of Contents 1. INTRODUCTION DEFINITIONS AND CONCEPTS Party Users User Roles User account management Contacts Legal Entity Object Use of IUCLID 5 for REACH-IT management Signing-up in REACH-IT A LEOX has already been obtained from the IUCLID web site A LEOX has not already been obtained from the IUCLID web site Updating company information in REACH-IT STEP BY STEP INSTRUCTIONS FOR PARTY SIGN-UP Creating a REACH-IT account for a company Local IUCLID 5 is already installed Local IUCLID 5 is not yet installed Logging in with the first Company account created Validation Creating a REACH-IT account for a Third Party Representative Local IUCLID 5 is already installed Local IUCLID 5 is not yet installed Logging in with the first TPR account created Updating your user details PARTY ACCOUNT MANAGEMENT STEP-BY-STEP Creating a user Updating a user profile Blocking a user Unblocking a user Resetting a user password Deleting a user PARTY INFORMATION MANAGEMENT STEP-BY-STEP Updating general and billing information Adding a new contact Modifying an existing contact Removing a contact Exporting party information... 49

4 4 REACH-IT Industry User Manual Version: 2.1 Table of Figures Figure 1: Configuration-Role... 9 Figure 2: ECHA Regulatory Contact... 9 Figure 3: Transfer of a LEO between the IUCLID web site and REACH-IT via a LEOX file Figure 3: Update of LEO information Figure 4: Opening screen for sign-up in REACH-IT Figure 5: Terms and Conditions Figure 6: User account page Figure 7: Company Information page Figure 8: File upload box Figure 9: Company Information page Figure 10: Company Information page with company information contained in the LEOX Figure 11: Select the right company size Figure 12: Page for manually entering company information Figure 13: Select the right company size Figure 14: Billing information page Figure 15: Contacts Page Figure 16: Company contacts information page Figure 17: Company contacts address details Figure 18: Company contact list for a party Figure 19: Company validation page Figure 20: Conclusion page after company sign-up Figure 21: Party Login page for REACH-IT Figure 22: Unverified address Figure 23: verification Figure 24: verification Figure 25: REACH-IT company homepage Figure 26: TPR Terms and Conditions screen Figure 27: TPR user account page Figure 28: TPR information page Figure 29: File upload box for TPR LEOX Figure 30: TPR information page Figure 31: TPR information page with General and Contact information Figure 32: Manually encode your TPR information in REACH-IT Figure 33: Page for manually entering TPR information Figure 34: TPR contacts start page Figure 35: TPR s contacts details page Figure 36: TPR contacts address details Figure 37: TPR Contact list for a party Figure 38: TPR validation page... 36

5 Part 02 - Sign-up and account management Release date: April Figure 39: Conclusion page after TPR sign-up Figure 40: Party Login page for REACH-IT Figure 41: REACH-IT TPR homepage Figure 42: REACH-IT top banner Figure 43: View user page Figure 44: Edit user page Figure 45: Confirmation of user information update Figure 46: View user s page with existing users Figure 47: User creation page Figure 48: View User list page with confirmation new user Figure 49: Edit user s page Figure 50: Selection page to block a REACH-IT user Figure 51: Confirmation page to block a REACH-IT user Figure 52: Checking the status of blocked REACH-IT users Figure 53: Selection page to unblock a REACH-IT user Figure 54: Confirmation page to unblock a REACH-IT user Figure 55: Confirmation of unblocked REACH-IT user Figure 56: View Users page with password reset button Figure 57: View Users page with password reset confirmation Figure 58: View Users page with delete button Figure 59: Confirmation for deleting a user Figure 60: View user s page with confirmation message Figure 61: Organisation Information page Figure 62: Updating organisation s information Figure 63: Adding new contacts Figure 64: Update or add contact information Figure 65: Confirmation of newly added contact Figure 66: Confirmation of updated contact information Figure 67: Confirmation of a deleted contact Figure 68: Updated contact list after deleted contact Figure 69: LEOX export button for REACH-IT Company or TPR information Figure 70: Downloading the LEOX from REACH-IT to local system Table of Tables Table 1: The type of party... 6 Table 2: The functions of the party roles, admin, normal and reader... 7

6 6 REACH-IT Industry User Manual Version: INTRODUCTION The Industry User Manual (IUM) is the reference manual that describes to industry users how they can submit and view data within REACH-IT. As REACH-IT evolves, additional and updated parts of this IUM will be released and made available via the ECHA website. Prior to using this Part 2 (Sign-up and account management), it is strongly recommended that the user reads Part 1 Getting started with REACH-IT, where the following topics are discussed in more detail: Structure of this IUM Conventions used, in terms of icons, text, buttons, links, Background information on REACH-IT and its link to the IUCLID 5 website and application How to get additional support is also described in Part 1. Each subsequent parts of this IUM will therefore cover the step-by-step instructions to perform the tasks required for submission of data under REACH. 2. DEFINITIONS AND CONCEPTS In this section, some terms are defined, and some concepts are described, that all relate to the account management in REACH-IT Party A party may either represent a complex business structure, or a simple organised business. Companies and Third-Party Representative (TPR) may be complex multi-user parties as opposed to Data Holder (DH) or Interested Party (IP), who could be simple single-user parties (Table 1). Table 1: The type of party Type of Party Company Third-Party Representative (TPR) Data Holder (DH) Interested Parties (IP) Description Includes the Manufacturer, Importer, Downstream User (DU) and Only Representative (OR). Only Representatives [REACH, Article 8] must sign-up in REACH-IT for each non-eu manufacturer they represent and they must submit pre-registrations and/or dossiers using the appropriate accounts. Participates to data sharing activities on behalf of a Company [REACH, Article 4] (e.g. preparation of joint submission by multiple registrants). TPR activities are mainly linked with pre-registration and (pre-) SIEF. A party that holds information on pre-registered substances and submitting information [REACH, Article 28(7)]; e.g. universities companies manufacturing chemicals in a tonnage of < 1 tpa, trade associations, etc. May participate to certain processes by providing comments (e.g. NGOs which are involved in some of the REACH processes).

