AUTENTI PLATFORM TERMS & CONDITIONS
These Terms & Conditions specify the rules of providing electronic services by the Administrator as part of the Autenti Platform. Using the Autenti Platform is possible on the rules set out in the Terms & Conditions.
Article 1. Definitions
The terms used in the Terms & Conditions have the following meaning:
- Administrator – Autenti sp. z o.o. with its registered office in Poznań, at ul. Św. Marcin 29/8, 61-806 Poznań, entered into the register of enterprises kept by the District Court Poznań Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register, under KRS No. [National Court Register No.] 0000436998, NIP No. [Tax ID No.] 783-169-32-51
- Autenti platform – an IT tool under which the service is provided electronically by the Administrator, available on the website under the name “Autenti”, in accordance with the Terms & Conditions.
- Terms & Conditions – these Autenti Platform Terms & Conditions.
- Customer – a natural person, legal person or an organizational unit without legal personality that has an Account on the Autenti Platform.
- User – a natural person who acts on behalf of or for the benefit of the Customer or another person or on his own behalf and performs factual or legal actions within the Autenti Platform, in particular affixes an electronic signature.
- Account – a set of data related to a given Customer, including information provided by the Customer during Registration, as well as information on the activity of the Customer and Users added to this Account as part of the Autenti Platform. The Account enables ordering or full benefit of the services provided as part of the Autenti Platform, assigned to a given Account.
- Registration – a process of creating the Account within the Autenti Platform.
- Document – an electronic file entered into the Autenti Platform by the User who, upon affixing the electronic signature, expresses the signatory’s declaration of will concerning the content contained therein with respect to the parties indicated therein or the parties who participated in signing thereof as part of the Autenti Platform.
- Signature Card / Autenti Certificate – confirmation issued by the Service Provider, documenting the status of the Trust Service performance and linked with the Document.
- eIDAS – Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
- In order to use the Autenti Platform, the User must have an ICT system that meets at least the following technical requirements:
- Internet access through an active connection enabling two-way communication via HTTPS protocol;
- the ability to use a standard web browser, the settings thereof , in the case of the intention to use the encrypted website when logging in to the Autenti Platform, should enable the encrypted connection,
- the ability to use software that allows the reading of files sent by persons with whom the User communicates via the Autenti Platform in various formats (including graphic, audio, multimedia, text, video, etc.), in accordance with the provisions of Art. 5 sec. 1 of the Terms & Conditions,
- having an address and access to configured e-mail.
- The use of some functionalities of the Autenti Platform may require fulfilment of additional conditions, in particular when using qualified electronic signatures – having an appropriate electronic signature creation service and a valid certificate issued by a trust service provider.
- The Customer and the User are obliged to refrain from any illegal activities, in particular:
- using the Autenti Platform directly or indirectly for illegal purposes or with the view of violating the legal provisions,
- using the Autenti Platform in a manner inconsistent with the Terms & Conditions, contrary to good morals or generally accepted principles of using the Internet,
- using the Autenti Platform in a manner violating the rights of the Administrator, other Users or third parties, in particular by providing false or other person’s data, using the name of another entity unlawfully or abusing the rights held,
- providing by or to the Autenti Platform the data that may violate the legal provisions or the rights of third parties,
- providing by or to the Autenti Platform the data which results in the disruption of work or overload of IT systems or causes unauthorized modification of the data contained in the Autenti Platform.
- Customers are liable for any and all actions of the Users added to this Customer’s Account, described in the Terms & Conditions as for their own.
Article 3. Registration
- In order to use certain functionalities of the Autenti Platform, in particular to initiate the process of signing the Documents, the Customer should complete the process of Registration. To this end, it is necessary to complete the electronic form available on the Autenti Platform by providing one’s e-mail address or telephone number. The Administrator sends an activation link necessary to complete the process of Registration to the indicated e-mail address or telephone number. The Customer confirms his identity and willingness to register by clicking the activation link (Account activation) referring him to the Autenti Platform. Account activation is necessary to ensure the full functionality of the Account and the services provided to the Customer.
