1. Enify I Help Center
  2. Legal Information
  3. Subscription agreement commercial version

Enify Subscription Agreement (Customer tenant)

When subscribing to Enify on Customer Tenant you agree to this agreement. Here are the details in the agreement.

ENIFY SUBSCRIPTION Agreement

 

The Parties

  • Epsis AS, company registration no 983 746 802 and,
  • Subscriber, the entity identified as a Subscriber in the Purchase Order.

Epsis and the Subscriber, hereinafter referred to as a Party and jointly as the Parties, have hereby agreed as follows:

 

1. Preamble

WHEREAS:

  • Epsis is, and shall remain, the proprietor of certain Software Products,
  • Epsis offers Subscription Services to the Software Products,
  • The Subscriber has independently evaluated the products and services offered by Epsis,
  • The Subscriber wishes to acquire a subscription to the Software Products, as set forth in this Agreement.
  • This Agreement will be effective only when the Purchase Order is signed by the Subscriber and Epsis. Any modifications or changes to any Agreement or the Subscription will be effective only by a written change order signed by both Parties.

The Parties have agreed as follows:

 

2. Definitions

As used herein, the terms set forth below shall have the following respective meanings:

"Active Subscription"

Means that Subscriber has purchased Subscription Services and is in compliance with all agreed terms and conditions.

“Agreement”

Means this Subscription Agreement entered into between Epsis and the Subscriber.

"Authorized User(s)"

Means one or more employees of the Subscriber that are given access to the Software Products by the Subscriber having an Active Subscription.

“Documentation”

Means documentation related to the Software Products provided to the Subscriber by Epsis, available at www.enify.no

"Effective Date"

the date of the latest signature by a Party on the Purchase Order.

“Intellectual Property”

Means all works of authorship, procedures, designs, inventions, discoveries, and, in each case, in all forms, formats, languages and versions.

“Intellectual Property Rights”

Means all right, title and interest in and to any Intellectual Property, in all territories, under any and all applicable bodies of law (including, without limitation, under the law of copyright, patent, trademark and trade secrets), and all applications, registrations, renewals, extensions, restorations and resuscitations relating to any of the foregoing.

"Purchase Order"

Means the Purchase Order from the Subscriber; indicating the subscription fees and the Subscriber’s request to purchase a subscription to the Subscription Services from Epsis for such number of Authorized Users as indicated therein.

“Product Tiers”

Means the tiers “Business”, “Team” and “Free-Trial” which contain different functionality, as further described in the Documentation. The Subscriber purchases the Subscription Services with a specific Product Tier depending on its business needs.

“Software Products”

Means the Software Products delivered by Epsis or an approved Distributor to the Subscriber as part of the Subscription Services, as identified in the Purchase Order.

“Subscription Service”

Means the Subscription Services that allows the Subscriber's access to the Software Products provided by Epsis, as well as the supporting Documentation.

                                         

3. Subscription Services

From the Effective Date, Epsis grants to the Subscriber, exercisable solely by Authorized Users, and the Subscriber accepts from Epsis, limited and non-exclusive and non-transferable right to use the Software Products, including any patches or upgrades that Epsis may deploy while the Subscriber has an Active Subscription. The license is limited to use for its internal business purposes, to the number of Authorized Users indicated in the Purchase Order, and pursuant to the further definitions and limitations.

The license shall cover all functionality included in the relevant Product Tier purchased by the Subscriber as set out in the Purchase Order.

The Subscriber specifically acknowledges that the Software Products will be deployed through a Subscriber-acquired hosting service provided by Microsoft Azure. Accordingly, and as further described in the Documentation, the Subscriber is responsible for acquiring the necessary services from Microsoft Azure, exclusively governed by Microsoft Azure's terms and conditions to which the Subscriber is party. Epsis shall not be party to such terms and conditions and shall have no liability for any failures or service interruptions in the hosting service by Microsoft Azure, or any failure in the Software Products resulting from faults in the hosting service.

 

4. New versions and support

Epsis will make available new versions, patches and/or updates to the Subscriber subject to its own discretion, as further set out in the Documentation. Epsis may, at its option, respond to support requests from Authorized Users through the Subscription Services or by email.