7 Part 02 - Sign-up and account management Release date: April Any party must be signed-up into the REACH-IT system to get access rights and to be allowed to submit information and/or chemical data etc. This Sign-up operation is performed by following a step-by-step wizard in REACH-IT (for more details, see section 0 of this document). It is possible for the same Legal Entity to sign-up as different parties into REACH- IT, but these parties are seen as completely separate, and their users are not shared; e.g. a chemical company may sign up as a Company for a substance it manufactures (and must register), and may also sign up as Data Holder for other substances it manufactures (e.g. in quantities < 1 tpa). Data holder may sign-up in REACH-IT only if they want to be included in pre-sief (SIEF); this is voluntary, not compulsory. User accounts from a TPR, DH and/or IP in REACH-IT must be separated from Company accounts and have to sign-up as a different party Users A user is a generic term and is equivalent to an applicant, or a registrant. In this IUM, different user types exist, with different roles. Under REACH-IT, a person may be associated to different user roles. Users are authenticated in REACH-IT by a username and a password. Parties are responsible for their own user (or Account) management (see section 4 of this document) User Roles The very first user is created at sign-up (see section 4 of this document), and is called Company manager, with an Administrator role (see below). Subsequent users are created by the first user, who is able to add new users to the registered party. Assigning roles to users enables to set a level of permissions/ access over the data. By default the Administrator role is assigned to the very first user created during sign-up, who can, in turn, create users and assign roles. The user s credentials and access rights will differ depending upon the party it belongs to and upon his/her role in the party. The possible roles for party users are given in Table 2. Roles involve activities either related to the party data (administrative aspects) or to the substance data. Table 2: The functions of the party roles, admin, normal and reader Role Admin Normal Reader Role level Functions Complete control over user accounts x

8 8 REACH-IT Industry User Manual Version: 2.1 Modify party s data x Submit & update substance data (including pre-sief) x x Read party data x x x Read substance data x x x Read REACH-IT message box x x x The administrator (user level 1) can add, modify or delete users from the REACH-IT system, and furthermore can change information and data pertaining to its party (Legal Entity). Also, the user level 1 can read, submit and update information on substances. The normal user (user level 2) has read-only access to data related to the party, and can submit and update data on substances. The reader user (user level 3) only has read access to the party and substance data. Assigning a role is mandatory; the Reader role will be assigned by default if no role has been assigned at user creation. Depending on the organisation of the party (company or TPR, or other), different reader and/or normal user accounts can be created by the administrator. The functionalities available in the Functional menu depend on the user profile, i.e. a Company user will not have the same menu as a TPR user User account management User Management entails the following tasks: creating a user, assigning/ adding/ removing roles, updating party information, managing user security features such as password reset, access blocking and unblocking. It is not possible to assign one identical user to different companies. One user account belongs to one party only. Account management tasks can only be performed by users with the Administrator role. All the information provided for a user account during its creation can be modified later except, the User ID. The data, which can be edited, include: General information; Billing information, and Contacts (include their creation, deletion and modification) Contacts The REACH-IT application allows the administrator to include Contacts and to link them to the Party (e.g. in the accounting department or in the registration team). This is an optional

9 Part 02 - Sign-up and account management Release date: April step during the sign-up process. The list of contacts stored in REACH-IT can be considered as an address book (phone and/or information), to be solely used by ECHA, for the purpose of contacting the company, without using the REACH-IT system, to obtain further details about the information submitted e.g. in pre-registration, inquiry or registration. These contacts can be used to specify a contact person for a pre-registration and dossier created online. If no contact is specified, ECHA will use the company general contact information. The Contacts are not connected to User accounts. Therefore, they do not have a REACH-IT message box, nor access to the company pages in REACH-IT. There are five predefined contact types: General, Dossier supervision, Invoice manager, Joint submission and ECHA Regulatory Contact. ECHA recommends that the Company Manager of your company identifies a main contact person who will initiate the follow-up actions required by any important messages from ECHA. This person should be identified in REACH-IT as the ECHA Regulatory Contact. There can be only one ECHA Regulatory Contact. The Company Manager can create a new contact (or edit an existing one) and give to this contact the role of ECHA Regulatory contact in REACH-IT. In order to configurate the role, go to the left side menu in REACH-IT, click on <company view> and click on the <contact> tab. You can modify the Contact type by selecting one contact and clicking on <modify> Figure 1: Configuration-Role Figure 2: ECHA Regulatory Contact When a message arrives in the Action required message box an alert will automatically be sent to the regulatory contact person

