From 2e3ded47f4f3d15086f40f847cadd2576c121716 Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 16:53:25 +0200 Subject: [PATCH 01/10] update --- content/legal-documents/gtc.md | 162 +++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) diff --git a/content/legal-documents/gtc.md b/content/legal-documents/gtc.md index d38c9c69..b0f169ce 100644 --- a/content/legal-documents/gtc.md +++ b/content/legal-documents/gtc.md @@ -1 +1,163 @@ # General Terms & Conditions (GTC) + +1. Introduction + + 1. These General Terms and Conditions ("**GTC**") together with the other documents referenced herein govern the legal relationship (the "**Agreement**") between STAKATER  ("**STAKATER**") and the customer of STAKATER ("**Customer**", each a "**Party**" and together the "**Parties**"). + + 1. These GTC apply to all legal relationships between the parties. + +1. Scope of Services + + 1. The scope of services provided by STAKATER is determined by the specific details outlined in the contractual orders, service descriptions, and relevant service level agreements (SLAs). + + 1. Customers may request new service orders or extensions to existing agreements from STAKATER, subject to the agreed-upon terms and pricing. Once STAKATER confirms the order and both parties mutually agree in writing (through formal or e-signatures), the order becomes binding. + + 1. STAKATER may provide additional services beyond the agreed-upon support scope or charge for additional expenses incurred due to the Customer's inadequate performance of its obligations. These additional services and expenses will be charged based on STAKATER's current hourly rates. + + 1. STAKATER has the right to modify its services, including the SLA, at any time. If these changes affect the services purchased by the Customer, STAKATER will provide written notice at least one month before the changes take effect. If the Customer does not indicate their refusal to the changes prior to the proposed date of effect, their consent will be assumed. + +1. STAKATER’s Obligations + + 1. The Services, as defined in the Agreement, will be delivered by STAKATER with professionalism and reasonable care in accordance with the current standards of the industry. + + 1. Upon timely payment of the agreed remuneration, STAKATER grants the Customer a non-exclusive right to use the Services for its own purposes during the term of the Agreement, subject to compliance with applicable laws and the terms of the Agreement. + + 1. Any usage by third parties, including affiliates of the Customer, requires prior written consent from STAKATER. + +1. Customer’s Rights and Obligations + + 1. STAKATER will provide the Services to the Customer in compliance with the law, the agreed scope of work and services levels as per the agreement. The services shall be extended with the required professionalism and skill set that meets the industry standards. + + 1. The Customer is responsible for taking all necessary actions to enable STAKATER to perform the Services as agreed upon in the Agreement. This includes, but is not limited to, providing access to systems, designating responsible roles, documenting emergencies and error messages, informing STAKATER of planned changes, using approved software versions and hardware, cooperating with STAKATER in error analysis and correction, securing data and software, ensuring authorization to use third-party products, enabling maintenance windows for STAKATER, and fulfilling other obligations set forth in the service description and SLA.It is important to note that any usage of the Services by third parties, including group companies of the Customer, requires the express written consent of STAKATER. + + 1. The Customer is responsible for ensuring the accuracy of all data transmitted to STAKATER. + + 1. The Customer must immediately inspect the Services upon completion to verify their correctness, completeness, and functionality. In the event of any defects, malfunctions, or interruptions, the Customer must inform STAKATER immediately. + + 1. The Customer must take all necessary measures to prevent unauthorized access to its own and third-party systems and comply with all applicable provisions of data protection and copyright law. + + 1. Stakater services are meant to be offered only for legal purposes, allowed by law. The Customer is not allowed to use the Services to commit or support criminal acts, and must assume complete responsibility and take necessary actions to prevent criminal use by its own users or its third parties. + + 1. If a third party claims a violation of rights by the data, content, and/or information provided by the Customer, STAKATER is entitled to suspend the data, content, and/or information as appropriate and permissible under the GTC or Framework Agreement. + +1. Invoicing and Payment + + 1. Unless otherwise agreed, STAKATER will invoice the Services quarterly in advance. + + 1. Payment for the Services is due within 15 days of invoice issuance. Invoices that are not contested by the Customer in good faith and with reasons stated by the due date will be deemed accepted and processed for payment. + + 1. Services requested by the Customer that were not specifically priced will be invoiced based on STAKATER's standard rates at the time the Agreement was concluded. + + 1. Travel and logistics expenses will be the responsibility of the Customer and will be invoiced as per actual. + + 1. If the Customer fails to make full payment by the end of the payment period, they will be liable to pay late payment fees on outstanding charges. + + 1. After the payment period expires, STAKATER has the right to discontinue Services and/or terminate the Agreement without notice or compensation. The Customer will be charged for STAKATER's expenses related to any adjustments, debt collection costs, court and legal fees. + + 1. The Customer is not authorized to assert or lodge a settlement. + + 1. STAKATER can change its service charges with one-month notice period, effective at the end of the following month unless a term commitment has been agreed between Stakater and customer. For term commitment contracts, charges shall be locked for the agreed term. However, early termination / exist charges shall be applicable for premature termination. + +1. Term of agreement and Termination + + 1. Services orders are established for a specific duration and may be terminated in writing after that, subject to the notice period. Unless agreed otherwise, the minimum term is 12 months, and the notice period is three months. + + 1. Both parties have the right to terminate the Agreement or specific orders immediately for cause, which can arise if the Customer utilizes the Services in a manner that violates the law, Agreement, or its purpose; or if the Customer makes them accessible to unauthorized third parties. If there is a reasonable suspicion that the Customer is insolvent, immediate termination for cause can occur by Stakater for customer’s inability to pay for services. + + 1. Customer's access to STAKATER's Services is immediately revoked after termination of the Agreement. + + 1. The Customer is solely responsible to ensure continuity of their own systems and backing up their data during and before termination of contract. Upon request, STAKATER can assist the Customer in transferring services and data to their own or third-party systems and may charge standard rates for the service. + +1. Legal Warranty + + 1. STAKATER guarantees that the Customer's use of its services in compliance with the law and the Agreement does not violate any third-party intellectual property rights. + + 1. If a third-party claims that their intellectual property rights have been violated by the Customer’s use of Stakater’s services, except if the customer is using other service(s) as a combination to Stakater’s services that fall under is intellectual property rights violations, STAKATER will defend the Customer against such a claim at its own expense if the customer: + + 1. notifies STAKATER immediately in writing within 03 working days of such event. + + 1. allows STAKATER to control the defense and any settlement negotiations, and + + 1. supports STAKATER appropriately by providing all required information and evidences.Failure by the Customer to meet his obligation will result in the loss of any claim against STAKATER. + + 1. If STAKATER believes that the use of the Services by the Customer violates or is likely to violate the intellectual property rights of a third party, STAKATER has the right to choose between the following actions: + + 1. modify the Services so that no intellectual property rights are infringed, + + 1. obtain the right for the Customer to continue to use the Services, + + 1. replace the Services with other Services that do not infringe any third-party intellectual property rights and that meet the Customer's requirements or are equivalent to the replaced Services, or + + 1. revoke the Services and reimburse the Customer for any advance payments, minus a reasonable amount for use and loss of value.d. The Customer will not be entitled to any legal warranty claims if the infringement of third-party intellectual property rights is due to the use of the Services under conditions other than those contractually provided or if the infringement is based upon an action by Customer or his request. + +1. Material Warranty + + 1. STAKATER assumes no warranty for disruptions or failures of the Services which are out of its control and fall under force majeure. + + 1. If there are dependencies to third parties (such as IT infrastructure of third-party providers) or if the disruption or failure was caused by the Customer or by a person attributable to him. + + 1. STAKATER provides no guarantee that the data, content and / or information transmitted by the Customer to the servers of STAKATER remain available after the termination of this Agreement. + +1. Acceptance, Defect Rectification and SLA + + 1. Customer shall inspect the Work / services during or immediately after delivery. The same shall also apply to the delivery of part of a Work, whereby defects in part of a Work may no longer be notified in the case of delivery of the entire Work. The inspection period lasts a maximum of five working days from delivery of the respective Work by STAKATER. + + 1. The Customer is required to promptly notify STAKATER in writing of any significant defects caused by STAKATER that prevent the use of the work, during the inspection period of the relevant Work immediately after discovery. This notification should be done in a way that the significant defects are comprehensible and reproducible for STAKATER. If a significant defect claimed by the Customer is not comprehensible and reproducible, it will not be considered a relevant significant defect. + + 1. It is important to note that any non-substantial defects, which only hinder the use of the Work, will not hinder the acceptance of the Work. + + 1. The significant defects reported by the Customer to STAKATER during the inspection period must be remedied by STAKATER within a reasonable period. If the substantial defects are remedied within the said period, acceptance shall be deemed to have been affected after the expiry of said period. + + 1. If STAKATER is not immediately able to remove such defect and the usability of the Services is significantly reduced or compromised, both parties shall agree for a period to remove the defects. If Stakater is still not able to make the defects good and as per agreed standard, the Customer can withdraw from the services Agreement. + +1. Liability and Indemnification + + 1. STAKATER is liable to the Customer for damages caused intentionally or by its gross negligence. The liability of STAKATER for damages caused negligently but unknowingly, or damage caused by auxiliary persons is excluded, as far as legally permissible. + + 1. The Customer is responsible for the legally and contractually compliant use of the Services he has obtained. STAKATER is not liable for damages resulting from use in violation of the law or the Agreement, and the Customer is liable for all damages incurred by STAKATER as a result. The Customer shall indemnify STAKATER for all damages resulting from breach of Agreement or rights, including third-party claims and any legal and attorney’s fees. + + 1. STAKATER is not liable for service delays or disruptions and damages that arise due to events that are not the responsibility of STAKATER or that make the performance significantly more difficult or impossible and that cannot be avoided, such as natural disasters of any kind, pandemics, riots, blockade, fire, civil war, embargo, earthquakes, hostage taking, war, revolution, sabotage, strikes, terrorism, traffic accidents or production disruptions, such as the failure of communication networks and gateways of other operators. + +1. Confidentiality + + 1. STAKATER undertakes to treat Customer data with care. Customer gives STAKATER its consent that its data may be used for the fulfilment of contractual obligations and may be used in anonymous form to improve the services and products of STAKATER. + + 1. Both Parties undertake to treat as confidential all information not generally known which they have learned from the other Party or about its Customers and business relations in connection with the provision of their services within the scope of the contractual relationship. Furthermore, they undertake not to make such information available to third parties, either in whole or in