STANDARD TERMS OF SERVICE (“STS”)
FOR THE USAGE OF THE ADVANCED ELECTRONIC SIGNATURE (“AES”)
Art. 1 - Safilo's Advanced Electronic Signature service
SAFILO – Società Azionaria Fabbrica Italiana Lavorazione Occhiali - S.p.A., a company duly incorporated under the laws of Italy, with registered office at Settima Strada n. 15, Padova, Share capital Euro 66.176,000.00= fully paid up, tax code and registration number at the Companies’ Register of Padova 03625410281, VAT number 02952600241, subject to the activity of corporate direction and coordination of Safilo Group S.p.A., a company duly incorporated under the law of Italy, registered at the Companies Register of Padova – Italy – under n. 03032950242 (“Safilo”) offers to its customers and suppliers (“Subscriber”) to sign documents using an electronic signature system, in line, inter alia, with (i) the EU Regulation 910/2014 (“eIDAS”), (ii) the Codice dell'Amministrazione Digitale (Legislative Decree 07 March 2005 n . 82 and subsequent amendments; hereinafter, “CAD”) and (iii) the Technical Rules about the generation, affixation, and verification of advanced, qualified, and digital electronic signatures object of the Prime Ministerial Decree of February 22nd, 2013 (“Technical Rules”). In particular, the Subscriber who subscribes to the service will be able to sign documents with an advanced electronic signature (“AES”).
Pursuant to Italian and European legislation, an electronic signature is qualified as an AES when it is obtained through a process that guarantees:
identification of the signatory of the document;
the unique connection of the signature to the signatory;
exclusive control of the signatory of the signature generation system, including any biometric data used to generate the signature itself;
the possibility of verifying that the signed electronic document has not undergone changes after the signature has been affixed;
the possibility for the signatory to obtain evidence of what has been signed;
the absence of any element in the subject of the subscription capable of modifying the deeds, facts, or data represented therein;
the unique connection of the signature to the signed document.
The documents signed through the AES will have the legal and evidentiary effectiveness recognized by the Italian laws pursuant to art. 2702 of the Italian Civil Code.
The AES service is offered by Safilo through its supplier Docusign Inc. (“Docusign”). The characteristics of the AES system designed to ensure compliance with the provisions of points (a) - (g) above and the technological features used within this system can be consulted under Annex A to this STS.
The Subscriber, having acknowledged and carefully examined this STS (available in the updated version on the website www.safilogroup.com), declares to adhere to the AES service by accepting this STS.
Although not expressly governed by this STS, please refer to the provisions of the eIDAS, the CAD, and the Technical Rules.
Art. 2 - Terms and conditions of the service
To subscribe to the AES service, Italian law requires verification of the identity of the Subscriber.
The identification of the Subscriber, endowed with the necessary powers, takes place through a valid identification document of the Subscriber, as specified in Art. 3 below.
Art. 3 - Activation and use of the service
The Subscriber can adhere to the AES service provided by Safilo by accessing (by clicking on the “Sign Document” button) the link sent by e-mail to the e-mail address communicated by the Subscriber to Safilo.
The link will lead to a web page, within which the Subscriber will be asked to accept this STS and to fill in an identification form to verify his identity. You are asked to enter information regarding the ID: where it is issued (the country) and the type of ID (passport or ID with photo). After that, you need to upload the document via mobile phone or by uploading the file (both sides) following the instructions on the site. Once the identification process has been completed, the Subscriber will be able to proceed with the signing of the document.
To proceed with the signing of the document, after clicking on the View document/Sign Document field, it is necessary to accept this STS by ticking the Accept field; the acceptance of these STS constitutes an express declaration of full acceptance of the same pursuant to and for the purposes of Art. 57 paragraph 1, lett. a) of the Technical Rules. Once these STS have been accepted, the Subscriber will be able to use the AES service and proceed with affixing the AES to the document by clicking on the Signature field.
To finalize the affixation of the AES, the Subscriber must check his data and accept the terms and conditions of these STS regarding the use of the AES service provided by DocuSign (by selecting Sign, you agree to sign the document/s contained in the envelope identified by the ID 'XYZ', confirming that the name and email address of the signatory are correct and accepting the terms of this STS).
Art. 4 - Withdrawal of consent to use the AES service
The Subscriber may withdraw his consent to the use of the AES at any time by asking Safilo to sign the document in paper format.
In the event that the Subscriber wishes to permanently revoke the possibility of using the AES, he can request it from Safilo by writing to firstname.lastname@example.org.
Withdrawal of the consent to the AES service will make it impossible for the Subscriber to access and use the document subscription service through AES.
Art. 5 - Scope of use
The Subscriber may use the AES exclusively between the relationships between Safilo and the Subscriber.
Art. 6 - Conservation of the signed electronic document. Retention of further documentation
DocuSign provides for the digital archiving of documents signed by the Subscriber with AES. DocuSign also stores the declaration of acceptance of this STS and the identification document sent by the Subscriber for a period of at least 20 years, in compliance with the provisions of the Italian regulations. The Subscriber may request a free copy of the identification document referred to in the previous paragraph and of this STS accepted by the Subscriber by sending a specific request to email@example.com.
Art. 7 - Insurance coverage
In order to protect the owners of the AES and third parties from any damage caused by inadequate technical solutions, pursuant to art. 57 paragraph 2 of the Technical Regulations, Safilo is insured for civil liability with a primary insurance company authorized to practice in the field of industrial risks.
Art. 8 Treatment of personal data
Safilo informs that no processing of the personal data of the subjects involved in the AES process is envisaged. Safilo will use DocuSign as the provider of the service and delivery of the platform that will manage the entire signature flow. As regards the verification phase of the identity document during the AES flow, DocuSign is therefore considered an independent Data Controller. For any information, request or to exercise your rights, you can refer to the Privacy section accessible at the following link.
