By accessing, transmitting material, or using the BetrSign® Service or Mobile App BetrSign®, the user agrees to comply with these General terms and conditions for users for the purpose of using the BetrSign® Service (hereinafter the: General T&Cs). If the user does not agree with the General T&Cs, the user may not use the BetrSign® Service.
The General T&Cs lay down the terms and conditions applying to the provision and use of the BetrSign® Service for natural persons, the scope of these services, and the mutual rights and obligations of Service users and SETCCE d.o.o., registered office: Tehnološki park 21, Ljubljana, registration number: 1594389000, VAT ID number: SI 39705684, as the responsible provider and operator of the BetrSign® Service (hereinafter the “Provider”).
These General T&Cs constitute a legally valid and binding agreement between the Provider and BetrSign® users.
If the scope of Service defined with the General T&Cs does not meet the user’s requirements, the user should contact the Customer’s agent who shall suggest another means of signing.
II. DEFINITION OF TERMS
The terms used in these General T&Cs shall have the following meanings ascribed to them:
III. SUBJECT OF THE SERVICE
By using the BetrSign® Service, the user shall be deemed to be acquainted with the General T&Cs. The cloud Service facilitates the management of digital transactions, i.e. for the creation and management of electronic identities, the authentication of users, the management of electronic signature workflows, electronic signing (of documents), exchange (of electronic documents) and the electronic storage of completed documentary material, i.e. completed electronically signed business documents.
IV. PROVISION OF THE BetrSign® SERVICE
The SETCCE BetrSign® electronic signing Service is intended for the preparation and signature of documents which are electronically generated in the Customer’s business processes. To capture e-signatures, the SETCCE BetrSign® Service requires documents in PDF format with signature tags in the places to be signed. The tags shall specify the signee, the signing order and the location (who is to sign the document and where).
The BetrSign® Service comprises the provision of services required for the following methods of electronic signing:
By using the BetrSign® Service, the user agrees to perform electronic signing by the means and under the conditions set out in these General T&Cs and using the method of signing determined by the Customer subscribed to the Service.
V. TECHNICAL REQUIREMENTS FOR USING BetrSign®
To use the BetrSign® Service for remote signing, the user shall need an e-mail address, a personal computer or a mobile device (smartphone, tablet computer etc.) with internet access, producer-supported versions of web browsers and operating systems and an BetrSign® eID electronic identity. The Provider shall not be liable for the non-operation of BetrSign® on older versions of operating systems which are officially no longer supported by their producers. The BetrSign® Service may operate on older unsupported versions of browsers, but the appearance of pages may be incomplete or distorted. Another requirement for use is access to and submission of the user’s valid email address.
The Provider shall host the information system and back-up copies itself, or with subcontractors in the territory of the European Union. In the latter case, it shall provide the same guarantee for the subcontractors as if it provided the Services itself.
The provider also provides the following interfaces for working with qualified digital certificates:
a) Mobile App BetrSign®
The BetrSign® mobile app supports contactless reading of qualified digital certificates on an electronic ID card using the NFC protocol for the purposes of secure login to supported IT systems and for the electronic signing of documents. The mobile application is used as an interface to work with digital certificates and supports the business processes of the BetrSign® service customers. The BetrSign® mobile application also allows the user to retrieve, store and exchange the required personal data or attributes from the ID card for online authentication when using public and private web services, which is displayed on the screen and transmitted to the online service after validation. The mobile application provider shall keep the data with itself only until the transfer of the personal data has been completed.
The user has full control over the data transmitted to the web service. The provider of the BetrSign® mobile application does not collect any data that is not necessary for the provision of the mobile application.
The app works on Android or iOS smartphones that support the NFC protocol and is available on Google Play, App Store and AppGallery.
b) Component SETCCE proXSign®
SETCCE ProXSign® is a desktop application and is part of the BetrSign® service. It allows electronic signing of documents with different types of qualified certificates from several qualified issuers, for example with a qualified digital certificate on a dedicated external medium (smart card, USB, electronic ID card) and web-based digital certificates stored in a web browser on the client.
