MASTER SERVICES AGREEMENT
Each Order Form and SOW signed by Customer and spaceti s.r.o., a limited liability company having its registered office at Kateřinská 466/40, 120 00, Prague, Czech Republic, ID no.: 05137659 (“Spaceti”) is subject to this Master Service Agreement (the “Agreement”).
“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
“Beta Services” means Spaceti services or functionality that may be made available to Customer to try at its option at no additional charge which is clearly designated as beta, pilot, limited release, developer preview, non-production, evaluation, or by a similar description.
“Customer” means any entity that purchases the Services, Professional Services or HW, as more particularly detailed in the Order Form or SOW.
“Customer Data” means electronic data and information submitted by or for Customer to the Services, excluding Non-Spaceti Applications.
“Documentation” means the applicable Service’s product description documentation in the Order Form, Security Documentation and Infrastructure and Sub-processors (both as defined in the DPA) and its usage guide and policy, as updated from time to time, accessible via login to the applicable Service.
“Free Services” means Services that Spaceti makes available to Customer free of charge. Free Services exclude Services offered as Purchased Services.
“Malicious Code” means code, files, scripts, agents or programs intended to do harm, including, for example, viruses, worms, time bombs and Trojan horses.
“Non-Spaceti Application” means a Web-based, mobile, offline or other software application functionality that interoperates with a Service, that is provided by Customer or a third party. Non-Spaceti Applications, other than those obtained or provided by Customer, will be identifiable as such.
“Normal Working Hours” means the time between 9:00 AM and 6:00 PM in the Czech Republic on a Business Day where Business Day means any day that is not a Saturday, Sunday or public holiday in the Czech Republic.
“Order Form” means an ordering document or online order specifying the Services and HW to be provided hereunder that is entered into between Customer and Spaceti or any of their Affiliates, including any addenda and supplements thereto. By entering into an Order Form hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.
“Purchased Services” means Services that Customer or Customer’s Affiliate purchases under an Order Form or online purchasing portal, as distinguished from Free Services.
“Services” means the online SW products and services that are ordered by Customer under an Order Form or online purchasing portal, or provided to Customer free of charge (as applicable) or under a free trial, and made available online by Spaceti, including associated Spaceti offline or mobile components, as described in the Documentation. “Services” exclude HW, Professional Services and Non-Spaceti Applications.
“SOW” means a Statement of Work describing Professional Services to be provided hereunder, that is entered into between Customer and Spaceti or any of their Affiliates or which is incorporated into an Order Form that is entered into between Customer and Spaceti or any of their Affiliates. By entering into a SOW hereunder, an Affiliate agrees to be bound by the terms of this Agreement as if it were an original party hereto.
“User” means, in the case of an individual accepting these terms on his or her own behalf, such individual, or, in the case of an individual accepting this Agreement on behalf of a company or other legal entity, an individual who is authorized by Customer to use a Service, for whom Customer has purchased a subscription (or in the case of any Services provided by Spaceti without charge, for whom a Service has been provisioned), and to whom Customer (or, when applicable, Spaceti at Customer’s request) has supplied a user identification and password (for Services utilizing authentication). Users may include, for example, employees, consultants, contractors and agents of Customer or Customer Affiliates, and third parties with which Customer or Customer Affiliate transacts business.
- SPACETI RESPONSIBILITIES
- Provision of Purchased Services. Spaceti will (a) make the Services available to Customer pursuant to this Agreement, and the applicable Order Forms, SOWs and Documentation, (b) provide applicable Spaceti standard support for the Purchased Services to Customer at no additional charge, and/or upgraded support if purchased, (c) use commercially reasonable efforts to make the Purchased Services available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which Spaceti shall give advance electronic notice), and (ii) any unavailability caused by circumstances beyond Spaceti’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving Spaceti employees), Internet service provider failure or delay, Non-Spaceti Application, or denial of service attack, and (d) provide the Services in accordance with laws and government regulations applicable to Spaceti’s provision of its Services to its customers generally, and subject to Customer’s use of the Services in accordance with this Agreement, the Documentation and the applicable Order Form or SOW.