part, nor to publish such information, unless and to the extent as the other Party expressly permits this, this becomes necessary due to a court order or legal obligation or this is necessary for the execution of the Agreement. + + 1. If the Customer processes or discloses personal data within the meaning of the Data Protection Act in the context of the use of the STAKATER Services, the Customer will first obtain the necessary consent of each affected individual. + +1. Data Protection and Security Measures + + 1. STAKATER agrees to a data processing agreement with the Customer + + 1. STAKATER processes Customer personal data in accordance with the applicable data protection law. STAKATER collects, stores and processes only data that is required for the provision of the Services, for the handling and maintenance of Customer relations, for ensuring a high quality of service, for the improvement of existing and development of new products, for the security of operations and infrastructure, and for invoicing. + + 1. The Customer confirms that STAKATER is entitled to process the data transmitted by Customer in accordance with this Agreement. + + 1. STAKATER undertakes to take all appropriate technical and organizational measures for the protection of Customer data. + +1. Intellectual Property + + 1. Unless otherwise agreed in writing, all rights to existing intellectual property or intellectual property arising during the performance of the Agreement with respect to STAKATER’s services or products (e.g. programs, templates, data, trademarks, patents, copyrights, etc.) remain with STAKATER or with the third parties used by STAKATER for provision of services. + + 1. STAKATER grants the Customer a non-exclusive, temporally unlimited and non-transferable right to use the Services (including Works) for his own internal use. + + 1. Third-party software is subject to the third-parties' license terms and subscriptions. + +1. Non-Solicitation Agreement + + 1. The Customer undertakes not to directly or indirectly (through an affiliate) hire employees and supporting persons of STAKATER who are or were involved in execution of the Agreement, during the term of the Agreement and for one year afterwards, or to persuade them in any other way to give up their employment with Stakater. + + 1. In the event of such breach, a penalty equivalent to previous annual salary of the such person shall be payable by customer. + +1. Other Provisions + + 1. The present Agreement replaces all previous agreements, correspondence, declarations, negotiations or arrangements between the parties concerning the subject matter of the Agreement, including any proposal, tenders or specifications. The only exception to this is if explicit deviations from this Agreement have been agreed in writing. + + 1. STAKATER has the right to transfer rights and obligations under this Agreement in whole or in part to third parties. The transfer of rights and obligations under this Agreement by the Customer to third parties requires the written consent of STAKATER. + + 1. STAKATER reserves the right to modify these General Terms and Conditions (GTC) at any time and shall inform the Customer for such changes in a suitable manner. Any amendments or supplements to these GTC shall become an integral part of the Agreement if the Customer does not object within 30 days of becoming aware of the amended provisions. + + 1. Should one or more provisions of these GTC or the remaining Agreement be or become invalid, ineffective or void, this provision shall be replaced by a valid and effective provision that comes closest to the meaning of the original provision and corresponds to the economic balance of the Parties. + + 1. The present Agreement and all disputes arising from it are subject exclusively to Swedish law, unless otherwise agreed. From a41c9f922bbd0d272a399ee63459b072f9d42d92 Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 17:07:00 +0200 Subject: [PATCH 02/10] update --- content/legal-documents/gtc.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/content/legal-documents/gtc.md b/content/legal-documents/gtc.md index b0f169ce..f56b22ca 100644 --- a/content/legal-documents/gtc.md +++ b/content/legal-documents/gtc.md @@ -8,7 +8,7 @@ 1. Scope of Services - 1. The scope of services provided by STAKATER is determined by the specific details outlined in the contractual orders, service descriptions, and relevant service level agreements (SLAs). + 1. The scope of services provided by STAKATER is determined by the specific details outlined in the contractual orders, service descriptions, and relevant [service level agreements (SLAs)](sla.md). 1. Customers may request new service orders or extensions to existing agreements from STAKATER, subject to the agreed-upon terms and pricing. Once STAKATER confirms the order and both parties mutually agree in writing (through formal or e-signatures), the order becomes binding. @@ -28,7 +28,7 @@ 1. STAKATER will provide the Services to the Customer in compliance with the law, the agreed scope of work and services levels as per the agreement. The services shall be extended with the required professionalism and skill set that meets the industry standards. - 1. The Customer is responsible for taking all necessary actions to enable STAKATER to perform the Services as agreed upon in the Agreement. This includes, but is not limited to, providing access to systems, designating responsible roles, documenting emergencies and error messages, informing STAKATER of planned changes, using approved software versions and hardware, cooperating with STAKATER in error analysis and correction, securing data and software, ensuring authorization to use third-party products, enabling maintenance windows for STAKATER, and fulfilling other obligations set forth in the service description and SLA.It is important to note that any usage of the Services by third parties, including group companies of the Customer, requires the express written consent of STAKATER. + 1. The Customer is responsible for taking all necessary actions to enable STAKATER to perform the Services as agreed upon in the Agreement. This includes, but is not limited to, providing access to systems, designating responsible roles, documenting emergencies and error messages, informing STAKATER of planned changes, using approved software versions and hardware, cooperating with STAKATER in error analysis and correction, securing data and software, ensuring authorization to use third-party products, enabling maintenance windows for STAKATER, and fulfilling other obligations set forth in the service description and SLA. It is important to note that any usage of the Services by third parties, including group companies of the Customer, requires the express written consent of STAKATER. 1. The Customer is responsible for ensuring the accuracy of all data transmitted to STAKATER. @@ -36,7 +36,7 @@ 1. The Customer must take all necessary measures to prevent unauthorized access to its own and third-party systems and comply with all applicable provisions of data protection and copyright law. - 1. Stakater services are meant to be offered only for legal purposes, allowed by law. The Customer is not allowed to use the Services to commit or support criminal acts, and must assume complete responsibility and take necessary actions to prevent criminal use by its own users or its third parties. + 1. Stakater services are meant to be offered only for legal purposes, allowed by law. The Customer is not allowed to use the Services to commit or support criminal acts, and must assume complete responsibility and take necessary actions to prevent criminal use by its own users or its third parties. 1. If a third party claims a violation of rights by the data, content, and/or information provided by the Customer, STAKATER is entitled to suspend the data, content, and/or information as appropriate and permissible under the GTC or Framework Agreement. @@ -74,11 +74,11 @@ 1. If a third-party claims that their intellectual property rights have been violated by the Customer’s use of Stakater’s services, except if the customer is using other service(s) as a combination to Stakater’s services that fall under is intellectual property rights violations, STAKATER will defend the Customer against such a claim at its own expense if the customer: - 1. notifies STAKATER immediately in writing within 03 working days of such event. + 1. notifies STAKATER immediately in writing within three working days of such event, - 1. allows STAKATER to control the defense and any settlement negotiations, and + 1. allows STAKATER to control the defense and any settlement negotiations, - 1. supports STAKATER appropriately by providing all required information and evidences.Failure by the Customer to meet his obligation will result in the loss of any claim against STAKATER. + 1. supports STAKATER appropriately by providing all required information and evidences. Failure by the Customer to meet his obligation will result in the loss of any claim against STAKATER. 1. If STAKATER believes that the use of the Services by the Customer violates or is likely to violate the intellectual property rights of a third party, STAKATER has the right to choose between the following actions: @@ -88,19 +88,21 @@ 1. replace the Services with other Services that do not infringe any third-party intellectual property rights and that meet the Customer's requirements or are equivalent to the replaced Services, or - 1. revoke the Services and reimburse the Customer for any advance payments, minus a reasonable amount for use and loss of value.d. The Customer will not be entitled to any legal warranty claims if the infringement of third-party intellectual property rights is due to the use of the Services under conditions other than those contractually provided or if the infringement is based upon an action by Customer or his request. + 1. revoke the Services and reimburse the Customer for any advance payments, minus a reasonable amount for use and loss of value. + + 1. The Customer will not be entitled to any legal warranty claims if the infringement of third-party intellectual property rights is due to the use of the Services under conditions other than those contractually provided or if the infringement is based upon an action by Customer or his request. 1. Material Warranty 1. STAKATER assumes no warranty for disruptions or failures of the Services which are out of its control and fall under force majeure. - 1. If there are dependencies to third parties (such as IT infrastructure of third-party providers) or if the disruption or failure was caused by the Customer or by a person attributable to him. + 1. If there are dependencies to third parties such as IT infrastructure of third-party providers or if the disruption or failure was caused by the Customer or by a person attributable to him. 1. STAKATER provides no guarantee that the data, content and / or information transmitted by the Customer to the servers of STAKATER remain available after the termination of this Agreement. 1. Acceptance, Defect Rectification and SLA - 1. Customer shall inspect the Work / services during or immediately after delivery. The same shall also apply to the delivery of part of a Work, whereby defects in part of a Work may no longer be notified in the case of delivery of the entire Work. The inspection period lasts a maximum of five working days from delivery of the respective Work by STAKATER. + 1. Customer shall inspect the Work and Services during or immediately after delivery. The same shall also apply to the delivery of part of a Work, whereby defects in part of a Work may no longer be notified in the case of delivery of the entire Work. The inspection period lasts a maximum of five working days from delivery of the respective Work by STAKATER. 1. The Customer is required to promptly notify STAKATER in writing of any significant defects caused by STAKATER that prevent the use of the work, during the inspection period of the relevant Work immediately after discovery. This notification should be done in a way that the significant defects are comprehensible and reproducible for STAKATER. If a significant defect claimed by the Customer is not comprehensible and reproducible, it will not be considered a relevant significant defect. @@ -128,7 +130,7 @@ 1. Data Protection and Security Measures - 1. STAKATER agrees to a data processing agreement with the Customer + 1. STAKATER agrees to a data processing agreement with the Customer. 1. STAKATER processes Customer personal data in accordance with the applicable data protection law. STAKATER collects, stores and processes only data that is required for the provision of the Services, for the handling and maintenance of Customer relations, for ensuring a high quality of service, for the improvement of existing and development of new products, for the security of operations and infrastructure, and for invoicing. From e3eb4511b339d7288904b613d07a89758eed1084 Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 17:20:25 +0200 Subject: [PATCH 03/10] update --- content/legal-documents/gtc.