Additional Application: Software installed on the Client’s server or User device in order to synchronize information with the Client’s other solutions and systems, which functions with the corresponding Platform.
Applying Integrations: Connecting the Platform with other systems by pre-built existing Integrations with no technical customization or custom engineering required.
Associate: A certain third party referring potential clients to the Operator, authorized by the Operator to provide and providing alternatives to Operator’s Services related to the Platform, acting as an intermediary for sales or otherwise included in establishing the agreement between the Parties.
Billing Period: An agreed monthly, multi-monthly, annual or multi-year period for the subscription and payment for the use of the Platform agreed between the Parties.
Building Integrations: An Unstandardized Configuration Service of engineering and customizing Integrations that is not Applying Integrations.
Client Account: A profile connected to a specific Client for the use of the Platform used to identify the Client, provide the Users connected to the Client with access to the Services, and change and save the settings.
Client: A person operating in the economic and professional activity who has entered into the Contract with the Operator.
Commitment Period: A period when the Client’s right to terminate the Contract or lower the subscription of the Platform is limited if the Parties have agreed on a Commitment Period that is longer than the Billing Period.
Entity Corporate Body: A (legal) entity different from the Client, that uses the Entity under the control and authorization of the Client.
Entity: A profile that may be used by the Client to distinguish between and/or filter the information related to the Client’s different companies, departments, or entities within the Client Account (one or several).
Customer Portal User Account: A User Account with limited rights and/or access to the Platform under the control and authorization of the Client with the intended purpose of serving Client’s Users who are not Client’s employees or team members, but are representatives of Client’s customers who are given access to the Platform by the Client to access data specified by the Client.
Help Center: manuals, guides, and tours published on the Web Site and incorporated into the Platform explaining the functionality of the Platform.
Information System: An integrated cloud solution for the provision of the Software-as-a-Service solution, including applications, software, hardware, databases, interfaces, connected media, documentation, updates, version upgrades, and other related components or materials.
Integrations: The aggregation of systems to functionally link different software applications.
Legal Acts: any applicable statute, law, ordinance, regulation, rule, code, order, constitution, treaty, common law, judgment, decree, other requirements, or rule of law, including any privacy and data protection laws.
Malware: Any thing or device (including any software, code, file, or program) which may: prevent, impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network, or any other service or device; prevent, impair or otherwise adversely affect access to or the operation of any program or data, including the reliability of any program or data (whether by re-arranging, altering or erasing the program or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses, malware, and other similar things or devices.
Onboarding: The process of setting up, training, configuring, Applying Integrations, implementation, developing best practices, designing workflows, and other activities with the purpose of launching the Platform for the use of the Client.
Onboarding Service: The Service provided by the Operator at a separate individual agreement in writing of assisting and advising the Client with Onboarding provided by the Operator subject to the agreed scope and in the agreed number of maximum hours of the service for a fee separate from the fee for the subscription of the Platform.
Operator: Scoro Software OÜ (registry code 10806081, address Endla 15, 10122 Tallinn, Republic of Estonia).
Party or Parties: In singular, either the Operator or the Client, depending on the context, in plural both.
Self-Onboarding: Onboarding is conducted by the Client internally or with the assistance of a third party that is not the Operator.
Service Level Policy: The policy published by the Operator and available on request describing the availability and service level exclusions that may be amended by the Operator from time to time in its sole and absolute discretion.
Special User Account Limitations: Special limitations to specific User Account(s) expressly and specifically agreed between the Parties in writing and under the control and authorization of the Client with the intended purpose of these User Accounts to have limited rights and/or limited access to the Platform; access to the Platform on an infrequent basis; access to the Platform for a short period; only concerning a limited number of projects; or other agreed limitations for similar intended purposes. The term Special User Account Limitations does not include regular limitations and differentiation in the rights of the Users (e.g. issuing admin rights, limiting rights to access, limiting rights to modify, etc.) that the Client controls within the Platform that have not specifically agreed upon between the Parties.
Support Level Policy: The policy published by the Operator and available on request describing the availability and content of Support Service that may be amended by the Operator from time to time in its sole and absolute discretion.
Support Service: The Service of responding to inquiries by the Client about the functioning of the Platform and about Help Center materials.
Unstandardized Configuration Service: The Service provided by the Operator at a separate individual agreement in writing of providing unstandardized configuration and development services related to the Platform and Building Integrations (including fast-tracking any future product roadmap features, building custom code for integrating systems, etc.) for a fee separate from fees for the use of the Platform and any other Services.
User Account: A User profile connected to the Client Account for the use of the Platform, which is used to identify the User, provide personal access to the Services, and change and save the settings.
User: A natural person who uses the Platform and the Services in the name of and under the authorization of the Client.
Vulnerability: A weakness in the computational logic (for example, code) found in software and hardware components that when exploited, results in a negative impact to the confidentiality, integrity, or availability, and the term Vulnerabilities shall be construed accordingly.
Web Site: A collection of all domains (e.g. scoro.com, scoro.co.uk and other websites with the domain name “scoro” registered under various top-level domains) and the web documents available via their subdomains (including pictures, videos, PHP, HTML files, etc.) that belong to the Operator.
1.2.1 Clause and section headings shall not affect the interpretation of the Contract.
1.2.2 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.
1.2.4 Any words following the terms “including”, “include”, “in particular”, “for example”, “e.g.” or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.
1.2.6 A reference to in writing and signed means a signed agreement delivered via email or electronically signed (including basic electronic signature under Regulation (EU) No 910/2014 and digital signatures of platforms such as HelloSign, DocuSign, SignNow, and similar).
2.1 GENERAL PRINCIPLES
2.1.1 The Platform is an integrated software solution for the management of work organization, sales, and finances, and is aimed for use by persons operating in economic and professional activity.
2.1.2 It is the responsibility of the Client and the Users to ensure that the functions of the Platform and content of Services are in accordance with their needs and meet their technical, organizational, legal, privacy, and practical requirements and using the Platform and Services is in accordance to any Legal Acts applicable to the Client.
2.1.3 In order to utilize the full functionality of the Platform, the Client must create a Client Account, have adequate access to the internet, use a compatible web browser (as may be reasonably prescribed by the Operator from time to time), and, in certain instances, install the Additional Application onto its server and/or Users’ devices.