- Protection of Customer Data. Spaceti will maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, as described in the Documentation. Those safeguards will include, but will not be limited to, measures designed to prevent unauthorized access to or disclosure of Customer Data (other than by Customer or Users). The data processing addendum is attached as Exhibit A (the “DPA”) and shall apply to the extent Customer Data includes Personal Data, as defined in the DPA. Upon request by Customer made within 30 days after the effective date of termination or expiration of this Agreement, Spaceti will make Customer Data available to Customer for export or download in commonly-readable format. After such 30-day period, Spaceti will have no obligation to maintain or provide any Customer Data, will thereafter delete all copies of Customer Data in its systems or otherwise in its possession or control, unless legally prohibited.
- Spaceti Personnel. Spaceti will be responsible for the performance of its personnel (including its employees and contractors) and their compliance with Spaceti’s obligations under this Agreement.
- Beta Services. From time to time, Spaceti may make Beta Services available to Customer at no charge. Customer may choose to try such Beta Services or not in its sole discretion. Beta Services are intended for evaluation purposes and not for production use, are not supported, and may be subject to additional terms. Beta Services are not considered “Services” under this Agreement, however, all restrictions, Spaceti’s reservation of rights and Customer obligations concerning the Services, and use of any related Non-Spaceti Applications, shall apply equally to Customer’s use of Beta Services. Unless otherwise stated, any Beta Services trial period will expire upon the earlier of one year from the trial start date or the date that a version of the Beta Services becomes generally available without the applicable Beta Services designation. Spaceti may discontinue Beta Services at any time in Spaceti’s sole discretion and may never make them generally available. Spaceti will have no liability for any harm or damage arising out of or in connection with a Beta Service.
- Free Services. Spaceti may make Free Services available to Customer. Use of Free Services is subject to the terms and conditions of this Agreement. In the event of a conflict between this section and any other portion of this Agreement, this section shall control. Free Services are provided to Customer without charge up to certain limits as described in the Documentation or Order Form. Usage over these limits requires Customer’s purchase of additional resources or services. Customer agrees that Spaceti, in its sole discretion and for any or no reason, may terminate Customer’s access to the Free Services or any part thereof. Customer agrees that any termination of Customer’s access to the Free Services may be without prior notice, and Customer agrees that Spaceti will not be liable to Customer or any third party for such termination. Customer is solely responsible for exporting Customer Data from the Free Services prior to termination of Customer’s access to the Free Services for any reason, provided that if Spaceti terminates Customer’s account, except as required by law, Spaceti will provide Customer a reasonable opportunity to retrieve its Customer Data.
NOTWITHSTANDING THE “REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS” SECTION AND “INDEMNIFICATION BY SPACETI” SECTION BELOW, THE FREE SERVICES ARE PROVIDED “AS-IS” WITHOUT ANY WARRANTY AND SPACETI SHALL HAVE NO INDEMNIFICATION OBLIGATIONS NOR LIABILITY OF ANY TYPE WITH RESPECT TO THE FREE SERVICES UNLESS SUCH EXCLUSION OF LIABILITY IS NOT ENFORCEABLE UNDER APPLICABLE LAW IN WHICH CASE SPACETI’S LIABILITY WITH RESPECT TO THE FREE SERVICES SHALL NOT EXCEED $1,000.00. WITHOUT LIMITING THE FOREGOING, SPACETI AND ITS AFFILIATES AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO CUSTOMER THAT: (A) CUSTOMER’S USE OF THE FREE SERVICES WILL MEET CUSTOMER’S REQUIREMENTS, (B) CUSTOMER’S USE OF THE FREE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE FREE SERVICES WILL BE ACCURATE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THE “LIMITATION OF LIABILITY” SECTION BELOW, CUSTOMER SHALL BE FULLY LIABLE UNDER THIS AGREEMENT TO SPACETI AND ITS AFFILIATES FOR ANY DAMAGES ARISING OUT OF CUSTOMER’S USE OF THE FREE SERVICES, ANY BREACH OF THIS AGREEMENT BY CUSTOMER AND ANY OF CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER.