Epsis may, subject to a specific request by the Subscriber, assist the Subscriber with implementing new versions, patches and/or updates to the Software Products, subject to a reasonable additional service fee determined by Epsis from time to time. For Epsis to provide such support, the Subscriber shall, at the reasonable request of Epsis, grant Epsis access rights necessary to enable Epsis to carry out support operations.

If the Subscriber does not implement new version, patches and/or updates to the Software Products made available by Epsis, Epsis shall have no liability for errors in the Software Products that arises because new versions/patches and/or updates has not been implemented by the Subscriber.

 

5. Subscriber’s obligations

The Subscriber is solely responsible, and Epsis assumes no responsibility, for:

    1. the Subscriber’s evaluation and selection of the Software Products as suited for the Subscriber’s needs and operation;
    2. results obtained from using the Software Products;
    3. the Subscriber’s use and operation of the Software Products after delivery and that such use and operation is in compliance with the Documentation;
    4. selection, installation, applicability and performance of any other software, hardware, products, equipment, services etc., used in conjunction with the Software Products;
    5. maintaining necessary hosting services provided by Microsoft Azure independently; and
    6. installation of new releases and upgrades of the Software Products.

Through Subscriber's use of the Subscription Services, you may access or interact with products, services, websites, links, content, material, integrations, or applications from independent third parties ("Third-Party Components"). The Subscription Services also help you find, make requests to, or interact with Third-Party Components or allow you to share your content and data, and you understand that by using the Subscription Services you are directing them to make Third-Party Components available to you. Any third-party terms do not modify this Agreement. You are responsible for your dealings with third parties. Epsis does not license any Intellectual Property to you as part of any Third-Party Components and is not responsible or liable to you or others for information or services provided by any Third-Party Components.

The Software Products may only be accessed by Authorised Users. Subscriber is solely responsible for management of access rights of its Authorised Users, including, but not limited to, terminating an Authorised User’s access if such individual is no longer employed or engaged by Subscriber or otherwise authorised to have access. Subscriber is responsible for ensuring all Authorised Users comply with Subscriber's obligations under this Agreement. Epsis reserves the right to: (a) track and review user profiles, access and activity at any time; and (b) terminate the Subscription Services (or an individual Authorised User's access) that it reasonably determines may have been used in a way that breaches this Agreement.

 

6. Restrictions on use

The Subscriber shall not make the Software Products or Documentation available to any third party without prior written consent from Epsis.

The Subscriber shall not modify, adapt, translate, reverse engineer, decompile, or disassemble the Software Products or Documentation, unless Subscriber by mandatory law is unequivocally provided the right to such actions and Epsis was provided notice of at least 30 days prior to such action.

The Subscriber agrees not to develop derivative works which are intended to be functionally equivalent substitutes for the Software Products, Documentation, or parts thereof.

The Subscriber acknowledges that changes, additions, alternatives that may be proposed by the Subscriber and developed by the Epsis will become Epsis’ Intellectual Property Right and not subject to any proprietary rights of the Subscriber.

 

7. Ownership

Full title to and ownership of the Software Products and Documentation, including all copies thereof, and all exclusive rights therein including without limitation Intellectual Property Rights, trade secrets, trademarks, patents, and copyrights, shall remain with Epsis – or its designees. No title, ownership nor any exclusive rights to the Software Products and Documentation or any part or modification thereof is transferred to the Subscriber.

Software Products provided under this Agreement may have a patent protection under various patent treaty organizations, applicable in a variety of territories. Subscriber agrees to handle any Software Product under this Agreement as if it had patent protection, regardless of country of operation.

 

8. Copyright and proprietary rights

The Subscriber shall not remove or alter Epsis’ or any third party’s ownership, trademark, copyright, or other proprietary notices on the Software Products or Documentation.

The Subscriber hereby grants to Epsis the express right to use Subscriber's company logo and name in marketing, sales, financial, and public relations materials and other communications solely to identify the Subscriber as an Epsis customer. Epsis hereby grants to the Subscriber the express right to use Epsis' logo and name solely to identify Epsis as a provider of services to the Subscriber.