2.1.5 The Client or the User may not:
- use the Platform and Services to commit or incite an offense or damage the Operator or any third parties;
- use the Platform and Services in any other illegal way;
- use the Platform and Services for the purposes of monitoring their availability or functionality, or for any other competitive purposes, whether or not permitted by the Legal Acts;
- allow or suffer any User Account to be used by more than one individual;
- attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Platform in any form or media or by any means; this, however, does not limit the right of the Client to create user manuals for the internal use within the Client and to train the Users using such manuals;
- attempt to decompile, reverse compile, disassemble, reverse engineer or otherwise reduce to the human-perceivable form of all or any part of the Platform;
- use the Platform in contradiction with the intended use of the Platform, in contradiction with the instruction materials available at the Web Site, or in contradiction with instructions issued by the Operator (e.g. during providing the Support Service and/or Onboarding Service);
- turn on additional functionalities or Integrations of the Platform without having previously thoroughly acquainted themselves with all information provided about the functionalities or Integrations in the Help Center;
- set up any API solutions with the Platform without having previously thoroughly acquainted themselves with the full API documentation published by or made available at the request of the Operator;
- add any Contents to the Platform that contain Malware or other computer programs and files that damage or otherwise disrupt the regular functioning of the Platform, or which are stored in the computers of the Operator or User, or create Vulnerabilities, and disrupt or damage their normal functioning.
2.1.6 The Operator shall use commercially reasonable efforts to ensure that the Platform and Services are available for the Client, function securely, reflect the newest technological solutions, and are comfortable to use. The Client understands and agrees that the Operator has the right to change, limit, improve and enhance the technical structure, security, availability, and functionality of the Platform at any time.
2.1.7 The Client takes into consideration and agrees that the Operator may:
- impose restrictions on the use of some parts or functionalities of the Platform (for example, the necessary data capacity for the use of the Services, the speed of uploading the Contents, the volume of the Contents to be saved, etc.) and Services;
- refuse to offer or provide access to the Platform to any User.
2.1.8 The Client shall:
- ensure that all communication (instructions, input, feedback, etc.) by the Client to the Operator is truthful, correct, and complete;
- use all reasonable endeavors to prevent any unauthorized access to, or use of, the Services and the Platform and, in the event of any such unauthorized access or use, promptly notify the Operator;
- provide the Operator with all necessary cooperation in relation to the Contract; and all necessary access to such information as may be required by the Operator; in order to provide the Services, including data, security access information, instructions, configurations, etc.;
- solely assess the legality and meeting of any regulations concerning using the Platform and / or Services in accordance with the Legal Acts that apply to the Client before commencement of the Contract and throughout the validity of the Contract;
- without affecting its other obligations under this Contract, comply with all applicable Legal Acts respect to its activities under this Contract;
- carry out all other Client responsibilities set out in this Contract in a timely and efficient manner. In the event of any delays in the Client’s provision of such assistance as agreed by the Parties, the Operator may adjust any agreed timetable or delivery schedule as reasonably necessary or may use other remedies available under the Contract or the Legal Acts;
- thoroughly acquaint themselves and make sure that all their Users acquaint themselves with documentation about the Platform set out in the Help Center and its revisions upon updates;
- ensure that its network and systems (including the web browser used by the Client and Users) comply with the relevant specifications provided by the Operator from time to time; and
- be solely responsible for procuring, maintaining, and securing its network connections and telecommunications links from its systems to the Operator’s data centers, and all problems, conditions, delays, delivery failures, and all other loss or damage arising from or relating to the Client’s network connections or telecommunications links or caused by the internet.
2.1.9 The rights provided under the Contract are granted to the Client only, and shall not be considered granted to any subsidiary, holding company, Entity Corporate Body (unless agreed otherwise between the Entity Corporate Body and the Client in writing) or any other related company of the Client, any User or any third party.
2.1.10 The Operator shall not be responsible for any inconsistencies or processing issues concerning and arising from data provided and/or processed by the Client.
2.1.11 The Operator will assume, unless the Client instructs to the contrary in writing, that any of the Client’s directors, employees, or other team members who give the Operator instructions, are authorized to do so.
2.1.12 The Client undertakes to assign at least one User Account with administrative User Account rights (i.e. admin User) as defined in the Platform.
2.1.13 The Client represents and warrants that:
- all materials, instructions, and data presented and transferred by the Client to the Operator do not infringe any third party rights (including privacy and intellectual property rights).
2.1.14 The Contract may not be assigned by the Client without the prior written and signed approval of the Operator. The Operator may not withhold such approval unreasonably. Any purported assignment in violation of this clause shall be null and void and have no effect.
2.2 ACCESS TO THE PLATFORM
2.2.2 The Operator shall use commercially reasonable endeavors to make the access to the Platform available 24 hours a day, seven days a week, in accordance with the availability commitment stated in the Service Level Policy in effect at that specific time.
2.2.3 THE OPERATOR DOES NOT WARRANT THAT THE CLIENT’S USE OF THE SERVICES, THE PLATFORM, INTEGRATIONS, AND THE DOCUMENTATION THEREOF WILL BE UNINTERRUPTED OR ERROR-FREE, FREE FROM VULNERABILITIES OR MEET ANY HEIGHTENED REQUIREMENTS OR REQUIREMENTS SET OUT IN ANY LEGAL ACTS APPLICABLE TO THE CLIENT UNLESS EXPRESSLY AND SPECIFICALLY AGREED UPON AS SPECIAL CONDITIONS IN WRITING AND SIGNED. THE OPERATOR IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR ANY OTHER LOSS OR DAMAGE RESULTING FROM THE TRANSFER OF DATA OVER COMMUNICATIONS NETWORKS AND FACILITIES, INCLUDING THE INTERNET, AND THE CLIENT ACKNOWLEDGES THAT THE SERVICES AND THE PLATFORM MAY BE SUBJECT TO LIMITATIONS, DELAYS AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATION FACILITIES.
2.3 PROVISION OF THE SERVICES
2.3.2 Client shall provide the Operator promptly all and any relevant information, input, instructions and shall make the relevant decisions that may reasonably be required by the Operator for providing the Services. Should the Client not be able to provide such input and feedback promptly, the Operator may set reasonable binding final deadlines to the Client for providing such information.
2.3.3 The Client undertakes to assure high availability of its directors (if relevant), employees or other team members or third-party service providers relevant to providing of the Services during provision of Services. The Client undertakes to provide any instructions, decisions, and information reasonably required by the Operator by the deadlines reasonably set by the Operator.
2.3.4 If not stated explicitly otherwise in writing, all meetings for providing the Services are delivered through a virtual meeting solution. If travel is required for the provision of Services, the Client agrees to reimburse all reasonable travel expenses associated with providing the Services. Such travel expenses will include all transport (including air travel, public transport, ride-share, rail travel, car rental, etc.), hotel expenses, living expenses, and any other expenses that may reasonably occur by providing the Services not via a virtual meeting solution.
2.3.5 If meetings are scheduled for the provision of Services, the Client undertakes to attend scheduled meetings at the agreed times. Upon unavailability to take part in the scheduled meetings, the Client undertakes to notify the Operator at least one hour in advance about the unavailability.
2.3.6 If meetings are scheduled for the provision of Services and the Client does not appear to a scheduled meeting in time, the Operator shall have the right to cancel the meeting after 15 minutes from the scheduled start time and claim payment for the full scheduled time of that meeting.