10 10 REACH-IT Industry User Manual Version: 2.1 The regulatory contact person receives an alert only if the message requiring action is addressed to the Party, and not if the message is sent to a specific User. This is why it is recommended to the users to leave the New Action Message Alert set to Yes. It is suggested to synchronise the User accounts and the contacts. Some users may have specific roles assigned to them and could be contacted for questions pertaining to that specific role (e.g. the invoice manager has his/her own User account to download invoices, and could also be listed in the contact list as invoice manager to be contacted when additional information is needed by ECHA about invoices) 2.4. Legal Entity Object Use of IUCLID 5 for REACH-IT management IUCLID 5 plays a central role in the IT environment of all organisations dealing with chemical data submission for both REACH and other regulatory programmes, such as the OECD HPV programme or EU Biocides (Table 1). IUCLID is declared in the REACH legislation [REACH, article 111] as the format to use for data collection, dossier preparation and dossier submission. Any interested party can obtain the latest version of IUCLID 5 and its plugins without charge from the IUCLID website at the following address: In order to install the IUCLID 5 application in a local environment, an official LEO must be entered during the installation process. A LEO can be created within the IUCLID web site (standard way), REACH-IT (information entered manually) or an installation of the IUCLID 5 software. However, only LEOs created within the IUCLID web site or REACH-IT are so called official LEOs. To check whether a LEO is official, look in its information section within the IUCLID 5 application. If the box Official entry (LEO) is ticked, it is official. Before downloading the software, each party is requested to sign-up on the IUCLID website by providing information about its Legal Entity, including contact details. This information is managed by the IUCLID web site such that no duplicate entry may exist. In particular, each Legal Entity is uniquely identified by a Universal Unique Identifier (UUID). Legal Entity information, such as contact details provided by the party and the UUID assigned by the IUCLID web site are stored in a so-called Legal Entity Object (LEO). An official LEO can be made available for use globally within an installation of IUCLID 5. It can be attached to user accounts and therefore included within dossiers for submission to REACH- IT. A LEO can be exported to an XML formatted file from either the IUCLID website, REACH-IT or an installation of IUCLID 5. A LEO in XML format is called a LEOX. The most important piece of information in a LEO is the unique company UUID. This cannot be edited: it is read-only per LEO. REACH-IT uses only the company ID to identify the company in all the data processing it carries out.

11 Part 02 - Sign-up and account management Release date: April The standard way of providing company information to REACH-IT during sign-up is to import a ready-made IUCLID 5 LEO in the form of a LEOX (Figure 3). On sign-up, if a party does not have a ready-made LEO in a LEOX, REACH-IT can create a LEO using information entered manually by the party into the interface of REACH-IT (Figure 3). For more details about the installation and use of IUCLID, see its built-in help function and the manuals in the documentation section of the IUCLID web site. Figure 3: file Transfer of a LEO between the IUCLID web site and REACH-IT via a LEOX Signing-up in REACH-IT As mentioned in the previous section, there are two different possibilities when signing up, depending on whether a party has already created a Legal Entity Object (LEO) on the IUCLID web site. All the details on step-by-step sign-up in REACH-IT are provided in this document A LEOX has already been obtained from the IUCLID web site When signing up in REACH-IT, the user uploads a LEOX file that contains information about the company and the party. It is known as a LEOX file because it contains the Legal Entity Object (LEO) encoded in XML format. The LEO must have been created originally on the IUCLID website. The LEOX file can be either the actual one downloaded from the IUCLID web site or, one exported from a local installation of IUCLID. However, the LEO on the local installation of IUCLID 5 must have originated from the IUCLID web site.

12 12 REACH-IT Industry User Manual Version: A LEOX has not already been obtained from the IUCLID web site REACH-IT can generate a new valid LEO during the company sign-up process. Therefore, if a party has not yet downloaded a LEOX from the IUCLID 5 web site, perhaps because it has not yet installed IUCLID 5 locally in its IT environment, it can still sign up to REACH-IT. The party can later upload this LEO into a local IUCLID 5 if required. A LEO cannot be imported into the IUCLID web site to be stored along with those created on the site. However, the values of parameters within the LEO, such as a contact details, can be transferred manually from a LEO in REACH-IT to a LEO either on the IUCLID web site or in an installation of IUCLID. A LEO created by REACH-IT can be used in the installation of IUCLID 5. In that case, no LEO needs to be obtained from the IUCLID web site. It is possible to sign-up with the same OR company information (name, address, etc.), but the company UUIDs that the OR represents cannot be identical. One LEO (UUID) must be created per represented non-eu manufacturer. It is allowed for the same Legal Entity to sign-up as different parties in REACH-IT. These parties are therefore completely separate and their UUID cannot be shared. For example, a chemical company may sign up as a company to register the substance it manufactures and as a TPR to get involved in data sharing processes on behalf of a different company Updating company information in REACH-IT If a value of a parameter changes in a LEO and the LEO is stored in more than one place, it is recommended to synchronise the values of the parameters stored in the LEOs, as described below. Examples of a parameter are the name and address of a contact. Note that the value of the party UUID cannot be changed in a LEO, therefore, synchronisation is not necessary. There are two central places in which LEOs are stored: the IUCLID website and the REACH-IT application between which there is no automatic synchronisation. A LEO can be stored in any number of local installations of IUCLID. A LEO can be imported into REACH-IT only once, when it is attached to a party during sign-up. A LEO cannot be imported into the IUCLID web site. Therefore there are three ways in which the value of a parameter can be transferred between separately stored copies of a LEO. These are shown schematically in Figure 4 in order from left to right. 1) Download the LEO that contains the new value(s) from the IUCLID web site and then upload it into a local installation of IUCLID. 2) Edit the parameters manually. 3) Download the LEO that contains the new value(s) from REACH-IT and then upload it into a local installation of IUCLID.

