SERVICE SCHEDULE for DOCUSIGN PROTECT & SIGN ELECTRONIC SEAL

1.   DEFINITIONS

“Archiving Policy” means all legal, functional, operational, technical, and security rules the Customer must establish, implement, and comply with to ensure the reliability of the Proof Files (conservation period, accessibility of archives, procedures for restoration, destruction etc.).

“Archiving Service” means the DocuSign services for the archiving of Proof Files during the Archive Period.

“Certification Authority (or CA)” means the entity issuing the Electronic Certificates to the Customer pursuant to the rules and practices that the Certification Authority has established in its Certification Policy.

“Certificate Revocation List (CRL)” means the list digitally signed by a CA containing the identities of Certificates that are no longer valid.

“Certification Policy” means the set of rules published by the CA, and describing the general characteristics of the Certificates it issues. A Certificate Policy describes the obligations and responsibilities of the CA, the RA, Signers, Certificate requesters, and any other PKI component involved in the management of a Certificate life cycle. The Certificate Policy(ies) of DocuSign France and its(their) successive update(s) can be accessed on DocuSign France’s website, https://www.docusign.fr/societe/politiques-de-certifications, and are an integral part of this Agreement.

“Customer Application” means the software or technology owned and controlled by the Customer and made available to third party end-users for the purpose of offering the Service.

“Customer Connector” means the software that connects the Customer Application to the applicable Protect & Sign Service.

“Delegated Registration Authority (DRA)” means any entity expressly designated by the RA (Customer) in order to perform all or part of the RA tasks in accordance with the applicable Certification Policy and Registration Policy.

“Electronic Seal” means the server stamp affixed to an eDocument using a Time Stamp, Sealing Certificate, and Private Key.

“Private Key” means the secret electronic data intended for the Customer, associated with the Sealing Certificate and managed by DocuSign in order to create Electronic Seals.

“Proof File” means the information and data associated with the eDocument to: (i) validate that the eDocument has been electronically signed (using the Electronic Seal); and (ii) detect whether the content of such eDocument has been tampered with or otherwise modified.

“Protect & Sign Service” or “Service” refers to the Protect & Sign Electronic Seal.

“Public Key Infrastructure (PKI)” means the infrastructure required to produce, distribute, manage, and archive keys, Certificates, and CRL, as well as the basis on which the Certificates and the CRL must be published.

“Registration Policy” means the procedures and rules defined and introduced by the Registration Authority to identify and authenticate Users, verify and keep the Users' proof of registration, and register the issue, renewal, and revocation of Certificates. The Registration Authority is the Customer.

“Sealing Certificate” means the Certificates associated with the Private Keys and Time Stamp, used to affix the Electronic Seal on an eDocument.

“Technical Contact” means the individual who manages a Certificate on behalf of a Legal Entity and acts as a Certificate manager in accordance with the Certification Policy.

“Time-stamps” means the time-stamp tokens affixed to Proof Files and further described at https://www.docusign.fr/societe/politiques-de-certifications.

2.   CUSTOMER RESPONSIBILITIES

2.1   Customer Application and Connector. Customer is responsible for: (i) configuring Customer’s Applications; (ii) integrating the Customer Connector and technical key pairs of the Customer Connector; and (iii) the security of the connection between the Customer Connector and the Customer Applications that are required to access the Protect & Sign Service.

The Customer must also ensure, during the installation of the Service, protection, confidentiality, and security of the environment that will safeguard the Private Keys used by the Customer Connector.

In this regard, the Customer shall be solely liable for any damaging consequences that may result from the use, by a third party having received disclosure, by any means whatsoever, of Private Keys and Customer Certificate enabling access to the Service.

2.2   Production Launch Testing and Validation. Customer acknowledges that the use of the Protect & Sign Service is subject to a DocuSign-specified testing and validation process.

The production launch of the Service will be completed within fifteen (15) business days of receipt of the production launch document, duly completed and signed by the Customer.

Upon completion of the production of the Service, since DocuSign does not have access to the Service via the Customer's environment, the latter undertakes to carefully monitor the first signatures made with the Service platform in order to confirm to DocuSign that the putting into production is operational. Failing this, DocuSign shall not be responsible for the malfunctioning of the Service in the Customer's environment.

2.3   Restrictions on Use. During the Term and subject to the terms and conditions of the Agreement, Customer will have the right to submit eDocuments to the Service. The right to use the Service is limited to Authorized Users, and Customer may not resell or otherwise provide or assist with the provision of the Service for the benefit of another party or as a part of a service Customer offers to third parties or as a sublicensed or service bureau arrangement.