2.3.7 The Operator shall not be responsible for the results or feasibility of any data migration, import or export. By assisting or advising the Client with any data migration, import or export, the Operator shall not be considered to have attributed responsibility for the data migration, import, or export.
2.3.8 The Operator shall have the right to unilaterally cancel the provision of agreed Service without an effect to the subscription to the use of the Platform and with the right to claim the full agreed fee for the Service if:
- the Client commits a breach of the Contract and has not remedied the breach within the period of 7 days from receiving the notice about the breach from the Operator;
- the Client commits a material breach of the Contract;
- providing the Services to the Client may lead to or may potentially create any Vulnerabilities;
- the Client provides the Operator instructions, feedback, input that are incorrect, misleading, incomplete, or repeatedly past deadlines agreed between the Parties;
- the Client is non-responsive, including by not responding to the Operator’s emails concerning providing the Services for 14 days or longer;
- the Client requires during the provision of Services substance or presents expectations regarding which the Operator has notified the Client that the required substance or expectations are unreasonable or unachievable;
- the Client changes decisions, instructions, information relevant to providing the Service during providing the Services and this results in providing the Services to become unreasonably difficult, costly, or impossible;
- providing the Services would construe a breach of Legal Acts or infringe third-party rights;
- it becomes evident that bearing in mind all the circumstances and the interests of both Parties, the Operator cannot reasonably be expected to continue providing the Service.
2.3.9 Should the Client’s actions or omissions lead to delays in the provision of the Services, the terms set for the Operator’s obligations or activities shall be postponed not in proportion to the Client’s delays, but reasonably according to the availability in the Operator’s schedule.
2.3.10 Providing the Services, other than the standard Support Service, is not included in the fees for the use of the Platform unless it is agreed otherwise in writing or reflected in the description of the package of the Platform subscribed to by the Client. If the Parties have not explicitly agreed in writing about the provision of Services (other than the standard Support Service) nor there have not been any prepayments made for such Services, then any actions or inactions by the Operator may not be interpreted as part of the provision of Services.
2.4 SUPPORT SERVICE
2.4.1 The Client shall, during the term of Contract, have access to the Help Center included in the fee of subscription of the Platform. The Help Center is provided by the Operator “as is”. The Operator updates the Platform on a regular basis, and different packages of the Platform have different visual and technical characteristics. While the materials published on the Help Center are also regularly updated, there might be variations in the materials. Due to the variations between versions and packages, the Client acknowledges that some of the help materials published on the Web Site may include content referring to older versions of the design and different functionality.
2.4.2 The Operator shall provide reasonable technical support as Support Service to the Client and Users at a reasonable request from the Client.
2.4.3 The Operator shall carry out the Support Services with reasonable diligence and dispatch, and with reasonable skill and expertise. The Operator shall respond to inquiries of support from the Client as soon as reasonably possible, subject to Support Level Policy and Support Service package. Support Service packages are subject to availability, and the content of the packages is described in the Support Level Policy. The Operator may prescribe different Service fees to different Support Service packages.
2.4.4 If the Client purchased access to the Platform from an Associate, then first-line technical support may be provided by the Associate and not by the Operator.
2.4.6 When providing responses to the Client’s inquiries as a part of the Support Services, it is presumed that the Client has beforehand thoroughly acquainted themselves with the relevant articles on Help Center.
2.5 ONBOARDING SERVICES AND SELF-ONBOARDING
2.5.1 Providing Onboarding Services by the Operator is agreed upon expressly and specifically in writing and is subject to availability.
2.5.2 The Client acknowledges that Self-Onboarding is suitable for a Client and Users who have advanced technical understanding of Software-as-a-Service products, who have small teams and have a previous strong understanding of data processing methods and practices and project and work management software or in the case where the Client purchases assistance for Onboarding from a third party with a high level of skills and experience on assisting with Onboarding for specifically the Platform provided by the Operator.
2.5.3 Should the Client use Self-Onboarding and/or use implementation advice or services provided by a third party, the Operator shall not, in any case, bear any responsibility concerning such advice or services.
220.127.116.11 Upon choosing Self-Onboarding, the Client shall conduct the Onboarding independently of the Operator. When choosing Self-Onboarding, the Client must follow instructions for setting up and configuring the Platform published on the Help Center, if such instructions have been published. When going through Self-Onboarding, the Client shall ensure that upon reaching out to the Support Service, it has thoroughly beforehand worked through the relevant materials in the Help Center.
2.5.5 ONBOARDING SERVICES PROVIDED BY THE OPERATOR
18.104.22.168 The Operator undertakes to provide the Client with Onboarding Services if agreed upon accordingly between the Parties in writing in the agreed maximum number of hours of Onboarding Services. The Operator shall carry out the Onboarding Services with reasonable diligence and dispatch, and with reasonable skill and expertise. Should the Client find it necessary to purchase further hours of Onboarding Services, the additional purchase is agreed in writing. Any scope of work for the Onboarding Service provided in offers, Operator’s materials, and discussions shall serve an illustrative purpose only. When providing the Onboarding Services, the Operator does not undertake to achieve any specific goals or purposes but undertakes to ensure a high level of care and attentiveness to the Client during providing the Onboarding Services. For the sake of clarity, the Onboarding Services maximum number of hours include sessions with the Client as well as analysis and preparation hours spent by the Operator reasonably necessary for the delivery of the Onboard Services to the Client.
2.6.1 All available Integrations and documentation concerning the Integrations are provided by the Operator “as is” and setting up any Integrations or using Integrations by the Client is solely at the risk of the Client. The Operator is under no circumstances responsible for any issues concerning Integrations arising from or related to third parties’ systems (including changes in systems, issues with security, unavailability, etc.).
2.6.2 Integrations can be activated from the self-service of the Platform. Should the Client or a User activate any Integrations, the Client or the User shall have the obligation to thoroughly work through the documentation concerning any such Integration in the Help Center beforehand.
2.6.4 The Operator has the right to limit specific Integrations and limit providing Integrations without substantiation and notice should the Operator find any Integrations that may potentially create any Vulnerabilities. The Operator has the right to limit specific Integrations and limit providing Integrations at a notice should the third party to the Integration not provide an acceptable level of service, security, or documentation regarding the relevant Integration.
2.7 UNSTANDARDIZED CONFIGURATION SERVICE AND FUTURE DEVELOPMENTS
2.7.2 Any requests or suggestions for future features, functionalities, or other properties of the Platform or Integrations by the Client and Users, and any communication related to such requests or suggestions, cannot under any circumstances be interpreted as promises for any future developments.
2.7.3 Communication between the Operator and the Client or a prospective Client concerning the Operator’s product roadmap, future developments, planned developments and Integrations, and relevant timelines are informative, shall not under any circumstances be considered as binding, interpreted as promises, construe any agreements nor cannot be expected to be free nor included in any existing packages.
2.7.4 Should the Operator commit to any future developments; such a promise shall be deemed binding only upon a written signed express and specific confirmation by the Operator.
