EmailSharePrint

Symantec™ Managed PKI for SSL (End User) Subscriber Agreement


YOU MUST READ THIS SUBSCRIBER AGREEMENT ("SUBSCRIBER AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A Symantec SSL ID OR PREMIUM SSL ID OFFERED BY SYMANTEC AUSTRALIA PTY LTD (ABN 88 088 021 603) ("VERISIGN") ("CERTIFICATE"). IF YOU DO NOT AGREE TO THE TERMS OF THIS SUBSCRIBER AGREEMENT, DO NOT APPLY FOR, ACCEPT, OR USE THE CERTIFICATE.

1. Definitions.
"Certification Authority" or "CA" shall mean an entity authorised to issue, manage, revoke, and renew certificates in the VTN.

"Compromise" shall mean a loss, theft, disclosure, modification, unauthorised use, or other compromise of the security of a private key.

"Derivative Work" shall have the meaning set forth in Section 8.

"Device" shall mean a network management tool, such as a server load balancer or SSL accelerator, that routes electronic data from one point to single or multiple devices or servers.

"Registration Authority" or "RA" shall mean an individual and/or entity approved by a CA to assist Certificate Applicants in applying for Certificates, and to approve or reject Certificate Applications, revoke Certificates, or renew Certificates.

"Relying Party" shall mean an individual or organisation that acts in reliance on a certificate and/or a digital signature.

"Relying Party Agreement" shall mean an agreement used by a Certification Authority setting forth the terms and conditions under which an individual or organisation acts as a Relying Party, such as the Symantec Relying Party Agreements that are published at http://www.verisign.com.au/repository.

"Premium SSL ID" shall mean a Class 3 organisational Certificate used to support SSL sessions between Web browsers and Web servers and/or Devices that are encrypted using strong cryptographic protection consistent with applicable export laws.

"SSL ID" shall mean a Class 3 organisational Certificate used to support SSL sessions between Web browsers and Web servers.

"Secure Sockets Layer" ("SSL") shall mean an industry-standard method for protecting Web communications developed by Netscape Communications Corporation. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a Transmission Control/Internet Protocol connection.

"Symantec CPS" shall mean the Symantec Certification Practice Statement, as amended from time to time, which may be accessed from http://www.veriSign.com.au/repository.

"Symantec Intellectual Property Rights" shall have the meaning set forth in Section 8.

"VTN" shall mean the Symantec Trust NetworkTM that is a global public key infrastructure that provides Certificates for both wired and wireless applications.

2. Description of the Certificate.
This section sets forth the terms and conditions regarding your application ("Certificate Application") for a Certificate and, if Symantec and/or the RA accepts your Certificate Application, the terms and conditions regarding the your use of the Certificate to be issued by Symantec to you as "Subscriber" of that Certificate. A "Certificate" is a digitally signed message that contains a Subscriber's public key and associates it with information authenticated by Symantec or a Symantec-authorised entity. The Certificate provided under this Agreement is issued within the VTN by Symantec. The Certificate for which you have applied on behalf of your organisation is a Class 3 organisational Certificate within the VTN. Class 3 organisational Certificates are issued to Web servers and/or Devices to provide authentication, message, software, and content integrity and signing, and confidentiality encryption. Class 3 organisational Certificates provide assurances of the identity of the Subscriber based on a confirmation that the Subscriber organisation does in fact exist, that the organisation has authorised the Certificate Application, and that the person submitting the Certificate Application on behalf of the Subscriber was authorised to do so. The Certificate also provides assurances that the Subscriber is entitled to use the domain name listed in the Certificate Application, if a domain name is listed in such Certificate Application. For more detailed information about Symantec's certification services, please see the Symantec CPS.

3. Processing Your Certificate Application.
Upon the RA's completion of the necessary authentication procedures required for the Certificate you have purchased, Symantec will process your Certificate Application. The RA will notify you whether your Certificate Application is approved or rejected. If your Certificate Application is approved, Symantec will issue you a Certificate for your use in accordance with this Subscriber Agreement. Your use of the Personal Identification Number ("PIN") from Symantec to pick up the Certificate or otherwise installing or using the Certificate is considered your acceptance of the Certificate. After you pick up or otherwise install your Certificate, you must review the information in it before using it and promptly notify Symantec of any errors. Upon receipt of such notice, Symantec may revoke your Certificate and issue a corrected Certificate.

