I. GENERAL PROVISIONS
These General Terms and Conditions of Use for BetrSign® Customers (hereinafter the “General T&Cs”) provided by SETCCE d.o.o. shall define the terms and conditions of use, the mutual rights and obligations of the provider or provider’s partner, and the customer in relation to all BetrSign® cloud services (hereinafter also referred to as the “Service” or “Services”) provided by SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana, registration number 1594389000, VAT ID no. SI39705684 (hereinafter also referred to as the “Provider” or “SETCCE”).
These General T&Cs may be supplemented by Additional T&Cs which lay down the provisions for individual BetrSign® Services. The Additional T&Cs along with the General T&Cs shall govern the entire use of Provider Services.
The Additional T&Cs set out the additional or specific provisions for individual BetrSign® Services, in particular for using the BetrSign® Service via an application programming interface (API) and for using the BetrSign® Portal. The Additional T&Cs are included in the Appendices to these General T&Cs as listed below:
These General T&Cs shall apply to all Customers who order Services through the Provider’s website, and also to those Customers who signed a special agreement to purchase the use of Services with the Provider or the Provider’s Partner, or who placed their order through the Order Form for the Use of BetrSign® Services (hereinafter the “Order Form”). The General T&Cs are fully binding for the Customer and Provider and therefore have the nature of a contract. The establishment of a contractual relationship between the Customer and Provider does not require a special written agreement, since the contractual relationship is established by the Customer’s order and acceptance of these General T&Cs, or as defined in the Additional T&Cs.
The Provider and Customer may sign a special agreement to regulate any rights and obligations other than those set out in the General T&Cs. In the case of a conflict between provisions in the General T&Cs and Additional T&Cs, the latter shall prevail. Should the Customer and Provider regulate their business relationship with a special agreement and the provisions of such agreement and the General T&Cs are in conflict, the specially agreed contractual provisions shall prevail.
The terms used in these General T&Cs shall have the following meanings ascribed to them:
III. SCOPE OF SERVICES
The BetrSign® Service for digital transaction management encompasses the following functional packages or services provided by the Provider:
Management of the digital transaction confirmation process (e-signing) is performed through BetrSign® POS or BetrSign® RS.
Signing can be performed from any place and at any time, and the Service is supported on personal computers, smartphones, tablet computers and dedicated signing devices.
BetrSign® allows one document or a set of multiple documents (business transaction) to be signed by one or several signees.
IV. TECHNICAL REQUIREMENTS OF SERVICE USE
To use BetrSign® Services, the authorised user shall need: an e-mail address, a mobile phone number (in the case of remote signing), a personal computer or mobile device (smartphone, tablet computer etc.) with internet access, a dedicated signing device (in the case of handwritten signatures), producer-supported versions of web browsers and operating systems and the BetrSign® eID electronic identity (in the case of remote signing). The Provider shall not be liable for the non-operation of BetrSign® Services on older versions of operating systems which are officially no longer supported by the operating system producer. BetrSign® Services may operate on older unsupported versions of browsers, but the appearance of pages may be incomplete or distorted and some service features may not be functional.
V. INTELLECTUAL PROPERTY
All BetrSign® Services are licensed and they are by no means the subject of sale to the Customer. The Customer may use the ordered BetrSign® Service for the duration of the purchased right of use. The right of use is linked to the Customer (the business entity which purchased a licence) and any legal successor thereof.
By purchasing BetrSign® Services, the Customer shall acquire the untransferable, non-exclusive, time-limited, payable right to the non-commercial use of the individual right to the use of BetrSign® eID, restricted to the number of purchased rights or subscriptions. By no means shall the Customer acquire any right for the onward distribution, processing, interference with the source code, reverse engineering or reproduction of the Services, or the right to translate, adjust, modify or otherwise process, lease or sell for a fee or without a fee or use the Services commercially.
BetrSign® Services are the exclusive and fully copyrighted property of the Provider, who retains all material and moral copyrights, which shall not be transferred to the Customer for the duration of its subscription with the assigned right of use.
All data, images and other information contained in BetrSign® Services are subject to copyright or other protection of industrial property, as set out in the relevant legal regulations governing the area of copyrights and industrial property rights. The ownership and legal title of BetrSign® Services, and any rights attached to copyrights and other intellectual property rights on the software or any parts thereof or on the Services, shall not be transferred but shall remain the exclusive property of the Provider.
