CERTIFICATE SERVICES AGREEMENT
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE APPLYING FOR, ACCEPTING, OR USING A DIGICERT DIGITAL CERTIFICATE. BY USING, APPLYING FOR, OR ACCEPTING A DIGICERT DIGITAL CERTIFICATE OR BY CHECKING "I AGREE," YOU ACKNOWLEDGE THAT HAVE READ THIS AGREEMENT, THAT YOU UNDERSTAND IT, THAT YOU AGREE TO IT, AND THAT YOU HAVE THE AUTHORITY TO OBTAIN THE DIGITAL EQUIVALENT OF A COMPANY STAMP, SEAL, OR OFFICER'S SIGNATURE TO ESTABLISH THE AUTHENTICITY OF CUSTOMER'S WEBSITE AND THAT CUSTOMER IS RESPONSIBLE FOR ALL USES OF THE CERTIFICATE. IF YOU DO NOT ACCEPT THIS AGREEMENT, DO NOT APPLY FOR, ACCEPT, OR USE A DIGICERT DIGITAL CERTIFICATE. IF YOU HAVE ANY QUESTIONS REGARDING THIS AGREEMENT, PLEASE E-MAIL DIGICERT AT LEGAL@DIGICERT.COM OR CALL 1-800-896-7973.
This certificate services agreement, together with any referenced terms and schedules, (collectively the "Agreement") is effective on the date you agree ("Effective Date") and is between DigiCert, Inc., a Utah corporation ("DigiCert") and the entity applying for a Certificate ("Customer") as identified during Account creation. DigiCert is a trusted third-party certification authority and experienced provider of ITU X.509 v.3 digital certificates ("Certificates"). DigiCert operates a web-based interface and related API that facilitates and simplifies management of Certificates. Customer desires to use a DigiCert system account and API (collectively, "Account") to obtain and manage Certificates containing subject information (e.g., domain names) which Customer is authorized to use.
By accepting this Agreement on behalf of Customer, you represent that you (i) are acting as an authorized representative of Customer, (ii) are expressly authorized by Customer to accept the Agreement and approve Certificate requests on Customer's behalf, and (iii) have or will confirm Customer's exclusive right to use the domain(s) to be included in any issued Certificates.
1.1. Account Access. Subject to Customer's compliance with the terms and conditions of this Agreement, DigiCert hereby grants Customer a license to use the Account, through either the API or DigiCert's provided web interface, to order and approve Certificates for use by Customer, an affiliate of Customer, or a third party who is providing IT services to Customer's operations. This Agreement applies to each Certificate issued to Customer, regardless of (i) the Certificate type (client, code signing, or TLS/SSL), (ii) when the Customer requested the Certificate, or (iii) when the Certificate issues. This Agreement constitutes the subscriber agreement, as required under industry standards, for all Certificates issued through the Account. Customer must maintain security over access to the Account. Customer is liable for any use of the Account by individuals obtaining access credentials from Customer. Customer will not scan a DigiCert IP address without obtaining DigiCert's prior written consent. DigiCert reserves the right to block an IP address that DigiCert believes has been used to initiate a scan without such consent. DigiCert may throttle any access to the Account if DigiCert believes a system has initiated excessive connections to DigiCert's services.
1.2. Account Users. Customer authorizes each individual listed as an administrator in the Account to act as a Certificate Requester, Certificate Approver, and Contract Signer (as defined in the EV Guidelines) and to communicate with DigiCert regarding the management of Certificates and key sets. "EV Guidelines" means the Extended Validation Guidelines published by the CA/Browser Forum and made publicly available at www.cabforum.org . Customer may revoke this authority by sending notice to DigiCert. Customer is responsible for periodically reviewing and reconfirming which individuals have authority to request and approve Certificates. If Customer wishes to remove an account user, then Customer will take the steps necessary to prevent the user's access to the Account, including changing its password and other authentication mechanisms. Customer must notify DigiCert immediately if any unauthorized use of the Account is detected.
