|
|
 |
VERISIGN™ PUBLIC CERTIFICATION SERVICES
GLOBAL SITE SERVICES AGREEMENT
YOU MUST READ THIS GLOBAL SITE SERVICES AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A GLOBAL SERVER ID. IF YOU DO NOT AGREE TO THE TERMS OF THIS SUBSCRIBER AGREEMENT, DO NOT APPLY FOR, ACCEPT, OR USE THE GLOBAL SERVER ID.
THIS SUBSCRIBER AGREEMENT will become effective on the date you submit the Global Secure Site Services Application ("Application") to the designated issuing authority (IA). By submitting this Subscriber Agreement (and Application) you are requesting that the IA issue a Global Server ID to you and are expressing your agreement to the terms of this Subscriber Agreement. VeriSign's Public Certification Services are governed by VeriSign's Certification Practice Statement (the "CPS") as amended from time to time, which is incorporated by reference into this Subscriber Agreement. The CPS is published on the Internet in VeriSign's repository at https://www.verisign.com/repository and ftp://ftp.verisign.com/repository/CPS and is available via E-mail from: CPS-requests@verisign.com. Amendments to the CPS are also posted in VeriSign's repository at https://www.verisign.com/repository/updates.
YOU AGREE TO USE THE GLOBAL SERVER ID AND ANY RELATED IA SERVICES ONLY IN ACCORDANCE WITH THE CPS. YOU AGREE TO SPECIFICALLY ABIDE BY THE TERMS OF VERISIGN'S RELYING PARTY AGREEMENT ("RPA") AND CPS SECTION 8 WHEN RELYING UPON ANY GLOBAL SERVER ID, SERVER ID, OR OTHER CERTIFICATE ISSUED BY AN IA. The RPA is posted in VeriSign's repository at https://www.verisign.com/repository/RPA. In addition to the CPS and RPA, you agree to Sections 1 - 12 below.
Additional Information and Terms and Conditions.
1. VeriSign Export Licenses. VeriSign is licensed to issue Global Server IDs, subject to the terms of VeriSign's Export License Agreements with the U.S. Department of Commerce, Bureau of Export Administration. VeriSign shall retain the right, at its sole discretion, to approve your Application, subject to the terms of a VeriSign License.
2. Global Server ID. The Export Commodity Control Number for your Global Server ID is 5D002. A Global Server ID enables you to negotiate SSL or TLS sessions using 128-bit RC4 or IDEA, 56 bit DES, two-key Triple-DES encryption, or such other encryption that the U.S. Department of Commerce may permit for export in the future. You must use a Global Server ID software platform listed on the enrollment form in order to enable an SSL or TLS session with your Global Server ID.
3. Qualified Applicant. You represent that you are one of the following entities that are eligible to receive favorable treatment under current U.S. encryption export control policy for the export of Global Server IDs.
3.1 "Bank" means (a) Bank, savings association, credit union, bank holding company, bank or savings association service corporation, Edge Act corporation, Agreement corporation, or any insured depository institution, which is organized under the laws of the United States or any State and regulated or supervised by a Federal banking agency or a State bank supervisor; or (b) a company organized under the laws of a foreign country and regulated or supervised by a foreign bank regulatory or supervisory authority which engages in the business of banking, including without limitation, foreign commercial banks, foreign merchant banks and other foreign institutions that engage in banking activities usual in connection with the business of banking in the countries where such foreign institutions are organized or operating; or (c) an entity engaged in the business of providing clearing or settlement services, that is, or whose members are, regulated or supervised by a Federal banking agency, a State bank supervisor, or a foreign bank regulatory or supervisory authority; or (d) a branch or affiliate of any of the entities listed in Subsections (a), (b), or (c) of this Section 3.1, regulated or supervised by a Federal banking agency, a State bank supervisor or a foreign bank regulatory or supervisory authority; or (e) an affiliate of any of the entities listed in Subsections (a), (b), (c), or (d) of this Section 3.1, engaged solely in the business of providing data processing services to a bank or financial institution, or a branch of such an affiliate.
