Relying Party Agreement

Digi-Sign Relying Party Agreement ("Agreement")

Please read this document carefully before proceeding. You must not validate, rely on or use a Digi-Sign issued Digital Certificate or access or use Digi-Sign's Repository or any Service provided by Digi-Sign before reading and accepting the terms of this Relying Party Agreement and reading and understanding the Digi-Sign Certification Practice Statement. In any event you will be deemed to have accepted the terms of this Agreement if you validate, rely on or use a Digital Certificate, access or use Digi-Sign's Repository or use the Digi-CA™ Service or Digi-CA™ Server.

1. Application of Terms
1.1 These terms and conditions set out in this Agreement govern the relationship between you (the "Relying Party") and Digi-Sign Limited ("Digi-Sign") with regard to the Relying Party's:
1.1.1 validation, reliance on or use of a Certificate and the information and public key contained within for purpose of verifying a Digital Signature and decrypting a message set out in that Certificate; and
1.1.2 access and use of the Repository.
1.2 By accessing a Certificate or the Repository, the Relying Party consents to the terms and conditions in this Agreement and is deemed to have read and understood the CPS.

2. Definitions
2.1 In this Agreement the following terms and expressions shall have the following meanings:
2.1.1 "Business Day" means Monday to Friday inclusive excluding any days on which the banks in Dublin are closed for business (other than for trading in Euros);
2.1.2 "Certificate Chain" means the chain of Digital Certificates which may arise due to the issuing of a Digital Certificate by a Subordinate Certification Authority.
2.1.3 "CPS" and "CPS"means the certification practice statement released by Digi-Sign as amended from time to time;
2.1.4 "CRL" means Digi-Sign's certificate revocation list;
2.1.5 "Digital Certificate" means an encrypted electronic data file (conforming to the X.509 version 3 ITU-T standard) issued by Digi-Sign in order to identify a person or entity or to provide SSL encryption using a Digital Signature or entity and which contains the identity of the person authorised to use the Digital Signature and a copy of their Public Key, a serial number, a time period during which the Digital Certificate may be used and a Digital Signature issued by Digi-Sign
2.1.6 "Digital Certificate Subscriber Agreement" means the agreement entered into between Digi-Sign and the Subscriber for the provision of a Digital Certificate;
2.1.7 "Digital Signature" means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using means that the signatory can maintain under its sole control and is linked in a way so as to make any subsequent changes that have been made to the electronic data detectable;
2.1.8 "Force Majeure Event" means any circumstances beyond the reasonable control of Digi-Sign including without prejudice to the generality of the foregoing any natural disaster, act or regulation of any governmental or supra-national authority, lack or shortage of materials supplied by a third party (other than where such circumstances arise due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or riot;
2.1.9 "Prescribed Details" means the following details:
(a) indication that Digital Certificate is issued as a "qualified certificate";
(b) Digi-Sign's name and state of establishment;
(c) name of Subscriber or Subscriber's pseudonym (to be identified as such);
(d) provision for inclusion of a specific attribute of Subscriber, if relevant and depending on purpose of Certificate;
(e) Public Key corresponding to the Private Key under the control of the Subscriber;
(f) indication of the beginning and end period of validity of the Digital Certificate;
(g) identity code of the Digital Certificate;
(h) Digi-Sign's Digital Signature;
(i) limitations on the scope of use of the Certificate, if any; and
(j) limitations on the value of transactions for which the Certificate can be used, if any.
2.1.10 "Private Key" means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, encrypt and decrypt files or messages and provide proof of identities to access secure websites;
2.1.11 "Public Key" means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures, encrypt and decrypt files or messages and verify identities to access secure websites;
2.1.12 "Repository" means a publicly available collection of databases for storing and retrieving Digital Certificates, CRL's and other information relating to Digital Certificates and which may be accessed via Digi-Sign's website;
2.1.13 "Subscriber" means a person who is issued a Digital Certificate signed by Digi-Sign and who has entered into a Digital Certificate Subscription Agreement;
2.1.14 "Subordinate Certification Authority" means Digi-Sign or any third party appointed by Digi-Sign to act as a certification authority;
2.2 in this Agreement unless otherwise specified;
2.2.1 references to clauses and schedules are to clauses of, and schedules to, this Agreement;
2.2.2 use of any gender includes the other genders;
2.2.3 references to a "person" shall be construed so as to include any individual, firm, company or other body corporate, government, state or agency of a state, local or municipal authority or government body or any joint venture, association, partnership or limited partnership (whether or not having separate legal personality);
2.2.4 a reference to any statute or statutory provision or regulations shall be construed as a reference to the same as it may have been, or may from time to time be, amended, modified or re-enacted;
2.2.5 any reference to a "day" (including within the phrase "Business Day") shall mean a period of 24 hours from midnight to midnight;
2.2.6 subject to clause 16, references to "indemnifying" any person against any circumstance include indemnifying and keeping him harmless from all actions, claims and proceedings from time to time made against him and all loss, damage, payments, cost or expenses suffered made or incurred by him as a consequence of that circumstance;
2.2.7 a reference to any other document referred to in this Agreement is a reference to that other document as amended, varied, novated or supplemented (other than in breach of the provisions of this Agreement) at any time;
2.2.8 headings and titles are for convenience only and do not affect the interpretation of this Agreement;
2.2.9 general words introduced by the word "other" shall not be given a restrictive meaning by reason of the fact that they are preceded by words indicating a particular class of acts, matters or things; and
2.2.10 references to "€" are to Euros and reference to any amount in such currency shall be deemed to include reference to an equivalent amount in any other currency.

