General Terms and Conditions for AIVAN INNOVATION’S Services
Last Updated Date 10th November, 2022
1.1 These general terms and conditions (the “Terms”) apply to the Agreement between Aivan Innovations Oy (“Zefort”) and the Customer regarding Zefort's Services. They constitute an appendix to the Agreement and form an integral part of the Agreement. In the event of a conflict between these Terms and the provisions of the Agreement, the provisions of the Agreement shall prevail.
1.2 Zefort may amend the Terms from time to time at its own discretion and shall notify the Customer of such changes at the latest thirty (30) days before such changes enter into force. If the Customer does not accept the changes, the Customer shall notify Zefort hereof within ten (10) days of receipt of the notification. Each Party may then, at its own discretion, terminate the Agreement.
Affiliates: Party’s officers, directors, employees, agents, service providers, licensors, sub-contractors and entities which are controlled by, controlling or under common control with such entity.
Agreement: The agreement between Zefort and the Customer under which the Customer engages Zefort to supply the Services.
Content: Any Customer documents, content and data stored and processed by Zefort for the Services
Customer: Zefort’s customer under the Agreement.
Data protection legislation: the data protection legislation framework applicable to the Controller, including but not limited to the General Data Protection Regulation (EU) 2016/679 (the GDPR) applicable from 25 May 2018. The Data protection legislation is also applicable national law regulating the Processing of Personal Data.
Digital Signature: refers to agreement signing with the aid of the mobile identification mechanisms or other electronic identification methods approved by legislation, or a separate signature mechanism determined by the Zefort and provided by a third party
Party/Parties: Zefort and/or the Customer.
Production Environment: an instance of the system which is used by Customer for live support of its business.
Services: The Services supplied by Zefort to the Customer under the Agreement.
Test Environment: an instance of the system which is used for testing and evaluating the system or components of the system separately from the Production Environment.
Working Day: Monday to Friday excluding public holidays in the applicable territory where the Service is provided by Zefort.
Zefort: Aivan Innovations Oy.
Controller, Data Subject, Personal Data, Processor, Processing, Personal Data Breach, Supervisory Authority and Third Party have the meanings described in applicable Data protection legislation.
3. CUSTOMER'S RESPONSIBILITY
3.1 Zefort will provide the Customer with user names and passwords (log-in credentials) in order for the Customer to gain access to Services provided online (such as the possibility for the Customer to view and edit contracts which are stored in the Service).
Electronic identification shall take place in Digital Signature that meets the high security level criteria referred to in Article 8, paragraph 2, subparagraph b in the EU Regulation No 910/2014 on electronic identification and trust services or the high security level.
The Customer is responsible for all handling of electronic identification, user names and passwords and undertakes in particular to not disclose the electronic identification, user names and/or passwords to any unauthorized person or otherwise allow any unauthorized person to access the Services under the Customer’s electronic identification, user names and/or passwords.
If the Customer has reason to believe that an unauthorized person has gained access to the Customer’s user names and/or passwords the Customer must immediately inform Zefort. The Customer is responsible for ensuring that all the Customer’s personnel comply with the provisions of this section.
3.2 The Customer is responsible for all use of the Services under the usernames and/or passwords provided to Customer by Zefort.
3.3 The Customer is responsible for properly configuring the Services. Zefort log-in credentials are for Customer’s internal use only and the Customer may not sell, transfer or sublicense them to any other entity or person, except in situation where the customer may disclose their log-in credentials to their affiliates or third party consultants performing work on the Customer’s behalf.
3.4 The Customer shall take care of acquiring and maintaining hardware, software and telecommunication links required by the Services as well as of other technical equipment relating to the use of the service and costs related to them. Zefort recommend using the newest browser versions to maintain user’s data security and general functionality of the Services.
3.5 The Customer is responsible for the quality of all content provided to Zefort. When using the Services, such as e.g. when uploading content to Zefort’s server, the Customer shall follow instructions provided by Zefort from time to time.
3.6 Regardless of delivery method (which may include but is not limited to delivery via e-mail or by the Customer uploading content directly to Zefort’s servers) the transfer of content from the Customer to Zefort is at the Customer’s risk.
3.7 The Customer is responsible for ensuring that exporting the Services, or service features, for example Electronic Signature, to a country of operation does not violate any prohibitions or permits and service features are applied according to a country and agreement domain specific requirements.
