Terms of service

Use of the Electronic Signature Service proposed by the Service Provider implies acceptance of the Terms. Any stipulation to the contrary that has not been accepted in writing by the Service Provider shall be deemed not to have been written. The General Terms of Purchase of the Client are unenforceable against the Service Provider, even if they are attached to a quotation or an order form issued by the Client and relating to the Electronic Signature Service proposed by the Service Provider.

1. Definitions

Client: A natural or legal person acting in their capacity as a professional and wishing to use the Electronic Signature Service to electronically inform, validate, sign or arrange the signature of Documents electronically.

Authentication: Process designed to verify the claimed identity of the Signatory.

Certification Authority (CA): The Authority that issues Digital Certificates.

Third Party Certification Authority (Third Party CA): Certification Authority issuing Digital Certificates, but not acting under the control and responsibility of the Service Provider.

Address Book: The List of Signatories associated with the Client Account, including identification data (first name, last name, email address, mobile phone number, etc.).

Digital Certificate: digital certification that associates the validation data for an electronic signature with a natural person and confirms at least the name of this person.

Digital Certificate on a Cryptographic Device: Digital Certificate on a physical cryptographic device held by the Signatory, issued by a Certification Authority that is a third party to the Contract and enabling the production of Electronic Signatures.

Document(s): Electronic document (contract, rider, subscription form, etc.), to be validated or signed using an Electronic Signature.

Personal Data: means any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more pieces of information specific to them.

Evidence Folder: compressed and sealed folder generated by the Electronic Signature Service containing all the factual elements enabling the recreation of the electronic signature process (contracts, appendices, logbook, etc.). It also contains the readable document summarising the transaction information and events, known as the “Evidence File”.

eIDAS (European Regulation): REGULATION (EU) no. 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing the directive.

Days: When a term is defined with respect to the number of days covered without express stipulation, these days are defined as calendar days and the term expires on the last day of the defined term. The term applicable begins the day after the event that is the trigger of the start of the term.

Months: Except for provisions to the contrary, when the term is set in months, it runs from the calendar date determined to the same calendar date of the following month. If there is no equivalent calendar day in the month of expiry of the term, it shall expire on the last day of that month. When the last day of the term falls on a Saturday, Sunday or a holiday or non-working day, the term is extended to the end of the next working day.

One Time Password (OTP): single-use password.

Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and methods of the Processing.

Electronic Signature Service: refers to the service provided by the Service Provider to the Client, enabling it to inform, validate and sign documents, by means of an Electronic Signature combined with a Digital Certificate.

Signatory: Natural person who signs or who has signed a Document using the Electronic Signature Service, whose identification data (first name, last name, email address, mobile phone number, etc.) will have been recorded in the Address Book associated with the Client Account.

Electronic Signature: All data in electronic form which is attached to, or logically associated with, other data in electronic form and which the Signatory uses to sign.

Electronic Signature without Identity Verification: an electronic signature provided without the identity of the Signatory having been verified in compliance with the conditions of the “eIDAS” Regulation no. 910/2014 of 23 July 2014. When an Electronic Signature is used without Identity Verification, Signatory Authentication is carried out by the Client under its responsibility. An Electronic Signature without Identity Verification, as implemented in the Service Provider’s Electronic Signature Platform, is based on a Qualified Electronic Stamp, an electronic Timestamp, and a dual-factor OTP-type Authentication (optional). The identity of Signatories is verified under the Client’s responsibility.

Advanced Signature with Identity Verification: an electronic signature provided in compliance with the conditions of the “eIDAS” Regulation no. 910/2014 of 23 July 2014. The signatory’s identity has been verified beforehand remotely by a remote identity verification service provider who is a partner of the Service Provider, in accordance with its identity verification policy. The Advanced Signature with Identity Verification is suitable for most cases that do not require a Qualified Signature.

Qualified Signature: an electronic signature provided in compliance with the conditions of the “eIDAS” Regulation no. 910/2014 of 23 July 2014. The identity of the signatory has been verified at an in-person meeting, in compliance with the procedures set out by the Certification Authority. The Qualified Signature is deemed to be reliable and is suitable for cases where strong probative value is required, such as the signing of legal deeds.