Unauthorised or third parties are not permitted to use BetrSign® Services unless this is the subject of these General T&Cs.
VI. CUSTOMER CONTENT
Customer content shall mean any text, information or material such as electronic documents or images uploaded or imported by the Customer to the Services or created by using the Services or software. Uploading of illegal content is prohibited. The Provider reserves the right to remove content or restrict access to content, the Services or software if any of the uploaded content violates these General T&Cs. The Provider shall not view the content but may use the available technology or processes to detect incorrect data, certain types of illegal content, or other offensive content.
The Provider reserves the right to make a prior check to ensure that the content for which the Service is to be used by the Customer is appropriate (for political content, adult content, and all content that is legally prohibited or restricted) and approves or refuses the use of the Service for inappropriate or legally prohibited content.
The Customer holds and shall retain the right of ownership and any other intellectual property rights to all content uploaded or otherwise used in the Services by the Customer.
VII. CONFIDENTIALITY AND PERSONAL DATA
Upon entry into a contractual relationship, the Provider and Customer agree that all information, including personal data, which they may access in order to provide the Service shall be a trade secret and shall not be disclosed to third parties except for the purposes of providing Services.
The Customer authorises the Provider, in its capacity as a contractual data processor, to store and for said purposes only process data submitted to the Provider’s information system or Service or employees that could have a business or confidential character and which will be protected with appropriate measures for preventing unauthorised disclosure.
The Provider undertakes to provide all Services in a professional and correct manner and in accordance with the legislation governing trade secret protection. When providing the Services, it shall be the Provider’s responsibility to ensure that no abuse of business or confidential information and the Customer’s data occurs. The Provider shall ensure this through consistent adherence to the applicable laws regulating this area, and compliance with best practice standards and guidelines, and by-laws and internal procedures.
The Customer is the owner and manager of all personal data, and is responsible for its protection in accordance with the applicable laws.
The Customer shall have the right to demand reports and proof of the Provider’s handling of confidential information.
The Provider shall ensure the security of data processing and storage in accordance with the Provider’s organisational measures, which include all the organisational, technical, logical-technical procedures and measures required to ensure information security and the protection of data and trade secrets.
The security policy and organisational measures shall lay down at least the following obligations:
a) PERSONAL DATA PROCESSING
The subject of these General T&Cs is also the regulation of personal data processing in the scope of Service provision under Article 4 of the General T&Cs, and the definition of rights and obligations between the Customer and Provider pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR”).
The Provider shall receive personal data from the Customer when the latter accesses and submits personal data to the Service. Personal data is also contained in documents submitted through the Services or forming a part of the login or registration data in the scope of the Services.
For data in relation to which the Provider acts as the processor and the Customer as the controller, personal data processing within the Service is defined below by the Provider and Customer pursuant to Article 28 of the GDPR and in that connection, their mutual rights and obligations are set out in accordance with the GDPR.
The Customer represents that it has an admissible legal basis pursuant to the GDPR to process all of the personal data submitted.
The Customer represents that the personal data that it submits to the Provider for processing is collected on the basis of at least one of the following conditions: the personal consent of the data subject or/and the performance of a contract with the data subject or/and the fulfilment of a legal obligation. The Customer guarantees that it has the appropriate legal basis to process the personal data it submits through the Services or provides within the login or registration data in the scope of the Services.
Should the Customer submit to the Provider personal data that the Customer acquired in a manner inconsistent with the GDPR or other applicable personal data protection law, the Provider shall not be held liable.
The categories of personal data collected by the Customer and submitted in its documents to the Provider may vary, and shall depend on the content of the documents, and shall not be stored in a structured form by the Provider.
The categories of personal data contained in login, registration and other input fields may include: name, surname, e-mail, mobile number, and tax ID number. The indicated personal data refer to the users,end-userss and employees of the Customer or another legal person or another business entity that collaborates with the Customer on the basis of a contract or otherwise.
While this contract is in force, the Customer shall also submit as necessary other categories of personal data relating to other categories of individuals not explicitly specified in the preceding paragraph of this article, provided that the data is required to use the Services and the Customer has an admissible legal basis for their processing.
