Regulations for the purchase of a qualified electronic signature certificate
Article 1. Preliminary Provisions
These regulations (hereinafter referred to as "Regulations") define the terms and conditions of purchasing qualified electronic signature certificates using the tools offered by the Administrator, including identity confirmation.
Article 2. Definitions
- Administrator – Autenti sp. z o. o., with its registered office in Poznań at ul. Św. Marcin 29/8, 61-806 Poznań, and entered into the Register of Entrepreneurs kept by the District Court for Poznań Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number (National Court Register) 0000436998, with NIP (Tax Number) 783169325.
- Customer – a natural person, a legal person or an organisational unit that is not a legal person, whose specific provisions grant legal capacity, who has placed or performs activities aimed at placing an Order.
- Certificate – a qualified electronic signature certificate issued by the Issuer.
- Subscriber – the natural person designated by the Customer, for whose personal data the Certificate is to be or has been issued.
- Issuer – a qualified trust service provider entitled to issue a Certificate and to provide related trust services.
- Autenti platform – an IT tool provided by the Administrator as part of an internet service in the autenti.com domain or in any other way agreed with the Administrator, whereby services are provided electronically in accordance with the Autenti Platform Terms & Conditions.
- Service – a service provided by the Administrator on behalf of the Customer to enable the ordering and receipt of a Certificate issued to the Subscriber, which consists of enabling:
- selection of the Issuer and placing of the Order;
- conducting the process of confirming the Subscriber's identity
- receipt of the Certificate.
- Autenti Platform Terms & Conditions – terms and conditions for the provision of electronic services governing the use of the Autenti Platform – the content of which is available on the website at https://autenti.com/en/terms-and-conditions.
- Issuer Regulations – the entirety of the regulations issued by the Issuer setting out the rules for the provision of qualified trust services involving the issuance of a Certificate by the Issuer. The regulations of the respective Issuers are enclosed as appendices to the Regulations.
- Order – a request for the provision of a Service made by the Customer via the order form available on the Autenti Platform website or by contacting the Administrator.
Article 3. Order
- The Customer places an Order by selecting the Certificate they are purchasing and confirming their wish to purchase the Service. When placing an Order, the Customer is obliged to provide the required data. It is necessary to specify the full and correct first name and surname, e-mail address and telephone number of the Subscriber. In the case of customers who are sole traders, legal persons or organisational entities which are not legal persons to which the law grants legal capacity and who wish to receive a VAT invoice, it is also necessary to indicate the full and correct company name and tax identification number (NIP). The Administrator is not responsible for the consequences of incomplete, outdated or untrue data provided by the Customer.
- Once the Order has been placed, the Customer receives a confirmation from the Administrator by electronic correspondence to the e-mail address indicated in the Order, together with all relevant elements thereof. Confirmation of the placement of the Order means that the contract between the Customer and the Administrator for the provision of the Service has been concluded.
Article 4. Proof of identity
- In order to issue the Certificate, it is necessary to conduct the process of confirming the Subscriber's identity.
- The process of confirming the Subscriber's identity is carried out by the Issuer on the terms set out in the Issuer's Regulations or by the Administrator on the terms set out in these Regulations.
- The Administrator carries out the process of confirming the Subscriber's identity remotely ("remote verification") or – with the Administrator's consent – in person during the meeting of the Subscriber with the Administrator's representative ("personal verification").
- Remote verification is performed by the Administrator with the use of tools approved by the Issuer for remote identity confirmation – in particular, means of remote communication, providing audio and video (video call). The Subscriber selects the date of remote verification from the available dates specified by the Administrator.
- In order to carry out remote verification, the Administrator sends the Customer a link to the website where the Customer performs the verification confirmation of identity or selection of the remote verification date and specifies the Subscriber's data necessary to issue the Certificate.
- The technical requirements necessary to perform remote verification are:
- a stable internet connection of no less than 1 Mbps;
- a camera in the device, in good working order, to ensure video recording at a resolution of at least 360p;
- a microphone in the device, in good working order;
- a telephone number associated with a mobile device (e.g., smartphone or tablet) at the disposal of the Subscriber;
- using a browser that allows sharing images and sounds in real-time. The browsers recommended by the Administrator are the latest versions of Chrome & Mozilla Firefox.
- During remote verification, the Subscriber is obliged to:
- meeting the technical requirements set out in Paragraph 6;
- providing the Administrator with the image and sound recorded in real-time by the devices specified in Paragraph 6 b-c and consent to their recording – the image provided to the Administrator should include the Subscriber's face;
- presenting (I) a valid ID card or passport and (II) providing a PESEL number unless, in accordance with the Issuer's Regulations, providing it is not necessary;
- not being in the presence of third parties;
- not driving motor vehicles;
- not being under the influence of alcohol or any other intoxicant;
- meeting other requirements provided for in the Issuer's Regulations, about which the Administrator will inform the Customer before purchasing the Service.
If the Subscriber breaches the above obligation, the Administrator is entitled to terminate the remote verification with a negative result of the identity confirmation.
- The Customer is allowed to change the date of the remote verification once without incurring additional costs, provided that the change is notified at least two (2) working days before the scheduled verification date. A change of date may be reported between 9 AM and 5 PM on business days. A request made at other times will be treated as being made on the following working day.
