Autenti Trust Services Policy
Version: 1.0 (OID: 1.2.616.1.1138184.108.40.206.0)
valid from October 1, 2020 1/8
Disclosure Level: Public
I. General provisions
This Autenti Trust Services Policy (hereinafter referred to as the "Policy"), specifies the types, rules and conditions for the provision of non-qualified trust services (hereinafter referred to as "Trust Services”) by Autenti sp. z o.o. with its registered seat in Poznań, at ul. Św. Marcin 29/8, entered into the register of entrepreneurs kept by the District Court for Poznań Nowe Miasto i Wilda in Poznań, VIII Commercial Division under the following number KRS 0000436998, NIP: 7831693251 (hereinafter referred to as the "Service provider”) and presents the technical and organizational solutions applied by the Service Provider.
2. Legal regulations
[Generally applicable law] The Service Provider provides Trust Services in accordance with generally applicable laws within the territory of the Republic of Poland, including the provisions of the European Community law, in particular based on:
- Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (including implementing provisions);
- Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016, on the protection of natural personswith regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (including implementing provisions);
- The Act of 10 May 2018 on Personal Data Protection (Journal of Laws of May 24, 2018, item 1000), (including implementing provisions), hereinafter referred to as the “Personal Data Protection Act”;
- The Act of 5 September 2016 on trust services and electronic identification (including implementing provisions), hereinafter referred to as the “Trust Services Act”;
- The Act of 18 July 2002 on the provision of electronic services (including implementing provisions), hereinafter referred to as the “Electronic Services Act”,and on legal provisions supplementing or replacing the above-mentioned legal acts.
[Model contracts] The Service Provider provides Trust Services based on this Autenti Trust Services Policy and regulations, policies (model contracts) provided by the Service Provider, including:
- Autenti Platform Terms & Conditions,
- Cookies Policy,
the current content of which is available at: https://autenti.com/en/terms-and-conditions/
This Policy applies terms having the meanings hereunder assigned:
- Document - an electronic file entered to the Autenti Platform by the User, who, upon placing the electronic signature, makes the signatory's declaration of intent about the content contained therein towards the parties indicated therein or the parties that participated in its signing as part of the Autenti Platform;
- Service Provider - Autenti sp. z o o with its registered seat in Poznań, at ul. Św. Marcin 29/8, entered into the register of entrepreneurs kept by the District Court for Poznań Nowe Miasto i Wilda in Poznań, VIII Commercial Division under the following number KRS 0000436998, with NIP: 7831693251;
- Company - a natural person running a business, a legal person or an organizational unit without legal personality;
- Signature Card / Autenti Certificate - confirmation issued by the Service Provider documenting the performance of the Trust Service and linked to the Document.
- Autenti Electronic Seal - advanced electronic seal verified with a qualified certificate, placed on behalf of the Service Provider;
- Autenti platform - a service provided electronically by the Service Provider as part of the website available under the name "Autenti", in accordance with the Autenti Regulations.
- Policy- this Autenti Trust Services Policy;
- Autenti Regulations - regulations for the provision of electronic services, governing the use of the Autenti Platform, the content of which is available on the website at https://autenti.com/regulamin/.
- Relying Party - a natural, legal person or an organizational unit without legal personality that takes actions or any decision in confidence in non-qualified trust services provided by the Service Provider;
- Agreement - an agreement for the provision of an unqualified trust service concluded by the Service Provider with the User;
- Trust Service - an unqualified trust service provided by the Service Provider as described in the Policy;
- User - a natural person, legal person or organizational unit without legal personality to the extent that it can acquire rights and incur liabilities in accordance with the provisions of generally applicable law, who is the recipient of the Trust Services.
II. Trust Services and the rules of their provision
- The Provider provides the following Trust Services electronically
- Service of electronic signing the documents through the Autenti platform - allows the Users to read the content of the Document and submit declarations of intent on the Document using the Autenti Platform, including: in order to conclude a contract or accept (authorize) another type of Document, based on the Electronic Signature Service provided by Autenti in accordance with this Policy or any other non-qualified or qualified trust service provided by a provider other than Autenti;The Service Provider provides the following Trust Services by electronic means:
- Electronic signature placement service - enables submitting a declaration of intent by confirming the "sign" button (or with equivalent content, including translated into another language). The service results in the creation of an electronic signature in the form of data attached to the signed Document and indicating the signatory.
