General Terms of Service and Data Processing Agreement
Updated May 2021
1 GENERAL
(1) These General Terms of Service shall be applied to the provision and use of Howspace Oy’s (“Howspace”) cloud-based digital collaboration application (“Application”) and the software-as-a-service offered based on the Application (“Service”).
(2) These General Terms and Conditions, together with the applicable online form, order form, or other service agreement (all hereinafter “Service Agreement”), shall constitute a binding agreement (“Agreement”) between Howspace and the customer entity accepting these terms and conditions (“Customer”).
(3) The prices and payment terms, term and termination of this Agreement and the service description of the Application are set out in the Service Agreement.
(4) The license to use Application and Service is granted by Howspace Oy (“Howspace”). The Service and Application shall be provided to the Customer on a software as a service (“SaaS”) basis.
(5) Customer may give user rights to Application and Service to its end customers (“End Customer(s)”) subject to the terms of this Agreement.
(6) By purchasing the Service from a website or accessing the Service otherwise, the individual acting on behalf of the Customer entity, hereby agrees that he or she is authorized to accept this Agreement on behalf of the company he or she represents and that the Customer will become bound by this Agreement.
2 USER LICENSE; INTELLECTUAL PROPERTY RIGHTS
(1) Howspace hereby grants to Customer a limited, non-exclusive, and non-transferable license to use Application, including Service, subject to any limitations in Service Agreement, solely for Customer’s and its End Customers’ internal business operations. Customer may only allow third parties to access Application or Service subject to an express written permission of Howspace. Notwithstanding the foregoing, Customer may give user rights to its End Customer and End Customer’s employees. Customer shall be liable for its End Customers’ and End Customers’ Users’ use of the Application and Service towards Howspace.
(2) The number of authorized Users shall be specified in the Service Agreement or the online order form.
(3) All right, title, and interest in and to all copyright, patent, trademark, design right, database protection right, and any other form of statutory protection of any kind (whether registered or unregistered) and applications for any of the foregoing respectively as well as any know-how, inventions, and trade secrets in or related to the Application and Service, and thereto related documentation (including modifications) and all parts and copies thereof shall remain exclusively vested with and be the sole and exclusive property of Howspace and/or its licensors or subcontractors.
(4) Except as expressly stated herein, this Agreement does not grant Customer any intellectual property rights in Application or Service and all rights not expressly granted hereunder are reserved by Howspace and its subcontractors or licensors, as the case may be.
(5) The right to use the Application and Service granted to Customer shall be valid only during the term of Service Agreement.
3 INSTALLATION ENVIRONMENT
(1) Application is installed in hardware operated by Howspace or by a third party for Howspace and Customer shall not have any license or right to install any copies of Application, Service, or any of its components in its own ICT-systems or hardware.
(2) Howspace shall operate and maintain the Application in its own technical environment or in an environment hosted for Howspace by a third party at Howspace’s selection, making it available on a “Software as a Service (SAAS)” basis.
(3) Users shall log into the Application with individualized encrypted URL links. The connection to the Application shall be encrypted using standard SSL encryption. Customer shall be responsible for the data connections from its own ICT systems to Application.
4 USER MANAGEMENT AND ACTIVATION
Unless otherwise agreed in Service Agreement, Customer shall manage Users including the creation and management of User accounts for the individual Users and respond to User questions and requests.
5 MAINTENANCE AND UPDATES
(1) Howspace shall be responsible for the maintenance of Service and shall have a right to update Service with such fixes, service packs, new releases and versions as Howspace sees fit, subject to retaining Application functionality and Service Levels.
(2) Howspace shall maintain Application following Howspace’s standard document “Hosting Service Description” made available to Customer upon request and as updated from time to time by and at the discretion of Howspace.
6 USE RESTRICTIONS
(1) Customer shall not directly or indirectly reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas or algorithms of Application; copy, modify, translate, or create derivative works based on Application; rent, lease, distribute, sell, resell, assign, or otherwise transfer rights to Application; use Application for timesharing or service bureau purposes or otherwise for the benefit of a third party; circumvent or attempt to circumvent any usage control features of the Application; or remove any proprietary notices or labels on Application.
(2) The above restriction shall also apply to the Customer having a third party perform any of the above on its behalf or under Customer instructions.
