GENERAL CONTRACTING CONDITIONS FOR ELECTRONIC TRUST SERVICES PROVIDED BY CONSTATA

General information

This document contains the general contracting conditions for the services provided by CONSTATA EU DIGITAL TRUST SERVICES SL (hereinafter CONSTATA) , with CIF B-02983997 and with registered office at Paseo de la Castellana 40, piso 8, 28046, Madrid. CONSTATA is the owner of the website https://constata.eu , the domain consta.eu , all its subdomains and the email addresses hosted therein. The company's contact telephone number is +34622949117, the general contact address is dpo@constata.eu , and the Twitter user for contact with that community is @constataEu .

CONSTATA is a provider of electronic trust services specialized in time stamp certificates and digital signatures using, unlike other providers, the public, immutable and distributed data registry system known as the Bitcoin blockchain, and digital signature technology used by that technological ecosystem, as described in these general conditions for the knowledge of the USERS .

CONSTATA provides electronic trust services that have legal effects against third parties, for which it must comply with the obligations imposed by Regulation EU 910/2014, of the European Parliament and of the Council of July 23, 2014, regarding electronic identification and trust services for electronic transactions in the internal market and which repeals Directive 1999/93/EC (eIDAS regulation) as well as Law 6/2020, of November 11, regulating certain aspects of trust service providers.

CONSTATA provides its services to the client, in its condition of final USER , for which the resale or commercialization of the service is prohibited, as well as its transfer to third parties without express authorization.

CONSTATA provides its service to clients, people over 18 years of age and legally constituted legal entities, in accordance with the applicable regulations.

Index

1. Object

The contractual relationships between CONSTATA and its clients will be governed by the general contracting conditions, so this document constitutes a contract between CONSTATA and the USER , who must validate it by accepting it on our website, prior to the effective provision of the hired services. The acceptance of the terms and conditions on our website and the use of the services provided by CONSTATA imply on the part of the USER the full acceptance of the general contracting conditions contained in this document, so if he does not agree with them , you must not use any of CONSTATA 's services .

The contac channels with CONSTATA are those detailed in this document, and should be used for any query about these terms and conditions.

2. Characteristics of the provision of the service.

The CONSTATA service comprises two types.

First, the provision of electronic trust services on the Internet. CONSTATA , as an independent provider of electronic trust services, accredits and certifies the existence of registered documents, web page content certifications, or any other service that electronic systems allow in the future and is protected by legislation.

Secondly, CONSTATA also provides other types of digital services different from the above, such as: exchange of emails, notifications by email or any other electronic or digital means.

The purpose of these general contracting conditions is for CONSTATA to intervene in the certification of the content requested by the USERS . CONSTATA makes electronic means available to USERS for registering and sending messages and documentation, exercising the functions of trust service provider on the Internet by ratifying the USER 's designation on the CONSTATA website .

CONSTATA makes the following services available to USERS , whose description and current rate table is updated in Annex I relating to trust services , and Annex II relating to other services in this document.

  1. Bitcoin blockchain time stamp service.
  2. Electronic signature service and electronic seal.
  3. Electronic notification service.

3. User Responsibility.

Contact with our operators or our virtual assistant to request a payment service, by email or other similar communication channels, as well as the use of our API, confers the condition of USER for which he accepts these terms and conditions, as well as their subsequent modifications, without prejudice to the application of the corresponding mandatory legal regulations, from the moment the communication or connection with our API begins.

The USER undertakes to give acceptable use to communication channels, including email, website, web application and API, and is responsible for:

The USER declares that they are of legal age and have the legal capacity to enter into contracts with CONSTATA .

4. Access to service, quality, maintenance and updates.

CONSTATA strives to maintain its operating services described in this contract at all times and in the best operating conditions, provided that the USERS use them properly and in accordance with the instructions and the means made available to them. However, CONSTATA reserves the right to make the necessary modifications and updates for the proper functioning of the service.

CONSTATA undertakes to use its best technical efforts to solve possible problems that may arise in the services it provides to USERS , as long as they are due to a problem in the CONSTATA system , collaborating in everything that is necessary to provide the USER with a quick solution to the incident.

CONSTATA is not responsible for verifying the identity of clients. Consequently, liability is exonerated in the event that a recipient who is not who they claim to be accesses the system or that a recipient who was not the recipient of the document accesses a document. However, CONSTATA will make its best efforts to make acceptable authentication measures available to the USER , according to the communication channel used, performing:

The USER 's access to the services through the different channels does not imply the obligation of CONSTATA to control the absence of viruses or any other harmful computer element. It is up to the USERS , in any case, the availability of adequate tools for the detection and disinfection of computer programs.

CONSTATA is not responsible for the damages produced in the physical elements of the computer equipment of the USERS , their employees, or third parties, during the provision of the services object of this contract, with the exception of the application of Law 22/ 1994, of July 6, on civil liability for damages caused by defective products.