The Provider shall not transfer the personal data that it receives in the course of providing Services to third countries, except when required to do so and to the extent required by EU law or Slovenian law. In this event, it shall notify the Customer in advance of transferring personal data to third countries, in accordance with the applicable legislation.
The Provider shall perform only those personal data processing tasks on behalf and for the account of the Customer for the data it has received from the Customer which are necessary to provide the ordered Services.
The Provider shall process personal data received from the Customer for the purpose and by means determined by the Customer alone. The Provider shall not itself determine the purposes and means of processing the personal data that it receives from the Customer for processing.
The Provider shall handle the received personal data in accordance with the GDPR and other applicable legislation on personal data protection, and undertakes not to use the personal data for purposes other than determined by the Customer.
The Provider shall process the personal data received from the Customer only within the scope of the content of the documents submitted and as per the Customer’s documented instructions, and provide the Customer with all the information required to prove the performance of its obligations as the Provider.
The Provider represents that its persons authorised for processing personal data are under an obligation to uphold confidentiality and personal data protection.
Having regard for the nature of the work, the Provider shall help the Customer with various technical and organisational measures to perform its obligation to exercise the rights of individuals set out in Chapter III of the GDPR.
The Provider shall assist the Customer in fulfilling the obligations set out in Articles 32 to 36 of the GDPR, taking into account the nature of processing and of the information accessible to the Provider.
The Provider shall not send personal data to third parties apart from contractual sub-processors which have signed relevant personal data processing contracts with the Provider, and which are obliged to comply with all the provisions relating to personal data protection contained hereunder.
The Provider shall supply the Customer with all the information necessary for proving its performance of its obligations regarding personal data processing and allow the performance of any previously announced audits and reviews that might be stipulated or conducted by the Customer.
The Provider shall notify the Customer without delay or within 48 hours at the latest if it identifies or becomes informed of a personal data breach.
The Customer shall notify the Provider without delay of any termination of the legal basis for personal data processing under these General T&Cs.
The Provider shall accept requests related to the exercise of rights in writing at the email address email@example.com. In such requests, the Customer shall clearly specify what assistance it requires from the Provider and clearly indicate a deadline for reply. The Customer and Provider agree that all obligations regarding notification and other processes associated with data processing under the General T&Cs shall be performed by the Customer, whereas the Provider shall submit to the Customer all the information necessary to perform the said obligations.
When offering assistance related to personal data protection and information protection (e.g. the exercise of rights of individuals, completion of questionnaires etc.), the Provider is entitled to charge a fee for its work by the hourly rate indicated in the processor’s valid price list. The Provider does not have the right to charge a fee for assistance when the Customer’s request is made due to a personal data breach.
Obligations arising from inspections and other official procedures by relevant authorities relating to data processing under the General T&Cs and conducted directly at the Provider’s site shall be fulfilled by the Provider. This also applies, mutatis mutandis, to the sub-processor. The Provider shall immediately notify the Customer of any such procedures.
For those personal data where the Provider acts as the processor and the Customer as the controller, the Customer agrees by entering into a contractual relationship that the Provider may perform the contractual tasks related to data processing by itself or assign them to a subcontractor acting as a personal data sub-processor. Information about sub-processors shall be notified by the Provider to the Customer in a previously agreed manner before concluding the contractual relationship. Prior to any subsequent change of a contractual sub-processor, the Provider, with general written authorisation of the controller, shall notify the Customer thereof 15 days before giving the new sub-processor access to the data. During this period, the Customer shall have the option to object to the change of sub-processor. The Provider shall furthermore conclude a contract or another legal instrument with the sub-processor which lays down the same data protection obligations as those between the Customer and Provider. The list of sub-processors performing specific tasks related to data processing on behalf of the Provider is given in Appendix 4 to these General T&Cs.
The Provider and Customer shall ensure the relevant procedures and measures referred to in Article 32 of the GDPR.
The Provider shall protect the personal data in accordance with regulations on personal data protection and in accordance with the measures and procedures set out in these General T&Cs.
The Provider shall process the Customer’s personal data and the personal data submitted by the Customer only for the purpose of the use of Services and only for the term of the contractual relationship, or in the case of subscribing, during the term of subscription to the selected subscription plan.
