Terms and Conditions Xolphin

Definitions

1. Account: the acces rights to an online user interface (the Control Panel) whereby the Client can manage specific aspects of the Services and the configuration, accessible through the website and through the API. The Account will be accessible after entering the Login data.
2. Certificate: a digitally signed electronic data file, issued by a Certificate Authority (CA) to a natural person or legal entity who/which endeavours to execute (business) activities through a communication network, that can contain: a copy of the Public Key, a serial number, a period of validity during which the electronic data file is permitted to be used and a Digital Signature issued by the CA. In the event of a higher validation level than DV the certificate will also contain the identity of the natural person or legal entity who/which is authorised to use the Digital Signature.
3. Control Panel: The digital environment, which the Client has access to by means of the Account, where the Agreement can be managed, amendments can be implemented and progress can be consulted.
4. Service: A service that will be provided by Xolphin to the Client, related to a delivered Product or a Product that is to be delivered, or another service that will be offered by Xolphin through its websites.
5. Digital signature: a digital code based on asymmetric cryptography attached to an electronic document, used to verify its contents and the sender's identity, with the purpose of a digital alternative for a handwritten signature.
6. Client: the natural person acting in the exercise of a profession or business, or a legal entity who/which has entered into an Agreement with Xolphin B.V. The Client can also be a Reseller. Additional terms and conditions apply to Resellers.
7. Vulnerability scan: a service which checks your website for malware, vulnerabilities and security flaws.
8. Supplier: The ultimate supplier, designated by the Client, of the Product including Comodo, Geotrust, Symantec, Thawte and Globalsign, such as the certificate service provider.
9. Login Data: The email address and accountability password chosen by the Client for access to the Account, whereby the Client will be personally responsible for choosing a secure password.
10. Agreement: the agreement between Xolphin B.V. and the Client on the basis of which one or more Products and/or Services will be delivered, which comes into effect subject to the conditions in Article 1.
11. Product: A product that is offered by Xolphin B.V. through one of the Websites, such as a SSL Certificate, Digital Signature, or other IT security.
12. Reseller: the legal entity that purchases Products with the objective of reselling these. The Reseller is (generally) not the titleholder of the certificate.
13. Website: xolphin.nl, sslcertificaten.nl, digitalehandtekeningen.nl, vulnerabilityscans.nl and subdomains and other extensions that Xolphin is the holder of.
14. Xolphin: Xolphin B.V. with its registered office in Alkmaar and registered with the Chamber of Commerce under number 37101223.

Article 1. Offer and acceptance

1. These General Terms and Conditions apply to every agreement between Xolphin and the Client. Provisions or terms and conditions set out by the Client which derogate from, or are not present in these General Terms and Conditions, will only be binding for Xolphin if and insofar as these are accepted expressly in writing by Xolphin.
2. The Agreement between Xolphin and the Client is concluded by generating an Account on the Website, placing an order through the Website in the Control Panel, through the AP, and/or accepting an offer issued by Xolphin. Xolphin makes an offer through the Websites, which the Client agrees upon.
3. The electronic Agreement is only valid after the Client has seen a correct order confirmation and the application is visible under 'ongoing applications' in the Control Panel. The Client must check this order confirmation and, in the event of an error, the Client must immediately, but in any event within two hours, contact Xolphin.
4. Every action that takes place under the Account of the Client, after the Login Data has been entered, will be deemed to have been executed under the responsibility and risk of the Client. If the Client knows, or reasonably ought to know, that there is misuse of an Account, the Client must report this as soon as possible to Xolphin so that measures can be taken.
5. An offer is without obligation and valid until 30 days after the sending thereof by Xolphin, unless otherwise stated in the offer.
6. Xolphin has the right to refuse a Client at its discretion without stating a reason.
7. If and insofar as the proper execution of the Service requires this, Xolphin has the right to have specific work executed by third parties.
8. In the event of conflict between provisions of the Agreement, the General Terms and Conditions, or appendices thereto, the following order of priority will apply:
   • the Agreement;
   • any Service Level Agreement;
   • the General terms and conditions;
   • any additional terms and conditions.