3.2 "Financial Institution" means any of the following: (a) a broker, dealer, government securities broker or dealer, self-regulatory organization, investment company, or investment adviser, which is regulated or supervised by the Securities and Exchange Commission or a self-regulatory organization that is registered with the Securities and Exchange Commission; or (b) a broker, dealer, government securities broker or dealer, investment company, investment adviser, or entity that engages in securities activities that, if conducted in the United States, would be described by the definition of the term "self-regulatory organization"' in the Securities Exchange Act of 1934, which is organized under the laws of a foreign country and regulated or supervised by a foreign securities authority; or (c) a US board of trade that is designated as a contract market by the Commodity Futures Trading Commission or a futures commission merchant that is regulated or supervised by the Commodity Futures Trading Commission; or (d) a US entity engaged primarily in the business of issuing a general purpose charge, debit, or stored value card, or a branch of, or affiliate controlled by, such an entity; or (e) a branch or affiliate of any of the entities listed in Subsections (a), (b), or (c) of this Section 3.2 regulated or supervised by the Securities and Exchange Commission, the Commodity Futures Trading Commission, or a foreign securities authority; or (f) an affiliate of any of the entities listed in Subsections (a), (b), (c), or (e) of this Section 3.2, engaged solely in the business of providing data processing services to one or more bank or financial institutions, or a branch of such an affiliate.
3.3 "Banking and Financial Service Systems" means systems that enable secure online or Internet transmission of financial data between you and your clients and prospective customers. Banking and Financial Service Systems include intra bank and bank to bank financial systems but do not include client to client (e.g. customer to customer) exchange of Global Server ID-encrypted financial or non-financial data.
3.4 "Insurance Company" means a company organized and regulated under the laws of any of the United States and its branches or affiliates whose primary and predominant business activity is the writing of insurance or the reinsurance of risks; or a company organized and regulated under the laws of a foreign country and its branches and affiliates, regulated by an insurance commissioner or an equivalent foreign regulatory authority and whose primary and predominant business activity is the writing of insurance or the reinsuring of risks.
3.5 "Health and Medical Organizations" means any entity, including civilian government agencies but excluding biochemical and pharmaceutical manufacturers and military government entities, the primary purpose of which is the provision of medical or other health services.
3.6 "Online Merchant" means an entity regularly engaged in lawful commerce that use means of electronic communications (e.g., the internet) to conduct commercial transactions.
3.7 U.S. Subsidiaries. In addition to the entities defined in Sections 3.1-3.6, U.S. Subsidiary organizations (as defined in this Section 3.7) may also purchase and use Global Server IDs solely for the purpose of securing company proprietary information. Qualified entities under this paragraph must meet one of the following conditions: (a) a U.S. entity beneficially owns or controls (whether directly or indirectly) 25 percent or more of the voting securities of the foreign subsidiary or entity, if no other persons owns or controls (whether directly or indirectly) an equal or larger percentage; (b) the foreign subsidiary or entity is operated by the U.S. entity pursuant to the provisions of an exclusive management contract; (c) a majority of the members of the Board of Directors of the foreign subsidiary also are members of the comparable governing body of the U.S. entity; (d) the U.S. entity has the authority to appoint the majority of the members of the Board of Directors of the foreign subsidiary or entity; or (e) the U.S. entity has the authority to appoint the chief operating officer of the foreign subsidiary or entity ("U.S. Subsidiary").
4. Geographical Restrictions.
4.1 Online Merchant, Health or Medical Organization. You shall not be located in nor use your Global Server ID in Cuba, India, Iran, Iraq, Libya, Montenegro, North Korea, Pakistan, Serbia, Sudan, and Syria under the terms of this Agreement.
4.2 Bank, Financial Institution, Banking or Financial Service Systems, or Insurance Company. You shall not be located in nor use your Global Server ID in the counties listed in Section 4.1 and the Afghanistan, Cayman Islands, Chile, Columbia, Dominican Republic, Mexico, Nigeria, Panama, Paraguay, the Peoples Republic of China, Romania, Russian Federation, Taiwan, Thailand, and Venezuela under the terms of this Agreement.
