GENERAL CONTRACTING CONDITIONS ONE. Purpose and Definition of the Services Offered SIGNE, S.A., with business address at Avenida de la Industria, 18, 28760 Tres Cantos (Madrid), incorporated by way of a record document executed in San Roque, Spain on the date of 17 May 1982, before a Notary Public, José Rosales Fernández, bearing notary protocol number 623, and on record at the Commercial Register of Madrid in Tome 8101 general, Book 7029, Folios 95 and 99, Section 3, Page number 78156-2; holder of Spanish Tax Identification Number (CIF) A11029279 (hereinafter referred to as SIGNE) is a Certification Services Provider that issues certificates recognised pursuant to Act 59/2003 on the Electronic Signature. The SUBSCRIBER is the private individual or body corporate that contracts SIGNE s certification services. These general contracting conditions regulate the certification services offered to the SUBSCRIBER by SIGNE. The Registration Authority (hereinafter, the AR) is the university or academic centre of learning which collaborates with SIGNE in processing the application, verifying the necessary data and delivering the electronic certificate. SIGNE s certification services are technically and operationally regulated by the SIGNE Certification Practice Statement and by the later updates thereof, as well as by the complementary documentation provided to the SUBSCRIBER. The Certification Practice Statement (CPS) and applicable specific Certification Policies (CPs), which can be consulted at the website http://www.signe.es/signeac/dpc, are attached to these General Conditions for reference. In the event of any discrepancy, the meaning of the terms established in these general conditions shall hold precedence over that which is established in the CPS. TWO. Certificate Types Degree Holder Certificate: These are personal certificates recognised under Act 59/2003 on the Electronic Signature, which make it possible to identify the SUBSCRIBER by computer as a person who possesses a certain academic degree. These certificates are issued in a software medium by way of an application, creating a certificate for the purposes of signing and authentication. They may also be copied onto other media, and therefore backup copies of the certificates can be made.
OID OF THE CERTIFICATE POLICIES ISSUED 1.3.1.6.1.4.1.36035.1.D Degree Holder Certificates ( D = Device, 1 = DSCF, 2 = Software ) THREE. SUBSCRIBER OBLIGATIONS 3.1 Service Request and Generation of Keys The SUBSCRIBER shall ask and authorise SIGNE to generate the private and public keys corresponding to the functionalities of identification, signing and encryption (as appropriate) and to issue the proper certificate or certificates. At the time of filing the application, the SUBSCRIBER shall provide a valid e-mail address to which only he or she has access. 3.2 Accuracy of Information The SUBSCRIBER shall be liable for ensuring that all of the information included in the certificate application and the certificate itself, via any medium, is accurate, complete for the purposes of the certificate, and updated at all times. The SUBSCRIBER must immediately inform SIGNE of any inaccuracy in the certificate detected once it is issued, as well as of any changes that take place in the information submitted by the Applicant in order for the certificate to be issued. 3.3 Delivery and Acceptance of Service By virtue of delivering the signature device and receiving the usage keys and delivery sheet, the SUBSCRIBER accepts the certificate and is bound by the corresponding certificate usage conditions. 3.4 Custody Obligations The SUBSCRIBER undertakes to keep custody, whenever required, of the personal identification code, the signature device or any other technical element submitted by SIGNE, as well as the private keys and, where appropriate, the specifications owned by SIGNE with which the SUBSCRIBER has been provided.
