I.    GENERAL

By accessing, transmitting material, or using the BetrSign® Service or Mobile App BetrSign®, the user agrees to comply with these General terms and conditions for users for the purpose of using the BetrSign® Service (hereinafter the: General T&Cs). If the user does not agree with the General T&Cs, the user may not use the BetrSign® Service.

The General T&Cs lay down the terms and conditions applying to the provision and use of the BetrSign® Service for natural persons, the scope of these services, and the mutual rights and obligations of Service users and SETCCE d.o.o., registered office: Tehnološki park 21, Ljubljana, registration number: 1594389000, VAT ID number: SI 39705684, as the responsible provider and operator of the BetrSign® Service (hereinafter the “Provider”).

These General T&Cs constitute a legally valid and binding agreement between the Provider and BetrSign® users.

If the scope of Service defined with the General T&Cs does not meet the user’s requirements, the user should contact the Customer’s agent who shall suggest another means of signing.

II.    DEFINITION OF TERMS

The terms used in these General T&Cs shall have the following meanings ascribed to them:

• BetrSign® or the Service means a set of cloud services for the management of digital transactions, i.e. for the creation and management of electronic identities, the authentication of users, the management of electronic signature workflows, electronic signing (of documents), exchange (of electronic documents) and the electronic storage of completed documentary material, i.e. completed electronically signed business documents pursuant to the Regulation on electronic identification and trust services for electronic transactions in the internal market (Regulation (EU) No 910/2014 of 23 July 2014, hereinafter “eIDAS”) and the applicable national legislation in the Customer’s country which relates to electronic signing and electronic storage of documents in electronic form.   
• BetrSign Mobile App is an app that enables contactless reading of qualified digital certificates on an electronic identity card for the purpose of logging into information systems and signing electronic documents;.
• BetrSign® eID is a part of the BetrSign® Service, which functions as the provider of electronic identities in a cloud.
• BetrSign® POS is a part of the BetrSign® Service, which enables the capture of the user's signature at the point of sales using a signature pad or tablet under the supervision of the person authorised by the customer who performs the user identification before signing.
• BetrSign® RS  is a part of the BetrSign® Service which enables remote signing and covers those types of signatures where the signee is not present at the point of sale. The signature can be performed with a click (and a qualified electronic seal of the service), with the user’s local qualified certificate or as a signature with the user’s qualified certificate in a cloud. 
• BetrSign® Portal is a part of the BetrSign® Service which provides comprehensive IT support to the process for the digital transaction management process, from the step of preparing the signature workflow to the distribution of signed documents.
• Electronic identity card is a public document by which a citizen of the Republic of Slovenia proves his or her identity and citizenship. Electronic identity card also store means of electronic identification and qualified digital certificate for electronic signature.
• the Customer is any legal person or another business entity which uses BetrSign® Services against payment and agrees with the General T&Cs. A customer using Services for free during a trial period is also deemed a Customer.
• software means software owned by the Provider and installed on the physical equipment owned by the Provider and forming an integral part of BetrSign®. Third-party software used by the Provider or Customer shall be used in accordance with the applicable terms and conditions of the third party concerned.
• General T&Cs means the currently valid General Terms and Conditions for BetrSign® Users.
• transaction  means the transmission of a complete unit of documentary material (document, image, record and other) for electronic signature via BetrSign®. 
• the user means a physical or legal person or another business entity which or who receives, reviews, accepts, signs, approves or otherwise uses the Service, whereas the Customer ensures that the end user is acquainted with the use of the Service, which is used by the user through the Customer. 
• An audit trail is the visible trail of proof which allows information in claims or reports to be traced back to its source.

III.    SUBJECT OF THE SERVICE

By using the BetrSign® Service, the user shall be deemed to be acquainted with the General T&Cs. The cloud Service facilitates the management of digital transactions, i.e. for the creation and management of electronic identities, the authentication of users, the management of electronic signature workflows, electronic signing (of documents), exchange (of electronic documents) and the electronic storage of completed documentary material, i.e. completed electronically signed business documents.