 

9. Fees, taxes and expenses

Subject to the terms of the Agreement, the Subscriber shall pay the fees set forth in the Purchase Order (“Fees”), pursuant to the invoice schedule set forth in the Purchase Order. If the Subscriber fails to make payment within the invoice due date, Epsis shall be entitled to claim interest on any overdue amount, pursuant to the Norwegian Act No. 100 of 17 December 1976 relating to Interest on Overdue Payments, etc.

All Fees and amounts set forth in the Agreement are exclusive of taxes. The Subscriber shall be solely responsible for all sales, service, value-added, use, excise, consumption and any other taxes, duties and charges of any kind, if any, imposed by any governmental entity on any amounts payable by the Subscriber under the Agreement, other than any taxes imposed on, or with respect to, Epsis income, revenues, gross receipts, personnel, real or personal property or other assets.

Epsis may:

    1. adjust the Fees as per the beginning of each renewal term in accordance with clause 12, with an amount that shall not exceed the increase in the retail price index (the main index) of Statistics Norway, with the initial reference index value being the index value at the Effective Date; and/or

    2. adjust the Fees, add or remove functionality relating to a Product Tier with effect from the beginning of each renewal term in accordance with clause 12 by giving 30 days’ prior notice. If the Subscriber does not accept the amended fee or functionality, it may either terminate the Subscription Services or purchase a different Product Tier effective from expiration of the term in force. If the Subscriber does not exercise such rights within 14 days following Epsis’ notice, it shall be deemed to have accepted the adjustment of the Fees and/or changed functionality.

 

10. Confidentiality

The Software Products and Documentation constitute highly valuable property of Epsis and contain Intellectual Property Rights, trade secrets and confidential information owned by Epsis. Subscriber shall observe complete confidentiality with respect to the Software Products, Documentation, and performance data. Subscriber also understands and acknowledges that it will receive confidential information from Epsis in connection with this Agreement related to the Software Products. Subscriber shall not disclose such information to any third party, nor use any such information for any other purpose than for the utilisation of its rights under this agreement. The obligations of confidentiality imposed upon the Subscriber under this Agreement shall survive the termination or cancellation of this Agreement.

Notwithstanding the foregoing, the Subscriber may disclose confidential information to its employees to the extent necessary to use the Software Products in accordance with this Agreement. The Subscriber shall take the necessary steps to ensure that its employees understand and acknowledge the obligations of confidentiality. If an employee, former employee, or any other person affiliated with Subscriber breaches the obligations of confidentiality provided for in this clause, Subscriber agrees to give Epsis reasonable assistance in enforcing its rights against such person.

The confidentiality obligation under this agreement does not include information which, by documentary evidence:

    1. is already known to the Subscriber at the time it is obtained by the Subscriber from Epsis, free from any obligations to hold such information in confidence,
    2. is or becomes publicly known through the Subscriber's performance of its rights under this Agreement,
    3. is rightfully received from a third party without restrictions and without breach of any obligation to Epsis or its suppliers, or
    4. is independently developed by Subscriber without use of any confidential information of Epsis or its suppliers.

 

11. Privacy and data protection

Epsis shall implement and maintain appropriate administrative, physical and technical safeguards designed to protect personal data processed by Epsis against loss, damage or disclosure.

Epsis will process general contact information with respect to the Subscriber and its Authorized Users for customer management purposes in accordance with the privacy policy available at https://epsis.com/privacy-policy/. For such processing, Epsis shall be regarded an independent data controller.

Epsis' processing of personal data in its provision of the Subscription Services as a data processor shall be governed by ANNEX 1: DATA PROCESSOR AGREEMENT.

 

12. Term and termination
    1. Term

The term of this Agreement shall commence on the Effective Date and shall continue in accordance with the initial term specified in the Purchase Order. The Agreement shall automatically renew for successive one-year periods, unless either Party gives at least ninety (90) days prior written notice of intent to cancel to the other Party before the expiration of the then current term in effect (including the initial term or any renewal term)

 

b. Termination for convenience

Epsis may terminate the Agreement for convenience by sending written notice of at least 60 days.

