B200 Clusters with InfiniBand™ Self-service at $3.99/h
Login Sign up
Login Sign up
Contact Us

Terms and Conditions

Friendly Guide to Our Terms of Service

Welcome Aboard!

We know you might be eager to get started, so here is a straightforward summary of our Terms of Service, the “Agreement” between you (our customer) and DataCrunch Oy (us).

When you use our platform and services, you agree to these rules. This document is meant to make the terms approachable, think of it as a friendly roadmap to how we work together.

⚠️ Important: This guide is only a summary and does not have legal power. The full Terms of Service are the official agreement.

Quick Heads-Up: Who Can Use Our Services

  • You must be at least 18 years old.
  • We restrict access from certain regions, including: Russia, Belarus, Cuba, Iran, North Korea, Syria, Crimea (Ukraine), Donetsk (Ukraine), and Luhansk (Ukraine).

What You Get: Our Service Commitments

Our Commitment to You

  • You have a non-exclusive right to use our services.
  • We provide services “as is.”
  • We aim to provide uninterrupted, secure service, though occasional errors may occur.
  • We retain ownership of the intellectual property on our services.
  • You keep full ownership of the intellectual property in the work you create with our services.

What We Ask From You

  • Use our services responsibly.
  • Do not use our services for illegal activities or crypto mining.
  • Use of our services for certain restricted activities, including military purposes, is not permitted under these terms and conditions. Please contact us if you wish to use our services for these purposes.
  • Do not use our services for malware or any unlawful, harmful, offensive, or discriminatory content or activities.
  • Do not use our service if you violate international sanctions.

We also operate a shared responsibility model, where we divide the responsibilities based on the service you use. Please see our Shared Responsibility Model for more information.

Keeping Your Data Safe

Privacy and Security

  • We take data protection seriously, and primarily store your data within the EEA.
  • Transfers outside the EEA occur only in exceptional cases, to trusted sub-processors providing essential services, and with your consent. You can find more information about our-sub-processors here: https://trust.datacrunch.io/subprocessors
  • We comply with GDPR and leading industry certification standards, and apply strong security measures.
  • Your data is yours. We only help you process it.

Fees and Payments

  • Our pricing is transparent and available on our website.
  • We offer flexible payment terms.

Ending the Service

Your Rights

  • You can terminate our services at any time and for any reason, unless you've entered into a long term contract with us, then you would need to reach out to support.

Our Rights

  • We may suspend or terminate services if you violate the Terms of Service or the law, following clear and fair procedures.

If Things Go Wrong: Limitations and Protections

Our Liability

  • We are transparent about what we can and cannot promise.
  • Our financial liability is limited.
  • We always aim to follow fair business practices.
  • This agreement is governed by Finnish Law.
  • Any disputes will be settled by arbitration in Helsinki, Finland.

Final Note

This is a simplified interpretation of our Terms of Service, provided for information purposes only. The full Terms of Service are the definitive reference.

Need help? Visit: https://datacrunch.io Contact our support team anytime with questions. (support[at]datacrunch.io or via chat)

Thank you for choosing DataCrunch. Let’s build something amazing together!

TERMS OF SERVICE

Last updated September 30, 2025

The Terms of Service below govern your access to and use of the DataCrunch.io Services. It includes the service terms and conditions, Data processing terms, and schedules (together, the "Agreement"). It is a legally binding contract between you (the "Customer") and DataCrunch Oy (the "Supplier").

Table of Contents

1. Definitions and How to Interpret These Terms

1.1. The definitions and rules of interpretations are listed in Schedule 1 as part of this Agreement and should be used to understand their meaning.

2. When This Agreement Starts and How Long It Lasts

2.1. This Agreement shall commence on the date the Customer agrees to this Agreement (the Commencement Date). It will continue indefinitely unless terminated earlier in line with this Agreement.

3. Using Our Service

3.1. Subject to the Customer's payment of the Service Fees and the strict compliance with the other terms and conditions of this Agreement, the Supplier hereby grants to the Customer a non-exclusive and non-transferable right (without the right to grant sub-licences) to use and access, and to permit the Customer Users to use and access, the Service, solely for Accepted Purposes during the Term.

3.2. The Supplier may amend the Service and the Service Description from time to time provided such amendments apply to the majority of customers for the Service and do not materially and negatively impact the security of the Service. The current Service Description is available on the Supplier's website.

3.3. The Customer acknowledges and agrees that the Supplier and its licensors own all Intellectual Property Rights in the Service, Information, Software and the Service Description. Except as expressly stated herein, this Agreement shall not grant the Customer any rights to, or in, any Intellectual Property Rights in respect of the Service, Information, Software and the Service Description.

3.4. The Supplier and its licensors shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Service, Information, Software and/or the Service Description, as the case may be, any enhancement requests or feedback provided by the Customer and any Customer Users, so long as the Customer is not identified in any way as the source of such feedback. For the avoidance of doubt, the Supplier shall not be obliged to implement any such enhancement requests or feedback.

4. Our Obligations as Supplier

4.1. The Supplier warrants that during the Term the Service shall perform materially in accordance with the Service Description.

4.2. The Supplier shall perform its obligations under this Agreement in compliance with all laws applicable to the Supplier in general and independently of the performance of the Supplier's obligations under this Agreement.

4.3. The Supplier makes no representation, and gives no warranty or undertaking, that the operation or availability of the Service will be uninterrupted or error-free.

4.4. If the Supplier fails to comply with the warranty at Sub-clause 4.1, it shall use its reasonable endeavours to rectify, repair or correct such failure within a reasonable time. The warranty at Sub-clause 4.1 shall not apply to the extent of any non-conformance, including unavailability, which is caused by: (a) the Customer's breach of this Agreement; (b) use of the Service contrary to the Supplier's instructions; (c) modification or alteration of the Service by any party other than the Supplier or authorised Supplier Personnel; or (d) failure of third-party services or infrastructure, including but not limited to data centre and/or co-location services, power, or connectivity services, which are beyond the Supplier's control.

4.5. The Customer acknowledges that the Supplier and/or the Supplier Personnel may from time to time carry out routine and/or emergency maintenance of the Service. The Customer may be unable to access the Service during any period in which routine or emergency maintenance is being carried out, though the Supplier will use its reasonable endeavours to keep any such disruption to and unavailability as a result of such routine and/or emergency maintenance of the Service to a minimum.

4.6. Without limitation to Sub-clause 17.1 (Force Majeure), the Customer acknowledges that the Supplier has no direct control over the availability of, or limitations in, bandwidth over the entirety of the internet and that, while the Supplier will use such endeavours as the Supplier deems appropriate to facilitate the Service, the Supplier shall not be responsible for delays in or unavailability of the Service caused by such bandwidth limitations or unavailability.

4.7. Except as expressly provided in this Agreement, the Service is provided "as is" and to the extent permitted by law, the Supplier disclaims all other conditions, warranties, representations, undertakings or other terms which might have effect between the Parties with respect to the Service, or be implied or incorporated into this Agreement, whether by statute, common law, custom or otherwise, including any implied conditions, warranties, undertakings or other terms relating to satisfactory quality, reasonable skill and care, fitness for any particular purpose, ability to achieve a particular result or arising from course of dealing or usage of trade. Supplier does not warrant anything in relation to systems that do not make up the Service or the connection to the Service or those systems.

