Enify subscription agreement – Trial version
- Epsis AS, company registration no 983 746 802 and,
- Subscriber, the entity agreeing to this Agreement by having an Authorized User sign up for and use the Subscription Services.
Epsis and the Subscriber, hereinafter referred to as a Party and jointly as the Parties, have hereby agreed as follows:
- Epsis is, and shall remain, the proprietor of certain Software Products,
- Epsis offers Subscription Services to the Software Products,
- The Subscriber has independently evaluated the products and services offered by Epsis,
- The Subscriber wishes to acquire a trial subscription to the Software Products, as set forth in this Agreement.
The Parties have agreed as follows:
As used herein, the terms set forth below shall have the following respective meanings:
|“Trial Subscription”||Means the time-limited subscription where the Subscriber may try and evaluate the Subscription Services for a fixed period without charge by complying with all agreed terms and conditions.|
|“Agreement”||Means this Subscription Agreement entered into between Epsis and the Subscriber.|
|“Authorized User”||Means the employee of the Subscriber who is given access to the Software Products by opting in for a Trial Subscription in accordance with instructions provided by Epsis.|
|“Documentation”||Means documentation provided to the Subscriber by Epsis, available at [link to website].|
|“Intellectual Property”||Means all works of authorship, procedures, designs, inventions, discoveries, and, in each case, in all forms, formats, languages and versions.|
|“Intellectual Property Rights”||Means all right, title and interest in and to any Intellectual Property, in all territories, under any and all applicable bodies of law (including, without limitation, under the law of copyright, patent, trademark and trade secrets), and all applications, registrations, renewals, extensions, restorations and resuscitations relating to any of the foregoing.|
|“Software Products”||Means the Software Products delivered by Epsis or an approved Distributor to the Subscriber as part of the Subscription Service.|
|“Subscription Service”||Means the Subscription Service that allows Subscriber’s access to the Software Products provided by Epsis, as well as the supporting Documentation.|
- Subscription Service
Epsis grants to the Subscriber, and the Subscriber accepts from Epsis, limited and non-exclusive and non-transferable right to use the Software Products, including any patches or upgrades that Epsis may deploy while the Subscriber has a Trial Subscription. The license is limited to use for its internal business purposes, to one Authorized User, and pursuant to the further definitions and limitations.
Subscriber shall not allow, and shall take necessary steps to prevent, unauthorised use of the Software Products and Documentation.
Epsis will store the customer data on a hosting service provided by a third party (“Host”), which shall be Microsoft Azure (“MA”), pursuant to Epsis’ agreement with such Host, during which time it will be maintained in accordance with Host’s service terms which can be found at https://azure.microsoft.com/nb-no/support/legal/subscription-agreement/.
- New versions and support
The Subscriber acknowledges that the Subscription Services is a trial for evaluation purposes, and that Epsis undertakes no obligation to correct bugs, provide patches, updates or upgrades at the request of the Subscriber. Epsis will make available new versions patches and/or updates to the Subscriber subject to its own discretion, as further set out in the Documentation. Epsis may, at its option, respond to support requests from Authorized Users through the Subscription Services or by email.
- Privacy and data protection
Epsis shall implement and maintain appropriate administrative, physical and technical safeguards designed to protect personal data processed by Epsis against loss, damage or disclosure.
Epsis’ processing of personal data in its provision of the Subscription Services as a data processor shall be governed by ANNEX 1: DATA PROCESSOR AGREEMENT.
The Subscriber is solely responsible, and Epsis assumes no responsibility, for:
- the Subscriber’s evaluation and selection of the Software Products as suited for the Subscriber’s needs and operation,
- results obtained from using the Software Products,
- the Subscriber’s use and operation of the Software Products after delivery and that such use and operation is in compliance with the Documentation,
- selection, installation, applicability and performance of any other software, hardware, products, equipment, services etc., used in conjunction with the Software Products,
- maintaining User ID’s acquired independently, in accordance with the requirements set out in the Documentation, and
- installation of new releases and upgrades of the Software Products.