7 HOWSPACE INDEMNIFICATION
(1) Howspace shall defend any action brought against Customer if Service infringes any third-party copyright, trademark, or other intellectual property right and shall settle any such action and shall pay such damages, which
(i) a final court of competence orders Customer to pay without right of appeal; or
(ii) Customer has with Howspace’s written consent paid to a third party as part of a settlement; if the payment ordered by the court or the settlement would be a result of Service breaching a third-party intellectual property right.
(2) As a condition to Howspace’s obligations under this Section 7, the Customer shall
(i) notify Howspace promptly in writing as to any event of which Customer has knowledge that would give rise to an indemnity obligation hereunder;
(ii) provide reasonable cooperation and assistance to Howspace; and
(iii) grant Howspace full authority to manage the defence or settlement of the claim.
Howspace shall maintain control and direction of said defence at its expense, provided that Customer, at Customer’s expense, shall have the right to participate in such defence.
(3) The indemnification obligation specified above shall not apply to any claim for infringement resulting from:
(i) the combination, operation, or use of Application or Service with any code or programs not developed or supplied by Howspace if such claim would have been avoided without such combination, operation, or use;
(ii) the use of Application or Service as modified or enhanced by Customer if such modification or enhancement results in an infringing or violating product or computer program, and if the use of the unmodified Application or Service would have avoided such infringement or violation; or
(iii) the use of Application or Service in violation of the provisions of this Agreement.
(4) The indemnification set out in this section shall be Customer’s sole and exclusive remedy in case of any third-party claims relating to intellectual property right infringements.
8 CUSTOMER DATA
(1) In connection with the use of Service and Application, Customer, End Customer or Users may enter various data into the Application (“Customer Data”).
(2) The intellectual property rights in and the title to Customer Data shall belong to Customer or Customer’s End Customer as the case may be, and Customer shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of Customer Data.
(3) In addition to processing of Customer Data, Howspace and its subcontractors may process data with contact details and identification data on Customer and its employees (“Account Data”). If Howspace processes Customer Data or Account Data or any other data considered personal data on behalf of Customer as a data processor, or as Customer’s subprocessor, the terms of Appendix 1 (Data Processing Agreement) shall apply.
(4) Where the Customer processes personal data as a processor for its End Customers, who are the controllers, Howspace as a subprocessor shall commit, with reasonable effort, to assisting the Customer in fulfilling its obligations as a processor for the End Customers.
9 DISCLAIMER; LIMITATION OF LIABILITY
(1) Except as specifically provided under this Agreement, the Service and Application are provided “as is” and with the functionalities available at each time without warranty of any kind, either express or implied, including but not limited to the warranties of merchantability and fitness for a particular purpose.
(2) Howspace shall not be liable for any indirect or consequential damages. Howspace’s total aggregate liability under or in connection with this Agreement shall be limited to the aggregate service fees paid by Customer for the last 6 months immediately preceding the occurrence for which damages are claimed.
(3) Nothing contained herein shall be deemed to limit Howspace’s liability towards the Customer in the event of and to the extent that the liability results from willful misconduct or gross negligence of Howspace.
10 TERMINATION
The Customer may terminate an open-ended Agreement with 90 days’ written notice. The customer may terminate fixed-term contracts only at the end of the fixed term.
The Supplier may terminate this Agreement if the Customer is declared bankrupt, is using the Service for illegal purposes, or is in breach of this Agreement or any other agreement the Parties have entered into and does not rectify the breach within 30 days after a written notice thereof. The Customer’s failure to pay Service Fees when due shall always be deemed a breach.
All fees are non-refundable. In case of termination or expiry of this Agreement or any other agreement between the Parties, the Supplier shall not be obliged to compensate the Customer for fees already paid. The provisions which by their nature are intended to survive the termination or expiry of this Agreement shall do so.
11 CHANGES IN PRICING
The Customer may upgrade the subscription at any time by committing to a higher number of minimum users per month to take advantage of the lower price per user. The change will take effect from the start of the next billing cycle. Downgrading to a lower number of minimum users requires a notice 90 days in advance. The list prices at the time of signing this contract are specified in the online order form.
The Supplier has the right to decrease or increase its Service Fees at the end of the contract period by updating its Price List. If the contract term is open-ended the Supplier shall inform the Customer in writing about all changes to Service Fees at least 90 days prior to the changes come into force.
12 MISCELLANEOUS
(1) Governing Law. This Agreement shall be exclusively governed by and construed in accordance with the laws of Finland without regard to its choice of law provisions.
(2) Dispute Resolution. Any dispute, controversy, or claim arising out of or relating to this Agreement, or the breach, termination, or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one (1). The seat of arbitration shall be Helsinki, Finland. The language of the arbitration shall be English. The arbitral proceedings and award shall be confidential. Nothing in this Agreement shall be deemed to limit the parties’ rights to seek interim injunctive relief or to enforce an arbitration award in any court of law. With respect to any violation by Customer of any intellectual property rights and/or confidential information of Howspace and/or payment obligations against Howspace under this Agreement, Howspace shall have the right, at its sole discretion, to seek remedies in public courts within any applicable territory.
(3) Confidentiality. Neither party shall disclose to third parties any material or information received from the other party and marked as confidential or which should be understood to be confidential and shall not use such material or information for any other purposes than those stated in the Service Agreement. The confidentiality obligation shall, however, not be applied to material and information:
(i) which is generally available or otherwise public; or
(ii) which the party has received from a third party without any obligation of confidentiality; or
(iii) which was in the possession of the receiving party prior to receipt of the same from the other party without any obligation of confidentiality related thereto; or
(iv) which a party has independently developed without using material or information received from the other party.
(4) Severability. If any part of this Agreement is held to be invalid or unenforceable by any court, tribunal, or other authority having jurisdiction, this shall not affect the validity or enforceability of the rest of this Agreement. Instead, this Agreement shall be construed and interpreted so that its effect shall remain as close as legally possible to the effect it would have had without such invalidity or unenforceability.
(5) Assignment. Neither party may assign the Agreement without the prior written consent of the other party. Notwithstanding 4 the foregoing, Howspace shall be entitled to assign this Agreement in connection with a sale of its business or assets pertaining to the operations to which this Agreement relates to.
******
Appendix 1 Howspace Service Agreement: Data Processing Agreement
DATA PROCESSING AGREEMENT
(A) Howspace processes certain Personal Data (defined below) on behalf of the Customer as Data Processor for the purposes of providing Howspace platform and related services to the Customer (“Purpose”) in accordance with the terms and conditions set forth in the service agreement concluded between Howspace and the Customer (“Agreement”).
(B) The types of Personal Data, the categories of data subjects, applicable processing activities as well as the nature, purpose, and duration of the processing of Personal Data under the Agreement to which the processing of Personal Data relates are detailed in Schedule A (Summary of Data Processing) of this Appendix 1.
(C) This Appendix forms an integral part of the Agreement. In case of discrepancies between this Appendix and the Agreement, the terms and conditions set forth in this Appendix shall prevail.
(A) The following terms and conditions set forth in this Appendix concern the data processing activities of Howspace as Data Processor and/or data sub-processor with respect to the Personal Data it processes on behalf of the Customer acting as a Data Controller.
(A) Within this Appendix “Process/Processing”, “Personal Data” “Data Controller”, “Data Processor” “Data Subject”, “Personal Data Breach” and “Special Categories of Personal Data” shall have the same meaning as in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
(B) Capitalized terms set forth in the Agreement shall have the same meaning for the purposes of this Appendix, unless otherwise stated herein.
(C) Without prejudice to the Agreement or this Appendix Howspace may from time-to-time Process certain personal data of Customer’s representatives as Data Controller, when and to the extent Howspace determines the purposes and means of Processing of such personal data, as set out in applicable Data Protection Laws. The terms set out in this Appendix do not apply to personal data Howspace Processes as Data Controller.
1. HOWSPACE OBLIGATIONS
1.1. In processing Customer Data or Account Data or any other data considered as Personal Data, Howspace shall comply with the Data Protection Laws, the terms and conditions set forth in the Agreement, and documented instructions of the Customer or End Customer, as provided by the Customer to Howspace. In case the implementation and compliance with Customer’s and the End Customer’s documented instructions, as provided by Customer to Howspace, is not mandatory pursuant to the laws applicable to Howspace, Customer shall reimburse Howspace for the implementation of such documented instructions and Howspace shall be entitled to invoice the work carried out for such implementation.
1.2. Howspace shall Process the Personal Data only in accordance with the terms of the Agreement and any lawful and documented instructions reasonably given by Customer or End Customer from time to time, as referred to in section 1.1 above.
1.3. Howspace shall Process the Personal Data only for the Purpose and to the extent and for the duration necessary for providing the Services under the Agreement.
1.4. Howspace shall ensure that Howspace’s personnel authorized to Process the Personal Data have committed themselves to confidentiality.
1.5. Howspace shall reasonably and when possible, taking into account the nature and scope of Processing, assist Customer in fulfilling Customer’s, or its End Customer’s, obligation to respond to requests relating to Data Subject’s statutory rights or requests from competent supervisory authorities. If Howspace receives a request or complaint from the supervisory authority or Data Subject regarding any Account Data or Personal Data Processed by Howspace, Howspace shall without undue delay notify Customer of such request or complaint.
1.6. Howspace shall reasonably and when possible, taking into account the nature and scope of Processing, assist Customer in ensuring compliance with Customer’s, or its End Customer’s, obligations to perform security and data protection impact assessments, security incident notifications, and/or prior consultations of the competent supervisory authority when required by applicable Data Protection Laws.
1.7. Each Party shall take appropriate technical and organizational measures against unauthorized or unlawful processing of personal data or its accidental loss, destruction, or damage. If requested by Customer, Howspace shall provide Customer with documentation as to the implemented measures. Howspace shall limit access to Account Data and Personal Data to authorized and properly trained personnel only with a defined need-to-know basis.
1.8. Howspace shall make available to the Customer all information necessary to demonstrate compliance with the obligations relating to Processing of Personal Data laid down in the Agreement.
1.9. Unless otherwise agreed in writing, Howspace shall provide Customer with Customer Data upon Customer’s written request without undue delay. Customer Data shall be delivered in an electronic form commonly in use. Howspace shall have the right to charge for the collection, Processing, and delivery of the information in accordance with its then-current price list.
2. CUSTOMER’S OBLIGATIONS
2.1. Customer warrants that Customer is entitled to transfer the relevant Personal Data to Howspace so that Howspace may lawfully use and Process the Personal Data for the Purpose of and in accordance with the Agreement on behalf of Customer and/or as Customer’s subprocessor.
2.2. Customer warrants that the Customer is, and for the duration of the Agreement remains, in compliance with any Data Controller’s obligations under Data Protection Laws towards relevant third parties, Data Subjects and Howspace, such that third parties and Data Subjects have been informed of, and where applicable have given their consent to, such use, Processing and transfer of Personal Data.
3. USE OF SUBCONTRACTORS
3.1. Howspace may use subcontractors and other processors in the processing of Personal Data carried out under the Agreement and Customer hereby gives its general authorization for the use of subcontractors in Processing. Howspace shall remain fully liable for the acts and omissions of its subcontractors. Howspace will conclude written data processing agreements with subcontractors used in the Processing of Personal Data. Such data processing agreements shall include materially similar terms relating to the Processing of Personal Data as those contained in the Agreement.
3.2. A list of Howspace’s subprocessors used as per the signing date of this Agreement is added to this Appendix as Schedule B. As per request, Howspace will inform Customer regarding the subcontractors used in the Processing of Personal Data. Howspace shall inform the Customer regarding changes (additions or replacements) in the subcontractors Howspace uses in the Processing of Personal Data on behalf of the Customer in connection with the provision of Services under the Agreement. The Customer may, for a justified reason pertaining to privacy and data protection, object to the use of a certain subcontractor in the Processing of Personal Data on behalf of the Customer. In such a case, the Parties will strive to find an alternative solution for the Processing activities. If such a solution is not found, Howspace may terminate or suspend the Processing of Personal Data without being in breach of the Agreement.
4. AUDITS
4.1. Customer shall have the right to audit Howspace’s compliance with the terms of the Agreement relating to the Processing of Personal Data. Howspace shall, without undue delay, bring any vulnerabilities discovered during an audit into compliance with the terms and conditions agreed between Howspace and Customer.