5. Disclaimers

5.1. The Supplier does not warrant, represent, undertake or agree that: (a) the use of the Service by the Customer or its Customer Users will meet the Customer's requirements nor that any recommendations derived from use of the Service will deliver any particular benefits if implemented; (b) defects in the Service will be corrected; or (c) the functions of the Service will operate in the combinations which the Customer selects for use. Under no circumstances shall the Supplier or the Supplier Personnel have any liability for any losses, claims, damages, costs or expenses caused by errors or omissions in any information, instructions or scripts provided to the Supplier and/or the Supplier Personnel by or on behalf of the Customer in connection with the Service, or any actions taken by the Supplier and/or the Supplier Personnel at the Customer's direction.

6. Your Obligations and Acceptable Use of the Service

6.1. Customer shall not (and shall ensure that its Customer Users do not):

6.1.1. store, distribute or transmit any Malware, or any material, information or data through the Service that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; facilitates illegal activity; illegal images; or promotes unlawful violence, discrimination based on race, gender, colour, religious belief, sexual orientation, disability, or any other illegal activities;

6.1.2. engage in any malicious automated use of the Services, including but not limited to the malicious use of scripts, bots, scrapers, robots, or similar data gathering or extraction tools or crypto mining, except where expressly authorized;

6.1.3. send unsolicited commercial communications ("spam") or other unauthorized messages using the Services;

6.1.4. except as may be allowed by any applicable law which is incapable of exclusion by agreement between the Parties, attempt to copy, duplicate, modify, create derivative works from or distribute all or any portion of the Service, Information, Software or Service Description;

6.1.5. access, develop, supply or market all or any part of the Service in order to build a product or service which replicates, competes with or is substantially similar to the Service;

6.1.6. attempt to undertake any security, vulnerability, penetration, or similar testing of the Service without the prior written consent of the Supplier;

6.1.7. make improper use of support services or submit knowingly false reports of abuse, security incidents, or misconduct;

6.1.8. engage in any activity in connection with this Agreement that breaches, circumvents, or attempts to circumvent any Sanctions, or that permits any person or entity subject to Sanctions to access, use, or benefit from any services under this Agreement;

6.1.9. subject to Sub-clause 17.5 (Assignment), transfer, temporarily or permanently, any of its rights under this Agreement; or

6.1.10. assist third parties in obtaining access to the Service;

6.2. the Customer shall use its best endeavours to prevent any unauthorised access to, or use of, the Service and shall notify the Supplier promptly of any such unauthorised access or use; and

6.3. the Supplier may audit the Customer's compliance with this Clause 6 by any lawful, technical means and the Customer shall provide all reasonable assistance and information to the Supplier necessary to establish that the Service is only being accessed and used in accordance with this Agreement.

6.4. The Customer shall:

6.4.1. provide the Supplier with all necessary co-operation in relation to this Agreement and access to such information as may be required by the Supplier in order to provide the Service;

6.4.2. ensure that the Customer Users comply with any acceptable use policies specified or provided by the Supplier from time to time for the Service;

6.4.3. maintain sufficient licences to any software (from third parties or licensed by the Supplier separately to this Agreement) operated using or in conjunction with the Service;

6.4.4. maintain adequate technical capabilities to access and use the Service, including complying with possible Minimum Technical Requirements. The Customer acknowledges that as between the Parties, it is solely responsible for ensuring that its firewalls, security and privacy systems and settings, and other plug-ins or applications, do not interfere with or restrict the Customer's, or its Customer Users', access and use of the Service, and the Supplier and Supplier Personnel shall have no responsibility or liability in relation thereto;

6.4.5. provide such personnel assistance as may be reasonably requested by the Supplier from time to time;

6.4.6. comply with all applicable laws and regulations with respect to its activities under this Agreement;

6.4.7. carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties, the Supplier may adjust any timetable or delivery schedule set out in this Agreement as reasonably necessary;

6.4.8. before the Customer uses any updates to any third-party software in a live environment, carry out testing updates to any third-party software to its satisfaction, to ensure that such updates meet the Customer's own requirements without causing any issues with the Customer's use of the Service; and

6.4.9. undertake appropriate back-ups to its data and to secure media with such regularity and in such a manner so as to ensure that it can restore such data and media in the event of data loss or corruption from any cause.

7. Your Responsibilities for Users and Access

7.1. In relation to Customer Users:

7.1.1. the Customer shall ensure that the Customer Users comply with the terms of this Agreement, and shall be responsible for any acts and omissions of the Customer User as if committed by the Customer itself;

7.1.2. the Customer shall ensure that each Customer User keeps any user log-in(s), and password(s) for their use of the Service secure and confidential, password(s) are of adequate strength and conforming to the password policies of the Service, and that each Customer User does not share their login password(s) to allow any other employees, contractors (individuals or otherwise), representatives and agents of the Customer or any other individual or third party to access the Service;

7.1.3. in respect of any Customer User, the Customer will not allow any Customer User account to be used by more than one (1) individual Customer User; and

7.1.4. the Customer shall ensure that each Customer User is an individual natural person who is at least 18 years of age; and

7.1.5. if a Customer User leaves the employment or engagement of the Customer or where the employment or engagement of a Customer User is transferred such that the Customer does not intend for them to have access to the Service, the Customer shall promptly ensure that the Customer User shall not have access to the Service.

7.2. The Customer will not allow any Customer User account to be used (including to access or use the Service) in Restricted Locations.

7.3. If the Customer wishes to purchase the right to access and use the Service at Restricted Locations, the Customer shall notify the Supplier in writing. The Supplier shall evaluate such request and respond to the Customer with approval or rejection of the request. If the Supplier approves the Customer's request to purchase access for Restricted Locations, the Customer shall, within thirty (30) calendar days of the date of the Supplier's invoice, pay to the Supplier the relevant fees for such additional location as agreed upon.

7.4. The Customer acknowledges that the Service may provide functionality or features that enable Customer Users to perform functions, or order services that may incur additional Service Fees (as specified in the Service Description and/or on the Service itself) and the Customer agrees to be bound by the actions and orders performed by the Customer Users (or any person who obtains access to the Service as a result of a breach of this Agreement by the Customer) using the Service and pay any additional Service Fees arising as a result.

8. Service Fees and Payment Terms

Service Fees

8.1. The Customer shall pay the applicable Service Fees for using the Service as specified by the Supplier at the time of purchase or subscription.

8.2. Unless otherwise agreed by the Supplier, the Customer shall make payment by valid credit or debit card through the Supplier's designated online payment system. By providing payment details, the Customer authorizes the Supplier (and its appointed payment processor) to charge the Service Fees, including any recurring, top-ups, renewal or usage-based charges, together with applicable taxes.

8.3. The Supplier may, at its sole discretion, permit the Customer to pay by another method (including based on invoice). In such cases, the Customer shall comply with the payment instructions provided by the Supplier.

Payment Terms

8.4. The Service Fees shall include all public charges determined by the authorities. Value added tax shall be added to the Service Fees in accordance with the then current regulations. If the amount of public charges determined by the authorities or their collection basis change due to changes in the regulations or taxation practice, the Service Fees and other prices, if any, shall be revised correspondingly.

8.5. If the Customer is or may be required under any law or regulation of any governmental entity or authority, domestic or foreign, to withhold or deduct any portion of any payment due to the Supplier pursuant to this Agreement and the Supplier is unable to reclaim or recover that deduction through the exercise of reasonable efforts, then the sum payable to the Supplier will be increased by the amount necessary to yield to the Supplier an amount equal to the sum it would have received had no withholdings or deductions been made.

