1 SCOPE OF APPLICATION
1.1 These general terms and conditions shall apply to the Infrakit software service delivered via data network.
1.2 In case of discrepancy between these general terms and conditions and the main agreement document or electronic order to which they are attached or otherwise incorporated or general data processing terms, the main agreement document and general data processing terms shall take precedence. In case of discrepancy between these general terms and any other attachment of the main agreement document, these general terms and conditions shall take precedence.
2.1 Agreement means the agreement by and between the customer and Infrakit Group Oy for the delivery of the software service. The Agreement may be in the form of a written contract document, agreement concluded over e-mail, or, in respect of online purchases, in the form of an electronic order document.
2.3 Customer Data means any content, data, information or material transferred or entered by the customer into the software service, or otherwise provided or made available to the supplier by customer and for purposes of the software service.
2.4 Deliverables mean the software service and any other products and services that may be explicitly listed in the agreement.
2.5 Product means the hardware, equipment, software, data system or other similar product that constitutes the object of the agreement and any instructions or other documentation related thereto.
2.6 Service means the installation, maintenance, support, consultancy, training, software service and any other service that provided by the Supplier to the customer.
2.7 Software service means the Infrakit software service as provided by the supplier. The software service includes the cloud-based service as well as any and all locally installed software components, documentation, and other materials related to the software service.
2.8 Supplier means Infrakit Group Oy or one of its group companies.
2.9 Third-Party Functionality shall have the meaning specified in Section 3.4.
3 GENERAL RESPONSIBILITIES OF THE CUSTOMER
3.1 The customer shall be responsible for acquiring and maintaining the hardware, network connections and software needed to use the then current version of the software service. The customer shall be solely responsible for the functionality, costs, protection and integrity of the customer’s data systems and telecommunication connections.
3.2 The customer shall be responsible for ensuring that the software service fulfils the customer’s intended purpose. Customer shall use suitable and skilled personnel for the usage of the software service and shall ensure proper training of such personnel.
3.3 The customer shall take care of verifying any and all results deriving from the use of the software service, such as calculations, measurements, conversions, transfers of information and results relating to eg. mass calculation, land surveying and data transfer to machine control systems or land surveying equipment.
3.4 The Service may contain or enable access to elements such as integrations or additional functionality, which are made available by third parties ("Third-Party Functionality") subject to separate terms and conditions. The customer acknowledges and agrees that use of such Third-Party Functionalities requires acceptance of applicable terms and conditions, and may be subject to additional fees. It is the customer's responsibility to ensure that it has all necessary rights and licenses prior to accessing or enabling Third-Party Functionality.
4 CONTENTS OF SOFTWARE SERVICE AND SERVICE LEVELS
4.1 The content of the service and service level of the software service has been specified in the agreement. If the content and service level of the software service have not been specified, the software service shall include the supplier’s basic standard offering and its generally applicable service level and response times.
4.2 The software service shall include tasks related to the training of the customer’s personnel and deployment of the software service only if so agreed in the agreement.
5 CHANGES TO SOFTWARE SERVICE
5.1 The software service is being developed on a continuous basis, and the content of the software service may therefore change over time. However, the supplier shall not make permanent changes to the software service which would materially decrease its functionality or decrease its performance, unless such change is reasonably necessary to (a) prevent severe data security risk to the software service; or (b) comply with laws or regulations.
5.2 If the change to software service has a material effect on the contents of the software service or the service level, customer shall have the right to terminate the agreement, provided that it gives a notice of termination within 30 days prior notice. The termination notice shall be given in writing no later than 14 days following the effective date of the change. The termination of the software service shall be the customer’s sole remedy for the change in the software service.
6 USE OF SOFTWARE SERVICE
6.1 The customer shall use the software service in conformity with the agreement and in accordance with the laws and other regulations of the country of use, including any limitations arising from intellectual property rights in force therein.
6.2 The customer and any third parties acting on customer’s behalf shall have the right to use the software service solely for the customer’s internal business purposes during the term of the agreement. The right to use the software service ends on the date of expiry or termination of the agreement. The customer and any third parties acting on customer’s behalf shall retain their right to use material created for the customer even after the termination or expiration of the agreement.
6.3 The customer may not resell or otherwise distribute the software service to third parties without the supplier’s prior written consent.