- USE OF SERVICES
- Subscriptions. Unless otherwise provided in the applicable Order Form or Documentation, (a) Purchased Services are purchased as subscriptions for the term stated in the applicable Order Form or in the applicable online purchasing portal, (b) subscriptions for Purchased Services may be added during a subscription term at the same pricing as the underlying subscription pricing, prorated for the portion of that subscription term remaining at the time the subscriptions are added, and (c) any added subscriptions will terminate on the same date as the underlying subscriptions. Customer agrees that its purchases are not contingent on the delivery of any future functionality or features, or dependent on any oral or written public comments made by Spaceti regarding future functionality or features.
- Usage Limits. Services are subject to usage limits specified in Order Forms and Documentation. If Customer exceeds a contractual usage limit, Spaceti may work with Customer to seek to reduce Customer’s usage so that it conforms to that limit. If, notwithstanding Spaceti’s efforts, Customer is unable or unwilling to abide by a contractual usage limit, Customer will execute an Order Form for additional quantities of the applicable Services promptly upon Spaceti’s request, and/or pay any invoice for excess usage in accordance with the “Invoicing and Payment” section below.
- Customer Responsibilities. Customer will (a) be responsible for Users’ compliance with this Agreement, Documentation and Order Forms, (b) be responsible for the accuracy, quality and legality of Customer Data, the means by which Customer acquired Customer Data, Customer’s use of Customer Data with the Services, and the interoperation of any Non-Spaceti Applications with which Customer uses Services, (c) use commercially reasonable efforts to prevent unauthorized access to or use of Services, and notify Spaceti promptly of any such unauthorized access or use, (d) use Services only in accordance with this Agreement, Documentation, Order Forms and applicable laws and government regulations, and (e) comply with terms of service of any Non-Spaceti Applications with which Customer uses Services. Any use of the Services in breach of the foregoing by Customer or Users that in Spaceti’s judgment threatens the security, integrity or availability of Spaceti’s services, may result in Spaceti’s immediate suspension of the Services, however Spaceti will use commercially reasonable efforts under the circumstances to provide Customer with notice and an opportunity to remedy such violation or threat prior to any such suspension.
- Usage Restrictions. Customer will not (a) make any Service available to anyone other than Customer or Users, or use any Service for the benefit of anyone other than Customer or its Affiliates, unless expressly stated otherwise in an Order Form or the Documentation, (b) sell, resell, license, sublicense, distribute, make available, rent or lease any Service, or include any Service in a service bureau or outsourcing offering, (c) use a Service or Non-Spaceti Application to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights, (d) use a Service or Non-Spaceti Application to store or transmit Malicious Code, (e) interfere with or disrupt the integrity or performance of any Service or third-party data contained therein, (f) attempt to gain unauthorized access to any Service or its related systems or networks, (g) permit direct or indirect access to or use of any Services in a way that circumvents a contractual usage limit, or use any Services to access or use any of Spaceti intellectual property except as permitted under this Agreement, an Order Form, or the Documentation, (h) modify, copy, or create derivative works based on a Service or any part, feature, function or user interface thereof, (i) frame or mirror any part of any Service, other than framing on Customer’s own intranets or otherwise for its own internal business purposes or as permitted in the Documentation, (j) except to the extent permitted by applicable law, disassemble, reverse engineer, or decompile a Service or access it to (j1) build a competitive product or service, (j2) build a product or service using similar ideas, features, functions or graphics of the Service, (j3) copy any ideas, features, functions or graphics of the Service, or (4) determine whether the Services are within the scope of any patent.
- PROFESSIONAL SERVICES AND HW SALES
- Professional Services definition. Spaceti shall make available to Customer an appropriately trained employee or contractor to carry out such professional services as are mutually agreed between the parties in a SOW (the “Professional Services”). Such Spaceti resource shall be provided during Normal Working Hours (unless otherwise specifically agreed in a SOW) on the number of Days agreed in the SOW. For the purpose of this clause 4, a “Day” means 8 Normal Working Hours.
