SERVICES AGREEMENT BETWEEN YOUR ORGANIZATION AND CIVITANA SL, PROPRIETARY SOFTWARE EID.
ON THE ONE HAND,
(1) CIVITANA, owner of Software eID, with CIF B86681533 and domiciled at Madrid, Glorieta Puerta de Toledo, 3. 1 ° 1. 28005, under power granted in his favor by deed authorised by the notary of Madrid, D. José Antonio García de Cortázar Nebreda on March 20, 2013 under the volume: 30920, book: 0, page: 146, section : 8, number: M-556508, inscription 1 St, in later CIVITANA.
AND, ON THE OTHER HAND,
(1) your Organization.
The present, jointly called the “parties”, on the condition that involves recognize sufficient legal capacity to contract and force the quality with which respectively Act and especially to sign the present contract of service-rendering, which will take place in accordance with the clauses of the same, for which purpose.
(A) That the organization is an organization dedicated to the development of products or services in the public or private sector.
(B) That CIVITANA is a company that provides, among other, the Software platform management services eID API that enables organizations to identify people digitally, through the issuance of digital certificates and the signing of documents through advanced electronic signature systems.
(C) That the organization knows the platform and recognizes their effectiveness and validity, both technical and legal, which is interested in using the Software eID CIVITANA API for the development of the services referred to them in the present contract.
(D) That, according to previously, agreeing and acknowledging legal capacity sufficient to force each other, the parties consider it necessary to sign the present contract of services pursuant to the following,
Certification services provider: The physical or legal person issuing electronic or provides certificates referred to as provider of certification services other services in relation to electronic signatures, in this case CIVITANA will act as a certification services provider.
Electronic certificate: Electronic certificate is a document signed electronically by a provider of certification services, in this case CIVITANA which links signature-verification data to a signatory and confirms your identity through the processes of identification referred to them in the agreement. These certificates correspond to the technological standard X 509 V.3
Participant or signer is the person who holds a signature-creation device and acts on its own behalf or on behalf of a natural or legal person which represents.
Electronic signature: is the set of data in electronic form, recorded together with others or associated with them, which can be used as a means of identification of the signatory.
Advanced electronic signature: The advanced electronic signature is the electronic signature which allows to identify the signer and detect any subsequent change of the signed data, which is linked to the signer in a unique way and the data which refers and which has been created by means that the signatory can maintain under its exclusive control. This electronic signature is that will be generated using the electronic certificates issued by eID API within the platform of CIVITANA.
API: Computer application that is made available to the Organization for the purpose of which is to interconnect their systems with the CIVITANA to issue electronic certificates and users/signers can digitally sign the application.
2.1 Hereunder, for the reasons expressed in the previous, CIVITANA will give the Organization the necessary technological support, a document of the organization e-signature software eID API that puts at the disposal of the Organization to the effect that this entity can integrate it into their processes, the issuance of digital certificates to their users, with the aim of issuing a single.
2.2 In this sense, CIVITANA gives some rights to use the software eID, in a non-exclusive way, during the term of this agreement and for the sole purpose of use in the field of the services object of the same. Any organization can use eID API in order to provide services to third parties, whether free or onerous, temporary way or identity.
3 CIVITANA obligations
3.1 Obligations in relation to the issuance of digital certificates
3.1.1 CIVITANA as a provider of certification services, in accordance with the provisions in law 59/2003 on electronic signatures, will be in charge of issuing electronic certificates, as well as signing documents platform management; according to the specifications set forth in annex I of the present contract.
3.1.2 Additionally, CIVITANA must comply with the following obligations in connection with the issuance of certificates and the generation of public and private keys which are linked the same:
(i) Do not store or copy the data of creation of the signature of the person who lent their services
(ii) Provide to the applicant before the issuance of the certificate the following minimum information which must be transmitted free of charge, in writing or by electronic means:
(a) Obligations of the signatory, the way that you have keep the creation data signing, the procedure that shall continue to communicate the loss or possible misuse of such data and certain of creation and electronic signature verification devices that are compatible with data signature and certificate issued. The precise conditions of use of the certificate, its possible limits of use and the way in which the lender guarantees their liability. All this will take place through access to the statement of certification practice that will be available to the users before the generation of the certificate
(iii) Maintain an up-to-date directory of certificates that indicate the certificates issued and if they are valid or if its validity has been suspended or terminated. The integrity of the directory will be protected through the use of appropriate safety mechanisms.
(iv) Ensure the availability of a consultation service on the validity of the fast and secure certificates.
4 Obligations of the Organization
4.1 In addition to the obligations that may be established pursuant to the present from the rest of the provisions applicable to the present contract, the Organization shall act as entity of registration and identification in relation to the issue of electronic certificates by CIVITANA. As a result above is entity shall be obliged to identify users and provide data to CIVITANA with the aim that this entity could issue the electronic certificate.