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/legal-documents/gtc.md b/content/legal-documents/gtc.md index f56b22ca..21df2fc5 100644 --- a/content/legal-documents/gtc.md +++ b/content/legal-documents/gtc.md @@ -14,7 +14,7 @@ 1. STAKATER may provide additional services beyond the agreed-upon support scope or charge for additional expenses incurred due to the Customer's inadequate performance of its obligations. These additional services and expenses will be charged based on STAKATER's current hourly rates. - 1. STAKATER has the right to modify its services, including the SLA, at any time. If these changes affect the services purchased by the Customer, STAKATER will provide written notice at least one month before the changes take effect. If the Customer does not indicate their refusal to the changes prior to the proposed date of effect, their consent will be assumed. + 1. STAKATER has the right to modify its services, including the SLA, at any time. If these changes affect the services purchased by the Customer, STAKATER will provide written notice at least one (1) month before the changes take effect. If the Customer does not indicate their refusal to the changes prior to the proposed date of effect, their consent will be assumed. 1. STAKATER’s Obligations @@ -44,7 +44,7 @@ 1. Unless otherwise agreed, STAKATER will invoice the Services quarterly in advance. - 1. Payment for the Services is due within 15 days of invoice issuance. Invoices that are not contested by the Customer in good faith and with reasons stated by the due date will be deemed accepted and processed for payment. + 1. Payment for the Services is due within fifteen (15) days of invoice issuance. Invoices that are not contested by the Customer in good faith and with reasons stated by the due date will be deemed accepted and processed for payment. 1. Services requested by the Customer that were not specifically priced will be invoiced based on STAKATER's standard rates at the time the Agreement was concluded. @@ -56,11 +56,11 @@ 1. The Customer is not authorized to assert or lodge a settlement. - 1. STAKATER can change its service charges with one-month notice period, effective at the end of the following month unless a term commitment has been agreed between Stakater and customer. For term commitment contracts, charges shall be locked for the agreed term. However, early termination / exist charges shall be applicable for premature termination. + 1. STAKATER can change its service charges with one (1) month's notice period, effective at the end of the following month unless a term commitment has been agreed between Stakater and customer. For term commitment contracts, charges shall be locked for the agreed term. However, early termination / exist charges shall be applicable for premature termination. 1. Term of agreement and Termination - 1. Services orders are established for a specific duration and may be terminated in writing after that, subject to the notice period. Unless agreed otherwise, the minimum term is 12 months, and the notice period is three months. + 1. Services orders are established for a specific duration and may be terminated in writing after that, subject to the notice period. Unless agreed otherwise, the minimum term is twelve (12) months, and the notice period is three (3) months. 1. Both parties have the right to terminate the Agreement or specific orders immediately for cause, which can arise if the Customer utilizes the Services in a manner that violates the law, Agreement, or its purpose; or if the Customer makes them accessible to unauthorized third parties. If there is a reasonable suspicion that the Customer is insolvent, immediate termination for cause can occur by Stakater for customer’s inability to pay for services. @@ -74,7 +74,7 @@ 1. If a third-party claims that their intellectual property rights have been violated by the Customer’s use of Stakater’s services, except if the customer is using other service(s) as a combination to Stakater’s services that fall under is intellectual property rights violations, STAKATER will defend the Customer against such a claim at its own expense if the customer: - 1. notifies STAKATER immediately in writing within three working days of such event, + 1. notifies STAKATER immediately in writing within three (3) working days of such event, 1. allows STAKATER to control the defense and any settlement negotiations, From c6bf60c49c6a2c28f884039c8528b67457c5096d Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 21:06:36 +0200 Subject: [PATCH 04/10] update --- content/legal-documents/agreement.md | 69 ++++++++++++++++++++++- content/legal-documents/dpa.md | 2 + content/legal-documents/gtc.md | 2 + content/legal-documents/nda.md | 83 ++++++++++++++++++++++++++++ content/legal-documents/pp.md | 2 + 5 files changed, 157 insertions(+), 1 deletion(-) diff --git a/content/legal-documents/agreement.md b/content/legal-documents/agreement.md index cc83777a..cd7b7eb6 100644 --- a/content/legal-documents/agreement.md +++ b/content/legal-documents/agreement.md @@ -1 +1,68 @@ -# Agreement +# Framework Agreement + +`Version: 9 May 2023` + +Between + + Stakater AB, David Bagares gata 26A, 111 38 Stockholm, Sweden + + (Hereinafter referred to as "STAKATER") + +and + + [CUSTOMER NAME & ADDRESS] + + (Hereinafter referred to as "CUSTOMER") + +Each individually a "**Party**" and together the "**Parties**" + +from + +\[AGREEMENT DATE\] + +(of this "**Framework Agreement**") + +1. **Introduction** + + STAKATER is Sweden's leading Kubernetes services and enablement company and the CUSTOMER would like to obtain these services from STAKATER according to the terms of this contract. + +1. **Scope of Regulation** + + 1. This Framework Agreement (FA) regulates the cooperation between the CUSTOMER and STAKATER. + 1. Defined terms from one part of the contract also apply to the other parts of the contract unless otherwise specifically agreed. + +1. **Term and Duration of FA** + + 1. This Framework Agreement shall enter into force upon signature by both Parties. + 1. The framework agreement shall be renewable with mutual consent post the completion of existing orders. + 1. A termination of this Framework Agreement is possible at the earliest after the completion of all ongoing orders. + +1. **Orders and Changes** + + 1. The CUSTOMER can make a written request to STAKATER at any time by giving details of the desired services for an order. STAKATER may either reject the order, discuss further details with the CUSTOMER or make a non-binding proposal to the CUSTOMER using the completed order form in accordance with (the "**Order Form**"). The order is only validated by the legally valid signature (including e-signature) of the order by both Parties. + 1. A change to an existing order can be bindingly agreed directly by e-mail or in the customer portal by the authorized persons designated by the Parties. + 1. Each order is subject to the provisions of this Framework Agreement and its Annexes if any. + +1. **Scope of Services and Charges** + + 1. The specific scope of services and its charges are set out in the Order Form and the service descriptions and prices referenced therein. STAKATER can provide the CUSTOMER with indicative service descriptions and price lists to simplify the ordering process. However, an order is only placed after confirmation by STAKATER. + 1. The CUSTOMER can at any time make a request to STAKATER for extension of services under an existing contract, for mutually agreed term and price. Stakater reserves the right to accept or reject this request. + +1. **Service Level Agreement** + + The [Service Level Agreement (SLA)](sla.md) shall be applicable according to respective SLA Matrix referenced herein or as an additional appendix. + +1. **Contractual and Performance Review** + + 1. The Parties agree to regularly review the performance and execution of the contract, make improvements, and to address potential conflicts at an early stage and settle them by mutual agreement. + 1. The CUSTOMER shall designate an authorized representative for communication and exchange information with STAKATER. + 1. The respective representative from STAKATER shall be the designated contact person to review and discuss the performance with CUSTOMER and is regarded as the authorized person. + 1. Any changes or actions in result to the review(s) must be mutually agreed to and officially documented. + +1. **Further Provisions** + + All other provisions are set out in the General Terms and Conditions and in the other referenced documents. + +1. **Amendment** + + Deviations from the generally applicable documents (such as the GTC) are reference here. diff --git a/content/legal-documents/dpa.md b/content/legal-documents/dpa.md index 7788e03e..7f66de6c 100644 --- a/content/legal-documents/dpa.md +++ b/content/legal-documents/dpa.md @@ -1 +1,3 @@ # Data Processing Agreement (DPA) + +`Version: 9 May 2023` diff --git a/content/legal-documents/gtc.md b/content/legal-documents/gtc.md index 21df2fc5..5a5f6cdc 100644 --- a/content/legal-documents/gtc.md +++ b/content/legal-documents/gtc.md @@ -1,5 +1,7 @@ # General Terms & Conditions (GTC) +`Version: 9 May 2023` + 1. Introduction 1. These General Terms and Conditions ("**GTC**") together with the other documents referenced herein govern the legal relationship (the "**Agreement**") between STAKATER  ("**STAKATER**") and the customer of STAKATER ("**Customer**", each a "**Party**" and together the "**Parties**"). diff --git a/content/legal-documents/nda.md b/content/legal-documents/nda.md index e4115a49..2562636c 100644 --- a/content/legal-documents/nda.md +++ b/content/legal-documents/nda.md @@ -1 +1,84 @@ # NDA + +`Version: 9 May 2023` + +Between + + Stakater AB, David Bagares gata 26A, 111 38 Stockholm, Sweden + + (Hereinafter referred to as "STAKATER") + +and + + [CUSTOMER NAME & ADDRESS] + + (Hereinafter referred to as "CUSTOMER") + +1. **Introduction** + + The parties involved have the intention to collaborate in the field of consulting and operation of IT services. Prior to establishing any business relationship, it may be necessary for the parties to share confidential information with each other. To safeguard the interests of the disclosing party, such sensitive information shall be kept confidential and subject to a duty of confidentiality. This agreement shall remain valid even if the intended business relationship is not finalized. + + Both parties acknowledge that they have invested considerable resources in developing their respective intellectual property. Hence, there is a mutual interest in protecting each other's intellectual property and preventing unauthorized access by third parties. + + The party disclosing sensitive information reserves the right to seek industrial property rights related to the subject matter of the confidential information. The present agreement is entered into for this specific purpose. + +1. **Definitions** + + The term "Contracting Parties" refers to the parties who are bound by this agreement on confidentiality. + + The term "Confidential Information" refers to all information shared between the parties, whether in written, oral, electronic, or any other form, which is explicitly marked as secret or confidential or can be recognized as such. This includes but is not limited to data, drawings, photographs, illustrations, drafts, sketches, plans, descriptions, specifications, measurement results, calculations, experiences, ideas, procedures, samples, knowledge, processes, as well as any other applications for industrial property rights, work results, sales figures, business and financial plans, CUSTOMER data, and prices that have not been published yet. Additionally, the term includes the existence and contents of this agreement. + +1. **Secrecy Agreement** + + The Confidential Information that has been provided to the Contracting Parties in writing, orally, or by any other means, directly or indirectly, for the Purpose outlined in the preamble or that has become known to them in any other way, is subject to the following obligations: + + - To maintain its confidentiality; + - To use it exclusively for the aforementioned Purpose, specifically refraining from publishing, applying for industrial property rights, or using it for their own purposes; + - To not disclose or make it available to any third party, in any form whatsoever; + - To take all necessary precautions to prevent third-party access; + - To provide access solely to employees working in connection with the Purpose outlined in the preamble, who have also been bound by the aforementioned obligation of confidentiality. This remains applicable even after an employee leaves their position during the term and continued validity of this agreement. + +1. **Exceptions to Secrecy Agreement** + + The obligations of confidentiality outlined in this agreement do not apply to information that: + + - was already known by the other Contracting Party before being disclosed and can be demonstrated as such; + - was already publicly known or became so without violating any confidentiality obligations; + - has been independently developed by the Contracting Party, without reliance on the confidential information; + - is lawfully provided or made accessible to the Contracting Party by a third party who is authorized to disclose it. It is the responsibility of the Contracting Party invoking these exceptions to provide evidence to support their claim. + +1. **Restrictions and Prohibitions** + + This contract does not confer any rights to the CUSTOMER, specifically, the ownership, licensing, reproduction, usage, or any other industrial property rights or options will remain with the Contracting Party who possesses them at the time of the conclusion of this agreement. + +1. **Term of Agreement** + + This agreement becomes effective when both parties sign it and has no fixed expiration date. + +1. **Handling and return of