5. Purpose of the service and ability to process with third parties.

The purpose of the CONSTATA service is to prove the existence and integrity of the data that is processed through its electronic system, as well as data related to the person or company that requested the processing, and the date on which said processing was carried out. To this end , CONSTATA makes available to USERS a computer protocol by which the USER makes CONSTATA a participant as a trust service provider for their communications with third parties. CONSTATA , as an independent trusted third party, certifies said communications, using the Bitcoin blockchain system.

The effective admission as a means of proof of the service will not correspond to CONSTATA , being solely and exclusively a decision of the jurisdictional, administrative or other competent authorities. Consequently, CONSTATA cannot guarantee the effective admission as proof of its communication service as a trust service provider, in procedures whose decision depends on official instances.

CONSTATA does not access or examine the content of the documents that USERS send through its service. Consequently and in accordance with current legislation, it will not be responsible for the aforementioned contents, as long as it is not aware of them, according to the provisions of the applicable regulations.

6. Registration and activation of services.

CONSTATA services are provided electronically and devices or any other physical element is not delivered at the time of contracting them. The mere fact of initiating a communication with our virtual assistant at the address ace@constata.eu, or do the login in the web application, is recognized by CONSTATA as a request by the sender to contract any of the services. The configuration of our command line tool, which allows interaction with our API, is also interpreted by CONSTATA as a request from the USER to contract the service.

In these cases, the USER will be informed of the contracting conditions. The USER may withdraw his request to use the service by rejecting said conditions, without incurring any expense on his part.

7. Duration of the contract.

This contract is indefinite as long as the USER uses the CONSTATA system and keeps their account active on the platform.

The USER may terminate this contract unilaterally and without the need to allege just cause, at any time, sufficing to do so by reliably notifying CONSTATA of their decision by sending an email to dpo@constata.eu

Notwithstanding the conclusion of the contract for any reason, it will not affect the commitments acquired by the parties regarding the documents, certificates and other electronic means that, with cause in the contract, CONSTATA would have provided to USERS in its capacity as trust service provider.

8. Modification of the contractual conditions.

CONSTATA may modify these conditions by notifying the USER at least 1 month in advance. If the client does not accept the new conditions and notifies CONSTATA , he may terminate the contract in advance and without any penalty. If this period has elapsed since the notification of CONSTATA, the USER has not expressed his disagreement or the USER uses the service after the entry into force of the notified modifications, it will be understood that the USER accepts the proposed modifications. Communication to the USER may be done, among other means, by email to the USER registered email address. In addition, CONSTATA will publicly communicate on social networks the modifications that it introduces in its contracting conditions.

9. Prices, billing and forms of payment for services.

The services provided by CONSTATA are fully borne by the USER

CONSTATA services are paid for using tokens, which are purchased on the web by any means of payment accepted by CONSTATA (credit card, bank transfer, Bitcoin). The price of the token is 1 EUR.

CONSTATA will issue an electronic invoice for each purchase of USER tokens that will be sent by email or by the notification method established for this purpose.

CONSTATA will keep a record of all communications, purchase orders, invoices, and data related to the receipt and accreditation of payments received for the purchase of tokens or provision of other services, in order to constitute evidence of transactions, respecting the privacy and data protection provided for in regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons and Organic Law 3/2018, of December 5, of Personal data protection.

The price of the service is calculated based on the size of the object files of the CONSTATA service , at a rate of 1 token per megabyte. Being the minimum fraction 1 megabyte.

The complementary services that the client wishes to request, such as advice and special integrations, will be invoiced separately by CONSTATA and may be paid by any means of payment or using tokens.

The provision of CONSTATA services is subject to availability, and may be affected by force majeure. If a situation arises in which the provision of services is impossible in accordance with what is committed in these terms and conditions, CONSTATA may proceed to a refund of the tokens acquired by the USER to use the services, in accordance with the return policy. established in this contract.

All purchases will be computed in euros at the current exchange rate, regardless of the currency used to make the payment.

The USER confirms that the credit cards, payment processor accounts, bank accounts and digital wallets used to make payments to CONSTATA belong to him.

CONSTATA performs payment processing on suitable and authorized platforms, and in no case processes, stores, or knows the data of credit cards, access codes to digital accounts, or private keys of digital wallets of the USER .

In accordance with Law 37/1992, of December 28, on Value Added Tax (VAT), all orders will be understood to be located in the territory of application of VAT in Spain if the declared address is in Spanish territory, except for the Canary Islands, Ceuta and melilla. The applicable VAT rate will be that legally in force for the service being purchased. Purchases made by USERSof the Canary Islands, Ceuta and Melilla, will be exempt from VAT according to Law 37/1992, and to Directive 2006/112, without prejudice to the application of taxes and tariffs specific to those territories, in accordance with current regulations. Purchases made from other member states of the European Union will be subject to the VAT of said member state according to Directive 2006/112 of the Council of November 28, 2006, regarding the common VAT system. For non-EU countries, the current regulations will be applied according to the case.