2.7.5 Should the Operator commit to any Unstandardized Configuration Service to the Client, such a commitment shall be deemed binding only upon a written signed express and specific confirmation by the Operator.
22.214.171.124 Any fee estimates, timeline estimates, or budgets for providing any Unstandardized Configuration Service shall not be considered binding.
126.96.36.199 The Operator shall carry out the Unstandardized Configuration Service with reasonable diligence and dispatch, and with reasonable skill and expertise to provide the service in accordance with the scope of the Unstandardized Configuration Service. Fee for providing Unstandardized Configuration Service does not include any necessary future Unstandardized Configuration Service necessary for the function of the specific solution to perform with the exact same form and function in future versions of the Platform after regular updates.
188.8.131.52 Each Party shall have the right to unilaterally cancel Unstandardized Configuration Service at any time at its own discretion in part or in full for any reason. Cancelling Unstandardized Configuration Service does not cancel the subscription to the use of the Platform. Upon cancellation of Unstandardized Configuration Service by the Operator, the Operator shall return the prepayment for the Unstandardized Configuration Service to the extent that the prepayment has not been spent on the provision of the Unstandardized Configuration Service.
3.1 The Contract shall be deemed to be concluded when:
3.3 Upon concluding the Contract, the Client and its representative shall verify, represent and warrant that:
- all the data and confirmations that the Client and its representative have submitted or given are accurate, correct, complete and relevant;
- the Client’s representative is a person with full active legal capacity (at least 18 years old or the age of majority in the applicable jurisdiction);
- the Client’s representative has all the rights and authorizations to enter into the Contract in the name of the Client and use the Platform and Services.
3.5 The Client may request additional User Accounts, change of package, and change of add-ons in the self-service section within the Platform through User Accounts with administrative rights granted by the Client.
4.3 The Operator shall communicate with the Client and the Users in English unless agreed otherwise. The Contract and other documentation on the provision of the Platform and the Services are prepared in English. The Operator may make the translations of these documents available in other languages, in order to simplify the understanding of the terms and conditions. In case of any discrepancies between the English language version and the translation, the English language text shall prevail.
- a change in the Legal Acts or the interpretation thereof;
- modification or termination of a provision of a current Service, or the introduction of a new Service;
- significant changes in the technical structure or functionality of the Platform;
- suggestions and complaints from Clients and Users;
- a need to enhance data protection or other security measures;
- changes in the business model, work operation, and/or authorizations of the Operator;
- technological developments that enable improvements to be made regarding usability, quality, and security of the Platform and the Services;
5.1 Client Account and User Accounts are necessary to use the main functionality of the Platform. If a natural person is related to several Clients, a separate User Account is created for that natural person under each Client Account.
5.6 If the Client uses Entities, then the Client User Accounts with administrative rights shall differentiate which User Accounts shall have access to which Entities.
5.7 Should the Client and/or the Entity Corporate Body and/or User of the Customer Portal User Account be required to enter into a data processing agreement or any other mandatory or necessary agreements arising from the Legal Acts between the Client and/or the Entity Corporate Body and/or User of the Customer Portal User Account due to using the Platform and/or Services and arising from the nature of how they use the Platform and/or Services, the Client undertakes to enter into such agreements with the Entity Corporate Body and/or User of the Customer Portal User Account directly separate from the Contract with the Operator.
5.8 Should the Client use Entities for differentiating between different legal entities, the Client and the Entity Corporate Body jointly and severally bear full responsibility for compliance to any Legal Acts, legality, usability, and compliance of using such a solution and undertake to:
- separate from the Contract with the Operator, enter into all and any necessary agreements between themselves to adequately regulate relationships that might be required to regulate, including all data processing rules, confidentiality rules, cost allocations, User rights, administration of the usage of the Platform under the Client Account, etc.
5.9 The Client shall ensure during the validity of the Contract, that:
- all the data that the Users have submitted is accurate, correct, complete and relevant;
- the Users are persons with full active legal capacity (at least 18 years old or the age of majority in the applicable jurisdiction);
- the Users have all the correct and relevant rights and authorizations to use the Platform and Services in the name of the Client.
5.11 Upon creation of an account, a Client and User shall choose an account name and password that enables them to log in to the Platform. The Client and Users shall keep their account name and password secret and prevent them from falling into the possession of third parties.
5.12 The Client shall immediately notify the Operator:
- of abuse of the User Account, Client Account or Entity;
- of the loss of the User’s password or it falling into the possession of third parties;
- of any Vulnerability related to the User Account, Client Account or Entity.
5.14 The Client and User Accounts shall be valid without a term until their deletion or termination of the Contract. If a Client has requested that the Operator delete the Client Account, the Operator shall view it as a termination of the Contract by the Client.
5.15 The Client may issue User Accounts and / or User Accounts with Special User Account Limitations upon agreement with the Operator for a fee in accordance with the Contract and with the intended purposes prescribed in the Contract.
5.16 The Client bears full responsibility for, and any actions or inaction by all User Accounts and Entity Corporate Bodies and and User Accounts of Entity Corporate Bodies under its Client Account.
5.18 The Client undertakes to assure the legality of issuing any User Accounts and Entities and the relationships between the Client and the Users and Users under Entities should this be required by any Legal Acts (when using the Platform through User Account(s)), including:
- by providing the Users of all User Accounts any necessary notifications (e.g., notifications about the processing of personal data);
- by entering into any required agreements;
- by ensuring fulfilling all compliance and documentation requirements.
6.1 The Operator has the right to prescribe fees for the use of the Platform by publishing the respective packages and prices on the Web Site or disclosing the prices at request. The Client shall choose the most suitable package from among them, in order to use the Platform.
6.2 The Client is obliged to remunerate the Operator for using the Platform in accordance with the price list available at the Web Site in accordance with the selected package, add-ons, number of Client Accounts, Entities, User Accounts and other conditions.
6.4 Payment for the usage of the Platform shall take place on the principle of periodical prepayment, i.e. the Client pays in advance for each upcoming period for the use of the Platform. The Client and the Operator agree on either a multi-year, annual, multi-month, or monthly Billing Period. All invoices for the use of the Platform and the Services from the Operator to the Client will be due in 10 days from the issuance of the invoice by the Operator. Late payments hereunder will accrue interest at a rate of 0.5% per day up to the maximum allowable annual interest rate permitted by applicable Legal Acts.
6.5 A free trial version of the Platform is available for first-time Clients for 14 days. If the Client wishes to continue to utilize the Platform beyond the first 14 days, it shall select a suitable package and make a prepayment for the following Billing Period by the end of the 14-days trial period at the latest. If the Client has not done so, the Operator has the right to immediately close the Client Account and User Accounts upon the end of the free trial period, including deleting all the uploaded Contents and automatically terminating the Contract. Unless agreed differently, the uploaded Contents in the trial version will be retained for the period as set forth in the DPA after the trial period has expired. The free trial period of 14 days set out in this clause 6.5 does only apply to the free trial version of the Platform and it does not apply to Clients who have agreed to enter into a subscription for the Platform or have been issued an invoice for payment or prepayment for the subscription of the Platform and/or Services.