Through Subscriber’s use of the Subscription Services, you may access or interact with products, services, websites, links, content, material, integrations, or applications from independent third parties (“Third-Party Components”). The Subscription Services also help you find, make requests to, or interact with Third-Party Components or allow you to share your content and data, and you understand that by using the Subscription Services you are directing them to make Third-Party Components available to you. Any third-party terms do not modify this Agreement. You are responsible for your dealings with third parties. Epsis does not license any intellectual property to you as part of any Third-Party Components and is not responsible or liable to you or others for information or services provided by any Third-Party Components.
Usernames and passwords cannot be shared or used by more than one Authorised User at a time. Subscriber is solely responsible for management of the User IDs and access rights of its Authorised Users, including, but not limited to, terminating an Authorised User’s access if such individual is no longer employed or engaged by Subscriber or otherwise authorised to have access. Subscriber is responsible for ensuring all Authorised Users comply with Subscriber’s obligations under this Agreement. Epsis reserves the right to: (a) track and review user profiles, access and activity at any time; and (b) terminate any User ID that it reasonably determines may have been used in a way that breaches this Agreement.
The Subscriber shall not make the Software Products or Documentation available to any third party without prior written consent from Epsis.
The Subscriber shall not modify, adapt, translate, reverse engineer, decompile, or disassemble the Software Products or Documentation, unless Subscriber by mandatory law is unequivocally provided the right to such actions and Epsis was provided notice of at least 30 days prior to such action.
The Subscriber agrees not to develop derivative works which are intended to be functionally equivalent substitutes for the Software Products, Documentation, or parts thereof.
The Subscriber acknowledges that changes, additions, alternatives that may be proposed by the Subscriber and developed by the Epsis will become Epsis’ Intellectual Property Right and not subject to any proprietary rights of the Subscriber.
Full title to and ownership of the Software Products and Documentation, including all copies thereof, and all exclusive rights therein including without limitation Intellectual Property Rights, trade secrets, trademarks, patents, and copyrights, shall remain with Epsis – or its designees. No title, ownership nor any exclusive rights to the Software Products and Documentation or any part or modification thereof is transferred to the Subscriber.
Software Products provided under this Agreement may have a patent protection under various patent treaty organizations, applicable in a variety of territories. Subscriber agrees to handle any Software Product under this Agreement as if it had patent protection, regardless of country of operation.
The Subscriber shall not remove or alter Epsis’ or any third party’s ownership, trademark, copyright, or other proprietary notices on the Software Products or Documentation.
The Software Products and Documentation constitute highly valuable property of Epsis and contain Intellectual Property Rights, trade secrets and confidential information owned by Epsis. Subscriber shall observe complete confidentiality with respect to the Software Products, Documentation, and performance data. Subscriber also understands and acknowledges that it will receive confidential information from Epsis in connection with this Agreement related to the Software Products. Subscriber shall not disclose such information to any third party, nor use any such information for any other purpose than for the utilisation of its rights under this agreement. The obligations of confidentiality imposed upon the Subscriber under this Agreement shall survive the termination or cancellation of this Agreement.
Notwithstanding the foregoing, the Subscriber may disclose confidential information to its employees to the extent necessary to use the Software Products in accordance with this Agreement. The Subscriber shall take the necessary steps to ensure that its employees understand and acknowledge the obligations of confidentiality. If an employee, former employee, or any other person affiliated with Subscriber breaches the obligations of confidentiality provided for in this clause, Subscriber agrees to give Epsis reasonable assistance in enforcing its rights against such person.