VI. LIMITATION OF LIABILITY AND USE
The Provider expressly prohibits any interference with the source code, reverse engineering, onward distribution, processing, reproduction, rental in return for payment or free-of-charge, sale or any commercial use of BetrSign® Services.
Unauthorised or third parties are not permitted to use the Service unless this is otherwise agreed in these General T&Cs or another written agreement between the user and Provider. In the event of a breach or abuse the user may be subject to liability for damages or criminal liability.
The user is obliged to provide true information when registering or logging in to use the Service. In the event that incomplete, incorrect or untrue information is given, or for other reasons, the Provider has the right to deny registration or login. The user shall ensure that all the information required to use the Service is true, correct, accurate and complete, otherwise the user shall indemnify the Provider for all the damage incurred.
VII. USER’S LIABILITY
The BetrSign® Service may be used by the user exclusively for personal use.
The user guarantees that the personal data submitted is accurate and relates to the user. Users are not permitted to use offensive information or other information referring to hate speech. Under these General T&Cs the Service may be used by an adult with the capacity to contract or persons under the age of 18 with the consent of their legal representative or holder of parental responsibility.
The user shall maintain the confidentiality of the means of electronic identification and use them in accordance with the guidance in these General T&Cs. In the event of an abuse of the BetrSign® Service or negligent conduct, the user may be subject to liability for damages or criminal liability.
The user may not authorise or hand over the means of electronic identification to other persons or in any other way enable the use of his or her means of electronic identification to other persons. If the above provision is breached, the user shall guarantee full liability for damages.
The user may not use the BetrSign® Service for illegal purposes.
The user may not acquire, collect or store the personal data of other users.
In the case of suspected abuse of the user’s means of electronic identification, the user shall immediately notify the Provider thereof to the electronic address firstname.lastname@example.org. On the basis of this notification the Provider shall disable the use of the means of electronic identification.
VIII. LIMITATION OF PROVIDER LIABILITY
Users shall use the Services at their own risk. The Provider does not guarantee uninterrupted operation of the Services. However, the Provider shall try to resolve any disruptions as soon as possible. The Provider reserves the right to suspend access to the BetrSign® Service for short periods of time for technical reasons, maintenance or to replace equipment. The Provider does not guarantee access to BetrSign® in the event of communication network outages or other outages, failures, other technical malfunctions or interruptions in third-party services (power supply, etc.) and force majeure.
The Provider shall not be liable to the user for any indirect or direct damage or deficiency that may be suffered by the user as a result of technical issues or the inability to use BetrSign®.
The Provider is not liable for damage incurred to the user as a result of the user having supplied the Provider with erroneous, false, incomplete or outdated data relating to the user.
The Provider shall not be liable for the malfunctioning of the Services caused by improper use or the user’s lack of knowledge. The Provider shall not be liable to the user for any incorrect entry of user data, and the Provider shall likewise not be held liable if the user has not protected the data he or she entered and prevented third parties from accessing the data in order to maintain their confidentiality.
The Provider shall under no circumstance be liable for damage, which may be suffered by the user due to lost, submitted or in any other way misused data and which was caused by the user, the Provider’s Customer or third parties.
In the event of an abuse of the BetrSign® Service the Provider may immediately restrict or terminate the user’s access to the BetrSign® Service.
IX. PERSONAL DATA PROTECTION
For the purposes of providing the BetrSign® Service, the Provider shall process, store and obtain from the Customer, which acts as the controller, the personal data of the user and thus act as the personal data processor. The Provider shall process personal data in accordance with applicable legislation on the protection of personal data. The Provider shall store the personal data until the purpose has been revoked or the right to erasure has been exercised. In these General T&Cs the user shall be considered an individual or natural person as defined in personal data protection legislation.
