SuisseID (SwissSign Platinum certificates)
1. Scope and application
1.1 These General Terms and Conditions regulate the conclusion, content and execution of contracts between SwissSign AG (hereafter: “SwissSign”) and customers (hereafter: “customer”) regarding the acquisition and use of “SwissSign Platinum certificates” (hereafter: “certificates”) and the issue of the corresponding digital key pairs which are used for signing, authenticating or encrypting data.
1.2 SwissSign is a subsidiary of the Swiss Post (hereafter: “Post”) and a recognised provider of certification services within the meaning of the Swiss Electronic Signature Act (hereafter: “ZertES”). SwissSign sometimes delegates its task of identifying customers to third parties, in particular to the Post.
1.3 SwissSign sells different types of certificates. These certificates are sometimes sold individually and sometimes in a certificate set, i.e. as a product containing different types of certificates. Individual certificate types are suitable for signing, and others for encrypting or authenticating data. The properties of the individual certificates and also their purpose and area of application can be found in the “SwissSign Platinum CP/CPS” (hereafter “CP/CPS”), which is published on www.swisssign.com. In the CP/CPS SwissSign also specifies its certification practice and policy, in particular the procedure when issuing, managing and cancelling certificates as well as the necessary technical requirements for the use of digital keys. The CP/CPS is an integral part of this contract.
1.4 These General Terms and Conditions apply for all types of certificates. For “qualified Platinum certificates” (these are certificates which correspond with the requirements of Article 6 et seq. of ZertES) there are in some cases special provisions, however, and these are referred to expressly in the following.
1.5 The General Terms and Conditions shall be shown to the customer on the Internet at the moment the electronic order is placed. The customer must expressly accept the General Terms and Conditions. The General Terms and Conditions, which are an integral part of the contract, are also published on the website www.swisssign.com.
1.6 The contract comes into effect when the customer’s application has been successfully checked as per Section5.1.
2. Effects of the digital signature
2.1 According to Swiss law the electronic signature based on certificates is – unless there are legal or contractual provisions to the contrary – not on a par with the manual signature. There is an exception for electronic signatures based on a qualified certificate. According to Swiss law such signatures are on a par with the manual signature insofar as the law or contract do not contain any provision to the contrary (Article 14 Paragraph 2bis of the Code of Obligations).
3. Proviso on foreign law
3.1 The customer shall note that the use of certificates and the exchange of signed and/or encrypted data outside Switzerland are subject to foreign law, and therefore deviating, in some cases more extensive or less extensive effects as could be the case under Swiss law. The exchange of encrypted data is also subject to legal restrictions in certain foreign states. It is incumbent on the customer to investigate these legal aspects.
4. Application for the issue of certificates
4.1 The customer guarantees to give truthful information when filling in the registration form, for instance. The customer also guarantees not to violate any rights of third parties by indicating and using information relevant to certificates (e.g. e-mail address, organisation name).
5. Checking the application and issuing certificates
5.1 After registration the customer's application shall be checked by SwissSign or by third parties it has commissioned. SwissSign may refuse to issue certificates without giving any reason. In this case the customer shall not owe any payment.
6. Customer’s duty of care and obligation to cooperate
6.1 The customer shall note that all information and data associated with the certificates and keys are highly sensitive, are correspondingly susceptible to
misuse, and if handled without care may lead to major damages. The customer therefore has to take the following safety precautions in particular.
6.2 The customer shall not entrust data carriers relevant to certificates (e.g. USB reader with chip card, hardware security module) and the data stored
thereon to third parties and, insofar as it is reasonable, shall prevent third parties from gaining access thereto. In the event of loss or theft of the data carrier or suspected misuse thereof, the customer shall immediately apply for revocation of the certificates (cf. Section11).
6.3 The activation data, the password for blocking and the access PIN must be kept secret and records of this data must be kept out of reach for third parties,
securely and separately from the data carrier.
6.4 The PIN must not be based on data which can be logically associated with the customer (such as telephone number, organisation name, first names or surnames). The customer must change the PIN immediately if the customer knows or has reasons to suspect that a third party may have discovered this.
