Software as a Services Terms & Conditions

This Software as a Service Terms & Conditions (the “Terms & Conditions”) is entered into by and between the Customer that creating an account for Organization (“Customer” or “you”) or by and between an Authorised User within such an Organization and Miquido Spółka z ograniczoną odpowiedzialnością sp. k. with its seat in Krakow, Zabłocie 43a, 30-701 Kraków, Poland (“Miquido”, “We”, “Our” or “Us”). A Customer enters into a separate agreement with Miquido by creating each account (filling in a respective form on the Website and accepting this Terms & Conditions) and Miquido and Customer agree to be bound by this Terms & Conditions. Miquido and Customer may be referred to individually as a “Party” and collectively as the “Parties”. An Authorised User by confirming the invitation and accepting this Terms & Conditions agrees to be bound by the provisions of this Terms & Conditions and by obligations that are addressed to Authorised Users herein.

WHEREAS, Miquido has developed specific software designed to create and optimize time reports and provide related online services that runs and is hosted on a site on the World Wide Web administered by Miquido (the “Services”). WHEREAS, Customer wishes to obtain access to the Services and grant the access to a group of Authorised Users, and Miquido wishes to provide such access to the Services in accordance with the terms set forth below. NOW, THEREFORE, the Parties hereby mutually agree as follows:

§ 1. Definitions

Whenever in this Terms & Conditions a reference is made to any of the following terms, they shall be defined and interpreted accordingly:

Authorised Users: employees, agents, independent contractors of the Customer or any other such person authorised expressly or by tacit acceptance by the Customer to use the Services.

Business Day: any day which is not Sunday or Saturday or public holiday in the Territory.

Confidential Information: information that is proprietary or confidential and is either clearly labelled as such or identified as Confidential Information in § 7 of the Terms & Conditions.

Customer Data: the data inputted by the Customer, Authorised Users or Miquido on the Customer's behalf for the purpose of using the Services or facilitating the Customer’s or Authorised User’s use of the Services.

Documentation: documents regarding the Services made available to the Customer by Miquido in any form (i.a. in a printed form, in electronic form sent by e-mail or online through the use of Services.

Effective Date: the day the Customer enters into an agreement with Miquido by creating an account (filling in a form on the Website and accepting this Terms & Conditions).

Error: a failure of the Services to conform substantially to the Terms & Conditions or to the Documentation.

Fees: any fees due to Miquido, including the Subscription Fees and other fees set out in any Services Order.

Hosting Provider: an entity obliged to host the Software and data of the Customer as described in § 5 of the Terms & Conditions.

Maintenance and Development Services: Services provided by the Supplier according to a specific Services Order and described in § 5 of the Terms & Conditions.

New Release: a new version of the Software made available by Miquido which may correct known Errors or contain new or enhanced functionality of the Software.

Normal Business Hours: [9.00 am to 17.00 pm] local time in the Territory on each Business Day.

Services: any services provided or ensured by Miquido to the Customer under this Terms & Conditions, including remote access to the Software during a Subscription Term and Maintenance and Development Services.

Services Order: an order made by the Customer concerning Maintenance and Development Services and special terms of their performance.

Software: online software application, its modifications, upgrades, patches, New Releases and any other elements, provided by Miquido as part of the Services and relevant licenses.

Standard Customer Support: Customer support services provided by the Supplier to the Customer concerning Services. Services within Standard Customer Support are provided during Normal Business Hours and include email support in all matters concerning: registration and account information, as well as receiving notifications concerning technical issues sent by e-mail or a dedicated form within the application.

Subscription Fees: the subscription fees payable by the Customer to Miquido for the Services for each Subscription Term.

Subscription Term: each consecutive 30 days when the Services are made available to the Customer. A Subscription Term begins on the Effective Date (in case the Customer creates an account for the same organisation for the second or any other consecutive time) or on the first day after the end of the previous Subscription Term in case of a continuation of Services.

Terms & Conditions: this document and any attached appendices or its amendment.

Territory: the territory of the Republic of Poland.

Trial Period: a period defined in § 6 section 1 of this Terms & Conditions.

Website: the website located at: quidlo.com and its subdomains.