 

c. Termination for cause

Either Party may terminate this Agreement upon 30 days' notice, if the other commits a material breach of this Agreement, that is not capable of remedy. or

Either Party may terminate the Agreement immediately if the other is declared bankrupt, or becomes insolvent, or makes any arrangement or composition with or assignment for the benefit of its creditors, or goes into either voluntary, or compulsory liquidation or a receiver or administrator is appointed over their assets.

Epsis may terminate the Agreement immediately if in Epsis' sole discretion the Subscriber misuses the Software Products or Subscription Services or engages in illegal practices.

 

d. Effects of termination

Upon termination of this Agreement for any reason, all Subscription Services hereunder shall terminate, the rights granted under this Agreement will be immediately revoked and Epsis may immediately deactivate Subscriber's Active Subscription, whereby the Subscriber shall immediately cease use of the Software Products and Documentation and erase any copy from computer systems and confirm completion of the aforesaid in writing to Epsis.

Upon termination for convenience in accordance with b directly above, Epsis shall refund to the Subscriber an amount corresponding to what the Subscriber has already prepaid for the remaining part of the term of this Agreement.

Termination of this Agreement shall neither release the Epsis or Subscriber from any obligations undertaken under clauses 6, 7, 8, 10, 12, 15, 16 or 18 of this Agreement.

 

13. Limitation of liability

The Software Products shall perform substantially in accordance with the most recently published Documentation for as long as the Subscriber maintains an Active Subscription. Epsis shall not be liable if the Software Products does not meet Subscriber’s requirements.

The Subscriber acknowledges that no computer software is error free. The Subscriber shall be solely responsible for taking all precautions, such as data backup, testing and error detection procedures, which are necessary to ensure that errors in the Software Products and the applications using the Software Products do not cause negative consequences.

Neither Party shall have liability under the Agreement for any consequential, incidental, indirect, exemplary, special or punitive damages even if advised of or made aware of the possibility of such damages. Further, in no event shall a Party's liability under the agreement exceed the Fees for the Subscription Services paid by the Subscriber under the Agreement in the one (1) year preceding the event giving rise to the claim.

The liabilities contained in this clause 13 are in lieu of all other responsibility, expressed or implied, including, but not limited to, any responsibility for merchantability and fitness for a particular purpose and any other indirect loss. However, the exclusions and limitations set out in this clause 13 shall not apply to:

    1. liability arising from a Party's gross negligence or wilful misconduct; or
    2. loss or damage arising from the Subscriber's infringement of Epsis' Intellectual Property Rights.

 

14. Infringement of IPR

Epsis agrees to indemnify the Subscriber, subject always to the limitation of liability in clause 13, with respect to a suit, claim or proceeding brought against the Subscriber alleging that the Software Products or Documentation constitutes an infringement of any valid intellectual property right, if and only if the Subscriber promptly gives written notice to Epsis of any such suit, claim or proceeding and cooperates with Epsis in the defence or settlement of such suit, claim or proceeding; and provided that Epsis shall have sole control thereof.

If a claim or allegation is made, or in either Party’s judgement is likely to arise, the Subscriber agrees that Epsis may, at Epsis’ option:

    1. procure for the Subscriber the right to continue using the portion of the Software Products enjoined from use,
    2. replace or modify the Software Products so that the Subscriber’s use is not subject to any such claim or allegation,
    3. accept return of the infringing Software Products to Epsis and, in the event of such return, refund the annual subscription fee paid for such Software Products. Epsis shall have no further liability or obligations arising from or under this Agreement.

The indemnity obligations under this clause shall not apply to claims to the extent that they arise from any modification or alteration of the Software Products by any party other than Epsis.

 

15. Indemnity by Subscriber

The Subscriber acknowledges that Epsis has no knowledge of, or control over, the use of the Software Products by the Subscriber. The Subscriber agrees to defend, indemnify, and hold Epsis harmless with respect to any suit, claim or proceeding brought against Epsis alleging that use by, or under authority of the Subscriber, of the Software Products or Third-Party Components used in conjunction with the Software Products caused personal injury, property damage or economic loss.