Confidential Information** + + At the request of either party, all Confidential Information received by the Contracting Parties must be returned promptly, and any copies made must be destroyed. The parties have no right to retain any of the Confidential Information. + +1. **Supporting Personnel** + + The Parties shall ensure that their employees and any other persons who have access to the Confidential Information exchanged are bound by the obligations set out in this agreement, and shall take all necessary measures to ensure compliance with these obligations. + +1. **No Guarantee** + + The Confidential Information is provided without any guarantee or warranty, and the other Contracting Party assumes all risks associated with its use. The Contracting Party disclosing the information does not make any warranties or representations regarding the Confidential Information's timeliness, accuracy, completeness, or suitability for a specific purpose. + +1. **Confidentiality and Compensation** + + The Contracting Parties shall exercise the utmost care in handling the Confidential Information received from the other Party. The Contracting Parties agree to handle the Confidential Information with due care, commensurate with their own affairs and the standard of care prevalent in similar matters, in order to prevent any unauthorized disclosure or use. The receiving Contracting Party acknowledges that monetary compensation may not be adequate to remedy a breach of confidentiality and that the disclosing party may seek injunctive relief available under the law, without forfeiting any other rights or remedies. + +1. **Changes in the NDA** + + Any changes or additions to this agreement must be in writing and signed by both parties; including its termination. The requirement for written form cannot be waived except by a written agreement signed by both parties. + +1. **Applicable Law** + + The laws of Sweden, both formal and substantive, shall govern this agreement unless otherwise agreed upon. + +1. **Severability** + + If any provision of this agreement is deemed invalid or unenforceable, or if this agreement contains any omissions, it will not affect the validity of the remaining provisions. In place of the invalid or unenforceable provision, a valid provision that achieves the intended economic purpose as closely as possible will be deemed to have been agreed upon by the Contracting Parties. diff --git a/content/legal-documents/pp.md b/content/legal-documents/pp.md index 0557a91b..6d2748e2 100644 --- a/content/legal-documents/pp.md +++ b/content/legal-documents/pp.md @@ -1 +1,3 @@ # Privacy Policy + +`Version: 9 May 2023` From c7f8af91c6a9acaa8e8401a0151ef7f342c4e900 Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 21:13:06 +0200 Subject: [PATCH 05/10] update --- content/legal-documents/agreement.md | 2 +- vocabulary | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/legal-documents/agreement.md b/content/legal-documents/agreement.md index cd7b7eb6..5ad10013 100644 --- a/content/legal-documents/agreement.md +++ b/content/legal-documents/agreement.md @@ -40,7 +40,7 @@ from 1. **Orders and Changes** 1. The CUSTOMER can make a written request to STAKATER at any time by giving details of the desired services for an order. STAKATER may either reject the order, discuss further details with the CUSTOMER or make a non-binding proposal to the CUSTOMER using the completed order form in accordance with (the "**Order Form**"). The order is only validated by the legally valid signature (including e-signature) of the order by both Parties. - 1. A change to an existing order can be bindingly agreed directly by e-mail or in the customer portal by the authorized persons designated by the Parties. + 1. A change to an existing order can be agreed in binding directly by e-mail or in the customer portal by the authorized persons designated by the Parties. 1. Each order is subject to the provisions of this Framework Agreement and its Annexes if any. 1. **Scope of Services and Charges** diff --git a/vocabulary b/vocabulary index c6a7b4b2..df928ee6 160000 --- a/vocabulary +++ b/vocabulary @@ -1 +1 @@ -Subproject commit c6a7b4b2f49fe58e339dd7113f81d61a69d3aae8 +Subproject commit df928ee659f384bf4f97085281b5a471b04a5f86 From 2bbbdbf0e8996bc8ea33c4d088a1c5d7ef0477ca Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 21:16:41 +0200 Subject: [PATCH 06/10] update --- content/legal-documents/gtc.md | 4 ++-- content/legal-documents/nda.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/legal-documents/gtc.md b/content/legal-documents/gtc.md index 5a5f6cdc..dd33bd08 100644 --- a/content/legal-documents/gtc.md +++ b/content/legal-documents/gtc.md @@ -150,13 +150,13 @@ 1. Non-Solicitation Agreement - 1. The Customer undertakes not to directly or indirectly (through an affiliate) hire employees and supporting persons of STAKATER who are or were involved in execution of the Agreement, during the term of the Agreement and for one year afterwards, or to persuade them in any other way to give up their employment with Stakater. + 1. The Customer undertakes not to directly or indirectly (through an affiliate) hire employees and supporting persons of STAKATER who are or were involved in execution of the Agreement, during the term of the Agreement and for one year afterward, or to persuade them in any other way to give up their employment with Stakater. 1. In the event of such breach, a penalty equivalent to previous annual salary of the such person shall be payable by customer. 1. Other Provisions - 1. The present Agreement replaces all previous agreements, correspondence, declarations, negotiations or arrangements between the parties concerning the subject matter of the Agreement, including any proposal, tenders or specifications. The only exception to this is if explicit deviations from this Agreement have been agreed in writing. + 1. The present Agreement replaces all previous agreements, correspondence, declarations, negotiations or arrangements between the parties concerning the subject, including any proposal, tenders or specifications. The only exception to this is if explicit deviations from this Agreement have been agreed in writing. 1. STAKATER has the right to transfer rights and obligations under this Agreement in whole or in part to third parties. The transfer of rights and obligations under this Agreement by the Customer to third parties requires the written consent of STAKATER. diff --git a/content/legal-documents/nda.md b/content/legal-documents/nda.md index 2562636c..13334ab4 100644 --- a/content/legal-documents/nda.md +++ b/content/legal-documents/nda.md @@ -20,7 +20,7 @@ and Both parties acknowledge that they have invested considerable resources in developing their respective intellectual property. Hence, there is a mutual interest in protecting each other's intellectual property and preventing unauthorized access by third parties. - The party disclosing sensitive information reserves the right to seek industrial property rights related to the subject matter of the confidential information. The present agreement is entered into for this specific purpose. + The party disclosing sensitive information reserves the right to seek industrial property rights related to the subject of the confidential information. The present agreement is entered into for this specific purpose. 1. **Definitions** From f3c774b5e9576c2f6a49b8dfd5b0974b1652154a Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 21:28:57 +0200 Subject: [PATCH 07/10] update --- content/legal-documents/dpa.md | 20 ++++++++++++++++++ content/legal-documents/gtc.md | 38 +++++++++++++++++----------------- content/legal-documents/nda.md | 18 ++++++++-------- 3 files changed, 48 insertions(+), 28 deletions(-) diff --git a/content/legal-documents/dpa.md b/content/legal-documents/dpa.md index 7f66de6c..c3f3d083 100644 --- a/content/legal-documents/dpa.md +++ b/content/legal-documents/dpa.md @@ -1,3 +1,23 @@ # Data Processing Agreement (DPA) `Version: 9 May 2023` + +1. **Objectives of DPA** + + 1. The Parties, STAKATER and the Customer, have entered into a contract for specific IT services, referred to as the "Framework Agreement." In the performance of the "Framework Agreement", STAKATER processes personal data, referred to as the "Data," on behalf of the Customer. + + 1. This Data Processing Agreement (DPA) governs the processing of Customer Data by STAKATER in accordance with Article 28 of the [EU General Data Protection Regulation (GDPR)](../for-cisos/data-protection/gdpr.md). + +1. **Data Control and Management** + + 1. The characteristics of the Data, the categories of individuals whose data is being processed, and the duration and objectives of the processing are as follows, unless otherwise explicitly stated in the Framework Agreement: + + 1. **Data type:** The processed Data includes personal master data, communication data (e.g. e-mail, chat), registration data, documents, and other data in electronic format that the Processor processes for the Controller in connection with the main contractual services. The Controller assures that no data that requires special protection will be transferred for processing without prior agreement. + + 1. **Categorization of data subjects:** Employees, customers, suppliers, and any other individuals associated with the data controller whose data the Controller transmits to the Processor under the Framework Agreement. + + 1. **Duration and purpose:** The duration of this DPA is defined by the duration of the Framework Agreement. The purpose is restricted to the provision of services under the Framework Agreement. + + 1. This DPA applies solely to the processing of Data by the Processor and its subcontractors. If the Customer hires the Processor to process Data on infrastructure or with software from third parties, the Customer is accountable for ensuring that this third party complies with data protection regulations. + +1.** ** ****Responsibilities of Data Controller**a. The Controller bears sole responsibility for complying with data protection laws, including ensuring the legality of data transfers to the Processor and the legality of data processing and instructions under the GDPR. b. The Processor shall process Data only for the purposes of the Framework Agreement and in accordance with documented instructions from the Controller. All instructions must be in writing or electronic form. Oral instructions must be confirmed in writing or text immediately. c. If the Processor believes that an instruction violates applicable laws, it shall promptly notify the Controller. The Processor may suspend implementation of the instruction until it has been confirmed or amended by the Controller. d. If Data are processed according to legal provisions and contrary to Controller instructions, the Processor must inform the Controller in advance of the processing operation and the lawfulness of processing, except when contrary to an important public interest. The Controller is accountable for evaluating the lawfulness of the Data processing and ensuring the rights of the data subjects are protected. The Controller ensures that the processing of the Data by the Processor, in accordance with this DPA and the instructions, does not contravene any applicable legal provisions.f. The Controller must promptly inform the Processor if it detects any errors or irregularities while reviewing the order processing.g. The Controller is obligated to maintain the confidentiality of any knowledge of the Processor's trade secrets obtained within the contractual relationship. h. The Controller is required to document their instructions to the Processor.**4.** ** ****Measures to Improve Data Protection**a. The Data Processor shall ensure that all authorized persons who process the Data, such as employees and subcontractors, have agreed in writing to maintain confidentiality and security, or are subject to an appropriate legal obligation of confidentiality and security. b. The Processor shall design their internal organization to meet the specific data protection requirements within their area of responsibility. They must take appropriate technical and organizational measures to ensure the confidentiality, integrity, availability, and capacity of the systems and services for long-term processing in compliance with GDPR requirements. c. The Controller is responsible for ensuring that the technical and organizational measures implemented by the Processor provide adequate protection for the risks associated with processing the Data. The Controller is also aware of the current technical and organizational measures and the procedure for reviewing, assessing, and evaluating their effectiveness. d. The Processor may adjust the measures during the contractual relationship due to technical and organizational developments, provided there is no compromise on agreed-upon standards.**5.