Sectigo CERTIFICATE SUBSCRIBER AGREEMENT
IMPORTANT - PLEASE READ THIS CERTIFICATE SUBSCRIBER AGREEMENT CAREFULLY BEFORE APPLYING FOR, ACCEPTING, OR USING A Sectigo CERTIFICATE. BY USING, APPLYING FOR, OR ACCEPTING A Sectigo CERTIFICATE OR BY CLICKING ON "I AGREE", YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO ITS TERMS. IF YOU DO NOT ACCEPT THIS AGREEMENT, DO NOT APPLY FOR, ACCEPT, OR USE A Sectigo CERTIFICATE AND DO NOT CLICK "I AGREE".
This agreement is between you ("Subscriber") and Sectigo CA Limited ("Sectigo"), a United Kingdom company. The agreement governs your application for and use of an SSL Certificate issued from Sectigo. You and Sectigo agree as follows:
1. Subscription Service.
1.1. Issuance. Upon Sectigo's acceptance of Subscriber's application for a Certificate, Sectigo shall attempt to validate the application information in accordance with the Sectigo CPS and, for EV Certificates, the EV Guidelines. If Sectigo chooses to accept the application and can validate Subscriber to Sectigo's satisfaction, Sectigo shall issue the ordered Certificate(s) to Subscriber. Sectigo may refuse an application for any reason.
1.2. Multiple Certificates. This agreement applies to multiple future Certificate request and any resulting Certificates, regardless of when the Certificate is requested or issued.
1.3. License. After issuance, Sectigo grants Subscriber a revocable, non-exclusive, non-transferable license to use the issued Certificates on the server hosting the domain name(s) listed in the Certificate. Sectigo also grants Subscriber a non-exclusive, non-transferable, and revocable license to use Sectigo's EV AUTO-Enhancer and EV Enhancer technology in connection with Sectigo EV Certificates. All rights not expressly granted herein to Subscriber are reserved to Sectigo.
1.4. TrustLogos. Sectigo grants Subscriber a license to display purchased TrustLogos on domain(s) secured by a Sectigo Certificate. When revoking a Certificate, Sectigo may also revoke any TrustLogos issued to the same site. Subscriber shall not modify a TrustLogo in any manner. Subscriber shall not display or use a TrustLogo 1) to represent that Sectigo guarantees any non-Sectigo products or services, 2) on a site that is misleading, defamatory, libelous, disparaging, obscene or otherwise objectionable to Sectigo, or 3) in a way that harms Sectigo's rights to its trademarks or harms Sectigo's business reputation.
1.5. Fee. Subscriber shall pay all applicable fees for the Certificate before it issues. Certificate fees are provided to Subscriber during the application process. All payments are non-refundable, except that the Certificate's seller will refund a payment if, before twenty (20) business days after the Certificate's issuance, the Subscriber has 1) not used the Certificate and 2) made a written request to Sectigo for the Certificate's revocation.
1.6. Subscriber Obligations. Subscriber shall:
(i) use the Certificates only for the purposes listed in the Sectigo CPS;
(ii) only install an issued Certificate on the servers accessible at the domain name(s) listed in the Certificate and only use an issued Certificate for authorized business of the Subscriber;
(iii) be responsible for any computer hardware, telecommunications hardware, and software necessary to use the Certificate;
(iv) obtain and maintain any authorization or license necessary to use the Certificate;
(v) bind every Relying Party to Sectigo's Relying Party Agreement;
(vi) keep Confidential Information confidential and uncompromised, and immediately inform Sectigo and request revocation of any affected Certificates if Subscriber reasonably believes that Confidential Information is likely to be disclosed or compromised;
(vii) ensure that all information provided to Sectigo is complete and accurate and does not include any information that would be unlawful, contrary to public interest, or otherwise likely to damage the business or reputation of Sectigo if used in any way;
(viii) immediately cease using a Certificate and associated Private Key 1) if the Private Key is compromised or 2) after the Certificate is expired or revoked,
(ix) immediately notify Sectigo of 1) any a breach of this agreement or 2) any information provided to Sectigo changes, ceases to be accurate, or becomes inconsistent with the warranties made by Subscriber herein, and
(x) comply with all applicable local and international laws when receiving or using a Certificate, including all export laws. Subscriber shall not export or re-export, either directly or indirectly, any Certificate to a country or entity under United Kingdom or United States restrictions. SUBSCRIBER ASSUMES ALL LIABILITY FOR ITS VIOLATION OF EXPORT LAWS.