- The Customer may add Users who will operate within the Account created. The Administrator adds the User indicated by the Customer to the Account and sends to the e-mail address or telephone number of the User indicated by the Customer the activation link necessary to make it possible for the User to access the Account. The User is obliged to confirm his identity and consent to use the Account by clicking the activation link referring him to the Autenti Platform.
- The Customer may register, and the User may log in to the Autenti Platform using the username (login) and password on other websites that offer this option and have been functionally related to the Autenti Platform website (hereinafter referred to as the “related websites”). In this case, the data related to the Customer’s or User’s accounts of these websites, provided by and stored in the Autenti Platform profile, is treated as the data submitted by the Customer for Registration on the Autenti Platform. Customers may register, and Users may log in to the Autenti Platform also within other systems on the terms agreed on by the administrators of these systems and the Administrator.
- The Customer by Registration and the User by logging in to the Autenti Platform, voluntarily commences using the Autenti Platform and declares that the data contained in the registration form concerns him, is complete and true.
- Users can use the services of the Autenti Platform and affix electronic signatures within Personal or Business Accounts. Users using the Autenti Platform as part of a given Customer’s Account act for and on behalf of the Customer on whose behalf the Registration was made. It is forbidden to create Accounts for the data of the entities, without the right to represent them or without being duly empowered by persons authorized to act on behalf of these entities.
- The Account contains the Customer’s and Users’ data provided during Registration or as part of data update. In the event of any changes to the data entered into the Account, the User is obliged to immediately update them. The Customer and the User are fully liable in the event of providing or maintaining incomplete, outdated or untrue data.
- The User is not allowed to provide other third parties with the possibility of using the Account, including disclosing the password used to access the Account. The User is obliged to hold an absolute secret of the password to the Account and safeguard it from disclosure. The User is obliged to promptly notify Autenti if the third party has become aware of the access data to the Accountmand provide the circumstances thereof.
- The use of the Autenti Platform may take place without a previously registered Account, if the User to whom the document for electronic approval was sent via the Autenti Platform does not have a registered Account. Then the User may – via the Autenti Platform – electronically sign the Document sent to his e-mail address or telephone number by clicking the “sign” button (or its equivalent).
- If at any place on the Autenti Platform it is allowed to provide the data of third parties, other than the User (e.g. for recommendation or communication purposes), then the User when entering such data should have the requisite consent to use it in the Autenti Platform, and in the event of unauthorized transfer of the data in question he bears all liability related to the transfer of this data, and declares that he will indemnify and hold the Administrator harmless.
- The User may not use his Account in a manner inconsistent with the nature and purpose of the services provided by the Administrator as part of the Autenti Platform and in a manner that disrupts the use of these services, in particular with the view gaining access to the content not intended for a given User or sending unsolicited commercial information via Autenti platforms.
- Should the User violate the Terms & Conditions, legal provisions or good morals, the Administrator may terminate the agreement to maintain the Account with the Customer or prevent access to a specific Account or a specific User.
- It is forbidden to aggregate and process the data and other information available via the Autenti Platform in order to make it available to third parties on other websites and outside the Internet. It is also forbidden to use Autenti designations, including characteristic graphic elements, without the consent of the Administrator.
Article 4. Use of the Autenti Platform
- The Customer and the User may use their Account for the following purposes:
- in order to make declarations of will on their own behalf,
- in order to make declarations on behalf of another person, under the authorization held, in particular as a representative or member of the entrepreneur’s authority,
- in order to participate in the document circulation process.
