Terms of Use for SSL Certificates

This Service Order (hereinafter “SO”) forms an integral and substantive part of the General Conditions of Service (hereinafter “GCS”) published on Enartia’s website ( https://web.papaki.com/oroi-xrisis/?lang=en).
The GCS and this SO establish the terms and conditions for the provision of the SSL Certificate of Sectigo Limited (hereinafter “Service”) by Enartia Single Member S.A. (hereinafter the “Enartia” or “Company”) to the Customer (hereinafter “Customer”). The capitalized terms used in this SO have the same meaning as defined in the GCS.
Where “Website” is mentioned, it refers to the website of Enartia’s brand “Papaki” https://web.papaki.com/?lang=en.

The commercial offer published online on the website https://web.papaki.com/legal/ssl/?lang=en forms an integral part of these conditions (“Offer”).

1. Object of the Agreement

The Service allows the Customer to activate an SSL Certificate with the Certification Authority Sectigo, to the benefit of the Subscriber, in accordance with the conditions set out in the following articles and with the features and procedures established in this Agreement and its Annexes.
The SSL Certificate consists of a key pair and verified identity information.
The Customer is informed that Enartia acts as a reseller of an external supplier, Sectigo Limited, as identified below.

2. Definitions

For the purposes of this Agreement, the following definitions shall apply:

“Enartia”: Enartia Single Member S.A., which acts as reseller of Register S.p.A. with registered office in Viale della Giovine Italia 17, Florence (FI), VAT no. 04628270482 which, in agreement with Sectigo, sells the Sectigo SSL Certificate service to the Customer;

“Sectigo”: Sectigo Limited, a limited company incorporated under the laws of England and Wales, with registered number 04058690 and registered offices at 26 Office Village, 3rd Floor, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ, United Kingdom;

“Customer”: The natural or legal person requesting the Service from Enartia. The Customer may be the same as the Subscriber, if the latter requests the Service for its own benefit, or may not be the same as the Subscriber, if the Customer requests the Service to be activated for the benefit of one or more Subscribers other than the Customer;

“Subscriber”: Any natural or legal person identified in a certificate issued by Sectigo;

“Agreement”: Enartia’s GCS, this Service Order (“SO”), the Offer and the documents attached thereto, and the documents referred to therein (“Annexes”) which, taken together, constitute the rules governing the relations between the parties;

“Annexes”: The documents forming an integral part of this Agreement, including the “Certificate Subscriber Agreement” and other contractual documentation prepared by Sectigo Limited relating to the Service, available in the “Legal” section of the Sectigo website at https://sectigo.com/legal.

3.Conclusion of the Agreement and activation of the Service

3.1 Sending of the Order by the Customer to Enartia implies full acceptance of the Agreement and its Annexes by the Customer.

3.2 The Customer acknowledges and agrees that the Service is also governed by the contractual documentation of Sectigo Limited, as amended from time to time and available in the “Legal” section of Sectigo’s website at https://sectigo.com/legal, which forms an integral and essential part of this Agreement.

The Customer represents and warrants that it has informed the Subscriber of such documentation and that the Subscriber accepts and complies with it. The Customer shall be fully responsible for any breach of the above obligations by the Subscriber.

3.3 The Certificate covered by this service is an SSL Certificate, used to support SSL/TLS sessions between a web browser and a web server using encryption. Upon receipt by Enartia of the necessary payment and completion of the activation procedures required for the selected Certificate, Enartia shall contact Sectigo to process the Certificate Request containing the Certificate Signing Request (hereinafter “CSR”) in the format specified by the Certification Authority. If the Certificate Request is approved by Sectigo, Sectigo shall issue a Certificate of Use to the Subscriber. After obtaining the Certificate, the Subscriber shall review the information contained therein and promptly notify Sectigo of any errors. Upon receipt of such notification, Sectigo may revoke the Certificate and issue the correct Certificate.

3.4 The Customer and the Subscriber declare that they have duly read and understood the features, functionalities and methods of use of the Service, in accordance with the provisions of this Agreement, of the further Annexes and of current legislation.

3.5 The Customer and the Subscriber are, in any case, responsible for the truthfulness, correctness, completeness and updating of the information communicated to Enartia and Sectigo regarding the Service.

4. CSR (Certificate Signing Request) generation tool

4.1 If, optionally, the Customer decides to use the CSR (Certificate Signing Request) generation tool provided by Enartia, it undertakes, under its sole responsibility, to save the CSR (Certificate Signing Request) and the relating private key obtained through the tool on its own media and to safely store it. Any disclosure or misuse of the private key may not be attributable to Enartia.

4.2 Enartia informs the Customer that under no circumstances shall it save, even temporarily, the information generated by this tool on its systems. The Customer may therefore not contact Enartia to retrieve the CSR (Certificate Signing Request) and the related private key. The Customer is informed that should keep the private key and has sole responsibility to retain this information.