The confidentiality obligation under this agreement does not include information which, by documentary evidence:
- is already known to the Subscriber at the time it is obtained by the Subscriber from Epsis, free from any obligations to hold such information in confidence,
- is or becomes publicly known through the Subscriber’s performance of its rights under this Agreement,
- is rightfully received from a third party without restrictions and without breach of any obligation to Epsis or its suppliers, or
- is independently developed by Subscriber without use of any confidential information of Epsis or its suppliers.
The term of this Agreement shall commence from when an Authorized User obtains access to the Software Products and shall continue for 30 days whereas it is automatically terminated, unless terminated before by a Party as set out below.
- Termination for convenience
Either Party may terminate the Agreement for convenience by sending written notice of at least 5 days written notice.
- Termination for cause
Either Party may terminate this Agreement immediately, if the other:
- Commits a material breach of this Agreement, that is not capable of remedy, or
- is declared bankrupt, or becomes insolvent, or makes any arrangement or composition with or assignment for the benefit of its creditors, or goes into either voluntary, or compulsory liquidation or a receiver or administrator is appointed over their assets.
Upon termination of this Agreement for any reason, all Subscription Services hereunder shall terminate, the rights granted under this Agreement will be immediately revoked and Epsis may immediately deactivate Subscriber’s trial account, whereby the Subscriber shall immediately cease use of the Software Products and Documentation and erase any copy from computer systems and confirm completion of the aforesaid in writing to Epsis.
Termination of this Agreement shall neither release the Epsis or Subscriber from any obligations undertaken under Clauses 6, 7, 8, 9, 10, 12, 13, 14 or 16 of this Agreement,.
The Software Products shall perform substantially in accordance with the most recently published Documentation for as long as the Subscriber maintains a Trial Subscription. Epsis shall not be liable if the Software Products does not meet Subscriber’s requirements.
The Subscriber acknowledges that no computer software is error free. The Subscriber shall be solely responsible for taking all precautions, such as data backup, testing and error detection procedures, which are necessary to ensure that errors in the Software Products and the applications using the Software Products do not cause negative consequences.
The Subscriber acknowledges that Epsis’ liability to the Subscriber for all damages, costs, claims or demands incurred or suffered by or awarded against the Subscriber based on contract, tort or any legal theory or legislation shall in no event exceed NOK 200.
The liabilities contained in this clause 12 are in lieu of all other responsibility, expressed or implied, including, but not limited to, any responsibility for merchantability and fitness for a particular purpose and any other indirect loss.
Epsis agrees to indemnify the Subscriber, limited up to NOK 200, with respect to a suit, claim or proceeding brought against the Subscriber alleging that the Software Products or Documentation constitutes an infringement of any valid intellectual property right, if and only if the Subscriber promptly gives written notice to Epsis of any such suit, claim or proceeding and cooperates with Epsis in the defence or settlement of such suit, claim or proceeding; and provided that Epsis shall have sole control thereof.
If a claim or allegation is made, or in either party’s judgement is likely to arise, the Subscriber agrees that Epsis may, at Epsis’ option:
- procure for the Subscriber the right to continue using the portion of the Software Products enjoined from use,
- replace or modify the Software Products so that the Subscriber’s use is not subject to any such claim or allegation,
- accept return of the infringing Software Products to Epsis and, in the event of such return, refund the annual subscription fee paid for such Software Products. Epsis shall have no further liability or obligations arising from or under this Agreement.
The indemnity obligations under this clause shall not apply to claims to the extent that they arise from any modification or alteration of the Software Products by any party other than Epsis.
The Subscriber acknowledges that Epsis has no knowledge of, or control over, the use of the Software Products by the Subscriber. The Subscriber agrees to defend, indemnify, and hold Epsis harmless with respect to any suit, claim or proceeding brought against Epsis alleging that use by, or under authority of the Subscriber, of the Software Products or Third-Party Components used in conjunction with the Software Products caused personal injury, property damage or economic loss.