6.6 At the beginning of each Billing Period, the Client is issued an invoice or payment request. The Client must make a payment by the due date indicated on the invoice or payment request.
6.7 RECURRING PAYMENTS. IF THE CLIENT IS PAYING BY CREDIT OR DEBIT CARD, THE CLIENT AUTHORIZES THE OPERATOR TO CHARGE THEIR CREDIT CARD OR BANK ACCOUNT FOR ALL FEES PAYABLE ON A RECURRING BASIS, FOR EACH PAYMENT PERIOD ON THE DATE OF THE PAYMENT REQUEST. THE CLIENT FURTHER AUTHORIZES THE OPERATOR TO USE A THIRD PARTY TO PROCESS PAYMENTS.
6.8 If the Client is paying by invoice, the Operator will issue an invoice. All amounts invoiced are due and payable by the date marked on the invoice.
6.9 The Client can use the self-service portion of the Platform to change (or in some instances, request to change) its package, activate add-ons, change the number of accounts, etc subject to the Contract. The Operator shall invoice the Client for the fees related to the prompted changes. The possibilities of use enabled with the higher-priced packages shall enter into force immediately after the Client confirms the change of the package. The changes to lower-priced packages and lowering the number of User Accounts shall enter into force at the beginning of the next Billing Period, unless agreed otherwise.
6.10 Already made prepayments will not be returned, including when:
- the Client has not used the Platform during the prepaid period, or has only done so partially;
- the Client changes the package of the Platform;
6.11 If the Client fails to perform its obligation to pay for 14 days from when the payment was due, the Operator has the right to restrict the Client’s access to the Platform and refuse to provide the Services. At that, the Operator has the right to calculate fees also for the period in which the above-mentioned restrictions apply towards the Client. The Operator shall notify the Client of the implementation of the planned restrictions due to violation of the payment obligation via email.
6.12 The annual Billing Period discount does not apply to the monthly or multi-monthly Billing Period. Should the Parties agree on a discounted User Account price, any such discount shall only apply provided that the Client at a minimum subscribes to the number of User Accounts that was subscribed to upon agreeing on the discount. Any prices and discounts agreed between the Parties apply for only one Billing Period unless agreed otherwise expressly and specifically.
6.13 All fees are exclusive of taxes, DUTIES AND OTHER LEGAL CHARGES which the Operator will charge where applicable.
7.1 For the purposes of providing the Platform and the Services to the Client, the Client shall grant the Operator a non-exclusive license to use the Contents added to the Platform by the Client or the Users. The license shall be granted for the period of validity of the Contract, without any geographical restrictions, without additional fees to the Operator, and with an unlimited right to sub-license. By entering into the Contract, the Client represents and warrants that it has all the rights, including the right to sub-license, regarding the Contents described herein and that the use of such Contents does not violate any third-party’s rights.
7.2 Except for in the trial version (which should not contain any real, including personal data, except User identification data) or during the deployment, the Operator does not access the Contents unless requested to do so by the Client (e.g. for Support Service). The Users can only access the Contents that the Client has made available to them on the Platform.
7.3 The Client acknowledges that the Operator may from time to time need to access the Client’s Contents for purposes of performing the Contract between the Client and the Operator (e.g. if the Client requests Support Service, the Client has flagged a technical issue, the Client has requested Services (such as Onboarding Service, Unstandardized Configuration Service), it is necessary to check for Vulnerabilities, for providing quality assurance and control, to prevent, detect, investigate fraud or misuse) provided that all such processing activities are logged by the Operator and that the Client can request such logs from the Operator to assure that all such processing activities are in line with the Contract.
8.1 The Platform, the Web Site and any parts and elements thereof (including databases and software, business names, trademarks, business secrets, domain names, etc.) are and may be protected under the intellectual property rights that belong to the Operator, its employees or cooperation partners.
8.2 All and any works created by the Operator during the provision of Services and intellectual property rights thereof vest in and belong to the Operator or its employees. The use of such works and intellectual property rights by the Operator shall not be limited in any ways.
8.3 During the validity of the Contract, the Operator allows the Client and the Users to utilize the functionality of the Platform for its internal needs, in compliance with the Contract for the regular purpose for which the Platform is intended. The Operator does not give the Client or User any other licenses or rights, and the Client or the User shall not obtain intellectual property rights to the Platform or the Web Site.
8.4 The User or Client may not change, copy, duplicate, distribute, process, translate, make extracts of, transmit, add to other databases or make available to the public the Platform, the Web Site or their parts, or use the intellectual property rights concerning the Platform or Web Site in any other way without the prior written consent from the Operator. The Client and User also have no right to issue sublicenses for the use of the Platform, the Web Site, or their parts, or create new intellectual property objects based on them. The Platform, the Web Site or any of their parts may not be sold, rented, licensed, interfaced with a system of the Client or third parties, or used by any programs that overload or interfere with the work of the Platform or Web Site or distort the Contents, without the prior written consent from the Operator.
9.1 The Operator shall renew the mechanisms that serve as the basis for the functioning of the Platform in order to provide the access to the Platform and the Services to the Client. To achieve that objective, the Operator may change the Platform and its components from time to time, as well as change the requirements for the software and hardware required to use the Platform and the Services provided via the Platform. The Operator shall notify Clients and Users of the most important changes within a reasonable timeframe before they are affected, considering the likely impact of the change on the Clients and Users.
9.2 The Operator may discontinue offering specific packages, features, add-ons, Integrations and any other functionalities of the Platform at its own discretion, provided that the Operator has reasonably notified the Client about the planned discontinuation and such event will not have an effect on then-current Billing Period for what the prepayment has been made by the Client. Should the Operator discontinue offering any specific packages, features, add-ons, Integrations and any other functionalities of the platform, the Operator shall have the right to propose alternative solutions to the Client for the future solution. In such a case the Client is obliged to make a decision concerning the future solution used by the Client; should the Client not make the choice during a reasonably required period, the Operator, acting reasonably, shall have the right to unilaterally change the solution when such a change is required and imminent whereas the Client shall bear any risks and / or issues that arise from such a change.
9.3 The Operator has the right to temporarily restrict access to the Platform if it is necessary for amending, maintaining or updating of the Platform, due to replacement, changing, or maintenance works done by the Operator or third parties, and other cases that emerge from the Legal Acts or decisions of competent authorities. The Operator shall inform the Clients and Users of the planned maintenance works as stipulated in the Service Level Policy.
9.4 If errors or any other functioning flaws are found in the Platform that hinders the use of the Platform, the Operator shall do everything reasonably possible to eliminate these disturbances as soon as possible as prescribed in the Support Level Policy.