1.4. Accurate Information. Customer will notify DigiCert within 5 Business Days if any information relating to the Account changes. "Business Day" means Monday through Friday, excluding U.S. Federal Holidays, which are set forth in 5 U.S.C. § 6103. Customer will respond to any inquiries from DigiCert regarding the validity of information provided by Customer within 5 Business Days after Customer receives notice of the inquiry.
2.1. Fees. Customer will pay DigiCert the fees posted in Customer's Account or set forth in the Purchase Schedule for Certificates. Prices of Certificates available for purchase on a per-Certificate basis are subject to change; updates to pricing will be posted in Customer's Account prior to purchase. All payments are due and payable either within 30 days of the date of purchase or such other period, if any, stated in the Purchase Schedule. This fee is for the services provided by DigiCert and is not a royalty or license fee. DigiCert may suspend or limit Customer's access to the Account without notice if Customer fails to pay the fees when due.
2.2. Purchase Schedule. "Purchase Schedule" means the ordering document, invoice, purchase order or other order form accepted by Customer to purchase Certificates. The Purchase Schedule references the number, type, validity period, term, and pricing of Certificates, and number of domains.
2.3. Taxes. This Agreement is entered into, and all of the services are performed and provided, entirely within the United States of America. All fees for services are exclusive of any taxes however imposed, e.g. sales tax, income tax, GST, or VAT. Customer is solely responsible for calculating and paying all tax obligations resulting from Customer's acceptance of this Agreement, including sales tax, income tax, GST, or VAT but excluding all taxes based on DigiCert's income. Customer may not withhold or offset any amount owed to DigiCert for any reason. If a withholding or deduction is required by law, then Customer will pay an additional amount that is equal to the amount withheld or deducted, causing DigiCert to receive a net amount from Customer that is equal to the amount DigiCert would receive if a withholding or deduction was not required.
3. Intellectual Property Rights.
3.1. DigiCert Intellectual Property Rights. DigiCert retains, and Customer will not obtain or claim, any title, interest, or ownership rights in the Certificates, API, and Account, including all software associated with the Account and API and any techniques and ideas embedded therein, all copies or derivative works of the Certificates or software provided by DigiCert, regardless of who produced, requested, or suggested the copy or derivative work, all documentation and marketing material provided by DigiCert to Customer, and all of DigiCert's copyrights, patent rights, trade secret rights and other proprietary rights.
3.2. Restrictions. Each party will protect the other party's intellectual property, good will, and reputation when accessing or using the other party's services or products. DigiCert may terminate this Agreement or restrict access to the Account if DigiCert reasonably believes that Customer is using the Account or Certificates to post or make accessible any material that infringes DigiCert's or any third party's rights. Customer will not use any marketing material or documentation that refers to DigiCert or its products or services without receiving written prior approval from DigiCert, except as outlined in Section 3.3.
3.3. Trademark Usage. Either party may use the trademarks of the other to indicate that Customer is receiving DigiCert's services provided that such use would not foreseeably diminish or damage the other party's rights in the trademark, create a misrepresentation of the parties' relationship, or diminish or damage a party's reputation, including using a Certificate with a website that could be considered associated with crime, defamation, or copyright infringement. Neither party may register or claim any right in the other party's trademarks.
4.1. Definition. "Confidential Information" means any information, documentation, system, or process disclosed by a party or a party's affiliate that is (i) designated as confidential (or a similar designation) at the time of disclosure, (ii) disclosed in circumstances of confidence, or (iii) understood by the parties, exercising reasonable business judgment, to be confidential. Confidential Information does not include information that (a) was lawfully known or received by the receiving party prior to disclosure, (b) is or becomes part of the public domain other than as a result of a breach of this Agreement, (c) was disclosed to the receiving party by a third party, provided such third party, or any other party from whom such third party receives such information, is not in breach of any confidentiality obligation in respect to such information, or (d) is independently developed by the receiving party as evidenced by independent written materials.