IV.    PROVISION OF THE BetrSign® SERVICE

The SETCCE BetrSign® electronic signing Service is intended for the preparation and signature of documents which are electronically generated in the Customer’s business processes. To capture e-signatures, the SETCCE BetrSign® Service requires documents in PDF format with signature tags in the places to be signed. The tags shall specify the signee, the signing order and the location (who is to sign the document and where). 

The BetrSign® Service comprises the provision of services required for the following methods of electronic signing:

• BetrSign® POS – enables the capture of the user’s signature at the place of signing via a signature display or pad in the presence of the Customer’s authorised person who verified the user’s identity before signing;
• BetrSign® RS – enables remote signing and covers those types of signatures where the signee is not present at the point of sale. The signature can be performed with a click (and a qualified electronic seal of the service), with the user’s local qualified certificate, with qualified certificate on the user identity card or as a signature with the user’s qualified certificate in a cloud.

By using the BetrSign® Service, the user agrees to perform electronic signing by the means and under the conditions set out in these General T&Cs and using the method of signing determined by the Customer subscribed to the Service.

V.    TECHNICAL REQUIREMENTS FOR USING BetrSign®

To use the BetrSign® Service for remote signing, the user shall need an e-mail address, a personal computer or a mobile device (smartphone, tablet computer etc.) with internet access, producer-supported versions of web browsers and operating systems and an BetrSign® eID electronic identity. The Provider shall not be liable for the non-operation of BetrSign® on older versions of operating systems which are officially no longer supported by their producers. The BetrSign® Service may operate on older unsupported versions of browsers, but the appearance of pages may be incomplete or distorted. Another requirement for use is access to and submission of the user’s valid email address.

The Provider shall host the information system and back-up copies itself, or with subcontractors in the territory of the European Union. In the latter case, it shall provide the same guarantee for the subcontractors as if it provided the Services itself.

The provider also provides the following interfaces for working with qualified digital certificates:

• BetrSign® Mobile App,
• ProXSign® component.

a) Mobile App BetrSign®

The BetrSign® mobile app supports contactless reading of qualified digital certificates on an electronic ID card using the NFC protocol for the purposes of secure login to supported IT systems and for the electronic signing of documents. The mobile application is used as an interface to work with digital certificates and supports the business processes of the BetrSign® service customers. The BetrSign® mobile application also allows the user to retrieve, store and exchange the required personal data or attributes from the ID card for online authentication when using public and private web services, which is displayed on the screen and transmitted to the online service after validation. The mobile application provider shall keep the data with itself only until the transfer of the personal data has been completed. 

The user has full control over the data transmitted to the web service. The provider of the BetrSign® mobile application does not collect any data that is not necessary for the provision of the mobile application.

The app works on Android or iOS smartphones that support the NFC protocol and is available on Google Play, App Store and AppGallery.

b) Component SETCCE proXSign®

SETCCE ProXSign® is a desktop application and is part of the BetrSign® service. It allows electronic signing of documents with different types of qualified certificates from several qualified issuers, for example with a qualified digital certificate on a dedicated external medium (smart card, USB, electronic ID card) and web-based digital certificates stored in a web browser on the client.

VI.    LIMITATION OF LIABILITY AND USE

The Provider expressly prohibits any interference with the source code, reverse engineering, onward distribution, processing, reproduction, rental in return for payment or free-of-charge, sale or any commercial use of BetrSign® Services. 

Unauthorised or third parties are not permitted to use the Service unless this is otherwise agreed in these General T&Cs or another written agreement between the user and Provider. In the event of a breach or abuse the user may be subject to liability for damages or criminal liability. 

The user is obliged to provide true information when registering or logging in to use the Service. In the event that incomplete, incorrect or untrue information is given, or for other reasons, the Provider has the right to deny registration or login. The user shall ensure that all the information required to use the Service is true, correct, accurate and complete, otherwise the user shall indemnify the Provider for all the damage incurred.