If the USER needs more information about prices, alternative forms of payment, and installment, or the current regulations for VAT, they can contact CONSTATA at the email dpo@constata.eu .

The basic price of 1 token is 1 euro with a minimum of 1 token per processing, but it can be reduced through a special agreement or for bulk purchases. Also, CONSTATA may grant tokens free of charge to the USER for marketing actions or when it deems it appropriate . The tokens that the USER has bought or received as a gift DO NOT EXPIRE.

10. Right of withdrawal.

In accordance with the provisions of article 3 of Royal Legislative Decree 1/2007, of November 16, which approves the revised text of the General Law for the Defense of Consumers and Users referred to in the event that the USER is a natural person in accordance with the provisions of article 103 a) (The provision of service, once the service has been fully executed, when the execution has begun, with the prior express consent of the consumer and user and with the acknowledgment on their part that he is aware that, once the contract has been fully executed by the entrepreneur, he will have lost his right of withdrawal) it is reported that the USER will not be able to exercise the right of withdrawal.

If the user had not spent the tokens acquired for the execution of a CONSTATA service, they may exercise the right of withdrawal within 14 calendar days by notifying tesoreria@constata.eu . In the event of withdrawal, CONSTATA will reimburse the payment received within a reasonable period of time, which may not exceed 14 calendar days from the notification of withdrawal.

All transactions, whatever the payment method (credit card, bank transfer, bitcoin, foreign currency) will be calculated in euros.

CONSTATA will reimburse the USER using the same payment method used to make the purchase of the tokens. In the event that the payment is made in foreign currency or Bitcoin, the refund will always be the amount of euros received by CONSTATA at the time of the purchase of the tokens.

11. Secrecy of communications.

CONSTATA adopts the necessary technical measures in accordance with current legislation to guarantee the secrecy of communications. CONSTATA is exempt from any liability that may arise from obtaining confidential content, its use or publicity by the USER or by third parties and, in general, from any actions or omissions that, not being attributable to CONSTATA , involve a breach of secrecy. of electronic communications.

12. Protection of personal data.

CONSTATA will comply, at all times, with the provisions of Regulation (EU) 2016/679 general data protection.

In compliance with said Regulation, CONSTATA informs USERS that the personal data provided for the provision of the service will be incorporated into a file that is included in the Record of Treatment Activities of the Data Controller.

The person responsible for processing personal data is CONSTATA DIGITAL TRUST SERVICES SL, with CIF B-02983997 . Any USER can contact CONSTATA at dpo@constata.eu with any questions they may have regarding the processing of their personal data.

The personal data of the USERS will be processed with the purpose of maintaining and managing the contractual relationship with CONSTATA to adequately provide them with the contracted services, the basis that constitutes the legitimacy of the treatment being the need to execute the contract, in accordance with the Article 6.1 b) of Regulation (EU) 2016/679.

The personal data of the USERS will also be processed to send commercial communications about the products, services, offers and promotions of CONSTATA , if the USER gives his express consent when consulted by CONSTATA for this purpose. They may also be processed to send commercial communications about third-party products that CONSTATA considers may be of interest to USERS , as long as they have their consent. USERS may at any time revoke their consent to receive such communications by sending an email to dpo@constata.eu .

CONSTATA guarantees that the personal data of the USERS will not be used for purposes other than those mentioned in this clause and that their treatment will be carried out under the strictest confidentiality and in full compliance with current legislation, especially with the Regulation ( EU) 2016/679. CONSTATA will not transfer personal data to third parties for purposes other than the provision of its services.

When USERS request services from CONSTATA in which they access personal data owned by the USERS themselves or by third parties at the express request of the USER for the performance of a specific service, CONSTATA in its capacity as data processor , will treat them with the sole purpose of executing the service under the instructions of the USER who acts as the person in charge of the treatment, the legitimizing basis of action being the execution of the contract, in accordance with the provisions of article 6.1 b) of the Regulation ( EU) 2016/679. The USER expressly authorizes CONSTATAto access said data that will not be processed for purposes other than the provision of the contracted service nor will it be communicated to third parties.

USERS are responsible for the veracity and accuracy of the data provided: If the USER considers that their personal data has been processed by CONSTATA in violation of current legislation, they have the right to file a claim with the Spanish Data Protection Agency .

For more information related to personal data, we invite the USER to read CONSTATA's Privacy Policy.

13. Storage periods and security measures for customer data.

Once the provision of personal data processing services has ended or the contract has been terminated, CONSTATA will keep the data duly blocked for a period of 6 years, with the sole purpose of dealing with any possible responsibilities that may arise.

CONSTATA has implemented the appropriate technical and organizational measures to guarantee the security of personal data and prevent its destruction, loss, illicit access, illicit alteration or manipulation. To develop these measures, CONSTATA has taken into account criteria such as the scope, context and purposes of the treatment, the state of the technology and the existing risks.