**** ****Subcontracting** Prior written consent of the Controller is required for awarding contracts with subcontractors for processing Personal Data covered by the contract.The Controller grants the Processor general authorization to use subcontractors in accordance with the provisions of this DPA. The Processor shall inform the Controller in a timely manner of any intended change with respect to the use or replacement of other subcontractors. The Controller may object to the change within 30 days if there is a valid reason. The objection must be in writing, specifying the reasons for the objection. Any further outsourcing by the subcontractor requires the express consent of the Controller.The Processor must ensure that authorized subcontractors have data protection obligations fundamentally comparable to those contained in this Agreement before processing Personal Data of the Controller.Subcontractors are service providers whose services are directly related to the provision of the main service under the Framework Agreement and concern the processing of Data. Ancillary services, such as telecommunications services, postal/transport services, maintenance and user service, or the disposal of data carriers, are excluded from this definition. The Processor is obliged to take appropriate and legally compliant contractual agreements and control measures to ensure that the Data of the Controller is protected, even in the case of outsourced ancillary services.The Processor or its subcontractors process the Data in Sweden unless otherwise agreed. Processing of Data outside the EEA and Sweden requires the Processor to ensure that the conditions for transferring the data to third countries in accordance with the DPA are met. The Processor shall provide proof of compliance upon request.**6.**** ****Data and Personal Locations** Employees of the Processor may process the Data from personal locations as part of distant or hybrid work conditions, subject to appropriate measures being in place. The Controller authorizes the processing of such Data only, if necessary, Data protection and data security measures are in place.If Data is processed in / from private space, access to the such space for the purpose of order control must be agreed with the Controller in advance. The Processor assures that all residents of these private apartments understand that severity and agree with this provision.**7.**** ****Responsibilities of the Processor**a. The Processor must assist the Controller in fulfilling requests and claims made by affected individuals in accordance with Chapter III of the GDPR and in fulfilling the obligations outlined in Articles 33 to 36 of the GDPR. b. The Controller is primarily responsible for executing data subject rights. However, the Processor will follow the documented instructions of the Controller for handling requests related to the deletion concept, the right to be forgotten, correction, data portability, and information. If the services under the Framework Agreement do not already include this, the Controller will pay a reasonable fee to the Processor for this assistance.c. If a data subject request can be attributed to the Controller, the Processor will forward the request to the Controller.d. The Processor will immediately notify the Controller if it discovers any breaches related to the protection of the Controller's Data.**8.**** ****Proof of Compliance**a The Processor shall provide the Controller with sufficient proof / information of compliance with the obligations stated in this contract through appropriate means, which may include regular reports, audit reports, certifications, or other similar documentation.b. In the event that inspections by the Controller or an appointed auditor are necessary, they shall be conducted during normal business hours after reasonable notification to the Processor. The inspection must take into account any legitimate confidentiality interests and legal or contractual confidentiality obligations. c. Prior to the audit, the auditing persons must sign a confidentiality agreement with regard to the Processor's data, as well as any other customer data and technical and organizational measures established by the Processor.d. The Controller shall bear all costs associated with inspections, including those for the employee provided by the Processor.**9.**** ****Duties after Completion of Agreement**The Processor shall transfer to the Controller all Personal Data under its control that are associated with the contractual relationship, or destroy them in accordance with applicable data protection regulations, or completely anonymize them upon completion of the contractually agreed work or upon the Controller's request, at the latest upon termination of the service agreement. The Processor shall also include test and defective materials in this transfer or destruction. The Processor shall provide a record of the deletion upon request.**10.** ** ****Liability and Limitations**a. Both the Controller and the Processor are accountable to data subjects under the provisions of Art. 82 of the GDPR. However, regarding their internal relationship, the Processor shall only be held liable for damages resulting from a processing operation if it fails to comply with the obligations specifically imposed on it by the DPA, or if it acts in breach or contrary to the lawful instructions of the Controller.b. Additionally, the liability limitations outlined in the Framework Agreement shall be applicable.**11.** ** ****Other Provisions**a. STAKATER reserves the right to modify this DPA at any time and will notify customers of the changes in a suitable manner, including electronically. b. Any changes or additions to this DPA will become a binding part of the agreement unless the Customer objects within 30 days of being informed of the amended provisions.c. If any provision of this DPA or the remaining contract is found to be invalid, ineffective, or unenforceable, such provision shall be replaced with a valid and enforceable provision that best reflects the intent of the original provision and corresponds to the economic balance of the Parties.d. This contract and any disputes arising from it shall be governed exclusively by Swedish law.** diff --git a/content/legal-documents/gtc.md b/content/legal-documents/gtc.md index dd33bd08..b59d9c5a 100644 --- a/content/legal-documents/gtc.md +++ b/content/legal-documents/gtc.md @@ -2,13 +2,13 @@ `Version: 9 May 2023` -1. Introduction +1. **Introduction** 1. These General Terms and Conditions ("**GTC**") together with the other documents referenced herein govern the legal relationship (the "**Agreement**") between STAKATER  ("**STAKATER**") and the customer of STAKATER ("**Customer**", each a "**Party**" and together the "**Parties**"). 1. These GTC apply to all legal relationships between the parties. -1. Scope of Services +1. **Scope of Services** 1. The scope of services provided by STAKATER is determined by the specific details outlined in the contractual orders, service descriptions, and relevant [service level agreements (SLAs)](sla.md). @@ -18,7 +18,7 @@ 1. STAKATER has the right to modify its services, including the SLA, at any time. If these changes affect the services purchased by the Customer, STAKATER will provide written notice at least one (1) month before the changes take effect. If the Customer does not indicate their refusal to the changes prior to the proposed date of effect, their consent will be assumed. -1. STAKATER’s Obligations +1. **STAKATER's Obligations** 1. The Services, as defined in the Agreement, will be delivered by STAKATER with professionalism and reasonable care in accordance with the current standards of the industry. @@ -26,7 +26,7 @@ 1. Any usage by third parties, including affiliates of the Customer, requires prior written consent from STAKATER. -1. Customer’s Rights and Obligations +1. **Customer's Rights and Obligations** 1. STAKATER will provide the Services to the Customer in compliance with the law, the agreed scope of work and services levels as per the agreement. The services shall be extended with the required professionalism and skill set that meets the industry standards. @@ -42,7 +42,7 @@ 1. If a third party claims a violation of rights by the data, content, and/or information provided by the Customer, STAKATER is entitled to suspend the data, content, and/or information as appropriate and permissible under the GTC or Framework Agreement. -1. Invoicing and Payment +1. **Invoicing and Payment** 1. Unless otherwise agreed, STAKATER will invoice the Services quarterly in advance. @@ -60,21 +60,21 @@ 1. STAKATER can change its service charges with one (1) month's notice period, effective at the end of the following month unless a term commitment has been agreed between Stakater and customer. For term commitment contracts, charges shall be locked for the agreed term. However, early termination / exist charges shall be applicable for premature termination. -1. Term of agreement and Termination +1. **Term of Agreement and Termination** 1. Services orders are established for a specific duration and may be terminated in writing after that, subject to the notice period. Unless agreed otherwise, the minimum term is twelve (12) months, and the notice period is three (3) months. - 1. Both parties have the right to terminate the Agreement or specific orders immediately for cause, which can arise if the Customer utilizes the Services in a manner that violates the law, Agreement, or its purpose; or if the Customer makes them accessible to unauthorized third parties. If there is a reasonable suspicion that the Customer is insolvent, immediate termination for cause can occur by Stakater for customer’s inability to pay for services. + 1. Both parties have the right to terminate the Agreement or specific orders immediately for cause, which can arise if the Customer utilizes the Services in a manner that violates the law, Agreement, or its purpose; or if the Customer makes them accessible to unauthorized third parties. If there is a reasonable suspicion that the Customer is insolvent, immediate termination for cause can occur by Stakater for customer's inability to pay for services. 1. Customer's access to STAKATER's Services is immediately revoked after termination of the Agreement. 1. The Customer is solely responsible to ensure continuity of their own systems and backing up their data during and before termination of contract. Upon request, STAKATER can assist the Customer in transferring services and data to their own or third-party systems and may charge standard rates for the service. -1. Legal Warranty +1. **Legal Warranty** 1. STAKATER guarantees that the Customer's use of its services in compliance with the law and the Agreement does not violate any third-party intellectual property rights. - 1. If a third-party claims that their intellectual property rights have been violated by the Customer’s use of Stakater’s services, except if the customer is using other service(s) as a combination to Stakater’s services that fall under is intellectual property rights violations, STAKATER will defend the Customer against such a claim at its own expense if the customer: + 1. If a third-party claims that their intellectual property rights have been violated by the Customer's use of Stakater's services, except if the customer is using other service(s) as a combination to Stakater's services that fall under is intellectual property rights violations, STAKATER will defend the Customer against such a claim at its own expense if the customer: 1. notifies STAKATER immediately in writing within three (3) working days of such event, @@ -94,7 +94,7 @@ 1. The Customer will not be entitled to any legal warranty claims if the infringement of third-party intellectual property rights is due to the use of the Services under conditions other than those contractually provided or if the infringement is based upon an action by Customer or his request. -1. Material Warranty +1. **Material Warranty** 1. STAKATER assumes no warranty for disruptions or failures of the Services which are out of its control and fall under force majeure. @@ -102,7 +102,7 @@ 1. STAKATER provides no guarantee that the data, content and / or information transmitted by the Customer to the servers of STAKATER remain available after the termination of this Agreement. -1. Acceptance, Defect Rectification and SLA +1. **Acceptance, Defect Rectification and SLA** 1. Customer shall inspect the Work and Services during or immediately after delivery. The same shall also apply to the delivery of part of a Work, whereby defects in part of a Work may no longer be notified in the case of delivery of the entire Work. The inspection period lasts a maximum of five working days from delivery of the respective Work by STAKATER. @@ -114,15 +114,15 @@ 1. If STAKATER is not immediately able to remove such defect and the usability of the Services is significantly reduced or compromised, both parties shall agree for a period to remove the defects. If Stakater is still not able to make the defects good and as per agreed standard, the Customer can withdraw from the services Agreement. -1. Liability and Indemnification +1. **Liability and Indemnification** 1. STAKATER is liable to the Customer for damages caused intentionally or by its gross negligence. The liability of STAKATER for damages caused negligently but unknowingly, or damage caused by auxiliary persons is excluded, as far as legally permissible. - 1. The Customer is responsible for the legally and contractually compliant use of the Services he has obtained. STAKATER is not liable for damages resulting from use in violation of the law or the Agreement, and the Customer is liable for all damages incurred by STAKATER as a result. The Customer shall indemnify STAKATER for all damages resulting from breach of Agreement or rights, including third-party claims and any legal and attorney’s fees. + 1. The Customer is responsible for the legally and contractually compliant use of the Services he has obtained. STAKATER is not liable for damages resulting from use in violation of the law or the Agreement, and the Customer