3. Relying Party Obligations
3.1 In consideration of being permitted access to and use of the Repository and access to, use of and reliance on, a Digital Certificate Service the Relying Party agrees to do the following prior to relying upon a Digital Certificate:
3.1.1 where the Digital Certificate is issued by a third party, verify the Certificate Chain to ensure that the third party is a Subordinate Certification Authority and that the Digital Certificate was issued in accordance with the policies set out in the CPS;
3.1.2 check the Repository to ensure that the Digital Certificate is valid and operational; and
3.1.3 take any other steps which would be reasonable for the Relying Party to take in the given circumstances.
3.2 The Relying Party agrees not to use the Digital Certificate for any purpose other than the purpose set out in the relevant section of the CPS for that particular class and type of Digital Certificate and to comply with the policies and procedures set out in the CPS.

4. Digi-Sign Obligations
4.1 Digi-Sign agrees to :
4.1.1 update the CRL and Repository by registering all revocations of Digital Certificates used for SSL which have been made by Digi-Sign or notified to Digi-Sign by a Subscriber within the 34 hours immediately preceding the time of update in the CRL and Repository; and
4.1.2 validate information provided by each Subscriber on the Digi-Sign enrolment form prior to issuing a Certificate containing that information using the methods set out in the table at Section titled "Validation of Certificate Applications" of the CPS.

5. Relying Party Acknowledgements
5.1 The Relying Party acknowledges that:
5.1.1 the CRL is updated by Digi-Sign and therefore does not contain a real time record of all SSL Digital Certificate revocations.
5.1.2 the security or integrity of a Private key which corresponds to a Public key contained in a Digital Certificate may be compromised due to an act or omission of a third party which has not been authorised by Digi-Sign and agrees that Digi-Sign shall not be liable to the Relying Party for any losses suffered by the Relying Party as a result of such compromise;
5.1.3 Digi-Sign relies upon authorisation records, government records, third party business databases and domain name services to validate information contained in Digital Certificates and agrees that Digi-Sign shall not be liable for loss suffered by the Relying Party as a result of inaccuracies or deficiencies contained in those records or databases or inaccurate information supplied by providers of domain name services or any other third party; and
5.1.4 Digi-Sign performs differing degrees of validation of information in Digital Certificates depending on the level of warranty attached to the Digital Certificate and its intended use and agrees to take these factors into consideration when deciding whether or not to rely on a Digital Certificate.

6. Amendments to the CPS
Digi-Sign reserves the right to amend any section of the CPS at any time without prior notice to the Relying Party, including without limitation, the section of the CPS that sets all the validation procedures for Digital Certificates.

7. Repository
The Repository is made on as "as is" and "as available" basis over publicly accessible networks and Digi-Sign cannot be responsible for any failures in such network that may cause the Repository to be unavailable. Digi-Sign excludes any warranty as to the availability of the Repository and reserves the right to exclude access to or close the Repository without notice at any time.

8. Exclusion of Warranties
Save as expressly provided under this Agreement all other warranties either expressed or implied are hereby excluded to the fullest extent permissible by law.

9. Termination
9.1 This Agreement shall commence on the date hereof and shall continue in force until terminated by Digi-Sign in accordance with the provisions of clause 9.2 below.
9.2 Digi-Sign may terminate this Agreement for convenience at any time and for any reason and will notify the Relying Party of such termination in accordance with Clause 14 of this Agreement.

10. Consequences of Termination
10.1 If this Agreement is terminated by Digi-Sign in accordance with clause 9 above, the Relying Party shall not, from the date of such termination:
10.1.1 use or access the Repository; or
10.1.2 use, access or rely on a Digital Certificate or any Service provided by Digi-Sign, and Digi-Sign's obligations under this Agreement shall cease.