8.6. If the Customer fails to make any payment in accordance with this Agreement, then the Supplier shall (without prejudice to its other rights and remedies) be entitled to:

8.6.1. charge interest on the overdue amount at an annual rate of 9%; and/or

8.6.2. suspend the Customer's and the Customer Users' access to and use of the Service until payment (including any accrued overdue interest thereon) is made by the Customer in accordance with this Agreement.

8.7. Any Service Fees paid in accordance with this Clause 8 shall, to the extent permitted by applicable law, be non-refundable in all circumstances, including upon termination of this Agreement.

8.8. The Customer shall provide accurate, current and complete information on the Customer's billing address and billing contacts, including email address and phone number, and will promptly notify the Supplier if this information changes.

9. Customer Data

9.1. The Customer shall own all rights, title and interest in and to all of the Customer Data and shall at all times have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data and for ensuring that its use does not infringe the rights of any third parties.

9.2. The Customer hereby grants to the Supplier and the Supplier Personnel, on and subject to the terms and conditions of this Agreement, a non-exclusive, non-transferable licence to use the Customer Data for the purpose of providing the Service and the exercise of the Supplier's rights under this Agreement (together with the right to sub-licence these rights to its subcontractors to the extent necessarily required for the performance of the Supplier's obligations) and for any requirements ancillary to the provision of the Service (including any data analytics and service modelling specified in the Service Description). The Customer warrants to the Supplier that the use of the Customer Data in accordance with this Agreement will not: (a) breach any laws, statutes or regulations; (b) infringe the Intellectual Property Rights or other legal rights of any person; or (c) give rise to any cause of action against the Supplier, in each case in any jurisdiction and under any applicable law.

9.3. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data where such back-ups are made by the Supplier. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by the Customer, its Customer Users, the Customer's Affiliates or any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data hosting and back-up, in which case the Supplier's liability shall be subject to the limitations and exclusions set out in this Agreement, including those set out in this Clause and Clause 13).

10. Data Processing Terms

These Data Processing Terms ("Data Processing Terms") constitute the terms for the processing of Personal Data between the data controller and the processor in accordance with Data Protection Legislation and sets out the terms and conditions for the processing of Personal Data by the Supplier on behalf of the Customer under the Agreement. The Supplier shall act as a processor on behalf of the Customer who may act either as a controller or as a processor on behalf of a third-party controller.

Terms defined in Data Protection Legislation which are not defined under the Agreement shall have the meaning given to them in Data Protection Legislation.

10.1. Background, purpose & rules in case of conflict

10.1.1. The processing of Personal Data is described in more detail in the Description of the Personal Data Processing.

10.2. Rights and responsibilities of the customer

10.2.1. The Customer shall process Personal Data in compliance with Data Protection Legislation and good data processing practice.

10.2.2. At the time of signing this Agreement, the written instructions given by the Customer to the Supplier are included in these Data Processing Terms and the Schedules thereto. The Supplier shall process Personal Data only on the Customer's documented instructions, unless required by the Data Protection Legislation. The Customer may issue additional or amended written instructions. The Supplier may charge reasonable additional costs, subject to prior written notice, where new or amended documented instructions from the Customer materially extend the agreed scope of processing or cause significant additional effort.

10.2.3. In addition, the Customer undertakes to:

10.2.3.1. ensure that there is a legal ground for processing the Personal Data covered by these Data Processing Terms, and that necessary data processing agreements in accordance with Data Protection Legislation are in force;

10.2.3.2. warrant, if the Customer acts as a processor on behalf of a third-party controller, on an ongoing basis that the third-party controller has authorized (i) the Customer's documented instructions; (ii) the Supplier as a Sub-processor of the Customer; and (iii) the Supplier's engagement of Sub-processors;

10.2.3.3. ensure that the Data Subjects, as required by the Data Protection Legislation, have received sufficient information regarding the processing, including information on that the Supplier may process the Personal Data on behalf of the Customer;

10.2.3.4. in a timely manner, provide the Supplier with lawful and documented instructions regarding the Supplier's processing of Personal Data; and

10.2.3.5. act as Data Subjects' point of contact.

10.3. Responsibilities of the Supplier

10.3.1. General principles applicable to the processing of Personal Data

The Supplier shall:

10.3.1.1. process Personal Data in compliance with these Data Processing Terms and Data Protection Legislation;

10.3.1.2. process Personal Data on documented instructions from the Customer, unless prescribed otherwise by a provision of Data Protection Legislation applicable to the Supplier. In such cases, the Supplier shall inform the Customer of such requirements in reasonable time before beginning the processing of Personal Data in accordance with the instructions, unless informing of such requirement is prohibited in Data Protection Legislation. In case the Supplier considers that instructions of the Customer are in breach of Data Protection Legislation, the Supplier shall immediately inform the Customer;

10.3.1.3. ensure that the persons in service of the Supplier with access to Personal Data have committed themselves to appropriate confidentiality;

10.3.1.4. carry out the measures prescribed in Sub-clause 10.4 (Data security) of these Data Processing Terms;

10.3.1.5. follow the conditions concerning the use of Sub-processors as prescribed in Sub-clause 10.7 (Sub-processors) of these Data Processing Terms;

10.3.1.6. taking into account the information available to the Supplier, provide reasonable assistance to the Customer in responding to requests for exercising the rights of Data Subjects where the Customer does not have access to the needed information. Where the Customer requests assistance that requires effort or resources beyond the standard level of support ordinarily provided under the Services, the Supplier is entitled to charge the Customer for costs and expenses that are incurred as a result of complying with this Sub-paragraph 10.3.1.6;

10.3.1.7. taking into account the information available to the Supplier, provide reasonable assistance to the Customer in ensuring compliance with its obligations set out in Data Protection Legislation, relating to data security, Personal Data Breaches (as further defined in Sub-clause 10.5 of this Data Processing Terms), data protection impact assessments, and prior consulting obligations. Where the Customer requests assistance that requires effort or resources beyond the standard level of support ordinarily provided under the Services, the Supplier is entitled to charge the Customer for costs and expenses that were incurred as a result of complying with this Sub-paragraph 10.3.1.7;

10.3.1.8. at the choice of the Customer, delete or return Personal Data to the Customer as prescribed in Paragraph 10.9.1. of this Data Processing Terms;

10.3.1.9. make available to the Customer all information necessary to demonstrate compliance with obligations set out in this Data Processing Terms and in Data Protection Legislation. The Customer is obliged to keep all such information confidential. Where the Customer requests assistance that requires effort or resources beyond the standard level of support ordinarily provided under the Services, the Supplier is entitled to charge the Customer for costs and expenses that were incurred as a result of complying with this Sub-paragraph 10.3.1.9;

10.3.1.10. allow the Customer to perform audits as prescribed in Sub-clause 10.8 (Auditing) of these Data Processing Terms.

10.4. Data security

10.4.1. The Supplier shall implement technical and organisational measures to ensure an appropriate level of security to protect Personal Data against unauthorised access and loss, destruction, damage, alteration or disclosure, or against other unlawful processing.