VII.    USER’S LIABILITY

The BetrSign® Service may be used by the user exclusively for personal use.

The user guarantees that the personal data submitted is accurate and relates to the user. Users are not permitted to use offensive information or other information referring to hate speech. Under these General T&Cs the Service may be used by an adult with the capacity to contract or persons under the age of 18 with the consent of their legal representative or holder of parental responsibility. 

The user shall maintain the confidentiality of the means of electronic identification and use them in accordance with the guidance in these General T&Cs. In the event of an abuse of the BetrSign® Service or negligent conduct, the user may be subject to liability for damages or criminal liability.

The user may not authorise or hand over the means of electronic identification to other persons or in any other way enable the use of his or her means of electronic identification to other persons. If the above provision is breached, the user shall guarantee full liability for damages.

The user may not use the BetrSign® Service for illegal purposes.

The user may not acquire, collect or store the personal data of other users.

In the case of suspected abuse of the user’s means of electronic identification, the user shall immediately notify the Provider thereof to the electronic address support@betrsign.com. On the basis of this notification the Provider shall disable the use of the means of electronic identification.

VIII.    LIMITATION OF PROVIDER LIABILITY

Users shall use the Services at their own risk. The Provider does not guarantee uninterrupted operation of the Services. However, the Provider shall try to resolve any disruptions as soon as possible. The Provider reserves the right to suspend access to the BetrSign® Service for short periods of time for technical reasons, maintenance or to replace equipment. The Provider does not guarantee access to BetrSign® in the event of communication network outages or other outages, failures, other technical malfunctions or interruptions in third-party services (power supply, etc.) and force majeure.

The Provider shall not be liable to the user for any indirect or direct damage or deficiency that may be suffered by the user as a result of technical issues or the inability to use BetrSign®.

The Provider is not liable for damage incurred to the user as a result of the user having supplied the Provider with erroneous, false, incomplete or outdated data relating to the user.

The Provider shall not be liable for the malfunctioning of the Services caused by improper use or the user’s lack of knowledge. The Provider shall not be liable to the user for any incorrect entry of user data, and the Provider shall likewise not be held liable if the user has not protected the data he or she entered and prevented third parties from accessing the data in order to maintain their confidentiality.

The Provider shall under no circumstance be liable for damage, which may be suffered by the user due to lost, submitted or in any other way misused data and which was caused by the user, the Provider’s Customer or third parties.

In the event of an abuse of the BetrSign® Service the Provider may immediately restrict or terminate the user’s access to the BetrSign® Service.

IX.    PERSONAL DATA PROTECTION

For the purposes of providing the BetrSign® Service, the Provider shall process, store and obtain from the Customer, which acts as the controller, the personal data of the user and thus act as the personal data processor. The Provider shall process personal data in accordance with applicable legislation on the protection of personal data. The Provider shall store the personal data until the purpose has been revoked or the right to erasure has been exercised. In these General T&Cs the user shall be considered an individual or natural person as defined in personal data protection legislation.

The Customer from which the Provider obtains personal data shall ensure that it has an admissible legal basis for the processing of the personal data collected pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) and other applicable legislation governing personal data protection. The Customer represents that the personal data that it submits to the Provider for processing is collected on the basis of at least one of the following conditions: the personal consent of the data subject or/and the performance of a contract with the data subject or/and the fulfilment of a legal obligation. Should the Customer submit to the Provider personal data that the Customer acquired in a manner inconsistent with the GDPR or other applicable personal data protection law, the Provider shall not be held liable.

The collected personal data shall not be shared with third parties or to other organisations without notifying this to the Customer who is the data controller. 

The list of sub-processors performing specific tasks related to data processing on behalf of the Provider is given in Appendix 1 to these General T&Cs. The processor shall ensure that the sub-processors comply with the provisions of Paragraphs 2 and 4 of Article 28 of the GDPR, and have put in place technical and organisational measures that satisfy the GDPR and the General T&Cs.

As the personal data processor, the Provider undertakes to treat all collected personal data with care and to process it solely for the purposes for which it was originally obtained.