14. Correction of errors in the service and returns.

In the event that the USER considers that any of the contracted services does not comply with the provisions of these terms and conditions and their explanatory annex of the services, they must contact CONSTATA immediately through any of the channels enabled for this purpose, communicating their disagreement. and in exercise of your right of withdrawal as stipulated in this contract.

CONSTATA will evaluate ways to correct errors, so that the effectiveness of the contracted service is not affected. If it is not possible to correct it within a reasonable time, the tokens will be returned and, if requested by the USER , the money used to purchase those tokens will be reimbursed, including payment processing fees and other costs incurred. incurred by the USER to make the payment.

The consumer protection legislation in force in favor of the USER will be recognized and applied at all times .

15. Errata, and amendments to the data provided by the user.

Given the immutability of time stamps in the Bitcoin blockchain, CONSTATA establishes its own amendment and errata mechanisms on the documents that receive the time stamp, so that they are verifiable by the same means as the original documents.

In the event that the USER detects that they have made an error in any of the data recorded in a document at the time of applying the time stamp or at the time of making a digital signature or seal, they can contact dpo@constata.eu to that CONSTATA can assess an appropriate and effective way to rectify the situation.

16. Disclaimer.

CONSTATA works on the continuous improvement of its services so that they can be used on the greatest number of devices and from different platforms operated by third parties. However, as they are external to the company, CONSTATA cannot be held responsible for their proper functioning.

Time-stamped certificates must be viewed and examined for validation in a web browser, which can be found on desktop operating systems such as those used on laptops, and mobile device operating systems. However, to date there are mobile web browsers that do not allow time stamp certificates to be displayed correctly. In those cases, CONSTATA does its best to detect the problematic platform from the certificate itself, and instruct the person who received it to validate it on a supported platform. Currently desktop browsers such as Firefox, Chrome, Microsoft Edge and Opera, for Windows, MacOS and Linux are fully supported.

Our email provider is Google, and it performs validations on incoming email to filter out malicious emails and spoofing. Any inconvenience caused by an incorrect configuration of the mail servers that exchange mail with CONSTATA is out of our control and responsibility.

Similarly, the availability of any of our services provided through Twitter, Telegram, Whatsapp and other messaging platforms is subject to the availability of these platforms, which reserve the right to continue allowing CONSTATA to use them . , being able to cancel it unilaterally, even without there being a violation of its terms and conditions by CONSTATA .

The Bitcoin network, which operates the database where CONSTATA writes the data that allows validating the timestamps issued, is a decentralized network that never loses its characteristics of immutability and availability, but sometimes it takes longer than expected to accept that write new data. CONSTATA makes its best efforts to be able to write to this database every one to three hours, but unexpected network conditions may take longer to write a timestamp to it. However, between the receipt of a document and its time stamp using the Bitcoin blockchain, the documents have a receipt date in the CONSTATA system., which may have less probative value.

CONSTATA is not responsible for technical failures due to fortuitous causes, force majeure, or of another nature that are not attributable to it and prevent the normal operation of the service through the communication channels and the API.

17. Applicable law and jurisdiction.

In matters not provided in this document of general conditions, the contract will be governed by current Spanish law. Any dispute that is not resolved amicably, will be subject to the jurisdiction of the Courts and Tribunals of Madrid capital (Spain), in the case of legal entities and those determined based on the current rules of procedural distribution for consumers and users. for natural persons.

The current version of the general contracting conditions is published on the website for consultation and information. It is, therefore, the responsibility of the USER to keep a copy of the accepted conditions to make any subsequent claim.

18. Notifications.

The notifications made through the emails that the USER notified in his registration as a client to CONSTATA , without prejudice to the use of any other alternative means of communication, previously used by the parties, will be considered valid for all purposes.

19. Reliable communication to the User.

The USER accepts, for contractual purposes, that communications with CONSTATA are electronic, through the communication channels enabled, including messages that arrive via API and those that are published on our website, and acknowledges that the electronic communications received from CONSTATA comply with the legal requirements identical to those of written communication, without prejudice to the rights recognized by law to the USER .

The USER can contact CONSTATA in any of the channels established in these conditions, and CONSTATA can contact and reliably notify the USER at any email address, Twitter user, Telegram handle or WhatsApp number that the USER has used to interact and contract the services, or in writing to any postal address declared as their own, including the billing address.

20. Waiver.

The waiver of CONSTATA to a specific legal right or action, or the lack of requirement to the USER for breach of any obligation on their part, will not imply a waiver of said right by CONSTATA , nor of other rights or actions derived from this contract, nor will it exonerate the USER from complying with them, except in cases where a waiver is explicitly established by CONSTATA and the USER is formally notified in writing.

21. Nullity.

If any or some parts of this contract were declared null and void by a firm resolution of the competent authorities, the rest of the clauses that are not affected by that declaration of nullity will remain in force.

Annex I: Description of trust services.

Service: Bitcoin Blockchain Time Stamp.

