FEA Terms and Conditions

General Terms of Service

for the use of the Advanced Electronic Signature solution otpservice.io

Last updated: July 8, 2022

Preamble
Dear user,
Fractalgarden S.r.l., with registered office at Via L. Battistotti Sassi 11, 20133 Milan, VAT No. 05006700966, REA number MI-1789001 (hereinafter “Fractalgarden”) has developed and offers an innovative tool for signing electronic documents using Advanced Electronic Signature (hereinafter, FEA) as defined by EU Regulation 910/2014 and regulated by the Digital Administration Code (Legislative Decree No. 85/2005, hereinafter CAD) and the Technical Rules on the generation, application and verification of advanced, qualified and digital electronic signatures referred to in the D.P.C.M. of February 22, 2013 (hereinafter, DPCM).
The Signature Service is provided by Fractalgarden on behalf of a Proposing Entity (hereinafter also referred to as “Proposer”) who proposes to another party (hereinafter also referred to as “Signatory” or “Signing User”) to regulate their institutional, corporate or commercial relationships through the use of IT tools and particularly through the use of electronic signature implemented through the Advanced Electronic Signature solution subject to these terms of use.
As this is an advanced electronic signature procedure, the regulations require the Signing User to accept the related terms of use after learning how it works: therefore, in the absence of such acceptance, the signing procedure described below cannot be used.
It is understood that, in accordance with Article 60 of the aforementioned DPCM of February 22, 2013, the proposed FEA solution may be used exclusively in the relationships between the Proposer and the Signing User.

Value of the proposed FEA solution and its use
The proposed signing system is based on the collection and storage, together with the signed document, of additional information capable of identifying the signatory and ascertaining their effective manifestation of will in relation to the content of that document.
The solution, therefore, allows the Signing User to manifest the will to accept the content of documents that will thus have the same legal and probative effectiveness recognized by our legal system to traditional private writings (Article 2702 of the Civil Code) and, at the same time, as provided for by Article 20 paragraph 1-bis of the CAD, will allow to guarantee the satisfaction of the written form requirement, where required.
The FEA may be used by the Signing User for the signing of all documentation related to the relationship between the same and the Proposer. The Proposer will identify, from time to time, the documentation that it deems signable through the FEA solution described here and will propose its use to the Signing User, through the platform developed by Fractalgarden.
Fractalgarden is always available to provide information and assistance in relation to the FEA solution implemented.

Technical characteristics of the proposed system
The proposed FEA solution provides, following the identification of the Signing User, their authentication in a reserved area and confirmation of their willingness to sign the presented documents by entering a specific OTP code sent to a mobile phone or via e-mail to the e-mail address in the exclusive availability of the Signing User.
The specific systematic and functional characteristics of the solution subject to these Conditions are described in the Technical-Illustrative Annex.
Below is a summary of the main features:

A) Description of the signing and document storage phases
If the Proposer needs a document to be signed by the Signing User, an advanced electronic signature (FEA) process can be activated by connecting to the website www.otpservice.io.
Following their registration and purchase of credit to use the service, the Proposer can upload the documents to be signed and the data of the Signing User to whom they will request adhesion to the service and subsequent application of FEA.
The process involves a first phase that aims to collect information relating to the identification of the Signing User made by the Proposing Entity either in person or remotely, using, in the latter case, the asynchronous video-identification procedure made available by Fractalgarden.

Activation phase
a. The Proposer authenticates in their reserved area of the otpservice.io website and activates an electronic signature process.
b. The proposer proceeds to identify the signing User through one of the following alternative procedures:
b1. in-person identification and subsequent upload, through a specific form, of copies of the identity documents used for the identification of the signing User;
b2. stand-alone video identification procedure with asynchronous verification by the signing User, and subsequent validation by the Proposer or their delegated operators; until the identification process is validated, the AES will remain suspended and its validity conditional on the positive outcome (even after the signature is affixed by the signing User) of the video identification verification procedure.
c. A copy of the document used for identification will then be kept for at least 20 years, as required by current regulations (ref. art. 57 of DPCM February 22, 2013).
d. The procedure requires confirmation of the signing User’s personal details, email address and/or mobile phone number, which the signing User declares to be in their exclusive possession.
e. The signing User proceeds with the acceptance of these AES terms of use (this form) through the signature procedure described below. The form is kept for at least 20 years as required by current regulations.
For the purpose of activating the service, the signing User accepts these Terms by affixing their signature to the declarations contained in the contractual document that they will sign using the AES solution, which simultaneously, given the formalized acceptance, produces its legal and evidentiary effects.