3.   DOCUSIGN RESPONSIBLITIES

3.1   Protect & Sign Electronic Seal. Unless otherwise set forth on the applicable Order Form, DocuSign agrees that the Protect & Sign Electronic Seal service will perform the following functions:

• affix an Electronic Seal to eDocuments submitted by the Customer using Protect & Sign Electronic Seal;

• create, sign, and Time-Stamp Proof Files and send Proof Files to the Electronic Archiving Service for archiving or the provision thereof for the benefit of the Customer for downloading; and

• obtain the Electronic Seal Proof File via the Customer Connector.

Unless otherwise set forth on the applicable Order Form, DocuSign will provide Customer with three (3) Customer Certificates.

3.2   Electronic Archiving Service. If Customer purchases the Electronic Archiving Service under the applicable Order Form, DocuSign will make available a secure storage environment for Customer’s use for archiving Proof Files created as part of the Customer’s use of the Protect & Sign Service. The Proof Files will be archived for a period of ten (10) years from their receipt by the Electronic Archiving Service, unless their return is explicitly requested by the Customer (“Archiving Period”). Upon expiration of the Archiving Period, Customer will have sixty (60) days to notify DocuSign of its intent to extend the Archiving Period (subject to a written agreement between the Parties) or request that DocuSign return their Proof Files. In the event this Agreement expires or is terminated prior to the expiration of the Archiving Period, DocuSign will continue to maintain the Electronic Archiving Service for the duration of the Archiving Period for any eDocuments archived prior to the expiration or termination of the Agreement.

Unless otherwise requested by the Customer in accordance with the stipulations of section 3.3, DocuSign is not authorized to access the archived Proof Files.

3.3   Physical Copies of Proof Files. If Customer purchases the Electronic Archiving Service through DocuSign, Customer may request (as an additional service for an additional fee) DocuSign to provide physical copies of Proof Files generated through the Protect & Sign Service and archived by DocuSign. Upon such request, DocuSign will de-archive the nominated Proof File(s), extract and print the underlying eDocument(s), and affix a stamp certifying that the printed eDocument is the one signed and archived through the Service.

3.4   Deletion of Proof Files. Unless otherwise set forth on the applicable Order Form and except if Customer has purchased the Electronic Archiving Service, DocuSign will delete Proof Files generated by the Protect & Sign service after 10 days.

4.   ADDITIONAL RESTRICTIONS AND OBLIGATIONS

4.1   Size Limitations. Customer acknowledges that eDocuments submitted to the Protect & Sign Service may not exceed seven hundred and fifty kilobytes (750 KB) each.

4.2   Additional Conditions for Protect & Sign Electronic Seal. The Customer must appoint a Technical Contact who will sign the requests for a Sealing Certificate and Customer Connectors, and who may, in turn, appoint a replacement Technical Contact person unless otherwise indicated by the Customer. Customer agrees to create and comply with an industry-standard Archiving Policy in connection with its handling of Proof Files. Customer undertakes to preserve and protect the integrity, availability, and confidentiality of Private Keys under its control and shall be solely liable for any unauthorized use, access, or disclosure of the Private Keys and Customer Certificate while under the control of Customer. Customer must immediately inform DocuSign in writing of any misuse or unauthorized use of the Protect & Sign Electronic Seal.

5.   DOCUSIGN WARRANTIES

5.1   Protect & Sign Electronic Seal Warranties. DocuSign represents and warrants that when operated in accordance with the Documentation:

• the Electronic Seals generated by the Protect & Sign Electronic Seal service are admissible for evidentiary purposes in the same way as an authentic stamp on paper support, in accordance with the EU Regulation of July 23, 2014 on electronic identification and trusted services for electronic transactions (eIDAS); provided however only insofar as Electronic Seal is stored by Customer under conditions intended to safeguard its integrity (formation of a Proof File signed and time-stamped by DocuSign and archived in accordance with section 3.2 of this Schedule) and to the extent the Electronic Seal is linked with the eDocument;

• the Electronic Seals generated by the Protect & Sign Electronic Seal service meet the definition of “advanced” level under the terms of articles 35 and 36 of the eIDAS Regulation; and

• DocuSign is a Trust Service Provider under the definition of eIDAS in the context of the provision of the Service.

6.   TERMINATION

Upon the expiration or termination of this Service Schedule for any reason, Customer shall promptly return to DocuSign, as of the expiry and/or effective termination date, any Documentation made available by DocuSign for the performance of this Service Schedule and any copies of any nature stored in any medium, including a digital medium, or, if applicable and if expressly requested by DocuSign, destroy the Documentation and any copies made in any medium.