In the event that the private key of the certificate is lost or stolen, or if the SUBSCRIBER suspects that the private key has lost reliability for any reasons, it must report this to SIGNE immediately. 3.5 Proper Usage Requirements The SUBSCRIBER must use the certification service provided by SIGNE exclusively for the purposes authorised in the CPS of SIGNE, unless an express written statement is made to the contrary by SIGNE. The SUBSCRIBER undertakes to use the digital certification service, the public key/private key pair, the signature device and the certificates in accordance with these general conditions, the specific conditions which may be applicable, where appropriate, and any other instruction, manual or procedure determined by SIGNE. 3.6 Prohibited Transactions The certificates were not designed for and may not be used for and are not authorised for their use or resale as equipment to control dangerous situations or uses which require failsafe activities, such as the operation of nuclear facilities, navigation systems or aerial communications, or weapons control systems, in which an error could directly lead to death, personal injury or major environmental damage. FOUR. SIGNE Obligations SIGNE undertakes to record the certificate data and issue it thereafter to the SUBSCRIBER, for which purpose it must carry out those verifications which it deems appropriate in terms of the SUBSCRIBER s identity and other personal and complementary information. These verifications must include the documentary evidence submitted by the SUBSCRIBER, if SIGNE considers it to be necessary, and any other relevant document and information provided by the SUBSCRIBER or by third parties. In the event that SIGNE detects errors in the data which must be included in the certificates or which provide evidence for said data, it may make those changes it deems necessary before issuing the certificate, or suspend the issuance process, processing the appropriate incident with the SUBSCRIBER. If SIGNE corrects the data with no prior processing of the proper incident with the SUBSCRIBER, it must inform the SUBSCRIBER of the data which is certified in the end.
SIGNE reserves the right not to issue the certificate when the documentary evidence submitted is insufficient to perform a proper identification and authentication of the SUBSCRIBER. 4.2 With Regard to the Providing the Digital Certification Service SIGNE undertakes to: a) Issue, deliver, administer, suspend, revoke and renew certificates, in accordance with the instructions given by the SUBSCRIBER, in those cases and for those reasons described in the CPS. b) Provide the services using adequate technical and material means, and personnel who meet the conditions of qualification and experience established in the CPS. c) Meet the service quality levels, in accordance with that which is established in the CPS, in technical, operational and security-related aspects. d) Inform the SUBSCRIBER of the terms and conditions involving the use of the certificates, as well as the internal certificate management procedures which it may establish in addition to those foreseen by SIGNE. e) Report to the SUBSCRIBER, prior to the certificates expiration date, the possibility that they may be renewed, as well as the suspension, removal of such suspension or revocation of the certificates, when such events occur. f) Inform those third parties who so request of the certificates status, in accordance with that which is established in the CPS for the different certificate verification services FIVE. Warranties 5.1 SIGNE Warranty of the Digital Certification Services SIGNE warranties that the private key of the certification authority used to issue certificates has not been compromised, unless the opposite has been reported using the certification registry, in accordance with the CPS. At the time of issuing the certificate, SIGNE only warranties to the SUBSCRIBER that: a) The certificates are recognised under the terms foreseen in Act 59/2003 of 19 December. b) SIGNE has not caused or introduced any false or erroneous statements in the certificate information whatsoever, nor has it failed to include necessary information provided and verified by the SUBSCRIBER.
c) All of the certificates are compliant with the formal and content-related requirements foreseen in the CPS. d) SIGNE has completed all of the procedures described in the CPS. SIGNE uses reasonable diligence to ensure that each product supplied while rendering its services is free of computer viruses, worms and other illicit code, and it undertakes to report any virus, work or other illicit code later discovered in any product to the SUBSCRIBER. 5.2 Warranty Exclusions SIGNE does not warranty any software whatsoever used by the SUBSCRIBER of certificates or the signatory, or any other person, to generate, verify in any other way or use any digital signature or digital certificate issued by SIGNE whatsoever, except when SIGNE has made a written statement to the contrary. SIX. SUBSCRIBER Liability The SUBSCRIBER must accept liability before any person as a result of the failure to fulfil its obligations pursuant to the terms of these general conditions. The SUBSCRIBER is liable for all of the electronic communications authenticated using a digital signature generated with its private key, when the certificate has been properly verified via the mechanisms and conditions established by SIGNE. As long as the notice established in Section 3.4 of these conditions has not been given, the liability which may be caused by the unauthorised and/or improper use of the certificates is held in all cases by the SUBSCRIBER. SEVEN. SIGNE Liability 7.1 Liability as a Certification Service Provider SIGNE is liable to the SUBSCRIBER and to any third party for failure to fulfil the obligations legally imposed by Act 59/2003 of 19 December, and in accordance with the terms of these general conditions SIGNE shall not be liable: a) In those cases foreseen under Article 23 of Act 59/2003, of 19 December, on Electronic Signatures.