§ 2. Scope of the Terms & Conditions

  1. The scope of this Terms & Conditions is to regulate the rights and obligations of the Parties concerning providing or ensuring the Services.
  2. Each Services Order sent by the Customer and accepted by Miquido shall constitute a part of this Terms & Conditions. Services agreed on in any Services Order will be executed according to the provisions of this Terms & Conditions unless otherwise expressly stated in the Services Order – in such case the provisions of the Services Order will prevail over the provisions of this Terms & Conditions in all cases related with execution of such Services Order.
  3. Miquido:
    1. ensures, that it has enough knowledge and resources to perform Services within the scope of the Terms & Conditions,
    2. will perform all his obligations in accordance with provisions of the Terms & Conditions, Documentation and with utmost care resulting from the professional character of the business activity of Miquido,
    3. ensures that all of his employees, agents, cooperators or subcontractors have the necessary knowledge and experience to perform the duties of Miquido,
    4. shall deliver the Services through the Internet and is not liable for not providing its Services due to any breaks in the delivery of Internet signal.
  4. The Customer:
    1. will use the Services only in accordance with intended use of the Software and restrain itself from any actions that may jeopardize the realization of Miquido’s obligations,
    2. ensures that the Authorised Users use the Services in accordance with the provisions of this Terms & Conditions only in accordance with intended use of the Software,
    3. ensures that access to the Services and Documentation is granted by the Customer only to the Authorised Users,
    4. ensures that the person representing the Customer is duly authorized to fill in and to place a Services Order.
  5. The Parties:
    1. warrant that they have the legal right to enter into this Terms & Conditions,
    2. shall comply with all applicable laws and regulations with respect to their activities under this Terms & Conditions,
    3. shall carry out all their responsibilities set out in this Terms & Conditions in a timely and efficient manner.
  6. The Customer expressly agrees that Miquido may commission, assign or otherwise transfer any part of its duties to subcontractors without any prior notification to the Customer.
  7. The Customer cannot, without prior written consent of Miquido, assign or otherwise transfer any of its rights or obligations arising out of this Terms & Conditions.
  8. This Terms & Conditions will remain in full force in case of a merger, acquisition or sale of any of the Parties.
  9. Nothing in this Terms & Conditions is intended to create a partnership or a company between the Parties, or authorize either Party to act as agent for the other Party, or give the authority to act in the name or on behalf or to bind the other Party in any way (including, but not limited to making of any representation or warranty, the assumption of any obligation or liability and the exercise of any right or power).

§ 3. Code of conduct

  1. By using the Services and accepting this Terms & Conditions as a Customer or an Authorised User you declare and agree as follows:
  2. That you are a person at least 18 years of age and that any Authorised User is at least 18. Persons under 18 are not allowed to use the Services unless an explicit consent of such person’s parent or legal representative for the usage of the Services and to process personal data of the person under 18 is presented to Miquido.
  3. That you will use the Services for purposes within your professional activity as an entrepreneur or an employee, agent or a contractor. That you will provide only real, accurate and up-to-date information to Miquido, i.a. that the data provided to create any new account for an Authorised User will be of an existing person that the Customer has obtained a binding legal basis for processing and providing to Miquido. Using false identity or identity of other person without a legal basis is strictly forbidden.
  4. That you will maintain the security and confidentiality of any access data to your account.
  5. That you will not use the Services to store or disseminate any material that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing, sexually explicit, unlawfully violent, discriminatory (i.a. based on race, gender, religious belief, sexual orientation, disability) or destructive, malicious or harmful (including viruses and malware).
  6. That during the course of use of the Services you will not store or in other way process data that is subject to professional secrecy (such as banking or telecommunication secrecy) or other secrecy rules regulated by the provisions of law, that may result in Miquido being treated as a company obliged to abide by such specific secrecy rules.
  7. That you will not delete any accounts before the end of a Subscription Term and create a new one for the same Authorised User (regardless if using a different e-mail address) or perform other activities in order to avoid being charged or reduce the Fees due to Miquido.
  8. That you will inform and oblige any of the Authorised Users to abide by the aforementioned rules. Miquido neither has the obligation to monitor the activity of a Customer or any of the Authorised Users nor will attempt to do so on a regular basis. Hence Miquido cannot be held responsible for any damage or loss resulting from such activity.
  9. In case Miquido learns of non-compliance with the abovementioned rules, Miquido reserves the right to refuse or cancel providing the Services, terminate accounts or remove or edit Customer Data in its sole discretion. In case Miquido decides to exercise such right in accordance with the provisions of Terms & Conditions Customer and Authorised User waive any right (including the right to compensation or damages) due to any loss of Customer Data or inability to use the Services.