- Statement of Work. If Customer wishes to purchase any Professional Services, the parties may agree to mutually execute one or more separate SOWs containing the relevant terms and conditions. Unless otherwise identified in a SOW, all Professional Services must be used within the first subscription term or applicable renewal period. Any portion of the Professional Services not used within such period will be automatically forfeited, with no further action required of either party, and Customer will not be entitled to any refund or credit for any prepaid but unused fees. Customer may not apply any portion of any unused Professional Services or fees paid, for any products or services other than those stated in the SOW.
- Professional Services warranty. Spaceti shall provide the Professional Services with reasonable skill and care and in accordance with generally recognised commercial practices and standards and in accordance with the SOW. This warranty is exclusive and in lieu of all other warranties and conditions, whether express or implied. No implied conditions, warranties or other terms apply (including any implied terms as to satisfactory quality, fitness for purpose or conformance with description). Spaceti will re-perform Professional Services to remedy any breach of warranty. Customer must make any claim under the foregoing warranty to Spaceti in writing within 90 days of performance of such Professional Services in order to receive warranty remedies.
- Change Order. If either party requests a change to the scope or execution of the Professional Services Spaceti shall, within a reasonable time, provide a written estimate to the Customer of: (a) the likely time required to implement the change; (b) any necessary variations to Spaceti’s charges arising from the change; and (c) any other impact of the change on this Agreement and the applicable SOW. If the Customer wishes Spaceti to proceed with the change, Spaceti has no obligation to do so unless and until the parties have agreed in writing to all of the necessary variations to its charges, the Professional Services or SOW and any other relevant terms of this Agreement to take account of the change. Notwithstanding the foregoing, Spaceti may, from time to time on reasonable notice, change the Professional Services in order to comply with any applicable regulatory or statutory requirements, provided that such changes do not materially affect the nature, scope of, or the charges for the Professional Services or materially adversely affect the Customer.
- Delivery location. Spaceti shall deliver all Professional Services from Spaceti’s offices unless otherwise mutually agreed between the parties. If any Spaceti resource is required to travel to Customer’s premises or any other third party premises to deliver the Professional Services to Customer, Customer shall be responsible for Spaceti’s reasonable expenses.
- Subcontractors. Spaceti may, in its reasonable discretion, use subcontractors inside or outside of the Czech Republic to perform any of its obligations hereunder. Spaceti will be responsible for the performance of Professional Services by its personnel (including employees and contractors) and their compliance with Spaceti’s obligations under this Agreement.
- Hardware. If Spaceti is selling any goods to use it with Services (the “HW”), the list and price of such products is in the applicable Order Form and the detailed description of Spaceti’s performance, detailed specification, characteristics and parameters of sold items, the conditions and the method of warranty service provided and the demands on Customer’s cooperation are set out in the Order Form.
- NON-SPACETI PRODUCTS AND SERVICES
- Integration with Non-Spaceti Applications. The Services may contain features designed to interoperate with Non-Spaceti Applications. Spaceti cannot guarantee the continued availability of such Service features, and may cease providing them without entitling Customer to any refund, credit, or other compensation, if for example and without limitation, the provider of a Non- Spaceti Application ceases to make the Non-Spaceti Application available for interoperation with the corresponding Service features in a manner acceptable to Spaceti.
- FEES AND PAYMENT
- Fees. Customer will pay all fees specified in the Order Forms or SOWs. Except as otherwise specified herein or in an Order Form or SOW, (i) fees are based on Services subscription, Professional Services, or HW purchased and not actual usage, (ii) payment obligations are non-cancelable and fees paid are non-refundable, and (iii) quantities of Services subscription purchased cannot be decreased during the relevant subscription term.
- Invoicing and Payment. Customer will provide Spaceti with a valid purchase order or alternative document reasonably acceptable to Spaceti. Spaceti will invoice Customer in advance and otherwise in accordance with the relevant Order Form or SOW. Unless otherwise stated in the Order Form or SOW, invoiced fees are due net 30 days from the invoice date. Customer is responsible for providing complete and accurate billing and contact information to Spaceti and notifying Spaceti of any changes to such information.
- Overdue Charges. If any invoiced amount is not received by Spaceti by the due date, then without limiting Spaceti’s rights or remedies, (a) those charges may accrue late interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, and/or (b) Spaceti may condition future subscription renewals and Order Forms or SOWs on payment terms shorter than those specified in the “Invoicing and Payment” section above.