Article 2. Price and payment

1. The payable amount for Products and/or Services will be stated on the Website and during the order process. The descriptions and amounts in the Control Panel or the API are binding. The amounts can be changed at any time.
2. Unless expressly stated otherwise, all prices stated by Xolphin are excluding turnover tax and other duties levied by authorities.
3. If a price in an offer is based on data provided by the Client and this data appears to be incorrect or incomplete, Xolphin will have the right to adjust the prices accordingly, also after the Agreement has already come into effect.
4. All prices in the Xolphin Website are subject to the proviso of programming errors or typographical errors.
5. If the Agreement is a continuing performance contract Xolphin will be entitled to increase the rates applied at any time. Xolphin will inform the Client of this through the Website and the Control Panel at least 3 (three) months in advance.
6. If the Client does not want to agree to the price increase the Client will be entitled to terminate the Agreement in writing within 1 month after the notification referred to, with effect from the date on which the rate change would have come into effect.
7. The Client agrees to electronic invoicing. Xolphin will invoice the amount owed by the Client digitally and immediately after the delivery and will email this to the email address stated by the Client. All invoices are also available in the Control Panel. Invoices can be forwarded by regular mail upon the request of the Client.
8. The payment term of each invoice is 21 days, unless stated otherwise in the invoice, or otherwise agreed in the Agreement.
9. Payments can be made by means of a continuous direct debit mandate, through iDeal, or by means of a bank transfer.
10. If the Client does not pay in a timely manner the Client will be in default by operation of law after the expiry of 10 days without the requirement of notice of default for this. The statutory interest will be owed from the first day of the payment term.
11. In the event of payment not made in a timely manner the Client, in addition to the amount owed and the interest due over this, will be obliged to payment in full of the reasonable costs that where made for extrajudicial as well as judicial collection costs, including the costs of lawyers, bailiffs and collection agencies.
12. The claim for payment will be immediately due and payable in the event that the Client is declared bankrupt, applies for moratorium, or full attachment is levied on the assets of the Client, the Client dies and furthermore if the Client goes into liquidation or is dissolved.
13. In the above events Xolphin furthermore will have the right to terminate or suspend the performance of the Agreement, or any part thereof that has not yet been performed, without any notice of default or judicial, and without any right of the Client to compensation of damage that might arise because of this.
14. If the Client does not, or does not in a timely manner, fulfil the obligation to provide information, or the payment obligation, Xolphin will be entitled to suspend the delivery of Products and/or Services, until the obligations have been fulfilled. Xolphin has the right to charge the costs arising through this, in accordance with the usual rates, to the Client.

Article 3. Duration and termination

1. Each party is only entitled to transfer its rights and obligations under the Agreement to a third party with prior permission in writing from the other party.
2. The Agreement is entered into for the duration for which the Certificate is valid, or as the case may be another expressly agreed duration. The duration will be set out on the Website, in the Control Panel, or in the offer. The duration of a Certificate will be stated in the Certificate itself as well.
3. The Agreement will not be extended tacitly, unless agreed otherwise. Xolphin makes endeavours to warn the Client in a timely manner, prior to the ending of the duration of the Product or the Services, that an extension is necessary. However, it remains the responsibility of the Client to on time.
4. The Client can terminate the Agreement free of charge within 30 days after the delivery.
5. The Client can terminate the Agreement during the entire term thereof. The delivered Product or the Service provided will be withdrawn for the remaining duration or, as the case may be, will be ceased. Unless expressly agreed otherwise in writing, the termination of the Agreement by the Client does not grant the Client the right to repayment or credit.
6. Termination by Xolphin of the Agreement is possible, without notice of default and without judicial intervention, by means of notice in writing with immediate effect, in the following events:
   • If (provisional) moratorium is granted to the Client, a petition for bankruptcy is submitted, or if the enterprise of the Client goes into liquidation, or is terminated other than for the purpose of restructuring or merger of enterprises.
   • If the Certificate is withdrawn as referred to in article 4, in circumstances that can be attributed to the Client.
   • If the Client does not fulfil the obligations under this agreement.