§ 4. License

  1. Miquido warrants that for the duration of any Subscription Terms it has and will maintain necessary rights, licenses, consents and permissions for the provision of the Services, including any respective licenses to open source or publicly distributed materials used in order to provide Services to the Customer, and in particular to grant the Customer the license under the provisions set forth in this paragraph.
  2. Subject to compliance with the provisions of this Terms & Conditions and the acceptance of a respective Services Order Miquido hereby grants the Customer with a limited, non-exclusive, non-transferable right to use the Services during the Subscription Term solely for the Customer's internal business operations and authorises the Customer to grant the right to use the Services to the number of Authorised User as agreed in a respective Services Order.
  3. The license as described in this paragraph is given for each specific Subscription Term.
  4. The Customer, except as may be allowed by any applicable law which is incapable of exclusion by agreement between the Parties and except to the extent expressly permitted under this Terms & Conditions, shall not:
    1. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software or Documentation (as applicable) in any form or media or by any means; or
    2. attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or
    3. access all or any part of the Software and Documentation in other way by using the Services according to its dedicated purpose in order to build a product or service which competes with the Software or the Documentation; or
    4. use the Services to provide services to third parties since such license is given only for the Customer business needs; or
    5. license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Services available to any third party except the Authorised Users, or
    6. attempt to obtain, or assist third parties in obtaining access to the Services in other way than through executing this Terms & Conditions with Miquido by such third parties.
  5. Miquido shall own all right, title and interest in the Software and Documentation and does not grant to the Customer any right, title and interest other that expressly granted in section 3 of this paragraph.
  6. The Customer shall own all right, title and interest in the Customer Data that is stored, distributed or transmitted using the Services and shall be solely liable for the accuracy, quality, integrity, legality, copyright, appropriateness and reliability of the data. Miquido may access this data whenever and to the extent necessary for the proper provision of Services.
  7. The terms of this Terms & Conditions will apply to all New Releases unless otherwise stated in a relevant Services Order.
  8. During the term of this Terms & Conditions, Customer grants Miquido the right to use Customer’s logo and name on Miquido’s websites and in press releases announcing the Customer relationship and identifying the type of Services purchased by Customer provided, however, that in case of press releases the wording of any such press release shall be presented in advance to Customer and the Customer does not object within a period of 2 Working Days.

§ 5. Hosting, Maintenance and Development

  1. The Software and the Customer Data may be hosted by a Hosting Provider chosen by Miquido and the Customer hereby expresses its explicit consent to any Hosting Provider chosen by Miquido. Miquido ensures that if it chooses to use the services of a Hosting Provider a respective Terms & Conditions and a data processing Terms & Conditions will be executed in order to ensure that adequate security measures and procedures are implemented to protect stored and transmitted data. Miquido will ensure the continuity of Services in case the current Hosting Provider ceases to provide its services due to any reasons.
  2. The Customer is responsible for keeping at all times a backup copy of its data stored, distributed or transmitted using the Services. Miquido may provide on the Customer’s explicit request, and on the condition that the Customer has paid all due Fees, a copy of all Customer data stored by Miquido or the Hosting Provider on the occasion of termination of the Services. Miquido will delete all copies of Customer Data within 30 days of notifying the Customer of the termination of the Services.
  3. During Subscription Term and within an additional fee agreed by the Parties and paid by the Customer, Miquido may provide to the Customer Maintenance and Development Services, such as migration, parameterization, customisation, modifications or other services aiming to ensure the continuous provision of the Services and to correct known Errors within a reasonable time.
  4. Miquido may also from time to time issue New Releases of the Software. A New Release will be implemented automatically and does not require any activity of the Customer, but may cause a temporary break in the provisions of the Services.
  5. Miquido reserves the right to perform regularly scheduled maintenance outside Regular Business Hours. Maintenance may prevent the Services from being accessed or used by Authorized Users during this time period. Any maintenance required outside of this schedule will be announced 24 hours in advance to Customer’s contact person via email, if possible under the circumstances. Operational maintenance not requiring a break in the accessibility of the Services may occur during normal business hours. Miquido reserves the right to update its maintenance schedule at its sole discretion. Any updates to this schedule will be appropriately communicated to the Customer.

