Hauptbereich

Terms of Use of “SwissID Sign” for the qualified electronic signature

1.    Applicability
These Terms of Use shall apply in the relationship between the End User and SwissSign Group Ltd. or its subsidiary SwissSign Ltd, Sägereistrasse 25, 8152 Glattbrugg (here-after: “SwissSign”) in connection with the use of the SwissSign Signing Service “SwissID Sign” and the corre-sponding certification services for the electronic signature (hereafter: “Signing Service”). 


The Terms of Use shall be displayed to the End User at the time of the electronic order for the Signing Service. The End User must expressly accept the Terms of Use. The Terms of Use, which form an integral component of the Agreement, are also published on the website https://www.swissid.ch/en/sign/tnc.


2.    Services
2.1    Qualified electronic signature
The services in connection with qualified electronic signa-tures shall be provided in accordance with the relevant applicable Certificate Policies. These form an integral part of these Terms of Use.


You can find the current Policies at the following link:
https://www.swisssign.com/en/support/repository


SwissSign is a provider of certification services recog-nised in Switzerland with qualified certificates in accord-ance with the Swiss Federal Act on Electronic Signatures (ESigA SR 943.03). SwissSign shall be regularly checked by the accredited recognition authority for compliance with the ESigA. 


SwissSign shall issue a signature certificate containing information of an identified person. The certificate makes it possible to affix electronic signatures to documents such as PDF files. The signature can be uniquely assigned to the identified person and can also be validated by third parties. Depending on the particular application, a quali-fied electronic signature pursuant to Article 2(e) of the Swiss Federal Act on Electronic Signatures (ESigA SR 943.03) or an advanced electronic signature pursuant to Article 2 (b) ESigA is used for signing. Any use of the signature certificates other than that described above is not permitted.


2.2    Identification of signatories 
SwissSign or the Registration Authority (RA) appointed by it checks the identity of the End User in the identity verifi-cation process.


In the case of a qualified electronic signature, your identity is verified in a face-to-face meeting using your passport or an identity card recognised in Switzerland, and the identity document is checked for authenticity. The identifi-cation process for the qualified electronic signature allows the End User to use both the advanced and the qualified electronic signature, depending on the type of signature desired for the respective legal transaction or even re-quired by law.


For the issuance of certificates used for the advanced electronic signature, End Users may be identified using a process in place for the qualified electronic signature or a process equivalent to a face-to-face meeting.
SwissSign files the personal information which is collected in the identity verification process in accordance with the applicable regulations.


2.3    Signature creation
Provided all requirements are met, SwissSign creates a personal certificate and the corresponding private crypto-graphic key on the Hardware Security Module (HSM) for the purpose of creating the signature. Only the End User has the activation data with which he can use the private key after authentication through an authentication method linked to his Identity. If the activation data is entered, a qualified or advanced electronic signature is created. 


2.4    Verification of the electronic signature's validity
The validity of the electronic signature may be verified by the End User or third parties. 


Verification is possible e.g. on the website www.validator.ch or directly in Adobe Acrobat, a software application developed by Adobe Systems Inc.


2.5    System availability
SwissSign shall endeavour to ensure that the Signing Service operates as continuously as possible. SwissSign assumes no liability for the continuous availability of the Signing Service. SwissSign may temporarily restrict avail-ability to carry out maintenance and repairs, as well as measures to improve the service or to ensure security and integrity. Wherever possible, maintenance work or other measures shall be performed outside normal usage hours.


3.    Requirements for using the service
The End User is aware of the use and legal consequences of digital signature certificates for the qualified and ad-vanced electronic signatures. He must have access to an internet portal or business application that uses the Sign-ing Service provided by SwissSign. He must also have a SwissID at the necessary security level for using the Sign-ing Service. In addition, a smartphone with iOS 11 or later or Android 6.0 or later (including fingerprint scanner and secure element) is required for triggering the signing pro-cess. Additional provisions that may restrict the use of the Signing Service are set out in the terms and conditions of the business customer’s applications that use the Signing Service.


The End User is particularly aware that the SwissSign services are subject to certain export restrictions. The current list of countries subject to export restrictions can be found at:


https://swisssign.com/en/support/exportbeschraenkungen


SwissSign reserves the right to request additional docu-ments from the End User in connection with his/her place of residence, as appropriate.


If you have any questions or concerns in this regard, please do not hesitate to contact SwissSign.


4.    Duties to cooperate
During the registration process, the End User must pro-vide true and complete information to SwissSign or the identification authorities appointed by SwissSign. He must refrain from granting third parties access to his means of authentication for SwissID, particularly his registered smartphone. Records of your personal password may not be disclosed to any other person, must be stored securely and separately from your mobile phone and protected from access by third parties. Access data, such as your password, must be selected in such a way that they can-not be guessed by third parties. In particular, access data may not contain any information about the End User, e.g. first name, last name or date of birth.