10.1 The Contract commences when the Contract has been concluded and will continue for an initial term of 1 Billing Period or other term specified in writing between the Parties. Upon the expiration of this period, unless agreed otherwise in writing, the Contract will automatically extend for successive terms of 1 Billing Period, provided that either Party may unilaterally terminate the Contract without a reason or change the number of User Accounts or change package effective upon the expiration of the initial term or then-current term, by notifying the other Party via email or via the Platform at least 30 days prior to the expiration of the initial term or then-current term.
10.2 Should the Parties have agreed that the Client commits to the Contract as the initial term for a longer period than the Billing Period selected by the Client (i.e. the Parties have agreed on a Commitment Period), the Client shall not have the right to terminate the Contract (including as prescribed in clause 10.1) nor have the right to lower the subscription of the Platform in any ways during the term of that Commitment Period. Upon the expiration of the Commitment Period, the Contract will automatically extend for successive terms of 12 months unless otherwise specified in writing, provided that either Party may unilaterally terminate the Contract without reason or change the number of Users or change the package effective upon the expiration of the initial term or then-current term, by notifying the other Party via e-mail or via the Platform at least 30 days prior to the expiration of the initial term or then-current term.
10.3 Either Party has the right to unilaterally cancel the Contract without notice if the other Party breaches the terms of this Contract and has not remedied the breach within an additional reasonable period of time given to remedy the breach.
10.4 The Operator shall have the right to unilaterally cancel the Contract immediately, without prior notice, if:
- the Client has submitted false information about the Client;
- the Client has not used the Platform continuously for at least a year;
- it becomes evident that the person who has used the Platform, Services, or Client Account in the name of the Client has no right of representation to act on behalf of the Client;
- bankruptcy, restructuring or rehabilitation of the Client has been declared, or compulsory dissolution or liquidation has been initiated against the Client;
- the Client causes the Operator damage;
- the Client causes any Vulnerabilities or allows entry of Malware to the Platform;
- other grounds apply as specified in the Contract or the Legal Acts.
10.5 Upon termination or expiry of the Contract, the Operator shall close the respective accounts and, unless agreed differently, delete their Contents within the period stipulated in the DPA. The Operator shall not delete any Contents the retention of which is required under applicable law. The Client undertakes to download a copy of the Contents from the Platform in 30 days after the Contract was terminated or expired. Should the Client not be able to download a copy of the Contents as prescribed in this clause, the Client undertakes to notify the Operator within 5 days from learning about not being able to download the copy of the Contents, and in such a case and provide that the Contents have not been deleted as stipulated in the DPA, the Operator undertakes to transfer the Contents in a generally recognized format to the Client as agreed by the Parties. The Client undertakes to remunerate any costs associated with the transfer of the Contents by the Operator.
10.6 Upon termination or expiry of the Contract, the Operator shall not have the obligation to save settings specific to the Client, results of Unstandardized Configuration Services specific to the Client, code specific to the Client or other content specific to the Client.
10.7 Sections 1, 5, 8, 10, 11, 12, 13 and 14 of the Contract shall survive termination or expiry of the Contract, however arising.
11.1 The Operator is not obligated to check the Contents uploaded by Users onto the Platform, nor User activities on the Platform. The Operator is also not obligated to monitor User activity, information or the Contents they add to or transfer via the Platform, store in a cache memory, or save. The Client is aware and knowledgeable that the Operator is obligated under the Information Society Services Act and other Legal Acts to inform competent governmental agencies and of possible illegal activity, identify the Clients and Users to whom it is providing the service of data storage, and assist in investigating infringements of Legal Acts.
11.2 If a Client or User breaches the Contract, the good practice of the Platform, or Legal Acts, the Operator shall have the right to:
- eliminate the violation or unlawful Contents without making copies of such Contents;
- request the elimination of the violation and require that the conduct or the Contents be brought into conformity with the Contract, good practice or Legal Acts;
- temporarily restrict the Client’s or User’s access to Services, the Platform or any of its parts, including close the User Account temporarily;
- restrict the rights of use of the Platform for the Client or Users.
11.3 If the violation by the Client or User is repeated or material in some other way, the Operator shall have the right to permanently forbid the Client or User from using the respective part of the Platform or the Services, delete the User Account, or terminate the Contract without notice.
11.4 The Operator may restore the Contents that were removed from the Platform due to a complaint or re-establish access to them if the Operator is presented with convincing evidence of the compliance of the Contents to the Contract, good practice, or Legal Acts.
12.2 TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE OPERATOR SHALL BE LIABLE ONLY WHEN IT IS CULPABLE FOR ITS ACTIONS OR OMISSIONS. THE OPERATOR’S TOTAL LIABILITY (INCLUDING INTEREST) FOR ALL CLAIMS CONNECTED WITH ANY VIOLATION (ARISING FROM THE CONTRACT OR EXTRA-CONTRACTUALLY) IS LIMITED TO FEES PAID BY THE CLIENT TO THE OPERATOR FOR THE 3 MONTHS PERIOD FOR THE USAGE OF THE PLATFORM PRIOR TO THE TIME WHEN THE DAMAGE(S) OCCURRED OR THE ACTUAL DAMAGES, WHICHEVER IS THE LESSER. TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE OPERATOR SHALL NOT BE LIABLE BEFORE THE CLIENT OR USER FOR THE LOSS OF PROFIT, PURE ECONOMICAL DAMAGE, OR NON-PATRIMONIAL DAMAGE, AS WELL AS OTHER INDIRECT, SPECIAL, CONSEQUENTIAL, WARNING OR PUNISHING DAMAGES. THE OPERATOR SHALL ALSO NOT BE RESPONSIBLE FOR THE DAMAGE AND OTHER CONSEQUENCES THAT HAVE ARISEN DUE THE FOLLOWING REASONS:
- the Web Site or Platform do not function in some web browsers;
- disputes have arisen between a Client(s); Corporate Entity Bodi(es) and / or User(s);
- validity, performance, legality or any other matters concerning the transaction made with third parties by the Client and / or User via the Platform;
- adding of Contents to the Platform by a Client or User, which is not in compliance with or not used in compliance with the Contract, good practice or Legal Acts;
- processing (by the Client or a User) of personal data added to the Platform, if it is not in compliance with any Legal Acts;
- management of the User Accounts and Entities by a Client, including violations of Legal Acts or breaches of the Contract performed through the Client or User Accounts, regardless of whether the person is authorized to use the Client or User Account;
- changes that have taken place in Legal Acts and their interpretation, their impacts on the business activity of the Clients or Users, and reflection of the respective changes in the Platform, unless it is obligatory for the Operator under the law applicable to the Contract or a court decision made regarding the Operator;
- force majeure and other faults and disturbances that the Operator cannot directly affect, which prevent the Client or the Users from using the Platform, the Web Site and/or Services (including interruptions in the internet connection, issues concerning the hosting sub-processor of the Platform, interruptions concerning utilities etc.); errors, damages or settings in the Client’s or the User’s devices that are inappropriate for the use of the Platform or Web Site;
- delays, interruptions, or failures in the use of the Platform, the Web Site and/or the Services due to planned maintenance and/or development works;
- processing of data by third parties to whom the Operator submitted the Contents with the knowledge of the Client or a User, except for sub-processors processing the personal data in the Platform;
- if the Operator has become aware of a violation of Legal Acts or Contract that was performed using the Platform or is still ongoing, and the Operator has eliminated it or restricted access to it, or taken other active measures to end the violation or removed the consequences;
- the use of legal remedies by the Operator and the damage caused due to that to the Client, the User or a third party, even if it becomes evident later that there was no violation;
- loss of the Client or User Account password or their falling into the possession of third parties, or their use by third parties;
- failures, shortcomings or any functioning (including expected normal functioning) in the systems of third parties (e.g. Outlook, Dropbox, other parties to Integrations, etc.) that influence the functioning and/or availability of the Platform and/or the Services;
- processing and disclosing of Confidential Information and/or Contents on the order of a governmental or regulatory authority or a court or other authority of competent jurisdiction;
- vulnerabilities created by the Client and/or Users and any circumstances arising from Malware that have been uploaded to Operator’s systems by or due to events related to the Client and/or Users.