Qualified Electronic Stamp: a legal person electronic stamp provided in compliance with the conditions of the “eIDAS” Regulation no. 910/2014 of 23 July 2014. The legal person affixing the stamp has been authenticated in advance, in compliance with the procedures set out by the Service Provider.

Data Processor: refers to the natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.

Processing: refers to any operation or set of operations performed on Personal Data or sets of Personal Data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

1. Purpose of the service

The purpose of the General Terms of Use is to set out the terms of use by the Client and the procedure by which the Service Provider provides the Electronic Signature Service.

The Service Provider provides the Client with a procedure, covered by these Terms of Use, enabling the Client to inform, validate and sign contracts electronically, by means of an Electronic Signature associated with a Digital Certificate issued for the signature of one or more Documents.

1. Description of the Electronic Signature Service

The Electronic Signature Service enables the Client to:

• Publish and generate Documents from templates combined with business rules and data;
• Send or present Documents for approval or signature to Signatories;
• Sign Documents or have them signed within the meaning of the eIDAS European Regulation, using an electronic procedure;
• Consult signed Documents;
• Inject business data from other systems, entered by users or Signatories, into Documents, and mine these data manually or automatically;
• Gather documents or information related to Documents from Signatories;
• Schedule signature campaigns to have a large number of Documents signed by different Signatories automatically;
• Connect other information systems upstream or downstream of actions to trigger transactions or retrieve their results;
• The Electronic Signature Service enables the following, depending on the options subscribed to by the Client:
• Electronic Signatures without Identity Verification: the verification of the identity of Signatories is the sole responsibility of the Client
• Advanced Signatures with Identity Verification: automated verification by a remote identity verification service provider allows an assessment of the level of reliability of each signatory’s identity, but with no guarantee of authenticity.
• Qualified Signatures: to produce a signature, each Signatory must have a Digital Certificate on a Cryptographic Device qualified within the meaning of the “eIDAS” Regulation no. 910/2014 of 23 July 2014 and issued by a Certification Authority. The verification of the Identity of Signatories is the sole responsibility of the Certification Authority that issued the Digital Certificates.

1. Acceptance and modification of the Terms of Use

The Client must expressly and unreservedly accept these General Terms of Use of the Electronic Signature Service (GTU) prior to using the Service. Any Client not wishing to accept these GTU must abstain from accessing the Electronic Signature Service.

The Service Provider reserves the right to modify the terms, conditions and references of these GTU, in order to ensure compliance with the “eIDAS” Regulation no. 910/2014 of 23 July 2014.

1. Prerequisites and providing of the Electronic Signature Service

The service relates to the in-person (mobile applications) electronic signature of documents, or online electronic signature of documents, in line with the Client order, as well as access to the administrative dashboard for signed contracts and to the related shared portal.

In order to access the Electronic Signature Service, the Client and the Signatory must have:

• a terminal (PC, cellphone, tablet, etc.),
• giving them access to the Internet,
• enabling them to receive an OTP sent by text, email, etc.,
• a browser,
• access to the Internet,
• to produce Qualified Signatures: of a Digital Certificate on a Cryptographic Device. The certificate and the cryptographic device must be Qualified within the meaning of the “eIDAS” Regulation no. 910/2014 of 23 July 2014, and the Certification Authority issuing the Digital Certificate must have been accepted by the Service Provider prior to any use. The list of Certification Authorities accepted by the Electronic Signature Service is available on request.

1. Providing of and access to the Electronic Signature Service

Use documentation relative to the IT applications is available, specifically, online.

The Service Provider will provide start-up support services as presented in the order form, relative to defining settings for features and hosted IT applications. Upon signature of this document and conditional on receipt of the related payments for the services requested, the Service Provider shall provide the Client with an identifier to enable them to access the service via the portal. Upon first use, each user will receive an email from the Service Provider to confirm the validity of the email address. The Client can then set their own password. Use of the SaaS services equates to acceptance of such services. The identification of the Client or the user using the identifier provided or their email address as well as the password chosen by the Client is irrefutable proof of the actions carried out by the latter using this identifier and password. The Service Provider assigns a disk space quota to the Client dedicated to hosting content. The volume of this disk space is defined in the order form or, by default, is set at 5 Gigabytes. The Client may order additional storage space. Any additional use of disk space in excess of the quota may be automatically invoiced at the full current pricing. At the Client’s request, the Service Provider may provide training services to users. All fees and charges shall be invoiced to the Client based on the latest annual catalogue of the Service Provider’s services as of the date of the request. If the Client requests the related service (designated encrypted database), the Service Provider undertakes to quantify the data and the documents.