3.8 The Customer guarantees that it owns or otherwise controls all necessary rights to the Content for the purpose of Zefort providing the Services. The Customer shall indemnify and hold harmless Zefort from any claims regarding infringements of a third party’s rights attributable to the Content.
The Customer agrees to not provide Zefort with any Content (including but not limited to by uploading Content to Zefort’s servers) which (i) contains viruses, corrupted data, malicious software or other programs that may harm computers or other property or (ii) is defamatory, constitutes agitation against an ethnic group, infringes the rights of any third party or is otherwise unlawful. Zefort has the right to immediately remove from Zefort’s servers any Content that Zefort in its sole discretion deems is in breach of this section or the Terms otherwise. Zefort shall without undue delay notify the Customer thereof.
4. ZEFORT'S RESPONSIBILITY
4.1 If the Parties have entered into a Service Level Agreement (SLA), Zefort’s responsibility for Services is regulated in such SLA. These Terms shall equally apply to such SLA, unless otherwise stated therein.
4.2 If the Parties have not entered into a SLA, Zefort assumes no liability for the accessibility or other functionality of the Services.
4.3 Zefort will, as part of the Services
(i) provide Services in line with the security descriptions on Zefort’s web page (https://zefort.com/security/ )
(ii) provide the Customer with Zefort’s standard customer support services during Working Days;
(iii) follow its back-up processes by taking back-ups of Content and
(iv) notify the Client if it becomes aware of any incident affecting the security of the Service or the Content.
5. PROPRIETARY RIGHTS
5.1 All copyright, patent or other intellectual property rights attributable to the Services are owned by or licensed to Zefort. The Services, and any software included therein, may only be used by the Customer and its affiliates during the Term and as described in the Agreement and may only be copied or otherwise reproduced by the Customer to the extent it is permitted by Zefort in writing.
5.2 Without limiting the generality of the foregoing, in the event that Zefort as part of the Services delivers any services, material or applications tailored for the Customer (“Customer Applications”), Zefort shall be the sole owner of all such Customer Applications and the Customer may only use the Customer Applications during the term of the Agreement. The Customer may not use any Customer Applications upon expiry of the Agreement without Zefort’s prior written consent.
5.3 For clarity, neither Party shall acquire any right under the Agreement to the other Party’s trademarks, product trademarks, distinctive marks and other symbols which are used in connection with the Services and any use of such marks or symbols of the other Party requires such Party’s prior written consent. All Customer content is, and shall remain, the property of the Customer.
5.4 The Customer may not use Zefort Product, Service or Technology in any manner or for any purpose other than as expressly permitted by this Agreement. The Customer may not attempt to, (a) modify, alter, tamper with, repair, or otherwise create derivative works of any software included in the Services (except to the extent software included in the Services are provided to the Customer under a separate license that expressly permits the creation of derivative works), (b) reverse engineer, disassemble, or decompile the Services or apply any other process or procedure to derive the source code of any software included in the Services, (c) access or use the Services in a way intended to avoid incurring fees or exceeding usage limits or quotas, or (d) resell or sublicense the Services (except agreed under a separate license that expressly permits the resell or sublicense of Zefort services). All licenses granted to the Customer in this Agreement are conditional on Customer’s continued compliance with this Agreement, and will immediately and automatically terminate if Customer do not comply with any term or condition of this Agreement. During and after the term, the Customer will not assert, nor will authorize, assist, or encourage any third party to assert, against Zefort or any of Zefort’s affiliates, customers, vendors, business partners, or licensors, any patent infringement or other intellectual property infringement claim regarding any Services the Customer have used.
6. DATA PROCESSING AND PERSONAL DATA
6.1 From data processing viewpoint Zefort is regarded as Processor, Customer as Controller.
6.2 The Processor undertakes to Process Personal Data in accordance with these Terms and the Controller’s instructions as set out below, solely for purposes of providing the services under the Agreement. In addition, the Processor may use the Personal Data and other content that the Customer has stored (Customer Data) in the Service internally under the agreed confidentiality obligations for development purposes to improve and optimize its services to the Customer. Personal Data and other Customer Data may not in any way be processed for any other purposes.
6.3 In addition to the Agreement and these Terms which shall form part of the Controllers instruction, the instructions with respect to the nature and content of the Processing are as follows:
- General nature and purpose of the Processing:
The Processor Process Personal Data in accordance with the Agreement and for the purpose of providing the Services under the Agreement.