12.3 The Client shall defend, indemnify and hold the Operator harmless from and against any liabilities, allegations, claims, actions, suits, demands, damages, obligations, losses, settlements, judgments, costs, and expenses (including without limitation attorneys’ fees and costs), including to third parties, data subjects and any administrative sanctions and penalties imposed by any national or international authority or court, due to the Client’s infringement or breach (intentional or negligent) of its obligations under the Contract, under its contractual or extra-contractual obligations to third parties or any Legal Acts and as a data controller. If any claim, allegation, suit, demand, action, or any other matter is brought by a third party, User of any User Account or Entity Corporate Body against the Operator, to the extent caused by or related to the Platform and/or Services, access to, or possession, manipulation, processing, or use of the Contents only as is necessary to provide the Platform and Services by the Operator in accordance with the Contract, then the Client shall indemnify and hold the Operator, its affiliates, and each such party’s parent organizations, subsidiaries, officers, directors, employees, and agents harmless from and against any and all costs, damages, losses, liabilities, and expenses (including reasonable attorneys’ fees and costs) arising out of, or in connection with such matter.
12.4 The Operator shall defend, indemnify, and hold the Client harmless from and against any third-party claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising from claims by a thirty party that Client’s use of the Platform directly infringes or misappropriates a third party’s Berne Convention signatory country intellectual property rights due to the Operator’s gross negligence or willful misconduct (an “Infringement Claim”). Notwithstanding any other provision in this Contract, the Operator shall have no obligation to indemnify or reimburse Client with respect to any Infringement Claim to the extent arising from: (a) the combination of any Contents with the Service; (b) the combination of any products or services, other than those provided by the Operator directly to the Client under the Contract, with the Service; or (c) non-discretionary designs or specifications provided to the Operator by the Client that caused such Infringement Claim. The Client agrees to reimburse the Operator for any and all damages, losses, costs and expenses incurred as a result of any of the foregoing actions.
12.5 In the event of a claim for which a party seeks indemnity under clauses 12.3 and 12.4 and as conditions of the indemnity, the indemnified Party shall:
- notify the indemnifying Party as soon as possible, but in no event later than thirty (30) days after receipt of such claim, together with such further information as is necessary for the indemnifying Party to evaluate such claim;
- allow the indemnifying Party to assume full control of the defense of a claim with counsel of its own choosing. Upon the assumption by the indemnifying Party of the defense of a claim with counsel of its choosing, the indemnified Party will not be liable for the fees and expenses of chosen or additional counsel retained by any indemnifying Party;
- the indemnified Party shall cooperate with the indemnifying Party in defense of any such claim.
12.6 Notwithstanding the foregoing provisions, the indemnifying Party shall have no obligation to indemnify or reimburse for any losses, damages, costs, disbursements, expenses, settlement liability of a claim or other sums paid by the indemnified Party voluntarily, and without the indemnifying Party’s prior written consent, to settle a claim. The maximum liability for indemnification is set forth in section 12.2 shall apply to the indemnity set out in clause 12.4.
13.1 Each Party may be given access to Confidential Information from the other Party in order to perform its obligations under this Contract. A Party’s Confidential Information shall not be deemed to include information that:
- is or becomes publicly known other than through any act or omission of the receiving Party;
- was in the other Party’s lawful possession before the disclosure;
- is lawfully disclosed to the receiving Party by a third party without restriction on disclosure; or
- is independently developed by the receiving Party, which independent development can be shown by written evidence.
13.4 A Party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by Legal Acts, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction, provided that, to the extent, it is legally permitted to do so, it gives the other Party as much notice of such disclosure as possible and, where notice of disclosure is not prohibited and is given in accordance with this clause, it takes into account the reasonable requests of the other Party in relation to the content of such disclosure.
13.5 The Client acknowledges that details of the Platform and Services, and the results of any performance tests of the Platform and Services, Platform and/or Service roadmaps, designs, specifications, documentation, components, source code, object code, images, icons, audiovisual components and objects, schematics, drawings, protocols, processes, and other visual depictions constitute the Operator’s Confidential Information and trade secrets.
13.6 The Operator acknowledges that the Contents are Confidential Information of the Client.
13.7 The fact that the Operator is providing the access to the Platform and/or provides Services to the Client is not subject to confidentiality.
14.1 The Contract is governed by the laws of the Republic of Estonia.
14.2 If the Client is not satisfied with the activities of the Operator, it has the right to file a complaint in writing to the Operator. The Operator shall make efforts to settle the disputes by means of negotiations. Other contractual disputes between a Client and the Operator shall also be sought to be settled by negotiations.
14.3 The Harju County Court in Tallinn, Estonia as the court of the first instance shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Contract or its subject matter or formation (including non-contractual disputes or claims). No Party will claim lack of personal jurisdiction or forum non conveniens in this court.
DATA PROCESSING AGREEMENT
1.2 The Operator and the Client wish to duly observe all their respective obligations under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and any other relevant applicable data protection regulations (together Data Protection Laws).
1.3 For the purposes of this DPA, the terms “controller”, “processor”, “personal data”, “data subject”, “personal data breach” shall have the meaning given in the GDPR. “Sub-processor” shall mean another processor engaged by the Operator to process the personal data in the Platform or with respect to the Services.
2.1 The Operator provides a Contents’ hosting and maintenance service to the Client via the Platform. The Client decides if and what Contents, including personal data, it wants to process on the Platform and to whom the Client allows access to the Contents through the User Accounts. As such, the Operator processes any personal data on behalf of the Client solely for the purpose of providing the Platform and the Services and acts as a data processor as regards such personal data, whereas the Client acts as a data controller.
