Taikun Terms and Conditions
Before you start, please note that:
We provide services helping you manage your cloud resources. Our services are designed to manage third parties cloud offerings, incl. deployment, configuration, deletion, etc.
Customers remain responsible for their environment (eg. AWS, Microsoft Azure) and all respective actions within their environments. Customers remain fully responsible for any unintentional deletions, inappropriate configurations, or other unwanted consequences.
We do not optimize your costs and you remain fully responsible for the fees you pay to cloud providers.
After ending your relationship with us, you will not be able to access or manage your data (clusters, stacks, etc.) stored in the cloud through our services and you will be fully responsible for securing alternative means for accessing and managing your data, permissions, credentials, etc. This may be time-sensitive as some cloud providers require regular management or renewals.
These Taikun Terms and Conditions (“Terms”) contain the terms and conditions that govern your access to and use of the Services and these Terms form an agreement between Itera Technologies a.s., a company incorporated under the laws of the Czech Republic with its registered seat at Pobřežní 620/3, Karlín, 186 00 Praha 8 (“we” or “us” or “Provider”) and you or the entity you represent (“you” or “Customer”) that is entering into the legal agreement for the Services with us in a manner anticipated in Section 2 below.
Description of the Services
We provide cloud management services (“Services” or “Taikun”). The Services are accessed through our proprietary software applications (“Software”). The Services are provided as “Software as a Service (SaaS)” subscription services and we will not be delivering copies of the Software to you as part of the Service.
You will have access to the Services through a web interface and/or API, provided by us, through which you may manage and use the Services and their functions (“Management Tools”).
Accepting the Terms
To use the Services, you must firstly agree to the Terms.
If the individual accepting these Terms is doing so on behalf of a company or other legal entity, such an individual represents that he or she has the authority to bind the Customer to these Terms. If you do not have such authority, or if you or the Customer do not agree with these Terms, you must not accept this agreement and the Customer may not use the Services.
By performing any of the following actions, you agree to be bound by these Terms: (A) clicking to accept or agree to the Terms, where this option is made available to you by the Provider within the Management Tools; or (B) payment for the Service; or (C) actually using the Service.
You may not use the Services and may not accept the Terms if you are not of legal age to form a binding contract with Provider or if you are a person or entity barred from receiving the Services under the laws of country of place of principal business of the Provider or the country in which you are resident or from which you use the Services.
Subscription Plans and Subscription Fees
The Services are provided by the Provider for consideration. The subscription fees (“Subscription Fees”) applicable to your use of the Services are based on the subscription plan (“Subscription Plan”) you choose when you sign up for the Services.
Subscription Plan you choose determines the subscription period (“Subscription Period”), Subscription Fees and the scope of Services and resources such as but not limited to the technical limits such as number of CPUs, RAMs, data storage limits or support services and SLA levels, etc. (“Resources”) you can use. You will receive a confirmation of your Subscription Plan after you sign up for the Services (“Confirmation”) within the Management Tools.
Up-to-date and binding information about your Services, Subscription Period, Subscription Fees, Subscription Plan and Resources will be available within the Management Tools.
We offer the Services under monthly, annual or pay-as-you-go Subscription Periods. Under the monthly Subscription Period, the Subscription Fees are payable upfront for the following month. Under the annual Subscription Period, the Subscription Fees are payable upfront for the following year, unless other options are available under your Subscription Plan or during the signup process. If you choose the pay-as-you-go Subscription Period, the Subscription Fees are payable monthly in arrears based on the quantity of used and chosen Resources and their unit prices set out in the Subscription Plan and/or based on other functions and scope of Services set out in the Subscription Plan.
Your Subscription Period will automatically renew for another term corresponding to your original Subscription Period unless you unsubscribe by providing notice to us through the Management Tools in which case the un-subscription will not take effect before the last date of the then current Subscription Period.
You acknowledge that the terms of the Subscription Plan (incl. Subscription Fees, Resources, etc.) are only fixed for the duration of the then-current Subscription Period. We are entitled to change the terms incl. the Subscription Fees for the following Subscription Period(s) by notifying you within the Management Tools or otherwise in writing. The new terms incl. the new Subscription Fees will apply from the beginning of the Subscription Period following the notification, unless you un-subscribe pursuant to Section 3.5 above.
Unless you have a separate written agreement with us, all Subscription Fees are payable by credit or debit card (“Payment card”). The payment processing and gateway solution is provided by a third party. We are not responsible for any (A) payment failure resulting from inaccurate Payment card details provided by Customer, (B) any restrictions applicable to Payment card by Customer’s bank, (C) payment gateway failure, or (D) misuse, abuse, unauthorized use, or fraudulent use of Payment cards or the payment processing or the payment gateway.