- The Administrator makes the following services available to Customers and Users:
- SERVICE OF ELECTRONIC SIGNING OF DOCUMENTS – making it possible for Users to read the content of the Document and submit declarations of will on the Document, including: in order to conclude an agreement or accept (authorize) another type of Document, based on the electronic signature Service provided by Autenti in accordance with the Terms & Conditions or other non-qualified or qualified trust service provided by the Administrator or another service provider;
- ELECTRONIC SIGNING OF DOCUMENTS – confirming the submission of declarations of will by Users, including consensual declarations of will submitted to each other by Customers or Users in order to conclude an agreement or accept (authorize) the content of a document and on this basis create an electronic signature, advanced electronic signature or qualified electronic signature in accordance with eIDAS, also with context meaning, e.g. marking as “signature” or “initial”;
- ELECTRONIC SEALING OF DOCUMENTS – ensuring the integrity of the content of the Document and the authenticity of the origin of the Document, creating on this basis and affixing on the Document an electronic seal, advanced electronic seal or qualified electronic seal in accordance with eIDAS, also with context meaning of the seal;
- STORAGE AND SHARING OF ELECTRONIC DOCUMENTS – storing Documents on the servers of the Autenti Platform and enabling Users to share Documents stored on the Autenti Platform with other persons by indicating the method of authorizing access to the Document (e.g. access to a specific e-mail address, telephone number or having an access code);
- DIGITAL VERIFIER OF DOCUMENTS – providing the possibility of verifying the authenticity of affixing the signatures by the User;
- DURABLE MEDIA OF A DIGITAL DOCUMENT – storing or transferring the Document online in the manner enabling future access to information, and which makes it possible for the stored information to be restored in an unchanged form.
- Users who have the Business Account authorize the Administrator to use the name or designation (logo) of the entrepreneur for whom the Account has been created, in order to designate the Account and the User, as well as to perform the services specified in the Terms & Conditions and to inform about the services provided.
- Users of the Autenti Platform may enjoy the functionalities marked as “LABS”, the development process of which has not yet been completed, and therefore there is no guarantee of their correct operation, their future provision is uncertain, and the scope may be subject to modification. These functionalities are made available to Users free of charge for the purpose of testing and expressing their opinion, and in the future they may be provided against payment, about what the Users will be informed before the period of the provision of paid services commences.
- If the provision of a specific service, available as part of the Autenti Platform, requires the operation of another provider (in particular a qualified trust service provider), these services will be guaranteed by such provider, on the terms specified separately and in detail for a relevant service, about which Users will be informed before using such service.
- The Administrator undertakes to keep the Document submitted or signed by the Customer or User on the Autenti Platform for a minimum of 12 months, unless otherwise stated separately, in particular in the Price List.
Article 5. Determining the content of the Document and concluding agreements
- As part of their Account, Customers have the option of uploading to the Autenti Platform the Documents consisting of electronic files containing information that is, in particular, the subject matter of a declaration, approval, consultation or draft agreement (hereinafter referred to as the “files”). The maximum size of one file, available file formats and the number of files that can be sent depend on the Account parameters granted by the Administrator. Autenti provides the possibility of sending files in PDF, DOC, DOCX, XLS, XLSX, ODS, ODT formats, and regardless of the entered format, the files are converted into PDF (print to PDF). Files in a different format must be opened in order to read their content using another appropriate software.
- The Customer or the User may indicate files that will not constitute an integral part of the Document for signature, and which will be made available to the indicated recipients only for viewing or downloading.
- The Customer or User may indicate other Users who will be granted access to the content of the Document referred to in sec. 1, and define their role in the process of agreeing, accepting the content or circulation of the Document.
- All persons indicated to sign the Document should be duly authorized to represent the entity on whose behalf the signature is affixed. The Administrator is not liable for the lack of relevant authorization on the part of persons acting on behalf of such an entity.
- By confirming the “Sign” option (or another option that means acceptance or confirmation of affixing the signature), the User makes the declaration of will (appropriate to the content of this option) to the content expressed in the Document, and the Document is deemed as signed by the Customer or another entity, respectively, for whom the User works. The above also applies to making declarations of will to confirm the content of the file, the opening of which requires separate software, therefore Users should make sure that they are familiar with the content of the Document contained in the file before submitting a specific declaration of will.
- As soon as all entities indicated as [“SIGNATORY”] confirm the “Sign” option,
a declaration of will is made with the content indicated in the Document (affixing the signature), and if the Document is an agreement, the agreement is concluded in the wording specified in the Document. An electronic version of the Document will appear on the Account of each of the Customers participating in affixing the signatures, along with annotations on the dates and manner of affixing the signatures, as well as the data of the Users who signed the Document.
Article 6. User Verification
- As part of the Autenti Platform, the User, by submitting a Document to be signed, indicates the person authorized to sign it and provides his personal and contact details to confirm his identity. The User bears the full risk related to the truthfulness and correctness of the personal and contact data of the person indicated for signing the Document.