7 USER NAME AND PASSWORD
7.1 User accounts are for personal use only and can only be used by the person who the user account has been assigned to, unless otherwise expressly agreed in the agreement in writing. User can use his/her account on multiple devices freely.
7.3 The customer shall be responsible for ensuring that its users maintain user names and passwords diligently and do not disclose them to third parties. The customer shall be deemed responsible for any use of the software service using its user names and passwords. The customer shall ensure that the authorized users shall not access, or attempt to access, the Services or Third-Party Functionalities other than as expressly allowed by their license.
7.4 The customer undertakes to inform the supplier without delay if any password has been revealed to a third party or if the customer has a reason to suspect misuse of a user name or password. The customer’s liability for the use of the software service by its user’s user name and password shall expire when the supplier has received the customer’s notice.
7.5 The supplier may block access to the software service without notice for any user account by its sole discretion if it becomes aware of, or has reasonable grounds to believe, that the software service is used in a way that: (i) is in breach of the agreement and/or these general terms and conditions; (ii) is in violation of applicable law(s); (iii) is unauthorized; (iv) is offensive or defamatory; (v) advocates, promotes or assists an unlawful act (for example, such as computer misuse); or (vi) is likely to disrupt the supplier's service in any way.
8 RIGHTS AND CUSTOMER DATA
8.1 The ownership and intellectual property rights to the software service and amendments thereto shall belong to the supplier or to a third-party licensor of the supplier. The software service is privileged and confidential information of the supplier. The customer agrees not to decompile or reverse engineer the software service except as may be permitted by applicable mandatory law.
8.2 The intellectual property rights and the title to the Customer Data shall belong to the customer or a third-party licensor of the customer.
8.3 The customer shall be solely responsible for Customer Data, for keeping its own backups of such data and for ensuring that the Customer Data does not infringe third-party rights or violate any legislation in force at the time.
8.4 Unless otherwise agreed in writing, the supplier shall provide the customer with access to the Customer Data within 30 days of the customer’s written request. The Customer Data shall be made available in an electronic format commonly in use. In case the supplier is required to manually collect, process or deliver Customer Data, it shall have the right to charge for such services in accordance with its standard pricing in force at the time. The supplier’s responsibility to retain a copy of the Customer Data terminates 60 days from termination or expiration of the agreement, where after the data may be deleted.
8.5 The supplier may freely use Customer Data and data generated within the software service to e.g. develop its products and services also for other customers and to otherwise use such data without disclosing customer’s name, any personal data or any confidential information. The supplier also has a right to use Customer Data for service wide anonymous data analysis.
8.6 By providing comments, feedback, development ideas, inventions or other opinions (“Feedback”) to the supplier, the customer grants all rights to the Feedback to the supplier and agrees that the supplier may, at its own discretion, freely utilize the Feedback as it deems fit as well as to develop, patent, license, distribute, sell future versions of products and services that may utilize such Feedback. The supplier is not obliged to pay any compensation to the customer for any use of Feedback. For the sake of clarity, the customer has no obligation to give Feedback and the supplier has no obligations to use it or take it into account.
9 SUSPENSION OF SOFTWARE SERVICE
9.1 The supplier shall have the right to suspend delivery of the software service for a reasonable duration from Monday to Friday from 6 pm to 6 am (EET), on Saturday, Sunday and official holidays if this is necessary in order to perform maintenance, updates or other technical work in respect of the software service. The supplier also has the right to suspend the delivery of the software service due to installation, change or maintenance work of general data network or due to severe data security risk to the software service, or if so required by laws, other regulations or any competent authority.
9.2 The supplier shall have the right to deny the customer access to the software service without first hearing the customer, if the supplier reasonably suspects that the customer burdens or uses the software service in such a manner that it may jeopardize the delivery of the software service to other users. The supplier shall without undue delay from the customer’s request inform the customer of the reasons for such denial.
10 DATA SECURITY, PROCESSING OF PERSONAL DATA AND BACKUP
10.1 Each party and their subcontractors shall comply with the measures agreed by the parties in writing and the legal requirements set out in applicable laws related to data security, privacy and backup requirements.
10.2 The customer is data controller and the supplier is data processor as defined in the data protection laws, such as the EU General Data Protection Regulation. Both parties will comply with the applicable data protection laws. The parties have entered into a separate agreement concerning processing of personal data of the customer’s employees as users of the Service through acceptance of Infrakit General Data Processing Terms (Appendix 1) or otherwise.