10.5. Personal Data breach notification

10.5.1. The Supplier shall notify the Customer of all Personal Data Breaches without undue delay and no later than 48 hours after the Supplier has become aware of the suspected Personal Data Breach. The Personal Data Breach notification shall contain the following:

10.5.1.1. description of the nature of the Personal Data Breach, including the categories and approximate number of Data Subjects concerned and the categories and approximate number of data records concerned;

10.5.1.2. name and contact details of the contact person of the Supplier handling the Personal Data Breach;

10.5.1.3. description of likely consequences and/or realised consequences of the Personal Data Breach; and

10.5.1.4. description of the measures the Supplier has taken to address the Personal Data Breach and to mitigate its adverse effects.

10.5.2. If it is not possible to provide the information listed at the same time, the information may be provided in phases.

10.5.3. The Supplier shall document Personal Data Breaches and disclose the documentation to the Customer upon the Customer's request.

10.5.4. After the Supplier has become aware of the Personal Data Breach, the Supplier shall ensure the security of Personal Data and take appropriate measures to ensure the protection of Personal Data in cooperation with the Customer.

10.6. Data Storage and Transfers of Personal Data

10.6.1. The Supplier shall prioritize to store and process all Personal Data within the European Economic Area ("EEA").

10.6.2. Personal Data may only be transferred outside of the EEA on an exceptional basis, where such transfer is strictly necessary for the provision of the Services, including where the Supplier relies on Sub-processors to perform such Services.

10.6.3. Any such transfer shall only take place where:

10.6.3.1. the destination country is covered by a European Commission Adequacy Decision, confirming that it provides an adequate level of protection for Personal Data; or

10.6.3.2. in the absence of such a decision, the transfer is covered at minimum by the most recent Standard Contractual Clauses adopted by the European Commission, and, where necessary, supported by additional technical and organisational measures to ensure that Personal Data is protected to a level essentially equivalent to that provided within the EEA.

10.6.4. The Supplier shall inform the Customer of the country or region where Personal Data will be stored or processed, including where Sub-processors are engaged. The Supplier shall inform the Customer in advance of any intended storage or processing of Personal Data outside the EEA, including the location and the Sub-processor involved. The Customer shall have the right to object to such transfer on reasonable data protection or security grounds.

10.6.5. If the Customer exercises its right to object, the Supplier shall not carry out the transfer. In such circumstances, the Customer may suspend or terminate the affected Services with immediate effect and without penalty.

10.7. Sub-processors

10.7.1. The Supplier is entitled to use Sub-processors in the processing of Personal Data when the Customer has approved such Sub-processors. On the Commencement Date, the Customer has agreed to use of the Sub-processors as provided under the Description of Personal Data Processing. The Customer has also agreed that the Supplier may use any of the Affiliates of the Supplier as a Sub-processor in the processing of Personal Data.

10.7.2. The Supplier is entitled to reduce the number of Sub-processors without separate notice.

10.7.3. The Supplier shall notify the Customer about an addition of a Sub-processor processing Personal Data under these Data Processing Terms at least fifteen (15) days before engaging the Sub-processor. The notice must include at least: (i) the name of the Sub-processor; (ii) the type of Personal Data processed by such Sub-processor and for which purposes; (iii) and location of the Data Processing performed by such Sub-processor.

10.7.4. If the Customer denies use of the new Sub-processor, the Customer has the right to terminate the Agreement within two weeks of being notified by the Supplier. If the Customer does not object within the notice period, the Supplier may proceed with the engagement of the Sub-processor.

10.7.5. The Supplier shall take appropriate measures to ensure that the used Sub-processors comply with the obligations specified in this Data Processing Terms, including security and confidentiality requirements. The Supplier is responsible for the performance of its Sub-processors as it is responsible for the performance of its own obligations.

10.8. Auditing

10.8.1. The Supplier shall make available to the Customer all information reasonably necessary to demonstrate compliance with this Data Processing Terms and Data Protection Legislation, including providing copies of relevant, industry-standard security and privacy certifications and audit reports prepared by independent third parties.

10.8.2. If the information provided under Paragraph 10.8.1 is not sufficient for the Customer to reasonably verify compliance, the Customer may request an independent third-party auditor to conduct an audit of the Supplier or carry out an inspection itself.

10.8.3. The Customer shall be responsible for all costs and expenses associated with an audit/inspection it initiates under this Agreement, including any fees and expenses of an independent third-party auditor engaged by the Customer. The Supplier may charge the Customer for its reasonable costs and expenses incurred in connection with supporting the audit, except where the audit reveals a material non-compliance by the Supplier with its obligations under this Agreement or Applicable Data Protection Legislation.

10.8.4. The Customer must notify the Supplier of the audit at least twenty (20) Business Days in advance. Notwithstanding the above notice period, the Customer may conduct an audit on shorter notice where required by a supervisory authority. The Supplier shall assist the Customer and the third party during normal business hours in conducting the audit with reasonable measures. The audit shall be carried out as quickly as possible and it shall not disturb the Supplier's normal business operations. The audit/inspection shall comply with the Supplier's work rules, security requirements and standards to protect other customers, the security and continuity of the service, and confidentiality. Before commencing any audit/inspection, the independent auditor (including relevant parties/persons conducting the audit) and/or Customer and its representatives shall enter into the non-disclosure agreement(s) provided by or approved by the Supplier.

10.9. Customer Data Retrieval and Deletion

10.9.1. The Customer is responsible for managing, retrieving or deleting any Customer Data uploaded to the Service using the functionalities provided by the Supplier.

10.9.2. Where the Customer deletes Customer Data, such data may be recoverable for up to ninety-six (96) hours thereafter, after which it will be irreversibly deleted, unless the Customer has used the delete permanently functionality, in which case the Customer Data will be irreversibly deleted without the recovery option.

10.9.3. If the Customer fails to provide timely payment for the Service and, in the absence of further instructions from the Customer, any Customer Data uploaded to the Service shall be automatically deleted within ninety-six (96) hours following the issuance of several notices by the Supplier.

10.9.4. The Supplier may charge reasonable additional fees for this recovery service within this ninety-six (96) hour period.

10.9.5. Other Personal Data processed by the Supplier in connection with the provision or administration of the Service (including but not limited to account information, billing records, system logs, or compliance-related data) shall be processed solely to the extent and for the duration permitted or required under applicable Data Protection Legislation or other legal obligation. The Supplier shall ensure that such Personal Data is securely deleted or anonymised without undue delay once no further legal ground exists for its processing.

11. Confidentiality

11.1. The Receiving Party shall:

11.1.1. only use (including making copies of) Confidential Information in connection with and to the extent necessary for the purposes of this Agreement;

11.1.2. not disclose the Confidential Information to any person except with the prior written consent of the Disclosing Party or in accordance with Sub-clauses 11.2 and 11.3; and

11.1.3. keep all Confidential Information secret and securely protected against theft or unauthorised access.

11.2. The Customer may disclose Confidential Information of the Supplier to its Customer Users, provided that the Customer informs all Customer Users that the Confidential Information is confidential.

11.3. The Receiving Party may disclose any Confidential Information to any regulator, law enforcement agency or other third party if it is required to do so by law, regulation, or similar authority. In those circumstances the Receiving Party shall (to the extent practical and lawful to do so) notify the Disclosing Party in writing as soon as practicable before the disclosure and use all reasonable endeavours to consult with the Disclosing Party with a view to agreeing the timing, manner and extent of the disclosure.

11.4. All Confidential Information shall remain the property of the Disclosing Party and the Disclosing Party reserves all rights in its Confidential Information. Nothing in this Agreement or the disclosures envisaged by this Agreement shall (except as expressly agreed otherwise in this Agreement) operate to transfer, or operate as a grant of any licences or right to use, to any Intellectual Property Rights in the Confidential Information.