For the purpose of using the BetrSign® Service, the Provider shall process the categories of personal data submitted by the Customer in its documents and the personal data entered by the user himself or herself in registration/login forms. Personal data may vary and shall depend on the content of the documents, and shall not be stored in structured form by the Provider. In all cases the Provider shall process the following personal data of the user: name, surname, email, telephone number and country (for one-time password purposes) and information included in the audit trail as set out in Section XI. 

The types of personal data processed by the provider in the context of the mobile application are:

• For contactless reading of qualified digital certificates on electronic ID cards: first name, last name and CAN code,
• For the purpose of transferring personal data to another business entity (depending on settings): first name, last name, gender, date of birth, nationality, nationality, EMN, document type, document number, validity date.

The Provider technically allows the data from the user's ID card to be transferred to another business entity or customer on the basis of the user's prior consent. The customer who obtains the personal data is responsible for the further processing of the personal data in accordance with the applicable data protection legislation. 

The application shall also allow the user to view the holder's data contained in the individual identity card:

• first and last name,
• the serial number of the identity card,
• Unique Master Citizen Number,
• date of birth,
• gender,
• expiry date of the identity card,
• nationality, and
• details of the holder's digital certificates on the electronic identity card:
• type of digital certificate,
  • the issuer,
  • serial number, and
  • the validity of the digital certificate.

This information shall be displayed to the application user on request and shall not be stored in the application. All data processed within the BetrSign® Mobile App are processed solely on the mobile device the user. None of the data contained in the mobile application are not transferred to any other information system unless the individual explicitly requests it (for example use of the Mobile App to log in to the BetrSign® online service, for an electronic signature).

Pursuant to applicable legislation the user may – during the period of personal data processing – exercise the right to or of:

• access,
• rectification,
• portability,
• object,
• restrict and
• erasure of the submitted personal data.

The Provider shall ensure the exercise of the user’s rights in connection with personal data processing on the basis of a request from the Customer. The user shall send requests related to the exercise of rights to the designated email address or the Customer’s address. 

When there is a reasonable doubt in connection with the identity of the user submitting a request in connection with any of his/her rights, the Provider or Customer may request additional information necessary to establish the identity of the user associated with the personal data.

Users also have the right to lodge a complaint directly with the Information Commissioner if they believe that the processing of their personal data breaches Slovenian regulations or EU regulations in the area of personal data protection. The user can submit a complaint to the Information Commissioner, Dunajska 22, 1000 Ljubljana, e-mail: gp.ip@ip-rs.si, website: www.ip-rs.si.

The Provider as the personal data processor under these General T&Cs shall not make decisions which would be based solely on automated data processing and which would include profiling and have legal or similar effects for the users.

The Provider provide the hosting of the IT system and the backups itself or through subcontractors within the territory of the European Union, for which it shall provide a guarantee as if it had provided the services itself.

X.    INFORMATION SECURITY

The provision of the Service that is the subject of these General T&Cs includes the processing and storage of personal data the disclosure and abuse or negligent handling of which could result in damage to the user. The Provider shall safeguard all data and provide for adequate resources and measures to prevent abuse and unauthorised access to data. Persons engaged in the provision of Services shall undertake to uphold data security and confidentiality. 

The Provider undertakes to provide all the services professionally and properly in accordance with the regulations on the handling of confidential information. When providing the Services, it shall be the Provider’s responsibility to ensure that no abuse of the user’s personal data or confidential information occurs. The Provider shall ensure this through consistent adherence to the applicable laws regulating this area, and compliance with best practice standards and guidelines, and by-laws and internal procedures.

The Customer is the owner and manager of all personal data, and is responsible for its protection in accordance with the applicable laws.

The Provider shall ensure the security of data processing and storage in accordance with the Provider’s organisational measures, which include all the organisational, technical, logical-technical procedures and measures required to ensure information security and the protection of data and trade secrets. The Provider shall have in place the Information Security Management System under the ISO/IEC 27001 standard.