10.3 Each party shall be responsible for making back-up copies of its data and data files and for verifying the functionality of such back-up copies.
10.4 In case any Customer Data is deleted, lost, altered or damaged by any party using the customer’s user name, and the customer requests the supplier to recover such data, then the supplier shall have the right to charge for the recovery of such data in accordance with its standard pricing in force at the time.
11 TERMINATION ASSISTANCE UPON TERMINATION OF THE AGREEMENT
11.1 For a period of ninety (90) days from the termination or expiry of the agreement, the customer may request the supplier to reasonably contribute to the transition of the software service to another supplier. The supplier shall have the right to invoice for such work in accordance with its standard pricing in force at the time.
12 DELIVERABLES AND TERMS AND CONDITIONS APPLICABLE THERETO
12.1 The software service may include open source software or standard licensed software, and such software may be subject to their own licensing terms, which shall apply to the customer’s use of the software service.
13.1 If a price for a product or a service has not been agreed in the agreement or otherwise, the price in the supplier’s price list effective on the date of order shall apply to the product or service in question
13.2 The supplier shall be entitled to adjust the recurring charge of a product or service by notifying the customer of the change and of the reason of the change in writing at least 90 days before the effective date of the change. Where a price change occurs, the customer shall be entitled to terminate the agreement for the product or service in question on the effective date of the price change by notifying the supplier thereof in writing at least 30 days before the effective date of the change.
13.3 The prices shall include all public charges determined by the authorities and effective on the date of signature of the agreement, with the exception of value added tax. Value added tax shall be added to the prices in accordance with the then current regulations. If the amount of public charges determined by the authorities or their collection basis change due to changes in the regulations or taxation practice, the prices shall be revised correspondingly.
13.4 In case the Supplier performs services at the customer’s location, the supplier shall be entitled to charge for customary and reasonable travel and accommodation costs as well as per diem allowances separately. The supplier shall also be entitled to charge, separately, fifty percent of the agreed hourly charge for time taken by a journey necessitated by the service and exceeding 60 kilometers back and forth. If the journey back and forth does not exceed 60 kilometers, the travel time shall not be invoiced. Other travel arrangements shall be agreed separately.
13.5 The supplier shall be entitled to charge, separately, for work that does not fall within the scope of deliverables but is ordered by the customer. In addition, the supplier shall be entitled to charge extra fees in respect of such work pursuant to the agreed pricing principles if the customer makes a written order for work to be conducted outside the supplier’s normal working hours. The supplier shall also be entitled to charge for additional costs incurred as a result of the provision of incorrect information by the customer or other similar reason for which the customer is responsible.
14 PAYMENT TERMS
14.1 Unless otherwise specified in the agreement, the supplier shall invoice for the products upon delivery and for the services following their performance. However, the supplier shall be entitled to invoice for recurring charges and other periodically invoiced charges in advance in accordance with intervals agreed in writing or, if the intervals have not been agreed in writing, monthly in advance.
14.2 Unless otherwise agreed, the payment term is 14 days net from the date of invoice. Interest on delayed payments accrues in accordance with the Interest Act of Finland.
15.1 Unless otherwise agreed in writing, either party shall have the right to subcontract its obligations under the agreement. Each party shall be liable for the performance of its subcontractors as for its own performance.
16.1 Each party shall keep in confidence all material and information received from the other party and marked as confidential or which should be understood to be confidential, and may not use such material or information for any purposes other than those set out in the agreement. The confidentiality obligation shall, however, not apply to material or information, (a) which is generally available or otherwise public; (b) which the receiving party has received from a third party without any obligation of confidentiality; (c) which was in the possession of the receiving party prior to receipt of the same from the other party without any obligation of confidentiality related thereto; (d) which the receiving party has independently developed without using material or information received from the other party; or (e) which the receiving party is required to provide due to law or regulation by the authorities.
16.2 Each party shall promptly upon termination of the agreement or when the party no longer needs the material or information in question for the purpose set out in the agreement cease using confidential material and information received from the other party and upon request return or destroy the material including all copies thereof in a reliable manner. Each party shall, however, be entitled to retain such material as is required by law or regulation by the authorities.
16.3 Each party shall be entitled to use the professional skills and experience acquired in connection with the delivery.
16.4 The rights and responsibilities under this section 16 shall survive until 5 years have passed from the termination, expiration or cancellation of the agreement.