3. PROCESSING OF PERSONAL DATA
3.1 The categories of data subjects and the types of personal data the Operator processes on behalf of the Client:
3.1.1 Users of the Platform. The types of personal data are as follows:
- contact data (work address, work phone number, work email address);
- employment data (company name, position of the User within the organization, job-related data about work assignments);
- communications data (emails, messages sent to the Operator);
- any personal data related to the use of the Scoro Platform and the Services, including the Contents.
3.1.2 Data subjects whose personal data the Client processes as a controller, except the Users of the Platform. The types of personal data: anything that related to the particular data subject, including but not limited to name, contact details and other identifiers based on which that data subject can be either directly or indirectly identified.
3.2 The Client as a data controller is fully responsible for any personal data it processes using the Platform and the Services. The Client confirms that personal data processing practices are fully compliant with the Data Protection Laws, including that it has a legal basis to process the personal data as stipulated herein and that it has properly informed the data subjects thereof. If a User adds Contents to the Platform, it shall ensure its accuracy, correctness, completeness, relevance and its compliance with the Contract, good practice, and Legal Acts.
3.3 The Operator shall:
3.3.1 process the personal data only on lawful documented instructions from the Client and for the purposes of providing the Platform and the Services, unless required to do so by the Data Protection Laws. In such a case, the Operator shall inform the Client of such requirement in advance, unless that law prohibits providing such information;
3.3.2 ensure that persons authorized to process the personal data have committed themselves to confidentiality;
3.3.3 taking into account the nature of processing and the information available to the Operator, assist the Client in ensuring compliance with the Client’s obligations under Articles 32 to 36 of the GDPR;
3.3.4 inform the Client if, in the Operator’s opinion, the Client’s instruction infringes the Data Protection Laws.
3.4 The Operator takes appropriate technical and organizational security measures taking into account (i) the state of the art, (ii) costs of implementation, (iii) nature, scope, context and purposes of the processing, and (iv) risks posed to data subjects. Such security measures include, but are not limited to, encrypted storage and access controls. In deciding on those measures, the Operator assumes that the Platform and Services are used for its intended purposes (business management, project management, time management, work scheduling and tracking, financial management, reporting, etc.). The description of technical and organizational measures can be found on the Operator’s Web Site (see the Security Overview).
3.5 The Operator shall promptly notify the Client if it receives a request from a data subject in relation to its personal data processed in the Platform or with respect to the Services and allows the Client to respond to it. The Operator shall not respond to a data subject’s request without the Client’s prior written consent. Taking into account the nature of the processing, the Operator shall assist the Client by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Client’s obligation to respond to a data subject request under the Data Protection Laws.
3.6 The Operator shall notify the Client without undue delay by email after it has become aware of a personal data breach and cooperate reasonably with the Client as regards the data breach. In such a case, the Client may use the information received from the Operator about the data breach only to ensure and/or demonstrate its compliance with the Data Protection Laws. The Client shall keep this information confidential unless it is the Client’s confidential information or unless such information must be disclosed under any Legal Acts.
4. USE OF SUB-PROCESSORS
4.1 The Client hereby authorizes the Operator to appoint sub-processors in accordance with this section 4 of the DPA. The Operator shall ensure that Sub-processors are bound by written agreements that require them to provide at least the level of data protection required from the Operator by this DPA. The Operator shall inform the Client of any intended changes concerning the addition or replacement of sub-processors. The Client may object to the Operator’s use of a sub-processor by notifying the Operator promptly in writing within 10 working days after receipt of the Operator’s notice. In the event the Client objects to the new sub-processor, the Operator will use reasonable efforts to offer the Platform and Services to the Client without such a sub-processor. If this is not possible, the Client may terminate the Contract. The Operator shall impose the same data protection obligations as set out herein on the sub-processors.
4.2 The Operator and its sub-processors may transfer personal data outside the EU only where they have a lawful basis to do so, including to a recipient who is: (i) in a country which provides an adequate level of protection for personal data; or (ii) under appropriate safeguards that cover the EU requirements for the transfer of personal data to data processors outside the EU. More specific information about transferring personal data outside the EU is available upon request.
5. AUDIT RIGHTS
5.1 Upon the Client’s written request, the Operator shall make available to the Client the information necessary to demonstrate its compliance with the obligations laid down in this DPA and in Article 28 of the GDPR, provided the requested information is in the Operator’s possession or control. Should that prove to be insufficient for the Client, the Operator shall cooperate with the Client, including allow for and contribute to reasonable audits, including inspections, conducted by the Client or another auditor mandated by the Client and accepted by the Operator. The details of such audits and inspections shall be agreed between the Parties, however, the following applies:
5.1.1 the Operator will only be required to provide to the Client information, records and documents reasonably required to demonstrate its compliance with its obligations under this DPA and Article 28 of the GDPR regarding the personal data in processed on behalf of the Client;
5.1.2 the Operator will not disclose any information, records or other documents that are subject to its business secrets;
5.1.3 the Operator will not disclose any information, records or other documents that would place it in breach of its confidentiality obligations under applicable laws or agreements with other clients or persons;
5.1.4 the Operator will not disclose any information, records or other documents relating to a matter that is subject to a current, pending or threatened litigation or other dispute resolution mechanism between the Client and the Operator;
5.1.5 any information, records or other documents provided to the Client pursuant to this section 5 of the DPA shall be treated as confidential by the Client;
5.1.6 the Client may exercise its right to perform an audit under this section of the DPA 5 not more often than once in any calendar year unless it has a reasonable doubt as to the compliance of the Operator.
5.2 The Client shall be responsible for the costs of the audit. However, should the audit reveal any violation or breach of this DPA by the Operator or its sub-processor, the Operator shall compensate the Client for the costs arising from the audit and remedy the breach.
7. TERM AND TERMINATION
7.1 This DPA shall apply during such time period as the Operator processes personal data on behalf of the Client. The termination of personal data processing takes place on the first of the following events taking place:
7.1.1 the Client requests the Operator to delete or return the personal data and stop processing thereof;
7.1.2 the Operator’s obligation to provide the Platform and the Services to the Client ceases permanently due to termination or expiration of the Contract;
7.2 Upon termination of the personal data processing, the personal data shall, at the Client’s discretion, either be returned to the Client, to the extent possible, or be deleted unless any applicable law (including EU law or national law) to which the Operator is subject requires retention of the personal data. The Client hereby instructs the Operator to keep the Contents added to the Platform for up to 75 days after the termination or expiry of the Contract, including a trial version of the Platform.
7.3 Obligations which by their nature (e.g. duty of confidentiality) should survive termination or expiration of this DPA, shall so survive.
8.2 Any modifications made in this DPA will be agreed upon by the Client.
8.3 Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability while preserving the Parties’ intentions as closely as possible or – should this not be possible – (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein. The foregoing shall also apply if this DPA contains any omission.
* End of the Data Processing Agreement *