The objective of CONSTATA 's Time Stamp service is to generate irrefutable proof about the date from which a document exists, and that its integrity was not violated from the moment it received the time stamp. This service is charged at the rate of 1 token for each MB that the file weighs, with a minimum fraction of 1 MB.

When a USER sends a document to CONSTATA to be stamped, CONSTATA calculates one or more digital fingerprints (hashes, calculated with the sha256 algorithm), and adds them to a self-made bulletin with a periodicity of between one and three hours. If the hash of a document is written to a bulletin, and the hash of the bulletin is written to the Bitcoin blockchain, it can be proven that the document has existed since at least the date the data was written to the Bitcoin blockchain.

Once the time stamp has been applied, the USER is provided with a digital certificate, called a time stamp certificate, which contains the sealed documents, the bulletin, the identifier of the transaction in the Bitcoin network where it was registered, and the algorithm that allows it to be validated. . This certificate can be transmitted and stored by the USER by any means, and validated by third parties that receive it, without requiring active intervention by CONSTATA for its validation.

The time stamp service includes storage of the sealed document for a period of 5 years, which can be extended at the user's request.

The delivery channel of the time stamp certificate will be the same one used to transmit the documents, either as an attachment or through a unique direct download link. In the case of receiving a direct download link, it is the entire responsibility of the USER not to disclose it to third parties that they do not want to access the certificate and its documents. It is possible that the time stamp certificate may also be delivered by alternative means, at the request of the USER .

The time stamp certificate is a file in HTML format that can be viewed in a desktop web browser. It acts as a file cabinet for the documents that were sealed and also allows the viewing or extraction of those original documents. Every time the certificate is opened , the validation algorithm is executed in real time.

To verify the integrity of the algorithm, CONSTATA signs all the certificates it issues. In addition, said signature can be validated by any recipient of the certificate using the tool available at https://constata.eu without the need for said recipient to register, or ask CONSTATA for permission to do so. The signature validation tool runs on the user's computer, and never sends or receives CONSTATA data .

In cases where there are documents that correlate with each other, for example messages and responses deferred in time, or a document that modifies a previous one, CONSTATA can produce a time stamp certificate containing said documents that serves as a record of the themselves.

If the USER also has the electronic signature service active, the time stamp certificates will contain the clarifications related to the validations that CONSTATA has carried out on the data of the signatory. For more information consult the electronic signatures and seals service .

Modality via Email.

Anyone can write an email to ace@constata.eu so that it receives a time stamp, as well as all the attachments it contains. If the mail is sent or copied to third parties, our additional electronic notification service is automatically activated .

CONSTATA 's virtual assistant responds by means of an email with acknowledgment of receipt and registers the sender as a USER . Said email contains the instructions to accept the terms and conditions, and purchase the necessary tokens to use the service. CONSTATA can make a total or partial bonus of the tokens.

Once the USER accepts the terms and conditions, and has the necessary tokens, CONSTATA applies the timestamp to the email and all its attachments and sends a new email to the USER containing the timestamp certificate . If, due to the size of the certificate, CONSTATA considers it inconvenient to send it as an attachment, a download link will be sent to the USER . It is the USER 's responsibility to keep the download link private and not disclose it to people who should not access the certificate.

Modality via API.

The USER can download the CONSTATA SDK and our command line tool from the links available on the web.

In the first execution of our command line tool, a private key will be generated on the USER 's computer to be used as a digital signature with the ECDSA SECP256k1 algorithm. This algorithm is the same one used by Bitcoin wallets to sign transactions.

This private key is stored in the USER 's computer and is never transmitted to CONSTATA . In addition, the private key is encrypted with a password that the USER must provide so that the command line tool can decrypt said key.

Using our API you can send documents to CONSTATA to be time-stamped, consult the previously sealed documents, the USER 's account statement and download the time-stamped certificates . CONSTATA may also be required to provide the electronic signature or electronic seal service in its Website validation variant.

If any payment is required to continue processing the documents, a link with payment instructions will be included in the CONSTATA API response.

Requests to the CONSTATA API will be digitally signed with the private key of the USER , who is responsible for keeping the backup copies thereof. The time stamp certificates will show the public key, with which the documents sent to CONSTATA were signed , in a similar way to the validations of the electronic signature and electronic seal service.

Modality via web application.

Through the Constata web application users will have to register and obtain their user. Once this step is completed, they can use the tool to issue serial certificates through a standard template provided by the application or upload their own template. The purpose for which this application was created refers to the sending of diplomas, badges and certificates of attendance to congresses, webinars, etc. The certificates via CONSTATA's web application will be digitally signed with the USER's private key and the USER is responsible for keeping backup copies of it. The time stamp certificates will show the public key, with which the documents sent to CONSTATA were signed, in a similar way as the validations of the electronic signature and electronic seal service described in the following points are shown. In addition, the certificates will be notified to the e-mails indicated by the user in the Constata web application.