Art. 9 Assistance service
For any further information, it is possible to contact Safilo at the following address: firstname.lastname@example.org.
Art. 10 Jurisdiction
Save what is provided under Art. 66-bis of the Legislative Decree 6 September 2005, n. 206 (Consumer Code), for the resolution of disputes relating to the interpretation of this STS, as well as to the execution of the AES service, the exclusive jurisdiction will be those of the Court of Padua - Italy.
ANNEX A - TECHNICAL CHARACTERISTICS
DocuSign is the platform that Safilo has chosen for the electronic document signature service. Identified as one of the most reliable and used Providers worldwide, thanks to DocuSign it is possible to access the signed documents at any time, sending them without running the risk of losing them. DocuSign is an easy-to-use service that allows the confidentiality of data that is securely encrypted, furthermore the versatility and compliance with regulations make the electronic signature process legally accepted all over the world.
DocuSign implements an advanced electronic signature model with verification ID(verification of the signer's identification document) managed within the service which is requested before signing as it allows you to authenticate the Subscriber in a secure way. DocuSign supports advanced (remote) electronic signature in the ways described below. Further information about the technical characteristics of the electronic signature service provided by DocuSign can be consulted at this link.
Unique identification of the signatory
DocuSign allows you to use verification of a valid identification document (“ID”) to automatically verify the identity of the Subscriber and provide AES in compliance with the eIDAS. Thanks to the ID verification, DocuSign is able to uniquely associate the Subscriber to the AES.
What is checked on the ID? DocuSign will verify that:
The ID has not expired
The name matches the envelope as specified by the sender
Machine readable zones (MRZs), like the barcode, are decoded into information consistent with the rest of the ID
The visual characteristics/holograms are consistent with what that type of ID should look like
There is no evidence of character tampering, letter spacing, holes, or other defects in the ID
No calls are made to government databases, as many require dedicated privileges
If an ID is not automatically recognized, the Subscriber will not be able to access the documents. The specified team managing the AES in Safilo can manually review the ID as a backup option. After the team has verified and accepted the ID, the Subscriber can access and sign the document. Otherwise, the Subscriber cannot access the documents and the verification requirements for the Subscriber will need to be changed.
By encrypting as a Binary Large Object (BLOB), the DocuSign system protects the integrity of documents (including ID verification) and tags while the data is at rest. In addition to blob encryption, it protects data in transit by enabling TLS connections within eSignature APIs and web applications. In addition, it has implemented Secure Socket Layer (SSL) certificates issued by DigiCert (a certificate authority trusted by operating systems/web browsers). DocuSign provides end-to-end encryption that covers both data at rest and data in transit. It also uses SHA-2 data hashing for integrity checking within our system.
Archiving of documents
DocuSign stores the declaration of acceptance of the STS accepted by the Subscriber and the identification document sent by the Subscriber for a period of at least 20 years, in compliance with the provisions of the regulations. All data is stored in EU data centers. Data can be retrieved via API ID Evidence Rest, which uses reliable Transport Layer Security (TLS) encryption and the HTTPS protocol on port 443.
Insertion of a seal in the signed document (to detect any changes to the data)
Once the documents have been electronically signed, DocuSign inserts an anti-tampering seal into the documents (through the “hash” method and encryption) using a global digital signature certificate.
Best practices in case of disputes
In the event of disputes concerning a contract entered into electronically, DocuSign guarantees the collection and storage of many elements that can be decisive in the event of a dispute to prevent any denial of a signature. Below is the complete list of elements available for this purpose:
Audit trail with time/date stamp of all actions carried out by the Subscriber.
Secure encryption that allows only designated users to read and sign documents.
Unique signature is created by each user, accessible only by the corresponding user (a specific team that manages the AES in Safilo), and stored online in a secure manner.
Signature areas (Stick-eTab) are required, which allow the Subscriber to initial and sign specific parts of the document.
Intention to sign
In paper documents, the precise location of the signature is an important criterion for determining the intent of the Subscriber. DocuSign allows this transposition also in the electronic form.
Signature security elements
Documents signed through the DocuSign platform have complete protection as it keeps track of the people who signed, the type of authentication with their data, and the time and date the signature/s was/were affixed. This control process is called “certificate of completion”: the certificate of completion and the document/s digitally signed with a guarantee seal are the key elements to carry out a correct AES process.
Admissibility in evidence
The Member States of the European Union, including Italy, provide for the admissibility of electronic records and reproductions of the latter in the probative stage.
In the case of the Advanced Electronic Signature, the CAD establishes that, in the event of a denial, with the adoption of this signature methodology, it is essential to demonstrate to the courts the following:
The identification of the Subscriber and the unique connection of the same to the signed document;
This connection is created using means over which the Subscriber can retain exclusive control;
The possibility of detecting whether the data has been modified after the AES has been affixed.
The electronic document signed with an AES that guarantees the above requirements has the effectiveness provided for by article 2702 of the civil code, which establishes that: "The private agreement is full proof, up to a complaint of forgery, of the origin of the declarations by the person who signed it, if the person against whom the writing is produced recognizes the signing, or if this is legally considered to be recognized ".
The DocuSign platform delivers the service in Software as a Service (SaaS) mode under Business Continuity through the redundant data centers located in Paris (France), Amsterdam (Holland), and Frankfurt (Germany). The data processed within the service offered are therefore stored exclusively within the territory of the European Union. All data centers are subject to ISO 27001, 27017, 27018, PCI DSS, and SSAE 18 certification.