4.3 The foregoing will also apply if the Customer subscribes exclusively to the CSR (Certificate Signing Request) generation tool provided by Enartia, offered by the latter as a stand-alone service. In the latter case, the other articles of this SO will apply in any case, except if objectively incompatible, and in particular Articles 3, 5, 6, 7 and 8 of this SO. The GTC published on the Enartia website (https://web.papaki.com/legal/?lang=en) and the commercial offer relating only to the CSR generation service will also apply. The CSR provided by Enartia and published online on the website https://web.papaki.com/?lang=en will form an integral part of these conditions (“Commercial Offer”).

5. Duration of service

This Agreement shall be effective until expiration of the Certificate, according to the term indicated in the commercial offer, or its early revocation.

6. Consideration and renewal of the Service

6.1 The Consideration for the provision of the Service is the amount indicated in the commercial offer. The provision of the Service is deemed to have been agreed from the time of payment of the Service consideration by means indicated in the Offer. The renewal price shall be the list price applied by Enartia at the time of the Customer’s request and indicated in the control panel.

6.2 With regard to the renewal of the Service, the provisions of Enartia’s GTC published at the link https://web.papaki.com/oroi-xrisis/?lang=en shall apply.

6.3 The Renew of a certificate starts 30 days before its expiration date. The newly issued certificate will be valid for the remaining days until the original expiry, plus an additional year.

6.4 Right of Withdrawal
The right of withdrawal is governed by Enartia’s General Terms of Service. Where the Customer is a natural person acting as a consumer, the statutory withdrawal period of fourteen (14) days shall apply where relevant under applicable law. No right of withdrawal applies to legal entities or to persons acting for purposes relating to their trade, business, craft or profession. Specifically, for the Sectigo SSL Service, activation of the certificate must be completed within thirty (30) days from the date of purchase of the Service.

7. Protection of personal data andconfidentiality

Once the service has been purchased or renewed, the Customer is required to activate the certificate by accessing the control panel and filling in the appropriate form in order to proceed with the issuing of the requested certificate.

When renewing the certificate, the Customer may decide to use the CSR obtained during the activation phase and stored by Enartia, or choose to continue with the generation of a new CSR and the relative private key.

In the first case, Enartia will continue to retain the CSR obtained by the Customer during the activation phase until the next renewal unless the Customer, at this stage, decides to provide a new CSR. Otherwise, Enartia will continue to store the CSR until the next renewal. In the second case, where the Customer decides to generate a new CSR and a new private key for the renewal of the certificate and provide this to Enartia, Enartia will delete the old CSR previously provided by the Customer from its systems and will only keep the newly provided CSR.

The data processing relating to the CSR is carried out by Enartia as data controller and is aimed at pursuing a legitimate/overriding interest of Enartia. In particular, Enartia has the legitimate/overriding interest in improving the quality of the activation and renewal service of the SSL Certificates of its customers, which, thanks to the retention of the CSR by Enartia, allows for a fast renewal process.

In any case, the provision by the Customer of his/her data to Enartia through the generation or transmission of the CSR is optional, but if such data is not provided it will not be possible to proceed with the activation or renewal of the certificate. The data provided by the Customer for the purpose of issuing the certificate will be disclosed to Sectigo Limited, as an autonomous data controller, in order to execute the contract between the Customer and Enartia. Regarding data processing relating to the CSR, the Customer has the right to access his/her data, to request the restriction of data processing in the cases provided by the law, and to lodge a complaint with the competent supervisory authority. However, since the CSR is composed of codes generated automatically by the generation tool referred to in point 4.1), it should be noted that in practice it is not possible to request the correction or deletion of the CSR itself, except by generating a new CSR using the same tool. The Customer may formulate a request to object to the processing of his/her data in which the reasons for the objection to processing are provided. The Data Controller shall in any case reserve the right to assess the Customer’s request. Requests to Enartia must be sent to the email address indicated in Enartia’s GTC.

8 Disclaimers and limitations of liability

8.1 Enartia undertakes to provide the Service in compliance with the provisions of this Agreement and the Annexes thereto and accepts no liability other than that expressly set forth herein.

8.2 To the fullest extent permitted by law, Enartia offers no implied or express warranty, including without limitation, no warranty of merchantability, fitness for a particular purpose, of satisfaction of the Customer’s or Subscriber’s requests, of non-infringement of rights, non-interruption of supply, lack of errors or any other warranty that may arise from the performance of the Agreement, from commercial practices or from negotiations relating to the Service.

8.3 The Customer takes on all responsibility in relation to the Orders sent to Enartia and undertakes, to the fullest extent permitted by law, to indemnify and hold Enartia harmless from any claim, cost, penalty, towards third parties, including the competent judicial authorities, relating to or in any way connected with the performance of this Agreement and/or breach, by the former or the Subscriber, of the obligations, representations and warranties set forth in this Agreement.

8.4 Specific disclaimers and limitations of liability

8.4.1 The Subscriber and the Customer agree to indemnify and hold Enartia and Sectigo harmless, as well as their directors, shareholders, officers, agents, employees, successors and assigns from each and every claim, legal action, proceeding, sentence, damage and cost (including any reasonable fees or legal costs) of third parties arising from: (i) breach of any warranty, representation and obligation in accordance with this Agreement, (ii) false or misleading declarations made in the Certificate Request, (iii) any violation of an intellectual property right of any person or entity in the information or content provided by the User, (iv) failure to disclose material facts in the Certificate Request if the false declaration or omission was carried out in negligence or with the intent to deceive one of the parties or (v) failure to protect the private key or failure to use a reliable system, or failure to adopt precautionary measures to prevent the compromise, loss, disclosure, modification or unauthorized use of the private key in accordance with the terms of this Agreement.

