In conjunction with Licensee's purchase of a Subscription License for Licensed SaaS Software provided as a service, Licensee agrees to these terms and conditions.
Licensor retains all ownership and Intellectual Property Rights to the SaaS Offering, Licensed SaaS Software, the Support and Professional Services and the knowledge associated with the Support and Professional Services delivered by Licensor, its contractors, agents or resellers.
1. Software as a Service. Software as a service ("SaaS") consists of system administration, system management, and system monitoring activities of the Licensed SaaS Software (generally, the "SaaS Offering"). SaaS Offering subscription entitles Licensee to use the Licensed SaaS Software and accompanying Support and Maintenance Services in accordance with the Subscription License ordered or purchased by Licensee to the extent of such Subscription.
2. Standard SaaS Set-up. Licensor will configure each Licensed SaaS Software set-up as expressly defined in applicable system set-up description. Separate Set-Up Fee may apply to set-up if so indicated in the set- up description. Additional configuration and training services requested by Licensee will be defined in a separate statement of work.
3. Unique Authentication. Access to and use of the Licensed Software is restricted to Licensee's authorized users only. Licensee shall be responsible for ensuring that all of its users maintain the security of any password, username, or other form of authentication involved in obtaining access to the Software. Usernames and passwords must be uniquely assigned to a specific individual and may not be shared by multiple individuals.
4. Availability. Licensor agrees to provide Licensee with access to the currently published SaaS version of the Licensed SaaS Software via the Internet. During any calendar month and day (24 hours per day) the
Licensed Software shall be available to Licensee via the Internet except for: (i) the time during which the Licensed SaaS Software is unavailable so that Licensor or the hosting provider can perform maintenance for security and system integrity purposes and provide Upgrades, also known as "Planned Maintenance Downtime"; (ii) downtime caused by a Force Majeure Event.
5. Planned Maintenance Downtime. Planned Maintenance Downtime shall generally not exceed eight (8) hours per calendar month. However, in exceptional cases that Planned Maintenance Downtime will exceed eight (8) hours per calendar month, Licensor shall give Licensee reasonable notice by e-mail to the e-mail accounts provided by Licensee. When possible, Planned Maintenance Downtime will be planned for Licensee's non-core business hours.
6. Software Upgrades and Updates. Within reasonable time from availability to Licensor's general user base, Licensor will target Licensee to be automatically upgraded to the latest version or patch. Upgrades and Updates are provided to Licensee at no additional fee, including all Documentation describing the purpose and function of the Upgrades and Updates. Additional fees for Professional services may be required for any services required by Licensee in addition to standard implementation performed by Licensor. Licensor reserves the right to determine how and when to develop and apply any Upgrades and Updates.
7. Payments. The Licensee is invoiced monthly for the SaaS Offering for the following calendar month as a prepayment, unless otherwise agreed. Payment is a prerequisite for using the SaaS Offering and the Platform. Any set-up and other one-off fees are invoices as specified in the SaaS Offering order process.
8. Term and Termination. The SaaS Offering agreement is without term. The Licensee may terminate the SaaS Offering agreement at any time by notifying the Licensor in a form that can be reproduced in writing. In case any prepayments for any following periods have been made, the SaaS Offering agreement will continue until the end of such period. No refunds for any prepaid periods will be made.
9. Limitation on available legal remedies to Licensee. In case of any claims of unavailability of the SaaS Offering by the Licensee, Licensee's sole and exclusive remedy shall be Service credit of the prorated monthly fees paid for the SaaS Offering for the period of such unavailability. Licensee acknowledges and agrees that Service credits constitute a genuine pre-estimate of the loss or damage that Licensee might suffer as a result of any unavailability of the SaaS Offering and are adequate compensation for any loss or damage caused by any unavailability of the SaaS Offering. Licensee’s right to service credit exclusions include, but are not limited to failures caused by the following (i) factors outside of Licensor’s reasonable control; (ii) actions or inaction by Licensee or third parties with relation to Licensee use of SaaS Offering; (iii) Licensee's failure to modify its use of the service after being advised to modify its use of the service; (iv) use of beta, trial or pilot services.
10. Data processing, data processing agreement. This Section 10 applies to any processing of personal data carried out by the Licensor on behalf of the Licensee. In processing personal data, the Licensor and Licensee oblige to follow any and requirements in the GDPR.
10.1. The Licensee decides if and what content, including personal data, it wants to process on the Platform. The Licensor therefore processes any personal data on behalf of the Licensee only for the purpose of providing the Platform and the SaaS Offering and acts as a data processor regarding such personal data, whereas the Licensee acts as a data controller regarding such personal data.