is liable for all damages incurred by STAKATER as a result. The Customer shall indemnify STAKATER for all damages resulting from breach of Agreement or rights, including third-party claims and any legal and attorney's fees. 1. STAKATER is not liable for service delays or disruptions and damages that arise due to events that are not the responsibility of STAKATER or that make the performance significantly more difficult or impossible and that cannot be avoided, such as natural disasters of any kind, pandemics, riots, blockade, fire, civil war, embargo, earthquakes, hostage taking, war, revolution, sabotage, strikes, terrorism, traffic accidents or production disruptions, such as the failure of communication networks and gateways of other operators. -1. Confidentiality +1. **Confidentiality** 1. STAKATER undertakes to treat Customer data with care. Customer gives STAKATER its consent that its data may be used for the fulfilment of contractual obligations and may be used in anonymous form to improve the services and products of STAKATER. @@ -130,7 +130,7 @@ 1. If the Customer processes or discloses personal data within the meaning of the Data Protection Act in the context of the use of the STAKATER Services, the Customer will first obtain the necessary consent of each affected individual. -1. Data Protection and Security Measures +1. **Data Protection and Security Measures** 1. STAKATER agrees to a data processing agreement with the Customer. @@ -140,21 +140,21 @@ 1. STAKATER undertakes to take all appropriate technical and organizational measures for the protection of Customer data. -1. Intellectual Property +1. **Intellectual Property** - 1. Unless otherwise agreed in writing, all rights to existing intellectual property or intellectual property arising during the performance of the Agreement with respect to STAKATER’s services or products (e.g. programs, templates, data, trademarks, patents, copyrights, etc.) remain with STAKATER or with the third parties used by STAKATER for provision of services. + 1. Unless otherwise agreed in writing, all rights to existing intellectual property or intellectual property arising during the performance of the Agreement with respect to STAKATER's services or products (e.g. programs, templates, data, trademarks, patents, copyrights, etc.) remain with STAKATER or with the third parties used by STAKATER for provision of services. 1. STAKATER grants the Customer a non-exclusive, temporally unlimited and non-transferable right to use the Services (including Works) for his own internal use. 1. Third-party software is subject to the third-parties' license terms and subscriptions. -1. Non-Solicitation Agreement +1. **Non-Solicitation Agreement** 1. The Customer undertakes not to directly or indirectly (through an affiliate) hire employees and supporting persons of STAKATER who are or were involved in execution of the Agreement, during the term of the Agreement and for one year afterward, or to persuade them in any other way to give up their employment with Stakater. 1. In the event of such breach, a penalty equivalent to previous annual salary of the such person shall be payable by customer. -1. Other Provisions +1. **Other Provisions** 1. The present Agreement replaces all previous agreements, correspondence, declarations, negotiations or arrangements between the parties concerning the subject, including any proposal, tenders or specifications. The only exception to this is if explicit deviations from this Agreement have been agreed in writing. diff --git a/content/legal-documents/nda.md b/content/legal-documents/nda.md index 13334ab4..6ce8f071 100644 --- a/content/legal-documents/nda.md +++ b/content/legal-documents/nda.md @@ -32,20 +32,20 @@ and The Confidential Information that has been provided to the Contracting Parties in writing, orally, or by any other means, directly or indirectly, for the Purpose outlined in the preamble or that has become known to them in any other way, is subject to the following obligations: - - To maintain its confidentiality; - - To use it exclusively for the aforementioned Purpose, specifically refraining from publishing, applying for industrial property rights, or using it for their own purposes; - - To not disclose or make it available to any third party, in any form whatsoever; - - To take all necessary precautions to prevent third-party access; - - To provide access solely to employees working in connection with the Purpose outlined in the preamble, who have also been bound by the aforementioned obligation of confidentiality. This remains applicable even after an employee leaves their position during the term and continued validity of this agreement. + 1. To maintain its confidentiality; + 1. To use it exclusively for the aforementioned Purpose, specifically refraining from publishing, applying for industrial property rights, or using it for their own purposes; + 1. To not disclose or make it available to any third party, in any form whatsoever; + 1. To take all necessary precautions to prevent third-party access; + 1. To provide access solely to employees working in connection with the Purpose outlined in the preamble, who have also been bound by the aforementioned obligation of confidentiality. This remains applicable even after an employee leaves their position during the term and continued validity of this agreement. 1. **Exceptions to Secrecy Agreement** The obligations of confidentiality outlined in this agreement do not apply to information that: - - was already known by the other Contracting Party before being disclosed and can be demonstrated as such; - - was already publicly known or became so without violating any confidentiality obligations; - - has been independently developed by the Contracting Party, without reliance on the confidential information; - - is lawfully provided or made accessible to the Contracting Party by a third party who is authorized to disclose it. It is the responsibility of the Contracting Party invoking these exceptions to provide evidence to support their claim. + 1. Was already known by the other Contracting Party before being disclosed and can be demonstrated as such; + 1. Was already publicly known or became so without violating any confidentiality obligations; + 1. Has been independently developed by the Contracting Party, without reliance on the confidential information; + 1. Is lawfully provided or made accessible to the Contracting Party by a third party who is authorized to disclose it. It is the responsibility of the Contracting Party invoking these exceptions to provide evidence to support their claim. 1. **Restrictions and Prohibitions** From 58779ac8c68ff4c4073dacf0c231fead3d156d8b Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 21:39:22 +0200 Subject: [PATCH 08/10] update --- content/legal-documents/dpa.md | 75 +++++++++++++++++++++++++++++++++- content/legal-documents/gtc.md | 8 ++-- content/legal-documents/sla.md | 12 +++--- 3 files changed, 84 insertions(+), 11 deletions(-) diff --git a/content/legal-documents/dpa.md b/content/legal-documents/dpa.md index c3f3d083..c27a0642 100644 --- a/content/legal-documents/dpa.md +++ b/content/legal-documents/dpa.md @@ -20,4 +20,77 @@ 1. This DPA applies solely to the processing of Data by the Processor and its subcontractors. If the Customer hires the Processor to process Data on infrastructure or with software from third parties, the Customer is accountable for ensuring that this third party complies with data protection regulations. -1.** ** ****Responsibilities of Data Controller**a. The Controller bears sole responsibility for complying with data protection laws, including ensuring the legality of data transfers to the Processor and the legality of data processing and instructions under the GDPR. b. The Processor shall process Data only for the purposes of the Framework Agreement and in accordance with documented instructions from the Controller. All instructions must be in writing or electronic form. Oral instructions must be confirmed in writing or text immediately. c. If the Processor believes that an instruction violates applicable laws, it shall promptly notify the Controller. The Processor may suspend implementation of the instruction until it has been confirmed or amended by the Controller. d. If Data are processed according to legal provisions and contrary to Controller instructions, the Processor must inform the Controller in advance of the processing operation and the lawfulness of processing, except when contrary to an important public interest. The Controller is accountable for evaluating the lawfulness of the Data processing and ensuring the rights of the data subjects are protected. The Controller ensures that the processing of the Data by the Processor, in accordance with this DPA and the instructions, does not contravene any applicable legal provisions.f. The Controller must promptly inform the Processor if it detects any errors or irregularities while reviewing the order processing.g. The Controller is obligated to maintain the confidentiality of any knowledge of the Processor's trade secrets obtained within the contractual relationship. h. The Controller is required to document their instructions to the Processor.**4.** ** ****Measures to Improve Data Protection**a. The Data Processor shall ensure that all authorized persons who process the Data, such as employees and subcontractors, have agreed in writing to maintain confidentiality and security, or are subject to an appropriate legal obligation of confidentiality and security. b. The Processor shall design their internal organization to meet the specific data protection requirements within their area of responsibility. They must take appropriate technical and organizational measures to ensure the confidentiality, integrity, availability, and capacity of the systems and services for long-term processing in compliance with GDPR requirements. c. The Controller is responsible for ensuring that the technical and organizational measures implemented by the Processor provide adequate protection for the risks associated with processing the Data. The Controller is also aware of the current technical and organizational measures and the procedure for reviewing, assessing, and evaluating their effectiveness. d. The Processor may adjust the measures during the contractual relationship due to technical and organizational developments, provided there is no compromise on agreed-upon standards.**5.**** ****Subcontracting** Prior written consent of the Controller is required for awarding contracts with subcontractors for processing Personal Data covered by the contract.The Controller grants the Processor general authorization to use subcontractors in accordance with the provisions of this DPA. The Processor shall inform the Controller in a timely manner of any intended change with respect to the use or replacement of other subcontractors. The Controller may object to the change within 30 days if there is a valid reason. The objection must be in writing, specifying the reasons for the objection. Any further outsourcing by the subcontractor requires the express consent of the Controller.The Processor must ensure that authorized subcontractors have data protection obligations fundamentally comparable to those contained in this Agreement before processing Personal Data of the Controller.Subcontractors are service providers whose services are directly related to the provision of the main service under the Framework Agreement and concern the processing of Data. Ancillary services, such as telecommunications services, postal/transport services, maintenance and user service, or the disposal of data carriers, are excluded from this definition. The Processor is obliged to take appropriate and legally compliant contractual agreements and control measures to ensure that the Data of the Controller is protected, even in the case of outsourced ancillary services.The Processor or its subcontractors process the Data in Sweden unless otherwise agreed. Processing of Data outside the EEA and Sweden requires the Processor to ensure that the conditions for transferring the data to third countries in accordance with the DPA are met. The Processor shall provide proof of compliance upon request.**6.**** ****Data and Personal Locations** Employees of the Processor may process the Data from personal locations as part of distant or hybrid work conditions, subject to appropriate measures being in place. The Controller authorizes the processing of such Data only, if necessary, Data protection and data security measures are in place.If Data is processed in / from private space, access to the such space for the purpose of order control must be agreed with the Controller in advance. The Processor assures that all residents of these private apartments understand that severity and agree with this provision.**7.**** ****Responsibilities of the Processor**a. The Processor must assist the Controller in fulfilling requests and claims made by affected individuals in accordance with Chapter III of the GDPR and in fulfilling the obligations outlined in Articles 33 to 36 of the GDPR. b. The Controller is primarily responsible for executing data subject rights. However, the Processor will follow the documented instructions of the Controller for handling requests related to the deletion concept, the right to be forgotten, correction, data portability, and information. If the services under the Framework Agreement do not already include this, the Controller will pay a reasonable fee to the Processor for this assistance.c. If a data subject request can be attributed to the Controller, the Processor will forward the request to the Controller.d. The Processor will immediately notify the Controller if it discovers any breaches related to the protection of the Controller's Data.