The End User shall ensure that no signatures are created if he suspects that his personal password or other access data which must be provided in the authentication process in order to trigger the signature has been stolen or be-come known to a third party. In the event of loss of the smartphone, the End User must inform SwissSign imme-diately. As soon as there are changes to the End User's mobile phone number or identity data, SwissSign or the registration authority appointed by SwissSign must be notified and, if necessary, a new identification must be activated. The End User must ensure that his registration with the signature service, including the changed identity data, is up to date. 


The End User must utilise all current options to protect his smartphone against attacks by viruses and other malware (e.g. worms or trojans) and must use up-to-date software from a trustworthy source for this purpose.

 
Any discrepancies in the digital certificate must be report-ed to SwissSign immediately.


5.    Legal effect
SwissSign's Signing Service can create a qualified elec-tronic signature pursuant to Article 2(e) ESigA or an ad-vanced electronic signature pursuant to Article 2(b) ESigA and in accordance with the corresponding Policies.


You can find the current Policies at the following link:
https://www.swisssign.com/en/support/repository 


The type of signature required in the relevant legal transac-tion (qualified or advanced electronic signature) is determined by the business customer's application using the SwissID Sign Service and is beyond the control of SwissSign. Under Swiss law, only a qualified electronic signature that is associated with a qualified timestamp is deemed equivalent to a handwritten signature. 


The advanced electronic signature does not meet the legal requirement of written form within the meaning of Article 12ff. of the Swiss Code of Obligations and therefore does not have the same legal effect as a handwritten signature. The End User is aware that the electronic signatures made with the Signing Service may have different effects if the law of a country other than Switzerland applies and that any existing formal requirements may not be met.


6.    Usage period
The End User can use the Signing Service for as long as the certificate issued is valid. The validity period of the certificates is limited to the duration indicated in the certif-icate. The usage period for the Signing Service may be extended as long as the identity document provided is valid, the last identification is no more than five (5) years old, and the End User applies for a new certificate.


The End User shall be solely responsible for ensuring that a corresponding request is received by SwissSign in a timely manner so that any registration process can be carried out and that valid certificates are continuously available to him.


The End User undertakes to cease using certificates that have been declared invalid or that have become invalid following expiry of the time limit.


7.    Fee-based right of use
The Customer acquires the right to use a maximum num-ber of signatures (packet). This right may be exercised for a validity period of 24 months from the date of purchase of a packet. If the right to use the signatures is not exercised in full within 24 months, it shall be forfeited without compensation. Packets cannot be accumulated.


The applicable prices and maximum number of signatures per packet shall be published on the website https://www.swissid.ch/en/sign.


8.    Handling of End User data
8.1    Collected data
SwissSign shall only collect, store and process data that is necessary for using the signature service. The handling of this data is governed by the applicable Swiss laws (in particular: Swiss Federal Act on Data Protection (FADP, SR 235.1) and ESigA) also in accordance with the relevant Policies. 


For the purpose of creating the digital certificate and maintaining verifiability, SwissSign collects and stores in particular the following data from you:

 

  • Copy of the relevant pages of the identity doc-ument presented by you (passport, identity card), including the attributes contained therein 
  • If available: other documents introduced by the End User, including the information contained therein
  • Personal means of authentication used
  • Log files on any signing processes
  • Data concerning the revocation of the certificate
  • Other information provided by the End User in the identification process, e.g., his e-mail ad-dress

The management and the duration of the storage of such data shall be in accordance with the statutory provisions.


8.2    Digital certificate
Based on the data which has been provided by you and collected in the identity verification process, SwissSign shall, at the request of the subscriber application and upon the End User's stated consent, issue a qualified or advanced certificate, which may contain the following information concerning you:

 

  • First name(s), last name or pseudonym
  • Two-digit ISO 3166 country code (nationality or residence)
  • Information to ensure the uniqueness of the digi-tal certificate
  • Number of the identity document presented
  • Email address
  • Mobile phone number

The digital certificate is included in the electronically signed file after completion of the signing process. Any-one in possession of the digitally signed file may view the aforementioned information from the digital certificate at any time. This enables third parties to verify your personal information and to see that the information was registered with SwissSign as a Swiss certification service provider and that the certificate and the signature were issued by SwissSign.


8.3    Data archiving after completion of the signing process
SwissSign complies with the applicable statutory provi-sions when storing various data relating to the identity verification process, the digital certificate and the signing process. The data is stored for 11 years. The relevant date for the retention period is the date on which the underlying certificates become invalid. This ensures that the digitally signed document can still be verified as correct in the years after it is created. SwissSign records all relevant information concerning the data issued and received by SwissSign and keeps it in safekeeping so that it is availa-ble, for the purposes of enabling corresponding evidence to be provided in judicial proceedings, in particular, and ensuring continuity of the service. 


SwissSign stores the following data in particular:

  • Log files for the signing process 
  • Hash value of the signed document
  • Data concerning the revocation of the certificate
  • Data as mentioned in chapter 7.1

 

9.    Fulfilment of duties by SwissSign
SwissSign may engage third parties in order to fulfil its duties, particularly as regards the implementation of the identity verification process by external registration author-ities and the retention of identity verification documenta-tion. The End User agrees that the data and information required for this purpose may be disclosed to third parties.