4.3 U.S. Subsidiary. You shall not be located in nor use your Global Server ID in Cuba, Iran, Iraq, Libya, Montenegro, North Korea, Serbia, Sudan or Syria under the terms of this Agreement.
5. Use Restrictions.
5.1 Types of Transactions. If you are a Bank, Financial Institution or Banking and Financial Service System, you shall implement or utilize your Global Server ID only to secure financial transactions/communications. No client-to-client usage is authorized. If you are a Health or Medical Organization, you shall implement or utilize your Global Server ID only to secure health/medical information. No client-to-client usage is authorized. If you are an Online Merchant, you shall implement or utilize your Global Server ID only for the purchase or sale of goods and software and provision of services connected with the purchase or sale of goods and software, including interactions between purchasers and sellers necessary for ordering, payment and delivery of goods and software. No customer-to-customer communications or transactions are allowed. If you are a U.S. Subsidiary organization, you may use your Global Server ID only to secure company proprietary information.
5.2 Single Use Only. You are prohibited from using your Global Server ID (i) for or on behalf of any other organization, (ii) to perform private or public key operations in connection with any domain name and/or organization name other than the submitted by you during enrollment, or (iii) on more than one server at a time.
5.3 Revocation. If your organizational name and/or domain name registration change, you must immediately notify VeriSign, and VeriSign shall revoke your Global Server ID. VeriSign retains the right to revoke your Global Server ID if, within forty five (45) days of receiving an invoice from VeriSign, you do not pay the invoice. VeriSign also retains the right to revoke your Global Server ID if you fail to perform any of your material obligations under the terms and conditions for the use of the Authentic Site Seal where the Authentic Site Seal has been installed by you.
5.4 Obligations Upon Revocation or Expiration. Upon expiration or notice of revocation of your Global Server ID, you shall permanently remove your Global Server ID from the server on which it is installed and shall not use it for any purpose thereafter.
6. Control. You shall operate your computer systems on which you installed your Global Server ID ("Server") under your Effective Control.
6.1 "Effective Control" means you 1) have access to all transaction data that may be transmitted over the Server, and are prepared to disclose data to a government agency in the jurisdiction where the Server is operated pursuant to a duly authorized warrant or court order or other lawful authority and 2) have authority to modify or control the Server, including the ability to disable your Global Server ID in the event that the IA is entitled by contract, or required by law, to terminate this Subscriber Agreement, which governs use of your Global Server ID.
7. Additional Representations. By submitting this Subscriber Agreement (and Application) you represent that the following statements are true and warrant that such statements shall be true during the term of this Subscriber Agreement.
7.1 This Subscriber Agreement and the Application has been submitted by a responsible official or representative empowered and authorized by the organization named in the Application (the "Organization") to certify that the conditions set forth in this Subscriber Agreement (and Application) have been, or shall be, met in full by the Organization.
7.2 The Organization is eligible to obtain and utilize a Global Server ID in a manner consistent with all applicable export control laws and regulations of the United States.
7.3 If you are an Online Merchant, you warrant and represent that you do not sell any item or service that is controlled by the United States Munitions List.
7.4 You shall revoke your Global Server ID or Second Global Server ID if, at any time, you no longer meet the definition of a Qualified Applicant.