After an individual transaction is completed, the Provider shall erase all documents related to the transaction which contain personal data, no later than 70 days from their receipt.
The Provider shall irreversibly destroy any copies of personal data by the deadline referred to in the preceding paragraph unless required to store the data for longer by law.
If Service provision is terminated, the Provider or Provider’s partner shall, at the Customer’s request, hand over to the Customer any data stored in the BetrSign® information system, unless another law stipulates the storage of personal data. The Provider or Provider’s partner shall have the right to charge the costs of delivering the data to the Customer.
b) SPECIAL PROVISIONS FOR PERSONAL DATA
The Customer guarantees that it shall acquaint all its end users with the fact that the Provider is acting as a personal data processor for the Customer and that all its end users who use any Provider Service through the Customer have been acquainted with the General T&Cs for the end-user, which are posted on the Provider’s website. The Provider is by no means liable for the use of Services by the end-user. All liability that may arise from the end user’s use of Services lies with the Customer.
VIII. AUDIT TRAIL
An audit trail is the visible trail of proof which allows information in claims or reports to be traced back to its source. The Provider shall manage the audit trail to prove the traceability of business events. The Provider shall ensure that the audit trail is unchanged, transparent and confidential. If so agreed with the Customer, the Provider may enable the export of the entire audit trail for an individual transaction.
The Provider shall process the following data for the purpose of audit trail management:
IX. TECHNICAL SUPPORT
For the purpose of providing assistance to Customers, various instructions and guidelines for the use of Services shall be posted on the Provider’s official website or its web applications. The Provider is not obliged to provide the Customer or user with additional direct technical support or directly answer the Customer’s questions unless otherwise stipulated with a special contract or another written agreement or in the case that the subscription plan includes the provision of technical support by the Provider or if so stipulated in the Additional T&Cs for a specific Service.
X. PROVIDER GUARANTEES AND DISCLAIMER
The Provider shall ensure that the Services are provided in a professional manner and in accordance with technological standards, organisational measures (general organisation, security policy, information system management procedures, service provision) and the relevant law. The Provider guarantees that BetrSign® services shall be updated regularly in line with technological recommendations and legal requirements.
The Provider guarantees to the Customer that the Services will work as intended if used in accordance with the instructions for use and supported with an appropriate information environment. The Provider shall endeavour to ensure that the Services are available at all times, except in the case of circumstances beyond its control. The Provider shall provide the Services as is and as available. The Provider refuses to give any guarantees and does not guarantee that:
The Provider shall not be liable for disruptions and outages in the telecommunications network, for faults occurring in the mobile network, for faults arising in the transfer of data along telecommunications networks, for disabled access to the use of Services for reasons not depending on the Provider (and also not during maintenance, upgrades or other required work on the system), or for outages resulting from force majeure or from reasons beyond the Provider’s control.
The Provider shall host the information system and back-up copies itself, or with subcontractors in the territory of the European Union. In the latter case, it shall provide the same guarantee for the subcontractors as if it provided the Services itself.
If the Customer fails to meet its obligations in a timely manner or unreasonably refuses the Provider’s requests, the Provider shall not be liable for any delay, non-fulfilment or incorrect fulfilment caused by the Customer’s failure to meet its obligations, or for any related damages suffered by the Customer or its clients.
To the greatest extent possible and admissible by applicable law, the Provider shall not be held liable for any direct, indirect, pecuniary or non-pecuniary damage or any other damage related to the use of Services. This includes all damages which may be related to faults, interruptions and loss of data that may occur through the use of Services. This disclaimer applies regardless of whether damages are claimed pursuant to these General T&Cs by reason of negligence, intent or otherwise, even if the Provider’s negligence has been established and even if the Customer had notified the Provider of the possibility of some damage occurring.
THE PROVIDER SHALL GIVE NO GUARANTEE OR BE LIABLE FOR ANY CLAIM ARISING FROM:
Unless when explicitly prohibited by law, any liability of the Provider regardless of the basis of liability for the damage incurred is excluded (including damage due to negligence, intent or breach of legal responsibilities). If a court of law finds that the Provider is responsible for any damage or loss of data or use of Services, which stems from the provision of Services, the liability of the Provider and its technological partners shall be limited to the amount of the monthly invoice for the BetrSign® Service for the Customer.