 

16. Assignments and transfers

The Subscriber's right to use the Software Products or Documentation under this Agreement, may not be assigned, sublicensed, or otherwise transferred, voluntarily or otherwise, including in the case of mergers or transfer of business, without prior written approval of Epsis. Epsis may transfer its rights or obligations (or both) without consent.

 

17. Verification and audit

On Epsis’ written request, the Subscriber shall furnish Epsis with a signed certification verifying that the Software Products and Documentation are being used pursuant to the terms of this Agreement, including any limitations with respect to the number of Authorized Users.

Epsis may, at its expense, audit the number of Authorized Users of the Software Products and Documentation within the Subscriber’s organisation. Any such audit shall be conducted during regular business hours at the Subscriber's facilities and shall not unreasonably interfere with the Subscriber's business activities.

If an audit reveals that the Subscriber has installed and/or used the Software Products outside or in breach of, the Subscription Services acquired under this Agreement, the Subscriber shall pay annual subscription fees, based on the most recent undiscounted list price for the applicable Software Products, for the unauthorised copies backdated to the first use of the Software Products covered under this Agreement. In addition, Epsis shall be entitled to terminate the Agreement with immediate effect.

 

18. Miscellaneous
    1. Entire Agreement and Modifications

This Agreement sets forth the entire agreement and understanding of the Parties relating to the subject matter hereof and supersedes any and all prior oral and written agreements, understandings and quotations relating thereto. No waiver, alteration, modification, or cancellation of any of the provisions of this Agreement shall be binding unless made in writing and duly signed by authorised representatives of the Parties.

b. Force Majeure

In no event shall a Party be liable or responsible to the other, or be deemed to have defaulted under or breached the Agreement, for any failure or delay in fulfilling or performing any term of the Agreement, when and to the extent such failure or delay is caused by any circumstances beyond the Party's reasonable control, including flood, fire, earthquake or explosion, war, terrorism, invasion, riot or other civil unrest, embargoes or blockades in effect on or after the date of the Agreement, national or regional emergency, strikes, labour stoppages or slowdowns or other industrial disturbances, imposition of embargos, export or import restriction or other restriction or prohibition or any complete or partial government shutdown, or national or regional shortage of adequate power or telecommunications or transportation.

 

c. Term modification

Epsis may revise this Agreement from time to time and the most current version will always be posted on Epsis' website. If a revision, in Epsis' sole discretion, is material, Epsis will notify the Subscriber (by, for example, sending an email to the email address associated with the Authorized User). Other revisions may be posted to Epsis' blog or terms page, and the Subscriber is responsible for checking these postings regularly. By continuing to access or use the Subscription Services after revisions become effective, the Subscriber agrees to be bound by the revised Agreement. If such revisions, in Epsis' reasonable opinion, leads to materially negative consequences for the Subscriber, the Subscriber may terminate the Subscription Service within 30 days from receiving notice of the change.

 

d. Authority

Each Party represents and warrants that it has the right, power, and authority to enter into this Agreement, to become a Party hereto and to perform its obligations hereunder.

 

e. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with Norwegian law with Bergen District Court (Bergen tingrett) as legal venue.


Annex 1: Data processor AGREEMENT

 

(A) This data processor agreement (“DPA”) sets out the terms and conditions for the processing of the personal data by Epsis on behalf of the Subscriber under the Agreement, pursuant to which the Subscriber acquires the Subscription Services (as defined in the Agreement and accompanying documents) from Epsis. 

(B) Epsis act as a data processor (“Processor”) and the Subscriber act as a data controller, the concepts of which are further defined in the GDPR. 

(C) “Data Protection Laws” shall mean the General Data Protection Regulation (2016/679/EU) including the instructions and binding orders of the data protection authorities (“GDPR”), as well as any applicable Norwegian data protection legislation, to the extent that said laws are applicable to the provision of Subscription Service or the location where personal data is processed. 

IT IS AGREED as follows:

  1. DEFINITIONS

Any terms defined under the GDPR shall have the meaning set forth therein.

 

2. SCOPE AND PURPOSE; CATEGORIES of PERSONAL DATA and DATA SUBJECTS

The purpose and subject matter of the processing of the personal data by the Processor is the performance of the Subscription Services pursuant to the Agreement. The Subscriber instructs the Processor to process personal data concerning data subjects as further specified in ATTACHMENT 1. The duration of the processing shall be the term of the Agreement.