10.2. The Licensor shall only process personal data on behalf of the Licensee under the terms and documented instructions of the Licensee unless the Licensor is obliged to process personal data under the law applicable to the Licensor. In the latter case, the Licensor, if reasonably possible, shall notify the Licensee of the existence of the relevant obligation before processing of personal data, unless such notification is prohibited to the Licensor due to applicable regulation.
10.3. The categories of data subjects the personal data of whom is processed may include but is not limited to (i) users of the Platform and the SaaS offering, (ii) Licensee’s end customers. The categories of personal data which is processed may include but is not limited to: (i) identification data (including data regarding ID documents), contact data, communication data, billing data, and general data related to the use of the Platform and the SaaS Offering.
10.4. The Licensee as a data controller is fully liable for any personal data it processes using the Platform and the SaaS offering. The Licensee confirms that its personal data processing practices are fully compliant with any data protection laws, including that it has a legal basis to process the personal data. The Licensee must ensure the accuracy, correctness, completeness, relevance and its compliance with the terms and legal acts of any personal data entered into the Platform.
10.5. Taking into account the state of the art, the costs of implementation and the processing details and context as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Licensor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (hereinafter “Measures”).
10.6. In assessing the appropriate level of security, the Licensor shall primarily take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
10.7. Such measures may comprise, as appropriate and relevant, for example the following (i) the pseudonymisation and encryption of personal data; (ii) Measures to ensure continuous confidentiality, integrity, availability and resilience of systems and services processing personal data; (iii) Measures to restore the availability of personal data and access to data in the event of a physical or technical incident in a timely manner; (iv) The establishment and implementation of procedures for periodic testing and evaluation of the effectiveness of technical and organisational measures to ensure the security of personal data processing.
10.8. Upon the Licensee’s authorisation the Licensor may involve an authorised processor (sub-processor) in the processing of personal data on behalf of the Licensee. If the Licensor involves another authorised processor on behalf of the Licensee for the processing of specific personal data, the Licensor shall ensure that the relevant authorised processor is subject to the same data protection obligations under the terms or legislation as applicable to the Licensor under the applicable law, terms, Agreement and documented instructions of the Licensee, in order to ensure that the relevant technical and organisational measures are implemented in a manner that ensures processing of personal data in accordance with the applicable law. The Licensor uses sub-processors for the following processes which the Licensee agrees to and grants authorisation to under these terms: (i) hosting and storage service providers; (ii) e-mail service providers; (iii) payment services providers; (iv) customer feedback and management service providers. The current full list of sub-processors is available upon the Licensee’s request.
10.9. The Licensor informs the Licensee of any intended changes concerning the addition or replacement of other processors, whereas the Licensee is allowed to object to such changes and to terminate the SaaS Offering agreement within 10 days as of receiving the notification without any monetary consequences.
10.10. The Licensor ensures that persons authorised to process personal data are bound by an obligation of confidentiality that ensures continuous and perpetual confidentiality of personal data and processing details.
10.11. Taking into account the nature of the processing, the Licensor assists the Licensee by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Licensee’s obligation to respond to requests for exercising the data subject's rights.
10.12. Taking into account the nature of the processing, and information available to the Licensor, the Licensor shall assist the Licensee in carrying out the obligations to guarantee the security of the processing, the obligation to inform the supervisory authority and the data subject about personal data breaches, the obligation to conduct a data protection impact assessment and the obligation to consult the supervisory authority.
10.13. On selection of the Licensee, upon termination of the agreement regarding the SaaS Offering, the Licensee will be made available access to securely transfer Customer Data (including personal data) to their own hosting/storage. Such availability shall last at least 1 month after the termination. After written confirmation of successful data transfer from the Licensor all Customer Data (including personal data) will be permanently deleted in the fullest extent permitted by law. If such written confirmation is not received within 2 months after termination, the Licensor has right to permanently delete all Customer Data (including personal data) in the fullest extent permitted by law without written confirmation of the Licensee. In retaining and deleting personal data the Licensor in any case follows any requirements under applicable legislation regarding personal data retention obligations. Following the passing of any retention periods, the Licensor will delete all personal data within 30 calendar days.
10.14. Under the Licensee’s written request, the Licensor makes available to the Licensee information necessary to demonstrate its compliance with the obligations of the data processor laid down in these terms and applicable legislation. In case of a written request of the Licensee, the Licensor will allow the Licensee to carry out audits and inspections regarding the Licensor’s compliance with the obligations of the data processor laid down in these terms and applicable legislation. Such audits are limited to a maximum of once per calendar year, unless in case of Licensee’s reasonable doubt of Licensor’s compliance with data protection regulations. During any such audit, the Licensor is only required to provide the Licensee with information, records and documents reasonably required to demonstrate its compliance with its obligations as a data processor arising from the terms and the GDPR in providing the Platform and SaaS offering. During the audits, the Licensor has the right to deny from disclosing any business secrets of the Licensor, or from disclosing any other documents it is not allowed to disclose according to applicable legislation or contractual obligations.