The Subscriber’s right to use the Software Products or Documentation under this Agreement, may not be assigned, sublicensed, or otherwise transferred, voluntarily or otherwise, including in the case of mergers or transfer of business, without prior written approval of Epsis. Epsis may transfer its rights or obligations (or both) without consent.
On Epsis’ written request, the Subscriber shall furnish Epsis with a signed certification verifying that the Software Products and Documentation are being used pursuant to the terms of this Agreement, including any limitations of number of Authorized Users.
Epsis may, at its expense, audit the number of Authorized Users of the Software Products and Documentation within the Subscriber’s organisation. Any such audit shall be conducted during regular business hours at the Subscriber’s facilities and shall not unreasonably interfere with the Subscriber’s business activities.
If an audit reveals that the Subscriber has installed and/or used the Software Products outside or in breach of, the Subscription Services acquired under this Agreement, the Subscriber shall pay annual subscription fees, based on the most recent undiscounted list price for the applicable Software Products, for the unauthorised copies backdated to the first use of the Software Products covered under this Agreement. In addition, Epsis shall be entitled to terminate the Agreement with immediate effect.
This Agreement sets forth the entire agreement and understanding of the Parties relating to the subject matter hereof and supersedes any and all prior oral and written agreements, understandings and quotations relating thereto. No waiver, alteration, modification, or cancellation of any of the provisions of this Agreement shall be binding unless made in writing and duly signed by authorised representatives of the Parties.
- Term modification
Epsis may revise this Agreement from time to time and the most current version will always be posted on Epsis’ website. If a revision, in Epsis’ sole discretion, is material, Epsis will notify the Subscriber (by, for example, sending an email to the email address associated with the Authorized User). Other revisions may be posted to Epsis’ blog or terms page, and the Subscriber is responsible for checking these postings regularly. By continuing to access or use the Subscription Services after revisions become effective, the Subscriber agrees to be bound by the revised Agreement. If the Subscriber does not agree to the revised Agreement terms, the Subscriber may terminate the Services within thirty days of receiving notice of the change.
Each Party represents and warrants that it has the right, power, and authority to enter into this Agreement, to become a Party hereto and to perform its obligations hereunder.
This Agreement shall be governed by and construed in accordance with Norwegian law with Bergen District Court (Bergen tingrett) as legal venue.
Annex 1: Data processor AGREEMENT
(A) This data processing agreement (“DPA”) sets out the terms and conditions for the processing of the personal data by Epsis on behalf of the Subscriber under the Agreement, pursuant to which the Subscriber acquires the Subscription Services (as defined in the Agreement and accompanying documents) from Epsis.
(B) Epsis act as a data processor (“Processor”) and the Subscriber act as a data controller, the concepts of which are further defined in the GDPR.
(C) “Data Protection Laws” shall mean the General Data Protection Regulation (2016/679/EU) including the instructions and binding orders of the data protection authorities (“GDPR”), as well as any applicable Norwegian data protection legislation, to the extent that said laws are applicable to the provision of Subscription Service or the location where personal data is processed.
IT IS AGREED as follows:
Any terms defined under the GDPR shall have the meaning set forth therein.
- SCOPE and PURPOSE; CATEGORIES of PERSONAL DATA and DATA SUBJECTS
The purpose and subject matter of the processing of the personal data by the Processor is the performance of the Subscription Services pursuant to the Agreement. The Subscriber instructs the Processor to process personal data concerning data subjects as further specified in ATTACHMENT 1. The duration of the processing shall be the term of the Agreement.
- RIGHTS AND RESPONSIBILITIES OF THE SUBSCRIBER
The Subscriber shall process the personal data in compliance with Data Protection Laws and at all times retain title and other rights, howsoever arising, to the personal data. The Subscriber shall be responsible for informing the Processor if the information contained within APPENDIX 1 is inaccurate or requires updating.
- RESPONSIBILITIES AND RIGHTS OF THE PROCESSOR
The Processor shall not use the personal data for any purposes other than those specified in the Agreement and this DPA.