§ 6. Payment Terms

    1. Miquido offers a Trial Period which lapses:
    2. on the 1st of March 2019 – for the Customers that commence to use the Services before or on the 31st of December 2018,
    3. on the last day of the first two Subscription Terms – for the Customers that commence to use the Services from the 1st of January 2019.
  1. During the Trial Period the Customer will not be charged any Subscription Fees for using the Services. The Customer may only use the Trial Period once per one organisation. The Customer is obliged to deliver to an external payment service provider indicated by Miquido valid billing information for the organisation by the end of the Trial Period or on the Effective day if the Customer is registering for the services for the second and each following time.
  2. The Customer shall pay the Subscription Fees to Miquido for performing the Services in accordance with the Terms & Conditions and with the current price list for the Services.
  3. For performing Services the Customer is obliged to pay to Miquido a net remuneration according to the rates given in the price list published by Miquido. The price list may be modified by Miquido unilaterally from time to time. Current price list will be available on the Website and may also be delivered to the Customer on demand. The price list for each Subscription Term will be binding in a form published on the Website on the last day of the previous Subscription Term.
  4. The remuneration will be paid for each Subscription Term in advance, based on the amount of Authorised Users on the last day of the previous Subscription Term (or on the last day of the Trial Period).
  5. The remuneration will be charged automatically using the billing information provided by the Customer. In case the external payment service provider notifies Miquido that the remuneration could not be charged using the billing information provided by the Customer or the Customer does not deliver billing information of the organisation Miquido will be entitled to disable access to the Services until respective remuneration is transferred to Miquido and to terminate the agreement according to § 9 section 2 of this Terms & Conditions.
  6. The payment will be made using an external payment service provider indicated by Miquido. Miquido does not hold any billing data of a Customer.
  7. All Fees due by the Customer to Miquido hereunder will be made free and clear of any offset or counterclaim, and without any deduction or withholding of any present or future taxes. If any such taxes are levied or imposed on any of the transactions arising from this Terms & Conditions, the Customer shall pay the full amount of such taxes (to Miquido or the relevant taxing authority, as appropriate), and shall pay to Miquido any additional amount necessary to ensure that the net payment, after withholding or deduction of such taxes, shall be no less than the amount due for the transaction indicated in section 2 above.
  8. The invoice shall be issued on the last day of the previous Subscription Term and delivered upon the e-mail address given by the Customer.

§ 7. Confidentiality

  1. Each Party may be given access to Confidential Information from the other Party in order to perform its obligations under this Terms & Conditions. Information will not be deemed Confidential Information if:
    1. is or becomes publicly known other than through any act or omission of the receiving Party;
    2. was in the other Party's lawful possession before the disclosure;
    3. is lawfully disclosed to the receiving Party by a third party without restriction on disclosure;
    4. is independently developed by the receiving Party, which independent development can be shown by written evidence; or
    5. is required to be disclosed by law, by any court of competent jurisdiction or by any regulatory or administrative body.
  2. Each party will hold the other Party's Confidential Information in confidence and, unless required by law, not make the other Party's Confidential Information available to any third party, or use the other Party's Confidential Information for any purpose other than the fulfillment of its obligations out of this Terms & Conditions.
  3. Each Party will take all reasonable steps to ensure that the other Party's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this Terms & Conditions.
  4. Neither Party will be responsible for any loss, destruction, alteration or disclosure of Confidential Information caused by any third party and without such Party's fault.
  5. The rules of processing personal data of the Customer, its employees, agents and Authorised Users are set forth in the Data Processing Addendum constituting an appendix to this Terms & Conditions.
  6. This paragraph will survive termination of this Terms & Conditions, however arising, and shall be binding for a period of 10 years following such termination.

§ 8. Liability

  1. Except for the express warranties set forth in this Terms & Conditions Miquido makes no other warranties. Miquido provides a free Trial Period and due to this fact Miquido neither warrants that the Services will be fit for the Customer’s business requirement, that the Services will cooperate with the Customer’s hardware or software, nor that the Services will meet any specific performance level.
  2. Except for either Party’s breach of its confidentiality obligations and obligations related to the processing of personal data Miquido will not be liable whether in tort, contract, misrepresentation, restitution or otherwise for any loss of profits, loss of business, depletion of goodwill, and/or similar losses or pure economic loss, or for any special, indirect or consequential loss, costs, damages, results of loss or corruption of data, charges or expenses however arising under this Terms & Conditions.
  3. Miquido’s total aggregate liability in contract, tort, misrepresentation, restitution or otherwise, arising in connection with the performance of this Terms & Conditions shall be limited to the total Subscription Fees for 12 months immediately preceding the date on which the claim arose.
  4. Nothing in this Terms & Conditions excludes the liability of the Parties:
    1. for death or personal injury caused by the Party's act or omission; or
    2. for any losses caused by intentional act or omission of the Party.
    3. In no event shall Miquido, its employees, agents and subcontractors be liable to the Customer to the extent that the alleged infringement is based on:
  5. a modification of the Software or Documentation by anyone other than the Supplier; or
  6. the Customer's use of the Services in a manner contrary to the provisions of the Terms & Conditions.
  7. In no event shall Miquido, its employees, agents and subcontractors be liable for any loss or damage if it is a result of a breach of the obligation of the Customer set forth in § 3 section 1 of the Terms & Conditions.
  8. The Customer shall defend, indemnify and hold harmless Miquido, its officers, directors and employees against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the Customer's improper use of the Services or Documentation and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims.
  9. Miquido shall defend the Customer, its officers, directors and employees against claims, actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with the fact that the Services infringe any patent effective as of the Effective Date, copyright, trade mark, database right or right of confidentiality or any other right, and shall indemnify the Customer for any amounts awarded against the Customer in judgment or settlement of such claims, provided that:
    1. Miquido is given prompt notice of any such claim and that the Customer does not accept any claim or settlement without prior consent of Miquido in a written form in order to be valid;
    2. the Customer provides reasonable co-operation to Miquido in the defence and settlement of such claim; and
    3. Miquido is given sole authority to defend or settle the claim.
  10. None of the Parties shall be in any way responsible for non-performance or improper performance of the obligations hereunder, if and to the extent that the performance of obligations is delayed or disrupted by force majeure circumstances which could not be foreseen by the Parties at the moment of conclusion of this Terms & Conditions.
  11. Such circumstances of force majeure shall include events beyond the reasonable control of a Party such as: earthquakes, floods, conflagrations, other natural disasters, armed conflicts and intervention, acts of terrorism, strikes, changes in legislation, failures of a utility service or transport or telecommunication network as well as other circumstances which can directly affect the Parties’ ability to fulfil the provisions of the Terms & Conditions.
  12. Should the force majeure circumstances prevent any of the Parties from complying with their obligations under this Terms & Conditions, then such Party shall be relieved from fulfilling this obligation for the period of duration of force majeure circumstances, provided that such Party forwards to the other Party, within 5 (five) Business Days, a letter about occurrence of force majeure circumstances, and takes reasonably required and adequate actions with a view to minimizing the damages to the other Party and resuming its ability to perform the obligations hereunder.