Signing phase
a) The documentation to be signed is uploaded to a specific reserved area by the Proposer within their reserved area;
b) the Proposing Subject identifies the quantity and location of the signature fields on the uploaded documentation;
c) the signing User indicated by the Proposing Subject receives a link (via SMS or email) through which to access a reserved area of the OTPService.io website;
d) the signing User accesses this reserved area and views the document to be signed, and proceeds by confirming via point on the individual signature fields for which their approval is requested;
e) the signing User confirms their intention to sign the approved contents by point by entering the OTP received via SMS or email indicated and confirmed during the acceptance of the AES terms of use;
f) in case of successful completion of the signing process, all information related to the AES application is added to the document and a qualified electronic signature or qualified electronic seal is applied by Fractalgarden as the provider and manager of the solution to ensure the integrity of the signed document.

Document management after signing
Once the signing process is completed, the OTP service platform or the proposer itself sends the signed document to the signing User via email.
The document thus formed and signed will then be sent by the proposer for compliant digital preservation according to the timelines agreed with the appointed conservator.

B) The unique connection of the signature to the signer
The proposed signature solution is based on the identification of the signing User and the confirmation of their willingness to sign the proposed documentation by returning a One Time Password automatically sent to one of the systems (mobile phone or email box) that the signing User has declared to be in their exclusive possession.

C) Unique connection of the signature to the signed document
To ensure the unique connection of the signature to the document, the signature application records, for each signature field provided, the date and time of its affixing.

D) Guarantees of integrity and immutability of the signed document
In the process related to the proposed AES solution, to guarantee the integrity and immutability of the document, the document’s hash is recalculated, this time after the signature data has been affixed, and a qualified seal pursuant to European Regulation 910/2014 (so-called eIDAS Regulation) is applied to this hash by the solution manager.
In this way, the immutability and integrity of the signed document are preserved, as any possible alteration becomes immediately verifiable even with commonly used document reading programs such as Adobe Acrobat Reader, which, in case of modification of a document after it has been closed with a digital signature or qualified electronic seal, highlights the alteration.

E) Absence of executable codes or macros in signed documents
The document that the signing User signs with the proposed AES solution must be in a format that prevents (or at least makes evident) the insertion of programs or instructions potentially capable of modifying the acts, facts, or data represented in the document itself (preferably PDF/A).

Guarantees for the signing User
Joining the AES service is completely free for the signing User.
All information related to the described electronic signing procedure is always kept updated and available on the OTP service website at the internet address: https://www.otpservice.io/.
The signing User, through the address provided during identification, also has the right to obtain at any time, freely and at no cost, a copy of these Conditions accepted by them, the Technical-Illustrative Annex, and all other information demonstrating the consistency of the service with all the requirements of Article 56, paragraph 1, of the DPCM.
Once the required signatures are affixed, the system automatically revokes consent to use the AES to ensure that no further signature can be added.
In the interest of the signing User and in compliance with the provisions of paragraph 2 of Article 57 of the DPCM of February 22, 2013, the Proposer is obliged to obtain civil liability insurance coverage issued by an insurance company authorized to operate in the field of industrial risks for an amount not less than five hundred thousand euros. To receive information on coverage and related details and limits, you can contact the Proposer.

Preservation
As required by the current regulations, the Proposer, also through an appropriate digital document preservation system provided by Fractalgarden, will ensure the compliant preservation for at least 20 years of the identification documents used for the identification of the signing User and the related AES usage conditions accepted by the latter.