17 FORCE MAJEURE
17.1 Neither party shall be liable for any consequence of an impediment beyond the party’s reasonable control and the effects which the party could not reasonably have avoided or overcome. Such force majeure events shall include, if not proven otherwise, inter alia, war or insurrection, earthquake, flood or other similar natural catastrophe, interruptions in the data communication networks or in the supply of electricity, import or export embargoes, strikes, lockouts, boycotts and other similar industrial actions. A force majeure event suffered by a subcontractor of a party shall also be considered a force majeure event. Each party shall without undue delay inform the other party in writing of a force majeure event and the termination of the force majeure event.
18 INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS
18.1 The supplier warrants that, to the best of its knowledge, the deliverables do not infringe copyrights of third parties.
18.2 If in the reasonable opinion of the supplier a deliverable infringes third party intellectual property rights in the agreed country of delivery or use or if such infringement has been confirmed in a trial, the supplier shall and may at its own expense and discretion either (a) obtain the right to continue use of the deliverable for the customer; (b) replace the deliverable with a product or service that complies with the agreement and corresponds to the deliverables; or (c) modify the deliverable in order to eliminate the infringement in such a manner that the modified deliverable complies with the agreement. If none of the above-mentioned alternatives is available to the supplier on reasonable terms, the customer shall, at the request of the supplier, stop using the deliverable and return it, and the supplier shall refund the price paid by the customer for the deliverable less the proportion of the price corresponding to the actual time of use.
18.3 The supplier’s obligations and liability for infringement of intellectual property rights in the deliverables shall be limited to this section 18.
19 LIABILITY FOR DAMAGES AND LIMITATION OF LIABILITY
19.1 The aggregate maximum liability of a party towards the other party, whether based contract, tort, strict liability or any other theory of law, shall under no circumstance exceed 20 percent of the fees paid by the customer during the calendar year in question, excluding value added tax.
19.2 IN NO EVENT WILL THE SUPPLIER BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING FROM OR RELATING TO CUSTOMER’S ACCESS, POSSESSION, USE, MISUSE, OR INABILITY TO USE ANY OF THE DELIVERABLES, INCLUDING WITHOUT LIMITATION LOSS OF GOODWILL, DATA LOSS OF CORRUPTION, LOSS OF PROFITS ORREVENUE, ATTORNEYS’ FEES, DOWN-TIME COSTS, LOSS OF USE. THESE LIMITATIONS ON LIABILITY SHALL APPLY WHETHER OR NOT SUCH DAMAGES ARE FORESEEABLE AND WHETHER OR NOT SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
19.3 The software service is provided “AS IS” and unless explicitly agreed to the contrary, without any warranty or guarantee of any kind, whether express or implied, and supplier shall not be held responsible for any defects, faults, usage breaks or similar in the software service or for any direct or indirect damages caused by the use of the software service to customer or any third party, including but not limited to damages to customer’s devices, software or operations.
20 APPLICABLE LAW AND SETTLEMENT OF DISPUTES
20.1 The agreement shall be governed by the laws of Finland.
20.2 Any dispute, controversy or claim arising out of or relating to the agreement, or the breach, termination or validity thereof shall be finally settled by arbitration in accordance with the Arbitration Rules of the Central Chamber of Commerce of Finland by a sole arbitrator. Notwithstanding the preceding sentences, claims for non-payment of monetary charges may be resolved in the district court of the respondent’s place of domicile.
21 EXPORT RESTRICTIONS
21.1 The customer agrees to comply with the laws and regulations laid down by the authorities of Finland and any other authority with which it may be obligated to comply under the applicable law, regarding the export of products and technical information. The customer also agrees not to provide any products or technical information to a third party if doing so would violate any laws or regulations laid down by the authorities of Finland or such laws or regulations laid down by the authorities of the country of origin of the product as are notified to the customer by the supplier.
22 ASSIGNMENT AND AMENDMENTS OF THE AGREEMENT
22.1 Neither party may assign the agreement, either wholly or in part, without the written consent of the other party. Such consent shall not be unreasonably withheld if the assignee undertakes in writing to comply with the terms and conditions of the agreement and the assignment is to a company belonging, according the Accounting Act, to the same group of companies as the party, or is made in connection with the transfer of business operations.
22.2 The supplier shall, however, be entitled to assign its receivables under this agreement to a third party by notifying the customer of the assignment in writing.