5. INTERNATIONAL TRANSFERS
5.1. Customer accepts that Howspace may have personal data processed and accessible by Howspace or its subprocessors outside the European Economic Area (“EEA”) to provide the Service. If personal data is transferred from the EEA for processing in any country outside the EEA that is not recognized by the European Commission as providing an adequate level of protection for personal data, the Customer authorizes Howspace to enter, on behalf of the Customer, into the standard contractual clauses adopted or approved by the European Commission applicable to processing outside the EEA, or Howspace shall provide for another appropriate safeguard for the protection of the personal data transferred outside the EEA as set out in the GDPR.
5.2. The Parties acknowledge that the European Commission intends to publish a set of new Standard Contract Clauses (“New SCC”). The Parties acknowledge and agree that once the New SCCs have been adopted, Howspace shall sign them with any other third-party companies who are involved in transferring personal data outside of the EEA, the New SCCs will supersede any prior agreements between the Customer, Howspace, and said sub-processor that are in conflict with the New SCCs. The Parties also acknowledge and agree that this section shall be amended accordingly after the New SCCs have been adopted.
6. PERSONAL DATA BREACH
6.1. Howspace shall notify Customer without undue delay, and at the latest within 36 hours after becoming aware, of any Personal Data Breach or suspicion of any Personal Data Breach as well as provide Customer any and all documentation required by Customer to fulfill Customer’s or End Customer’s duties to report the Personal Data Breach (if any). Howspace shall fully cooperate with Customer and End Customer in any procedure Customer or End Customer may become subject to as a result of or in connection with the Personal Data Breach.
7. DELETION OF PERSONAL DATA
7.1. Howspace shall within reasonable time delete all Personal Data relating to Customer’s or End Customer’s employees or other Personal Data Howspace Processes on behalf of Customer as Data Processor or subprocessor, for the purposes of the Agreement and the provision of the Services hereunder, after the termination of the Agreement.
8. LIABILITY
8.1. Each Party’s liability for the damages incurred by any Data Subject in connection with the Processing of Personal Data under the Agreement shall be defined in accordance with Article 82 of the GDPR, or another corresponding and applicable provision of mandatory data protection law. For clarity, the foregoing liability provision set out in this section shall apply exclusively to the damages incurred by any Data Subject in connection with the Processing of Personal Data under the Agreement, and the liability provisions set out in section 10 of the General Terms of Service of Howspace shall apply to all other types of damages.
Schedule A
Summary of Data Processing
All capitalised terms have the same meaning as set out in Appendix 1 unless separately defined herein.
| 1 | Nature and purposes of processing Personal Data | Howspace has set up and operates a web-based engagement platform called Howspace as SaaS the purpose of which is to provide companies a way to create and host organizational development processes or training programs. Administrators chosen by the companies can create private workspaces for selected groups of people and invite participants to join these workspaces. Users can use the workspaces to discuss ideas, exchange information and documents, and share their expertise with other participants. Administrators have a set of tools to steer the participants’ activities and create content.Howspace processes Personal Data of Customer’s or their End Customer’s employees /representatives in order to create and maintain the administrator rights to Howspace platform.Howspace processes Personal Data of the platform users (typically employees/representatives of Customers or their End Customers or third parties) to identify each user joining a workspace.To enable certain service features and to ensure the functionality and security of the platform, Howspace also processes log file data of each user.The Personal Data is processed by Howspace as a Data Processor on behalf of the Customer in order to provide the Howspace platform for Customer’s use. |
| 2 | Categories of data subjects in relation to Personal Data processed | Employees/representatives of Howspace’s Customers or End CustomersAuthorised users of the Howspace platform |
| 3 | Types of Personal Data processed | The Personal Data includes the following data fields:full namecontact detailsweb server log files (request source IP address, request time/date, user agent browser identificationHowspace log files (user e-mail, request time, user agent identification)Howspace AI subsystem log files (customer ID, workspace ID, execution time, timestamp) |
| 4 | Duration of processing | The Personal Data will be processed during the term of the Agreement. |
Schedule B
Sub-processors
1. AWS EMEA SARL (HEADQUARTER), Luxembourg Amazon Web Services EMEA SARL 38 avenue John F. Kennedy, Luxembourg, L-1855, Luxembourg
Purpose of processing: Provision of cloud services for data storage, web hosting and management and related technical and support services concerning Howspace platform and related services.
2. Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St.Stephen’s Green, Dublin 2, Republic of Ireland.
Purpose of processing: Provision of customer communication and customer support.