The Client’s identifiers and passwords for all users are confidential, unique and personal. The Client alone is responsible for their use.

The Client undertakes to ensure that each user keeps their chosen password secret. The Service Provider authorises one connection per identifier and per password. In the event of loss or theft of the password, the Client or the User undertakes to change the password using the feature for such cases.

The Service Provider undertakes to provide remote access to the IT applications 24/7. The Service Provider nevertheless reserves the right to restrict access to the services, either partially or fully, to ensure the maintenance, in line with the planned framework, of its IT systems and infrastructure necessary for the provision of the services. As far as possible, the Service Provider shall endeavour to ensure the IT applications are not unavailable for an excessive period of time. The Service Provider may suspend the server connection or the accessibility of the hosted content at any time if the Client fails to fulfil its obligations, particularly if it seems that the hosted content constitutes a threat to the security of the Service Providers’ network, given the current state of the art. If the Service Provider is obliged to take measures to secure, back up and/or reinstall the Server, other equipment in its network, or software, due to the risk created by the Client’s content hosted by the Service Provider, these services may be invoiced to the Client.

In the event of Client non-compliance with its obligations, the Service Provider reserves the right to automatically suspend access to the Electronic Signature Service without notice.

1. Obligations of the parties

The Service Provider undertakes:

• to implement and maintain, for the operation of the platform, the computer processes and hardware guaranteeing the legal value of the Documents signed via the Electronic Signature on the platform,
• to introduce all appropriate means to guarantee the security, integrity and confidentiality of the content transiting the platform,
• to inform the Client of, and advise them on, the main signature levels and their uses. However, the Service Provider shall not make any commitments as to the compliance of the services that it provides with “business” regulations applicable to the Client.
• to assist the Client and its Counsel, in the event of legal proceedings related to the validity of the Electronic Signatures produced through the Electronic Signature Service. Notably, the Service Provider undertakes to provide the Client with the Evidence Folder for each signature, in accordance with the Evidence Management Policy available on request and accessible from the Electronic Signature Service
• The Client undertakes:
• to actively collaborate with the Service Provider and provide it with any information enabling the latter to understand its needs,
• to verify that it is not subject to obligations requiring specific Electronic Signature levels or types,
• to use the Electronic Signature Service in accordance with its purpose and in compliance with these GTU and the applicable legal and regulatory provisions,
• to check the information entered when Electronic Signature transactions are created, particularly the identity, email address and mobile phone number of each Signatory.
• to read and accept the Service Provider’s evidence management policy and, where applicable, the Certification Authority’s certification policy, the remote identity verification service provider’s identity verification policy and the archiving policy of the trusted third party referred to in the order form. The various policies are available on request.

1. Agreement on proof

The Client expressly agrees that any Document signed in a paperless manner by means of the Electronic Signature Service, in compliance with these General Terms of Use, constitutes the original of the Document. Consequently, the Document will have the same probative value as a paper document bearing a handwritten signature, will be opposable to the Client and the Signatory and may be produced in court as literal evidence.

In order to be able to produce the Electronically Signed Document in court, the Client may be required to provide proof of verification of the Signatory’s identity information, such as their first name(s), last name(s), email address and mobile phone number, used to create the Electronic Signature. For the Electronic Signature without Identity Verification, the Service Provider recommends that the Client perform a verification of the Signatory’s valid identity document prior to registration of the Signatory on the Electronic Signature Service.

The Client accepts that the transactions concluded and archived by the Service Provider in whole or in part, within the framework of the Electronic Signature Service, proofs of connection, audit trails, supporting documents and emails, are admissible before the Courts and are proof of the data and elements they contain.

1. Personal data

9.1. Personal data processed by the Certification Authority for the issuing of Certificates

Personal Data collected by the Certification Authority is essential for performing the contract, in compliance with applicable regulations, in particular Regulation (EU) 2016/679 of 27 April 2016. The Data Controller is the Certification Authority issuing the Digital Certificates required for the Electronic Signature of Documents.