By signing up for the Services, Customer authorizes the Provider to charge Customer’s Payment card automatically at the interval and in the amount under the Subscription Plan applicable to the Customer. Customer agrees that the Payment card specified by Customer for recurring payments is, and will continue to be, linked to an account that Customer owns or is otherwise legally authorized to use, and that Customer will maintain sufficient availability under Customer’s credit card limit, or sufficient funds in the account linked to Customer’s debit card, as applicable, to make recurring payments pursuant to its Subscription Plan. Customers subscribed to the pay-as-you-go subscription Plan can cancel recurring Payments at any time via Customer account in the Management Tools prior to the next recurring payment due date. For the pay-as-you-go Subscription Plan, the cancellation will not take effect until the following recurring payment due date for the Subscription Fees for the month during which cancellation takes place, and no refund or partial refund will be issued to Customer.
Subscription Fees quoted in your Subscription Plan and/or in the Confirmation exclude any and all applicable taxes and similar fees (other than taxes solely based on Provider’s income) now in force or imposed in the future on provision of the Services, including any sales, use or value added taxes, services tax or withholding tax, and you shall be responsible for payment of all such taxes. Any such taxes payable by the Provider will be charged to you in addition to the Subscription Fees.
Provision of the Services
Provider is constantly innovating the Services to provide the best possible experience for its customers and users. You acknowledge and agree that the form and nature of the Services may change from time to time without prior notice to you as long as such change does not result in material degradation of the Services.
You understand and agree that Provider may at its full discretion, without any liability to you and subject to giving you a prior notice, suspend access to your account for (A) delay with any payment or (B) other breach of the Terms if such breach is material, and that in such case you may be prevented from accessing the Services, your account details or any files or other content which is contained in your account. If we suspend your access to the Services for delayed payment or other (material) breach of the Terms, you remain obliged to pay the Services Subscription Fees for the entire Subscription Period including the period for which you could not access the Services as a result of your default; you will not be entitled to any compensation or refunds (whether monetary or in the form of an extended Subscription Perm). The foregoing shall not in any way prejudice or prevent Provider from exercising its right to terminate the legal agreement embodied in the Terms for material breach pursuant to Section 10.2 of the Terms.
Your use of the Services
To access the Services, you or your individual end-users will be required to register into the Management Tools and provide identification, contact or similar details as part of the registration process for the Services or as part of your continued use of the Services.
You agree to use the Services only for purposes that are permitted by and compliant with all of the following (A) the Terms; (B) any applicable law, regulation, generally accepted practices, or guidelines in the relevant jurisdictions (including any laws regarding the export of data or software to and from the EU, the United States or other relevant countries); and (C) any other applicable rules (including, without limitation, AWS, Microsoft Azure, Kubernetes and other cloud or data solution providers’ rules).
You agree not to access (or attempt to access) any of the Services by any means other than through Management Tools that are provided directly or indirectly by Provider, unless you have been specifically allowed to do so in a separate written agreement with Provider.
You agree that you will not engage in any activity that interferes with or disrupts the Services or the servers and networks which are connected to the Services. Specifically, you agree not to engage in the following acts or cause or permit others to do so: (A) use the Services or any Customer Data to violate the Terms herein, applicable law or any other applicable rules; (B) permit a third party to access the Services; (C) sell, resell, rent, lease, distribute, assign or otherwise transfer the rights to the Services; (D) create derivative works based on the Services except as permitted herein; (E) remove any proprietary notices from the Services; (F) modify or translate; (G) copy, frame, or mirror any part or content of the Services; (H) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of the Services; (I) access the Services in order to build a competitive product or service, or copy any features, functions or graphics of the Services, (J) create any link to the Services or frame or mirror the content contained on, or accessible from, the Services; (K) use the Services to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights; (L) use any Services to store or transmit malicious code; (M) interfere with or disrupt the integrity or performance of the Services or third-party data contained therein; (N) attempt to gain unauthorized access to the Services or their related systems or networks; (O) upload or distribute any files that contain a virus corrupted files, or any other similar software or programs that may damage the operation of the Services to another’s computer.
The Services can be used by you only for your own internal business purposes. You may not use the Services for the benefit of any third parties.
You acknowledge that use of the Services in breach of this Section 5 will be considered a material breach of these Terms, with all consequences resulting therefrom.
You agree that you are solely responsible for (and that Provider has no responsibility to you or to any third party for) any breach of your obligations under the Terms and for the consequences (including any loss or damage which Provider may suffer) of any such breach by you or users within your organization or any other parties you engage or otherwise involve.
You acknowledge that additional third-party fees (such as fees for Third-Party Cloud Solutions, internet service provider fee or similar) may apply in connection with your use of Provider’s Services. Third-party fees are payable by you directly to the relevant third party and the relevant third party receiving such additional fees is responsible for the processing of such fees. You agree that you are solely responsible for payment of such fees or for maintaining appropriate levels of funds where applicable. Provider has no responsibility to you or to any third party for payment of any such fees or for unavailability of Services due to your failure to do so. You acknowledge that your use of the Services may result in incurring third-party fees, particularly but not limited to the fees for Third-Party Cloud Solutions and confirm that you have carefully reviewed all rules relevant for the calculation of the amount of any third-party fees. The Services do not manage or otherwise limit or optimize any third-party fees and the Provider shall in no event be liable for any portion of such third-party fees incurred by you while using the Services or through the use of the Services. For clarity, failure to pay third-party fees may result in your inability to access and use the Services or inability to use all or some of the Services functionalities or use the Services for their intended purposes.