11.5. The parties' obligations under this Clause 11 shall continue in force notwithstanding the termination or expiry of this Agreement.

11.6. Each Party acknowledges that damages alone would not be an adequate remedy in the event of breach by the other Party of the provisions of this Clause 11. Accordingly, it is agreed that either Party shall be entitled, without proof of special damages, to seek an injunction or other interim remedy for any threatened or actual breach of this Clause 11 by the other Party, without prejudice to any other rights and remedies which that first Party may have.

12. Indemnities

12.1. The Customer shall indemnify, keep indemnified and hold the Supplier and the Supplier Personnel harmless against any and all damages, claims, actions, proceedings, losses and reasonable costs (including legal fees) and expenses arising from any third party claims or actions arising out of or in connection with: (i) the Customer's or the Customer Users' use (or misuse) of the Service in breach of this Agreement; and/or (ii) any breach of the Customer's warranty in Sub-clause 9.2.

12.2. Subject to the provisions of this Sub-clause 12.2 and Sub-clauses 12.3 to 12.5, the Supplier shall indemnify the Customer and hold the Customer harmless in respect of all damages and reasonable costs (including court costs and legal fees) and expenses arising directly from an IPR Claim which is valid and enforceable in the legal jurisdiction in which the IPR Claim is commenced provided that:

12.2.1. the Customer shall give the Supplier prompt notice of any actual or threatened IPR Claim;

12.2.2. the Customer shall not admit any liability or agree to any settlement or compromise of an IPR Claim without the prior written consent of the Supplier;

12.2.3. the Supplier shall be entitled at any time to assume exclusive conduct of the IPR Claim (which shall include, but not be limited to, the exclusive right to conduct any proceedings or action, negotiate the settlement of the IPR Claim and to conduct all discussions and dispute resolution efforts in connection with the IPR Claim);

12.2.4. the Customer shall, at the Supplier's request, cost and expense, give the Supplier all reasonable assistance in connection with the conduct of the IPR Claim (including taking such steps as is necessary to enable the Supplier to assume conduct of the IPR Claim pursuant to Paragraph 12.2.3); and

12.2.5. the Customer takes all reasonable steps to mitigate any liabilities which are the subject of the indemnity in this Sub-clause 12.2.

12.3. If any IPR Claim is made, or in the Supplier's reasonable opinion is likely to be made, against the Customer, the Supplier may at its option and expense:

12.3.1. obtain for the Customer the right to continue using the Service in the manner permitted under this Agreement; or

12.3.2. modify or replace the infringing part of the Service so as to avoid the infringement or alleged infringement, but in such a way that does not materially adversely affect the functionality of the Service; or

12.3.3. terminate this Agreement immediately on notice to the Customer.

12.4. Under no circumstances shall the Supplier or any Supplier Personnel be liable to the Customer under Sub-clauses 12.2 or 12.3 (or otherwise) to the extent that the infringement (whether actual or threatened) is based on: (a) any changes, modifications, updates or enhancements made to the Service other than by the Supplier or the Supplier Personnel; (b) any use of the Service by the Customer or its Customer Users in a manner contrary to the Supplier's instructions and/or in breach of this Agreement; or (c) the Customer's or its Customer Users' use of the Service after notice or becoming aware of the actual or threatened IPR Claim.

12.5. The provisions of Sub-clauses 12.2 to 12.4 inclusive state the entire liability of the Supplier to the Customer in connection with an IPR Claim and shall be the Customer's sole and exclusive remedy in that regard.

13. Limitation of Liability

13.1. Nothing in this Agreement excludes or limits the liability of either Party to the other for:

13.1.1. death or personal injury caused by negligence;

13.1.2. fraud or fraudulent misrepresentation by it or its employees; or

13.1.3. any other liability that cannot be excluded or limited by law.

13.2. Subject to Sub-clause 13.1, the Supplier or the Customer shall not be liable whether in tort (including for negligence), breach of statutory duty, contract, misrepresentation (whether innocent or negligent), restitution or otherwise for:

13.2.1. any loss of profits, loss of business, loss of savings, depletion of goodwill and/or similar losses, or pure economic loss or (subject to Clause 10) any loss or corruption of data or information (regardless of whether these types of loss or damage are direct, indirect or consequential); or

13.2.2. any special, indirect or consequential loss or damage whatsoever, in each case however arising under or in connection with this Agreement and even if the Supplier or the Customer were aware of the possibility that such loss or damage might be incurred.

13.3. Subject to Sub-clauses 13.1 and 13.2 and save for the Customer's payment obligations of the Service Fees, the total aggregate liability of the Supplier or Customer (including liability for breach) in contract (including under any indemnities), tort (including negligence or breach of statutory duty), misrepresentation (whether innocent or negligent), restitution or otherwise, arising under or in connection with the performance, non-performance or contemplated performance of this Agreement in respect of any and all causes of action shall in no event exceed 20% of the value of the Service Fees paid or payable by the Customer to the Supplier.

13.4. The provisions of this Agreement allocate risks under this Agreement between the Supplier and the Customer and form an essential basis of the bargain between the Parties and, absent any of such provisions, the remaining provisions of this Agreement, including, without limitation, the economic terms, would be substantially different. The Supplier pricing reflects this allocation of risks and limitation of liability. The provisions of Clause 13 shall apply to the maximum extent permitted by law, even if any remedy fails its essential purpose.

14. Termination and Suspension

14.1. The Customer may terminate this Agreement for its convenience at any time by either providing written notice to the Supplier, or deleting its account through the functionality provided in the Service.

14.2. Without affecting any other right or remedy available to it, either Party may terminate this Agreement with immediate effect by giving written notice to the other Party if:

14.2.1. the other Party commits a material breach of any term of this Agreement which is irremediable or (if such breach is remediable) fails to remedy that breach within a period of thirty (30) days after being notified in writing to do so; or

14.2.2. the other Party suffers an Insolvency Event.

14.3. On termination of this Agreement for any reason:

14.3.1. all licences and other rights granted under this Agreement shall immediately terminate and the Customer and the Customer Users shall immediately cease all use of the Service. For the avoidance of doubt, any licences and other rights granted under this Agreement which are stated to be granted on a perpetual and irrevocable basis shall survive the termination of this Agreement for any reason and shall continue in full force and effect;

14.3.2. the Supplier may immediately end the Customer's and the Customer Users' use of and access to the Service;

14.3.3. the Customer shall immediately pay all sums and amounts payable to the Supplier under the terms of this Agreement;

14.3.4. each Party shall return or destroy, and (in each case) make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other Party, including the other Party's Confidential Information (except the Supplier may retain reasonable professional records of the Customer's and its Customer Users' use of the Service and shall be entitled to retain the Customer's Confidential Information for the purposes of internal audit, litigation and/or to comply with applicable laws);

14.3.5. the Supplier may destroy or otherwise dispose of any of the Customer information in its possession at any point thirty (30) days or more after termination of this Agreement;

14.3.6. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of this Agreement which existed at or before the date of termination shall not be affected or prejudiced; and

14.3.7. Clauses 8 to 20 and any other provisions which are necessary for the interpretation or enforcement of this Agreement shall continue in force notwithstanding termination.