4.2 The Organization will determine the processes of identification of participants for the purposes of the issuance of electronic certificates, therefore, assumes how valid the processes of identification (https://www.electronicid.eu/?p=379) certification practice statement and considers that they are adequate to grant technical and legal validity issued electronic certificates and documents signed with this. If there is any doubt, you can refer in this case to the certification practice statement or consult CIVITANA. CIVITANA will not be responsible for any loss or damage, unless caused intentionally, derivatives of the faulty identification of participants when she acts as entity registration or lack of technical or legal validity of electronic certificates or signatures generated with them.
4.3 Provide to the applicant before the issuance of the certificate the following minimum information which must be transmitted for free, in writing or by electronic means information that is reference annex I to this agreement.
4.4 The Organization will not accept as a subscriber of the certificate for an advanced electronic signature those using alias, user ID or names that do not match the identity of the.
4.5 Organization will comply with data protection legislation and, in addition, obtain the consent of the holders for the purposes of communicating data to CIVITANA with the aim that this entity to issue electronic certificates. In any case, in case that the Organization, in accordance with the provisions of article 12 of the organic law 15/1999, of 13 December, of protection of data of a personal nature, the organization can act, in its condition of register office of electronic certificates, as responsible for the treatment of CIVITANA, so it warrants:
4.5.1 That it will employ the maximum diligence in the provision of services, in particular, to compliance with the requirements imposed by the data protection act and its implementing regulations with regard to data that in the said framework perform.
4.5.2 That it has not been sanctioned by the Spanish Agency of data protection, or not has been the subject of any claims by third parties arising out of the breach of the said legislation.
4.5.3 Will keep professional secrecy with respect to the data to which access and treated as a result of the provision of services. For this purpose, the Organization undertakes to allow access to such data only to those employees who need to know them for the performance of its functions, making them sign confidentiality agreements that are appropriate to ensure compliance with the aforementioned obligation on these.
4.5.4 Treat the data following the instructions of CIVITANA, so the organization not to apply them or used for purposes other than those listed in this agreement and its annexes. The Organization shall not assign to any third party the personal responsibility of CIVITANA data, even for its conservation. Where the Organization target data to other purpose, inform them or use them in breach of the provisions of this agreement, shall be considered also responsible for treatment, responding personally offences in which it is incurred.
4.5.5 Once the present contract, the Organization shall proceed to the destruction or return of the personal data responsible for CIVITANA as well as any support or document stating any data that has been processed.
4.5.6 Will adopt the measures of technical and organizational measures that are necessary and ensure the safety of the personal data and avoid their alteration, loss, treatment or unauthorized access, taking into account the State of technology, the nature of the data stored and the risks are exposed, whether they come from human action or physical or natural means , in accordance with the provisions of the regulation 1720 / 2007 and according to the type of data that are processed.In this sense, and in a special way the Organization must implement security measures that may apply, at any time, in accordance with the provisions of articles 81 and 82 of the regulation and depending on the nature of the data to which you have access. When the organization providing the services is their own premises, shall draw up a document of security in the terms required by article 88 of the rules of procedure or complete his own identifying file or treatment and CIVITANA as the file manager and incorporating security measures that are necessary to implement such treatment.
5 Duration of the contract
5.1 This Agreement shall enter into force on the date of its signature and will have a duration of 12 months. This agreement shall be extended automatically for identical period of time unless either of the Parties notify their intention of not renewed 2 months before the date of termination of the contract or of any of its extensions.
6.1 The services object of the present contract will be billed according to the prices that are attached in annex II. Prices, such prices do not include the tax on the value added (VAT) which will be passed to the organization in accordance with the legislation in force at any time.
7 Billing and payment
7.1 The amounts to which the previous clause, more your VAT relates, shall be paid by direct debit of Bank to the account provided by the Organization in annex III. By direct debit order.
7.2 Will be invoiced on a monthly basis, the first week of each month, according to the conditions laid down by the provision of services.
7.3 Payment will be by direct debit within 30 days from the date of invoice.
8.1 Each of the parties to this contract will be responsible for the breach of the obligations that are appropriate as provided for in the same.
8.2 CIVITANA will act with due diligence to the other party, and shall be liable for any damages that may cause the Organization, always and when they are attributable to the acts or omissions of CIVITANA. In any case, and when so permitted by current legislation, the responsibility of CIVITANA, for harm or damages shall be limited to the amount paid the Organization effectively, under this agreement, during the 3 months prior to the time in which the causal event of damage occurs.
9.1 By this agreement, the organization is expressly obliged to maintain absolute confidentiality and secrecy any information you know in connection with the delivery of the confidential information of CIVITANA, as well as to the very existence of the contract and of the content of the agreements included in the same.