- Verification of Users’ personal data may take place through the identification service provided on the basis of a separate agreement (regulations) by the Administrator or other service providers.
Article 7. Payments
- Some services provided by the Administrator as part of the Autenti Platform may be offered against payment.
- The Customer will be informed about the amount of the fee, before it is incurred, in the form of a message requiring the Customer’s approval, or in the form of a Price List available on the Autenti website.
- Users will be issued electronic invoices. The Customer may download the invoice in electronic form using the “Download invoice” button available in the Account.
- The Customer is obliged to effect the payment for the given billing period, at the latest on the date specified in the order / order confirmation. Failure to pay within the indicated time limit entitles the Administrator to suspend the provision of services to the Customer or Users as part of the Customer’s Account, reduce the scope of the available Account functionalities or terminate the agreement to provide the service.
Article 8. Data protection and confidentiality
- The Administrator’s priority is to ensure the confidentiality and security of the data processed as part of the Autenti Platform, including Users’ personal data.
- As far as entrusting the processing of personal data by the Customer is concerned, the provisions of Art. 8 sections 4 to 12 constitute another legal instrument within the meaning of Art. 28 sec. 3 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJL 119, p. 1 as amended (hereinafter referred to as the “GDPR”)).
- The Customer, if applicable, entrusts the Administrator, pursuant to Art. 28 of GDPR with the processing of personal data for the purpose of the performance of the agreement, i.e. to use the tools provided as part of the Autenti Platform. The Administrator may process the personal data entrusted to him only to the extent and purpose specified in the preceding sentence and for the purpose and scope necessary to provide services specified in the Terms & Conditions.
- The Administrator declares that he ensures the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR regulation and protects the rights of the data subjects.
- The Customer may entrust the Administrator with such types of personal data such as: name and surname, place of employment, position, e-mail address, telephone number and other identification data, depending on the service provided. The types of personal data may relate in particular to the following categories of persons: Employees or associates of the Customer, persons representing the Customer’s contractors, persons representing the Customer’s clients and other natural persons to whom the Customer sends documents via the Autenti Platform.
- The administrator undertakes:
- to exercise due diligence in the processing of entrusted personal data and to process personal data in accordance with the provisions of applicable legal provisions, in particular the GDPR;
- to grant authorizations to process personal data to all persons who will process the entrusted data;
- to ensure confidentiality (referred to in Art. 28 sec. 3 let. b of the GDPR) of the data processed by persons who authorize the processing of personal data;
- to protect personal data by using appropriate technical and organizational measures ensuring the adequate level of security corresponding to the risk related to the processing of personal data referred to in Art. 32 of the GDPR, including, but not limited to: (i) pseudonymization and encryption of personal data, (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, (iii) the ability to quickly restore the availability and access of personal data in the event of a physical or technical incident, and (iv) regular testing, measuring and evaluating the effectiveness of technical and organizational measures to ensure the security of processing;
- when assessing whether the level of security is appropriate, the Administrator takes into account, first of all, the risk related to the processing, in particular resulting from accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data sent, stored or otherwise processed;
- to provide assistance to the Customer to the extent necessary to fulfil the obligation to respond to the requests of the data subject and to meet the obligations set out in Articles 32-36 of the GDPR;
- upon termination of the processing services, to return any personal data or delete any existing copies thereof, unless the Union law or the law of a Member State allows for the storage of personal data for a longer period, then the return or permanent deletion of personal data will take place following the expiry of that period;
- to provide the Customer with the information necessary to demonstrate compliance with the obligations stipulated in Art. 28 of the GDPR and make it possible for the Customer to conduct audits after prior arrangement of their date and scope;
- the Administrator may entrust the User’s personal data for further processing to another entity (hereinafter referred to as the “Sub-processor”). The sub-processor that processes personal data on behalf of the Administrator and for the benefit of the User, should meet the same guarantees and obligations regarding the protection of personal data that were imposed on the Administrator. Processing entities may be, in particular, entities providing technical services, including hosting, relating to the development and maintenance of IT systems and websites. Detailed information on Sub-processors may be made available to the User at his request.