The purpose of the processing is to manage the life-cycle of Digital Certificates and Electronic Signatures, the accompanying technical support and, where applicable, invoicing. Personal Data collected by the Certification Authority shall be kept for the period prescribed by the Certification Policy. The Personal Data collected is processed and hosted in France and within the European Union. Processed Personal Data is intended for the internal departments of the Certification Authority and for any data processors.

Data subjects have a right of access, rectification, erasure, restriction of processing, opposition and right of portability under the conditions set out in Regulation (EU) 2016/679 of 27 April 2016, as well as the right to issue instructions for the storage, erasure and disclosure of their Personal Data after their death. Data subjects can exercise these rights by contacting the Service Provider by post at the following address: “Oodrive[DR1], DPO, 26 rue du Faubourg Poissonnière, 75010 Paris, France or at privacy@oodrive.com. Any requests must be accompanied by a photocopy of a valid ID document of the data subject concerned. Data subjects have the option of lodging a complaint with the Certification Authority’s Data Protection Officer (DPO) by contacting privacy@oodrive.com or, where applicable, with the supervisory authority.

9.2. Processing performed by the Client

The Client may integrate the Electronic Signature Service into its own personal data processing. In this respect, the Client is the Data Controller and the Service Provider is the Client’s Data Processor. The service provided by the Service Provider consists of hosting and offering an Electronic Document Signature Service in SaaS (Software as a Service) mode, using the Personal Data of the Signatories and the Client’s agents who are users of the Electronic Signature Service.

The Service Provider and the Client undertake to comply, in their Processing of Personal Data, with laws pertaining to personal data protection, and in particular Regulation (EU) 2016/679 on data protection (hereinafter, the “GDPR”).

The Service Provider undertakes to process Personal Data in accordance with these GTU and, where applicable, any documented instruction issued by the Client, without making any personal use of such data, and to process such data faithfully and lawfully, in accordance with the principles set out in Articles 5 and 6 of the GDPR, and to protect the confidentiality of such data.

The Service Provider undertakes to assist the Client in enabling the latter to respond to any request to exercise rights from any persons concerned, and/or any request for information from supervisory authorities, administrations or jurisdictions authorised to make such a request.

The Service Provider shall, in particular, within a maximum of ten (10) business days with effect from the Client’s request, provide any information required and carry out any measures to enable the Client to satisfy a request to exercise rights from a person affected by the Processing, in accordance with Articles 12 to 20 of the GDPR.

The Service Provider undertakes to inform the Client as soon as possible of any request sent directly to it, and more generally of any event affecting the Personal Data Processing, and to inform it expressly prior to approving any request from a person affected, or from an authority/jurisdiction authorised to make such a request, unless the law prohibits this.

Personal Data subject to Processing performed by the Client shall be processed throughout the period of the Contract.

At the end of the Agreement or, where applicable, when it is no longer lawful for the Service Provider to keep the Personal Data subject to Processing, or when the Processing period comes to an end, the Service Provider undertakes to return any Personal Data to the Client, if it so requests, or to destroy it, in accordance with the Client’s instructions, as soon as possible and in accordance with the conditions set out in the Agreement, unless applicable laws require it to be kept. It is specified that the Service Provider shall, where applicable, keep the Personal Data processed in the context of its CA activity (see “Personal Data processed by the CA” above) in accordance with the CA’s Certification Policy.

The Service Provider undertakes to take any necessary precautions as regards Personal Data and the risks involved in Processing to preserve the security of the Personal Data and, in particular, to prevent such data from being corrupted or damaged and prevent unauthorised third parties from gaining access thereto.

The Service Provider undertakes in this regard to implement any and all appropriate technical and organisational security and confidentiality measures and to document and be able to provide evidence of such measures.

The Service Provider undertakes to ensure that only its personnel authorised to process the Personal Data for the purposes of the Contract have access to such data, strictly within the confines of what is necessary to carry out their duties, and to ensure that its personnel undertakes to respect the confidentiality of the Personal Data.