The termination is, in these events, to be attributed to the Client and will not result in any right to repayment or credit. If Xolphin has suffered damage due to termination or due to the circumstances that have resulted in termination, this damage can be recovered from the Client. Any outstanding amounts will remain owed in full and will be immediately due and payable at the time of the termination.

Article 4. Certificate

1. The Supplier generates the Certificate on the basis of the data provided by Xolphin. Xolphin has the duty to inspect the data provided by the Client and can only forward an application to the Supplier if all data is complete and correct.
2. The Certificate is valid for the agreed duration, unless the Certificate is withdrawn in the interim.
3. Xolphin and/or the certification service provider can withdraw the Certificate prior to its expiry, with immediate effect, in the following situations:
   1. if it appears that the Certificate contains incorrect information; or
   2. if the Client has not, or has not in a timely manner, paid the amount owed for the Certificate; or
   3. if the reliability of the Certificate, in the opinion of Xolphin and/or the Supplier is compromised; or
   4. if the Client does not adhere to the Agreement and the accompanying General Terms and Conditions; or
   5. if Xolphin discovers that the Certificate is used for criminal activities, such as fraud, distribution of malware or phishing, or is misused in another manner; or
   6. due to a circumstance designated by the Supplier, as described in the certificate condition of the Supplier concerned.
4. Unless the ground for withdrawal can be attributed in any manner to the Client, Xolphin will provide a new Certificate free of charge to replace a Certificate that has been withdrawn prior to the expiry thereof.
5. The Client is aware of and states to agree to the fact that the Suppliers that Xolphin works together with, can take the ultimate unilateral decision to proceed with granting, adjusting or withdrawing of Certificates. Xolphin will endeavour to assist and inform the Client as soundly as possible during the process of granting, adjusting or withdrawing of Certificates.
6. After issuance, Supplier grants the Client a revocable, non-exclusive, non-transferable license to use the issued Certificates on the server hosting the domain name(s) listed in the Certificate.

Article 5. Vulnerability scan

1. A vulnerability scan is a service that can only be seen as a passive measure to discover vulnerabilities. A Vulnerability scan itself is not ment for reparing or preventing vulnerabilities and insecurity. A succesfully performed scan does not guarantee that the website is free of vulnerabilities and that all insecurities have been discovered.
2. Client needs to make sure the Vulnerability scan can be performed succesfully, therefore the client will make sure the IP address originating of the Vulnarabilitiy scan will not be blocked.
3. The TrustLogo may only be used, in case Xolphin explicitly says so.
4. Xolphin is obliged to adapt the Vulnarability scan, to remove it and to change or update it. The changes can be made, without notifying the client.

Article 6. Obligations of the Client

The Client guarantees the following to Xolphin:

1. The Client will always provide Xolphin in a timely manner with useful and necessary data or information required for the proper performance of the Agreement, and will provide full cooperation. The Client guarantees that the provided data is correct. The Client will immediately inform Xolphin if the data is changed or appears to be incorrect.
2. The Client will only provide personal data to Xolphin if the Client has a legal basis for this, as referred to in the Personal Data Protection Act. The Privacy and cookie statement applies to the provided data.
3. The Client will take all required measures to secure, to keep secret and to keep under its own management the Private Key, that forms part of the pair of keys together with the Public Key in the requested Certificate. The Client will also take precautions to protect and keep secret the resources with which access can be acquired to the Private Key, such as passwords and/or tokens.
4. The Client will inspect the data in the Certificate for accuracy.
5. The Client will only install the Certificate on servers with access to the Subject Alternative Name (subjectAltName) that is stated in the Certificate, and will only use the Certificate in conformity with these General Terms and Conditions and all applicable legislation and regulations.
6. The Client will immediately cease the use of the Certificate and the accompanying Private Key and request that Xolphin withdraws the Certificate concerned if:
   • the information in the Certificate is incorrect (has become incorrect); or
   • if there is suspicion of actual misuse or theft of the Private Key, which forms part of the pair of keys with the Public Key in the requested Certificate.
7. The Client will immediately cease the use of the Private Key, which forms part of the pair of keys with the Public Key in the requested Certificate, if the Certificate is withdrawn as a result of the misuse or theft of the Private Key.
8. The Client will follow the instructions from the Supplier (Certificate Authority) related to a stolen Private Key as quickly as possible and at least within one hour after notification.
9. The Client will ascertain the contents and meaning of the Product and/or the Service and the accompanying restrictions. All information with regard to Products and Services, including Certificates, can be found in the Knowledgebase on the Website.
10. The Client is responsible for the use of the Products and Services provided by Xolphin and will ensure adequate system administration for this purpose. The Client is not permitted to make changes in or of the delivery.
11. If Xolphin provides Services virtually or physically at the location of the Client, the Client will be responsible for ensuring all requested or required facilities free of charge.
12. The Client guarantees that any received information of a confidential nature, including trade secrets, will remain secret during and after the end of the Agreement.
13. The Client guarantees that no rights of third parties prevent the making available to Xolphin of equipment, software, materials, or data, for the purpose of using or processing. The Client will indemnify Xolphin against every action that is based on the allegation that such making available, such use or processing infringes any right of third parties.