Your passwords and account security
You acknowledge that there may be multiple types of accounts with various responsibilities and possibilities within the Services such as administrator account, user account, Partner account etc. You are responsible for maintaining the accounts.
You agree and understand that you are responsible for maintaining the confidentiality of passwords associated with any account you use to access the Services. Accordingly, you agree that you will be solely responsible for all activities that occur under your account.
If you become aware of any unauthorized use of your password or of your account, you agree to notify the Provider immediately.
Customer Data in the Services
The Services provided by the Provider are not data collection or data storing services. They merely enable Customers to manage their Customer Data stored elsewhere (e.g. AWS, Microsoft Azure, etc.) or to use third party software, applications and services (e.g. Kubernetes) (collectively as “Third-Party Cloud Solutions”) and create clusters, stacks, repositories or other data projects and data environments based on instructions from the Customer.
You understand that with the exception of identification, contact or similar information pursuant Section 5.1 stored by us for the purposes of administration of the Services, all information, all electronic data, content or material (“Customer Data”) is submitted by Customer or on behalf of Customer to the Third-Party Cloud Solutions and is not stored within the Services or by the Provider or within the Providers’ systems but directly within the Third-Party Cloud Solutions. The Services allow you to manage the Third-Party Cloud Solutions, and by extension, your Customer Data within these Third-Party Cloud Solutions.
We will not edit, delete, or disclose the contents of Customer Data unless authorized by Customer or on Customer’s behalf or unless we are required to do so by law or in good faith belief that such action is necessary to: (A) conform with applicable laws or comply with legal process served on us; (B) protect and defend our rights or property; (C) enforce these Terms. Customer is solely responsible for the accuracy, quality, integrity, legality, reliability, appropriateness and copyright of Customer Data. We assume no responsibility for the deletion, correction, destruction, loss, infringement or failure of Services to manage any Customer Data that is caused other than by our own gross negligence or a material breach of our obligations under these Terms.
You retain copyright and any other intellectual property rights you already hold in Customer Data which you manage through the Services.
You acknowledge that provision of Provider’s Services (or particular features within the Services) is conditioned upon and subject to (A) you giving Provider appropriate access level to your accounts with the Third-Party Cloud Solutions by providing respective access permissions and credentials; and (B) you having appropriate user/accounts permissions or roles within the respective Third-Party Cloud Solutions. As a result, when using Provider’s Services, you may be required to grant Provider certain permissions (through a credential, login data sharing, dedicated permission token or a similar permission mechanism) to allow the Services access specific information and perform the requested actions. You confirm and warrant to Provider that you have all the rights, power and authority necessary to grant the above access and permissions to Provider.
You acknowledge and agree that Provider (or Provider’s licensors) owns all legal rights, title and interest in and to the Services and the Software, including any intellectual property rights which subsist in the Services and the Software (whether those rights happen to be registered or not, and wherever in the world those rights may exist).
The Services and the Software as provided under these Terms are not a work made-for-hire. Subject to the limited rights expressly granted hereunder, we reserve all rights, title and interests and all related intellectual property rights in and to Services and related documentation and any and all underlying Software, including modifications and derivatives created by us, databases, including data models, structures, non-Customer Data and aggregated statistical data contained therein.
Unless you have agreed otherwise in writing with Provider, nothing in the Terms gives you a right to use any of Provider’s trade names, trademarks, service marks, logos, domain names and any other distinctive brand features.
License from Provider
Provider gives you a worldwide, royalty-free, non-assignable and non-exclusive right and license to access and use the Services, on a subscription basis, for the Subscription Period and in the scope stipulated in your chosen Subscription Plan. Any Services unused during your subscription term (incl. but not limited to situations where you do not use the prepaid Services in full scope or if you do not use the prepaid Services for the full duration of the Subscription Period) shall expire at the end of the Subscription Perm and cannot be transferred to consecutive terms or be refunded. The license granted in this Section 9 is for the sole purpose of enabling you (end-users within your organization) to use and enjoy the benefit of the Services as provided by Provider, in the manner permitted by the Terms and your Subscription Plan. You acknowledge that this is a SaaS agreement, and that the Software is not sold and we will not be delivering copies of the Software to you as part of the Services.
Unless Provider has given you specific written permission to do so, you may not assign (or grant a sublicense of) your rights, grant a security interest in or over your rights, or otherwise transfer any part of your rights granted hereunder.
You acknowledge that any breach of Section 9 by you or your end-users shall constitute a material breach of the Terms, with all consequences arising therefrom.
Ending your relationship with Provider
During the Subscription Period, each party may only terminate the Terms for reasons stipulated in Section 10.2.