 

3. RIGHTS AND RESPONSIBILITIES OF THE SUBSCRIBER

The Subscriber shall process the personal data in compliance with Data Protection Laws and at all times retain title and other rights, howsoever arising, to the personal data. The Subscriber shall be responsible for informing the Processor if the information contained within APPENDIX 1 is inaccurate or requires updating. 

 

4. RESPONSIBILITIES AND RIGHTS OF THE PROCESSOR 

The Processor shall not use the personal data for any purposes other than those specified in the Agreement and this DPA.

The Processor shall: (i) Process the personal data in accordance with prevailing information management industry standards and in compliance with Data Protection Laws; (ii) Process the personal data only in accordance with the documented instructions of the Subscriber and immediately inform the Subscriber if, in its opinion, a Subscriber instruction breaches Data Protection Laws; (iii) ensure that persons authorised to Process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; (iv) to the extent feasible and subject to any applicable fees in the Agreement, assist the Subscriber in its response  to rights exercised by data subjects or powers exercised by supervisory authorities under GDPR (v) provide the Subscriber with all information necessary to demonstrate compliance with the Processor’s obligations under applicable Data Protection Laws; (vi) allow for and contribute to audits conducted by the Subscriber as set forth (and subject to the limitations) in this DPA; (vii) Process the personal data only during the term of this DPA; (viii) provide reasonable assistance to the Subscriber with any data protection impact assessments and with any prior consultations to a supervisory authority, in each case where these are required by GDPR, and solely in relation to processing of personal data by the Processor on behalf of the Subscriber and taking into account the nature of the processing and information available to the Processor.

The Processor may collect and process contact details of the Authorized User. The obligations on Processor set out in this DPA shall not apply to such personal data.

This DPA shall not prevent the Processor from disclosing or otherwise processing the personal data as required by law, regulation or by a competent court or supervisory authority.

The Subscriber shall compensate the Processor for all reasonable costs and expenses it incurs under this DPA, unless such costs are specified as being for the Processor’s account as part of the Subscription Services.   

 

5. DATA SECURITY

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing the Processor shall implement technical and organisational measures to ensure the confidentiality, integrity, availability of the personal data and to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure.

 

6. PERSONAL DATA BREACH NOTIFICATION

In the event of a “personal data breach”, i.e., a breach of security leading to accidental or un-lawful destruction, loss, alternation, unauthorised disclosure of, or access to, the personal data, the Processor shall without undue delay notify the Subscriber once it has a reasonable degree of certainty that a personal data breach has occurred. 

The personal data breach notification shall contain at least the following (to the extent the Processor is privy to such information): a description of the nature of the personal data breach including, the categories and approximate number of data subjects concerned and the categories and approximate number of data records concerned; a description of likely consequences of the personal data breach; and a description of the measures taken to address the personal data breach and to mitigate its possible adverse effects.

 

7. RETURNING OR DESTRUCTION OF PERSONAL DATA

Upon termination/expiry of the Agreement, based on the Subscriber's specific instruction received prior to termination/expiry of the Agreement and subject to Processor’s fees payable by the Subscriber (if any), the Processor shall either delete/destroy or return to the Subscriber or to a third party designated by the Subscriber all personal data.

The Processor shall confirm on request to the Subscriber in writing that any deletion/destruction or return has taken place.

 

8. SUBPROCESSORS 

5.1 The Subscriber acknowledges and authorises the Processor to engage third parties to process the personal data ("Subprocessor”), which shall include (a) Processor’s affiliates or parent companies; and (b) third-party Subprocessors, including Subprocessors engaged by the Processor's affiliates or parent. 

5.2 The Processor shall make available to the Subscriber the current list of Subprocessors as part of this DPA (as detailed in ATTACHMENT 2) which shall include the identities of those Subprocessors, their country of location and the services they provide for the Processor. 