- Categories of Data Subjects:
The Controller may submit Personal Data to the Processor which may include, but is not limited to, the following categories of Data Subjects:
- The Controller itself
- Controller end-customers
- Controller employees, other staff and corporate representatives
- Property owners
iii. Categories of Personal Data
The Controller may submit Personal Data to the Processor which may include, but is not limited to, the following categories of Personal Data:
- Personal identification (gender, name, surname, birthplace, citizenship, date of birth, pictures, passport numbers, national identification numbers, marital status, signature)
- Contact information (address, email, phone number)
- Financial information (bank account information, bank statements, credit card number)
- Property information (address, land-register reference
- Device information (Internet Protocol (IP) address, MAC address, domain addresses, recipients of data packages, Cookie information, system logs, website history, account information, geolocation data)
- Employment information (job title, function, name of employer, salary, benefits)
6.4 The Processor shall maintain a record of all categories of Processing activities carried out on behalf of the Controller containing:
- the name and contact details of the Processor and of the Controller, and, where applicable, of the Controller's or the Processor's representative, and the data protection officer;
- the categories of Processing carried out on behalf of the Controller;
iii. where applicable, transfers of Personal Data to a third country or an international organisation, including the identification of that third country or international organisation;
- where possible, a general description of the technical and organisational security measures referred to in Section 6.5.
6.5 The Processor guarantees that is has implemented appropriate technical and organizational measures providing a level of security that is appropriate, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedom of the Data Subjects.
6.6 In assessing the appropriate level of security, account shall be taken of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed.
6.7 The Processor shall ensure that any personnel, consultants or other persons entrusted with Processing Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. This section shall continue in force after the expiry or termination of the Agreement.
6.8 If the Processor suspects or becomes aware of any Personal Data Breach or any other circumstance, within its own control, in which the Controller or Processor is required to act under applicable Data protection legislation, the Processor shall without undue delay notify the Controller thereof by email or other appropriate means of communication.
6.9 The Processor shall, where appropriate, investigate the Personal Data Breach and take appropriate measures to rectify the breach, identify its root causes and prevent a recurrence.
6.10 The Processor undertakes to assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the Data Subject's rights laid down in the Data protection legislation. The Processor shall be entitled to reasonable compensation for its assistance according to this Section 6.10
6.11 Should any Personal Data become subject to search and seizure, an attachment order, confiscation during bankruptcy or insolvency proceedings or similar, the Processor shall inform the Controller immediately by email or other appropriate means of communication. The Processor shall use its best efforts to protect the Controller’s Personal Data and notify the Third Party with access to the Personal Data that the affected Personal Data is confidential information.
6.12 The Controller is entitled to, upon reasonable notice, audit in a manner mutually agreed with the Processor, the Processor’s (and any Sub-processor’s) compliance with these Terms. The Processor shall make available all information necessary to demonstrate compliance with these Terms and shall assist the Controller in such audits. The Processor shall be entitled to reasonable compensation of any audits carried out by the Controller.
6.13 The Processor may not Process or transfer Personal Data to a third country outside of the EU/EEC.
6.14 The Processor may engage Sub-processors for the Processing of Personal Data. The Processor shall maintain an up-to-date list of Sub-processors here: https://zefort.com/security/ The Processor shall ensure that a data processing agreement is concluded with the Sub-processor which includes obligations on the Sub-processor not less strict than the Processor’s obligations under these Terms. The Processor is fully liable for the performance of any Sub-processors Processing of Personal Data.
6.15 If the Processor receives objections from the Controller regarding changes of Sub-processors according to Section 6.14 or otherwise receives instructions or demands from the Controller, not covered by these Terms, the Processor shall be entitled to reasonable compensation in order to comply with any such objections or instructions.
6.16 The parties agree that where the applicable Data protection legislation changes as a result of legislative, regulatory or judicial developments, thereby altering the parties’ legal rights and/or obligations, or impacting either party’s ability to perform its rights and/or obligations under these Terms, the parties will negotiate in good faith the Terms to comply with the new developments with the goal to continue the commercial relationship between the parties.
6.17 After the termination of the Agreement, the Processor shall delete all Personal Data and other Customer Data, or if requested in writing within thirty (30) days from termination by the Controller, return them to the Controller, and delete existing copies of it, unless the applicable legislation requires the Processor to store the Personal Data.