Each of the parties may at any time terminate the legal agreement embodied in the Terms if (A) the other party has materially breached any provision of the Terms and failed to cure the breach (where such breach is capable of being cured) within a reasonable cure period provided by the other party, or has acted in a manner which clearly shows that it does not intend to, or is unable to comply with the provisions of the Terms; or (B) a party is required to do so by law (for example, where the provision of the Services is or becomes unlawful); in addition, (C) Provider may at any time terminate the legal agreement embodied in the Terms if the provision of the Services to you by Provider is, in Provider’s opinion, no longer commercially viable. For the purposes of the Terms, your failure to make timely payments will be considered a material breach of the Terms if the due amount remains unpaid (fully or partially) more than fifteen (15) days after the payment due date. In the event you terminate the Terms for a material breach by Provider as described in (A) above, or if Provider ceases to provide any part or all of the Services during the agreement term for reasons stipulated in (C) above, you shall not be required to make any payments for Services beyond the date of when you terminated the agreement or when Provider ceased to provide the Services (as applicable). In the event you prepaid the Services, Provider shall in such cases refund the pro-rata proportion of the pre-paid monthly fee.
Nothing in this Section 10 shall affect Provider’s rights under Section 4 of the Terms.
When your legal agreement with Provider comes to an end, all of the legal rights, obligations and liabilities that you and Provider have benefited from, been subject to (or which have accrued over time whilst your legal agreement with Provider has been in force) and/or which are expressed to continue indefinitely, shall be unaffected by this cessation, and the provisions of Section 18.7 shall continue to apply to such rights, obligations and liabilities indefinitely.
You understand that after termination of the Terms, you will not be able to access or manage your Customer Data within Third-Party Cloud Solutions through the Services and you will be fully responsible for securing alternative means for accessing and managing such Customer Data. Your Customer Data may be stored and managed in various clusters, stacks, repositories or other data projects and data environments within certain Third-Party Cloud Solutions which may have limited validity (e.g. six of twelve months) or usability. This means that validity of these clusters, stacks, repositories, other data projects and data environments may expire after certain time periods in which case you may lose Customer Data stored within them if you do not sufficiently manage your Customer Data or renew your rights/licenses to the clusters, stacks, repositories, other data projects or environments. Upon termination of these Terms, the Provider will not be obliged to retain any credentials or other means to access the Customer Data or Third-Party Cloud Solution for the Customer. You are fully responsible for ensuring access to and the management of all your Customer Data as well as Third-Party Cloud Solutions. The Provider shall be in no event liable for any damage resulting from the fact that you failed to secure alternative means for accessing or managing your Customer Data after the termination of the Services or are for other reasons unable to access or manage the Customer Data after the termination of the Services.
Exclusion of Warranties
The Services are provided “as is” and Provider, its subsidiaries and affiliates, and its licensors give you no warranty with respect to them. Certain Services features interoperate with Third-Party Cloud Solutions. If any Third-Party Cloud Solution ceases to make its APIs, data, application, programs or services available on reasonable terms for the Service, Provider may cease providing such Service features upon reasonable prior written notice to you pursuant to Section 10.2 (C). Provider is not liable or responsible for the quality, accuracy or truthfulness of services or information obtained from Third-Party Cloud Solution and used within the Services or for interruption of access to such information caused by downtime or unavailability of the Third-Party Cloud Solution. Customer Data is not created or edited by the Provider. Provider expressly disclaims and has no responsibility or liability for any Third-Party Cloud Solution and Customer Data that may be collected, received or created by you or your end-users in use of the Service.
In particular, Provider, its subsidiaries and affiliates, and licensors do not represent or warrant to you that (A) your use of the Services will meet your requirements; (B) your use of the Services will be uninterrupted, timely, secure or free from error; (C) any information obtained by you as a result of your use of the Services will be accurate or reliable; and (D) that defects in the operation or functionality of any Software used to provide the Services will be corrected.
No conditions, warranties or other terms (including any implied terms as to satisfactory quality, fitness for purpose or conformance with description) apply to the Services except to the extent that they are expressly set out in the Terms.
Nothing in the Terms shall affect those statutory rights which you are always entitled to as a consumer and that you cannot contractually agree to alter or waive.
We will defend any action brought by a third party against Customer to the extent that the action is based on a claim that a Service provided by Provider to Customer, and as used within the scope of these Terms, directly infringes such third party’s intellectual property rights, and we shall hold Customer harmless from any liability for any costs and damages ordered by a court as a result of such action or resulting from a monetary settlement thereof, provided Customer notify us promptly in writing of the action (and all prior claims relating to such action). We have sole control of the defense and all negotiations for settlement or compromise of the action provided it releases Customer of all liability. Customer will reasonably cooperate with us in such defense, including without limitation making available to us all relevant documents and other information in Customer’s possession and by making Customer personnel available to testify or to consult with us or our attorneys.