22.3 All changes and amendments to the agreement shall be agreed in writing in order to be valid. This agreement constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes all prior agreements, discussions, offers, representations or other communiqués of whatever nature.
Appendix 1: General Data Processing Terms 25.5.2018
1 SCOPE OF APPLICATION
These general data processing terms (“Terms”) shall apply to the Infrakit software service delivered via data network between Infrakit Group Oy (“Supplier”) and its customer who has registered to Infrakit software service (“Service”) and accepted these terms (“Customer”).
2 PURPOSE OF THESE TERMS AND CATEGORIES OF DATA SUBJECTS
2.1 With these Terms, the parties agree on processing of personal data persons who Customer has given access or connected to the service (“Personal Data”) to provide Service to Customer based on agreement between Customer and Supplier (“Service Agreement”). Such persons may be for example: Customer’s employees, subcontractors, partners, Customer’s, customer’s employees and representatives as authorized by the Customer.
2.2 This agreement shall form an integral part of the Service Agreement. Therefore, all applicable parts of the Service Agreement (including its provisions on governing law and dispute resolution) shall apply also to this agreement. However, in the event of conflict, the provisions of these Terms shall prevail over the provisions of the Service Agreement.
3 SUBJECT MATTER AND NATURE, PURPOSE AND DURATION OF PROCESSING
3.1 Personal Data will be processed for the fulfilment of the Service Agreement, to improve and develop the Service and for optimization of construction works in cooperation with the Customer.
3.2 Personal Data will be processed by Service Provider for the duration of the Service Agreement and unless a longer period is agreed between the parties in the Service Agreement e.g. for storage service. Customer can always require Supplier to stop processing of Personal Data. Customer’s admin users can remove users and their information from the Service. Employees can also modify their own information within the Service.
4 TYPES OF PERSONAL DATA BEING PROCESSED
The following data relating to the Customer’s employees and other users: Name, Email address, Phone number, dates and times of logins to the Service.
The following data relating to work machinery connected to the Service: driver name, driver phone number, locations and activity of work machinery. Locations and active design file of work machines are stored to calculate performance data, such as machine efficiency and capacity.
To improve and develop the Service usability, The Supplier uses Google Analytics.
5 PROCESSING OF PERSONAL DATA
5.1 The parties note that Customer is data controller as defined in the European Union General Data Protection Regulation (2016/679) (“GDPR”) and that Supplier processes Personal Data as a data processor for such data. Supplier informs employees of data processing with data protection statement that is available within the Service.
5.2 The parties agree to comply with the data protection laws, the GDPR, applicable national and international regulations concerning data protection as well as guidance and decisions of the relevant data protection authorities (together “Data Protection Regulations”).
5.3 Customer is responsible to ensure that it can pass the Personal Data to Supplier and that Supplier is entitled to process the Personal Data provided to it under this agreement by Customer and its employees.
5.4 Supplier shall comply with all instructions and guidance by Customer regarding data protection. Customer will inform Supplier of these obligations and their possible amendments well in advance.
5.5 Supplier shall comply with Customer’s separate instructions and requirements regarding data security.
5.6 Supplier is entitled to hand over Personal Data to third parties so that they can process Personal Data for the purposes of the Service Agreement and in accordance with this Agreement. Supplier is responsible for the performance of its subcontractors of the provisions of this agreement. Supplier will upon request provide Customer with details of suppliers who process Personal Data.
5.7 Supplier is responsible to
(i) Process Personal Data lawfully, carefully and according to good data protection practices and act also otherwise so that data subject’s privacy and other basic rights protecting privacy are not limited without legal grounds;
(ii) Process Personal Data only on and as per the documented instructions from the Customer. Processing for Supplier’s own purposes, e.g. marketing purposes, is strictly prohibited. Conditions and descriptions of Supplier’s products and services included in the Service Agreement are also considered documented instructions;
(iii) Without delay assist Customer and provide the required information that is required to comply with the rights of data subjects and to answer the requests by data subjects and supervisory authorities described in the Data Protection Laws;
(iv) Informs Customer upon request the countries where it will process Personal Information
(v) Only transfer Personal Data to third parties outside the territory of the member states of the European Union and the European Economic Area or to international organisations in accordance with the Data Protection Regulations;
(vi) Upon commercially reasonable terms and to the extent possible, include terms and conditions similar to the ones contained in this agreement to all its contracts with its subcontractors who process Personal Data directly or indirectly on behalf of Customer;
(vii) In case data subjects, governmental authorities or supervisory authorities make a request for information, Supplier shall immediately inform Customer about such request;
(viii) Maintain appropriate technical and organisational measures to protect the Personal Data, taking into account: the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, and the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise processed. Such measures include, inter alia as appropriate: a) the pseudonymisation and encryption of the Personal Data; b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; c) the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident; and d) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing. When determining the appropriate security level special attention needs to be paid to risks involved in processing Personal Data, in particular accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise processed.