- the Customer has the right to object to the catalogue of the Administrator’s Sub-processors, however, objecting to or not accepting them may result in the need to terminate the Agreement, and thus prevent the Administrator from providing the Service to the Customer, provided that the Sub-processor is a key entity for the purpose of carrying out the Service.
- the transfer of processed personal data to a third country or an international organization by the Administrator may take place only when the conditions set out in Chapter V of the GDPR are met.
- After finding a breach of the Customer’s personal data protection, the Administrator reports this fact to the Customer without undue delay.
- In the event of a breach, the Administrator is obliged to take all possible measures to prevent the consequences of the breach or minimize them.
- The Administrator is not responsible for any breaches of data protection resulting directly from the Customer’s activities on the Autenti Platform, i.e., inter alia, sending the wrong Document or sending the Document to the wrong recipient.
- Should the Administrator disclose that the Customer’s use of the Autenti Platform took place in a manner inconsistent with the Terms & Conditions or applicable provisions, the Administrator may process the Customer’s personal data to the extent necessary to determine its liability.
- Data of Customers, Users or entities represented by Users may be transferred to other Customers, Users or entities represented by Users, should it be necessary for communication purposes, using the services provided by the Administrator, in particular to conclude or perform an agreement made using the tools made available as part of the Autenti Platform.
Article 9. The role and responsibility of the Administrator
- The Administrator provides IT tools to Users for communication between Users, but is not liable for the conduct of Customers or Users, or for undue performance or failure to perform factual or legal actions by them in connection with Documents processed as part of the Autenti Platform, and is not liable for consequences of actions taken by Customers, Users, entities represented by Users and third parties, and constituting a breach of the provisions of the Terms & Conditions, legal provisions or good morals. In particular, the Administrator is not liable for the failure to conclude or nullity of agreements made by the entities represented by Users and other circumstances resulting from the acts or omissions of Customers or Users, in particular the lack of selection of the appropriate type of signature for the form of an act in the law in which the Document should be concluded to produce legal effects expressed therein.
- The Administrator is not liable for the truthfulness and reliability of information provided by Users, or the ability of Customers, Users or other entities represented by Users to be the entity of specific legal actions.
- In the event that the actions of Customers or the User violate the provisions of the Terms & Conditions, applicable law, the rights of Customers, other Users, persons represented by Users or third parties, as well as in other justified cases, when the Account or the User’s activity on the Autenti Platform requires additional verification data, the Administrator may:
- suspend the Account for a definite or indefinite time;
- limit the functionality of the Account for a definite or indefinite time as far as the access to individual services provided within the Autenti Platformis concerned;
- make the use of the Autenti Platform dependent on the confirmation by the Customer or the User of their credibility in the manner indicated by the Administrator.
- Regardless of the suspension of the Account, the Customer or the User is fully liable for his acts and omissions which are the basis for the suspension of the Account, in particular liability for damages towards the Administrator.
- The Administrator is liable on general terms for damage caused as a result of failure to perform or undue performance of the obligations set out in these Terms & Conditions, excluding lost profits. In relation to entrepreneurs, the Administrator’s liability is limited to damage caused intentionally or as a result of gross negligence.
Article 10. Complaints
- The Customer, User or the entity represented by the User may file a complaint if the services specified in these Terms & Conditions are not provided by the Administrator or are performed contrary to the provisions of the Terms & Conditions.
- Complaints may be submitted electronically using the contact form or in writing to the Administrator’s address. The complaint should contain at least the e-mail address assigned to the Account, the User or – if the complainant has not provided an e-mail address before – another e-mail address, a description of the objections raised, including – if it relates to a specific Document – the identification of the Document, and expected manner of resolving the issue.
- If the data or information provided in the complaint needs to be supplemented, in order to properly handle the complaint and satisfy the claimant’s request, the Administrator will ask the person submitting the complaint to supplement it in the indicated scope and time limit. The ineffective expiry of the time-limit means that the complaint cannot be handled and is subject to dismissal. The action of summoning the person submitting the complaint to supplement the complaint interrupts the time limit for the handling thereof. This provision is without prejudice to mandatory legal provisions of law to the extent in which they grant consumers broader protection.
- The Administrator shall handle the complaint within 14 days from the receipt thereof in a proper form, with the proviso that the Administrator may refuse handling of complaints submitted 90 days after learning about the reasons for complaint.