Customer shall defend us against any claim, demand, suit or proceeding made or brought against us by a third party alleging that Customer Data or Customer use of the Services is in breach of these Terms or the terms of Third-Party Cloud Solutions, infringes or misappropriate the intellectual property rights of a third party or violates applicable law, and shall indemnify us for any damages, attorney fees and costs finally awarded against us as a result of, or for any amounts paid by us under a court approved settlement amount; provided we promptly give Customer written notice of the claim, demand or notice of suit or proceeding brought against us (provided that Customer may not settle the claim against is unless it releases us of all liability) and provide to Customer reasonable assistance at Customer expense.
We will have no liability or obligation with respect to any infringement or misappropriation claim based upon: (A) any use of the Services not in accordance to these Terms for purposes not intended by us, (B) any use of the Services in combination with other products, equipment, software or data not supplied by us (C) any modification of the Services made by any person other than us where such modification is not authorized by us (D) any use of the Services other than the most current version made available to Customer.
If the Services are likely to become the subject of an infringement or misappropriation claim, we may, at our sole option and expense, either (A) procure for Customer the right to continue to use the said Services pursuant to these Terms; or (B) replace or modify said Services to make them non-infringing; or (C) terminate the Terms and Customer right to use the Services, and refund to Customer any unused pre-paid fees for said Services as of the date of termination.
Limitation of liability
Nothing in the Terms shall exclude or limit Provider’s liability for losses which may not be lawfully excluded or limited by applicable law.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WHATEVER THE LEGAL BASIS FOR THE CLAIM, PROVIDER WILL NOT BE LIABLE FOR ANY INDIRECT DAMAGES (INCLUDING, WITHOUT LIMITATION, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER (INCLUDING, WITHOUT LIMITATION, ATTORNEYS’ FEES), DAMAGES FOR LOST PROFITS OR REVENUES, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION) DUE TO, RESULTING FROM, OR ARISING IN CONNECTION WITH THE TERMS, THE SERVICES, MATERIALS, OR THE FAILURE TO PERFORM OUR OBLIGATIONS.
Subject to overall provision in Section 13.1 above, Provider, its subsidiaries and affiliates, and its licensors shall not be liable to you for any indirect or consequential losses which may be incurred by you. Indirect and consequential losses shall include (A) any loss of profit (whether incurred directly or indirectly), loss of goodwill or business reputation, or any loss of data suffered by you; (B) loss or damage which may be incurred by you as a result of (i) any reliance placed by you on the completeness, accuracy or existence of any advertising, or as a result of any relationship or transaction between you and any advertiser or sponsor whose advertising appears on the Services; (ii) any changes which Provider may make to the Services, or for any permanent or temporary cessation in the provision of the Services (or any features within the Services); (iii) the deletion of, corruption of, or failure to store, any Content and other communications data maintained or transmitted by or through your use of the Services; (iv) your failure to provide Provider with accurate account information; (v) your failure to keep your password or account details secure and confidential.
The limitations of Provider’s liability to you in Section 13.3 above shall apply whether or not Provider has been advised of or should have been aware of the possibility of any such losses arising.
Except for liabilities arising out of Provider’s indemnification obligations, Provider’s liability for damage incurred by you as a result of or in connection with the Services shall be limited to direct damages and shall not exceed the amount you paid to Provider for the Services giving rise to that liability during the last three months before the occurrence of Provider’s liability (or amount corresponding to a three-month Service fee, as applicable). The parties agree that this limitation reflects the damage that can be foreseen at the time of conclusion of this legal agreement between you and Provider, taking into account all circumstances the parties know or should know while exercising due care and that can arise from a breach of Provider’s obligations under the Terms.
Definition of Confidential Information. As used herein, “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Customer Confidential Information shall include Customer Data. Our Confidential Information shall include Services and the Management Tool. Confidential Information of each party shall include business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. Except as expressly authorized, the Receiving Party will hold in confidence and not use or disclose any Confidential Information. However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party; (ii) was rightfully in its possession or known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (iii) is rightfully received by a third party without breach of any confidentiality obligation, or (iv) was independently developed by Receiving Party; (v) is required to be disclosed in order to enforce these Terms or pursuant to a regulation, law or court order (but only to the minimum extent required to comply with such regulation or order and with advance written notice to the Disclosing Party to the extent legally permitted).
Both Parties (in such capacity, the “Receiving Party”) hereby agree, during the Subscription Period and for a period of three years thereafter, to maintain as confidential all material, non-public Confidential Information, which it learns about the Disclosing Party as a result of its respective performance under these Terms and, except as may be required by applicable law or regulation, to refrain from disclosing any Confidential Information to any third party and to disclose such Confidential Information only to those agents, employees and representatives of the Recipient who need to know that which is disclosed to them.
Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.
Provider provides its Services under various distribution models which means that “you” may be (A) a direct end-customer/end-user of the Services, (B) a procurement or purchasing entity buying the Services for other entities within your group, or (C) a reseller of the Services or other type of our partner that is not the end-customer/end-user of the Services (“Partner”).