11. Limitation of Liability
11.1 Nothing in this Agreement shall exclude or limit either party's liability:
11.1.1 for death or personal injury resulting from the negligence of such party or its directors, officers, employees, contractors or agents (if any); or
11.1.2 in respect of fraud or of any statements made fraudulently by such party.
11.2 Subject to clause 11.1, Digi-Sign shall not be liable to the Relying Party whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Digi-Sign shall be liable to the Relying Party in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Digi-Sign's maximum liability to the Relying Party for SSL Certificates shall be limited to
11.2.1 €0.01 for a Trial Digi-SSL™ Certificate, and
11.2.2 €0.01 for a Digi-SSL™ Xs Certificate,
11.2.3 €10,000 for a Digi-SSL™ Xp Certificate and Digi-SSL™ Xg Certificate, and
11.4 Subject to clause 11.1, Digi-Sign shall not be liable to the Relying Party whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential.
11.5 The Relying Party acknowledges that limitations on the use of the Certificate and limitations on the value of transactions for which the Certificate can be used are set out in each Certificate and agrees that Digi-Sign shall not be liable for any loss incurred (subject to clause 11.1 above) by the Relying Party from use of the Certificate which exceeds these limitations.
11.6 The parties acknowledge and agree that the limited warranty and limited liability set forth in this clause 8 are fundamental terms of this Agreement and are fair and reasonable having regard to the relationship between the parties and the benefits received by the Relying Party and obligations imposed on Digi-Sign under this Agreement.

12. Force Majeure
Digi-Sign shall not be liable for any breach of its obligations under this Agreement resulting from a Force Majeure Event.

13. Waiver
The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.

14. Notices
14.1 Notices to Digi-Sign
Any notice, request, instruction or other document to be given to Digi-Sign under this Agreement shall be delivered or sent by first class post or by facsimile transmission (such facsimile transmission notice to be confirmed by letter posted within 12 hours) to the address or to the facsimile number of Digi-Sign set out in this Agreement (or such other address or numbers as may have been notified to the Relying Party in writing) and any such notice or other document shall be deemed to have been served (if delivered) at the time of delivery (if sent by post) upon the expiration of 48 hours after posting or (if sent by facsimile transmission) upon the expiration of 12 hours after dispatch. The address for Digi-Sign Limited is Sidthorpe Lane, Dublin 4, Ireland, Tel: +353 (1) 685-3687, Fax: +353 (1) 685-3688 to be marked for the attention of The Digital Certificate Subscriber Agreement Administrator.
14.2 Notices to Relying Party
Any notice, request, instruction or other document to be given to the Relying Party under this Agreement shall be posted on Digi-Sign's website, situated at www.digi-sign.com in the section "Repository" and shall be deemed to have been served at the time of entry of the notice on Digi-Sign's website.

15. Invalidity and Severability
If any provision of this Agreement (not being of a fundamental nature to its operation) shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable the invalidity or unenforceability of such provision shall not affect the other provisions of this agreement and all provisions not affected by such invalidity or unenforceability shall remain in full force and effect. The parties hereby agree to attempt to substitute for any invalid or unenforceable provision a valid or enforceable provision which achieves to the greatest extent possible the economic, legal and commercial objectives of the invalid or unenforceable provision.

16. Entire Agreement
16.1 This Agreement and all documents referred to herein contain the entire and exclusive agreement and understanding between the parties on the subject matter contained herein and supersedes all prior agreements, understandings and arrangements relating thereto. No representation, undertaking or promise shall be taken to have been given or implied from anything said or written in negotiations between the parties prior to this Agreement except as may be expressly stated in this Agreement.
16.2 Without prejudice to any liability for fraudulent misrepresentation, no party shall be under any liability or shall have any remedy in respect of misrepresentation or untrue statement unless and to the extent that a claim lies for breach of this Agreement.

17. Assignment
Neither party may assign or transfer or purport to assign or transfer a right or obligation under this Agreement without first obtaining the other party's written consent.

18. Variation
18.1 Any variations to this Agreement required by law shall take effect immediately. Digi-Sign shall provide written notice of such a variation to the Relying Party.
18.2 Subject to Clause 18.1, Digi-Sign may vary any term of this Agreement at any time on the provision of 20 Business Days written notice to the Relying Party of the variation.

19. Governing Law and Jurisdiction
This Agreement and all matters arising from or connected with it, are governed by and shall be construed in accordance with Irish law and the parties hereby submit to the non-exclusive jurisdiction of the Irish courts.

This relying party agreement was last updated on 28 April, 2008.