4.2. Obligations. Each party will keep confidential all Confidential Information it receives from the other party or its affiliates. Each party will use disclosed Confidential Information only for the purpose of exercising its rights and fulfilling its obligations under this Agreement and will protect all Confidential Information against disclosure using a reasonable degree of care. Each party may disclose Confidential Information to its contractors if the contractor is contractually obligated to confidentially provisions that are at least as protective as those contained herein. If a receiving party is compelled by law to disclose Confidential Information of the disclosing party, the receiving party will use reasonable efforts to (i) seek confidential treatment for the Confidential Information, and (ii) send sufficient prior notice to the other party to allow the other party to seek protective or other court orders.
5.1. Term. This Agreement is effective upon Customer's acceptance and will remain in effect unless earlier terminated in accordance with this Agreement.
5.2. Termination for Convenience. Customer may terminate this Agreement for any reason upon 7 days' written notice if Customer has paid all fees due.
5.3. Other Termination. Either party may terminate this Agreement immediately if the other party (i) materially breaches this Agreement and fails to remedy the material breach within 7 days after receiving notice of the material breach, (ii) engages in illegal or fraudulent activity or an activity that could materially harm the terminating party's business, (iii) has a receiver, trustee, or liquidator appointed over substantially all of its assets, (iv) has an involuntary bankruptcy proceeding filed against it that is not dismissed within 30 days of filing, or (v) files a voluntary petition of bankruptcy or reorganization.
6. Disclaimer of Warranties, Limitation of Liability, and Indemnification.
6.1. Warranty Disclaimers. THE ACCOUNT, CERTIFICATES, AND ANY RELATED SOFTWARE ARE PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, DIGICERT DISCLAIMS ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. DIGICERT DOES NOT WARRANT THAT ANY SERVICE OR PRODUCT WILL MEET CUSTOMER'S EXPECTATIONS OR THAT ACCESS TO THE ACCOUNT WILL BE TIMELY OR ERROR-FREE. DigiCert does not guarantee the availability of any products or services and may modify or discontinue any product or service offering at any time.
6.2. Limitation of Liability. This Agreement does not limit a party's liability for (i) death or personal injury resulting from the negligence of a party or (ii) fraud or fraudulent statements made by a party. TO THE FULL EXTENT PERMITTED BY APPLICABLE LAW AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY OR LIMITATION OF LIABILITY: (A) DIGICERT AND ITS AFFILIATES, SUBSIDIARIES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, PARTNERS AND LICENSORS (THE "DIGICERT ENTITIES") WILL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING ANY DAMAGES ARISING FROM LOSS OF USE, LOSS OF DATA, LOST PROFITS, BUSINESS INTERRUPTION, OR COSTS OF PROCURING SUBSTITUTE SOFTWARE OR SERVICES) ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SUBJECT MATTER HEREOF; AND (B) DIGICERT ENTITIES' TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SUBJECT MATTER HEREOF WILL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO DIGICERT IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO SUCH LIABILITY, IN EACH OF THE FOREGOING CASES (A) AND (B), REGARDLESS OF WHETHER SUCH LIABILITY ARISES FROM CONTRACT, INDEMNIFICATION, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND REGARDLESS OF WHETHER DIGICERT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.
6.3. Indemnity. Customer will indemnify, defend and hold harmless DigiCert and DigiCert's employees, officers, directors, shareholders, affiliates, and assigns against all third party claims and all related liabilities, damages, and costs, including reasonable attorneys' fees, arising from (i) Customer's breach of this Agreement, (ii) Customer's failure to protect the authentication mechanisms used to secure the Account, (iii) an allegation that personal injury or property damage caused by the fault or negligence of Customer, (iv) Customer's failure to disclose a material fact related to the use or issuance of the Account or Certificate, or (v) an allegation that the Customer, or an agent of Customer, used DigiCert's products or services to infringe on the rights of a third party.