4. Use Restrictions.
You are prohibited from using your Certificate (i) for or on behalf of any other organisation; (ii) to perform private or public key operations in connection with any domain name and/or organisation name other than the submitted by you on your Certificate Application; (iii) on more than one physical server or device at a time; or (iv) for use as control equipment in hazardous circumstances or for uses requiring fail-safe performance such as the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control systems, or weapons control systems, where failure could lead directly to death, personal injury, or severe environmental damage. SYMANTEC CONSIDERS THE UNLICENSED USE OF A CERTIFICATE ON A DEVICE THAT RESIDES ABOVE A SERVER OR SERVER FARM SOFTWARE PIRACY AND WILL PURUSE VIOLATORS TO THE FULLEST EXTENT OF THE LAW. If you choose to display Symantec's Secure Site Seal (the "Seal"), you must install and display such Seal only in accordance with the Secure Site Seal Licensing Agreement (https://www.veriSign.com.au/repository/seal/).

5. Revocation.
If you discover or have reason to believe there has been a Compromise of your private key or the activation data protecting such private key, or the information within the Certificate is incorrect or has changed, or if your organisational name and/or domain name registration has changed, you must immediately notify Symantec and request revocation of the Certificate and you must notify any person that may reasonably be expected by you to rely on or to provide services in support of the Certificate or a digital signature verifiable with reference to the Certificate. Symantec retains the right to revoke your Certificate if you have installed a Seal and fail to perform any of your obligations under the Secure Site Seal Licensing Agreement or otherwise fail to perform any other material obligations under the terms of this Subscriber Agreement or if, in Symantec's sole discretion, Symantec determines that you have or may have compromised the security or integrity of the VTN.

6. Obligations Upon Revocation or Expiration.
Upon expiration or notice of revocation of your Certificate, you shall permanently remove your Certificate from the server on which it is installed and shall not use it for any purpose thereafter and, if you have installed a Seal, you shall remove such Seal.

7. Representations and Warranties.

7.1 Symantec Representations and Warranties.
Symantec represents and warrants to you that (i) there are no errors introduced by Symantec in your Certificate information as a result of Symantec's failure to use reasonable care in creating the Certificate; (ii) your Certificate complies in all material respects with the Symantec CPS; and (iii) Symantec's revocation services and use of a repository conform to the Symantec CPS in all material aspects.

7.2 Your Representations and Warranties.
You represent and warrant to Symantec and anyone who relies on your Certificate that (i) all the information you provide and all the representations you make to Symantec in your Certificate Application are accurate; (ii) no Certificate information you provided (including your e-mail address) infringes the intellectual property rights of any third parties; (iii) the Certificate Application information you provided (including your email address) has not been and will not be used for any unlawful purpose; (iv) you have been (since the time of its creation) and will remain the only person possessing your private key and no unauthorised person has had or will have access to your private key; (v) you have been (since the time of its creation) and will remain the only person possessing any challenge phrase, PIN, software, or hardware mechanism protecting your private key and no unauthorised person has had or will have access to the same; (vi) you will use your Certificate exclusively for authorised and legal purposes consistent with this Subscriber Agreement; (vii) you will use your Certificate as an end-user Subscriber and not as a Certification Authority issuing Certificates, certification revocation lists, or otherwise; (viii) each digital signature created using your private key is your digital signature, and the Certificate has been accepted and is operational (not expired or revoked) at the time the digital signature is created; (ix) you manifest assent to this Subscriber Agreement as a condition of obtaining a Certificate; and (x) you will not monitor, interfere with, or reverse engineer the technical implementation of the VTN, except with the prior written approval from Symantec, and shall not otherwise intentionally compromise the security of the VTN. You further represent and warrant that you have sufficient information to make an informed decision as to the extent to which you choose to rely on the information in a digital certificate issued within the VTN, that you are solely responsible for deciding whether or not to rely on such information, and that you shall bear the legal consequences of your failure to perform any obligations you might have as a Relying Party under the applicable Relying Party Agreement.