1.7. Restrictions. Subscriber shall not:
(i) impersonate or misrepresent Subscriber's affiliation with any entity,
(ii) modify, license, create a derivative work of, or transfer any Certificate (except as required to use the Certificate) or Private Key;
(iii) install or use an issued Certificate until after Subscriber has reviewed and verified the Certificate data's accuracy;
(iv) upload or distribute any files or software that may damage the operation of another's computer,
(v) use the Services to 1) engage in conduct that is offensive, abusive, contrary to public morality, indecent, defamatory, obscene, or menacing, 2) breach the confidence of a third party, 3) cause Sectigo or a third party distress, annoyance, denial of any service, disruption or inconvenience, 4) send or receive unsolicited bulk correspondence or 5) create a Private Key that is substantially similar to a Sectigo or third party's Private Key,
(vi) make representations regarding the Service to any third party except as agreed to in writing by Sectigo.
2. Warranties and Representations. Subscriber warrants that:
(i) for EV Certificates, the subject named in the Certificate has exclusive control of the domain name(s) listed in the Certificate;
(ii) it has full power and authority to enter into this agreement and perform its obligations hereunder;
(iii) for EV Certificates, the individual accepting the Agreement is expressly authorized by Subscriber to sign the agreement for Subscriber.
3. Revocation. Sectigo may revoke a Certificate if Sectigo believes that:
(i) Subscriber requested revocation of the Certificate;
(ii) Subscriber did not authorize the Certificate and has not retroactively granted authorization;
(iii) Subscriber breached this Agreement;
(iv) Confidential Information related to the Certificate has been disclosed or compromised;
(v) the Certificate has been 1) misused, 2) used contrary to law, rule, or regulation or 3) used, directly or indirectly, for illegal or fraudulent purposes;
(vi) information in the Certificate is inaccurate or misleading,
(vii) for EV Certificates, Subscriber loses exclusive control over a domain name listed in the Certificate;
(viii) the Certificate was not issued or used in accordance with Sectigo's CPS, industry standards, or, for EV Certificates, the EV Guidelines;
(ix) Sectigo 1) ceased operations or 2) is no longer allowed to issue the Certificate, and no other certificate authority has agreed to provide revocation support for the Certificate;
(x) Subscriber is added as a denied party or prohibited person to a blacklist, or is operating from a prohibited destination under the laws of Sectigo's jurisdiction of operation;
(xi) the Certificate was issued to publishers of malicious software;
(xii) the CPS authorizes revocation of the Certificate; or
(xiii) the Certificate, if not revoked, will compromise the trust status of Sectigo.
After revoking the Certificate, Sectigo may, in its sole discretion, reissue the Certificate to Subscriber or terminate the agreement.
4. Intellectual Property Rights.
4.1. Sectigo IP Rights. Sectigo retains, and Subscriber shall not obtain or claim, all title, interest, and ownership rights in:
(i) the Services, including issued Certificates,
(ii) all copies or derivative works of the Services, regardless of who produced, requested, or suggested the copy or derivative work,
(iii) all documentation and materials provided by Sectigo, and
(iv) all of Sectigo's copyrights, patent rights, trade secret rights and other proprietary rights.
4.2. Trademarks. Subscriber shall not use a Sectigo trademark without Sectigo's written consent. Sectigo consents to use of trademarks in connection with provided TrustLogos.
4.3. Other Rights. EV AUTO-Enhancer™ for Windows uses Microsoft Detours Professional 2.1. Detours is Copyright 1995-2004, Microsoft Corporation. Portions of the Detours package may be covered by patents owned by Microsoft corporation.
Microsoft, MS-DOS, Windows, Windows NT, Windows 2000, Windows XP, and DirectX are registered trademarks or trademarks of Microsoft Corporation in the U.S. and other countries.