**8.**** ****Proof of Compliance**a The Processor shall provide the Controller with sufficient proof / information of compliance with the obligations stated in this contract through appropriate means, which may include regular reports, audit reports, certifications, or other similar documentation.b. In the event that inspections by the Controller or an appointed auditor are necessary, they shall be conducted during normal business hours after reasonable notification to the Processor. The inspection must take into account any legitimate confidentiality interests and legal or contractual confidentiality obligations. c. Prior to the audit, the auditing persons must sign a confidentiality agreement with regard to the Processor's data, as well as any other customer data and technical and organizational measures established by the Processor.d. The Controller shall bear all costs associated with inspections, including those for the employee provided by the Processor.**9.**** ****Duties after Completion of Agreement**The Processor shall transfer to the Controller all Personal Data under its control that are associated with the contractual relationship, or destroy them in accordance with applicable data protection regulations, or completely anonymize them upon completion of the contractually agreed work or upon the Controller's request, at the latest upon termination of the service agreement. The Processor shall also include test and defective materials in this transfer or destruction. The Processor shall provide a record of the deletion upon request.**10.** ** ****Liability and Limitations**a. Both the Controller and the Processor are accountable to data subjects under the provisions of Art. 82 of the GDPR. However, regarding their internal relationship, the Processor shall only be held liable for damages resulting from a processing operation if it fails to comply with the obligations specifically imposed on it by the DPA, or if it acts in breach or contrary to the lawful instructions of the Controller.b. Additionally, the liability limitations outlined in the Framework Agreement shall be applicable.**11.** ** ****Other Provisions**a. STAKATER reserves the right to modify this DPA at any time and will notify customers of the changes in a suitable manner, including electronically. b. Any changes or additions to this DPA will become a binding part of the agreement unless the Customer objects within 30 days of being informed of the amended provisions.c. If any provision of this DPA or the remaining contract is found to be invalid, ineffective, or unenforceable, such provision shall be replaced with a valid and enforceable provision that best reflects the intent of the original provision and corresponds to the economic balance of the Parties.d. This contract and any disputes arising from it shall be governed exclusively by Swedish law.** +1. **Responsibilities of Data Controller** + + 1. The Controller bears sole responsibility for complying with data protection laws, including ensuring the legality of data transfers to the Processor and the legality of data processing and instructions under the GDPR. + 1. The Processor shall process Data only for the purposes of the Framework Agreement and in accordance with documented instructions from the Controller. All instructions must be in writing or electronic form. Oral instructions must be confirmed in writing or text immediately. + 1. If the Processor believes that an instruction violates applicable laws, it shall promptly notify the Controller. The Processor may suspend implementation of the instruction until it has been confirmed or amended by the Controller. + 1. If Data are processed according to legal provisions and contrary to Controller instructions, the Processor must inform the Controller in advance of the processing operation and the lawfulness of processing, except when contrary to an important public interest. The Controller is accountable for evaluating the lawfulness of the Data processing and ensuring the rights of the data subjects are protected. The Controller ensures that the processing of the Data by the Processor, in accordance with this DPA and the instructions, does not contravene any applicable legal provisions. + 1. The Controller must promptly inform the Processor if it detects any errors or irregularities while reviewing the order processing. + 1. The Controller is obligated to maintain the confidentiality of any knowledge of the Processor's trade secrets obtained within the contractual relationship. + 1. The Controller is required to document their instructions to the Processor. + +1. **Measures to Improve Data Protection** + + 1. The Data Processor shall ensure that all authorized persons who process the Data, such as employees and subcontractors, have agreed in writing to maintain confidentiality and security, or are subject to an appropriate legal obligation of confidentiality and security. + 1. The Processor shall design their internal organization to meet the specific data protection requirements within their area of responsibility. They must take appropriate technical and organizational measures to ensure the confidentiality, integrity, availability, and capacity of the systems and services for long-term processing in compliance with GDPR requirements. + 1. The Controller is responsible for ensuring that the technical and organizational measures implemented by the Processor provide adequate protection for the risks associated with processing the Data. The Controller is also aware of the current technical and organizational measures and the procedure for reviewing, assessing, and evaluating their effectiveness. + 1. The Processor may adjust the measures during the contractual relationship due to technical and organizational developments, provided there is no compromise on agreed-upon standards. + +1. **Subcontracting** + + Prior written consent of the Controller is required for awarding contracts with subcontractors for processing Personal Data covered by the contract. + + The Controller grants the Processor general authorization to use subcontractors in accordance with the provisions of this DPA. The Processor shall inform the Controller in a timely manner of any intended change with respect to the use or replacement of other subcontractors. The Controller may object to the change within 30 days if there is a valid reason. The objection must be in writing, specifying the reasons for the objection. Any further outsourcing by the subcontractor requires the express consent of the Controller. + + The Processor must ensure that authorized subcontractors have data protection obligations fundamentally comparable to those contained in this Agreement before processing Personal Data of the Controller. + + Subcontractors are service providers whose services are directly related to the provision of the main service under the Framework Agreement and concern the processing of Data. Ancillary services, such as telecommunications services, postal or transport services, maintenance and user service, or the disposal of data carriers, are excluded from this definition. + + The Processor is obliged to take appropriate and legally compliant contractual agreements and control measures to ensure that the Data of the Controller is protected, even in the case of outsourced ancillary services.The Processor or its subcontractors process the Data in Sweden unless otherwise agreed. Processing of Data outside the EEA and Sweden requires the Processor to ensure that the conditions for transferring the data to third countries in accordance with the DPA are met. The Processor shall provide proof of compliance upon request. + +1. **Data and Personal Locations** + + Employees of the Processor may process the Data from personal locations as part of distant or hybrid work conditions, subject to appropriate measures being in place. The Controller authorizes the processing of such Data only, if necessary, Data protection and data security measures are in place. + + If Data is processed in or from private space, access to the such space for the purpose of order control must be agreed with the Controller in advance. The Processor assures that all residents of these private apartments understand that severity and agree with this provision. + +1. **Responsibilities of the Processor** + + 1. The Processor must assist the Controller in fulfilling requests and claims made by affected individuals in accordance with Chapter III of the GDPR and in fulfilling the obligations outlined in Articles 33 to 36 of the GDPR. + + 1. The Controller is primarily responsible for executing data subject rights. However, the Processor will follow the documented instructions of the Controller for handling requests related to the deletion concept, the right to be forgotten, correction, data portability, and information. If the services under the Framework Agreement do not already include this, the Controller will pay a reasonable fee to the Processor for this assistance. + + 1. If a data subject request can be attributed to the Controller, the Processor will forward the request to the Controller. + + 1. The Processor will immediately notify the Controller if it discovers any breaches related to the protection of the Controller's Data. + +1. **Proof of Compliance** + + 1. The Processor shall provide the Controller with sufficient proof or information of compliance with the obligations stated in this contract through appropriate means, which may include regular reports, audit reports, certifications, or other similar documentation. + + 1. In the event that inspections by the Controller or an appointed auditor are necessary, they shall be conducted during normal business hours after reasonable notification to the Processor. The inspection must take into account any legitimate confidentiality interests and legal or contractual confidentiality obligations. + + 1. Prior to the audit, the auditing persons must sign a confidentiality agreement with regard to the Processor's data, as well as any other customer data and technical and organizational measures established by the Processor. + + 1. The Controller shall bear all costs associated with inspections, including those for the employee provided by the Processor. + +1. **Duties after Completion of Agreement** + + The Processor shall transfer to the Controller all Personal Data under its control that are associated with the contractual relationship, or destroy them in accordance with applicable data protection regulations, or completely anonymize them upon completion of the contractually agreed work or upon the Controller's request, at the latest upon termination of the service agreement. The Processor shall also include test and defective materials in this transfer or destruction. The Processor shall provide a record of the deletion upon request. + +1. **Liability and Limitations** + + 1. Both the Controller and the Processor are accountable to data subjects under the provisions of Art. 82 of the GDPR. However, regarding their internal relationship, the Processor shall only be held liable for damages resulting from a processing operation if it fails to comply with the obligations specifically imposed on it by the DPA, or if it acts in breach or contrary to the lawful instructions of the Controller. + + 1. Additionally, the liability limitations outlined in the Framework Agreement shall be applicable. + +1. **Other Provisions** + + 1. STAKATER reserves the right to modify this DPA at any time and will notify customers of the changes in a suitable manner, including electronically. + + 1. Any changes or additions to this DPA will become a binding part of the agreement unless the Customer objects within 30 days of being informed of the amended provisions. + + 1. If any provision of this DPA or the remaining contract is found to be invalid, ineffective, or unenforceable, such provision shall be replaced with a valid and enforceable provision that best reflects the intent of the original provision and corresponds to the economic balance of the Parties. + + 1. This contract and any disputes arising from it shall be governed exclusively by Swedish law. diff --git a/content/legal-documents/gtc.md b/content/legal-documents/gtc.md index b59d9c5a..6828c131 100644 --- a/content/legal-documents/gtc.md +++ b/content/legal-documents/gtc.md @@ -40,7 +40,7 @@ 1. Stakater services are meant to be offered only for legal purposes, allowed by law. The Customer is not allowed to use the Services to commit or support criminal acts, and must assume complete responsibility and take necessary actions to prevent criminal use by its own users or its third parties. - 1. If a third party claims a violation of rights by the data, content, and/or information provided by the Customer, STAKATER is entitled to suspend the data, content, and/or information as appropriate and permissible under the GTC or Framework Agreement. + 1. If a third party claims a violation of rights by the data, content, or information provided by the Customer, STAKATER is entitled to suspend the data, content, or information as appropriate and permissible under the GTC or Framework Agreement. 