13 Part 02 - Sign-up and account management Release date: April Figure 4: Update of LEO information Example of case (3) A company signed up to REACH-IT and allowed REACH-IT to create the company UUID. A company user downloaded the LEO in the form of a LEOX and uploaded it into their local installation of IUCLID 5 so that they can use it in the preparation of dossiers submitted to ECHA. Some company information is changed in the LEO in REACH-IT. A company user redownloads the LEO from REACH-IT and re-imports it into the IUCLID 5 used to create dossiers. Now, the LEO information is consistent between the LEO in REACH-IT and that in dossiers submitted to ECHA. 3. STEP BY STEP INSTRUCTIONS FOR PARTY SIGN-UP 3.1. Creating a REACH-IT account for a company To create a REACH-IT account for a company you first have to go to the REACH-IT website via To create a REACH-IT account, click on the link <Sign up as a company> (Figure 5).

14 14 REACH-IT Industry User Manual Version: 2.1 Figure 5: Opening screen for sign-up in REACH-IT The <Terms and Conditions> page opens (Figure 6) once you click on <Sign up as a company>. Please read the Terms and Conditions carefully, they clarify how ECHA will communicate with you. Then click on the <Accept> button if you agree. If you click on the button <Reject> the sign-up process is cancelled and you will not get access to REACH-IT. Each time the Terms and Conditions are changed by ECHA, all users will need to accept the updated Terms and Conditions upon their first login to REACH-IT after the update. The current Terms and Conditions can also be found on the ECHA website at ECHA will use REACH-IT to send you decisions and other important communications such as decisions on your registration, requests for information etc. It is the only route used. You will find the messages in your REACH-IT message box. Please note that when the message has been opened by one user in your company, it has been legally received. All messages are considered received seven calendar days after they were sent even if they have not been opened and can set deadlines in motion. Exceptionnally, some deadlines are set in motion as soon as the message is sent. This is the case for: - Decisions on incomplete registration and PPORD dossiers - ECHA objections to an alternative chemical name for the label or Safety Data Sheet - Requests for information on data sharing disputes

15 Part 02 - Sign-up and account management Release date: April Requests for comments following on from a proposal to amend a draft decision - Consultations in response to requests for access to documents that may concern your company Figure 6: Terms and Conditions The <User account> page (Figure 7) opens with all mandatory fields (*) to be filled in. The <First name> is the first name of the REACH-IT administrator of your company and the <Last name> the last name of the REACH-IT administrator of your company. The < > is the address normally used by the user outside of REACH-IT. This address will be used for important notifications (such as password reset) but also to enable alerts and reminders from the REACH-IT system. The User ID should be chosen. Make sure the address provided is correct. The <User ID> must be unique across the system as, once created, it cannot be changed. The <Password> should be chosen in accordance with the security guidelines indicated in the page. Make sure the User ID and Password specified here are remembered or recorded, as you will always need them for future access to the REACH-IT application.

16 16 REACH-IT Industry User Manual Version: 2.1 Figure 7: User account page The <Security question> will be used in case you need to request a new password. In the <Your answer> field you can provide the answer to the question selected among those proposed in the pick list. It is advised to record the answer. The <Enter the text shown> field requires to type the text that is shown in the CAPTCHA displayed on the screen. This is a type of challenge-response text to ensure the user is human. If you are interrupted during the sign-up process after you have defined your first user, you should not sign-up again but, log in with your user ID and password to complete the process. Click on <Next>: the <Company Information> page opens (Figure 8). Figure 8: Company Information page There are two ways to enter company information in the REACH-IT system, depending on whether the company has already a IUCLID 5 LEOX. More information about the use and creation of a LEOX can be found in section 2.4 of this document.

17 Part 02 - Sign-up and account management Release date: April Local IUCLID 5 is already installed The default way of providing company information is to import the IUCLID 5 LEOX. Click <Browse> (Figure 8) to retrieve your LEOX. Your browser opens the <File upload> dialogue box. Select your locally stored LEOX and click on <Open> (Figure 9). Figure 9: File upload box The <File name> entry field gets populated with the path to your LEOX. Click on <Load file> (Figure 10). Figure 10: Company Information page The <Company Information> page opens (Figure 11) with information contained in the LEOX. At this stage, you can fill in details that are not included in your LEOX, e.g. fax number, mobile phone, company web site, etc.

18 18 REACH-IT Industry User Manual Version: 2.1 Figure 11: Company Information page with company information contained in the LEOX You must always select your company size manually in REACH-IT.

19 Part 02 - Sign-up and account management Release date: April Figure 12: Select the right company size You can find information on how to determine the right company size under the following link: Under the Commission Regulation (EC) No 340/2008 Regulation on the fees and charges payable to ECHA pursuant to Regulation (EC) No 1907/2006 (the Regulation) and in accordance with the Commission Recommendation (EC) 2003/361/EC concerning the definition of micro, small and medium-sized entreprises, ECHA has the responsibility to check the size of the company who claim to be eligible for SME fee reductions to ensure fair competition Local IUCLID 5 is not yet installed Entering company information manually should be considered as a second option if you do not have a IUCLID LEOX. From Figure 10 (Company Information page), click on <encode your information>. The Company information page opens in update mode (Figure 13). Fill in all mandatory fields (*) and select your company size.