14.4. The Supplier may suspend the Customer's right to access the Service or use any portion or all of the Service immediately upon notice to the Customer if it determines acting reasonably:

14.4.1. that the Customer's (or a Customer User's) use of or access to the Service (a) poses a security risk to the Supplier, the Service or any third party; (b) may adversely impact availability or performance of the Service, the Software or the systems or software of any other customer of the Supplier; (c) may subject the Supplier or any third party to any liability; or (d) may be fraudulent; or

14.4.2. that the Customer, or any Customer User, is in breach of this Agreement or any other agreement by which software being used on or in conjunction with the Service is licensed.

14.5. The Supplier shall reinstate the suspended Service once it has established the cause of the suspension has been remedied or ceased to exist. Where the cause of the suspension persists for more than thirty (30) days, the Supplier may immediately terminate this Agreement without incurring any liability to the Customer.

15. Entire Agreement

15.1. This Agreement constitutes the entire agreement between the parties in relation to its subject matter. It replaces and extinguishes all prior agreements, collateral warranties, collateral contracts, statements, representations and undertakings made by or on behalf of the parties, whether oral or written, in relation to that subject matter.

15.2. Each Party acknowledges that in entering into this Agreement it has not relied upon any collateral warranties, collateral contracts, statements, representations or undertakings, whether oral or written, which were made by or on behalf of the other Party in relation to the subject matter of this Agreement (together "Pre-Contractual Statements") and which are not set out in this Agreement. Each Party hereby waives all rights and remedies which might otherwise be available to it in relation to such Pre-Contractual Statements.

15.3. Nothing in this Clause shall exclude or restrict the liability of either Party arising out of its pre-contractual fraudulent misrepresentation or fraudulent concealment.

16. Notices

16.1. Subject to Sub-clause 16.3, any notice required to be given under this Agreement shall be in writing in English and shall be delivered by email to the other Party at its email address as set out in the Cover Sheet, or such other address as may have been notified by that Party for such purposes.

16.2. A notice sent by email shall be deemed to have been received at the time and date of transmission shown on the saved sent copy kept by the sender (or if delivery is not in business hours, at 9am (EET) on the first Business Day following delivery).

16.3. This Clause 16 shall not apply to the service of legal proceedings.

17. Miscellaneous

17.1. Force Majeure. The Supplier shall not be in breach of this Agreement nor liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from events, circumstances or causes beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Supplier or any other party), failure of a utility service or transport or telecommunications network or the internet, natural disasters, war, pandemic, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or sub-contractors. In such circumstances the Supplier shall be entitled to a reasonable extension of the time for performing such obligations.

17.2. No Waiver. The failure to exercise, or delay in exercising, a right, power or remedy provided by this Agreement or by law shall not constitute a waiver of that right, power or remedy. If a Party waives a breach of any provision of this Agreement, this shall not operate as a waiver of a subsequent breach of that provision, or as a waiver of a breach of any other provision.

17.3. Rights and Remedies. Except as expressly provided in this Agreement, the rights and remedies provided under this Agreement are in addition to, and not exclusive of, any rights or remedies provided by law.

17.4. Severance. If any provision, or part of a provision, of this Agreement is found by any court or authority of competent jurisdiction to be illegal, invalid or unenforceable, that provision or part-provision shall be deemed not to form part of this Agreement, and the legality, validity or enforceability of the remainder of the provisions of this Agreement shall not be affected, unless otherwise required by operation of applicable law. If any invalid, unenforceable or illegal provision would be valid, enforceable or legal if some part of it were modified, the provision shall apply with whatever modification is necessary to give effect to the commercial intention of the parties.

17.5. Assignment. The Customer shall not, without the prior written consent of the Supplier, assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement. The Supplier may at any time assign, transfer, charge, sub-contract or deal in any other manner with all or any of its rights or obligations under this Agreement. The Customer shall enter into any further agreements reasonably required by the Supplier to give effect to any of the above.

17.6. Relationship of the Parties. Nothing in this Agreement is intended to, or shall be deemed to, establish or constitute any partnership or joint venture between any of the parties, create a relationship of principal and agent for any purpose between the parties, or authorise either Party to make or enter into any commitments for or on behalf of the other Party.

17.7. Variation. No variation of this Agreement shall be effective unless made in writing and signed by or on behalf of each of the parties or by their duly authorised representatives. If the Customer wishes the Supplier to proceed with any proposed variation, the Supplier has no obligation to do so unless and until the parties have agreed in writing the necessary variations to the Service Fees and any other relevant terms of this Agreement to take account of the change.

17.8. Changes. This Agreement may only be amended by written agreement agreed by both Parties. Nevertheless, the Parties acknowledge and agree that the Supplier's field of business is subject to continuous changes (including changes regarding the Supplier's Service as well as the applicable regulatory framework) which may also require changes to this Agreement. The Supplier may amend this Agreement to the extent reasonably required due to changes in applicable legislation, regulatory guidance, mandatory security requirements, or essential changes in the Supplier's Services. The Supplier will notify the Customer of such changes at least 30 days in advance, unless compliance with the law or regulation requires that the changes be made sooner. Following the change notification, the Customer may terminate the Agreement without penalty, if the amendments are not acceptable.

17.9. Conflicts. In the event of any conflict between the Clauses of the Service T&Cs and the Schedules, the conflict shall be resolved by giving priority: (a) first, to the Clauses of the Service T&Cs; (b) second, to the Schedules. If there is a conflict between the Schedules, priority shall be given to the Schedule with the lower number.

18. Third-Party Rights

18.1. Subject to the Supplier Personnel being entitled to rely on and enforce the provisions of Clauses 5, 11, and 13, a person who is not a party to this Agreement may not enforce any of its provisions under any legislation otherwise entitling it to do so nor bring a claim for the recovery of any losses, liabilities, expenses or costs arising out of or relating to this Agreement or the Service. The consent of any third party is not necessary for any variation (including any release or compromise in whole or in part of any liability) or termination of this Agreement.

18.2. All claims brought by the Customer under or as a result of this Agreement (whether in contract, misrepresentation (whether tortious or statutory), tort (including negligence), restitution, breach of statutory duty or otherwise) shall be brought against the Supplier only and not any Supplier Personnel. The limitations and exclusions of liability set out in this Agreement shall apply to all such claims.

19. Consumer Rights

19.1. If the Customer qualifies as a consumer under the EU consumer protection legislation, the Customer has the right to withdraw from this Agreement within fourteen (14) days from Commencement Date without providing any reason.

19.2. To exercise the right of withdrawal, the Customer must inform the Supplier of their decision to withdraw from this Agreement by sending an email to the email address specified in the Cover Sheet. The email must include a clear statement of the Customer's decision to withdraw from the Agreement and must clearly identify the agreement to be withdrawn.

19.3. If the Customer withdraws from this Agreement, the Customer shall not have the right to a refund for any Service Fees paid for the use of the Service before withdrawal.

19.4. To meet the withdrawal deadline, it is sufficient for the Customer to send their notification concerning the exercise of the right of withdrawal before the withdrawal period has expired.

19.5. Nothing in this Agreement shall limit the Customer's statutory mandatory rights under EU consumer protection legislation, insofar as the Customer is a consumer residing within the EU. This includes the right to lodge complaints or bring claims before the competent consumer dispute resolution bodies or forums in the Customer's country of residence.

20. Governing Law and Jurisdiction

20.1. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of Finland.

20.2. The United Nations Convention on Contracts for the International Sale of Goods (CISG) shall not apply to this Agreement.

