Terms and Conditions of Use for Firma Seguro Services

Acceptance and Full Understanding of Electronic Signature Method and Its Content

FIRMA SEGURO

PREVIOUS AND AGREED COMMUNICATION AGREEMENT

General Information

For the legal certification of documentary instruments, THE PARTIES agree that the documentary media containing the agreements of will between them will be signed using technological methods of electronic signature as established by Law 527 of 1999, Decree 2364 of 2012 (Colombia), and international standards such as Regulation (EU) No. 910/2014 of the European Parliament and the Council of July 23, 2014 (eIDAS); the UETA Act and E-Sign Act in the USA and other directives as of 2021; through mechanisms that meet the needs stipulated therein, and THE PARTIES acknowledge that these methods fully guarantee their interests and adhere to security.

Mutual Acceptance

THE PARTIES agree that documentary instruments will be signed using an electronic signature mechanism from the FIRMA SEGURO ELECTRONIC SIGNATURE PLATFORM. It is crucial for THE PARTIES signing this document to be aware, understand, and accept the general operational technical specifications of FIRMA SEGURO, as follows:

First: FIRMA SEGURO is an electronic signature portal that allows the creation, modification, and tracking of document signing processes through a web solution that authenticates a signatory through a specific type of authentication and signs a PDF document by adding signatories’ data to the document and the signing date. This ensures that a document is securely, integrity, and easily signed by all its signatories.

Second: Authentication Process:

ID Verification: Verification that the ID number corresponds to the submitted request.

I am not a robot: Requires passing a validation captcha.

Acceptance of terms and conditions: Signatories are inevitably invited to accept the portal’s terms and conditions.

Review document:

OTP (One-Time Password) sent: Integrates with a Call or SMS service to send a unique OTP number, record it, and download it.

OTP received:

Document signing (Approval and authentication)

Third: Authentication Methods:

OTP Call: Authentication through a unique code delivered by a mobile call.

OTP SMS: Authentication through a unique code sent via a text message to the mobile.

OTP EMAIL: Authentication through a unique code sent via an email message.

Security Queries: A security certification component that generates a unique identification ID for an individual through questions about their credit history, financial information, commercial background, and demographics, allowing them to be identified as a signatory and acceptor of an Electronic instrument.

Facial Recognition: For the purposes of this agreement, facial recognition is defined as an authentication method that compares the individual’s face to the photo on their identity card (ID) or passport, providing proof of being alive.

Fourth: Types of Signatures:

Electronic Signature: This involves an authentication method and leaves a hash in the document.

Certified Electronic Signature: This involves an authentication method, leaves a hash in the document, and adds a signature certificate validated by the National Accreditation Entity (ONAC).

Fifth: Purpose of this Agreement:

The purpose of this agreement is to establish that, with the OTP (One-Time Password) provided via email and/or SMS, security queries, and/or facial recognition, the user will have the ability to sign and accept Electronic Documents through electronic signatures, as established in Decree 2364 of 2012 and other national, regional, and international regulations. Therefore, THE USER clearly, expressly, and unmistakably declares that they are legally, physically, and mentally capable.

Sixth: Functional Alignment of electronically signed documents with the verification methods explained. Any electronically signed document, unless required by legal obligation, can be signed by the end user using the aforementioned methods, expressly confirming that it has the same legal effects as a traditional handwritten signature.

Seventh: The signing process can be postponed for up to a maximum of 90 calendar days. If the signing process cycle has not been completed by the signatories within the defined period, it will be canceled without the possibility of reactivation. Both parties agree to this.

Eighth: Protection of electronically signed documents: Documents signed with an Electronic Signature will be protected on the FIRMA SEGURO platform, following international standards and guidelines for personal data processing and confidentiality, thus ensuring their security.

Ninth: Documents that are completely finalized and signed by the parties on the platform will be stored and available for viewing for up to 6 calendar months within the platform. Afterward, the client will be responsible for their safekeeping.

Likewise, at the end of each process, the final document is sent to the signatories’ email addresses.

The foregoing complies with Law 1581 of 2012

Guaranteeing the custody of all personal data and confidential information in the documents handled by both the company and its clients. It also outlines the responsibilities of individuals who have access to this data, regardless of whether it is in physical or digital format, as long as it constitutes a compilation of personal information about third parties, such as records of customers, suppliers, or depending on the case or economic activity that generates this compilation of information. The only exception is that the only databases that are not considered within the scope of regulatory application.

Tenth: Duties and Commitments of the User regarding the authentication methods. THE USER agrees to:

Immediately report any security-related events involving the OTP (One-Time Password), security queries, or facial recognition.

Carefully analyze and, if necessary, seek professional advice on the Electronic Document presented for subscription and signature.

Refrain from storing the OTP on any physical medium and never send it or deliver it to third parties.

Regularly update the protection and information on their personal mobile phone and email.

Eleventh: Evidentiary Mechanisms: THE INTERVENING PARTIES agree that text messages, logs, emails, and, in general, but not limited to, any computer, electronic, or telematic record and/or file will constitute full proof and sufficient evidence of the statement of the END USER and INITIATING USER. THE INTERVENING PARTIES may reproduce, display, and/or exhibit them only to the extent necessary to clarify, explain, demonstrate, prove, and/or verify before any supervisory or controlling authority, or before any judicial, arbitral, or non-judicial tribunal, the certainty of the electronic signature.

Twelfth: Impossibility of Repudiation. THE INTERVENING PARTIES understand and agree that the authorized authentication methods provided and made available on the FIRMA SEGURO platform for signatures are reliable and secure. This means that the signature is reliable and unalterable, and as a consequence, THE USER cannot repudiate or reject it.