8. Ownership.
Except as otherwise set forth herein, all right, title and interest in and to all, (i) registered and unregistered trademarks, service marks and logos; (ii) patents, patent applications, and patentable ideas, inventions, and/or improvements; (iii) trade secrets, proprietary information, and know-how; (iv) all divisions, continuations, reissues, renewals, and extensions thereof now existing or hereafter filed, issued, or acquired; (v) registered and unregistered copyrights including, without limitation, any forms, images, audiovisual displays, text, software; and (vi) all other intellectual property, proprietary rights or other rights related to intangible property which are used, developed, comprising, embodied in, or practiced in connection with any of the Symantec services identified herein ("Symantec Intellectual Property Rights") are owned by Symantec or its licensors, and you agree to make no claim of interest in or ownership of any such Symantec Intellectual Property Rights. You acknowledge that no title to the Symantec Intellectual Property Rights is transferred to you, and that you do not obtain any rights, express or implied, in the Symantec or its licensors' service, other than the rights expressly granted in this Subscriber Agreement. To the extent that you create any Derivative Work (any work that is based upon one or more preexisting versions of a work provided to you, such as an enhancement or modification, revision, translation, abridgement, condensation, expansion, collection, compilation or any other form in which such preexisting works may be recast, transformed or adapted) such Derivative Work shall be owned by Symantec and all right, title and interest in and to each such Derivative Work shall automatically vest in Symantec. Symantec shall have no obligation to grant you any right in any such Derivative Work. You may not reverse engineer, disassemble or decompile the Symantec Intellectual Property or make any attempt to obtain source code to the Symantec Intellectual Property. You have the right to use the Certificate under the terms and conditions of this Subscriber Agreement.

9. Modifications to Subscriber Agreement.
Except as otherwise provided in this Subscriber Agreement, you agree, during the term of this Subscriber Agreement, that Symantec may: (i) revise the terms and conditions of this Subscriber Agreement; and/or (ii) change part of the services provided under this Subscriber Agreement at any time. Any such revision or change will be binding and effective thirty (30) days after posting of the revised Subscriber Agreement or change to the service(s) on Symantec's Web sites, or upon notification to you by e-mail. You agree to periodically review Symantec's Web sites, including the current version of this Subscriber Agreement available on Symantec's Web sites, to be aware of any such revisions. If you do not agree with any revision to the Subscriber Agreement, you may terminate this Subscriber Agreement at any time by providing Symantec with notice. Notice of your termination will be effective on receipt and processing by Symantec. Any fees paid by you if you terminate this Subscriber Agreement are nonrefundable. By continuing to use Symantec services after any revision to this Subscriber Agreement or change in service(s), you agree to abide by and be bound by any such revisions or changes. Symantec is not bound by nor should you rely on any representation by (i) any agent, representative or employee of any third party that you may use to apply for Symantec's services; or in (ii) information posted on our Web site of a general informational nature. No employee, contractor, agent or representative of Symantec is authorised to alter or amend the terms and conditions of this Subscriber Agreement.

10. Privacy.
You agree that Symantec may place in your Certificate certain information that you provide for inclusion in your Certificate. You also agree that Symantec may publish your Certificate and information about its status in Symantec's repository of Certificate information and make this information available to other repositories. You further acknowledge and agree that Symantec may transmit the information you supply to Symantec, Inc., a U.S. company within the VTN for processing of your Certificate.