20.3. Any dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce.

20.3.1. The number of arbitrators shall be three.

20.3.2. The seat of arbitration shall be in Helsinki, Finland.

20.3.3. The language of the arbitration shall be English.

Schedule 1: Definitions and Interpretation

Definitions

The following definitions apply in this Agreement:

Word/phrase Meaning
Acceptable Purposes mean all purposes related to the use and utilization of the Service under the Agreement, excluding purposes that are prohibited herein. The Customer may not resell, rent, license, or otherwise transfer the Service to a third party, or use or offer the Service for military purposes, including but not limited to the development, production, testing, or use of weapons, unless agreed by a separate Agreement. Accepted purposes must also comply with the governing laws of this Agreement and any other applicable laws, ensuring that the use of the Service shall not be illegal under these regulations. The Customer may use the Service as a platform to offer their own services to third parties, provided that the service offered to the third party does not consist entirely or predominantly of the Service.
Affiliate means any entity in respect of a Party that from time to time, directly or indirectly, Controls, is Controlled by, or is under common Control with that Party and any other entity agreed in writing by the parties as being an Affiliate in respect of either Party.
Business Day means any day which is not a Saturday, Sunday or public holiday in Finland.
Commencement Date means the date on which the Customer agrees to and enters into this Agreement.
Confidential Information means all information in any medium or format (including written, oral, visual or electronic, and whether or not marked or described as "confidential"), together with any copies, which relates to the Disclosing Party, to its Affiliates, or to its (or its Affiliates') employees, officers, customers or suppliers, and which is directly or indirectly disclosed by or on behalf of the Disclosing Party to the Receiving Party under or in connection with this Agreement (or which is learnt or acquired by the Receiving Party in connection with this Agreement), whether before or after the date of this Agreement, and which would reasonably be regarded as confidential, BUT shall not include (i) information which is in the public domain other than as a result of a breach of this Agreement or any separate confidentiality undertaking between the parties; (ii) information which the Receiving Party received, free of any obligation of confidence, from a third party which was not itself under any obligation of confidence in relation to that information, whether before the date of its disclosure by the Disclosing Party or otherwise; or (iii) information which the Receiving Party can show by its written or other records was developed or created independently by the Receiving Party or any of its Affiliates.
Control means (a) the power (whether by way of ownership of shares, proxy, contract, agency or otherwise) to (i) cast, or control the casting of, more than one-half of the maximum number of votes that might be cast at a general meeting of that Party; (ii) appoint or remove all, or the majority, of the directors or other equivalent officers of that Party; or (iii) give directions with respect to the operating and financial policies of the relevant Party with which the directors or other equivalent officers of that Party are obliged to comply; or (b) the holding beneficially of more than 50 per cent of the issued share capital of the relevant Party (excluding any part of that issued share capital that carries no right to participate, or no right to participate beyond a specified amount, in a distribution of either profits or capital).
Customer Data means any data transferred to the Supplier by the Customer for input into the Service, including any data input into the Service by the Customer Users.
Customer Users means the individual employee, agent or contractor of the Customer who are authorised by the Customer to access and use the Service solely on behalf and for the benefit of the Customer.
Data Protection Legislation means the General Data Protection Regulation ((EU) 2016/679) ("GDPR"), the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC), and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them, and all other applicable laws relating to processing of personal data and privacy that may apply under the governing law of the Agreement.
Data Subject means a natural person whose Personal Data is processed by the Supplier under the Agreement.
Disclosing Party means a Party disclosing its Confidential Information to the Receiving Party, which in the case of the Customer may be the Customer and/or the Customer Users and in the case of the Supplier may be the Supplier and/or the Supplier's Affiliates, as applicable.
Description of the Personal Data Processing means a schedule to the Service T&C describing the Personal Data Processing under the Agreement.
EEA means the European Economic Area, consisting of the Member States of the European Union and Iceland, Liechtenstein and Norway.
Information means all data, records, reports, results, documents, papers, drawings, designs, transparencies, photos, graphics, logos, typographical arrangements, software, and all other outputs or materials in whatever form, including but not limited to hard copy and electronic form, generated by or on behalf of the Supplier in the performance of this Agreement and made available under or in connection with this Agreement (including the provision of the Service).
Insolvency Event the occurrence of any one or more of the following events in relation to a Party: (a) the Party becomes unable to pay its debts, admits its inability to pay its debts or becomes insolvent; (b) a petition is presented, an order made or a resolution passed for the liquidation (otherwise than for the purposes of a solvent amalgamation or reconstruction), administration, bankruptcy or dissolution of the Party; (c) an administrative or other receiver, manager, trustee, liquidator, administrator or similar person or officer is appointed to the Party and/or over all or any part of the assets of the Party; (d) the Party enters into or proposes any composition or arrangement concerning its debts with its creditors (or any class of its creditors) generally; or (e) anything equivalent to any of the events or circumstances listed in limbs (a) to (d) (inclusive) occurs in any applicable jurisdiction.
Intellectual Property Rights (a) patents, inventions, designs, copyright and related rights, database rights, knowhow and Confidential Information, trademarks (whether registered or unregistered) and related goodwill, trade names (whether registered or unregistered), and rights to apply for registration; (b) all other rights of a similar nature or having an equivalent effect anywhere in the world which currently exist or are recognised in the future; and (c) all applications, extensions and renewals in relation to any such rights.
IPR Claim means any claim or action against the Customer by any third party that the use of the Service (or any part of the Service) by the Customer or its Customer Users, in accordance with the terms of this Agreement, infringes the copyright of that third party in Finland.
Malware means any thing or device (including any software, code, file or programme) which may: prevent, impair, spy on, or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network or any other service or device; prevent, impair, or otherwise adversely affect access to or the operation of any programme or data, including the reliability of any programme or data (whether by re-arranging, altering or erasing the programme or data in whole or part or otherwise); or adversely affect the user experience, including worms, trojan horses, viruses and other similar things or devices.
Minimum Technical Requirements means the minimum technical requirements the Customer is required to meet in order to enable its Customer Users to access and use the Service in accordance with this Agreement (as may be notified by the Supplier from time to time, including in the Service Description).
Party means a party to this Agreement (and "Parties" shall be construed accordingly).
Personal Data means personal data as defined in the Data Protection Legislation and which the Supplier processes under this Agreement.
Personal Data Breach means a breach of security leading to destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Receiving Party means a Party receiving Confidential Information from the Disclosing Party, which in the case of the Supplier may be the Supplier and/or the Supplier's Affiliates, as relevant.
Restricted Locations mean any geographic locations where the Customer is not permitted to use the Service under this Agreement. Restricted Locations include Russia, Belarus, Cuba, Iran, North Korea, Syria, Crimea (Ukraine), Donetsk (Ukraine), Luhansk (Ukraine) and any other location that the Supplier determines as a Restricted Location after the Commencement Date.
Sanctions means any laws, regulations, restrictions, prohibitions, embargoes, decisions, orders, or measures relating to trade, the economy, or finance that are imposed, enacted, implemented, enforced, or administered by a Sanctions Authority. This includes, without limitation, administrative freezing of funds imposed by the Finnish National Bureau of Investigation.
Sanctions Authority means the United Nations, the European Union, EEA, and member states, including Finland, as well as United States and United Kingdom, or any agency, body, or entity that is expressly authorised to issue, enact, impose, administer, or enforce sanctions on behalf of, or under the mandate of, any of these entities.
Service means the services that the Supplier provides to the Customer pursuant to this Agreement as specified in the Service Description.
Service Description means the published specification for the Services as set out in the Supplier's online service listing, currently available at https://datacrunch.io/products (or any successor location designated by the Supplier), describing the operation and functionality of the Services, the features and offerings available.
Software means the software used by the Supplier and/or any of the Supplier Affiliates or sub-contractors in delivering the Service.
Standard Contractual Clauses mean the contractual clauses issued by the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, and any amendments thereto.
Sub-processor means a processor acting on behalf of the Supplier.
Service Fees mean the applicable fees for the provided Services, as may be charged in accordance with this Agreement. The Service Fees (pricing) for Services is set out at https://datacrunch.io/products, which is incorporated into this Agreement by reference and may be amended by the Supplier from time to time.
Supplier Personnel means the Supplier's Affiliates and the Supplier's and its Affiliates' employees, directors, officers, agents and subcontractors.
Term means the term of this Agreement as specified in this Agreement.
Third Country means a country that is neither part of the EEA nor has been declared adequate by a decision of the European Commission under Article 45 GDPR.