Thirteenth: Personal Data Processing. THE USER states that, prior to or concurrently with this agreement, they have read, understood, and accepted FIRMA SEGURO’s PRIVACY, CONFIDENTIALITY, AND PERSONAL DATA PROCESSING POLICY.

Fourteenth: Legislation and Jurisdiction for Interpretation and/or Execution. THE INTERVENING PARTIES agree that this agreement is governed by Colombian laws, their regulatory decrees, and other rules and jurisprudence that complement them. Therefore, any conflict related to this agreement will be processed and resolved by Colombian authorities, at the domicile of the INITIATING USER, without prejudice to the use of dispute resolution mechanisms.

International: However, since both the technical standards of FIRMA SEGURO and the guidelines of this agreement, as well as the PRIVACY, CONFIDENTIALITY, AND PERSONAL DATA PROCESSING POLICY, are fully compliant with the INTERNATIONAL STANDARDS updated to June 2021, they can be applied internationally as needed.

Fifteenth: The agreements stipulated and unmistakably accepted here will take effect for all documents signed, signed, or ordered, as the case may be, and will have legal effects against third parties, as provided for in Article 824 of the Commercial Code and Decree 2364 of 2012.

Sixteenth: Responsibility:

Since, legally, the unmistakable voluntary act of electronically signing this document REPLACES PERSONAL AND PHYSICAL PRESENTATION, it is imperative that each INTERVENING PARTY does so without delegating it to a third party. In other words, since, at the moment of signature, a security verification call is made to the mobile phone, it is essential that the owner of the intervening party be directly the person who provides the necessary data to the system.

It is the exclusive responsibility of the person who provides the signature, as it is their responsibility to keep control and custody of the data for signature generation in accordance with the legal, jurisprudential, and doctrinal regime, both at the Colombian and international levels.

Law 527 of 1999; Decree 2364 of 2012 (Colombia) and international standards such as Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 (eIDAS); the UETA Act and E-Sign Act in the US, and other directives up to 2021.

Seventeenth: This document contains the most specific aspects and is drafted in line with international standards and guidelines, making it globally applicable. On a national level, unrestricted application is given to the following sections of Decree 2364 of November 22, 2012, which stipulates:

Article 1. Definitions. For the purposes of this decree, the following definitions apply:

Agreement on the use of the electronic signature mechanism: An agreement of wills in which the legal and technical conditions to which the parties will adhere for communication, transactions, the creation of electronic documents, or any other activity through electronic data interchange are established.

Data for the creation of the electronic signature: Unique and personal data used by the signatory to sign.

Electronic signature: Methods such as codes, passwords, biometric data, or private cryptographic keys that allow identifying a person in relation to an electronic message, provided that it is reliable and suitable for the purposes for which the signature is used, taking into account all the circumstances of the case, as well as any relevant agreement.

Signatory: A person who has the data for creating the signature and who acts on their behalf or on behalf of the person they represent.

Article 2. Technological Neutrality and Equal Treatment of Electronic Signature Technologies. None of the provisions of this decree will be applied in a way that excludes, restricts, or deprives any method, procedure, device, or technology for creating an electronic signature that meets the requirements outlined in Article 7 of Law 527 of 1999 of legal effect.

Article 3. Compliance with the requirement of a signature. When the signature of a person is required, this requirement will be considered met in relation to an electronic message if an electronic signature is used that, in light of all the circumstances of the case, including any applicable agreement, is as reliable as appropriate for the purposes for which that message was generated or communicated.

Article 4. Reliability of the electronic signature. The electronic signature will be considered reliable for the purpose for which the electronic message was generated or communicated if:

The data for creating the signature, in the context in which they are used, correspond exclusively to the signatory.

Any unauthorized alteration of the electronic message made after the time of the signature can be detected.

Paragraph. The above shall be understood without prejudice to the possibility that any person:

Demonstrates in another way that the electronic signature is reliable; or Presents evidence that an electronic signature is not reliable. Article 5. Legal Effects of the Electronic Signature. The electronic signature will have the same validity and legal effects as the physical signature if it meets the requirements set forth in Article 3 of this decree.

Article 6. Duties of the signatory. The signatory must:

Maintain control and custody over the data for creating the signature.

Act diligently to prevent the unauthorized use of their data for creating the signature.

Promptly notify any person who has, has received, or will receive electronically signed documents or messages by the signatory if:

a) The signatory knows that the data for creating the signature have been compromised; or

b) The circumstances of which the signatory is aware give rise to a significant risk that the data for creating the signature have been compromised.

Paragraph. It is understood that the data for creating the signatory’s signature have been compromised when, among other things, they have been illegally disclosed by third parties, are at risk of being used improperly, or the signatory has lost control or custody of them, and, in general, any other situation that raises doubts about the security of the electronic signature or raises objections about its quality.

Article 7. Electronically signed agreement. Unless proven otherwise, it is presumed that the methods or techniques of personal identification or electronic authentication, as appropriate, agreed to by the parties through an agreement, meet the requirements of the electronic signature.

Paragraph. The party that provides the methods for electronic signature through an agreement must ensure that its mechanisms are technically secure and reliable for their intended purpose. It will be responsible for proving these requirements, if necessary.

Eighteenth: The acceptance of this agreement allows THE INTERVENING PARTIES to enjoy the excellence, security guarantee, and general benefits of FIRMA SEGURO under the highest national and international standards.

[Updated to June 7, 2022]