§ 9. Duration and Termination of the agreement between the Parties

  1. The agreement between the Parties will commences on the Effective Date and is executed for a period of a Subscription Term. The agreement will be automatically extended if the Customer does not terminate the agreement within the last day of a Subscription Term.
  2. Without prejudice to any other rights or remedies to which the Parties may be entitled either Party may terminate the agreement by notice delivered by e-mail to the address as given in § 9 section 3 of the Terms & Conditions without liability to the other Party if:
    1. the other Party commits a material breach of any of the terms of this Terms & Conditions and (if such a breach is remediable) fails to remedy that breach within 14 days of that Party being notified in writing of the breach; or
    2. the other Party becomes subject to a bankruptcy, insolvency, administration, reorganization or liquidation proceeding, or to any other similar or related company reconstruction, receivership or administration action, whether voluntary or involuntary, except as may be prohibited by adequate bankruptcy laws adequate to the debtor.
  3. Miquido may terminate the agreement between the Parties immediately and without prior notice in case of a breach of the obligation of the Customer set forth in § 3 of the Terms & Conditions and in case of a breach of the provisions of § 4 of the Terms & Conditions. In such case Miquido may also disable access to the Services or any material or Customer Data that causes the breach.

§ 10. Terms & Conditions amendment

  1. This Terms & Conditions may be revised or updated by Miquido at any time. If you are using the Services you should review the Terms & Conditions posted on the Website periodically.
  2. Any changes introduced by Miquido shall enter into force from the beginning of the calendar month following the month during which the new version of Terms & Conditions was posted on the Website. By continuing to use the Services you agree to these changes. If you do not agree to the changes you must discontinue to use the Services.
  3. The provisions of this Terms & Conditions may also be changed in a form of an annex accepted by both Parties in a written or electronic form (by e-mail to the address as given in § 10 section 3 of the Terms & Conditions).