The Service Provider confirms that it shall not transfer and shall ensure that any potential Data Processors shall also not transfer Personal Data to a country outside the EU not benefiting from an adequacy decision as stipulated in Article 45 of the GDPR.

The Client is hereby informed that the Service Provider uses Data Processors in the context of providing the Electronic Signature Service, which the Client declares it accepts. The list of Data Processors on the date on which the Contract takes effect is available at any time at the Client’s request.

The Service Provider undertakes to not call upon new Data Processors without informing and obtaining the prior written consent of the Client. The Service Provider undertakes to not replace an existing Data Processor without informing the Client in advance. In the event of an existing Data Processor being replaced, the Client may put forward reasonable objections, which the Service Provider undertakes to consider. If the Service Provider does not take into account the Client’s reasonable objections, the Client shall be justified in terminating the Contract without having to pay any termination penalty, at any time within six (6) months of receiving the information on the replacement of the Data Processor, by giving two (2) months’ prior notice. The Service Provider undertakes to impose on any potential Data Processors, by means of a contract, the same obligations with regard to Personal Data protection as those set out in this article. The Service Provider undertakes in particular to assure the Client that its Data Processors have offered sufficient guarantees as to the implementation of appropriate technical and organisational measures in line with the GDPR, and that the Data Processors are forbidden to sub-contract without prior express written authorisation from the Service Provider. The Service Provider acknowledges it is fully liable towards the Client if any of its Data Processors do not fulfil their Personal Data protection obligations.

In the event of an incident or infringement of Personal Data affecting the Processing, the Service Provider undertakes to inform the Client as soon as possible and, if possible, within forty-eight (48) business hours of becoming aware of the incident, and to take appropriate corrective measures. The Service Provider undertakes in particular to inform the Client as soon as possible of any information available to it with regard to the conditions surrounding the security incident, and in particular the nature and scope of the Personal Data affected, the number of persons affected, the probable consequences, and the technical conditions under which the incident took place.

The Service Provider undertakes to cooperate with the Client and to take any measures required by the GDPR and/or reasonably requested by the Client, in particular in the event of an inspection by the supervisory authority.

The Service Provider undertakes to provide the Client with any necessary information or documentation to be able to demonstrate its compliance with the obligations set out in any current laws and texts pertaining to Personal Data protection and as set out in this article. Certain confidential information, such as security procedures, shall only be provided by means of a consultation at the Service Provider’s premises.

The Service Provider shall immediately inform the Data Controller if, in its opinion, an instruction constitutes a violation of the GDPR or other provisions of applicable laws and regulations pertaining to Personal Data protection.

The Service Provider undertakes to provide any reasonable assistance to the Client in the context of any potential impact assessments in relation to Personal Data protection or in the context of any procedures carried out by a supervisory authority.

Finally, the Service Provider undertakes to inform the Client without delay in the event of any inspection by the supervisory authority, or any administrative or judicial authority, as regards Personal Data Processing carried out in the context of the Electronic Signature Service.

The Service Provider undertakes to allow the Client or any other auditor commissioned by the Client to carry out audits in relation to the Personal Data protection measures, but also to satisfy any request from a judicial or administrative authority, and to contribute to such audits. Audits shall be conducted at the expense of the Client. Any audits conducted by the Client at the Service Provider’s or Data Processors’ premises shall be limited to one (1) day per year. Any time spent by the Service Provider’s teams in responding to auditors may be invoiced. The Client must inform the Service Provider in advance, giving thirty (30) days’ prior notice and informing the Service Provider of the identity of the auditor(s) and the audit schedule. The Service Provider reserves the right to refuse any auditor who may carry out an activity that competes with that of the Service Provider. If the findings of audits reveal non-compliance with the obligations for which the Service Provider is responsible under this article, the Service Provider must take the necessary measures to remedy them as soon as possible and at no additional cost to the Client, subject to these measures not requiring a substantial change in the Contract’s financial terms.

The Service Provider warrants to have a Data Protection Officer (“DPO”), responsible for matters relating to any Personal Data undergoing Processing. The DPO shall ensure that any Personal Data Processing carried out under the Contract is compliant with the GDPR. The DPO may be contacted on privacy@oodrive.com.