In case “you” are an entity under Section 15.1 (B) or (C) and we do not have a specific written binding agreement stipulating otherwise, you hereby (i) undertake to require all end-customers/end-users to comply with these Terms and in case there are additional tiers between you and the end-customer/end-users of the Services, you shall flow this requirement down to participants at all lower tiers, and (ii) you are fully responsible to the Provider for the end-customers’/end-users’ compliance with these Terms, and (iii) you understand that the end-customers/end-users (or entities between you and the end-customers/end-users) may be able to make and accept new projects and manage new subscriptions or otherwise manage their existing subscriptions resulting in increase of the fees payable by you to us and that you are fully responsible for all such activity under your account within the Management Tool.
If you are a direct end-customer/end-user and you have been on boarded onto the Services through or with the help of a Partner, such Partner may have a user account that will grant the Partner various rights and credentials with respect to your subscriptions and the Services (e.g. the Partner may be able to create new subscriptions or projects or otherwise manage existing subscriptions within the Management Tool or it may have so-called white labeling or similar privileges), as if it were a user account set up for a member of your organization. The scope of such rights is determined by the type of the Partner you are working with. The Provider shall be in no event responsible for any actions of the Partner or liable for any damage resulting from the Partners acts or omissions with respect to the Services.
For avoidance of doubt, the limitations set out in Sections 5.4 (C) and 5.5 do not apply to Partners.
Proof of concept and free Services
If you decide to participate in a proof of concept, trial or any other free Services or features (“PoC”), all such Services are provided “AS-IS” without any warranty and we shall have no indemnification obligations with respect to such PoC.
Changes to the Terms
Any changes to the Terms shall be made by an amendment and shall be effective once both parties have signed such amendment or otherwise approved it within the Management Tool.
The Terms constitute the whole legal agreement between you and Provider and govern your use of the Services (excluding any services which Provider may provide to you under a separate written agreement), and completely replace any prior agreements between you and Provider in relation to the Services.
You agree that the Provider may provide you with notices by email, regular mail, or postings within the Management Tool.
Except for performance of a payment obligations, neither party will be responsible for any failure to perform or delay in performing any of its obligations under the Terms where and to the extent that such failure or delay results directly or indirectly from an event beyond such party’s reasonable control.
The parties agree that if one of them does not exercise or enforce any legal right or remedy which is contained in the Terms (or which such party has the benefit of under any applicable law), this will not be taken to be a formal waiver of such party’s rights and that those rights or remedies will still be available to it.
If any court of law, having the jurisdiction to decide on this matter, rules that any provision of the Terms is invalid, then that provision will be removed from the Terms without affecting the rest of the Terms. The remaining provisions of the Terms will continue to be valid and enforceable.
The Terms, and your relationship with the Provider under the Terms, shall be governed by law of the Czech Republic. You and us agree to submit to the jurisdiction of the courts of the Czech Republic to resolve any legal matters arising from the Terms. Notwithstanding this, you agree that Provider shall still be allowed to apply (A) for payment orders (or otherwise enforce payment for Services provided under the Terms) in the jurisdiction in which you have your registered seat or principal place of business, and (B) for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.
Neither Party may assign any of its rights nor delegate any of its duties under these Terms without the prior written consent of the other Party, whose consent will not be unreasonably withheld, provided that Provider may use independent service providers/contractors to deliver Services as provided. Any unauthorized assignment of these Terms will be null and void. Notwithstanding the foregoing, either party may assign these Terms in its entirety, without consent of the other Party, to the acquiring person in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets not involving a direct competitor of the other Party. A Party’s sole remedy for any purported assignment by the other Party in breach of the paragraph shall be, at the non-assigning Party’s election, termination of these Terms upon written notice to the assigning Party. Subject to the foregoing, these Terms shall bind and insure to the benefits of the Parties, their respective successors and permitted assigns.
Schedules, Annexes and Exhibits to these Terms are hereby incorporated into these Terms and binding on both parties.
Data Processing Agreement
“DPA” means the data processing agreement included in this Annex 1;
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
“Services” means, for the purpose of this Schedule 1, all Services Provider provides to you under the Terms as your data processor;
“Terms” means the Terms to which this Schedule 1 is appended to.
The terms “personal data”, “processing” and “data subject” shall have the meaning ascribed to them in the GDPR. The term “personal data” includes “personal information” as defined in the CCPA; the term “data subject” includes “consumer” as defined in the CCPA.
Object / Scope of the processing
The object/scope of this DPA is the processing of personal data in connection with the provision of the Services specified in this DPA, in particular its Exhibit A.
The duration of this DPA shall correspond to the Subscription Period of your Services.
Specification of Processing (nature, purpose, type of personal data and categories of data subjects)
The nature and purpose of the intended processing are defined in the Terms and correspond to the provision of the Services defined in this DPA.
Each and every transfer of personal data beyond the EU / EEA shall only take place if the specific conditions as laid down in Art. 44 et seq. GDPR has been fulfilled.
The types of personal data processed under this DPA and categories of data subjects are specified in Exhibit A hereto.