11. Disclaimers of Warranties.
YOU AGREE THAT YOUR USE OF VERISIGN'S SERVICE(S) IS SOLELY AT YOUR OWN RISK. YOU AGREE THAT ALL SUCH SERVICES ARE PROVIDED ON AN "AS IS" AND AS AVAILABLE BASIS, EXCEPT AS OTHERWISE NOTED IN THIS SUBSCRIBER AGREEMENT. SYMANTEC EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. OTHER THAN THE WARRANTIES AS SET FORTH IN SECTION 7, SYMANTEC DOES NOT MAKE ANY WARRANTY THAT THE SERVICE WILL MEET YOUR REQUIRMENTS, OR THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR FREE; NOR DOES SYMANTEC MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICE OR TO THE ACCURACY OR RELIABILITY OF ANY INFORMATION OBTAINED THROUGH VERISIGN'S SERVICE. YOU UNDERSTAND AND AGREE THAT ANY MATERIAL AND/OR DATA DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF VERISIGN'S SERVICES IS DONE AT YOUR OWN DISCRETION AND RISK. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU from Symantec OR THROUGH VERISIGN'S SERVICES SHALL CREATE ANY WARRANTY NOT EXPRESSLEY MADE HEREIN. TO THE EXTENT JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. SYMANTEC IS NOT RESPONSIBLE FOR AND SHALL HAVE NO LIABILITY WITH RESPECT TO ANY PRODUCTS AND/OR SERVICES PURCHASED BY YOU FROM A THIRD PARTY.

12. Indemnity.
You agree to release, indemnify, defend and hold harmless Symantec and any of its contractors, agents, employees, officers, directors, shareholders, affiliates and assigns from all liabilities, claims, damages, costs and expenses, including reasonable attorney's fees and expenses, of third parties relating to or arising out of (i) this Subscriber Agreement or the breach of your warranties, representations and obligations under this Subscriber Agreement, (ii) falsehoods or misrepresentations of fact by you on the Certificate Application, (iii) any infringement of an intellectual property or other proprietary right of any person or entity, (iv) failure to disclose a material fact on the Certificate Application if the misrepresentation or omission was made negligently or with intent to deceive any party, or (v) failure to protect the private key, or use a trustworthy system, or to take the precautions necessary to prevent the compromise, loss, disclosure, modification or unauthorised use of the private key under the terms of this Subscriber Agreement. When Symantec is threatened with suit or sued by a third party, Symantec may seek written assurances from you concerning your promise to indemnify Symantec, your failure to provide those assurances may be considered by Symantec to be a material breach of this Subscriber Agreement. Symantec shall have the right to participate in any defence by you of a third-party claim related to your use of any Symantec services, with counsel of Symantec's choice at your own expense. You shall have sole responsibility to defend Symantec against any claim, but you must receive the prior written consent of Symantec regarding any related settlement. The terms of this Section 12 will survive any termination or cancellation of this Subscriber Agreement. As a Relying Party, you further agree to release, indemnify, defend and hold harmless Symantec and any of its contractors, agents, employees, officers, directors, shareholders, affiliates and assigns from all liabilities, claims, damages, costs and expenses, including reasonable attorney's fees and expenses, of third parties relating to or arising out of (i) your failure to perform the obligations of a Relying Party as set forth in the applicable Relying Party Agreement; (ii) your reliance on a certificate that is not reasonable under the circumstances; or (iii) your failure to check the status of such certificate to determine whether the certificate is expired or revoked.

13. Limitations of Liability.
THIS SECTION APPLIES TO LIABILITY UNDER CONTRACT (INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE AND/OR STRICT LIABILITY), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM. IF YOU INITIATE ANY CLAIM, ACTION, SUIT, ARBITRATION, OR OTHER PROCEEDING SEPARATE FROM A REQUEST FOR PAYMENT UNDER THE NETSURE PROTECTION PLAN RELATING TO SERVICES PROVIDED UNDER THIS SUBSCRIBER AGREEMENT, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN'S TOTAL LIABILITY FOR DAMAGES SUSTAINED BY YOU AND ANY THIRD PARTY FOR ANY USE OR RELIANCE ON A CERTIFICATE SHALL BE LIMITED, IN THE AGGREGATE, TO $100,000.00 AUD. THE LIABILITY LIMITATIONS PROVIDED IN THIS SECTION SHALL BE THE SAME REGARDLESS OF THE NUMBER OF DIGITAL SIGNATURES, TRANSACTIONS, OR CLAIMS RELATED TO SUCH CERTIFICATE. SYMANTEC SHALL NOT BE OBLIGATED TO PAY MORE THAN THE TOTAL LIABILITY LIMITATION FOR EACH CERTIFICATE.