- Suspension of Service and Acceleration. If any charge owing by Customer under this or any other agreement for services is 30 days or more overdue, Spaceti may, without limiting its other rights and remedies, accelerate Customer’s unpaid fee obligations under such agreements so that all such obligations become immediately due and payable, and suspend Services, Professional Services or HW delivery until such amounts are paid in full, provided that Spaceti will give Customer at least 10 days’ prior notice that its account is overdue, in accordance with the “Notices” section below for billing notices, before suspending services to Customer.
- Payment Disputes. Spaceti will not exercise its rights under the “Overdue Charges” or “Suspension of Service” section above if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute.
- Taxes. Spaceti’s fees do not include any taxes, levies, duties or similar governmental assessments of any nature, including, for example, value-added, sales, use or withholding taxes, assessable by any jurisdiction whatsoever (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases hereunder. If Spaceti has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, Spaceti will invoice Customer and Customer will pay that amount unless Customer provides Spaceti with a valid tax exemption certificate authorized by the appropriate taxing authority. For clarity, Spaceti is solely responsible for taxes assessable against it based on its income, property and employees.
- PROPRIETARY RIGHTS AND LICENSES
- Reservation of Rights. Subject to the limited rights expressly granted hereunder, Spaceti and its Affiliates reserve all of their right, title and interest in and to the Services, including all of their related intellectual property rights. No rights are granted to Customer hereunder other than as expressly set forth herein.
- License by Customer to Spaceti. Customer grants Spaceti, its Affiliates and applicable contractors a worldwide, limited-term license to host, copy, use, transmit, and display Customer Data, as appropriate for Spaceti to provide and ensure proper operation of, the Services and associated systems in accordance with this Agreement. Subject to the limited licenses granted herein, Spaceti acquires no right, title or interest from Customer or its licensors under this Agreement in or to any Customer Data.
- License by Customer to Use Feedback. Customer grants to Spaceti and its Affiliates a worldwide, perpetual, irrevocable, royalty- free license to use and incorporate into its services any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Users relating to the operation of Spaceti’s or its Affiliates’ services.
- Definition of Confidential Information. “Confidential Information” means all information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information of Customer includes Customer Data; Confidential Information of Spaceti includes the Services, and the terms and conditions of this Agreement and all Order Forms (including pricing). Confidential Information of each party includes business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information does not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. For the avoidance of doubt, the non-disclosure obligations set forth in this “Confidentiality” section apply to Confidential Information exchanged between the parties in connection with the evaluation of additional Spaceti services.
- Protection of Confidential Information. As between the parties, each party retains all ownership rights in and to its Confidential Information. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement and (ii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. Neither party will disclose the terms of this Agreement or any Order Form to any third party other than its Affiliates, legal counsel and accountants without the other party’s prior written consent, provided that a party that makes any such disclosure to its Affiliate, legal counsel or accountants will remain responsible for such Affiliate’s, legal counsel’s or accountant’s compliance with this “Confidentiality” section. Notwithstanding the foregoing, Spaceti may disclose the terms of this Agreement and any applicable Order Form to a subcontractor to the extent necessary to perform Spaceti’s obligations under this Agreement, under terms of confidentiality materially as protective as set forth herein.
- Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party’s cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party’s Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to that Confidential Information.
- REPRESENTATIONS, WARRANTIES, EXCLUSIVE REMEDIES AND DISCLAIMERS
- Representations. Each party represents that it has validly entered into this Agreement and has the legal power to do so.
- Spaceti Warranties. Spaceti warrants that during an applicable subscription term (a) this Agreement, the Order Forms and the Documentation will accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Customer Data, (b) Spaceti will not materially decrease the overall security of the Services,
(c) the Services will perform materially in accordance with the applicable Documentation, and (d) subject to the “Integration with Non-Spaceti Applications” section above, Spaceti will not materially decrease the overall functionality of the Services. For any breach of a warranty above, Customer’s exclusive remedies are those described in the “Termination” and “Refund or Payment upon Termination” sections below.
- Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. BETA SERVICES ARE PROVIDED “AS IS,” AND AS AVAILABLE EXCLUSIVE OF ANY WARRANTY WHATSOEVER.
- MUTUAL INDEMNIFICATION
- Indemnification by Spaceti. Spaceti will defend Customer against any claim, demand, suit or proceeding made or brought against Customer by a third party alleging that any Purchased Service infringes or misappropriates such third party’s intellectual property rights (a “Claim Against Customer”), and will indemnify Customer from any damages, attorney fees and costs finally awarded against Customer as a result of, or for amounts paid by Customer under a settlement approved by Spaceti in writing of, a Claim Against Customer, provided Customer (a) promptly gives Spaceti written notice of the Claim Against Customer, (b) gives Spaceti sole control of the defense and settlement of the Claim Against Customer (except that Spaceti may not settle any Claim Against Customer unless it unconditionally releases Customer of all liability), and (c) gives Spaceti all reasonable assistance, at Spaceti’s expense. If Spaceti receives information about an infringement or misappropriation claim related to a Service, Spaceti may in its discretion and at no cost to Customer (i) modify the Services so that they are no longer claimed to infringe or misappropriate, without breaching Spaceti’s warranties under “Spaceti Warranties” above, (ii) obtain a subscription for Customer’s continued use of that Service in accordance with this Agreement, or (iii) terminate Customer’s subscriptions for that Service upon 30 days’ written notice and refund Customer any prepaid fees covering the remainder of the term of the terminated subscriptions. The above defense and indemnification obligations do not apply if (1) the allegation does not state with specificity that the Services are the basis of the Claim Against Customer; (2) a Claim Against Customer arises from the use or combination of the Services or any part thereof with software, hardware, data, or processes not provided by Spaceti, if the Services or use thereof would not infringe without such combination; (3) a Claim Against Customer arises from Services under an Order Form for which there is no charge; or (4) a Claim against Customer arises from Customer’s breach of this Agreement, the Documentation or applicable Order Forms.
- Indemnification by Customer. Customer will defend Spaceti and its Affiliates against any claim, demand, suit or proceeding made or brought against Spaceti by a third party alleging that any Customer Data or Customer’s use of Customer Data with the Services, infringes or misappropriates such third party’s intellectual property rights, or arising from Customer’s use of the Services in an unlawful manner or in violation of the Agreement, the Documentation, or Order Form (each a “Claim Against Spaceti”), and will indemnify Spaceti from any damages, attorney fees and costs finally awarded against Spaceti as a result of, or for any amounts paid by Spaceti under a settlement approved by Customer in writing of, a Claim Against Spaceti, provided Spaceti (a) promptly gives Customer written notice of the Claim Against Spaceti, (b) gives Customer sole control of the defense and settlement of the Claim Against Spaceti (except that Customer may not settle any Claim Against Spaceti unless it unconditionally releases Spaceti of all liability), and (c) gives Customer all reasonable assistance, at Customer’s expense. The above defense and indemnification obligations do not apply if a Claim Against Spaceti arises from Spaceti’s breach of this Agreement, the Documentation or applicable Order Forms.
- Mutual Indemnity. Each party (the “Provider”) will defend the other party (the “Recipient”) against any Claim made or brought against the Recipient by a third party alleging that any information, design, specification, instruction, software, data or material furnished by the Provider in the course of providing or receiving Professional Services (the “Material”) infringes or misappropriates such third party’s intellectual property rights, and will indemnify the Recipient from any damages, attorneys fees and costs finally awarded against the Recipient as a result of, or for amounts paid by Recipient under a settlement approved in writing by Provider of, any such Claim, provided that the Recipient: (a) promptly gives the Provider written notice of the Claim; (b) gives the Provider sole control of the defense and settlement of the Claim (except that the Provider may not settle any Claim unless it unconditionally releases the Recipient of all liability); and (c) gives the Provider all reasonable assistance, at the Provider’s cost. The Provider will have no liability for any such Claim to the extent that (i) it arises from specifications or other Material provided by the other party, or (ii) such claim is based on the Recipient’s use of a superseded or altered version of Material if infringement or misappropriation would have been avoided by the use of a subsequent or unaltered version of the Material that was provided to the Recipient. In the event that some or all of the Material is held or is reasonably believed by the Provider to infringe or misappropriate, the Provider may in its discretion and at no cost to the Recipient (A) modify or replace the Material so it is no longer claimed to infringe or misappropriate, (B) obtain a license for the Recipient’s continued use of the Material in accordance with this Agreement, or (C) require return of the affected Material and all rights thereto from the Recipient. If the Provider exercises option (C), either party may terminate the relevant SOW upon 10 days’ written notice given within 30 days after the Provider’s exercise of such option, subject to the “Payment Upon Termination” section below.