9.2 In addition to the aforementioned information will be included in the concept of “Confidential information” any information, because it referred to CIVITANA, third parties or the products marketed by these, and that have technical, commercial, economic, accounting, organisational, strategic, or of any other type, which is not freeware, both extracted form and in its entirety, and it has competitive value; already be communicated in writing , orally, electronically or by any other process (including, without limitation, drawings, graphics, tables, diskettes, tapes, prototypes and samples), provided by CIVITANA to the Organization, including but not limited to (a) patents and applications for patents, (b) trade secrets, and (c) proprietary information: protection of semiconductor products, ideas, signs, stands, trials, techniques, diagrams, drawings, works subject to copyright , models, inventions, know how, processes, equipment and formulas relating to existing, future or planned each party’s products and services and, including, without limitation, information of each one of them about research, experimental work, development, specifications and details of design, engineering, financial information, procurement requirements, purchasing, manufacturing, lists of customers, investors, employees, commercial and contractual relations, financial forecasts, sales and merchandising , plans for marketing and information provided by the reporting party in relation to third parties.
9.3 The Organization as the recipient of confidential information of CIVITANA, agrees that:
9.3.1 Will maintain the strictest confidentiality and secrecy, including this obligation, any disclosure of the information, both actively and passively.
9.3.2 It will not disclose it to third parties, unless CIVITANA approved in writing, and will use the confidential information only with the purpose of developing the business relationship established in this agreement.
9.3.3 Will only allow access to confidential CIVITANA information to employees who need to know on the occasion of the developing relationship and/or, where appropriate, expressly authorized third parties that is strictly necessary and that they have signed non-disclosure agreements or subject otherwise to obligations of confidentiality whose restrictiveness is at least equivalent to the obligations referred to in this Act.
9.3.4 Will adopt measures that ensure compliance, employees or authorized third parties of all obligations under this agreement.
9.3.5 Will not copy or reproduction of the confidential information provided by CIVITANA in format or medium whatsoever, unless this was necessary for the development of the legal relationship between the parties and prior permission in writing of the same.
9.3.6 A simple CIVITANA request or when no longer needed and/or to the finalisation of the contractual relationship that binds the parties, the Organization will return all of the confidential information that has been revealed or which is put at your disposal under the terms of this agreement, together with any copies thereof and clear irrevocably and as soon as , the confidential information of computers and systems that are under your control.
9.4 In the case of loss or disclosure of confidential information, the Organization shall notify CIVITANA immediately. Such notification shall not relieve you, as responsible for the loss or disclosure of confidential information, from responsibility, in your case, CIVITANA could be required by any breach of its obligations in accordance with this agreement, as well as for any damages suffered as a result of the loss or disclosure of confidential information. Failure to comply with the said requirement of notification will give rise to many responsibilities arising from that omission in particular.
9.5 Obligations which correspond to the organization under this agreement with respect to confidential information of CIVITANA shall not apply where the organization can be demonstrated that: (a) was in the public domain at the time in which it was communicated by CIVITANA; (b) became a public domain subsequent to the time in which it was communicated by CIVITANA without any breach on their part; (c) work in its possession without obligation of confidentiality at the time in which it was communicated by CIVITANA; (d) was rightfully communicated without any confidentiality obligation after at the time in which it was revealed by CIVITANA; (e) there was no indication that was confidential information of CIVITANA; Or (f) has been released by the imperative of a requested or legal provision by administrative authorities or competent judicial, in which case, should have communicated to CIVITNA character before and expressed in writing, that the broadcast took place.
9.6 The organization is responsible for the breach of any of the obligations of confidentiality. In this case, it shall be obliged to indemnify CIVITANA for any damages, whether direct or indirect, including legal fees and legal costs that were necessary to obtain such compensation by reason of the misuse of the information provided by this.
9.7 The obligations set out in this agreement for the Organization will be also obligatory for employees and collaborators, both external and internal, by what will respond against CIVITANA of a breach of such obligations by its employees and collaborators.
9.8 The obligation of confidentiality referred to it in this clause will survive during the period of two years at the time of termination of this agreement, regardless of which was the cause.
9.9 The Organization recognizes and declares that the terms and conditions of this agreement are reasonable and necessary for the protection of the legitimate interests of CIVITANA, and to prevent damages or losses of both. The Organization recognizes that any breach of the terms and conditions of this agreement, could harm CIVITANA in a very important way.
10.1 This agreement ends after its period of validity in accordance with in the fifth clause.
10.2 Without prejudice to the foregoing, causes of early termination of this agreement, which shall entitle the parties, at its option and in addition to any other action that could legitimately correspond, to terminate this agreement with immediate written notification to the other party, the following will be considered:
10.2.1 Non-compliance with any of the obligations stipulated in this agreement, provided that such breach is not remedied within a period of thirty (30) days after written notice to the defaulting party that specifying the breach and prompted their compliance. This clause to the obligation of payment by the organization is not applicable.