b) For any information contained in the certificates, provided that their content fulfils these general conditions and the CPS. c) For any direct, indirect, special or incidental damages or lost profits, or for moral or punitive damages, which are foreseeable or not foreseeable, resulting from the use, distribution, licencing, the operation of the certificates, digital signatures or any transactions based on digital certificates, even if SIGNE has been warned of the possibility that the damage might occur. 7.2 Suitability of the products which make use of identification, electronic signature or encryption SIGNE denies all liability for the suitability of the products and services related with the digital certification, identification, electronic signature or encryption existing in the market which are used in the SUBSCRIBER s computer applications, except when SIGNE supplies them. In this case, the parties shall be subject to the corresponding usage conditions. EIGHT. Location of Performing the Activity The location of fulfilment of SIGNE s obligations involving the digital certification services and, where appropriate, software usage licences is SIGNE registered business address. NINE. Software Licence SIGNE grants to the SUBSCRIBER, on a non-exclusive, non-transferable basis, a licence to use the copies of the software received from SIGNE to operate the signature device, when appropriate, as well as for producing the electronic signature and all other encryption services by the signatories. The SUBSCRIBER may make copies of the software only for the purposes of filing or making backup copies. In the event that any party other than SIGNE makes changes to the software provided, all of the warranties covering the software shall be immediately cancelled. TEN. Certificate and Signature Device Ownership The provided certificates and signature devices remain the property of the SUBSCRIBER, which reserves the discretionary right to remove or replace the signature devices with issued certificates, for security reasons, when they become technologically obsolete, or for any other justified reason.
ELEVEN. Use of the Parties Corporate Image The parties mutually grant each other, on a non-exclusive, non-transferable basis, a licence to use the different elements of their corporate image, including the distinguishing symbols, logos and registered trademarks of each party, exclusively in the marketing materials, advertising, products and services information sheets, products and services packages, websites which use the parties products and services, and the signature and documentation devices used in the certification procedures. The use of each party s corporate image elements must at all times remain compliant with the corresponding corporate image manual, as well as each party s instructions. No party grants the other party any right whatsoever to each party s registered trademark, commercial name, company name or good business practices, with the exception of those rights specified in these general conditions. TWELVE. Personal Data Protection SIGNE holds title to a set of personal data files containing the identification and authentication data of the digital certification services users, as specified in the CPS. SIGNE obtains the personal and academic information which appear in the files by collecting said information from the SUBSCRIBER, with the Registration Authority s cooperation, under the conditions foreseen in the regulations on electronic signatures and personal data protection. SIGNE undertakes to comply with the regulations on electronic signatures and personal data protection, especially as regards the registration and proper handling of personal data files using the proper security measures, as described in Organic Act 15/1999 on Personal Data Protection, and Royal Decree 1720/2007 for the implementation of said Act. SIGNE holds the status of the Party Responsible for the File insofar as its decides the purpose, contents and use of the personal data handling, and the Registration Authorities are considered to be the Parties Responsible for Handling, which must use the data in said files solely and exclusively for the purposes appearing in their Certification Practices Statement. The SUBSCRIBER is released from all liability arising from the damage caused by any incidents which occur due to the handling of the personal data assigned to SIGNE.
Any correction and/or erasure of the personal data by the SUBSCRIBER shall lead to the revocation of the certificate. THIRTEEN. Divisibility of the General Conditions The clauses in these General Conditions are independent from one another, which is the reason for which, if any clause is determined to be invalid or inapplicable, the remaining clauses in these General Conditions shall continue to be applicable, unless an express agreement otherwise is reached by the parties. FOURTEEN. Termination Termination shall take place in the following instances: a) Due to the other party s non-fulfilment of any of its obligations, if this violation is not solved: a. Within thirty days of receiving the notice given by the party which has not ceased to fulfil its obligations. b. Immediately, if the non-fulfilment compromises the security of the services. b) Due to the existence of any other grounds for early termination established by the current laws and, above all, by the current laws on the electronic signature and digital certification. FIFTEEN. Applicable Law and Competent Jurisdiction These General Conditions shall be interpreted and executed under their own terms and, for all that which is not foreseen herein, the parties must comply with Act 59/2003 of 19 December and, secondarily, with the civil and mercantile laws which regulate the obligations and contracting system. The competent jurisdiction is the civil justice system, as indicated in Act 6/1985 of 1 July, of the Judiciary. Signed: