1.
Application <p>These terms apply to the services offered by Seravo Oy (hereinafter
referred to as “Supplier”) for business customers
(hereinafter referred to as “Customer”).
These services are not
meant for individual consumers.
Services refer to both
consulting services and services that have been produced by means of information
technology.</p>
<p>The Customer approves these terms by ordering a service from the
Supplier.
The terms shall enter into force on 2018-05-25 and they supersede
any previous terms.
Previous terms shall, however, be valid until the end
of the agreement period for such customers that have terminated their
service before the entry into force of the new terms.</p> 2.
Entering into an Agreement <p>The Customer and the Supplier will enter into an agreement, when the Customer
has notified to have approved the Supplier's quote or work estimate, when the
Supplier has confirmed the order in writing, when the delivery of the service
has been started and it has been informed to the Customer, or when the Customer
has paid for the ordered service, whichever of the above takes place first.</p>
<p>The Supplier may reject the agreement or postpone or suspend delivery,
if the Customer has any unpaid receivables or the Supplier has otherwise
justified reasons to suspect that the Customer will violate the
agreement.</p> 3.
Delivery and acceptance of the service <p>A one-time service is delivered, or a continuous service delivery has
started, when the Supplier so informs and the Customer has the opportunity
to review the contents of the service.</p>
<p>The Supplier shall deliver the service as it sees most appropriate in
such a way as it has been described in the service description or has been
otherwise separately agreed with the Customer.
In its deliveries, the
Supplier may use subcontractors or other contractual partners.</p>
<p>The Supplier has the right to make technical and other changes to the
service, if the content of the service is not significantly changed.
The
Supplier also has the right to make significant changes to the service, if
the benefit is self-evident to the Customer, such as the introduction of a
new technology.
The Supplier is also entitled to make changes, if
legislation changes, an authority requires so or if the implementation of
the change is justified in order to avoid a future risk or damage.</p>
<p>The Supplier shall inform of any major service changes in advance.
If
informing in advance is not possible, the Supplier shall inform of the
change as soon as it is possible.</p>
<p>The delivery of the service shall be deemed to have been accepted, when
the Customer so informs, or when the Customer pays for the service.
The
service delivery shall also be deemed to have been accepted, if the
Customer has not approved the delivery within two weeks of the Supplier's
notice and has not presented a reclamation either.</p> 4.
Supplier's obligations <p>In terms of the consulting services, the Supplier is obliged to deliver a
person, in accordance with the service description, who has sufficient
skills and who is available at agreed times for at least the amount of time
corresponding to the work estimate.</p>
<p>The Supplier is responsible for ensuring that the information technology
services' environment is appropriately secured, monitored, maintained and
confirmed.</p> 5.
Customer's obligations <p>The Customer is obliged to familiarise themselves with the Supplier's
notices, which have been delivered to the Customer, to the informed address.
The Customer is obliged to inform the Supplier of any changed contact
details.</p>
<p>The Customer undertakes to comply with the instructions and user terms
concerning ordered services.
If several persons participate in the use of
the Customer's services, the Customer is responsible for such personnel
being provided the same information that the Customer has been
provided.</p>
<p>The Customer is responsible for the safe distribution and storage of
usernames and passwords, as well as for the use of sufficiently random
passwords and the regular changing of passwords.</p>
<p>The Customer is responsible for all content on his/her own computers
and, therefore, any content imported in to the Supplier's service, in order
to ensure that the content or its use does not violate copyrights, data
protection or other legislation concerning data processing or
distribution.</p>
<p>The Customer undertakes to use the Supplier's services in such a way
that the activities do not violate any legislation, regulations and are not
contrary to good practice, and the Customer's activities do not cause harm
to other customers or the Supplier's business activities.
The Customer is
liable to pay compensation, if a third party claims for damages from the
Supplier for a reason caused by the Customer.</p> 6.
Information security and data protection 6.1 Information security <p>The Supplier is committed to the industry’s best security practices and
guarantees that it has: </p>
<ul>
<li>the ability to maintain the continuous confidentiality, integrity, usability and fault tolerance of information management system services;</li>
<li>the ability to rapidly restore the availability and access to information in the event of a technical or physical malfunction;</li>
<li>A procedure, that regularly tests, inspects and evaluates the efficiency of data processing in organizational and technical procedures to ensure data security.</li>
</ul>
<p>The supplier is responsible for the security of their own system to
the extent that it has implemented and provided to the Customer according
to the service description.
The Supplier is not responsible for third-party
software, that include, but are not limited to, Customer acquired WordPress
themes, plugins and the modules and libraries included in said third-party
software.</p>
<p>The Supplier offers technology that can advance the security of all
components, but the Supplier cannot guarantee that no security
violations happen.</p>
<p>The Customer has no right to break or circumvent the Supplier managed and
protected information system’s technical protection methods.
If the Customer
wishes to conduct an information security audit, they must make a written
security auditing contract with the Supplier in advance of conducting any
testing.
The contract will include a waiver, the time of the time audit as well
as the limitation of disruption caused by the audit.</p> 6.2 Data Protection <p>The service provided by the Supplier can be used for the management and
storage of personal data according to the European Union’s General Data
Protection Regulation (GDPR).
Data protection and matters related to it are
described in the data protection appendix.</p> 7.
Availability of network service (SLA) <p>The Supplier is obliged to ensure that the offered network services are
available 99.9% at all times.
Other service levels may be agreed in
separate service agreements.</p>
<p>Service and maintenance measures, as well as other measures causing
downtime, shall be carried out when the service has the least use on an
average basis, mainly at night.
The service has no regular maintenance
hours' practice, but the maintenance is carried out as soon or as often as
it is functionally justified.
The availability guarantee concerns the
service throughout the entire period, and the Supplier is responsible for
ensuring that the downtime required by the maintenance measures remains
within the framework of the availability guarantee.</p>
<p>If the availability level is not achieved, the Customer is refunded the
amount corresponding to the duration of the downtime multiplied by 50,
however, no more than an amount corresponding to one month's service fee.
Refunds of less than 10 euros shall not be paid.</p> 8.
Service error <p>The service is considered to have an error, if it differs from the
features determined in the agreement, order confirmation or service
description, subject to the fact that the deviation effects the use of the
service.</p>
<p>The Supplier aims to deliver a highest quality and error-free
service.
The Customer shall inform of any observed errors in writing.
Both
parties are only responsible for their own part for the work time used for
investigating the error and any other costs.
The Supplier shall not invoice
the Customer for unnecessary notices.</p>
<p>The Customer must inform of an error in writing no later than eight days
after he/she has observed the error or he/she should have observed the
error, otherwise the Customer loses his/her right to compensation or the
rescission of the agreement.
Compensation must be claimed in writing within
one month after informing about the error.</p>
<p>The Supplier is obliged to correct any significant errors in the
services without delay during normal operating hours.
If the error has been
caused by a third party.
such as a public communications network error or a
software error, which has effects beyond the Supplier's systems, the
Supplier is obliged to take such measures, which the Supplier is reasonably
able to.</p>
<p>In the service, the Customer may have the possibility to make such
changes to the data system that is in his/her use, but maintained by the
Supplier, which have a significant impact on the operation of the data
system.
The Supplier shall not be required to correct any errors, which the
Customer has caused with his/her operations.</p> 9.
Suspension or discontinuation of the service <p>The Supplier has the right to temporarily suspend the service, if the
ensuring the service's long-term functionality requires it, such as, for
example, in order to investigate exceptional disturbances or security
violations.</p>
<p>The Supplier has the right to suspend or discontinue the service, if the
Customer is in breach of the agreement terms.
The Supplier must, however,
provide notice of such action in advance, so that the Customer has the
opportunity to correct matters.
If the breach of contract is serious, the
service may be cancelled without delay.
The Supplier may also suspend or
discontinue the service at the order of a court or other authority.</p>
<p>The Supplier may discontinue the service for a fixed term or until
further notice at the request of the Customer.
The Supplier reserves the
right to charge an additional fee for reopening the service.</p>
<p>In connection with discontinuing the service, the Supplier shall deliver
to the Customer, at no additional charge, all the materials in the
Customer's service, such as files and databases.
The Customer has the right
to use them in another service to the extent that the copyrights and
licenses of any possibly licensed materials permit this.
The Supplier aims
to prefer open source software in order to promote supplier
independence.</p> 10.
Payments and billing <p>The Customer shall pay the Supplier the payment for the service in
accordance with the price list or the payment determined in writing in
accordance with the customer-specific order confirmation or work estimate.
The Customer is required to pay the value added tax and any other fees
under public law.</p>
<p>The billing period of the is one year, month or as agreed at the time of
the order.
Services are billed in advance.
For consulting services,
billing may also be done afterwards.</p>
<p>Terms of payment are net 14 days.
The late payment interest is in
accordance with the Interests Act (in 2018 ECB's benchmark interest rate +
8 %).</p>
<p>Paid payments are non-refundable.
If the Customer wishes to upgrade
their service level or capacity, the previously paid amount shall be
refunded in the payment of the more expensive service.
If the Customer
wants a lower service level, the lower price shall enter into force, when
the new billing period begins.
If the Customer does not want to pay new
invoices, the service must be terminated before the following billing
period's invoice is sent.</p>
<p>One written reminder is sent for unpaid invoices, which is not subject
to any fees.
After this, the invoice is sent to collections, and the
Customer is liable for the additional costs.</p>
<p>The Supplier has the right to review its pricing, in which case the new
prices shall apply to all new orders from the time of change, as well as to
current orders from the start of the new agreement term.</p>
<p>If any changes occur with the taxes or regulatory fees concerning the
service, the Supplier may review its pricing to correspond these changes,
without any time restrictions.</p> 11.
Damages compensation and limitation of liability <p>Neither the Supplier or the Customer is responsible for indirect damages
to either party, unless the damages are deliberate or a result of gross
negligence.</p>
<p>The Supplier’s compensation due to an error in the service is limited to
an amount corresponding to the service fee of up to three months.
The Supplier
shall not compensate any indirect damages or the Customer's loss of working
hours or income.</p> 12.
Validity of the agreement <p>The agreement term and billing period are the same.
The agreement term
shall continue automatically, when the billing period changes, to a period
of time corresponding to the billing period, unless the agreement has been
terminated in writing at least one month before the end of the agreement
term.</p>
<p>If the Customer wishes to terminate the agreement term prematurely, the
Supplier may, at its sole discretion, terminate the agreement before the
end of the agreement term.
In this case, however, the payment already paid
for the service's agreement term shall not be refunded.
The Supplier may also
stop providing the service before the end of an agreement term for a Customer
who has terminated their agreement, if the service is clearly not in use
anymore or ensuring the service’s functionality is unnecessary or
impossible.</p>
<p>By utilising the trader's right to withhold, the Supplier has the right to
discontinue providing the service, refuse releasing or transferring the
Customer's details, domain or other details or logins related to the management
of the service, if the Customer has not paid the payments in accordance with
the agreement or has failed to meet any other contractual obligations towards
the Supplier.</p> 13.
Force majeure <p>The Supplier shall not be required to fulfil the agreement, if its
fulfilment is prevented, or is unreasonably exacerbated, as a result of
force majeure, such as a strike or labour action, state of emergency, war,
wide disturbance in the communications or electricity network, natural
disaster, terrorist attack, coercive measures of an authority, other legal
measure or other exceptional situations.</p> 14.
Applicable law and disputes <p>The relations between the Customer and the Supplier shall be governed by
Finnish law, however, not the provisions concerning the choice of
international private law.</p>
<p>Any disputes between the Customer and the Supplier shall be settled at
the District Court of Pirkanmaa.</p> Appendix for data protection and handling of personal data 1.
General <p>This appendix complements the terms of service in the areas of data
protection, information security and handling of personal data.
The appendix
enters the Supplier and the Customer into an agreement according to the
requirements set in the European Union’s General Data Protection Regulation
(GDPR) Article 28(3).</p> 2.
The Customer’s responsibilities <p>If the Customer handles personal data with their web service, the Customer
will act as the data controller and the Supplier as the data processor.</p>
<p>The Customer is responsible for determining what sort of data is recorded,
how the data is handled (including possible pseudonymization) and how the data
is shared.</p>
<p>The Customer is responsible for ensuring the correct design and development
of their web service, either by a third-party developer or subcontractor or by
themselves.
If the website is a part of a larger information system, especially
one that handles sensitive information (such as medical records), the Customer
is responsible for the proper separation of the individual systems in order to
prevent a major leak in case of a security breach on the website.</p> 3.
The Supplier’s responsibilities <p>The Supplier does not monitor the data stored by the Customer, but the
information security practices are designed in a manner that the Customer can
store personal data in their web service.</p>
<p>The Supplier is responsible for developing their service in a manner that
allows for data and information security to actualize by default when the
service is used normally, and that the Customer has tools available which
support them in acting as the data controller and in providing their customers
with the required rights in the typical use of the Supplier’s service.
An
example of typical use is the inspection or removal of user data stored in the
database of a WordPress website.</p> 4.
The rights of the data subjects <p>The Supplier does not handle any third-party GDPR or data protection related
requests on behalf of the Customer.
The requests are forwarded to the Customer
as is, who must then verify their authenticity and take responsibility for the
requests as the data controller.</p> 5.
Handling of security breaches <p>The Supplier is responsible for notifying the Customer of all security
breaches without unnecessary delay, and at the latest 24 hours after the
Supplier became aware of the breach.
The notification must include the
following:</p>
<ul>
<li>A description of the security breach, including the details of which groups of data subjects and personal data registries the breach affected, and the approximate number of the aforementioned;</li>
<li>Name and contact information for the liaison of the Supplier’s employee or team handling the investigation into the security breach;</li>
<li>A description of the consequences and/or likely consequences;</li>
<li>A description of the measures taken by the Supplier due to the security breach and in order to suppress the adverse effects.</li>
<p>If it’s not possible to provide all the aforementioned information
simultaneously, the information can be supplied in batches.</p>
<p>The Customer must inform the Supplier immediately in case of a suspected
security breach.
The Customer is also required to assist in the investigation
of the security breach and to provide all the necessary information to the
Supplier.
The Supplier has the right to end an investigation into a security
breach if the Customer is not responding to contact attempts or if the benefit
of a continued investigation is clearly minor.</p> 6.
Confidentiality <p>The supplier is responsible for the contractual confidentiality of its staff.
The data stored in the service by the Customer is not read, accessed or handled
unless deemed necessary by the Supplier for the continued ability to keep
providing their services.</p> 7.
Subcontractor access to potential personal data <p>The Supplier is responsible to ensure that only their own staff and
management have legal access to the Customer’s information.
Subcontractors
are not granted access on a level that would enable them to gain entry to
possible personal data stored by the Customer in the service.</p> 8.
Storing of data <p>During the order process, the Customer has the option to choose the desired
location for their web service and the data it contains from the Supplier’s
provided list of locations available.
The Supplier does not move the service or
its data to another country without the Customer’s approval.</p>
<p>The Supplier is not permitted to transfer any personal data to a country
that is not bound by the EU’s GDPR legislation.
The Supplier is not permitted
to share any personal data with third-parties without consent.</p>
<p>The Supplier does not store any of the information on a customer’s website
indefinitely.
All data that the Customer removes themselves or the Supplier
removes after a contract ends is removed permanently.</p> 9.
Auditing <p>The Supplier will provide the Customer the necessary information for
conducting an audit when requested, and will assist in the audit to prove that
the Supplier is adhering to the decrees of this data protection appendix.</p>
<p>The Supplier does not have to provide the Customer with information that
have minor influence regarding data protection, or information that would
potentially harm the Supplier’s trade secrets or cause harm to another customer
or a third-party if it was disclosed.</p>
<p>If an audit reveals a Supplier related deficiency, the Supplier is required
to fix the deficiency without delay at their own expense.</p> 10.
Costs related to data- and information protection <p>If the data processor is required to assist the data controller in
fulfilling the GDPR legislation requirements related to security breaches,
the rights of data subjects and/or the evaluation of the effect of data
protection, the data processor is allowed to invoice a reasonable number of
working hours that were carried out at a hourly rate agreed to by both the
data controller and the data processor.
The invoicing of said hours does
require that the data controller has approved the spending of billable hours
to these purposes.</p>
</ul>