Article 7. Resellers

Insofar as the provision of service (also) includes reselling, or otherwise making Certificates, Products or Services of Xolphin available in exchange of payment (“Reselling”) by Reseller to the clients of the Resellers, the following applies:

1. The Resellers will act in their own name, at their own expense, and at their own risk and will not be entitled to conclude agreements for or on behalf of Xolphin, or to create the impression that they are the agent or representative of Xolphin.
2. A Reseller is free to determine offers and prices to his/her clients.
3. The Reseller is not entitled to use in promotional or commercial communication any trade name, brand name, logos, or signs of Xolphin with the objective of making use of the goodwill or good reputation of Xolphin for attracting clients by the Reseller, without prior permission in writing from Xolphin. However, the Reseller is permitted to communicate in a commercial manner that it makes use of Products and/or Services of Xolphin.
4. A Reseller must impose the same obligations on his/her clients as Xolphin imposes with regard to the Product(s) or Service(s) made available and the information to be provided. Xolphin can require that the Reseller submits evidence for this.
5. The failure to pay, or late payment by clients of the Reseller will not release the Reseller from his/her payment obligations towards Xolphin.
6. Xolphin will exclusively make contact with clients of the Reseller through the Reseller, unless Xolphin has an urgent reason to directly approach the client of the Reseller, or the Reseller provides permission for direct contact. Direct contact with the client with regard to the validation and issue of Certificates will take place in the name of the Supplier.
7. The Reseller is at all times fully liable for all that which its clients do or omit through the systems or networks of Xolphin, or as the case may be those of its Suppliers, and the Reseller indemnifies Xolphin against all possible damage ensuing therefrom.
8. In the event of setting aside or termination of the Agreement due to breach of contract on the part of the Reseller, Xolphin will acquire the right to terminate the Agreement with the Reseller with immediate effect, to approach and inform clients of the Reseller, and to take over these clients in the name of Xolphin, in order to safeguard the continuity of the provision of service towards these (end) clients.
9. Xolphin has the right to conduct (or have conducted) an audit at the location of the Reseller in order to verify that the Reseller adheres to the rules under the Agreement.
10. The parties are independent contractors, and no agency, partnership, joint venture or employee-employer relationship is created by this Agreement.

Article 8. Obligations of Xolphin

1. Xolphin has employed employees who have sufficient knowledge and experience available and the necessary qualifications to provide the Products and Services.
2. Parties will always inform each other promptly in writing of any changes of name and address details, postal address, email address, telephone number and, if requested, bank account number.
3. The Privacy and cookie statement applies to the provided information, which means that Xolphin will be responsible for ensuring a suitable security level and that (personal) data is only processed in a lawful manner and with a legal basis and that confidential information will remain secret.
4. Xolphin applies technical and organizational measures to control the risks. These measures safeguard a security level that is proportional to the extent of the risk, taking the most recent technological developments into consideration. Measures are taken in particular to prevent the consequences of security incidents and to limit these to a minimum, as well as to inform interested parties of the negative consequences of such incidents.