5.1. Indemnification. Subscriber shall indemnify Sectigo and its affiliates and their respective directors, officers, employees, and agents (each an "Indemnified Person") against all liabilities, losses, expenses, or costs (including reasonable attorney's fees) (collectively "Losses") that, directly or indirectly, are based on Subscriber's breach of this agreement, information provided by Subscriber, or Subscriber's or its customers' infringement on the rights of a third party.
5.2. Indemnification Procedure. Sectigo shall notify Subscriber promptly of any demand for indemnification. However, Sectigo's failure to notify will not relieve Subscriber from its indemnification obligations except to the extent that the failure to provide timely notice materially prejudices Subscriber. Subscriber may assume the defense of any action, suit, or proceeding giving rise to an indemnification obligation unless assuming the defense would result in potential conflicting interests as determined by the Indemnified Person in good faith. Subscriber may not settle any claim, action, suit or proceeding related to this agreement unless the settlement also includes an unconditional release of all Indemnified Persons from liability.
5.3. Additional Liability. The indemnification obligations of Subscriber are not Sectigo's sole remedy for Subscriber's breach and are in addition to any other remedies Sectigo may have against Subscriber under this agreement. Subscriber's indemnification obligations survive the termination of this agreement.
6. Term and Termination.
6.1. Term. Unless otherwise terminated as allowed herein, this agreement is effective upon Subscriber's acceptance and lasts for as long as a Certificate issued under the agreement is valid.
6.2. Termination. Either party may terminate the agreement with 20 business days notice for convenience. Sectigo may terminate this agreement immediately without notice if
(i) Subscriber materially breaches this agreement,
(ii) if Sectigo revokes a Certificate as allowed herein,
(iii) if Sectigo rejects Subscriber's Certificate application,
(iv) Sectigo cannot satisfactorily validate Subscriber in accordance with section 1.1, or
(v) if industry standards change in a way that affects the validity of the Certificates ordered by Subscriber.
6.3. Events Upon Termination. After termination, Sectigo may revoke any other Certificate's issued to Subscriber without further notice. Subscriber shall pay any amounts still owed for the Certificates. Sectigo is not obligated to refund any payment made by Subscriber upon termination of this Agreement.
7. Disclaimers and Limitation of Liability.
7.1. Relying Party Warranties. Subscriber acknowledges that the Relying Party Warranty is only for the benefit of Relying Parties. Subscriber does not have rights under the warranty, including any right to enforce the terms of the warranty or make a claim under the warranty.
7.2. Exclusion of Warranties. THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE". Sectigo EXPRESSLY DISCLAIMS ALL IMPLIED AND EXPRESS WARRANTIES IN THE SERVICES. THIS DISCLAIMER INCLUDES ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT AND IS EFFECTIVE TO THE MAXIMUM EXTENT ALLOWED BY LAW. Sectigo DOES NOT GUARANTEE THAT 1) THE SERVICES WILL MEET SUBSCRIBER'S REQUIREMENTS OR EXPECTATIONS OR 2) THAT ACCESS TO THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE.
7.3. Limitation on Liability. SUBJECT TO SECTION 7.4, THE TOTAL LIABILITY OF Sectigo AND ITS AFFILIATES, AND EACH OF THEIR OFFICERS, DIRECTORS, PARTNERS, EMPLOYEES, AND CONTRACTORS, RESULTING FROM OR CONNECTED TO THIS AGREEMENT IS LIMITED TO THE AMOUNT PAID BY SUBSCRIBER FOR THE SERVICES GIVING RISE TO THE LIABILITY. SUBSCRIBER WAIVES ALL LIABILITY FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES. THIS WAIVER INCLUDES ALL DAMAGES FOR LOST PROFITS, REVENUE, USE, OR DATA AND APPLIES EVEN IF Sectigo IS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. These limitations apply to the maximum extent permitted by law regardless of 1) the reason for or nature of the liability, including tort claims, 2) the number of any claims, 3) the extent or nature of the damages, and 4) whether any other provisions of this agreement have been breached or proven ineffective.