On the validity and durability in the Bitcoin blockchain.

The CONSTATA time stamp uses the Bitcoin blockchain for its ability to sequence records and set a certain date, for its immutability characteristics, and for its distributed availability.

The immutability of the Bitcoin blockchain is ensured by the proof-of-work algorithm, and the amount of resources (electric power, attention, and independent investment) allocated by those who perform that proof-of-work. It is prohibitively expensive for any centralized agent to attempt to erase or modify Bitcoin blockchain data, and this can be independently validated by any network participant, nullifying the attack vector of any malicious intermediary.

In addition, the Bitcoin blockchain has numerous copies managed by third parties that can be easily queried, copied, and validated independently, there are plenty of ways in which any auditor can get hold of a copy of the Bitcoin blockchain.

The application of the time stamp to a document with the CONSTATA mechanism can be delayed since the USER requests the stamp. However, the certification provided by CONSTATA is dated accurately to the second. The delay depends on how long CONSTATA takes to validate that exact date in the Bitcoin network.

Service: Electronic signature and Electronic stamp.

The electronic signature and electronic seal services aim to establish the veracity of the data of the CONSTATA USER who applies a time stamp on its platform. To activate the service, the USER requires CONSTATA to carry out the relevant validations. CONSTATA produces these validations, and saves your evidence with a time stamp.

Once the validations have been carried out, all the time stamp certificates issued to the USER will have a special CONSTATA legend , accounting for the data that CONSTATA has been able to certify about the signing USER .

The cost of the service depends on the weight in megabytes of the evidence collected and certified by CONSTATA , at the rate of 1 token per megabyte of evidence. This service will be 100% discounted unless CONSTATA indicates otherwise at the time the USER requires the service.

CONSTATA can certify different data of the USER over time. These updated data will be incorporated into all subsequent time stamp certificates automatically, and may also be incorporated into previous time stamp certificates at the request of the USER .

Website verification.

The USER using the command line tool and the CONSTATA API may request to be verified as an administrator of a website.

CONSTATA then requires the USER to sign a message defined by CONSTATA for this validation, and proceed to publish it to an address on their website established by CONSTATA .

When CONSTATA observes the correctly signed message on the USER 's website, it saves the web traffic resulting from the observation as evidence and applies a time stamp to it.

From that moment, CONSTATA verifies that the USER is the administrator of the website, and all time stamp certificates issued for that USER will have the legend, in order to explain this validation, "Web: We verify that the signatory administers the web [website address]".

Verification of user data.

CONSTATA verifies the USER 's data and their ability to act on their own behalf and that of a company, associating them with other previously obtained data such as their email address and API public key.

This service is provided at the request of the USER or through a customized service contract between CONSTATA and the USER .

To carry out these verifications , CONSTATA will require the USER to submit forms with personal data, images of their identity document, proof of address, and if they are going to be acting on behalf of a company, the updated statutes of their company, and powers of attorney or acts of appointment that allows him to act on his behalf. CONSTATA will also carry out a telematic biometric process through a video call or similar technology, in which the consent and acceptance of the process by the USER will be established, in addition to ratifying the data provided above.

The process of verification and analysis of this data will be carried out by CONSTATA personnel , who will be assisted by public databases and special software that allows fraud to be avoided. Upon successful completion of this process, CONSTATA will apply a time stamp to all the documents and means that appear in the verification file.

From that moment on, all time stamp certificates issued by that USER will have the legend in order to explain the validation carried out: "We verify that the signer is [Name, Surname, identification number, Year of birth, Nationality, Country of residence] and acts as [Title or position within the company, company name, country of company, state company registration number, tax identification number]".

Annex II: Other services.

Service: Electronic notification.

Through the Electronic Notification service, CONSTATA certifies that an issuer has completed the necessary procedures to contact one or more recipients. To use the service, the issuer writes an email and adds CONSTATA's virtual assistant ace@constata.eu in a copy of it (in the To, CC, BCC fields).

CONSTATA applies a timestamp to the RAW version of the email, thus crediting the content and all the headers of the email, which includes the other recipients of the email and the information of the email servers that processed the message.

Once the time stamp is applied to the mail, the sender receives a time stamp certificate that contains the mail in RAW format, and each section of the mail separately.

If the USER issuing the notification has activated the electronic signature or electronic stamp service associated with their email address, the certificate will also be electronically signed by the USER , including the legend corresponding to the verifications that CONSTATA has carried out .

The electronic notification service is similar to the time stamp service when it is provided by email. In this case, the email has other recipients besides ace@constata.eu . The time-stamped mail is the proof of the electronic notification, and it is kept for 5 years, with a cost of 1 token for each megabyte of weight.

As current technology does not have reliable mechanisms to reliably certify the opening, reading, and understanding of the mail by its recipients, CONSTATA 's electronic notification is limited to verifying the procedures carried out by the USER when sending the mail.

Annex III: Definitions and acronyms.