- A response to the complaint is sent only to the e-mail address assigned to a given User Account. In specifically justified cases the Administrator may send a response to a another e-mail address indicated by the person submitting the complaint, which is not assigned to the User Account.
Article 11. Duration of the Agreement and its termination
- Upon registration on the Autenti Platform, an agreement to maintain the Account for an indefinite period is concluded between the Customer and Autenti. The agreement to maintain the Account may be terminated at any time via the “Delete Autenti Account” option, available from the “My Account” Panel.
- For important reasons for which the Administrator is not accountable, the agreement to maintain the Account may be terminated by the Administrator upon seven days’ notice.
- If the agreement to maintain the Account has been terminated on the basis of the Administrator’s declaration, the Customer may not register again without the Administrator’s prior consent.
Article 12. Consumer right to withdraw from the Agreement
- An entity acting as a consumer that has concluded a distance agreement with the Administrator, has the right to withdraw from the agreement without providing any reason within 14 days from the date of conclusion of the agreement.
- The right to withdraw from a distance agreement does not apply if the Administrator has fully performed the service with the express consent of a person acting as a consumer, and – in relation to agreements for the supply of digital content that is not recorded on a tangible medium – if the provision of service commenced with the express consent of that person, in particular:
- in relation to the Customers, the conclusion of the agreement takes place at the time of Registration, and the moment the provision of service commences is the use of the service available under the Account, in particular sending the Document for signature or confirmation of the “sign” button under the Document.
- subject to legal provisions , a person acting as a consumer, who does not have the Account, and who will use the service on the Autenti Platform, by confirming the “sign” button under the Document, due to the automatic performance of the service of affixing the electronic signature, is not entitled to withdraw from a distance agreement.
- If persons acting as the consumers use additional services available on the Autenti Platform against payment, the commencement of the service provision is the activation of additional services against payment in the manner specified for the given service.
- In order to exercise the right of withdrawal referred to in sec. 1, a statement setting out the decision to withdraw from the Agreement should be sent to the following e-mail address within 14 days from the conclusion of the agreement:
[email protected] or in writing to the Administrator’s correspondence address.
Article 13. Final Provisions
- The Administrator may amend the Terms & Conditions or launch a modified or new version of the services provided under the Autenti Platform, in the event of the following:
- the need to adapt to changes in legal provisions or obligations imposed by state authorities;
- changes to the Price List;
- instances dictated by security reasons, preventing abuse, improving the protection of Users’ privacy,
- technological or functional change to improve the operation of the Autenti Platform;
- changes in the scope or manner of the services provided;
- editorial changes.
- The amendment towards The Customer and User added to the Account becomes effective on a date indicated by The Administrator from the moment of making the amended Terms & Conditions available.
- The Customer and User added to the Account will receive the notification of the amendment to the Terms & Conditions to the e-mail address at least 14 days before the amendment enter into the force.
- The governing law for the Agreement concluded with the Administrator, the subject of which are services provided by the Administrator as part of the Autenti Platform, is Polish law, unless the European Union law with regard to the consumer provides otherwise. Any disputes related to the services provided by the Administrator as part of the Autenti Platform will be settled by the competent common courts. The entity acting as a consumer has the option of applying an out-of-court method of handling complaints and securing claims before the Permanent Consumer Arbitration Court at the Provincial Inspector of the Trade Inspection in Poznań. Information on how to access the above mentioned mode and procedures for resolving disputes can be found at the following address: www.uokik.gov.pl, in the tab “Resolving consumer issues”. The entity who is a consumer also has the option of using the EU ODR internet platform, available at the following address: https://ec.europa.eu/consumers/odr/.
- Should any provisions of these Terms & Conditions be found invalid in a judgment of a court or another entitled authority , the remaining provisions remain valid.
- In matters not covered by the Terms & Conditions, the provisions of generally applicable law apply, in particular the Civil Code, the Act on the provision of electronic services, GDPR and eIDAS.
- The provisions of these Terms & Conditions in the relationship between the Administrator and the entity operating on consumer rights do not prejudice the applicable legal provisions, the application of which cannot be excluded, and which grant wider protection to consumers.