7.4. Exception. Nothing in this agreement excludes or limits the liability of either party for death or personal injury resulting from the negligence of that party or for any statements made fraudulently by either party.
8.1. Injunctive Relief. Subscriber acknowledges that its breach of this agreement will result in irreparable harm to Sectigo that cannot adequately be redressed by compensatory damages. Accordingly, in addition to any other legal remedies which may be available, Sectigo may seek and obtain an injunctive order against a breach or threatened breach of the agreement by Subscriber.
8.2. Limitation on Actions. Except for actions and claims related to a party's indemnification and confidentiality obligations, all claims and actions arising from this agreement must be brought within one (1) year from the date when the cause of action occurred.
8.3. Remedy. Subscriber's sole remedy for a defect in the Services is to have Sectigo use reasonable efforts to correct the defect. Sectigo is not obligated to correct a defect if (i) the Service was misused, damaged, or modified, (ii) Subscriber did not immediately report the defect to Sectigo, or (iii) Subscriber breached any provision of this agreement.
9. Confidentiality. Except as allowed herein, a party ("Receiving Party") shall not use or disclose any Confidential Information provided by the other party (the "Disclosing Party") other than for the purpose of performing its obligations under this agreement. The Receiving Party shall take reasonable measures to prevent unauthorized disclosure and shall ensure that any person receiving Confidential Information complies with the restrictions in this section. The Receiving Party may disclose Confidential Information if the information:
(i)is already possessed by the Receiving Party before receipt from the Disclosing Party;
(ii)is or becomes public domain without fault of the Receiving Party;
(iii)is received by the Receiving Party from a third party who is not under an obligation of confidentiality or a restriction on the use and disclosure of the information,
(iv)is disclosed in response to the requirements of a law, governmental order, regulation, or legal process and the Receiving Party first gives prior notice to the Disclosing Party of the requirement to disclose the information, or
(v)is disclosed under operation of law to the public without a duty of confidentiality.
A party asserting one of the exceptions to Confidential Information above shall prove the assertion using verifiable documentary evidence. The restrictions contained in this section apply for the duration of the agreement plus five years after its termination.
(ii) Subscriber consents to 1) Sectigo disclosing Subscriber's information publicly by embedding the information in issued Certificates and 2) Sectigo disclosing and transferring Subscriber's information to third parties located outside of the European Union as necessary to validate and issue Certificates.
(iii) Subscriber may opt-out of having information used for purposes not directly related to the Services by emailing a clear notice to optout@Sectigo.com. By clicking "I AGREE", Subscriber affirmatively consents to receiving Sectigo's and its affiliates marketing material.
11.1. Force Majeure and Internet Frailties. Other than for payment obligations by Subscriber, neither party will be liable for a delay or failure to perform an obligation to the extent that the delay or failure is caused by an occurrence beyond the party's reasonable control. Each party acknowledges that the operation of the Internet is beyond the other party's reasonable control, and neither party will be liable for a delay or failure caused by an interruption or failure of telecommunication or digital transmission links, Internet slow-downs or failures, or other such transmission failure.
11.2. Notices. You shall send all notices to Sectigo by first class mail in English writing, with return receipt requested, to Sectigo CA Limited, 26 Office Village, 3rd Floor, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ, United Kingdom. Sectigo shall send all notices to Subscriber's contact information listed on its Certificate application. Sectigo may send notices by mail, email, or facsimile.
11.3. Entire Agreement. This agreement and all documents referred to herein constitutes the entire agreement between the parties, superseding all other agreements that may exist with respect to the subject matter. Section headings are for reference and convenience only and are not part of the interpretation of this agreement.
11.4. Amendments. Sectigo may amend this agreement, the CPS, the Relying Party Agreement, the Relying Party Warranty, its website, and any documents listed in its Repository at any time by posting either the amendment or the amended document in the Repository. Subscriber shall periodically review the Repository to be aware of any changes. Subscriber may terminate the agreement if Subscriber does not agree to the amendment. Subscriber's continued use of the Services after an amendment is posted constitutes Subscriber's acceptance of the amendment.
11.5. Waiver. A party's failure to enforce a provision of this agreement will not waive the party's right to enforce the same provision later or right to enforce any other provision of this agreement. To be effective, all waivers must be both in writing and signed by the party benefiting form the waived provision.