20 20 REACH-IT Industry User Manual Version: 2.1 <Company name> does not have to be unique. However, the warning A company with the same name has already been created inside REACH-IT is given if the company name entered already exists in the system. You can then choose to <Create it anyway> or <Cancel> so you can change the name. <Company UUID>. Parties with different UUIDs will be considered as being different legal entities (even if they have the same name). If your company already has a UUID in IUCLID and if, in parallel, you create the same company in REACH-IT, another Legal Entity will be created in the system. Figure 13: Page for manually entering company information You must always select your company size manually in REACH-IT.

21 Part 02 - Sign-up and account management Release date: April Figure 14: Select the right company size You can find information on how to determine the right company size under the following link: Under the Commission Regulation (EC) No 340/2008 Regulation on the fees and charges payable to ECHA pursuant to Regulation (EC) No 1907/2006 (the Regulation) and in accordance with the Commission Recommendation (EC) 2003/361/EC concerning the definition of micro, small and medium-sized entreprises, ECHA has the responsibility to check the size of the company who claim to be eligible for SME fee reductions to ensure fair competition. When you have entered all required information to successfully sign-up, click on <Next> (Independent if IUCLID 5 is installed or not). The <Billing information> page (Figure 15) opens. Fill in the mandatory fields (*). If the billing address is the same as for the company, click on <Same as

22 22 REACH-IT Industry User Manual Version: 2.1 Company> to populate the details. If not, fill in the required fields. The information contained in Billing party name will be used for creating the invoices. Figure 15: Billing information page Click <Next> and the <Contacts> page (tab) opens (Figure 16). You have the option to add a new contact at this point in time, or later during the pre-registration or company information update process (see section 5.1). A contact person is not a user in REACH-IT, but a contact person can be created that matches a user. It is up to the company to specify contact persons. If none is specified, ECHA will use the company general contact information. When you wish to add a contact person, click on <Add new contact> (Figure 16).

23 Part 02 - Sign-up and account management Release date: April Figure 16: Contacts Page The <Contacts> page opens. Fill in all mandatory fields (*) for the contact person (Figure 17). A contact person is used when ECHA needs to contact someone, in e.g. the company, about the information submitted in e.g. pre-registration or registration. This is why the Phone and fields are mandatory. Please make sure you update the relevant information on contact details. Figure 17: Company contacts information page When the Postal address entries are the same as for the company, click on <Same as company> link to populate the details. If not, fill in the required entry fields (Figure 18). <Contact Type>: REACH-IT allows you to select different contact types: <General>, <Dossier supervision>, <Invoice manager>, <Joint Submission> or <ECHA Regulatory Contact> (Figure 18).

24 24 REACH-IT Industry User Manual Version: 2.1 Figure 18: Company contacts address details Click on <Save> to store the information, on the contact list (Figure 19). If you click on <Cancel>, the sign-up process is terminated. Figure 19: Company contact list for a party It is possible to navigate to one of the previous tabs and to modify the information when you click on the relevant tab, e.g. <Company information> or <Billing information>. Click on <Next> to launch the last <Validation> page (tab) (Figure 20). Carefully verify the data that was entered in the previous pages.

25 Part 02 - Sign-up and account management Release date: April Figure 20: Company validation page When all information is verified, click on <Next> to finalise the process. Figure 21: Conclusion page after company sign-up The <Conclusion> page opens and confirms that your company and first account have been successfully created (Figure 21). Two options can be chosen from this page. The user can decide to go to the REACH-IT homepage (Figure 5) and <login> with the newly created account. This can be done by clicking on the link <Home>. Alternatively, the user can decide to export first, all the company information to a IUCLID LEOX filet to be used e.g. to update the company information in the locally installed IUCLID 5 application. This is described in more detail in section of this document Logging in with the first Company account created From the REACH-IT homepage (Figure 5), click on <login>.

26 26 REACH-IT Industry User Manual Version: 2.1 On the Login page (Figure 22), enter (*) your User ID, password and the CAPTCHA text and click on <Connect> Figure 22: Party Login page for REACH-IT Validation The unverified address page opens. Figure 23: Unverified address While still logged into REACH-IT with the correct User ID (User ID you tried to log in), open the address you provided in REACH-IT. You received an with instructions on how to validate your address. In case you just created a new company account in REACH-IT or updated your REACH-IT address, please make sure you are logged into REACH-IT with the User ID indicated in the you received. Then proceed with clicking on the verification link provided. The link will open a new window and will inform you about the status of the verification process. If the verification was successful, you may close the new window.

27 Part 02 - Sign-up and account management Release date: April Figure 24: verification You can then go back to the unverified address page and click on ok. Figure 25: verification Upon successful verification, your Company REACH-IT homepage opens (Figure 26). From this point onwards, you can start working in REACH-IT by selecting one of the functionalities in the left menu.

28 28 REACH-IT Industry User Manual Version: 2.1 Figure 26: REACH-IT company homepage 3.2. Creating a REACH-IT account for a Third Party Representative Go to the REACH-IT website via. (REACH-IT Homepage) Click on <Sign up as a third party representative> (Figure 5). The Terms and Conditions page will open (Figure 27). The TPR can ONLY create the REACH-IT third party representative account and not the company (manufacturer(s), importer(s), downstream user(s)) it presents [REACH, article 4].