Technical and Organizational Measures
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we are obliged to implement appropriate technical and organizational measures in such a manner that the processing of personal data will meet the requirements of applicable data protection laws and this DPA.
We have implemented technical and organizational measures as specified in the Security Policies and Practices set out in Exhibit B to this DPA. You hereby acknowledge and agree that these measures are appropriate and sufficient to conform to the applicable data protection laws.
Rectification, restriction, access and erasure of data
We will only erase or block personal data upon instruction issued by you. In case of requests regarding the rectification, restriction or the erasure directly addressed to us by a data subject, we will inform you about such request without undue delay.
Where appropriate we will assist and support you in fulfillment of your obligations under the GDPR and/or CCPA to respond to requests for exercising the data subject’s right, in particular the ‘right to be forgotten’, rectification, restriction, data portability, information and access rights.
You hereby agree that Provider shall not be liable if you do not take action on the data subject’s request, or if you do not respond correctly or in a timely manner.
We undertake to:
Process the personal data within the Services specified in this DPA only on documented instructions from your and only for the specific purpose of providing the Services under the Terms unless processing is required by applicable laws to which we are subject to, in which case we shall, to the extent permitted by applicable laws, inform you of that legal requirement before the relevant processing of that personal data. We shall not retain, use or disclose the personal data processed on your behalf for any purpose other than for the specific purpose of providing the Service;
Inform you if we consider that an instruction violates data protection laws or regulations. We shall then be entitled to suspend the execution of the relevant instructions;
Keep the personal data confidential and ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
Taking into account the nature of the processing, assist you by implementing and maintaining appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of your obligation to ensure an appropriate level of security and to respond to requests for exercising the data subject’s rights;
Assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to us;
Notify you without undue delay after becoming aware of a personal data breach in relation to the personal data processed on your behalf;
Not sell the personal data processed on your behalf;
At your choice, delete or return all the personal data to you after the end of the provision of Services relating to processing, and delete existing copies unless applicable law requires storage of the personal data;
Make available to you information necessary to demonstrate our compliance with the obligations laid down in this DPA.
We shall engage another processor (i. e. a sub-processor) only in accordance with this DPA. The mechanism hereby stipulated shall be considered a general written authorization from you (pursuant to Article 28 par. 2 of the GDPR, to the extent applicable).
If we engage another processor for carrying out specific processing activities on your behalf, the same obligations as set out in this DPA shall be imposed on that other processor by way of a written contract.
The sub-processors currently engaged by us and hereby authorized by you are listed in Exhibit A hereto. We will inform you of any intended changes concerning the addition or replacement of other processors, including full details of the processing to be undertaken by the new processor(s), giving you the opportunity to object to such changes.
If you have a reasonable basis to object to our use of another new processor, you shall notify us promptly in writing within 5 days after being notified. For the avoidance of doubt, you hereby agree that if you are not able to show evidence that the new processor provides an unacceptable risk to the protection of personal data (e.g., the other processor has a history of security breaches) or is your direct competitor, it would be unreasonable for you to object if the other processor has passed our vendor security evaluation.
Notwithstanding the foregoing, if you object to the engagement of another processor and your objection is not unreasonable, the parties will come together in good faith to discuss an appropriate solution. We may in particular choose not to use the intended processor, or engage the processor only after we take the corrective steps and / or measures requested by you.
If you interconnect the Services with a third-party application (incl. the Third-Party Cloud Solutions), the third-party vendors with whom data are shared shall not be considered our sub-processors engaged by us according to this Section 8; the processing of the shared data shall be subject to a separate data processing agreement or a similar contractual arrangement concluded directly between you and your relevant third-party vendor. We take no responsibility for processing of personal data by such third parties.
Upon reasonable advance notice of at least 90 days and in order to ensure and review compliance with the technical and organizational security measures and the obligations laid down in this DPA, we shall permit you to conduct periodic audits or to have them carried out by an auditor mandated by you. We shall, at your written request and within a reasonable period of time, submit to you any and all information, documentation and other factual evidence necessary for the audit. The audit result shall be documented appropriately.
Audits shall be conducted during reasonable times, shall be of reasonable duration, and shall not unreasonably interfere with our day-to-day operations. In the event that you conduct an audit through a third-party independent contractor, such independent contractor shall be required to enter into a non-disclosure agreement. Additionally, such independent contractors must not be our direct or indirect competitor, nor a person who can reasonably be considered by us unfit (from professional, experience and historic reasons) to perform such an audit.
Unless otherwise stipulated herein, the provisions of the Terms shall apply, including any exclusions and limitation of warranties and liabilities provided therein. Provisions in this DPA shall have precedence over any provisions of the Terms relating to the processing of personal data by Provider in the position of a data processor, if any.
Exhibit A to the Schedule 1: Specification of processing
when the hammer fallsSchedule 2
Technical and Organizations Measures (TOMs)
Technical and organizational measures pursuant to Article 32 GDPR
The Exhibit specifies the technical and organizational measures met by the Provider.