The Processor shall: (i) Process the personal data in accordance with prevailing information management industry standards and in compliance with Data Protection Laws; (ii) Process the personal data only in accordance with the documented instructions of the Subscriber and immediately inform the Subscriber if, in its opinion, a Subscriber instruction breaches Data Protection Laws; (iii) ensure that persons authorised to Process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; (iv) to the extent feasible and subject to any applicable fees in the Agreement, assist the Subscriber in its response to rights exercised by data subjects or powers exercised by supervisory authorities under GDPR (v) provide the Subscriber with all information necessary to demonstrate compliance with the Processor’s obligations under applicable Data Protection Laws; (vi) allow for and contribute to audits conducted by the Subscriber as set forth (and subject to the limitations) in this DPA; (vii) Process the personal data only during the term of this DPA; (viii) provide reasonable assistance to the Subscriber with any data protection impact assessments and with any prior consultations to a supervisory authority, in each case where these are required by GDPR, and solely in relation to processing of personal data by the Processor on behalf of the Subscriber and taking into account the nature of the processing and information available to the Processor.
This DPA shall not prevent the Processor from disclosing or otherwise processing the personal data as required by law, regulation or by a competent court or supervisory authority.
The Subscriber shall compensate the Processor for all reasonable costs and expenses it incurs under this DPA, unless such costs are specified as being for the Processor’s account as part of the Subscription Services.
- DATA SECURITY
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing the Processor shall implement technical and organisational measures to ensure the confidentiality, integrity, availability of the personal data and to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure.
- PERSONAL DATA BREACH NOTIFICATION
In the event of a “personal data breach”, i.e., a breach of security leading to accidental or un-lawful destruction, loss, alternation, unauthorised disclosure of, or access to, the personal data, the Processor shall without undue delay notify the Subscriber once it has a reasonable degree of certainty that a personal data breach has occurred.
The personal data breach notification shall contain at least the following (to the extent the Processor is privy to such information): a description of the nature of the personal data breach including, the categories and approximate number of data subjects concerned and the categories and approximate number of data records concerned; a description of likely consequences of the personal data breach; and a description of the measures taken to address the personal data breach and to mitigate its possible adverse effects.
- RETURNING OR DESTRUCTION OF PERSONAL DATA
Upon termination/expiry of the Agreement, based on the Subscriber’s specific instruction received prior to termination/expiry of the Agreement and subject to Processor’s fees payable by the Subscriber (if any), the Processor shall either delete/destroy or return to the Subscriber or to a third party designated by the Subscriber all personal data.
The Processor shall confirm on request to the Subscriber in writing that any deletion/destruction or return has taken place.
5.1 The Subscriber acknowledges and authorises the Processor to engage third parties to process the personal data (“Subprocessor”), which shall include (a) Processor’s affiliates or parent companies; and (b) third-party Subprocessors, including Subprocessors engaged by the Processor’s affiliates or parent.
5.2 The Processor shall make available to the Subscriber the current list of Subprocessors as part of this DPA (as detailed in ATTACHMENT 2) which shall include the identities of those Subprocessors, their country of location and the services they provide for the Processor.
5.3 In case of any additions or changes to ATTACHMENT 2 are required, the Processor shall notify the Subscriber by email or by making such change available to the Subscriber online – indicating the name, country location, and subcontracted service of the proposed new Subprocessor. Unless the Subscriber objects in writing within fifteen (15) days of being informed about Processor’s use of a new Subprocessor, the Processor may use the new Subprocessor for the indicated data processing activities. Subscriber may not unreasonably object to a new Subprocessor. If Subscriber reasonably objects within the given timeline, the Processor will use reasonable efforts to change the Subscription Services to avoid processing of the personal data by the “objected-to” new Subprocessor. If the Processor is unable to implement such changes within a reasonable period of time, which shall not exceed sixty (60) days from receipt of the Subscriber’s written objection, the Subscriber’s sole and exclusive remedy for such an objection shall be the right to terminate the Agreement. If the Subscriber fails to send such a termination notice to the Processor within this deadline, this shall be considered as a consent to the proposed sub-processing.