7.1 Zefort may change, discontinue, or deprecate any of the Service offerings (including the Service offerings as a whole) or change or remove features or functionality of the Service offerings from time to time. Zefort will notify the Customer of any material change to or discontinuation of the Service offerings. However, if Zefort changes, discontinues or deprecates its Service offerings [any APIs (Application Programming Interface)] for the Services from time to time, Zefort will use commercially reasonable efforts to continue supporting the previous version of any API changed, discontinued, or deprecated for 12 months after the change, discontinuation, or deprecation (except if doing so (a) would pose a security or intellectual property issue, (b) is economically or technically burdensome, or (c) is needed to comply with the law or requests of governmental entities).
8. FEES AND PAYMENT TERMS
8.1 The fees shall be set out in the Agreement and Appendices.
8.2 All fees shall be invoiced in the currency set out in the Agreement.
8.3 If an invoice is more than thirty (30) days overdue and the Customer has not paid such invoice within ten (10) days from a reminder, Zefort is entitled to immediately suspend provision of the Services.
8.4 Value added tax will be added to all fees to the extent required by law. In the event that value added tax is not initially charged, Zefort shall be entitled to charge value added tax at a later stage should relevant tax authorities decide that value added tax should be charged.
8.5 Zefort reserves the right to amend the fees in the Agreement and Appendices.
9. NO WAIVERS
9.1 The failure by either Party to enforce any provision of this Agreement will not constitute a present or future waiver of such provision nor limit such Party's right to enforce such provision at a later time. All waivers by a Party must be in writing to be effective.
10.1 Each Party shall be entitled to terminate the Agreement by written notice with immediate effect if:
(i) the other Party is in material breach of the Agreement and does not remedy such breach (where possible to remedy) within thirty (30) days from written notice thereof,
(ii) the other Party is declared bankrupt, enters into liquidation, commences proceedings for a corporate reconstruction and/or when it otherwise becomes apparent that a Party is insolvent in some other way,
(iii) if Zefort’s relationship with a third party partner who provides software or other technology Zefort uses to provide the Services expires, terminates or requires Zefort to change the way they provide the software or other technology as part of the Services,
(iv) if Zefort believes providing the Services could create a substantial economic or technical burden or material security risk for Zefort,
(v) in order to comply with the law or requests of governmental entities.
11. EFFECT OF TERMINATION
11.1 Upon termination of the Agreement, all rights under this agreement to use Zefort services will immediately terminate.
11.2 Upon termination of the Agreement, Zefort will delete all content provided by the Customer, unless the Customer notifies Zefort otherwise within thirty (30) days from the termination of the Agreement. The Customer shall compensate Zefort for any additional costs resulting from the Customer's instructions regarding handling of the content.
11.3 Upon termination of the Agreement, the customer is responsible for all fees and payments incurred through the date of termination, including fees and payments for agreed in-process tasks completed after the date of termination.
12. DISCLAIMER OF WARRANTY
12.1 Using big data, artificial intelligence, machine learning, modelling techniques as well as professional expertise, the insights, points of view, learning modules and other data should be correct in the assessment, but are directional in nature and may not suit for all particular needs, therefore cannot be relied on. Zefort is not liable for the outcomes or results out of use of them and they cannot be construed as specific advice.
12.2 Zefort does not give warranties and is not responsible for damage, loss of data or other harm that results from use of the Services.
12.3 Zefort is not responsible for any disturbances the Services may cause to any other software when the Services are used together with such software or otherwise.
12.4 Zefort is not liable for any delay or disruption in transmission of content or malfunctions caused by (i) the quality of the content provided to Zefort, (ii) the Customer’s mistake when uploading content (whether in breach of Zefort’s instructions or not), including but not limited to the Customer providing incorrect format information when uploading content or (iii) otherwise by the Customer’s incorrect use of the Services.
13. LIMITATION OF LIABILITY
13.1 Neither Party shall be liable for any loss of profits, loss of production, reduced turnover in business and similar costs or losses or any other indirect damages. Neither Party shall be liable for damage caused by the acts or omissions of the other Party. Both Parties’ maximum liability for any event is limited to direct damages up to an amount corresponding to one month´s fee for the Services.
13.2 Each Party shall present any claims against the other Party at the latest three (3) months from the date when the Party discovered, or should have discovered, the reason for the claim.