Article 9. Delivery and availability

1. All (delivery) periods referred to by Xolphin are recorded to the best of its knowledge. The delivery period is recorded assuming that the provided data is complete and correct and also depends on the accessibility and cooperation of the end client. The mere exceeding of a delivery period will not cause Xolphin to be in default. Xolphin is not bound by (delivery) periods in circumstances that are beyond its control. If any exceeding of a period is pending Xolphin will report this. The Control Panel shows which data is necessary for a delivery.
2. If a Product or Service cannot be delivered or can only be delivered partially, the Client will be deemed to agree to the partial delivery. The Client will be informed as soon as possible and the Client can also consult about this through the Control Panel. The Client retains the right after partial delivery to terminate the Agreement within 30 days (article 3).
3. All goods delivered to the Client remain the property of Xolphin until all amounts owed by this Client for the Products and/or Services to be delivered or delivered pursuant to the Agreement and the accompanying costs, have been paid in full to Xolphin.
4. Rights will be granted or transferred to the Client once the Client has paid in full and in a timely manner the agreed payments.
5. Xolphin will endeavour to achieve uninterrupted availability of its systems and networks, and to achieve access to the data stored by Xolphin, but does not offer any guarantees for this.
6. Xolphin will endeavour to keep the software used by it up to date. However, Xolphin is hereby dependent on its Supplier(s).
7. Xolphin will endeavour to ensure that the Client can make use of the networks that are directly or indirectly connected to the network of Xolphin. However, Xolphin cannot guarantee that these (third party) networks will be available at any time.

Article 10. Breakdowns and force majeure

1. None of the parties can be obliged to fulfilment of any obligation in the event of force majeure.
2. Force majeure can be taken to mean in any event, but not exclusively: (a) breakdowns of the internet or other telecommunication facilities (including DoS-, DDoS- of DR-DoS attacks by third parties)), (b) (contractual) shortcomings by parties Xolphin is dependent on during the performance of the Agreement, including Suppliers, (c) defectiveness of goods, equipment, software, or material the use of which has been prescribed by the Client to Xolphin and (d) government measures.
3. If a force majeure situation lasts longer than two weeks each of the parties will have the right to terminate the Agreement. That which has already been achieved on the basis of the Agreement will be settled pro rata in that event, without parties owing anything to each other.

Article 11. Property rights

1. All industrial or intellectual property rights to all software, equipment, or other materials or products as well as the preparatory materials thereof, developed or made available pursuant to the Agreement, are vested exclusively in Xolphin or its licensors. The Client exclusively acquires the rights of use and entitlements that are granted by these terms and conditions, or otherwise expressly granted, and in all other respects the Client will refrain from reproducing, or from making copies.
2. All software made available, equipment etc. must be regarded as confidential information.
3. The Client is not permitted to remove or change any specification with regard to copyright, trademarks, trade names or other intellectual or industrial property rights ensuing from the delivery.