Communication between the Provider and user may include private data of the user. Confidential data shall include all material, messages and information marked as confidential or which would be considered confidential in customary situations. If the user receives confidential information, the user may not disclose it to third parties without prior consent of the Provider.

XI.    AUDIT TRAIL

An audit trail is the visible trail of proof which allows information in claims or reports to be traced back to its source. The Provider shall manage the audit trail to prove the traceability of business events. The Provider shall ensure that the audit trail is unchanged, transparent and confidential. If so agreed with the Customer, the Provider may enable the export of the entire audit trail for an individual transaction.

The Provider shall process the following data for the purpose of audit trail management:

• event ID,
• signee ID,
• username,
• type of event (e.g. creating a transaction, completing a signature, transaction archiving etc.),
• date and time,
• event success,
• transaction name,
• additional information (e.g. type of signature, type of login etc.),
• process status (e.g. transaction is loading, transaction is signed, archived, completed),
• IP address.

XII.    TERMINATION OF SERVICE PROVISION

After an individual transaction is completed, the Provider shall erase all documents related to the transaction which contain personal data, no later than 70 days from their receipt.

All personal data shall be erased or returned to the Customer by the Provider at the instruction of the Customer, and in any case after the expiry of their contractual relationship, within 70 days of the instruction being received or the termination of the contractual relationship, unless another law prescribes the storage of the personal data. The Provider shall irreversibly destroy any copies of personal data by the deadline referred to in the preceding paragraph, unless required to store the data for longer by law.

XIII.    BREACH OF THE GENERAL T&Cs

The Provider reserves the right to disable access to the BetrSign® Service for users who are in breach of or fail to comply with the General T&Cs. If the actions of users incur any damage to the Provider they shall fully indemnify the Provider for that damage. Any breaches of General T&Cs may also be subject to criminal prosecution.

Any violations in the use of BetrSign® committed by other users may be notified to the Provider by email at support@betrsign.com or with a letter sent to the registered office address of SETCCE d.o.o., Tehnološki park 21, 1000 Ljubljana.

XIV.    INTELLECTUAL PROPERTY RIGHTS

All data and information, the visual appearance, corporate identity, marks, trademarks and logos which comprise or are components of BetrSign® Services are owned or held by the Provider and are subject to copyright and/other rights of protection of industrial property as set out in applicable legislation governing protection of copyrights and industrial property rights. By using or accessing the Services the user shall obtain only the non-exclusive, time-limited and non-transferrable right to use the BetrSign® Service, whereby the user may not use the Service for any purpose that is inconsistent with these General T&Cs or for another potentially commercial purpose.

XV.    FINAL PROVISIONS

Any dispute between the Provider and user shall be resolved amicably. If the parties fail to resolve a dispute amicably, the dispute shall be resolved before the court of subject-matter jurisdiction in Ljubljana.

Should any of the provisions of the General T&Cs be or become void, this shall not affect the remaining provisions of the General T&Cs. The void provision shall be replaced with a valid provision that corresponds to the greatest extent possible to the original aim of the void provision.

The Provider reserves the right to modify or amend these General T&Cs at any time, in which case the Provider’s obligation to notify users about any modification or amendment shall be deemed fulfilled by posting the new General T&Cs on the Provider’s website. The new General T&Cs shall take effect on the date they are posted on the Provider’s website or on the date which is specified in the new General T&Cs as the effective date subsequent to posting. 

SETCCE d.o.o.

These General T&Cs shall enter into force on December 21, 2022.

Appendix 1: List of sub-processors

Name  of sub-processor	Address  of sub-processor	Registration number	Purpose of processing activity
ZupO d.o.o.	Zaboršt pri Dolu 11b. 1262 Dol pri Ljubljani	1518976000	backup copying
ZZI d.o.o.	Pot k sejmišču 33, 1231 Ljubljana - Črnuče	5366569000	long-term storage of electronic documents (eHramba.si® Service) – if the Customer orders the eHramba.si® Service