Definitions and acronyms are used for descriptive purposes only and are not considered binding for the application and/or interpretation of the contract,

Definitions.

time stamp
Data in electronic format that reference other data in the same format, and link them to a specific moment, providing proof that the latest data exists from that moment.
Electronic signature
Data in electronic format that accredits, through a trusted third party, the consent of a signing natural person with respect to a set of data.
electronic seal
An electronic signature of a legal person (rather than a natural person).
Electronic Trust Service Provider
Natural or legal person that performs one or more trust services.
User
Natural or legal person who uses the payment services of Confirma.
ID
Process by which a person proves his identity.
Integrity
Set of data and/or documents that have not been subject to changes or alterations after their certification with electronic signature and/or time stamp.
Validation
Procedure by which the electronic trust service provider verifies the validity of data or documents.
hashes
Result of the application of an encryption algorithm on a data set, which is unique and unambiguous for each data set, which does not retain information about the original data set, and therefore can only be calculated again from said data set. data set.
bitcoin blockchain
Public database, incrementally written based on immutably sequenced blocks using the proof-of-work algorithm, globally distributed and freely accessible.
Private Key
Secret data guarded by the user, which when introduced together with a document to the digital signature algorithm, produces a digital signature of said document that can be validated using the corresponding public key, proving the user's irrefutable consent without the need to expose his key private.
Public Key
Public data linked to a private key, which, when used in the digital signature validation algorithm, can prove whether the custodian of said private key gave their consent to a document.

Acronyms.

api
Set of protocols used to develop applications that interact with others.
HTML
Hypertext markup language, text document format interpretable by web browsers that can constitute a complete computer application.
SDKs
Software development kit, set of tools that facilitate the development of computer applications and the use of an API.


PRIVACY POLICY OF CONSTATA SL

In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of data and which develops Directive 95/46/CE, Organic Law 3/2018, of December 5, on the Protection of Personal Data and Law 34/2002, of July 11, on Services of the Society of Information and Electronic Commerce, we inform you that the ownership of the domain of our website Constata.eu, corresponds to the company CONSTATA SL, hereinafter "THE COMPANY", with CIF nº B02983997 and address at Calle Paseo de la Castellana 40, 8ª planta, Madrid, 28046, Spain and registered in the Mercantile Registry of Madrid, Volume 41408, folio 174, Page M 733896, as Responsible for the Treatment is informed that:

When contracting our services or using our web and online support services, you must expressly consent to the processing of your personal data by CONSTATA and accept the terms and conditions of use applicable to the contracted service and that we will provide you with prior to carrying out each hiring.

You can contact THE COMPANY through the following email dpo@constata.eu .

In case of any question related to this policy, you can contact CONSTATA through the email indicated above.

The personal data provided by you through the website owned by THE COMPANY ( www.constata.eu), hereinafter, the Web or the Website, or by sending an email, will be incorporated into the files owned by THE COMPANY. The purpose of these files is the management of the users of the Website, as well as the management of the services offered through said Site. Likewise, whenever you authorize it, THE COMPANY will process the data to manage the queries it receives from customers and send advertising and commercial information, by different means, to them about the company, its activities, products, services, offers , special promotions, as well as the documentation of a diverse nature and by different means of commercial information of the company, being able to carry out automatic evaluations, obtain profiles and segmentation tasks of its clients, based on the information available about them, in order to personalize the treatment according to their characteristics and/or needs. The processing of data for these purposes will continue for the duration of the commercial relationship or for the time necessary to comply with the obligations established by law.

Likewise, we inform you that in the event that you authorize the sending of commercial communications, you consent to your personal data being communicated, where appropriate, to companies linked and/or related to THE COMPANY, understanding as such those that are collected from an updated manner on the websites of the sector, for the purpose of facilitating control and global management of the users of the Website and the queries made by them, as well as for sending information to them about their products and services related to the sector of activity of each of them, through different means.

You guarantee that the information provided is true, exact, complete and up-to-date and you will be solely responsible for any direct or indirect damage or loss that may be caused as a result of breach of such obligation. You must inform THE COMPANY of any change in the personal data for the correct management and quality of the service and data processed, especially those referring to contact data, such as address, name, bank address, email , telephone, etc. In the event that the data provided by you belongs to a third party other than the one who provides the data, you must inform the third party of the aspects contained in this Privacy Policy and obtain their authorization to provide your data to THE COMPANY for the purposes indicated.

You certify that you are over 18 years of age and that, therefore, you have the necessary legal capacity to provide consent regarding the processing of your personal data and all of this, in accordance with the provisions of this Privacy Policy. CONSTATA also records that the services, access to content and product offerings on this website are exclusively subject to those over 18 years of age.

You are informed that in the collection and processing of personal data, adequate security measures have been adopted to prevent loss, unauthorized access or manipulation of the same, in accordance with the provisions of the Regulation (EU ) 2016/679 of the European Parliament and of the Council, of April 27, 2016.