Article 12. Liability

1. Xolphin guarantees that the delivered Certificates fulfil the requirements of Dutch law and of European regulations.
2. Xolphin will make utmost endeavours to verify that the delivered information is correct and complete. Xolphin will keep logs up to date of each conducted inspection and implemented change. Xolphin can be liable for damage ensuing from incorrect or incomplete data in the Certificate only if and insofar as Xolphin has been negligent during the validationprocedure thereof.
3. Xolphin guarantees that it will be possible to withdraw the Certificate at all times. Xolphin will not be liable for damage, insofar as the Client knew or ought to have known that the Certificate must be withdrawn and has not informed Xolphin immediately of this. Xolphin is only liable for late withdrawal of a Certificate insofar as Xolphin has been negligent during the withdrawal of the Certificate.
4. The liability of Xolphin for damage suffered by the Client as a direct result of an attributable failure in the fulfilment by Xolphin of its obligations under the Agreement - expressly including also every failure in the fulfilment of a guarantee obligation agreed with the Client - or as the case may be an unlawful act on the part of Xolphin, its employees or third parties engaged by it, is for each incident, or a series of related incidents, limited to an amount equal to the total of the payments (excluding VAT), which the Client owes under the Agreement, or if the Agreement has a duration of more than six (6) months, an amount equal to the payments, which the Client has owed in the last six (6) months prior to the incident that caused the damage. However, under no circumstances will the total compensation for damage amount to more than 10,000 Euro (excluding VAT), unless the law prescribes otherwise.
5. The total liability of Xolphin for damage to property will under no circumstances amount to more than €100,000, or if this is less, that which the corporate liability insurance of Xolphin pays in the case concerned, unless the law prescribes otherwise.
6. The liability of Xolphin for indirect damage, including consequential loss, lost profit, lost savings, garbling or loss of (company) data and loss due to business interruption, is excluded at all times.
7. It is always conditional to the arising of any right to compensation that the Client always reports the damage in writing to Xolphin within 30 days after the arising thereof. The liability of Xolphin due to attributable failure in the performance of the Agreement arises only if the Client has promptly and properly given notice of default in writing to Xolphin, thereby providing a reasonable period within which the failure can be remedied, and Xolphin also after that period remains in attributable failure of the fulfilment of its obligations. The notice of default must contain a description as detailed as possible of the failure, so that Xolphin will be able to respond adequately.
8. The Client indemnifies Xolphin against all claims by third parties and in this sense fully compensates Xolphin insofar as permitted by law.
9. The Client indemnifies Xolphin also against all claims by third parties due to product liability as a result of a defect in a product or system, which a product of Xolphin forms part of, except for if and insofar as the Client proves that the damage was exclusively caused by this Products or Services.
10. Apart from the events referred to in this article, no liability whatsoever for compensation is vested in Xolphin towards the Client, regardless of the basis on which an action for compensation would be based. However, the maximum amount referred to in this article will lapse if and insofar as the damage is the result of intention or gross negligence, or of the negligence on the part of Xolphin referred to in the first subclauses.
11. Xolphin will never be liable for damage caused by force majeure.

Article 13. Export

During the export of Certificates or other products or services, which are delivered by Xolphin to the Client, statutory export provisions can apply, for example with regard to cryptographic products. The Client will keep Xolphin indemnified against all claims by third parties, including also government measures related to the infringements to be attributed to the Client of any applicable export provision.

Article 14. Concluding provisions

1. The Dutch as well as the English version of these General Terms and Conditions apply. However, in case of doubt, the Dutch version will be decisive.
2. Xolphin retains the right to amend or add to these General Terms and Conditions.
3. If any provision of this Agreement appears to be null and void, this will not affect the validity of the entire Agreement. Parties will in that event record a new provision (new provisions) for replacement whereby, as much as possible within the law, the intention of the original Agreement and General Terms and Conditions will be implemented.
4. Amendments also apply with regard to Agreements that have already been concluded, with due regard to a period of time of 30 days after notification of the amendment on the Xolphin Website, through an electronic ticket system or through another type of (electronic) message in writing. Amendments that are of minor importance can be implemented at all times and do not require any notification. The Client can terminate the Agreement by reason of this with effect from the date on which the new terms and conditions come into effect.
5. The Dutch law applies to all Agreements between the Client and Xolphin.
6. Insofar as rules of mandatory legal provisions do not prescribe otherwise, all disputes that might arise by reason of the Agreement will be submitted to the Dutch court with competent jurisdiction in Noord-Holland, location Alkmaar, unless the Client makes it apparent within 1 month that the Client wants to submit the case to the court with competent jurisdiction under the law.
7. The log files and other administrative records of Xolphin, whether or not electronic, will form conclusive evidence of arguments of Xolphin, and the version of any (electronic) communication received or saved by Xolphin will apply as authentic, unless there is proof to the contrary to be provided by the Client.
8. In case of a complaint, you can complete the feedback-form on our website: https://www.xolphin.com/feedback. We will come back to you via e-mail as quickly as possible.

Latest update in February 2017