The Provider may, for technical, legal or economic reasons, change the functional or technical parameters of the BetrSign® Service. In the event that the functional or technical changes in parameters might affect the availability of the BetrSign® Service for use by the Customer (e.g. changes in integration), the Provider shall notify the Customer thereof at least 30 days before introducing the change. This duty to notify does not apply to interrupted operation during announced system maintenance and upgrades.
The Provider may also suspend the BetrSign® Service for technical, legal or economic reasons. The Provider shall notify the suspension of BetrSign® Services which are the subject of these General T&Cs to the Customer or the Provider’s Partner at least 120 days before their suspension, and this deadline shall not apply to cases of the Customer breaching these General T&Cs. The Provider shall not be obliged to compensate any costs that may result from changed or suspended Services. The Provider may also temporarily suspend the use of Services for a specific Customer under the conditions set out in Chapter XIV. Temporary or permanent suspension of the use of Services.
Unless these General T&Cs determine otherwise, the Provider has the right to use the software and, where relevant, the hardware or BetrSign® Service for other purposes (of other Customers) or for other content (marketing content or other Customers’ content).
XI. RIGHTS AND OBLIGATIONS OF THE CUSTOMER
The Customer undertakes to supply in the shortest time possible all the data, information and resources required to connect the Customer’s business applications with the BetrSign® Service. The Customer shall ensure that it meets all the conditions necessary for the timely and comprehensive fulfilment of the Provider’s obligations. If the Customer fails to meet its obligations in a timely manner or unreasonably refuses the Provider’s requests, the Provider shall not be liable for any delay, non-fulfilment or incorrect fulfilment caused by the Customer’s failure to meet its obligations, or for any related damages suffered by the Customer, its users or its clients or third persons connected with the Customer. Should the Customer’s delay have a significant impact on performance deadlines, the Provider reserves the option to increase the Service prices.
The Customer shall provide true information when registering and logging into BetrSign® Services. In the event that incomplete, incorrect or untrue information are given, or for other reasons, the Provider has the right to reject registration. The Customer shall ensure that all the information required to use BetrSign® Services is true, correct, accurate and complete, otherwise the Customer shall indemnify the Provider for all the damage incurred.
The Customer shall be obliged to notify the Provider of any change to the information that is subject to agreement between the Provider and Customer within eight (8) days of the occurrence of the change.
After accepting the General T&Cs or being connected to the BetrSign® Service, the Customer shall obtain access to BetrSign® Services for its authorised users whose data was provided. The Customer shall ensure that its users are authorised for the use of the BetrSign® Portal. The Customer shall ensure that its authorised users are acquainted with the contents of the General T&Cs.
The Customer shall immediately notify the Provider’s technical support of detecting any unauthorised access to its user account for BetrSign® Services.
The Customer must not abuse the Provider’s software, Service or content that is being provided by the latter. The Customer gives its explicit assurance that:
These General T&Cs under no circumstance confer the right to reproduce, distribute, amend, test, develop or disclose to the public software or the Services, unless the Customer and Provider shall agree otherwise.
XII. FORCE MAJEURE
The Provider shall not be liable for any damage incurred by delays or errors in the fulfilment of its obligation to provide Services, if such a delay/error occurred due to circumstances that the Provider could not control, i.e. force majeure, including but not limited to examples such as: any restrictions and measures imposed by the authorities, wars, strikes, unrest, earthquakes, floods, other natural disasters and acts of God, and all other events which are beyond the Provider’s control.
If the Provider is unable to fulfil its obligation due to the occurrence of force majeure circumstances, it must immediately or no later than 5 days of the occurrence of such circumstances notify the Customer of the force majeure, its expected duration and its potential consequences. If force majeure circumstances persist longer than 2 months, the Provider and/or Customer may terminate the contractual relationship without giving further notice.
XIII. PROVISION OF RESOURCES FOR THE INTEGRITY AND AUTHENTICITY OF TRANSACTIONS AND THE LEGAL VALIDITY OF SIGNATURES
Within the scope of the BetrSign® service, the Provider shall provide all necessary resources for ensuring the integrity and authenticity of electronically signed documents and the legal validity of electronic signatures. To ensure the authenticity and integrity of electronically signed documents or. transactions and the legal validity of electronic signatures, the user shall be bound to comply with the rules on the use of resources for electronic signing and the performance of electronic signing in accordance with the organisational measures which are part of the BetrSign® Service (security policy for electronic signing and internal rules on electronic storage).