11.6. Assignment. Subscriber may not assign any of its rights or obligations under this agreement without the prior written consent of Sectigo. Any transfer without consent is void. Sectigo may assign its rights and obligations without Subscriber's consent.
11.7. Governing Law and Venue. The laws of England and Wales govern the interpretation, construction, and enforcement of this agreement and all proceedings arising out of it, including tort claims, without regard to any conflicts of law principles. All proceedings or legal action arising from this agreement must be commenced in the courts of England and Wales. Both parties agree to the exclusive venue and jurisdiction of these courts.
11.8. Severability. Any provision determined invalid or unenforceable by rule of law will be reformed to the minimum extent necessary to make the provision valid and enforceable. If reformation is not possible, the provision is deemed omitted and the balance of the agreement remains valid and enforceable.
11.9. Survival. All provisions of the agreement related to confidentiality, proprietary rights, indemnification, and limitations of liability survive the termination of the agreement.
11.10. Rights of Third Parties. The Certificate Beneficiaries are express third party beneficiaries of Subscriber's obligations and warranties in this agreement.
12.1. "Certificate" means a digitally signed electronic data file issued by Sectigo to a person or entity seeking to conduct business over a communications network which contains the identity of the person authorized to use the Digital Signature, a copy of their Public Key, a serial number, a time period during which the data file may be used, and a Digital Signature issued by Sectigo.
12.2. "CPS" refers to the documents explaining Sectigo's polices and procedures when operating its PKI infrastructure.
12.3. "Confidential Information" means all material, data, systems, technical operations, and other information concerning Sectigo's business operations that is not known to the general public, including all information about the Certificate issuance services (such as all Private Keys, personal identification numbers and passwords).
12.4. "Certificate Beneficiaries" means the Subscriber, the Subject named in the Certificate, any third parties with whom Sectigo has entered into a contract for inclusion of its root certificate, and all Relying Parties that actually rely on such Certificate during the period when it is valid.
12.5. "Digital Signature" means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using the signatory's Private Key and is linked in a way so as to make any subsequent changes to the electronic data detectable.
12.6. "EV AUTO-Enhancer" means Sectigo's patent-pending process and software to enable EV functionality on web browsing computers using a modified Apache configuration file or the Sectigo developed IIS plug-in.
12.7. "EV Certificate" means a Certificate signed to Sectigo's EV root certificate that is designed for use with an SSL v3 or TLS v 1.0 enabled web browse and that complies with the EV Guidelines.
12.8. "EV Enhancer" means the process and software used by Sectigo to enable EV functionality on web browsing computers by pointing the web browser on the web browsing computer to a beacon website designed to download and install a new EV root certificate.
12.9. "EV Guidelines" refers to the official, adopted guidelines governing EV Certificates as established by the CA/Browser Forum that are available online at http://www.cabforum.org.
12.10. "Private Key" means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, and decrypt files or messages which have been encrypted with a Public Key.
12.11. "Public Key" means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures and encrypt files or messages.
12.13. "Relying Party" means an entity that acts in reliance on a Certificate or a Digital Signature.
12.14. "Relying Party Agreement" refers to an agreement located on the Sectigo Repository that governs a Relying Party's use of the Certificate when transacting business with the Subscriber's website.
12.15. "Relying Party Warranty" refers to a warranty offered by Sectigo to a Relying Party under the terms and conditions found in the Sectigo Relying Party Agreement in connection with the Relying Party's use of a Certificate.
12.16. "Repository" means a publicly available collection of information and databases relating to Sectigo's Certificate practices and which is available at http://www.Sectigo.com/repository.
12.17. "Services" means the Certificates ordered hereunder along with any related TrustLogos, software, and documentation.12.18. "TrustLogo" means a logo provided by Sectigo for use on a Subscriber's site in connection with an issued Certificate.
BY CLICKING "I AGREE", YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT AND THAT YOU AGREE TO COMPLY WITH ITS TERMS. DO NOT CLICK "I AGREE" IF YOU DO NOT ACCEPT THIS AGREEMENT.