10.15. The Licensor will notify the Licensee without delay by email after it has become aware of a personal data breach. The Licensor will cooperate reasonably with the Licensee regarding such personal data breach. The Licensee will keep any such received information confidential, unless disclosure of such is obligatory under any applicable legislation.
11. Licensee Data. Licensee retains all ownership and intellectual property rights in and to its data. Licensee will be reasonable and prudent in the data it uses with the SaaS Offering. Licensee understands that the SaaS Offering is not intended for sensitive information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information about an individual's health or sex life, credit or debit card number, or financial account information. Licensee will not use any such data with the SaaS Offering.
12. Licensee is responsible for distributing and controlling access, passwords, logins and permissions. Licensee will take appropriate security measures to protect its data, both in transit to and from the SaaS Offering. Licensee is responsible for the quality and integrity of the data they provide whether data is provided directly or through a 3rd party.
13. Licensor will use applicable care and keep Licensee data secure according to the GDPR.
14. Limitation on Licensor’s liability. Under the agreement between the Licensor and Licensee regarding the SaaS Offering, the Licensor is only liable for any direct patrimonial damages to the Licensee and liability for loss of profit and whatever consequential damages is excluded in full, unless in case of an intentional breach by the Licensor. The Licensor’s liability for any damages to the Licensee is limited to the fees paid by the Licensee to the Licensor during the previous 12 months, unless in case of an intentional breach by the Licensor. In case of a breach by the Licensor due to gross negligence, the Licensor is only liable for any direct patrimonial damages to the Licensee and liability for loss of profit and whatever consequential damages is excluded in full, whereas the Licensor’s liability for any damages to the Licensee is limited to the fees paid by the Licensee to the Licensor during the previous 24 months. In case of intentional breaches by the Licensor, any limitations on Licensor’s liability do not apply.
15. LICENSOR DOES NOT GUARANTEE THAT THE SAAS OFFERING WILL BE ERROR-FREE OR UNINTERRUPTED, OR THAT LICENSOR WILL CORRECT ALL ERRORS OR THAT IT FITS PARTICULAR PURPOSE INTENDED BY LICENSEE. LICENSEE ACKNOWLEDGES THAT LICENSOR DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THAT THE SAAS OFFERING MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. LICENSOR IS NOT LIABLE FOR ANY DAMAGES DUE TO DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.
16. Severability, waiver. Unless as otherwise stated in the terms, should any provision of the terms be held invalid or unenforceable for any reason or to any extent, such invalidity or enforceability shall not in any manner affect or render invalid or unenforceable the remaining provisions of the terms, and the application of that provision shall be enforced to the extent permitted by law. Any failure by the Licensor to enforce the terms or any provision thereof shall not waive Licensor’s right to do so.
17. Indemnification. The Licensee agrees to indemnify and hold the Licensor harmless from and against all damages, losses, and expenses of any kind, including reasonable legal (attorney) fees and costs, arising out of or related to (i) the breach of these terms by the Licensee in any way; (ii) any Customer Data entered into the Platform or the SaaS Offering by the Licensee; (iii) any activities the Licensee engages in through the Platform or the SaaS Offering; and (iv) the Licensee violating any third party rights or applicable law.
18. Assignment. The Licensor has the right to assign the agreement between the Licensor and Licensee regarding the SaaS Offering, or any of the Licensor’s rights under such agreements, either in whole or in part, and the Licensor has the right to delegate any of its obligations under such agreements. The Licensee does not have the right to assign the agreement between the Licensor and Licensee regarding the SaaS Offering, or any of the Licensee’s rights under such agreements, either in whole or in part, nor sub-license any of the Licensee’s rights under such agreement to any third party.
19. Applicable law and disputes. The substantive law of the Kingdom of Belgium applies to the agreement between the Licensor and Licensee. All disputes will be resolved through negotiations, in case of failure of which by the courts of the Kingdom of Belgium, whereas the Leuven Labour and Commercial Court is the court of first instance.
20. Unilateral amendments. The Licensor may amend these terms by giving at least 30 (thirty) days prior notification to Licensee in a reasonable form. In case the Licensee is not satisfied with any amendments, the Licensee may within the notification period terminate any active agreements without any monetary consequences to the Licensee.