6.5 The customer shall inform SwissSign immediately, either in writing or with a signed, unencrypted email, of any change in the information as provided
by the customer in the application (Section 4). The contact information can be found on www.swisssign.com. If there is a change in information contained in the certificates (e.g. e-mail address, organisation name), the customer has to apply for new certificates (cf. Section 9) and have the old ones revoked (cf. Section11).
6.6 The customer shall ensure that the EDP system used for signing, authenticating and encrypting data is regularly checked for viruses using up-to-date software and also contains no software which could distort the signing or checking process.
6.7 The customer imposes the duty of care and obligation to cooperate on the customer’s employees and on any other auxiliary persons.
7. Directory service
7.1 SwissSign is entitled to run a publicly accessible directory which contains information on the certificates and their owners as well as on invalid and blocked certificates.
8. Period of validity of the certificates
8.1 The period of validity of the certificates is limited to the duration as entered in the certificate.
9. Application for the issue of new certificates
9.1 If the customer wants to replace the certificates with new ones before expiry of the period of validity, the customer has to fill in a new application. The customer bears sole responsibility for ensuring that a corresponding application arrives at SwissSign on time so that the registration process may be conducted and the customer may be provided with valid certificates without any delay.
10. Terms of payment
10.1 The customer shall make payment as per the valid price list upon conclusion of the contract. The customer shall be informed of the current price
when the order is being placed at the latest. The costs for the required identity authentication, any shipping costs and other charges are not contained
in the payment. Payment is due upon conclusion of the contract and shall be invoiced to the customer. The invoice may be sent electronically. If payment is
made using a voucher purchased from SwissSign, the customer shall bear the consequences of late payment if the invoice for the purchase of the
voucher has not been settled within 30 days at the latest after the purchase of the certificates.
10.2 If the payment deadline is missed and if an additional late-payment notice must be sent, the customer may be charged a flat fee for the second
notice and each additional notice of past due amounts. If the customer defaults on payment, the customer will be charged interest on arrears of seven percent (7%) per year as well as all costs. Further claims for compensation for delay shall remain unaffected.
10.3 In the event of delayed payment SwissSign is entitled to revoke certificates as per Section12, and here SwissSign shall remain entitled to reimbursement.
10.4 If, after submission of an application and successful registration (cf. Sections 4 and 5) no certificates are issued for reasons which are the responsibility of the customer, SwissSign may invoice the customer for a processing fee.
10.5 If certificates are revoked as per Sections 11 and12, the customer shall not be entitled to reimbursement of the already paid amount.
11. Application for revocation of certificates
11.1 Revocation of certificates or certificate sets can be applied for online on the corresponding product page for the certificate either by entering the
password for blocking or by using the still valid signature certificate. The list is not exhaustive.
11.2 Under the following conditions revocation of certificates or certificate sets can also be applied for with a postal submission of the revocation form which is available for downloading on the corresponding product page for the certificate:
- If certificates which need to be revoked are made out in the name of a natural person (certificate holder or “common name” is a natural person), this person shall have to sign the form by hand. In addition this person shall have to submit a copy of a valid Swiss identity card or of a valid passport.
- If certificates which need to be revoked are made out in the name of an organisation (certificate holder or “common name” is not a natural person), the form must be signed by hand in a legally valid manner while observing the organisation’s regulation on representation. Written proof of power of representation must also be submitted.
- The natural person and also the organisation may apply for revocation of certificates which are made out in the name of a natural person and also contain an organisational attribute provided there is adherence to the aforementioned terms.
11.3 If applications are submitted as per Section11.2, several days may pass between the time of dispatch and the processing of the applications. SwissSign assumes no liability for events occurring within this time period. SwissSign therefore recommends revocation is always performed by means of an online application.
12. Revocation of certificates without an application
12.1 SwissSign is authorised to revoke certificates by itself, including if it transpires that
- these have been unlawfully acquired or untruthful information was provided in the application;
- there is no longer any guarantee that they can be assigned exclusively to the certificate holder (e.g. because the algorithms forming the basis of the signature certificate have been broken);
- the contractual relationship is terminated;
- the customer or one of the customer’s employees or auxiliary persons violates an obligation to cooperate within the meaning of Section 6.
12.2 If revocation is because of a circumstance attributable to the customer, SwissSign shall be entitled to charge an administration fee. The right to claim further damages remains expressly reserved.
13. Joint invalidity of certificates in certificate sets
13.1 Revocation of one certificate in a certificate set automatically leads to all certificates in a certificate set becoming invalid.