§ 11 Final Provisions

  1. Declarations of the Parties, unless any of the provisions of this Terms & Conditions expressly states otherwise, in order to be valid require to be made by both Parties.
  2. All formal notifications, declarations of will and declarations of knowledge related to the agreement between the Parties unless any of the provisions of this Terms & Conditions expressly states otherwise, in order to be valid will be made in written form or electronic form and will be effective the moment the addressee is delivered such a notification or declaration signed by the Party making such notification or declaration.
  3. The Customer undertakes to notify Miquido each time about changes to its addresses or other contact data, otherwise the correspondence sent to the previous address shall be deemed delivered after 14 (fourteen) days of the day of the first attempt to deliver the correspondence in case of a written form and on the day the attempt to deliver is made in case of delivery by e-mail.
  4. A waiver of any right under the agreement between the Parties is only effective if it is in writing and it applies only to the Party to whom the waiver is addressed and to circumstances for which it is given. Cases involving lack of strict observance of the provisions of the agreement between the Parties by any of the Parties shall not be considered as waiver of rights or claims that both Parties are entitled to. They shall also not be interpreted as disclaimer of the obligation to observe the provisions of the Terms & Conditions in the future.
  5. Should any of the provisions of the Terms & Conditions be invalid or ineffective towards the Parties or a third party, the other provisions shall remain in force, except for the provisions whose content - after exclusion of the provisions invalid or ineffective towards a Party or a third party - cannot be reasonably reconciled with the remaining part of the Terms & Conditions. The provisions of the Terms & Conditions which are invalid or ineffective shall be replaced with valid and effective ones, whose content will be as close as possible to the initial intention of the Parties and the business purpose of the Terms & Conditions.
  6. The provisions included in the Terms & Conditions constitute the entire understanding between the Parties and replace any previous (including those not yet executed or completed) agreements, understandings or arrangements, whether written or oral, relating to the subject of the Terms & Conditions.
  7. Any disputes between the Parties arising out of the Terms & Conditions or relating to the provisions of the Terms & Conditions, including in particular: its performance, non-performance or improper performance, validity (including validity of this arbitration clause), effectiveness and interpretation the Parties shall attempt - in good faith - to resolve amicably in the course of direct negotiations. If after 30 (thirty) days following one of the Parties being called by the other Party for negotiations, amicable settlement in the course of negotiations turns out to be impossible, the court of competent jurisdiction for settlement of such disputes shall be the respective court for Kraków – Śródmieście and the governing law shall be the Polish law.
  8. This Terms & Conditions is governed by the Polish law and should be interpreted accordingly.