(ix) Informs Customer, if the Supplier deems that instructions or practises of Customer are in breach of Data Protection Laws;
(x) Assists Customer in ensuring compliance with their legal obligations, such as, data security, data breach notification, data protection assessment and prior consulting obligations, as required from Customer by the Data Protection Laws,
(xi) Ensure that persons authorised to perform the processing hereunder have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality as further described in this agreement;
(xii) Implement measures to ensure that every person processing Personal Data on behalf of Supplier only processes them as instructed by Customer unless applicable laws otherwise require;
(xiii) At Customer’s instructions, delete or return to Supplier all the Personal Data after the end of the provision of the Services relating to Processing, and delete existing copies, unless applicable laws require storage of the Personal Data.
5.8 Customer shall be entitled to audit Supplier’s performance of its obligations under this agreement and compliance with Data Protection Laws (“Audit”). They are entitled to use external auditors who are not competitors of Supplier, to conduct such an Audit.
5.9 Customer shall inform Supplier on the timing and other details relating to the conduct of such Audits at the latest thirty (30) days in advance, provided that mandatory decision of the authorities does not prevent such notice.
5.10 Supplier agrees to enable necessary access to Supplier‘s and its subcontractor’s premises and systems for the party conducting the Audit at the agreed time during their normal business hours. Supplier will, upon request, provide the information, documents and other material reasonably requested by the auditing party. Supplier will also reasonably assist in the Audit. The parties will agree on how to implement the changes identified in the Audits. Parties preforming Audits will need to agree to maintain confidentiality of the information they receive and not to use it for any other purpose than to conduct the Audit itself. Customer is responsible for the compliance of their aforesaid obligations.
5.11 Nothing stated in this clause limits the audit rights of authorities supervising Customer. These will be performed as instructed by the said authorities.
5.12 Customer shall bear all costs for Audits and it will compensate Supplier for all costs incurred due to the Audit.
5.13 Supplier shall without undue delay, an in any case within 48 hours after becoming aware of it, notify Customer if it or one of its sub-processors becomes aware of a personal data breach or of breach of Data Protection Laws relating to Customer’s employees (“Personal Data Breach”). Information shall be provided to the contact person named by Customer, unless otherwise agreed. Supplier’s notice shall include at least the following information, provided that Supplier has access to it:
(i) a description of the nature of the Personal Data Breach and description of the security breach that caused the Personal Data Breach;
(ii) what information was subject to Personal Data Breach;
(iii) when Personal Data Breach relates to personal information, Supplier needs to specify those data subjects whose information was compromised and the overall number of data subjects affected by the Personal Data Breach;
(iv) who performed the Personal Data Breach and which parties obtained access to information that was exposed;
(v) a description of the likely consequences of the Personal Data Breach and possible damages and consequences for data subjects;
(vi) a description of the measures taken or proposed to be taken by Supplier to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects and prevent Personal Data Breaches in the future; and
(vii) any other information relating to Personal Data Breach possibly requested by Customer.
5.14 To prove that its compliance with Data Protection Laws, Supplier needs to document all Personal Data Breaches including details and consequences as well as the measures taken after Supplier became aware of Personal Data Breach.
5.15 Supplier is not allowed to provide information on Personal Data Breaches to third parties or publicise them without Customer’s prior written consent, unless Supplier is obliged by mandatory law or decree to disclose such information. Supplier assists Customer in reporting Personal Data Breaches to supervisory authorities and data subjects as instructed by Customer. If the practises, instructions and requirements mandated by Customer create wider responsibilities to Supplier that what is set by Data Protection Laws, Supplier is entitled to compensation for additional costs incurred.
5.16 All changes and amendments to the agreement shall be agreed in writing in order to be valid. This agreement constitutes the entire agreement between the parties concerning the subject matter hereof and supersedes all prior agreements, discussions, offers, representations or other communiqués of whatever nature.