14. Prohibition of the use of invalid certificates
14.1 The customer is obliged to no longer use certificates and keys which have been revoked or have expired so are no longer valid. The only exception is for the use of decryption keys to decrypt already encrypted data.
15. Trade mark rights
15.1 All intellectual property rights to the material handed over by SwissSign (documentation, devices, software etc.) shall remain with SwissSign or the authorised third parties. For the use of this the customer receives a non-exclusive licence for a limited period in line with the purpose of the contract.
16.1 The customer has to check the certificates and material provided by SwissSign upon receipt and must give immediate written notice of any defects, incorrect and/or incomplete information before the first use. Defects discovered at a later point must be reported as soon as they are discovered, otherwise the warranty rights shall be forfeited.
16.2 If there is notice of defects, SwissSign has the right to choose between repair and replacement. Further warranty rights are expressly excluded. Defective certificates shall be revoked by SwissSign.
17.1 SwissSign’s liability for damages is limited to intent and gross negligence. With respect to qualified certificates the liability is based on the provisions of ZertES. Any further liability is excluded.
17.2 SwissSign is not liable for technical failures, the unattainability of individual certificates, the unavailability of the certificate directory, or for the fact that an applied for or offered blocking of a certificate cannot be carried out within a reasonable period of time on account of circumstances which cannot be influenced by SwissSign. SwissSign is also not liable for damages which are the result of violation of the customer’s duty of care and obligation to cooperate. Ultimately SwissSign is not liable for ensuring that the systems of third parties are in full working order, in particular the Internet or software and hardware used by the customer.
17.3 SwissSign is not liable for the validity of transactions concluded with the help of certificates.
17.4 SwissSign is liable for the correctness of the information contained in the certificates only within the framework of the possibilities of inspection to which it is entitled while checking the identity.
17.5 Liability for damages from the use of installation or support information, for late or incompletely provided support information, from the installation of the software or during troubleshooting etc., as well as other damages to IT systems from the use of certificates is limited to the amount which the customer paid to purchase the corresponding certificate.
18. Export and import
18.1 The customer shall note that the export and import of data carriers with digital keys or cryptographic software stored thereon may be subject to legal restrictions. The same may apply for the use of such data carriers abroad. The customer is obliged to observe the corresponding foreign regulations.
18.2 SwissSign reserves the right to refuse deliveries abroad without giving any reason.
19. Duration of contract / termination of contract
19.1 The duration of the contract corresponds with the period of validity of the certificates. Revocation of the certificates leads to immediate termination of the contractual relationship.
19.2 SwissSign may terminate the contract with a notice period of one week without giving any reason as per Section 12 (revocation by SwissSign). If the customer is not the reason for termination of the contract, SwissSign has to reimburse the customer with the paid amount on a pro rata temporis basis. Certificates affected by the termination of the contact shall be revoked by SwissSign.
19.3 The customer may terminate the contractual relationship at any time by submitting an application for revocation of the certificates (cf. Section 11). Payments which have not yet been made shall remain owed.
20. Data protection
20.1 SwissSign is obliged to adhere to the provisions of the Swiss data protection legislation and in particular to not conduct any business with the customer’s data. The customer is expressly informed however that SwissSign must process the information provided by the customer to fulfil the contract and that the information shall be passed on internally within the company including for reasons of debt collection.
20.2 The customer shall note that the data exchange carried out with SwissSign is recorded electronically (logging).
21. Engaging third parties
21.1 SwissSign may engage third parties at all times to render and complete the services. The customer agrees that the required data and information shall be passed on to the third parties.
22.1 The customer may not offset charges due to SwissSign against possible counterclaims or claims due to the Post.
23. Changes and amendments
23.1 Changes and amendments to these General Terms and Conditions must be in writing. Digitally signed information sent electronically shall be considered on a par with the written form.
The German version of the General Terms and Conditions shall be binding.
25. Assignment of rights and obligations
25.1 The customer may not transfer the rights and obligations from this contract to third parties.
26. Applicable law and place of jurisdiction
26.1 Swiss law applies exclusively. The place of jurisdiction is Zurich.
27. Contact address of SwissSign
SwissSign AG, Glattbrugg, 12.04.2010 (V2.0)