10.    Liability
SwissSign shall be liable to the End User for all damages it causes unless it can prove that it is not at fault. Liability for ordinary negligence is excluded. 


SwissSign shall be liable for any fault in respect of per-sonal injury.


SwissSign is liable for the conduct of its auxiliaries and any third parties involved (e.g. subcontractors and suppli-ers) in the same manner as for its own.


In terms of qualified electronic signatures, liability shall also be governed by the relevant provisions of the ESigA. Any further liability is excluded to the extent permitted by law. In particular, the following exclusions apply:


Liability for the proper functioning of third-party systems, particularly liability for hardware and software utilised by the End User or for business customers using the Signing Service applications, is excluded.


SwissSign shall not be liable to you for loss or damage incurred by you due to the fact that you have either failed to comply with or have exceeded a limitation of use.


SwissSign shall bear no liability for the validity of agree-ments concluded with the aid of certificates.


SwissSign's liability for indirect losses, consequential losses, data loss, data accuracy, third-party losses and lost revenues and profits, as well as for all financial loss-es, is excluded to the extent permitted by law.


Furthermore, SwissSign shall not be liable if, because of force majeure, the performance of the service is occa-sionally interrupted, restricted in whole or in part, or ren-dered impossible.


The term “force majeure” includes in particular natural phenomena of particular intensity (avalanches, flooding, landslides, etc.), acts of war, riots, and unforeseeable official restrictions (e.g. because of pandemics). 


11.    Issuance and invalidation of certificates
The End User may at any time request the invalidation of a certificate used by him. This can be done, for example, via an online application in the user account at https://www.swissid.ch/en/ by providing the blocking password or by using the still-valid signature certificate. 


SwissSign is entitled to refuse to issue certificates without stating reasons.

SwissSign is authorised to declare valid certificates invalid on its own initiative. This applies in particular if: 

  • the certificates were obtained unlawfully or the information provided at the time the application was made is not accurate;
  • there is no longer any guarantee that the certifi-cates can only be attributed to the certificate holder (e.g. because the algorithms underlying the signature certificate have been broken);
  • the contractual relationship is terminated;
  • the End User breaches a duty of cooperation within the meaning of Section 4.

If the invalidation is due to a circumstance attributable to the End User, SwissSign is entitled to compensation for inconvenience and expenses. The right to assert additional damages is expressly reserved.


12.    Amendments to the Agreement 
SwissSign may adjust or amend the products/services and these Terms of Use at any time. This shall be commu-nicated to the End User in an appropriate manner. If the End User disagrees with a material change that is detri-mental to him, he shall be entitled to terminate the Agree-ment in writing within 30 days of notification of the con-tractual change. If the End User does not object to the changes on time, they shall be deemed to have been accepted.


13.    Warranty
The Customer must inspect the certificates and the materi-al provided by SwissSign upon receipt and immediately notify SwissSign in writing of any defects, incorrect and/or incomplete information prior to the first use. Defects discovered later must be reported immediately upon discovery; otherwise, the rights as to defects shall be deemed to have lapsed.


In the event that a defect is reported, SwissSign shall be entitled to choose between rectification and replacement. Any further rights as to defects are expressly excluded. Defective certificates shall be declared invalid by SwissSign.


14.    Duration of the Agreement / termination of the Agreement
The term of the Agreement shall correspond to the term of validity of the certificates. Any declaration of invalidity of the certificates shall result in the immediate termination of the contractual relationship.


The Customer may terminate the contractual relationship at any time by requesting that the certificates be declared invalid. Remuneration not yet paid shall continue to be owed.


SwissSign may terminate the Agreement with one week’s notice without justification. If the Customer is not respon-sible for the reasons for termination, SwissSign shall reimburse the Customer on a pro rata basis for the remu-neration paid. Certificates affected by the termination of the Agreement shall be declared invalid by SwissSign.


15.    Applicable law and jurisdiction
All legal relationships in connection with these Terms of Use shall be governed exclusively by Swiss law and the United Nations Convention on Contracts for the Interna-tional Sale of Goods of 11 April 1980 shall not apply.


The exclusive place of jurisdiction is Zurich. Mandatory places of jurisdiction remain reserved.


16.    Contacts
If you have any questions regarding the provision of services in accordance with these Terms of Use, you may contact SwissSign at the following address: https://www.swissid.ch/en/b2c-kontakt.html.


17.    Final provisions
The Customer may not offset claims of SwissSign with any counterclaims.


The Customer may not transfer the rights and obligations under this Agreement to any third party.


All intellectual property rights over the material provided by SwissSign (documentation, devices, software, etc.) shall remain the property of SwissSign or the third parties with rights thereto. The Customer shall receive a non-exclusive and temporally limited licence to use such mate-rial in line with the contractual purpose.


If individual provisions of these Terms of Use are found to be invalid or unlawful, this shall not affect the validity of the Terms of Use. In such cases, the invalid provision shall be replaced with a valid provision that is as con-sistent as possible with it in economic terms.

 

SwissSign Group Ltd
Sägereistrasse 25
8152 Glattbrugg
Switzerland
https://www.swissid.ch/en/
https://www.swisssign-group.com/en


July 2021