- The document on which the Users' electronic signatures are affixed is secured with the Autenti Electronic Seals based on qualified certificates that confirm the performance of the trust service, ensure the integrity of the Document, thus enabling recognition whether the content of the Document has been changed after the Autenti Electronic Seal was submitted.
- Placing electronic signatures on the Document is confirmed by issuing the Signature Card (Autenti Certificate) attached to or related to the signed Document.
- The User or the Relying Party obtains confirmation of the performance of the Trust Service, including the assurance that:
- a given Document, recorded in PDF format and connected with the Signature Card, retained the integrity and invariability of the content,
- the Document was indeed signed by certain Users on the Autenti Platform and on the basis of which data the Users were specified,
- the declaration of intent (electronic signature) in a given Document was submitted at the indicated time.
III. Data handling
- [Data in the form of Documents] Documents are stored in an encrypted form on the Autenti Platform in such a way as to restrict access to their content by persons other than the persons to whom the Document was made available by the User. The integrity and immutability of the content of the Documents is verified as part of the Autenti Platform through the checksum assigned to each Document and enabling the verification whether a given Document has been subject to modifications.
- [Personal data] Personal data provided by Users is processed by the Administrator in accordance with the provisions on the protection of personal data. Detailed rules for the processing and protection of personal data can be found in the Privacy Protection Policy and the Cookies Policy available on the Service Provider's website at www.autenti.com/regulaminy.
- [Storage period] The data is stored for a period of at least 5 years, in the environment that ensures an appropriate level of security and in a manner that ensures the integrity of event logs.
- [Backup copies] The Service Provider creates and properly manages backups to ensure the security and durability of Documents and event logs.
[Risk assessment] The Service Provider periodically assesses the risk level of the Autenti Platform and the systems used to provide Trust Services to identify and prevent threats.
IV. The use of the Trust Services and the rules of Users' identity verification
- In order to use the Trust Services, the User should register on the Autenti Platform and set up an Account, within the meaning of the Autenti Regulations. As a result of a correctly completed registration, the User receives access to the Account created for him or her, which he or she can use on the Autenti Platform in order to initiate Documents for signature - based on the Trust Service. After initiating the Document, the Trust Service for electronic signatures on this Document is also available to other Users indicated by the User initiating the Document, including those who do not have an Account in the Autenti Platform.
- The Relying Party should pay attention to the type of confirmation of the performance of the Trust Service (Signature Card / Autenti Certificate) and the Policy under which they were issued, including whether Autenti Electronic Seals were applied. In case of doubts as to whether the Signature Card / Autenti Certificate has been issued by the Service Provider or documents the actually performed Trust Service with the participation of a specific User, the Relying Party is obliged to report them to the Service Provider. The application may be made in writing, by e-mail sent to the following address [email@example.com] or via the contact form provided in the autenti.com domain.
- The Signature Card / Autenti Certificate applies to the Trust Service performed in relation to a given Document and includes in particular:
- the opening Autenti Electronic Seal, placed by the Service Provider in order to confirm the commencement of the Trust Service and to secure the integrity of the Document in the form presented for electronic signature;
- Autenti closing Electronic Seal, placed by the Service Provider in order to confirm the performance of the service of electronic signing of documents via the Autenti platform for all Users
- Autenti Electronic Seal confirming the submitted electronic signature on the terms specified for the Electronic Signature Creation Service, which confirms in particular:
- Users' data determined on the basis of the data declared by them, indication of the e-mail address (e-mail) or telephone number to which the User had access and the IP number of the device through which the connection was made to place an electronic signature;
- information about placing an electronic signature, its type and method of authentication.
- Other seals and electronic signatures based on non-qualified or qualified services, in accordance with the policies or regulations specified by their suppliers.
- Verification of Users' personal data may take place through a service provided on the basis of a separate agreement (regulations) by the Service Provider or other service providers.
V. Liability and obligations of the Service Provider
- The Service Provider guarantees that the Trust Services are provided in accordance with this Policy and the provisions of generally applicable law.
- The Service Provider ensures that the Trust Services are performed in accordance with the declared safety and quality standards.