Taking into account:
the state of the art,
the costs of implementation and
the nature, scope, context and
purposes of processing as well as
the risk of varying likelihood and severity for the rights and freedoms of natural persons,
the Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
Measures of encryption
Production data at rest are protected with AES 256 compliant level of encryption.
Products using HTTPS connection with supported TLS 1.2 only protocols.
Measures to ensure confidentiality
Admission Control (to prevent unauthorized persons from gaining physical access to data processing facilities with which personal data are processed or used)
Provider offices implemented security control of reception desk, security agency, CCTV systems, access cards, visitor log, policies and restricted access, lockable desks and areas, etc. under ISO 27001 certification.
Entry Control (to prevent data processing systems from being used without authorization)
Need to know and Least privilege basis are implemented with approval, review and audit procedures.
Access Control (to ensure that persons entitled to use a data processing system have access only to the data to which they have a right of access, and that personal data cannot be read, copied, modified or removed without authorization in the course of processing or use and after storage)
Access are granted on Need to know and Least privilege basis implemented with approval procedure and implemented revisions and audit procedures
Separation Control (to ensure that data collected for different purposes and/or different Controllers can be processed separately)
All Customer Data are strictly separated based on unique IDs associated with every customer and product. Thanks to usage of ACL and unique user (customer) authorization it is ensured that customer’s data are only visible to dedicated customers and no others.
Measures to ensure integrity
Various set of validation and controls performed, e.g. change control, revision of audit trails, evaluation of technology used, archiving and business continuity.
Measures to ensure and restore availability, data erasure
The Provider maintains in place a business continuity protection plan that minimizes the impact of disruptions to its own as well as customers’ business, provides coordinated responses to potential or actual disruptions, and coordinates restoration activities once a disruption has ended. Such plans include: (a) disaster backup and recovery plans for critical information technology infrastructure (data centers, hardware, software, power systems, etc.) and critical communications links and plans to restore production capability, and (b) business continuity plans for critical personnel, equipment, facilities, and third-party providers.
Measures to ensure resilience of processing systems and services
Implemented best industry standards (e.g. malware protection, vulnerability management, encryption, awareness, multi-factor authentication, etc.) and compliance with ISO 27001 and SOC 2 Type II requirements.
Business continuity protection plan including disaster backup and recovery plans and business continuity plans for critical personnel, equipment, facilities, and third-party providers (see section 4).
Provider performs continuous vulnerability scanning and penetration testing. Any vulnerabilities that are found are categorized (Critical, High, Medium, Low) and their remediation prioritized based on severity. All Critical and High vulnerabilities are remediated within 48 hours, and Medium are reviewed and remediated within 30 days, depending on need.
Penetration tests are performed for all major releases and at least annually.
Process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures
Implemented both internal and external audits to conform with requirements of implemented ISO 27001 and SOC 2 Type II procedures. Continuous vulnerability scans and penetration tests are performed.
Service Level Agreement (SLA)
This Service Level Agreement (“SLA”) sets out the general terms and conditions applicable to all Services provided by us. If we do not achieve and maintain the performance metrics set forth in this SLA with respect to your applicable Subscription Plan (“Service Levels”), then you may be eligible for service credits in the form of service time (i.e., days added to your Subscription Period) (“Service Credits”) following our approval. Service Levels differ for various Subscription Plans. Your Subscription Plan, including your Service Levels, are available within the Management Tool.
When you believe Service Levels were not met and you wish to ask for Service Credits, you should submit your claim to our customer support with all information necessary to validate the claim such as detailed description of the Service Levels not being met, information regarding the time and duration of downtime, etc. All claims must be submitted by the end of the calendar month following the month in which the incident occurred.
We will evaluate all information reasonably available to us and make a good faith determination of whether a Service Credit is owed. We will use commercially reasonable efforts to process claims within reasonable time periods after they are submitted.
You must be in compliance with the Terms in order to be eligible for a Service Credit. If we determine that a Service Credit is owed to you, we will apply the Service Credit to you Subscription Plan in the form of an applicable sale or in the form of a prolonged days of Services, subject to our sole determination.
Service Credits are your sole and exclusive remedy for any performance or availability issues for any Service under the Terms and this SLA. You may not unilaterally offset your Subscription Fee for any performance or availability issues. The Service Credits awarded in any billing month for a particular Service will not under any circumstance, exceed your monthly Service Subscription Fees.
This SLA and any applicable Service Levels do not apply to any performance or availability issues:
Due to factors outside our reasonable control (for example, natural disaster, war, acts of terrorism, riots, government action, or a network or device failure external to our Services);
That result from the use of services, hardware, or software not provided by us, including, but not limited to, issues resulting from inadequate bandwidth or related to third-party software or services;
During or with respect to free versions of a Service, feature or software or any proof of concept (as determined by us);
That result from your unauthorized action or lack of action when required, or from your employees, agents, contractors, or vendors, or anyone gaining access to our network by means of your passwords or equipment, or otherwise resulting from your failure to follow appropriate security practices.