10.2.2 The extinction of any of the parties, legal personality
10.2.3 The mutual agreement of the parties.
11 Transfer of rights
The parties may not assign, transfer, replace or subrogated third party rights and/or obligations incurred under this agreement without the prior written consent of the other party.
12 Complete agreement
This agreement is the complete and exclusive agreement between the parties, supersedes all discussions related to it and others communicated between the parties, and it may only be modified by written agreement signed by the representatives of the parties duly authorized.
13 Applicable law and jurisdiction
13.1 This Agreement shall be governed by and construed in accordance with the laws of Spain and, in particular, in accordance with legislation at all times in the field of protection of personal data.
13.2 Parties try to resolve by mutual agreement any difficulties or doubts about the execution or interpretation of the provisions contained in this agreement.
13.3 Notwithstanding the foregoing, the parties involved accept undergo the jurisdiction of the courts and tribunals of Madrid, with express resignation to any other law or jurisdiction that could correspond to them.
And in proof of compliance, the organization formally accepts the conditions of this agreement by clicking in the section on acceptance of the agreement for the provision of services of the registration process as a client in the web www.electronicid.eu
Annex I. electronic signatures information
Through the acceptance of this form I accept the certificate issued by CIVITANA SL and declare to know and accept the conditions of use attached, as well as the statement of certification practices accessible in https://www.electronicid.eu/?p=379 .
The objective of this document of certification practices statement (DPC) is the described policies and good practices for the provision of services in the issuance of digital certificates, with reference to legislation in respect of signature and electronic identification, electronic commerce and protection of personal data.
CIVITANA undertakes and requires, as a certification services provider to comply with in relation to the management of data creation and verification of signature and the digital certificates, the conditions applicable to the request, forwarding use suspension and termination of the validity of certificates.
The document contains details of the liability regime applicable to members of the electronic community of security controls applied to its procedures and standards of secrecy and confidentiality, as well as issues concerning ownership of its property and assets, to the protection of personal data and other matters for information purposes that it deems interesting put to the public deposition.
This document will be available in the latest version in force and public form at the following link: https://www.electronicid.eu/?p=379
As a signatory, you will use an electronic certificate issued by a third party called CIVITANA, which as a certification services provider is in conformity with the provisions in law 59/2003 on electronic signatures. That is subject to the following conditions of use:
Issuance of the certificate
After completing successfully the application procedure and the corresponding electronic signature certificate issuance, are their issuance and storage systems of the provider of certification in order to facilitate the use of it to the signatory, data relating to the private key will be stored in a device under the exclusive control of the signatory which you will enter through an authentication process and the use of a PIN.
For these purposes, prior to the issuance of the certificate, the user must choose your own PIN, which will be used later for the signing of documents. Save the PIN going to select to sign the electronic document. You are responsible for this code. The certification service provider is not liable for the misuse of the PIN the user.
If you lose or forget the PIN code, please contact us for advise, through this email: firstname.lastname@example.org
Uses of electronic signatures
CIVITANA sets the appropriate limitations of use in its certification practice statement and that are known and accepted by the Subscriber.
Without limiting the foregoing, electronic signatures generated by the use of electronic certificates in any type of document, shall be regarded as electronics firms advanced, pursuant to article 3(2) of law 59/2003 on electronic signatures. Notwithstanding the foregoing, user to get electronic certificate joins a community of users, allowing you to maintain legal relations with physical and/or juridical persons that support certificates issued by CIVITANA. In this case, when the user use a certificate issued by CIVITANA, to formalize any type of legal relationship relate, with any member of the community that supports the use of certificates for the signing of documents, both CIVITANA and recognizes that, in accordance with the provisions of article 3.10 of law 59/2003 on electronic signatures the use of signatures generated with certificates issued by CIVITANA, have the same legal validity, in relation to electronic documents that are signed, to the recognized to handwritten signatures. Therefore, its use will lead to the manifestation of the full knowledge and acceptance of the content of the documents signed electronically through the use of certificates issued by CIVITANA.
The admission of electronic certificates for signing of electronic documents by the natural and legal persons of the community, may be revoked at any time, so the user must use the certificate for signing documents when it is supported by the physical or legal person that is part of the user community. Accordingly, it is possible that the certificate is admitted by a member of the community for a single use or for several.
The admission of the use of electronic certificates by physical or legal persons in the user community, which enabled the signing of documents through them, can
Registration procedure and issue/revocation/suspension of electronic signature.
The procedure of registration, request, issuance, revocation and, where appropriate, suspension of electronic signature certificates is collected in the Declaration of private certification practices defined in the Web page.
 Accept the link certification practices statement: https://www.electronicid.eu/?p=379. (Spanish version)
This information must be accepted expressly by the applicant for the certificate prior to the use of signature services.