Interpretation

The following rules of interpretation shall apply in this Agreement:

  1. The Clause and Schedule headings are for convenience only and shall not affect the interpretation of this Agreement.

  2. A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality).

  3. A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established.

  4. Unless the context otherwise requires: (a) words in the singular shall include the plural and, in the plural, include the singular; and (b) a reference to one gender shall include a reference to the other genders.

  5. A reference to writing or written includes e-mail.

  6. References to Clauses (Sub-clauses, paragraphs, sub-paragraphs) are to the Clauses (Sub-clauses, paragraphs, sub-paragraphs) of the Service T&Cs.

  7. A reference to a statute or statutory provision is a reference to it as it is in force as at the date of this Agreement and as amended by any subsequent statute or statutory provision.

  8. Any phrase introduced by the expressions including, includes, in particular or any similar expression shall be construed as illustrative only and shall not limit the sense of the words preceding those terms.

  9. The terms "controller", "processor", "personal data" and "process" shall be interpreted in accordance with the GDPR, or other applicable Data Protection Legislation in the relevant jurisdiction.

Schedule 2: Description of the Personal Data Processing

Purpose of Data Processing

The purpose of the processing of personal data is to provide the Customer with Service under the Agreement.

Categories of Data Subjects

The Customer may submit Personal Data to the Supplier, the extent of which is determined and controlled by the Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:

  • Prospective customers, customers, resellers, referrers, business partners, and suppliers of the Customer (who are natural persons);
  • Employees or contact persons of the Customer's prospective customers, customers, resellers, referrers, subcontractors, business partners, and Suppliers (who are natural persons);
  • Employees, agents, advisors, and freelancers of the Customer (who are natural persons);
  • Natural persons instructed by the customers of the Customer to use its services.

Categories of Personal Data

The personal data processed concern the following categories of data:

  • Identification data
  • Professional life data
  • Connection data or localization data (including IP addresses whether dynamic or not)
  • Customer support chats with users of Customer
  • Contact information
  • Usage data (e.g., service usage patterns, activity logs)
  • Preferences and interests (e.g., user settings, preferred features)
  • Other data provided by the Customer for processing by the Service, including special categories of personal data if such data is provided by the Customer (e.g., sensitive personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation).

Data Processing Operations

As appropriate for the provision of the Service by the Supplier to the Customer including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, anonymization, erasure or destruction of Personal Data for purposes of the provision of the Service by the Supplier to the Customer.

Duration of the processing

Customer Personal Data shall be retained for no longer than necessary for the purposes for which it was collected, in accordance with the Agreement, unless a longer retention period is required or permitted by law.

Sub-Processors

A list of DataCrunch's current Sub-Processors is available to Customer at https://trust.datacrunch.io/subprocessors. Customer hereby authorizes the Sub-Processors on the List.

Schedule 3: Technical and Organisational Security Measures

Technical Security Measures

The Supplier and the Customer agree to a shared responsibility model, in which both parties have their own responsibilities towards the security measures to ensure the confidentiality, integrity, and availability of personal data. This model is described in detail on the Supplier's publicly available documentation at https://docs.datacrunch.io/resources/shared-responsibility-model (the "Shared Responsibility Model"). The Shared Responsibility Model forms an integral part of this Agreement and is hereby incorporated by reference.

The Supplier will ensure the protection of the infrastructure that is responsible for the Service, inclusive of the hardware, software, networking, and facilities required in order to operate. This responsibility is regarded as security "of" the cloud.

Depending on the services engaged, the Customer is responsible for data security, regulatory and legal compliance, identity and access management, application security, operating system security, configuration and resource management, monitoring and incident response, and backup and disaster recovery. This responsibility is regarded as security "in" the cloud.

The Supplier agrees to implement the following technical security measures to ensure the confidentiality, integrity, and availability of the cloud:

Data Encryption

The Supplier will ensure the capability for the Customer to implement data encryption for at-rest data. The Supplier is not responsible for enabling or ensuring data encryption for at-rest or in-use data.

Access Control

Access to personal data shall be restricted based on role-based access control (RBAC) principles.

All users shall be authenticated using strong passwords.

Access logs shall be maintained for all activities involving personal data, and access to such logs shall be restricted to authorized personnel only.

Network Security

The Supplier shall maintain a firewall to protect internal systems from unauthorized external access.

Secure communication channels will be available to the Customer to transfer personal data with encryption (e.g. TLS, SSH)

Backup and Data Recovery

The Supplier does not provide a data recovery plan or procedure for the Customer.

Organisational Security Measures

The Supplier will adopt the following organisational measures to ensure compliance with data protection laws and maintain security standards:

Employee Training and Awareness

All employees with access to personal data shall receive regular training on data protection principles, security best practices, and their responsibilities regarding personal data.

Security awareness training will be conducted at least annually or when significant changes occur to the data protection practices or regulatory requirements.

Incident Response and Breach Management

The Supplier shall maintain an incident response plan that includes clear procedures for detecting, reporting, and managing data breaches.

Monitoring and Auditing

The Supplier shall perform regular security audits and assessments to verify compliance with internal security policies and applicable data protection regulations.

Regular monitoring will be conducted to detect and respond to potential security threats and vulnerabilities.

Auditing processes shall ensure that only authorized personnel have access to personal data and that access is appropriate and consistent with business needs.

Data Access and User Management

Personal data shall only be accessible to personnel who need it for legitimate business purposes.

User access shall be regularly reviewed and revoked when no longer necessary (e.g., upon termination of employment or contract).

Data Retention and Disposal

The Supplier will only retain data of any kind for as long as the Customer indicates. Removal of data occurs within 72 hours after the Customer removes the data.

Third-party and Sub-processor Security

The Supplier shall ensure that any third-party service providers or sub-processors involved in the processing of personal data implement appropriate security measures that meet or exceed the standards set out in this Schedule.

Physical Security Measures - Access Control to Facilities

Physical access to locations where personal data is stored or processed (such as data centres or offices) shall be restricted to authorized personnel only.

The Supplier shall implement keycard access systems, biometric authentication, or other appropriate physical security measures at all entry points to facilities where personal data is stored.

Environmental Security

Data centres or facilities that store personal data shall be equipped with fire suppression systems, climate control to prevent overheating, and backup power (e.g., UPS systems) to ensure that data is not lost or corrupted due to power failure.