DATA PROCESSING ADDENDUM

  1. GENERAL PROVISIONS
    1. Definitions:
      • “Agreement” – agreement entered into by Processor and the Customer regarding the provision of Services to which this DPA constitutes an appendix.
      • “Processor” means Miquido Spółka z ograniczoną odpowiedzialnością sp. k. with its seat in Krakow, Zabłocie 43a, 30-701 Kraków, Poland;
      • “Customer” means the entity or person that uses the Services in accordance with applicable Agreement or regulations;
      • “Data Controller” means the entity or person, alone or jointly with other persons or entities, which determines the purposes and means of the Processing of Personal Data;
      • “Data Processor” means the entity or person, other than the Customer or Customer’s employees or agents, who Processes Personal Data on behalf of the Customer and does not Process Personal Data for its own purposes;
      • “Data Protection Laws and Regulations” means all laws and regulations applicable to the Processing of Personal Data of the Customer by the Data Processor;
      • “Data Subject” means the individual to whom Personal Data relates;
      • “Personal Data” means any information relating to an identified or identifiable person where such data is submitted to the Processor as Customer’s Data or otherwise Processed by Processor on behalf of Customer in the course of provision of Services to the Customer;
      • “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
      • “Record of Processing Activities” record that contains every activity regarding Processing Personal Data, in particular information specified in Data Protection Laws and Regulations;
      • “Security Documentation” means Processor documents that set forth the controls implemented by Processor designed to safeguard the security, confidentiality, integrity and availability of the Personal Data;
      • “Security Incident” means actual or reasonably suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data Controller’s Personal Data transmitted, stored or otherwise processed by Processor or its Sub-processors;
      • “Sub-processor” means any Data Processor engaged by Processor;
      • “Customer’s Data” means any data, including Personal Data, provided by Customer to Processor or collected by Processor on Customer’s behalf, including data accessed by Processor on Customer or third party systems.
    2. Capitalized terms not defined in this Section 1 shall have the meaning set forth in applicable Data Protection Laws and Regulations. In the event of a conflict or inconsistency between such definitions, Data Protection Laws and Regulations shall take precedence.
    3. In the course of providing Services to the Customer, Processor may Process Personal Data on behalf of Customer. These Data Processing Addendum (“DPA”) establish the procedure and rules for the protection of Customer’s Personal Data processed by Processor, in accordance with the requirements of Data Protection Laws and Regulations.
  2. PROCESSING OF PERSONAL DATA
    1. Roles of the Processor and the Customer. With regard to the Processing of Personal Data, Customer is the Data Controller, Processor is the Data Processor. Processor may engage Sub-processors pursuant to the requirements set forth in Section 5 “Sub-processors” below.
    2. Customer’s Processing of Personal Data. Customer shall, in the course of using the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. Customer shall maintain Record of Processing Activities under its responsibility in accordance to Data Protection Laws and Regulations and this DPA.
    3. Processor’s Processing of Personal Data. Processor shall only Process Personal Data on behalf of and in accordance with Customer’s instructions, in compliance with Data Protection Laws and Regulations, this DPA and the Terms & Conditions, and shall treat Personal Data as Confidential Information. Customer instructs Processor to Process Personal Data for the following purposes: (i) Processing in the course of providing the Services to the Customer; (ii) Processing initiated by Data Subjects or entities submitting Personal Data; and (iii) Processing to comply with other reasonable instructions provided by the Customer (e.g., via email) where such instructions are consistent with the terms and conditions of provisions of Services to the Customer. Processor, and where applicable, Sub-processor, shall maintain Record of Processing Activities under its responsibility in accordance to Data Protection Laws and Regulations and this DPA.
    4. In an appendix to this DPA are specified: the type of Personal Data, categories of Data Subjects, nature, purpose and duration of Processing as well as a list of authorized Sub-processors.
  3. RIGHTS OF DATA SUBJECTS
    1. Execution of Data Subjects’ rights. To the extent Customer, in the course of using the Services, does not have the ability to correct, amend, block or delete Personal Data or other action of Processing, as required by Data Protection Laws and Regulations, Processor shall comply with any reasonable request by Customer to facilitate such actions, within the reasonable timelines specified by Customer and concordant with the Data Protection Laws and Regulations, to the extent Processor is legally permitted to do so.
    2. Data Subject Requests. Processor shall, to the extent legally permitted, promptly notify Customer if it receives a request from a Data Subject for access to, correction, amendment or deletion or other action regarding that person’s Personal Data. Processor shall not respond to any such Data Subject request without prior consent of the Customer. Processor shall provide Customer with reasonable cooperation and assistance in relation to handling of a Data Subject’s request for access to that person’s Personal Data or other actions to the extent legally permitted and to the extent Customer does not have access to such Personal Data through its means.
  4. PROCESSOR’S PERSONNEL
    1. Confidentiality. Processor shall inform its personnel engaged in the Processing of Personal Data of the confidential nature of the Personal Data and provide appropriate training on their responsibilities. Such personnel shall have executed confidentiality agreements or otherwise be subject to binding confidentiality obligations. Processor shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
    2. Reliability. Processor shall take reasonable steps to ensure the reliability of any Processor personnel engaged in the Processing of Personal Data.
    3. Limitation of Access. Processor shall limit Processor’s personnel access to Personal Data to those personnel who require such access in order to provide the Services to the Customer.
    4. Data Protection Officer. Processor is not legally obliged by Data Protection Laws and Regulations to appoint a data protection officer, however Processor shall notify Customer of appointment of such officer or a person responsible for coordinating the fulfillment of obligations under Data Protection Laws and Regulations and provide Customer with the contact information of the appointed person.
  5. SUB-PROCESSORS
    1. Appointment of Sub-processors. The Processor shall have the right to sub-entrust the processing of the Personal Data to another entity on the basis of the general consent the Data Controller hereby grants.
    2. List of current Sub-processors and notification of new Sub-processors. Processor shall make available to Customer at all times a current list of Sub-processors with the identities of those Sub-processors (“Sub-processor List”). To view Sub-processor list please visit Sub-processors page.
    3. Objection right for new Sub-processors. Processor shall notify Customer of authorizing any new Sub-processor(s) to Process Customer’s Data. If Customer has a reasonable basis to object to Processor’s use of a new Sub-processor, Customer shall notify Processor of such objections in writing within 10 Business Days after receipt of Processor’s notice. In the event Customer objects to a new Sub-processor(s) and that objection is not unreasonable Processor will use reasonable efforts to substitute such Sub-processor or to avoid processing of Personal Data in a manner requiring engagement of a Sub-processor without unreasonably burdening the Customer.
    4. Where Processor must provide Customer with copies of Sub-processor agreements to comply with Data Protection Laws and Regulations, such agreements may have all commercial information and clauses unrelated to such compliance removed by Processor and that such copies will be provided by Processor only upon Customer’s reasonable request.
  6. BREACH NOTIFICATION
    1. Processor shall develop and implement reasonable technical and organizational security measures, including but not limited to such measures specified in its Security Documentation, and controls appropriate to the course of providing Services to the Customer, including but not limited to Processing of Personal Data, to prevent any unauthorized or accidental access, use, collection, disclosure, copying, modification, alteration, loss, destruction, disposal or similar risks, and shall reasonably document such measures and controls as part of its Security Documentation. The security measures and controls to be developed and implemented by Processor in the course of provision of Services to the Customer shall include, but not be limited to the following:
      • safeguards to protect its computer network against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability;
      • a written security policy with respect to the processing of Personal Data;
      • a process for identifying and accessing reasonably foreseeable risks and vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against Security Incidents; and
      • regular monitoring for Security Incidents and a process for taking preventive, corrective and mitigating action against Security Incidents.