- Personal verification is exceptional and takes place at the Customer's request, with the Administrator's prior consent. The Administrator and the Customer may agree to conduct a personal verification in the form of a meeting after prior confirmation by the Administrator and the Customer of the date and place of the meeting. Performing a personal verification in a location other than Warsaw will result in a change in the price of the Service, which in such a case is individually agreed with the Customer. In the course of personal verification, the Subscriber is obliged to present a valid ID card or passport and provide their PESEL number unless, in accordance with the Issuer's Regulations, providing it is not necessary.
- Confirmation of the Subscriber's identity with a positive result is a prerequisite for issuing the Certificate by the Issuer. The result of the identity confirmation is considered positive if the Subscriber fulfills the conditions specified in Paragraph 7, and the Administrator, based on the performed procedure, will receive confirmation of the accuracy of the previously indicated data necessary for the Issuer to issue the Certificate. Otherwise, the result of the identity confirmation is considered negative.
- In matters not covered herein, the relevant provisions of the Issuer's Regulations shall apply to the issuance of the Certificate.
Article 5. Payment
The Customer is obliged to pay for the Service in accordance with the Price List available at https://autenti.com/ valid on the date of placing the Order ("Price List").
- In the event of the Subscriber's failure to appear on the agreed date of identity confirmation, the Subscriber's failure to comply with the conditions set out in Art. 4 Par. 7 of the Regulations or a negative (other than positive) result of the identity confirmation, the Customer will be charged the price for performing the identity confirmation in accordance with the Price List. The Customer makes online payments using the payment methods provided by a specialized payment institution with which the Administrator has concluded an agreement.
- If payment is selected via payment cards with an online payment function or bank transfer, the Customer is redirected to the website enabling electronic payment (e.g., the login page of the Customer's bank or the Card Authorisation Centre).
- The gross price quoted for the Order includes taxes and all charges required by applicable law.
- The purchase of the Service by the Customer is documented by the issuing of a billing document by the Administrator (i.e., a receipt or an invoice). The Customer agrees to receive electronically, to the e-mail address indicated by the Customer when placing the Order, an electronic image of billing documents.
Article 6. Withdrawal from the Service Agreement
- A Customer who is a consumer may withdraw from a contract for the performance of a Service without stating reasons within 14 days of the conclusion of the contract, subject to Paragraphs 2 and 3 below. The above entitlement also applies to sole traders to the extent that the law equates their protection with consumers.
- To the extent that the contract relates to the sale of a kit (physical devices and tools) for the generation of a qualified electronic signature, the Customer, acting on the rights of the consumer, shall have the right to withdraw from the contract within 14 days from the date of delivery of the said kit to the extent of the said sale.
- The Customer referred to in Paragraph 1 shall not be entitled to withdraw from the contract for the performance of the Service:
- if the Service concerns the provision of digital content (which is not recorded on a tangible medium) in the form of a Certificate – when the performance of the Service has begun with the express consent of the Customer;
- to the extent that the Service involves the purchase of software delivered in sealed packaging – if the packaging is opened after delivery;
- if the Service has been fully performed.
- The notice of withdrawal may be submitted by electronic mail (e-mail) or in writing to the Administrator's address. A model withdrawal form, which the Customer may use, is attached to these Regulations.
- If the subject of the Order is more than one Certificate, the withdrawal may apply to all or only the Certificates selected by the Customer.
- In the event of an effective withdrawal from the contract, the Administrator shall refund the amount paid by the Customer in a manner corresponding to the method of payment chosen by the Customer. If the Customer has used a discount at the time of purchase, the refund will be reduced by the value of the discount used, which the Customer will be able to use in future transactions.
- In the event of an effective withdrawal from the contract, the contract shall be deemed not to have been concluded in relation to the Service from the purchase of which the Customer has withdrawn.
Article 7. Liability
- The Administrator shall be liable for the non-performance or improper performance by the Issuer of the Agreement to issue the Certificate and the provision of related trust services if it results from improper performance of the Service by the Administrator. Complaints and comments regarding the Certificate can be made directly to the Issuer in the manner set out in the Issuer Regulations.
- The Customer is responsible for the Subscriber's actions and omissions in connection with the performance of the contract for the provision of the Service – in particular, for the Subscriber's compliance with the provisions of the Regulations.
- The Administrator is not responsible for the actions and consequences of the Customer's or Subscriber's actions taken in connection with the performance of the Service – in particular, the Administrator is not responsible for:
- providing incorrect or false data, including data necessary for the issuing of the Certificate, as well as changing such data during the performance of the Service;
- violation of the Regulations or the Issuer's Regulations;
- use of the IT systems designed to provide the Service in a manner inconsistent with their intended use, in particular by interfering with the Administrator's IT systems, integrating them with IT solutions not approved by the Administrator, unauthorized interference with the Administrator's IT system or breaching security;
- failure to appear for the agreed identity confirmation process;
- failure to meet the requirements set out in Art. 4 Par. 7 of the Regulations.
Article 8. Final Provisions
- In matters not covered herein, the provisions of the Autenti Platform Terms & Conditions shall apply.
- Regulations of the Issuers are available at: https://autenti.com/en/terms-and-conditions.