The Provider of the Service shall ensure that every electronic signature created using the BetrSign® Service complies with the conditions defined by the organisational measures of the BetrSign® Service and meets the requirements of applicable legislation governing this area.
The Provider shall in no case be liable for or shall not be obliged to ensure the integrity and authenticity of electronically signed documents or. transactions and the legal validity of electronic signatures in cases of abuse of resources for electronic signing which are a part of the BetrSign® Service, or abuse of the Service by a Customer, user or third party. Equally, the Provider shall in no case be liable for or shall not be obliged to ensure the integrity and authenticity of electronically signed documents or transactions and the legal validity of electronic signatures if the BetrSign® Service is used contrary to the organisational measures of the BetrSign® Service, or in the event of abuse of the organisational measures of the BetrSign® Service.
The Customer or user shall be obliged to use BetrSign® Service in accordance with the instructions and organisational measures prescribed by the BetrSign® Service Provider. The Provider reserves the right to immediately stop the provision of BetrSign® Services in the event of abuse or of a failure to observe instructions for use, organisational measures or the relevant laws.
The Provider shall not be liable for the operation of any software or hardware owned by the Customer or a third party. Equally, the Provider shall not be liable for the inadequacy, implementation or incompatibility of the BetrSign® Service if the Customer modifies the hardware or software configuration or equipment, modifies or changes the source code, uses the Service in combination with equipment not approved by the Provider, has no Internet access or operates so as to affect the functioning of the BetrSign® Service, without the Provider’s prior written consent.
XIV. TEMPORARY OR PERMANENT SUSPENSION OF THE USE OF SERVICES
The Provider may temporarily suspend the provision of Services to the Customer in the following cases:
The Provider shall notify the Customer in writing of the reasons for temporary suspension of the use of Service at least three (3) days prior to the date of suspension.
If the Customer eliminates the reason for suspension, the Provider shall restore the use of BetrSign® Services for the Customer no later than within three (3) business days.
If the Provider suspends the use of the BetrSign® Service for any reason, it shall remove from the systems all data connected with the Customer no later than within 70 days and notify the Customer or Provider’s Partner thereof in writing.
For notifications regarding the provision of Services, Provider support is available at the email address: firstname.lastname@example.org.
XVI. FINAL PROVISIONS
Should any of the provisions of the General T&Cs be or become void, this shall not affect the remaining provisions of the General T&Cs. The void provision shall be replaced with a valid provision that corresponds to the greatest extent possible to the original aim of the void provision.
If the General T&Cs stipulate that communication, coordination or other notification between the Provider and Customer shall be in writing, it is deemed that the requirement of written form is also fulfilled by emailing to an appropriate and valid e-mail address. A valid email address is the email address agreed by the Customer and Provider for their communication.
The Provider and Customer shall attempt to resolve any disputes amicably. If this is not possible, the court in Ljubljana shall be competent for resolving disputes in accordance of the law of the Republic of Slovenia.
The Provider shall have the right to transfer its rights and obligations under these General T&Cs to its affiliated companies. The Provider may engage its subcontractors or partners to provide the Services without the Customer’s consent, whereby the level of Services shall remain the same or compliant with the provisions of these General T&Cs.
The Provider reserves the right to amend the General T&Cs at any time and at its own discretion, and it shall notify the Customer of the amendment and its effective date with a website post.
These General T&Cs shall take effect on 5 July 2022.
- Appendix 1: Additional Terms and Conditions of Use for BetrSign® via API (Application Programming Interface)
- Appendix 2: Additional Terms and Conditions of Use for BetrSign® Portal
- Appendix 3: Additional Terms and Conditions of Use for eHramba.si
- Appendix 4: List of sub-processors
Appendix 4: List of sub-processors
Purpose of processing activity
Zaboršt pri Dolu 11b. 1262 Dol pri Ljubljani
Pot k sejmišču 33, 1231 Ljubljana - Črnuče
long-term storage of electronic documents (eHramba.si® Service) – if the Customer orders the eHramba.si® Service