The Client alone shall independently choose the categories of persons affected by the Processing that it implements. In this respect, the Client undertakes to obtain consent from those persons affected, if required, and be able to provide evidence of this.

The Client, in its capacity as Controller, shall ensure that the information specified in Articles 13 and 14 of the GDPR has been communicated to affected persons, in line with the specified methods.

The Client is hereby informed that the Service Provider shall refrain from consulting data of any sort, including Personal Data, hosted in the context of the Client using the Services, with the exception of the information required for the CA to generate Digital Certificates.

The Client undertakes to not use the Electronic Signature Service provided under the Contract to process “sensitive” Personal Data, within the meaning of Articles 9 and 10 of the GDPR. If any “sensitive” Personal Data is to be processed, this must be reported immediately to the Service Provider in writing and the Client shall be wholly responsible for such Processing.

The Client undertakes to notify the Service Provider of the contact details of its DPO and/or the person in charge of Personal Data Protection. Failing this, the Service Provider shall send notifications, communications and other alerts to the Client’s usual contact known by the Service Provider or to the address of the Client’s headquarters.

1. Intellectual property rights

The Client acknowledges the intellectual property rights of the Service Provider on all documentation communicated by the Service Provider on the Oodrive tradenames, and more generally on the Electronic Document Signature Service. The Service Provider grants the Client a remote, personal, non-exclusive and non-transferable right of use of the Electronic Signature Service throughout the world for the purpose of signing the Documents in accordance with the present terms of use.

1. Control of exports

The Electronic Signature Service may not be used in countries subject to sanctions or restrictive measures by France, the European Union or the United States. If it uses the Electronic Signature Service outside France, the Client shall have the capacity of exporter within the meaning of the laws and regulations relating to export control, and shall take the steps necessary, where applicable, to obtain the corresponding authorisations and licences.

1. Liability

The Service Provider undertakes to produce Electronic Signatures in accordance with the eIDAS European Regulation, depending on the Electronic Signature level chosen. As such, it undertakes to comply with the requirements of the eIDAS European Regulation and the accompanying standards. The Service Provider cannot be held liable for damage suffered by the Client, the Signatory or any third party as a result of identity theft or the communication of false or erroneous information by the Client, the Signatory, or any person independent of the Service Provider participating in the signature process. The Service Provider can give no guarantee against identity theft, unless it can be proved that this was only made possible by a failure by the Service Provider to fulfil its contractual commitments. The Service Provider reserves the right to take legal action against any user of the Electronic Signature Service who has voluntarily communicated or attempted to communicate false information, having the effect of rendering the performed Electronic Signature invalid.

The Client acts in a professional capacity, without having the status of a consumer and waives the protection granted to consumers. Any Service Provider liability arising from provision of the Electronic Signature Service is limited solely to direct and foreseeable damage proven by the Client and which has been exclusively and directly caused by the Service Provider’s failure to meet its contractual obligations. Furthermore, the Service Provider cannot in any case be held liable for any indirect damage, such as loss of profit or clients, loss of income or renown, loss of use and/or any other unforeseeable harm, even if the Service Provider was informed of the possibility of such damage occurring.

In the event of default by the Service Provider, the Client shall be entitled, subject to proof of the Service Provider’s fault at the origin of such default, to claim compensation for the direct damage for which it must provide the proof.

The Service Provider’s total liability per contract year and per claim shall not exceed the amount paid by the Client under the Contract for the contract year in progress.                 [DR1]

For the Electronic Signature without Identity Verification:

The Service Provider cannot be held liable for direct or indirect damage caused by electronic signatures invalidated due to a lack of or insufficient authentication of the Signatory, such authentication being the entire responsibility of the Client.

For the Advanced signature with Identity Verification:

An automated verification of an identity document is carried out prior to each signature, without, however, guaranteeing the authenticity of the identity document. The Service Provider cannot be held liable for direct or indirect damage caused by the use of false identity documents by Signatories.

For the Qualified Signature:

The Signatory’s identity is verified by the Certification Authority when the Digital Certificate is issued. The Service Provider cannot be held liable for direct or indirect damage caused by electronic signatures invalidated due to a lack of or insufficient authentication of the Signatory, such authentication being the entire responsibility of the Certification Authority that issued the Digital Certificate.