8.4.2 Application of warranties.The Subscriber and the Customer acknowledge that any warranty provided in connection with the Service applies solely for the benefit of the designated beneficiaries, as specified in Sectigo’s applicable contractual documentation. The Subscriber and the Customer shall have no rights under such warranties, including any right to invoke, enforce or bring any claim based on them.

8.4.3 Disclaimer of warranty. Enartia offers no implied or express warranty, including without limitation, no warranty of merchantability, fitness for a particular purpose, of satisfaction of the Customer’s requests, of non-infringement of rights, non-interruption of supply, lack of errors or any other warranty that may arise from the performance of the Agreement, from commercial practices or from negotiations relating to the Service.

8.4.4 Limitation of liability. SUBJECT TO SECTION 8.4.5. THE FULL LIABILITY OF SECTIGO AND ENARTIA AND THEIR AFFILIATES AND ANY OF THEIR OFFICERS, DIRECTORS, PARTNERS, EMPLOYEES AND CONTRACTORS, RESULTING FROM OR RELATED TO THIS AGREEMENT, IS LIMITED TO THE AMOUNT PAID BY THE CUSTOMER OR SUBSCRIBER FOR THE SERVICES OFFERED. LIABILITY. THE CUSTOMER AND THE SUBSCRIBER WAIVE THEIR LIABILITY FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGE. THIS WAIVER INCLUDES ALL DAMAGES FOR LOSS OF PROFITS, REVENUE, USE OR DATA AND APPLIES EVEN IF SECTIGO OR ENARTIA ARE AWARE OF THE POSSIBILITY OF SUCH DAMAGES. These limitations shall apply to the fullest extent permitted by law regardless of 1) the cause or nature of the liability, including claims, 2) the number of any claims, 3) the extent or nature of the damages, and 4) any other provisions of this Agreement have been violated or shown to be ineffective.

8.4.5 Exceptions. Nothing in this Agreement shall exclude or limit the liability of either party for death or personal injury resulting from negligence of that party or for any fraudulent misrepresentation by either party.

8.4.6 Enartia does not guarantee the issuance of any SSL Certificate. The issuance of a certificate is subject exclusively to Sectigo and depends on the Customer’s and/or the Subscriber’s compliance with the applicable validation requirements, Sectigo policies and applicable laws and regulations.

8.4.7 Enartia does not guarantee that the use of an SSL Certificate ensures absolute security or prevents any security incident, breach, technical malfunction, data loss or unauthorized access.

9. Agreement toSectigoTerms

9.1 By ordering, activating, or renewing an SSL Certificate through us, the customer (“Subscriber”) expressly agrees to:

this Agreement (our Terms & Conditions),

the terms and conditions of Sectigo’s Certificate Subscriber Agreement and other applicable policies, available at https://sectigo.com/legal,

the validation and issuance rules and procedures determined by Sectigo, which vary by certificate type (e.g., DV, OV, EV).

9.2. Obligations of the Subscriber

Subscribers are responsible for:

providing accurate and truthful data during the SSL application and CSR (Certificate Signing Request) process;

completing domain control validation (DCV) or other identity verification steps required by Sectigo;

reviewing the issued certificate for correctness and notifying us or Sectigo of any inaccuracies;

protecting the private key associated with the certificate.

Enartia reserves the right, and Sectigo reserves the authority to reject or revoke certificates that do not comply with these obligations.

9.3. Warranties and Disclaimers

Sectigo provides limited warranties for specific certificate types, as outlined in their legal documentation.

We do not provide any express or implied warranties, including but not limited to merchantability, fitness for a particular purpose, or uninterrupted availability of the service.

We are not liable for any errors, losses, or damages arising from:

use or misuse of the SSL certificate,

Failure to complete validation,

Security breaches related to the Subscriber’s systems or key material.

Any personal data provided in the context of certificate issuance may be shared with Sectigo for the sole purpose of certificate validation and management.

Sectigo acts as an independent data controller for its processing activities. You can review their privacy policy at: https://sectigo.com/legal/privacy-policy

9.4. Revocation

Sectigo and Enartia may revoke a certificate without notice under circumstances that include:

misrepresentation during the application process,

failure to protect the private key,

discovery of compromise, or

Violation of Sectigo or industry standards (e.g., CA/Browser Forum Baseline Requirements).

9.5. Export Compliance and Restricted Jurisdictions
SSL Certificates are subject to export control laws of the United States, United Kingdom, and other jurisdictions.
Subscribers may not use or request SSL Certificates if they are located in, or are nationals of, sanctioned countries, or are listed on restricted party lists.
The same warranties and limitations applicable to certificates issued for restricted jurisdictions (as defined by Sectigo) apply equally here.