14. Force Majeure.
Except for payment and indemnity obligations hereunder, neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder due to earthquake, flood, fire, storm, natural disaster, act of God, war, armed conflict, terrorist action, labor strike, lockout, boycott, provided that the party relying upon this Section 14 shall (i) have given the other party written notice thereof promptly and, in any event, within five (5) days of discovery thereof and (ii) take all reasonable steps reasonably necessary under the circumstances to mitigate the effects of the force majeure event upon which such notice is based; provided further, that in the event a force majeure event described in this Section 14 extends for a period in excess of thirty (30) days in aggregate, the other party may immediately terminate this Subscriber Agreement.

15. Export.
You acknowledge and agree that you shall not import, export, or re-export directly or indirectly, any commodity, including your Certificate, to any country in violation of the laws and regulations of any applicable jurisdiction. This restriction expressly includes, but is not limited to, the export regulations of the United States of America (the "United States") or Australia. Specifically, you shall not download or otherwise export or re-export any Certificate into or to (i) a national or resident of) Cuba, Iran, Iraq, Libya, Sudan, North Korea, or Syria, or any other country where such use is prohibited under United States or Australian export regulations, or (ii) to anyone on the United States Treasury Department's list of Specially Designated Nationals or the United States Commerce Department's Table of Denial Orders. You agree to the foregoing and represent and warrant that you are not located in, under the control of, or a national or resident of any such country or on any such list. WITH RESPECT TO Symantec SSL PREMIUM IDS, SYMANTEC IS REQUIRED BY LAW TO REPORT TO THE UNITED STATES GOVERNMENT YOUR COMPANY NAME AND ADDRESS IF YOU ARE A NON-UNITED STATES OR CANADA ENTITY OR INDIVIDUAL PURCHASING THE CERTIFICATE. IN THE EVENT YOU EXPORT A CERTIFICATE TO A NON-UNITED STATES OR CANADA ENTITY OR INDIVIDUAL, YOU AGREE TO PROVIDE SYMANTEC WITH THE INFORMATION SYMANTEC NEEDS IN ORDER TO REPORT SUCH EXPORTS TO THE UNITED STATES GOVERNMENT.

16. Severability.
You agree that the terms of this Subscriber Agreement are severable. If any term or provision is declared invalid or unenforceable, in whole or in part, that term or provision will not affect the remainder of this Subscriber Agreement; this Subscriber Agreement will be deemed amended to the extent necessary to make this Subscriber Agreement enforceable, valid and, to the maximum extent possible consistent with applicable law, consistent with the original intentions of the parties; and the remaining terms and provisions will remain in full force and effect.

17. Governing Law.
The parties agree that any disputes related to the services provided under this Subscriber Agreement shall be governed in all respects by and construed in accordance with the laws of New South Wales, Australia, excluding its conflict of laws rules. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Subscriber Agreement.

18. Dispute Resolution.
To the extent permitted by law, before you may invoke any dispute resolution mechanism with respect to a dispute involving any aspect of this Subscriber Agreement, you shall notify Symantec, and any other party to the dispute for the purpose of seeking dispute resolution. If the dispute is not resolved within sixty (60) days after the initial notice, then a party may commence legal proceedings.

19. Non-Assignment.
Except as otherwise set forth herein, your rights under this Agreement are not assignable or transferable. Any attempt by your creditors to obtain an interest in your rights under this Agreement, whether by attachment, levy, garnishment or otherwise, renders this Agreement voidable at Symantec's option.

20. Notices.
You will make all notices, demands or requests to Symantec with respect to this Subscriber Agreement in writing to: Attn: Legal Department, Symantec Australia Pty Ltd, Level 5, 6-10 O'Connell St, Sydney, NSW 2000, Australia.

21. Entire Agreement.
This Subscriber Agreement constitutes the entire understanding and agreement between Symantec and you with respect to the transactions contemplated, and supersedes any and all prior or contemporaneous oral or written representation, understanding, agreement or communication between Symantec and you concerning the subject matter hereof. Neither party is relying upon any warranties, representations, assurances or inducements not expressly set forth herein. Section headings are inserted for convenience of reference only and are not intended to be part of or to affect the meaning this Subscriber Agreement.