29 Part 02 - Sign-up and account management Release date: April Figure 27: TPR terms and Conditions screen When signing-up to REACH-IT, each user has to agree to the Terms and Conditions. Please read the Terms and Conditions carefully, they clarify how ECHA will communicate with you. Then click on the <Accept> button if you agree. If you click on the button <Reject> the sign-up process is cancelled and you will not get access to REACH-IT. Each time the Terms and Conditions are changed by ECHA, all users will need to accept the updated Terms and Conditions upon their first login to REACH-IT after the update. The current Terms and Conditions can also be found on the ECHA website at ECHA will use REACH-IT to send you decisions and other important communications such as decisions on your registration, requests for information etc. It is the only route used. You will find the messages in your REACH-IT message box. Please note that when the message has been opened by one user in your company, it has been legally received. All messages are considered received seven calendar days after they were sent even if they have not been opened and can set deadlines in motion. Exceptionnally, some deadlines are set in motion as soon as the message is sent. This is the case for: - Decisions on incomplete registration and PPORD dossiers - ECHA objections to an alternative chemical name for the label or Safety Data Sheet - Requests for information on data sharing disputes

30 30 REACH-IT Industry User Manual Version: Requests for comments following on from a proposal to amend a draft decision - Consultations in response to requests for access to documents that may concern your company The <User account> page opens with all mandatory fields (*) to be filled in (Figure 28). The <First name> is the first name of the REACH-IT administrator of the TPR and the <Last name> the last name of the REACH-IT administrator of the TPR. The < > is the address normally used by the user outside of REACH-IT. This address will be used for important notifications (such as password reset) but also to enable alerts and reminders from the REACH-IT system. Make sure the address provided is correct. The <User ID> must be unique across the system as, once created, it cannot be changed. Figure 28: TPR user account page The <Password> should be chosen in accordance with the security guidelines indicated in the page. Make sure the User ID and Password specified here are remembered or recorded, as you will always need them for future access to the REACH-IT application. The <Security question> will be used in case you need to request a new password. The <Your answer> field provides the answer to the question selected among those proposed in the pick

31 Part 02 - Sign-up and account management Release date: April list. It is advised to record the answer. If you are interrupted during the sign-up and after you have defined your first user, you should not sign-up again but just login with your user ID and password to complete the process. The <Enter the text shown> field requires to type the text that is shown in the CAPTCHA displayed on the screen. This is a type of challenge-response text to ensure the user is human. Click on <Next> and the <Third party representative information> page opens. If a TPR already has IUCLID LEOX, it should import it into REACH -IT. The alternative is to enter TPR information manually for those who do not have a IUCLID LEOX. More information about the use and creation of a LEOX can be found in section 2.4 of this document Local IUCLID 5 is already installed To populate your TPR information in REACH-IT, you need to import your IUCLID 5 LEOX. Click <Browse> to retrieve your LEOX (Figure 29). Figure 29: TPR information page The <File upload> dialogue box opens (Figure 30). Select your locally stored LEOX and click on <Open>.

32 32 REACH-IT Industry User Manual Version: 2.1 Figure 30: File upload box for TPR LEOX The <File name> entry field (Figure 31) gets populated with the path to your LEOX. Click on <Load file>. Figure 31: TPR information page The <Third party representative information> page opens with information contained in the LEOX. At this stage, you can fill in details that are not included in your LEOX, e.g.: fax number, phone, TPR web site, etc. (Figure 32).

33 Part 02 - Sign-up and account management Release date: April Figure 32: TPR information page with General and Contact information Local IUCLID 5 is not yet installed Click on <encode your information> to enter your company information manually if you have no IUCLID LEOX (Figure 33). Figure 33: Manually encode your TPR information in REACH-IT The <Third party representative information> page opens (Figure 34). Fill in all mandatory fields (*).

34 34 REACH-IT Industry User Manual Version: 2.1 Figure 34: Page for manually entering TPR information Parties with different UUIDs will be considered as being different legal entities (even if they have the same name). Click on <Next> to open the <Contacts> page (tab) (Figure 35, below). You have the option to add a new contact (<Add new contact>) at this point in time or later during the preregistration or TPR information update process (see section 5.1 of this document). A contact person is not a user in REACH-IT but a contact person can be created that matches a user. It is the TPR s responsibility to maintain the mapping between both. Contact persons also exist in IUCLID legal entities and possibly also in substances. If the TPR LEOX contains contact persons, they will be created in REACH-IT with the TPR entity when importing the LEOX. It is up to the TPR to specify contact persons. If none is specified, ECHA will usethe TPR general contact information. Figure 35: TPR contacts start page The <Contacts> page opens in update mode. Fill in all mandatory fields (*) for the contact person (Figure 36).

35 Part 02 - Sign-up and account management Release date: April Figure 36: TPR s contacts details page When the Postal address entries are the same as for the TPR, click on the <Same as third party representative> to populate the details. If not, fill in the required fields (Figure 37). Figure 37: TPR contacts address details Click on <Save> to store the information and it appears the next tab (Figure 38). Figure 38: TPR Contact list for a party It is possible to navigate to one of the previous tabs and to modify the information when you click on the relevant tab, e.g. <User account>, <Third Party

36 36 REACH-IT Industry User Manual Version: 2.1 Representative information> or <Contacts>. Click on <Next> to launch the last <Validation> page (tab) (Figure 39). Carefully verify the data that was entered in the previous pages. Figure 39: TPR validation page When all information is verified, click on <Next> to finalise the process. The <Conclusion> page opens and confirms that your TPR and first account have been successfully created (Figure 40). Figure 40: Conclusion page after TPR sign-up Two options can be chosen from this page. The user can go to the REACH-IT homepage (Figure 5) and <login> with the newly created account. This can be done by clicking on the link <Home>. The user can also decide to export all the company information in a IUCLID LEOX file to be used, for example, to update the company information in the locally installed IUCLID 5 application. This is described in more detail in sections 5.5 and of this document Logging in with the first TPR account created From the REACH-IT homepage (Figure 5) click on <login> as a registered user. On the login page (Figure 41) enter your User ID, password and the CAPTCHA text. Click on <Connect>.