The Customer from which the Provider obtains personal data shall ensure that it has an admissible legal basis for the processing of the personal data collected pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) and other applicable legislation governing personal data protection. The Customer represents that the personal data that it submits to the Provider for processing is collected on the basis of at least one of the following conditions: the personal consent of the data subject or/and the performance of a contract with the data subject or/and the fulfilment of a legal obligation. Should the Customer submit to the Provider personal data that the Customer acquired in a manner inconsistent with the GDPR or other applicable personal data protection law, the Provider shall not be held liable.
The collected personal data shall not be shared with third parties or to other organisations without notifying this to the Customer who is the data controller.
The list of sub-processors performing specific tasks related to data processing on behalf of the Provider is given in Appendix 1 to these General T&Cs. The processor shall ensure that the sub-processors comply with the provisions of Paragraphs 2 and 4 of Article 28 of the GDPR, and have put in place technical and organisational measures that satisfy the GDPR and the General T&Cs.
As the personal data processor, the Provider undertakes to treat all collected personal data with care and to process it solely for the purposes for which it was originally obtained.
For the purpose of using the BetrSign® Service, the Provider shall process the categories of personal data submitted by the Customer in its documents and the personal data entered by the user himself or herself in registration/login forms. Personal data may vary and shall depend on the content of the documents, and shall not be stored in structured form by the Provider. In all cases the Provider shall process the following personal data of the user: name, surname, email, telephone number and country (for one-time password purposes) and information included in the audit trail as set out in Section XI.
The types of personal data processed by the provider in the context of the mobile application are:
The Provider technically allows the data from the user's ID card to be transferred to another business entity or customer on the basis of the user's prior consent. The customer who obtains the personal data is responsible for the further processing of the personal data in accordance with the applicable data protection legislation.
The application shall also allow the user to view the holder's data contained in the individual identity card:
This information shall be displayed to the application user on request and shall not be stored in the application. All data processed within the BetrSign® Mobile App are processed solely on the mobile device the user. None of the data contained in the mobile application are not transferred to any other information system unless the individual explicitly requests it (for example use of the Mobile App to log in to the BetrSign® online service, for an electronic signature).
Pursuant to applicable legislation the user may – during the period of personal data processing – exercise the right to or of:
The Provider shall ensure the exercise of the user’s rights in connection with personal data processing on the basis of a request from the Customer. The user shall send requests related to the exercise of rights to the designated email address or the Customer’s address.
When there is a reasonable doubt in connection with the identity of the user submitting a request in connection with any of his/her rights, the Provider or Customer may request additional information necessary to establish the identity of the user associated with the personal data.
Users also have the right to lodge a complaint directly with the Information Commissioner if they believe that the processing of their personal data breaches Slovenian regulations or EU regulations in the area of personal data protection. The user can submit a complaint to the Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail: email@example.com, website: www.ip-rs.si.
The Provider as the personal data processor under these General T&Cs shall not make decisions which would be based solely on automated data processing and which would include profiling and have legal or similar effects for the users.
The Provider provide the hosting of the IT system and the backups itself or through subcontractors within the territory of the European Union, for which it shall provide a guarantee as if it had provided the services itself.
X. INFORMATION SECURITY
The provision of the Service that is the subject of these General T&Cs includes the processing and storage of personal data the disclosure and abuse or negligent handling of which could result in damage to the user. The Provider shall safeguard all data and provide for adequate resources and measures to prevent abuse and unauthorised access to data. Persons engaged in the provision of Services shall undertake to uphold data security and confidentiality.
The Provider undertakes to provide all the services professionally and properly in accordance with the regulations on the handling of confidential information. When providing the Services, it shall be the Provider’s responsibility to ensure that no abuse of the user’s personal data or confidential information occurs. The Provider shall ensure this through consistent adherence to the applicable laws regulating this area, and compliance with best practice standards and guidelines, and by-laws and internal procedures.
