1. A document is considered to be validly signed if an e-signature is created on the document during the validity period of the qualified certificate. Certificates issued by Evrotrust Technologies AD are valid for 2 years.
2. In general, the date of signing cannot be verified based on the qualified e-signature in itself because the local time setting of the system used to create the signature can be manipulated. It is recommended to use a qualified timestamp to prove the date of signing the document. The timestamp binds the signature to a specific time by using a special timestamp token issued by Evrotrust as a Qualified Trust Service Provider (QTSP). The token can be attached to the signed document in compliance with different standards. Evrotrust uses the most advanced method, i.e. LT (Long Term) electronic signature format, which is considered by Adobe PDF validation to be LTV (long term validation) format. Later on, the format will be extended to LTA (long-term archive) format to ensure provability in the future. This format ensures that the document, the signature, the attached timestamp, the online certificate status protocol (OCSP), and the certificate revocation list (CRL) are all time-stamped as a package, so that external systems can automatically verify the entire package, i.e. ultimately the validity of the qualified e-signature and timestamp.
3. However, in order to enable the long-term storage of electronically signed documents and the automatic verification of the signature and the time stamp, it is recommended to use a special qualified service: the Qualified Preservation Service. This is necessary because timestamp tokens are signed by trust service providers with a certificate issued for the specific purpose of signing timestamps, that is valid for 5 years in the case of Evrotrust and most of the QTSPs. Once the certificate which has been used for signing the timestamp tokens expires, the validity of the tokens cannot be verified, so it cannot be automatically verified whether the relevant documents are validly signed. The Qualified Preservation Service enables time-stamp tokens to be “extended” to maintain their validity continuously by ensuring that the signed document package is re-stamped before the time stamp placed on it expires (or for security reasons). The Qualified Preservation Service enables the long-term (> 10 years) automated verification of the validity of the signature.
4. From a legal point of view, the expiration of time-stamp tokens does not affect the temporal validity of the e-signature, although it makes it impossible to verify the validity of the signature in the long run. However, it should be noted that this does not prevent the affected party or the stakeholder from verifying the validity of the signature manually. The validity of a qualified e-signature can be verified manually by the stakeholder checking the EU Trusted Lists of Trust Service Providers and, if necessary, the public register of certificates issued by the QTSP and the CRLs published. In other words, the validity of a signature is not “lost” in time.
The Evrotrust Technologies AD retains all documents signed in the Evrotrust application by a qualified e-signature certificate issued by Evrotrust for ten years. (general term 11.3.)
Rules for deleting documents on the Platform:
Private documents created with Sign&Send can be deleted any time.
A private document created with Drop&Sign can be deleted any time
The draft contract may be deleted by the creator until it is forwarded to the other party. If the contract was sent to the other party for the first time, i.e. in course of the negotiation of the draft contract, the other party must agree to the deletion. Signed contracts and related documents cannot be deleted.
The Platform will retain the signed contracts created in Simple Contract as well as the related documentation in its databases for 5 years following the deletion of both affected Business accounts (of the parties), since it can be proved by the relevant clause of the signed documents which data the Platform used for performing the company data verification and the signatory right validation.