37 Part 02 - Sign-up and account management Release date: April Figure 41: Party Login page for REACH-IT On successful login, your TPR s REACH-IT homepage will open (Figure 42, below). From this point onwards, you can start working in REACH-IT by selecting one of the functionalities in the left menu. Figure 42: REACH-IT TPR homepage 3.3. Updating your user details Click on the user ID link from the top banner to open your profile information page (Figure 43) (in the example below is <dewst>). The user ID cannot be changed. Figure 43: REACH-IT top banner The <View User> page opens (Figure 44).

38 38 REACH-IT Industry User Manual Version: 2.1 Figure 44: View user page Click on <Modify> to update your details as needed mode (Figure 45). The fields which can be edited are: <First name>, <Last name> and < >. The will be used for important notification such as password reset. Make sure the address provided is correct. The password does not need to be modified, leave the 3 related fields blank. The <Security question> plus <Your answer> assists in retrieving the password (Figure 45). The roles associated with your profile cannot be edited unless you have the administrator role. See section 0 of this document, for more information about users and roles. Figure 45: Edit user page Click on <Save> and the system will confirm that your changes have been saved (Figure 46). If you do not want to save the changes you made you can use the <Cancel> button.

39 Part 02 - Sign-up and account management Release date: April Figure 46: Confirmation of user information update If you wish to correct any piece of information you have entered before you should click on <Modify>. Otherwise, click on <Return> (Figure 46) to go back to the homepage without saving the changes that were made. 4. PARTY ACCOUNT MANAGEMENT STEP-BY-STEP User management in REACH-IT entails the following tasks: creating a user, assigning/ adding/ removing roles, updating party information, managing user security features such as password reset, access blocking and unblocking. The user management tasks can only be performed by users who have an administrator role. The very first user can only be created by performing a sign-up (see section of this document). Subsequent users are created by the first user (i.e. party account manager) who will be able to add new users to the registered party Creating a user The users are managed form the user account menu and by selecting account management the list of existing users can be retrieved (Figure 47). Figure 47: View user s page with existing users Click on <Create user account > to open the user creation page (Figure 48, below).

40 40 REACH-IT Industry User Manual Version: 2.1 Figure 48: User creation page To create a user, all User information mandatory fields (*) such as <Last Name and < > should be filled in. The will be used to communicate the User ID to the user and the user should assure that this is a valid address. The <User ID> must be unique across the system and cannot be changed. The initial <Password> can be used once and the system will prompt the user to change it upon first login. You will have to communicate this password to the new user outside REACH-IT (via phone, or other). The <User profile> menu allows the user to select one role from the <Available roles> list and add it to the <Selected roles> list by double-clicking on it or by clicking <Move>. To remove a role, simply select it from the <Selected roles> list and double-click on it or click on <Remove>. The <Save> button can be used to save the newly added users information and the account manager arrives in the <View Users> page that confirms the changes made (Figure 49). If the <Cancel> button is used the information is not saved. Figure 49: View User list page with confirmation new user

41 Part 02 - Sign-up and account management Release date: April The user now appears in the list of your party s users and can be selected for any future action Updating a user profile From the list of users (Figure 49), select one entry by using the radio button in the left column. Click on <Modify> to open the user update form (Figure 50). The following general fields can be edited: <First Name>, <Last Name> and/ or < >. These mandatory fields (*) cannot be left empty. The account manager can amend the roles of the user, under User profile. A role can be selected from the <Available Roles> list and added to the <Selected Roles> list by double-clicking on it or by clicking on <Move>. To remove a role, select the role from the <Selected Roles> column and double-click on it or click on <Remove>. More information could be provided by the user himself, especially regarding confidential information such as the security question. The <Save> button should be used to save the changes made. Figure 50: Edit user s page 4.3. Blocking a user For security reasons, the party s account manager can decide to block a user. Consequently, the user s access to REACH-IT will be denied when attempting to login. From the list, select one of the users (using the radio button in the left column) and click on <Block/Unblock> to block the selected user (Figure 51). Figure 51: Selection page to block a REACH-IT user Click again on <Block> (Figure 52) to confirm that this user account is to be blocked.

