Website in development + BETA.TESTING ...
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas ac mattis purus, in faucibus turpis. Mauris mauris dolor, ultricies et elit sed, tempus egestas sem.
Please read these Terms and Conditions carefully. All contracts that the Provider may enter into from time to time for the provision of the Hosted Services[ and related services] shall be governed by these Terms and Conditions[, and the Provider will ask the Customer for the Customer's express written acceptance of these Terms and Conditions before providing any such services to the Customer].
The parties acknowledge and agree that the use of the Mobile App, the parties' respective rights and obligations in relation to the Mobile App and any liabilities of either party arising out of the use of the Mobile App shall be subject to separate terms and conditions, and accordingly these Terms and Conditions shall not govern any such use, rights, obligations or liabilities.
Nothing in these Terms and Conditions shall operate to assign or transfer any Intellectual Property Rights from the Provider to the Customer, or from the Customer to the Provider.
without prejudice to the parties' other legal rights.
providing that, if the stated time of deemed receipt is not within Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time.
[Specify the categories of data subject whose personal data may be processed]
[Specify types of personal data to be processed]
[Specify purposes for which personal data may be processed]
[Specify the security measures used to protect personal data]
[Identify sub-processors of personal data]
This is a short-form SaaS terms and conditions, with support and maintenance provisions.
The document sets out the basis upon which a customer may use a hosted software system. Rights of usage are expressed both positively, stating what the customer is permitted do do, and negatively, with a list of limitations and prohibitions. Usage may optionally be governed by a distinct acceptable use policy (set out as a schedule to this document).
The maintenance and support provisions in the T&Cs are comparatively short and simple: unlike in the standard and premium versions of this document, there are no SLAs setting out the details of how support and maintenance will be provided.
Standard confidentiality are included. This document also includes provisions designed to help both parties to comply with the General Data Protection Regulation (GDPR), which is in force from 25 May 2018.
The document has been designed for B2B (rather than B2C) SaaS arrangements.
Optional element.
Subsection: Execution of contract by first party (individual, company or partnership)
Subsection: Execution of contract by first party (individual, company or partnership)
Definition of Business Day
Definition of Business Day
Definition of Business Hours
Definition of Charges
Definition of Customer Confidential Information
Definition of Customer Data
Definition of Customer Personal Data
Definition of Documentation
Definition of Effective Date
Definition of Force Majeure Event
Definition of Hosted Services
Definition of Hosted Services Defect
Definition of Hosted Services Specification
Definition of Mobile App
Definition of Platform
Definition of Provider
Definition of Services
Definition of Services Order Form
Definition of Support Services
Definition of Supported Web Browser
Definition of Term
Definition of Update
Definition of Upgrade
Optional element.
Optional element.
Optional element.
Optional element.
Clause 3.8Optional element.
Optional element.
Optional element. Will the Provider have an obligation to give to the Customer prior written notice of the application of an upgrade?
Optional element. Will the Provider have an obligation to give to the Customer prior written notice of the application of an upgrade?
Optional element.
Optional element. Will the Provider have a right to suspend the maintenance services in the event that the Customer fails to pay any amount due under the contract?
Optional element.
Clause 5.3Optional element.
Optional element.
Optional element.
Clause 5.6Optional element.
Optional element.
Clause 5.3Optional element.
Optional element.
Optional element.
Clause 5.6Optional element.
Optional element.
Optional element.
Optional element.
Clause 9.2Optional element.
Optional element. Will the Provider be permitted to vary the charges, or any element of the charges, in any circumstances?
Optional element.
Optional element.
Optional element.
Optional element.
Clause 11.1Will the Provider process personal data on behalf of the Customer?
This provision is designed to help the parties to a data processing arrangement to comply with the General Data Protection Regulation (GDPR), in force from 25 May 2018.
In addition to a set of specific requirements, the GDPR includes a general obligation on data controllers to ensure compliance:
"Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject." (Article 28(1))
One aspect of ensuring compliance is the use of an appropriate written contract:
"Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller." (Article 28(3))
The drafting in these provisions closely reflects the language of the GDPR.
Clause 12.1Optional element.
Clause 12.2Optional element.
Clause 12.3Article 28(2)(a) of the GDPR provides that the controller-processor contract must stipulate that the controller "processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation ... ".
Clause 12.4Article 28(2)(a) of the GDPR provides that the controller-processor contract must stipulate an exception to the general rule that personal data may only be processed on the data controller's instructions: " ... unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest".
Note the distinction between "Union or Member State law" in the GDPR and "applicable law" in the draft provision. There is a possibility of conflict between legal obligations here. Similarly, if applicable law prohibits the notification to the controller of legally-mandated processing, then in principle that might not be on "important grounds of public interest".
Clause 12.5Article 28(3)(b) of the GDPR provides that the controller-processor contract must stipulate that the processor "ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality".
Clause 12.6Article 28(3)(c) of the GDPR provides that the controller-processor contract must stipulate that the processor "takes all measures required pursuant to Article 32".Article 32 provides that:
Article 32 provides that:Article 28(2) of the GDPR provides that: "The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes".
Article 28(4) provides that: "Where a processor engages another processor for carrying out specific processing activities on behalf of the controller, the same data protection obligations as set out in the contract or other legal act between the controller and the processor as referred to in paragraph 3 shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of this Regulation. Where that other processor fails to fulfil its data protection obligations, the initial processor shall remain fully liable to the controller for the performance of that other processor's obligations."
Article 28(3)(d) provides that the controller-processor contract should stipulate that the processor "respects the conditions referred to in paragraphs 2 and 4 for engaging another processor".
Clause 12.8Article 28(3)(e) of the GDPR provides that controller-processor contracts must stipulate that the processor "taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III".
Clause 12.9Article 28(3)(f) of the GDPR provides that the controller-processor contract must stipulate that the processor "assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor".
Clause 12.10Article 28(3)(h): the contract must require that the data processor "makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article...". The draft clause here is wider, covering compliance with any data protection legislation.