Treatment of personal data according to the service:

Time stamp and simple electronic signature through e-mail.
When using the time stamp service through e-mail, it is necessary to have your e-mail address.
If you use this service, you consent to your personal data being shared in the certificates and, therefore, by sharing the certificate, you can access those personal data anywhere in the world where this certificate is shared, CONSTATA being free of any responsibility.
Time stamp and electronic signature of institutions and individuals.
When using the complex electronic seal and signature service, you will provide personal data so that they are included in the certifications in such a way that your person or institution is related to your signature and seal. Thus, the personal data of an identifying nature (Name and surnames, DNI/NIE/Passport and email address), will appear in the certificates that you issue.
Depending on the type of certificate, some additional personal data may be added that will be requested from you and you must give your consent in a timely manner.
You are responsible for the use of your certificate and with whom you share it. It is recalled that personal data is included in the certificates and therefore, when using the service, that personal data will be accessible to whoever receives the certificate, and this recipient can then share it.
If you use this service, you consent to your personal data being shared in the certificates and, therefore, by sharing the certificate, you can access those personal data anywhere in the world where this certificate is shared, CONSTATA being free of any responsibility.
Electronic notification service.
To use the electronic notification service, you will send an email to CONSTATA and place a copy on those people to whom you want to notify the certified and sealed content in the blockchain. In this case, you will be providing your email address in addition to the address(es) of those whom you want to notify.
You are responsible for the use of your certificate and with whom you share it. It is recalled that the personal data is contained in the certificates and therefore when using the service that personal data will be accessible to whoever receives the certificate, and this recipient may later share it with third parties.
If you use this service, you consent to your personal data being shared in the certificates and, therefore, by sharing the certificate, you can access those personal data anywhere in the world where this certificate is shared, CONSTATA being free of any responsibility.
Webinars and information about CONSTATA services .
Allow the user to attend training sessions and webinars, as well as offer the services available through our website and web tools, respond to their requests for information, provide the support offered or manage their incidents either by mail, contact sheet or chat on-line. Likewise, your personal data may be processed to send you communications by email to know your opinion regarding the services offered and in general your experience as a user. The consent of the interested party may be requested for registration in free training services, webinars as well as as to access free web tools.
Depending on the CONSTATA service , it may be responsible for the data or in charge, it will be responsible in the cases that it directly receives the personal data of the person and will take the role of in charge when the personal data that it receives is not from the person who transmits it but from a third.

Rights and their exercise

In accordance with the provisions of the European Data Protection Regulation and the Organic Law on Personal Data Protection, to exercise your rights of access, rectification, cancellation and opposition to your data, you can write to us identified with the reference "Protection of Data” to the following email address dpo@constata.eu or by post by sending your letter to Paseo de la Castellana 40, 8th floor, Madrid, 28046.

CONSTATA makes available to you the necessary means to exercise your rights of Access, Rectification, Cancellation, Opposition, Portability and Forgetting at all times when you deem it appropriate. To do this, you can initiate a claim of your rights through the email created for such purposes, attaching a copy of the passport or DNI (data holder) and expressly indicating in the subject the right you wish to exercise.

User rights

It is made known that CONSTATA carries out the corresponding data processing, will safeguard and manage your personal data with the greatest possible diligence, applying limitation and minimization criteria.

In the event that you consider your rights violated, you may submit the corresponding claim to the Spanish Agency for Data Protection ( www.agpd.es ). In this case, we will do everything possible to solve any question related to data protection at the email address dpo@constata.eu .

Social networks

CONSTATA uses your profile on the social networks Facebook, Twitter, LinkedIn and Instagram, being able to carry out the following in different cases: “follow” your activity, be “followed” and advertise the products and services offered by CONSTATA .

You will be able to join the profiles created by CONSTATA on social networks, in the cases in which you do so, you will be granting consent for the processing of personal data from your profile.

CONSTATA may use social networks to advertise its products and services, to carry out direct commercial prospecting actions, always complying with the requirements of data protection and information society regulations.

THE COMPANY guarantees the security, secrecy and confidentiality of your data, communications and personal information by adopting, in compliance with current legislation, the most demanding security measures.

Third party recipients

In certain cases , CONSTATA may communicate Personal Data to (i) third-party service providers, with reference to activities related to technological, accounting, administrative, legal, insurance and/or IT sectors. Those who are allowed access to personal data, will be only for the purpose of complying with the contracted service and always in compliance with current legal regulations, these entities will be considered "In charge of treatment" and always within of the jurisdiction of the European Union.

Conservation terms

The data provided will be kept in electronic format, while the contractual relationship of the contracted service is maintained and for the years necessary to comply with the legal obligations of registration and access.

This document is provided for informational purposes. CONSTATA EU DIGITAL TRUST Services SL ensures the currency, accuracy and veracity of personal data, although it warns that they are not official texts and declines all responsibility for damages that may be caused due to inaccuracies or inaccuracies in the themselves.