5.3 In case of any additions or changes to ATTACHMENT 2 are required, the Processor shall notify the Subscriber by email or by making such change available to the Subscriber online - indicating the name, country location, and subcontracted service of the proposed new Subprocessor. Unless the Subscriber objects in writing within fifteen (15) days of being informed about Processor’s use of a new Subprocessor, the Processor may use the new Subprocessor for the indicated data processing activities. Subscriber may not unreasonably object to a new Subprocessor. If Subscriber reasonably objects within the given timeline, the Processor will use reasonable efforts to change the Subscription Services to avoid processing of the personal data by the “objected-to” new Subprocessor. If the Processor is unable to implement such changes within a reasonable period of time, which shall not exceed sixty (60) days from receipt of the Subscriber's written objection, the Subscriber's sole and exclusive remedy for such an objection shall be the right to terminate the Agreement. If the Subscriber fails to send such a termination notice to the Processor within this deadline, this shall be considered as a consent to the proposed sub-processing. 

The Processor is obliged to regularly monitor the performance of its Subprocessors and it remains fully liable for the personal data processing activities of its Subprocessors. 

 

9. TRANSFER OF PERSONAL DATA 

The Processor may process personal data on its & its affiliates’ and third parties’ systems outside the European Economic Area (EEA). If such personal data is subject to GDPR or other EEA Data Protection Laws, such transfers shall be under the terms of the EU Commission’s Standard Contractual Clauses or similar approved mechanisms, or the transfer shall be to a to a country which is approved by the European Commission as ensuring an adequate level of protection.

10. AUDITS

Always provided that the Processor shall not be required to provide or permit access to information concerning (i) other customers of the Processor; (ii) any Processor non-public external reports; and (iii) any internal reports prepared by the Processor's internal audit or compliance function, at any time during the term of this DPA, the Subscriber and/or a recognised, independent third party auditor appointed by the Subscriber shall have the right, on at least five (5) business days' notice, to perform audits and inspections of the Processor’s facilities in accordance with the Agreement.  However, any audit pursuant to this DPA shall be limited to assessing the Processor’s compliance with its obligations under this DPA. Except where a personal data breach has occurred, no more than one such audit shall be conducted in any twelve (12) month period. Subscriber acknowledges that Processor is obliged to regularly monitor the performance of its Subprocessors, and as such, Subscriber shall have no right under this DPA to audit or demand access to or information from any Subprocessor.

11. LIABILITY

The Parties' liability for damage suffered by a data subject or other natural persons which is due to a violation of Data Protection Laws or this DPA will follow the provisions of article 82 of the GDPR.

The parties are individually liable for administrative fees imposed pursuant to article 83 of the GDPR.

In no event shall the Processor’s liability exceed with respect to personal data breaches, the limits of liability as set out in the Agreement. 

12. TERM AND TERMINATION 

This DPA shall survive until any of the Subscriber's personal data ceases to be processed by the Processor. 

13. CHANGES IN DATA PROTECTION LAWS

Each Party may notify the other Party in writing from time to time of any variations to this DPA which the Party reasonably considers to be necessary to address the requirements of the Data Protection Laws or any decision of a supervisory authority or competent court.  Any such variations shall take effect thirty (30) calendar days after the date such written notice is sent to the other party, unless the other party notifies the party sending the notice of any reasonable objections within this thirty (30) day period, in which case the Parties shall co-operate in good faith to agree on the form of the variations. 


Attachment 1

SUBJECT MATTER AND NATURE OF THE PROCESSING; PERSONAL DATA AND DATA SUBJECTS

The subject matter, nature and purpose of the processing: To provide support with respect to the Software Products

Categories of personal data:

  • The Processor may, upon providing support, process data derived from the Authorized Users' use of the Subscription Services for diagnostic purposes.
  • To the extent the data provided by the Subscriber in connection with support of the Subscription Services contains personal data, it may consist of Authorized User identifying information and organization data as well as documents, images and other content or data in electronic form stored or transmitted by Authorized Users via the Subscription Services.

Categories of data subjects:

  • Authorized Users;
  • Other individuals collaborating or sharing with Authorized Users, or any other individual whose information is stored or processed by the Authorized User through its use of the Subscription Services.

Attachment 2

Sub-processors

ENTITY

TYPE OF SERVICE PROVIDED

LOCATION OF PROCESSING

N/A