- The Service Provider ensures protection of the processed personal data in accordance with the provisions of applicable law.
- The Service Provider shall not be liable for damage resulting from the temporary or permanent suspension of the availability of the Trust Services, in particular damage or problems resulting from the failure of the link or its insufficient capacity on the part of the User.
- The Service Provider shall not be liable for damage resulting from the use of the Trust Services in a situation where the Users have been previously informed about the limitations in the provided Trust Services.
- The Service Provider is not liable for the conduct of Users, or for thier improper performance or non-performance of actual or legal actions in connection with the Documents being processed as part of the Trust Services provided, and is not liable for the consequences of actions taken by Users and third parties, constituting a violation of provisions of the Policy and the Autenti Regulations. In particular, the Administrator is not liable for the non-conclusion or nullity of the agreements concluded between Users, which are the result of Users' actions or omissions.
- The Service Provider is not liable for the truthfulness and accuracy of the information provided by Users, or the Users' capacity to be the subject of legal actions.
- The Service Provider shall not be liable for damage resulting from the User's failure to comply with the rules set out in the Policy or Autenti Regulations, in particular for damage resulting from the use of the Trust Services contrary to their intended use and the storage or use by Users of data required for placing an electronic signature in a manner that does not protect them against unauthorized use.
- Unless otherwise stipulated in the generally applicable provisions of law, the Service Provider's liability towards Users is limited only to intentional damage or due to gross negligence in terms of obligations related to this Policy.
VI. Dispute resolution complaints
- [Complaints handling procedure] The User may file a complaint if the Services described in this Policy are not provided by the Service Provider or are not provided in accordance with the Policy. Complaints may be submitted in electronic form using the contact form, e-mail sent to the following address: firstname.lastname@example.org or in writing to the following address: Autenti sp. z o.o., ul. Sternbacha 1, 30-394 Krakow.The complaint should contain at least the e-mail address provided by the User during the Registration process, a description of the irregularities and the expectations towards the settlement of the complaint.
- If the data or information provided in the complaint needs to be supplemented, in order to properly consider the complaint and satisfy the User's request, the Service Provider will ask the person submitting the complaint to supplement it within the indicated scope and time. Failure to meet the deadline means that the complaint cannot be investigated and is subject to rejection. The request to supplement the complaint interrupts the time limit for its investigation. This provision shall be without prejudice to mandatory provisions of law to the extent that they grant consumers broader protection.
- The Service Provider investigates the complaint within 30 days from the date of its receipt in the correct form, with the reservation that he may refuse to consider complaints submitted after 90 days from the disclosure of the reasons for the complaint.
- A response to the complaint is sent only to the e-mail address assigned to a given User Account. In particularly justified cases, the Service Provider may send a reply to another e-mail address indicated by the person submitting the complaint, which is not assigned to the User Account that is submitting the complaint.
- [Court disputes] The law applicable to the contracts concluded between the User and the Service Provider, the subject of which are the services indicated in this Policy, is Polish law, unless the European Union law provides for a different jurisdiction in relation to the consumer. In the event of the User's unsatisfactory complaint procedure, disputes related to the Trust Services provided by the Service Provider may be resolved by competent common courts.
VII. Termination of business activities or discontinuation of the provision of Trust Services
- Evidence of the performance of the Trust Service is secured with Autenti Electronic Seals and a time stamp, which is a proof of service performance and allows for verification of their authenticity also after the completion of the Trust Service provision.
- In the event that the Service Provider terminates its business activity or any of the offered Trust Services, as specified herein, the Service Provider will make every effort to minimize the adverse consequences resulting for the User as much as possible. For this purpose, the Service Provider will publish relevant information on its website, and will also ensure the possibility to download the Documents stored on the Autenti Platform within one month from the end of the Trust Service provision. Users will receive an appropriate message also via e-mail to the address provided during Registration.
VIII. Validity period and mode of making amendments
- This Policy is valid for an indefinite period of time.
- The Service Provider reserves the right to amend the Policy at any time. In particular, the need to make amendments may result from:
- amendments made to generally applicable law, including applicable law,
- amendments made to the method and principles of providing Trust Services described in the Policy.
- Any amendment made to the content of the Policy is effective from the moment of its approval and publication on the website of the Service Provider or from a later date indicated in the updated content of the Policy.