1. **Invoicing and Payment** @@ -54,11 +54,11 @@ 1. If the Customer fails to make full payment by the end of the payment period, they will be liable to pay late payment fees on outstanding charges. - 1. After the payment period expires, STAKATER has the right to discontinue Services and/or terminate the Agreement without notice or compensation. The Customer will be charged for STAKATER's expenses related to any adjustments, debt collection costs, court and legal fees. + 1. After the payment period expires, STAKATER has the right to discontinue Services or terminate the Agreement without notice or compensation. The Customer will be charged for STAKATER's expenses related to any adjustments, debt collection costs, court and legal fees. 1. The Customer is not authorized to assert or lodge a settlement. - 1. STAKATER can change its service charges with one (1) month's notice period, effective at the end of the following month unless a term commitment has been agreed between Stakater and customer. For term commitment contracts, charges shall be locked for the agreed term. However, early termination / exist charges shall be applicable for premature termination. + 1. STAKATER can change its service charges with one (1) month's notice period, effective at the end of the following month unless a term commitment has been agreed between Stakater and customer. For term commitment contracts, charges shall be locked for the agreed term. However, early termination or exit charges shall be applicable for premature termination. 1. **Term of Agreement and Termination** @@ -100,7 +100,7 @@ 1. If there are dependencies to third parties such as IT infrastructure of third-party providers or if the disruption or failure was caused by the Customer or by a person attributable to him. - 1. STAKATER provides no guarantee that the data, content and / or information transmitted by the Customer to the servers of STAKATER remain available after the termination of this Agreement. + 1. STAKATER provides no guarantee that the data, content or information transmitted by the Customer to the servers of STAKATER remain available after the termination of this Agreement. 1. **Acceptance, Defect Rectification and SLA** diff --git a/content/legal-documents/sla.md b/content/legal-documents/sla.md index 4db0aaa3..2a88e20f 100644 --- a/content/legal-documents/sla.md +++ b/content/legal-documents/sla.md @@ -1,6 +1,6 @@ # Service Level Agreement (SLA) -`Version: 31 Jan 2023` +`Version: 9 May 2023` This SERVICE LEVEL AGREEMENT ("**SLA**") is by and between **Stakater** and you ("**Customer**"). Each a "Party", and together the "Parties". @@ -50,9 +50,9 @@ This SERVICE LEVEL AGREEMENT ("**SLA**") is by and between **Stakater** and you - 6.1.5 The unavailability of the cloud-based services used by Stakater; - - 6.1.6 In the case of Stakater having insufficient privileges to the Customers cloud environment/s to perform required maintenance and support tasks; + - 6.1.6 In the case of Stakater having insufficient privileges to the Customers cloud environments to perform required maintenance and support tasks; - - 6.1.7 Due to issues caused by software/application bugs or faults as confirmed by the upstream vendors or product owners that are out of Stakaters control to patch and remediate; + - 6.1.7 Due to issues caused by software or application bugs or faults as confirmed by the upstream vendors or product owners that are out of Stakaters control to patch and remediate; - 6.1.8 Blocking or throttling by an internet service provider or transit provider; @@ -134,7 +134,7 @@ This SERVICE LEVEL AGREEMENT ("**SLA**") is by and between **Stakater** and you ## 12. Service Improvements -- 12.1 Stakater will make available to customers new versions, releases, and updates to the Service to solve defects and/or errors, keep the Service up-to-date with market developments, or otherwise improve the Service. Stakater will only support the most recent version of the Service. +- 12.1 Stakater will make available to customers new versions, releases, and updates to the Service to solve defects or errors, keep the Service up-to-date with market developments, or otherwise improve the Service. Stakater will only support the most recent version of the Service. - 12.2 New versions, releases, or updates will contain at least the level of functionality as set out in this SLA and as contained in the version or release of the Service previously used by Customer, and will not otherwise negatively impact Customer’s use of the Service. Stakater shall make reasonable efforts to ensure that when performing such actions, the impact on Customer and its customer(s) is limited. @@ -158,7 +158,7 @@ The SLA does not apply to any: - 13.5.3 that resulted from abuses or other behaviours that violate the SLA; - - 13.5.4 that resulted from quotas/limits applied by the system; + - 13.5.4 that resulted from quotas or limits applied by the system; - 13.5.5 that resulted from cluster nodes running out of capacity; @@ -168,7 +168,7 @@ The SLA does not apply to any: - 13.5.8 that resulted from Customer attempts to perform operations that exceed prescribed quotas or allowed permissions or that resulted from Stakater’s throttling of suspected abusive behaviour; - - 13.5.9 that resulted from Customer attempts to perform operations on the account/subscription/etc. being managed by Stakater, even though Customer has permissions they should treat them as read only; + - 13.5.9 that resulted from Customer attempts to perform operations on the account or subscription being managed by Stakater, even though Customer has permissions they should treat them as read only; - 13.5.10 for subscriptions reserved, but not paid for, at the time of the incident. From a5d98808def43baf6c7561f48f44b6fec117d8cd Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 21:59:51 +0200 Subject: [PATCH 09/10] update --- content/legal-documents/agreement.md | 2 +- content/legal-documents/dpa.md | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/content/legal-documents/agreement.md b/content/legal-documents/agreement.md index 5ad10013..b40a8a38 100644 --- a/content/legal-documents/agreement.md +++ b/content/legal-documents/agreement.md @@ -40,7 +40,7 @@ from 1. **Orders and Changes** 1. The CUSTOMER can make a written request to STAKATER at any time by giving details of the desired services for an order. STAKATER may either reject the order, discuss further details with the CUSTOMER or make a non-binding proposal to the CUSTOMER using the completed order form in accordance with (the "**Order Form**"). The order is only validated by the legally valid signature (including e-signature) of the order by both Parties. - 1. A change to an existing order can be agreed in binding directly by e-mail or in the customer portal by the authorized persons designated by the Parties. + 1. A change to an existing order can be agreed in binding directly by email or in the customer portal by the authorized persons designated by the Parties. 1. Each order is subject to the provisions of this Framework Agreement and its Annexes if any. 1. **Scope of Services and Charges** diff --git a/content/legal-documents/dpa.md b/content/legal-documents/dpa.md index c27a0642..8f6e92c8 100644 --- a/content/legal-documents/dpa.md +++ b/content/legal-documents/dpa.md @@ -4,7 +4,7 @@ 1. **Objectives of DPA** - 1. The Parties, STAKATER and the Customer, have entered into a contract for specific IT services, referred to as the "Framework Agreement." In the performance of the "Framework Agreement", STAKATER processes personal data, referred to as the "Data," on behalf of the Customer. + 1. The Parties, STAKATER and the Customer, have entered into a contract for specific IT services, referred to as the ["Framework Agreement."](./agreement.md) In the performance of the "Framework Agreement", STAKATER processes personal data, referred to as the "Data," on behalf of the Customer. 1. This Data Processing Agreement (DPA) governs the processing of Customer Data by STAKATER in accordance with Article 28 of the [EU General Data Protection Regulation (GDPR)](../for-cisos/data-protection/gdpr.md). @@ -12,7 +12,7 @@ 1. The characteristics of the Data, the categories of individuals whose data is being processed, and the duration and objectives of the processing are as follows, unless otherwise explicitly stated in the Framework Agreement: - 1. **Data type:** The processed Data includes personal master data, communication data (e.g. e-mail, chat), registration data, documents, and other data in electronic format that the Processor processes for the Controller in connection with the main contractual services. The Controller assures that no data that requires special protection will be transferred for processing without prior agreement. + 1. **Data type:** The processed Data includes personal master data, communication data (e.g. email, chat), registration data, documents, and other data in electronic format that the Processor processes for the Controller in connection with the main contractual services. The Controller assures that no data that requires special protection will be transferred for processing without prior agreement. 1. **Categorization of data subjects:** Employees, customers, suppliers, and any other individuals associated with the data controller whose data the Controller transmits to the Processor under the Framework Agreement. @@ -41,13 +41,13 @@ Prior written consent of the Controller is required for awarding contracts with subcontractors for processing Personal Data covered by the contract. - The Controller grants the Processor general authorization to use subcontractors in accordance with the provisions of this DPA. The Processor shall inform the Controller in a timely manner of any intended change with respect to the use or replacement of other subcontractors. The Controller may object to the change within 30 days if there is a valid reason. The objection must be in writing, specifying the reasons for the objection. Any further outsourcing by the subcontractor requires the express consent of the Controller. + The Controller grants the Processor general authorization to use subcontractors in accordance with the provisions of this DPA. The Processor shall inform the Controller in a timely manner of any intended change with respect to the use or replacement of other subcontractors. The Controller may object to the change within thirty (30) days if there is a valid reason. The objection must be in writing, specifying the reasons for the objection. Any further outsourcing by the subcontractor requires the express consent of the Controller. The Processor must ensure that authorized subcontractors have data protection obligations fundamentally comparable to those contained in this Agreement before processing Personal Data of the Controller. Subcontractors are service providers whose services are directly related to the provision of the main service under the Framework Agreement and concern the processing of Data. Ancillary services, such as telecommunications services, postal or transport services, maintenance and user service, or the disposal of data carriers, are excluded from this definition. - The Processor is obliged to take appropriate and legally compliant contractual agreements and control measures to ensure that the Data of the Controller is protected, even in the case of outsourced ancillary services.The Processor or its subcontractors process the Data in Sweden unless otherwise agreed. Processing of Data outside the EEA and Sweden requires the Processor to ensure that the conditions for transferring the data to third countries in accordance with the DPA are met. The Processor shall provide proof of compliance upon request. + The Processor is obliged to take appropriate and legally compliant contractual agreements and control measures to ensure that the Data of the Controller is protected, even in the case of outsourced ancillary services. The Processor or its subcontractors process the Data in Sweden unless otherwise agreed. Processing of Data outside the EU and Sweden requires the Processor to ensure that the conditions for transferring the data to third countries in accordance with the DPA are met. The Processor shall provide proof of compliance upon request. 1. **Data and Personal Locations** @@ -89,7 +89,7 @@ 1. STAKATER reserves the right to modify this DPA at any time and will notify customers of the changes in a suitable manner, including electronically. - 1. Any changes or additions to this DPA will become a binding part of the agreement unless the Customer objects within 30 days of being informed of the amended provisions. + 1. Any changes or additions to this DPA will become a binding part of the agreement unless the Customer objects within thirty (30) days of being informed of the amended provisions. 1. If any provision of this DPA or the remaining contract is found to be invalid, ineffective, or unenforceable, such provision shall be replaced with a valid and enforceable provision that best reflects the intent of the original provision and corresponds to the economic balance of the Parties. From f58dbe1b4e798ba4d8a089e1f087964a75016d87 Mon Sep 17 00:00:00 2001 From: Karl Johan Grahn Date: Tue, 9 May 2023 22:05:50 +0200 Subject: [PATCH 10/10] update --- content/legal-documents/pp.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/content/legal-documents/pp.md b/content/legal-documents/pp.md index 6d2748e2..0557a91b 100644 --- a/content/legal-documents/pp.md +++ b/content/legal-documents/pp.md @@ -1,3 +1 @@ # Privacy Policy - -`Version: 9 May 2023`