8. Non-Qualified Applicants. IF YOU ARE NOT A QUALIFIED APPLICANT AS DEFINED IN SECTION 3, YOU STILL MAY BE ELIGIBLE FOR ACQUISITION AND USE OF A GLOBAL SERVER ID. UNITED STATES' ORGANIZATIONS MAY ACQUIRE AND USE A GLOBAL SERVER ID IN THE FOLLOWING CIRCUMSTANCES; (1) USE IN AN INTRACOMPANY INTRANET WHERE ALL ENCRYPTED COMMUNICATIONS OCCUR ENTIRELY WITHIN THE UNITED STATES; (2) USE IN AN INTRACOMPANY INTRANET WHERE ENCRYPTED COMMUNICTIONS OCCUR ONLY BETWEEN AND AMONG OFFICES OF THE ORGANIZATION; AND (3) USE IN ENCRYPTED COMMUNICATIONS WITH OTHER PERSONS OR ENTITIES OUTSIDE THE UNITED STATES ONLY TO THE EXTENT PERMITTED UNDER APPLICABLE EXPORT CONTROL REGULATIONS OR INDIVIDUALLY-APPROVED EXPORT LICENSE ARRANGEMENTS.
9. Service Guarantee. VeriSign shall issue your Global Server ID within two (2) business days (excluding weekends and VeriSign recognized holidays) after you submit your Application to VeriSign provided that you: 1) are an organization located in the United States, 2) select to pay by credit card and submit a valid credit card number, and 3) you submit a Dun and Bradstreet DUNS number and a domain name that VeriSign is able to validate through its normal validation procedures stated in the CPS ("Guarantee Period"). Business days begin and end according to Pacific Time. The first business day shall be the business day after the day you submit your Application to VeriSign. Your sole and exclusive remedy for VeriSign's failure to issue your Global Server ID within the Guarantee Period, shall be a refund of fifty ("50") % of the retail price that you paid for your Global Server ID.
10. Keynote and Netcraft. Keynote Systems, Inc. shall provide you with certain website monitoring services ("Keynote Service") and Netcraft, Inc. shall perform certain security checks on your website (Netcraft Service"). Any Keynote Service and Netcraft Service terms and conditions shall be provided to you directly by Keynote Systems, Inc and Netcraft Inc. VeriSign disclaims any and all warranties, refuses any and all liability, and shall not provide partial refunds for the Keynote Service and/or Netcraft Service.
11. NetSureSM. THE NETSURESM PLAN ("PLAN") PROVIDES YOU WITH CERTAIN LIMITED WARRANTIES, DISCLAIMS ALL OTHER WARANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND LIMITS LIABILITY. THE CERTIFICATE LIFETIME LIMIT (AS DEFINED IN THE PLAN) FOR YOUR GLOBAL SERVER ID CORRESPONDS TO THE AMOUNT LISTED WITH THE PRODUCT OPTION THAT YOU SELECTED DURING THE ENROLLMENT PROCESS. FOR INFORMATION ON THE PLAN, SEE: HTTPS://WWW.VERISIGN.COM/REPOSITORY/NETSURE.
12. If you selected to pre-pay for a second Global Server ID ("Second Global Server ID") during enrollment, VeriSign shall issue you the Second Global Server ID prior to, or upon expiration of, the Global Server ID corresponding to this Subscriber Agreement (and Application). Notwithstanding the foregoing, VeriSign shall retain the right to not issue the Second Global Server ID if, in VeriSign's sole discretion, VeriSign determines that any of the information in the Application has changed or is otherwise inaccurate. Except for Sections 4 and 5, the terms of this Subscriber Agreement shall apply to your Second Global Server ID. Please note that the Keynote Service and coupons for training classes will not be supplied to you with your Second Global Server ID.
VeriSign shall send an e-mail containing the Second Global Server ID to the technical and organizational contacts listed in the Application (or as otherwise changed by you in accordance with VeriSign's standard procedures). If you desire to have different individuals assume the responsibility of the technical and/or organizational contacts for the Second Global Server ID, you must notify VeriSign at least 60 days prior to the expiration of the Global Server ID. Such notice must be in accordance with the instructions provided on the VeriSign web site.
YOU DEMONSTRATE YOUR KNOWLEDGE AND ACCEPTANCE OF THE TERMS OF THIS SUBSCRIBER AGREEMENT BY EITHER (I) SUBMITTING AN APPLICATION FOR A GLOBAL SERVER ID TO VERISIGN, OR (II) USING YOUR GLOBAL SERVER ID, WHICHEVER OCCURS FIRST.
|
|
|