6.4. Indemnity Obligations. An entity seeking indemnification under this Agreement ("Indemnified Party") must notify Customer promptly of any event requiring indemnification. However, an Indemnified Party's failure to notify will not relieve Customer from its indemnification obligations, except to the extent that the failure to notify materially prejudices Customer. Customer may assume the defense of any proceeding requiring indemnification unless assuming the defense would result in potential conflicting interests as determined by the Indemnified Party in good faith. An Indemnified Party may, at Customer's expense, defend itself until Customer's counsel has initiated a defense of the Indemnified Party. Even after Customer assumes the defense, the Indemnified Party may participate in any proceeding using counsel of its own choice and at its own expense. Customer may not settle any proceeding related to this Agreement unless the settlement also includes an unconditional release of liability for all Indemnified Parties. Customer's indemnification obligations are not the sole remedy for Customer's breach of this Agreement and are in addition to any other remedies available.
6.5. Extent. The limitations and obligations in this section apply to the maximum extent permitted by law and apply regardless of (i) the reason for or nature of the liability, including tort claims, (ii) the number of claims of liability, (iii) the extent or nature of the damages, or (iv) whether any other provisions of this Agreement were breached or proven ineffective.
7.1. Force Majeure. Except for Customer's payment obligations, neither party is liable for any failure or delay in performing its obligations under this Agreement to the extent that the circumstances causing such failure or delay are beyond a party's reasonable control. Customer acknowledges that the Account and Certificates are subject to the operation and telecommunication infrastructures of the Internet and the operation of Customer's Internet connection services, all of which are beyond DigiCert's control.
7.4. Waiver. A party's failure to enforce or delay in enforcing a provision of this Agreement does not waive the party's right to enforce the same provision later or the party's right to enforce any other provision of this Agreement. A waiver is only effective if in writing and signed by the party benefiting from the waived provision.
7.5. Assignment. Customer may not assign any of its rights or obligations under this Agreement without the prior written consent of DigiCert. DigiCert may assign its rights and obligations without Customer's consent.
7.6. Relationship. DigiCert and Customer are independent contractors and not agents or employees of each other. Neither party has the power to bind or obligate the other. Each party is responsible for its own expenses and employees.
7.7. Notices. DigiCert will send notices of termination or breach of this Agreement to Customer by first class mail to the address listed in the Account, which notices are effective upon receipt. DigiCert will send all other notices by posting the notice in the Account or by email via the email address of Customer's administrator (and/or other alternate email address associated with Customer's Account if provided), or by regular mail. All such notices are effective when posted in the Account or when sent. It is Customer's responsibility to keep its email address current. Customer will be deemed to have received any email sent to the email address then associated with Customer's Account when DigiCert sends the email, regardless of whether Customer receives the email. Customer will send DigiCert notices in writing by postal mail that is addressed to DigiCert, Inc., Attn: General Counsel, 2801 North Thanksgiving Way, Suite 500, Lehi, Utah 84043. Notices from Customer are effective upon receipt.
7.8. Governing Law and Jurisdiction. The laws of the state of Utah govern the interpretation, construction, and enforcement of this Agreement and all matters related to it, including tort claims, without regards to any conflict-of-law principles. The parties hereby submit to the exclusive jurisdiction of and venue in the state and federal courts located in Utah County, Utah.
7.9. Severability. The invalidity or unenforceability of any provision of this Agreement, as determined by a court or administrative body of competent jurisdiction, will not affect the validity or enforceability of the remainder of this Agreement, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law.
7.11. Interpretation. The definitive version of this Agreement is written in English. If this Agreement is translated into another language and there is a conflict between the English version and the translated version, the English language version controls.
BY CHECKING "I AGREE," YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT AND THAT YOU AGREE TO COMPLY WITH ITS TERMS. DO NOT CHECK "I AGREE" IF YOU DO NOT ACCEPT THIS AGREEMENT.