14. FORCE MAJEURE
14.1 If a Party is prevented from fulfilling its commitments in accordance with the Agreement, by circumstances beyond its control that it could not reasonably be expected to have foreseen, and the result of which the Party could not reasonably be expected to have avoided or overcome such as including but not limited to strike, labour conflict, war, warlike hostilities, insurrection or riot, mobilization or general military call-up, civil war, requisition, seizure, fire, lightning, earthquake, flood or water damage, altered decisions by authorities, intervention by authorities, legislation or official restrictions, currency restrictions, export or import restrictions, general shortage of goods, lack of bandwidth and faults or delays in services from a subcontractor, such Party shall be relieved from liability for a failure to perform any obligation under the Agreement.
14.2 Any Party that invokes relief in accordance with the above shall inform the other Party thereof without delay. If the performance of any obligation is prevented for a period longer than three (3) months as a result of any such circumstance stated above, each Party is entitled to terminate the Agreement free from liability to compensate the other Party.
15.1 Zefort shall be entitled to engage subcontractors to fulfil its undertakings under the Agreement. Zefort shall be responsible for all work performed by the subcontractor as though the work had been performed by Zefort.
16.1 Each Party may assign its rights or obligations under the Agreement to an affiliated company or to an entity to which such Party has transferred its business operations.
17.1 Each Party undertakes not to disclose to any third-party details of the Agreement or information regarding the other Party’s activities which may be deemed as business or professional secrets, without the other Party’s express written consent. Information which the Party states to be confidential will always be deemed to be business or professional secrets. The duty of confidentiality does not include such information which a Party can prove has come to its knowledge other than through the Services, or which is generally known, nor does the duty of confidentiality apply where a Party is obligated under law to supply the information.
17.2 Each Party undertakes to supervise that employees or other engaged persons do not convey confidential information to any third party.
17.3 The duty of confidentiality shall apply during the Term of this agreement and three (3) years thereafter. Customer’s Content shall be confidential information of the Customer and confidentiality obligations by Zefort in relation to Content shall remain perpetually.
18.1 All PR, public announcements and marketing with respect to the Agreement shall be jointly approved by the Parties. Zefort shall however be entitled to publish the Customer's name and logotype on its website and to refer to the Customer as Zefort’s customer in marketing and promotion material.
19.1 The Customer will defend and indemnify Zefort, Zefort’s affiliates, and each of their respective employees, officers, directors, and representatives from and against any direct out of pocket damages, costs, and expenses (including reasonable legal fees) relating to any claim by an independent third party alleging that (i) the Customer’s use of the Services (including any activities under Customer’s Zefort account and use by Customer’s employees and personnel) in violation of this Agreement or in violation of applicable law by the Customer or (ii) Customer’s Content, including any claim involving alleged infringement or misappropriation of third-party rights by Customer’s Content or by the use, Customer’s Content; breaches such third party’s rights.
19.2 Zefort will defend and indemnify the Customer, Customer’s affiliates, and each of their respective employees, officers, directors, and representatives from and against any direct out of pocket damages, costs, and expenses (including reasonable legal fees) relating to any claim by an independent third party alleging that the Services or Customer’s use thereof (including any activities under Customer’s Zefort account and use by Customer’s employees and personnel) breach (i) any third party intellectual property or other rights; or (ii) any applicable law to the extent such breach is attributable to Zefort.
20.1 Any notice given by one Party to the other shall be deemed properly given if specifically acknowledged by the receiving Party in writing (e-mail is sufficient provided it comes from an official account) or when delivered to the receiving Party by hand, registered mail or courier during normal business hours.
20.2 Notice is considered to be delivered one day after it is sent, if by official e-mail or by next day delivery by a major commercial delivery service.
21. GOVERNING LAW AND DISPUTES
21.1 This Agreement and any non-contractual obligations arising out of or in connection with it shall be governed by substantive Finnish law, excluding the choice-of-law principles.
21.2 Any dispute, controversy or claim arising out of or in connection with the Agreement or any non-contractual obligation arising out of or in connection with the Agreement shall be finally settled by arbitration administered by the Arbitration Institute of the Finland Chamber of Commerce. The place of arbitration shall be Helsinki, Finland. The language used in the proceeding shall be English, unless the Parties agree otherwise.
21.3 The Rules for Expedited Arbitrations shall apply where the amount in dispute does not exceed EUR 100,000. Where the amount in dispute exceeds EUR 100,000 the Arbitration Rules shall apply. The Arbitral Tribunal shall be composed of a sole arbitrator where the amount in dispute exceeds EUR 100,000 but not EUR 1,000,000. Where the amount in dispute exceeds EUR 1,000,000, the Arbitral Tribunal shall be composed of three arbitrators.