The Customer is the owner and manager of all personal data, and is responsible for its protection in accordance with the applicable laws.
The Provider shall ensure the security of data processing and storage in accordance with the Provider’s organisational measures, which include all the organisational, technical, logical-technical procedures and measures required to ensure information security and the protection of data and trade secrets. The Provider shall have in place the Information Security Management System under the ISO/IEC 27001 standard.
Communication between the Provider and user may include private data of the user. Confidential data shall include all material, messages and information marked as confidential or which would be considered confidential in customary situations. If the user receives confidential information, the user may not disclose it to third parties without prior consent of the Provider.
XI. AUDIT TRAIL
An audit trail is the visible trail of proof which allows information in claims or reports to be traced back to its source. The Provider shall manage the audit trail to prove the traceability of business events. The Provider shall ensure that the audit trail is unchanged, transparent and confidential. If so agreed with the Customer, the Provider may enable the export of the entire audit trail for an individual transaction.
The Provider shall process the following data for the purpose of audit trail management:
XII. TERMINATION OF SERVICE PROVISION
After an individual transaction is completed, the Provider shall erase all documents related to the transaction which contain personal data, no later than 70 days from their receipt.
All personal data shall be erased or returned to the Customer by the Provider at the instruction of the Customer, and in any case after the expiry of their contractual relationship, within 70 days of the instruction being received or the termination of the contractual relationship, unless another law prescribes the storage of the personal data. The Provider shall irreversibly destroy any copies of personal data by the deadline referred to in the preceding paragraph, unless required to store the data for longer by law.
XIII. BREACH OF THE GENERAL T&Cs
The Provider reserves the right to disable access to the BetrSign® Service for users who are in breach of or fail to comply with the General T&Cs. If the actions of users incur any damage to the Provider they shall fully indemnify the Provider for that damage. Any breaches of General T&Cs may also be subject to criminal prosecution.
Any violations in the use of BetrSign® committed by other users may be notified to the Provider by email at firstname.lastname@example.org or with a letter sent to the registered office address of SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana.
XIV. INTELLECTUAL PROPERTY RIGHTS
All data and information, the visual appearance, corporate identity, marks, trademarks and logos which comprise or are components of BetrSign® Services are owned or held by the Provider and are subject to copyright and/other rights of protection of industrial property as set out in applicable legislation governing protection of copyrights and industrial property rights. By using or accessing the Services the user shall obtain only the non-exclusive, time-limited and non-transferrable right to use the BetrSign® Service, whereby the user may not use the Service for any purpose that is inconsistent with these General T&Cs or for another potentially commercial purpose.
XV. FINAL PROVISIONS
Any dispute between the Provider and user shall be resolved amicably. If the parties fail to resolve a dispute amicably, the dispute shall be resolved before the court of subject-matter jurisdiction in Ljubljana.
Should any of the provisions of the General T&Cs be or become void, this shall not affect the remaining provisions of the General T&Cs. The void provision shall be replaced with a valid provision that corresponds to the greatest extent possible to the original aim of the void provision.
The Provider reserves the right to modify or amend these General T&Cs at any time, in which case the Provider’s obligation to notify users about any modification or amendment shall be deemed fulfilled by posting the new General T&Cs on the Provider’s website. The new General T&Cs shall take effect on the date they are posted on the Provider’s website or on the date which is specified in the new General T&Cs as the effective date subsequent to posting.
These General T&Cs shall enter into force on December 21, 2022.
Appendix 1: List of sub-processors
||Purpose of processing activity
|ZupO d.o.o.||Zaboršt pri Dolu 11b. 1262 Dol pri Ljubljani||1518976000||backup copying|
|ZZI d.o.o.||Pot k sejmišču 33, 1231 Ljubljana - Črnuče||5366569000||long-term storage of electronic documents (eHramba.si® Service) – if the Customer orders the eHramba.si® Service|