The Processor is obliged to regularly monitor the performance of its Subprocessors and it remains fully liable for the personal data processing activities of its Subprocessors.
- TRANSFER OF PERSONAL DATA
The Processor may process personal data on its & its affiliates’ and third parties’ systems outside the European Economic Area (EEA). If such personal data is subject to GDPR or other EEA Data Protection Laws, such transfers shall be under the terms of the EU Commission’s Standard Contractual Clauses or similar approved mechanisms, or the transfer shall be to a to a country which is approved by the European Commission as ensuring an adequate level of protection.
Always provided that the Processor shall not be required to provide or permit access to information concerning (i) other customers of the Processor; (ii) any Processor non-public external reports; and (iii) any internal reports prepared by the Processor’s internal audit or compliance function, at any time during the term of this DPA, the Subscriber and/or a recognised, independent third party auditor appointed by the Subscriber shall have the right, on at least five (5) business days’ notice, to perform audits and inspections of the Processor’s facilities in accordance with the Agreement. However, any audit pursuant to this DPA shall be limited to assessing the Processor’s compliance with its obligations under this DPA. Except where a personal data breach has occurred, no more than one such audit shall be conducted in any twelve (12) month period. Subscriber acknowledges that Processor is obliged to regularly monitor the performance of its Subprocessors, and as such, Subscriber shall have no right under this DPA to audit or demand access to or information from any Subprocessor.
The Parties’ liability for damage suffered by a data subject or other natural persons which is due to a violation of Data Protection Laws or this DPA will follow the provisions of article 82 of the GDPR.
The parties are individually liable for administrative fees imposed pursuant to article 83 of the GDPR.
In no event shall the Processor’s liability exceed with respect to personal data breaches, the limits of liability as set out in the Agreement.
- TERM AND TERMINATION
This DPA shall survive until any of the Subscriber’s personal data ceases to be processed by the Processor.
- CHANGES IN DATA PROTECTION LAWS
Each party may notify the other party in writing from time to time of any variations to this DPA which the party reasonably considers to be necessary to address the requirements of the Data Protection Laws or any decision of a supervisory authority or competent court. Any such variations shall take effect thirty (30) calendar days after the date such written notice is sent to the other party, unless the other party notifies the party sending the notice of any reasonable objections within this thirty (30) day period, in which case the Parties shall co-operate in good faith to agree on the form of the variations.
SUBJECT MATTER AND NATURE OF THE PROCESSING; PERSONAL DATA AND DATA SUBJECTS
The subject matter, nature and purpose of the processing: To enable Subscriber to receive and Processor to provide the Subscription Services, in accordance with the Agreement.
Categories of personal data:
- The Processor will primarily process login and authentication data, which may include name and contact information concerning Authorized Users.
- The Processor may also process personal data derived from the Authorized Users’ use of the Subscription Service for diagnostic purposes (such as metadata concerning created Elements/Boards, who Elements/Boards are shared with etc.). Such usage data will be stored encrypted and shall not be shared with any third parties except as set out in this DPA.
- To the extent the data provided by the Subscriber in connection with the Subscription Services contains personal data, it may consist of Authorized User identifying information and organization data as well as documents, images and other content or data in electronic form stored or transmitted by Authorized Users via the Subscription Services.
Categories of data subjects:
- Authorized Users;
- Other individuals collaborating or sharing with Authorized Users, or any other individual whose information is stored or processed by the Authorized User through its use of the Subscription Services.
|ENTITY||TYPE OF SERVICE PROVIDED||LOCATION OF PROCESSING|
|Microsoft Azure||Cloud Hosting||EU/EEA|