42 42 REACH-IT Industry User Manual Version: 2.1 Figure 52: Confirmation page to block a REACH-IT user After confirming the blocking of that user s account, the status in the <Blocked> (last) column will turn to <Yes> (Figure 53). Figure 53: Checking the status of blocked REACH-IT users A user can also be blocked by an ECHA administrator. In that case, only an ECHA security manager can unblock the user Unblocking a user This action is initiated upon request of the user outside the REACH-IT (via phone, or other). As soon as a user account is unblocked, he can connect again to REACH-IT. To unblock a user s account, select a user from the list of users (using the radio button in the left column). Only users whose account is blocked can be selected to unblock (Figure 54). Click on <Block/Unblock> to unblock the selected user. Figure 54: Selection page to unblock a REACH-IT user REACH-IT will ask you to confirm the unblocking of that user: click again on <Block/Unblock> to confirm this action (Figure 55). Figure 55: Confirmation page to unblock a REACH-IT user

43 Part 02 - Sign-up and account management Release date: April The user s account is then unblocked and his status in the <Blocked> column changes from <Yes> to <No>. The <View Users> page shows a confirmation message (Figure 56). Figure 56: Confirmation of unblocked REACH-IT user To avoid blocking your REACH-IT account, we advise you to read the fact sheet: unt_ _en.pdf 4.5. Resetting a user password The password reset process is initiated when REACH-IT receives an internal message as a result of the Request lost password process. The system will automatically generate a new password and send it to the user by , which is the only way for a user to get his new password. It is therefore important that the address for the user is valid. To perform a password reset the account manager (1) selects the user from the list of users (using the radio button in the left column) and (2) clicks on the <Reset Password> button (Figure 57). Figure 57: View Users page with password reset button The system confirms the password is reset and sends the user an that contains the new password (Figure 58). The user has to change this password the first time he/she logs in to REACH-IT. After the password is reset, the previous password becomes invalid.

44 44 REACH-IT Industry User Manual Version: 2.1 Figure 58: View Users page with password reset confirmation 4.6. Deleting a user User accounts can be deleted if they become redundant. You, as the account manager have to select one user from the list of users (using the radio button in the left column). Then click on <Delete> (Figure 59) to remove the selected user from the list. Figure 59: View Users page with delete button The delete user action is to be confirmed: click again on <Delete> (Figure 60). Figure 60: Confirmation for deleting a user The system confirms in the <View Users> page via a message that the deletion of the user was successful (Figure 61). Figure 61: View user s page with confirmation message The User ID of a deleted user cannot be reused in the REACH-IT system.

45 Part 02 - Sign-up and account management Release date: April PARTY INFORMATION MANAGEMENT STEP-BY-STEP All the information provided during sign-up can be modified by the account manager who is the only one with editing permissions on the Party information data. The following data can be edited: General information Billing information Contacts (including creation, deletion and modification of contacts) Contacts in REACH-IT are mainly used as contact information by ECHA to obtain further details about the information submitted in e.g. pre-registration or registration. They serve other purpose, like contact person for a pre-sief, but are not connected with user accounts. If no contact is specified, ECHA will use the party s general contact information. In addition, the party information in REACH-IT can be exported in a LEOX file for import in a local IUCLID 5 installation for synchronisation purposes Updating general and billing information The party information management is only accessible to users with the administrator role, i.e. the party s account manager. To update the general and/or billing information, select <View> from the company or Third Party Representative menu. The <Organisation Information> page opens and displays 3 tabs (Figure 62): <Company information> or <Third Party Representative Information> <Billing information> (only for companies) <Contacts> Click on one of the 3 tab headings to display the information. To modify data under a tab, click on <Update> at the bottom of the page. The page goes to update mode and the other tabs become non-editable. When the current tab modification is completed, click on <Save> (Figure 63).

46 46 REACH-IT Industry User Manual Version: 2.1 Figure 62: Organisation Information page Figure 63: Updating organisation s information 5.2. Adding a new contact Under the <Contacts> tab, click on <Add new contact> to add a new contact (Figure 64).

47 Part 02 - Sign-up and account management Release date: April Figure 64: Adding new contacts Fill in all mandatory information (*) about the contact (Figure 65). If the address is the same as the company address, click on <Same as company> to populate automatically the current party s address. Figure 65: Update or add contact information Click on <Save> to save all information. REACH-IT provides a confirmation message (Figure 66). Your newly created contact now appears in the contact list.

48 48 REACH-IT Industry User Manual Version: 2.1 Figure 66: Confirmation of newly added contact 5.3. Modifying an existing contact Contacts can be modified. Select an entry via the radio buttons from the contact list and click on <Modify>. The contact properties can be changed where needed. Click on <Save> to save your amendments. The updated contact appears in the contact list and REACH-IT provides a confirmation message (Figure 67). Figure 67: Confirmation of updated contact information 5.4. Removing a contact Contacts can also be removed. Select an entry from the contact list and click on <Delete>. REACH-IT requests to confirm the deletion: click again on <Delete> (Figure 68). Figure 68: Confirmation of a deleted contact The contact is removed and does no longer show in the contact list (Figure 69). Figure 69: Updated contact list after deleted contact

49 Part 02 - Sign-up and account management Release date: April Exporting party information The party information can be exported by creating and downloading a LEOX. This LEOX file can be used for synchronising the locally installed IUCLID 5 with the party s information in REACH- IT. The LEOX cannot be re-imported to REACH-IT for updates. For more information about LEOX, refer to section 2.4 of this document. To export the LEO, select <Export> from the Company or Third Party Representative menu (Figure 70) and REACH-IT allows you to download the LEOX file. Figure 70: LEOX export button for REACH-IT Company or TPR information The browser opens up a dialogue box (Figure 71) and gives you the options to <Open> the file or <Save to disk>. Select <Save to Disk> and click on <OK> to start downloading the LEOX file to your local system. Figure 71: Downloading the LEOX from REACH-IT to local system By changing your browser configuration, you can be prompted to indicate the destination of downloaded files and rename them. Please refer to your browser documentation for further details on download file settings.