      Upon Customer’s written request and at reasonable intervals, Processor shall provide a copy of Processor’s then most recent audits or certifications of its practices, as applicable, or any summaries thereof.

    2. Processor shall maintain appropriate security incident management policies and procedures, including but not limited to any such policies and procedures specified in the Security Documentation and shall, to the extent permitted by law, promptly notify Customer of any Security Incident pertaining to the Customer Data of which it becomes aware. Processor shall investigate and make all reasonable efforts to identify and remediate the cause of such Security Incident. Upon Customer’s reasonable written request, Processor shall provide a written report detailing the Processor’s actions to detect, investigate, contain, mitigate, and remediate the Security Incident, as well as a corrective action plan to prevent recurrence of the Security Incident. Customer and Processor shall reasonably cooperate with each other to facilitate compliance with applicable laws, including but not limited to notification of affected individuals and reports to government authorities.
    3. Processor shall not notify any affected individual, regulator, government authority, or other third party regarding any Security Incident unless such notification is required earlier by law. For avoidance of doubt, this Section 6.3 shall apply only to a Security Incident to the extent it affects Customer’s Data.
  7. NOTICES

    Processor shall immediately notify Customer of any legally binding request for disclosure of Customer’s Data by any law enforcement or other government authority, including intelligence agencies, unless prohibited by law. To the extent allowed by applicable law, Processor shall withhold the disclosure of Customer’s Data pursuant to such requests to enable Customer to exercise its legal rights to challenge the request for Customer’s Data.

  8. RETURN AND DELETION OF CUSTOMER DATA

    Upon ending of provision of Services to the Customer, or at written request of Customer, Processor shall delete Customer’s Data stored on other data carriers unless any provision of law binding on the Processor requires storage of the Customer’s Data. Processor shall cease to retain any documents containing Personal Data as soon as it is reasonable to assume that (a) the purpose for which that Personal Data was collected is no longer being served by retention of the Personal Data; and (b) retention is no longer necessary for legal or business purposes – provided that in both cases Processor informs Customer of the will to delete the Personal Data and Customer does not object within 30 days. A certification of deletion of Personal Data shall be provided by Processor to Customer only upon Customer’s request.

  9. AUDITS AND CERTIFICATIONS
    1. Customer shall have the right to audit Processor’s compliance with the terms of this DPA and Data Protection Laws and Regulations according to the following procedures.
    2. Upon Customer’s request, and subject to the confidentiality obligations applicable in the course of providing Services to the Customer, Processor shall make available to Customer (or Customer’s independent, third-party auditor that is not a competitor of Processor) information sufficient to establish Processor’s compliance with the obligations set forth in this DPA (“Compliance Obligations”). Such information shall include any documentation reasonably necessary to confirm Processor’s compliance with its Compliance Obligations.
    3. Audit requests by Customer shall be provided to Processor in writing and no more frequently than once in any 12-month period, with the exception that Customer may request an audit following any Processor notification of a Security Incident under Section 6.2 of this DPA or as necessary to demonstrate Customer’s compliance with Data Protection Laws and Regulations pursuant to a regulatory investigation, inquiry of an authorized entity, or lawsuit.
    4. Customer shall promptly notify Processor of information regarding any non-compliance discovered during the course of an audit.
    5. Processor shall disclose Records of Processing Activities to Customer within a reasonable period of time, not to exceed 30 days, after being notified by Customer.
  10. LEGAL EFFECT
    1. The provisions of this DPA are effective towards the Customer from the moment the Customer enters into the Agreement with Processor.
    2. The provisions of this DPA shall survive the ending of provision of Services to the Customer perpetually until Processor has returned or deleted all Personal Data in accordance with Section 8.
  11. CONFLICT

    In the event of any conflict or inconsistency between this DPA and any other agreements (including the Agreement) or regulations applicable in the course of provision of Services to the Customer, this DPA shall prevail.

Appendix 1 to the DPA

Personal Data

Nature and Purpose of Processing:

In the course of provision of Services to the Customer.

Duration of Processing:

The term of using the Services in accordance with the Agreement.

Categories of Data Subjects:

  • Employees, agents and other representatives of the Customer (Group 1),
  • Authorised Users (Group 2).

Categories of Personal Data:

    Group 1:
  • Identification data (first and last name),
  • Contact data (e-mail address),
  • Name of organisation,
  • Data required for payment,
  • Data provided by the Customer using the Services
  • Data gathered by observation and analysis of the use of the Services by the Customer.
    Group 2:
  • Identification data (first and last name),
  • Contact data (e-mail address),
  • Name of a company,
  • Data provided by Authorised Users using the Services
  • Data gathered by observation and analysis of the use of the Services by the Authorised User.