- Exclusive Remedy. This “Mutual Indemnification” section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any third party claim described in this section.
- LIMITATION OF LIABILITY
- Limitation of Liability. Subject to the “Exclusion of Consequential and Related Damages” and “Limitation of Restrictions” sections below, in no event shall the aggregate liability of each party together with all of its Affiliates arising out of or related to this Agreement (whether in contract or tort or under any other theory of liability) exceed the total amount paid by Customer and its Affiliates hereunder in the twelve months preceding the first incident out of which the liability arose. The foregoing limitation will not limit Customer’s and its Affiliates’ payment obligations under the “Fees and Payment” section above.
- Exclusion of Consequential and Related Damages. Subject to section the “Limitation of Restrictions” section below, in no event shall either party or its Affiliates have any liability to the other party or its Affiliates under or in relation to this Agreement whether in contract, tort or under any other theory of liability for:
- any financial damages as a result of loss or damage to property, economic loss, cost of replacement services, loss of profits, loss of revenue, loss of orders, loss of goodwill, and/or loss resulting from damage to image or reputation in each case whether direct or indirect, or
- any indirect or consequential loss or damage arising from or related to this Agreement,
howsoever caused and whether or not such losses are foreseeable, even if that party or its Affiliate has been advised (or is otherwise aware) of the possibility of such losses in advance.
- Limitation of Restrictions. Nothing in this “Limitation of Liability” section shall exclude or limit the liability of either party or its Affiliates for gross negligence or intentional misconduct of such party or its senior management, death or personal injury caused by that party’s or its Affiliate’s negligence or for fraud or fraudulent misrepresentation or for any other liability to the extent that the same may not be excluded or limited as a matter of applicable law.
- TERM AND TERMINATION
- Term of Agreement. This Agreement commences on the Effective Date and continues until all Services subscriptions hereunder have expired or have been terminated, Professional Services and HW were accepted and their warranty (if applicable) expired.
- Term of Purchased Subscriptions. The term of each subscriptions shall be as specified in the applicable Order Form. Except as otherwise specified in an Order Form, subscriptions will automatically renew for additional periods equal to the expiring subscription term or one year (whichever is shorter), unless either party gives the other notice of non-renewal at least 30 days before the end of the relevant subscription term. The per-unit pricing during any renewal term will increase by up to 7% above the applicable pricing in the prior term, unless Spaceti provides Customer notice of different pricing at least 60 days prior to the applicable renewal term. Except as expressly provided in the applicable Order Form, renewal of promotional or one-time priced subscriptions will be at Spaceti’s applicable list price in effect at the time of the applicable renewal. Notwithstanding anything to the contrary, any renewal in which subscription volume for any Services has decreased from the prior term will result in re- pricing at renewal without regard to the prior term’s per-unit pricing.
- Termination. A party may terminate this Agreement for cause (i) upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or (ii) if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
- Refund or Payment upon Termination. Upon any termination of the Agreement or SOW, Customer will pay, in accordance with the “Invoicing and Payment” section of this Agreement, any unpaid fees and expenses for Professional Services incurred on or before the termination date (such Professional Services fees to be paid on a time-and-materials or percent-of-completion basis, as appropriate). If this Agreement is terminated by Customer in accordance with the “Termination” section above, Spaceti will refund Customer any prepaid fees covering the remainder of the term of all Order Forms after the effective date of termination and any fees for Professional Services not yet received. If this Agreement is terminated by Spaceti in accordance with the “Termination” section above, Customer will pay any unpaid fees covering the remainder of the term of all Order Forms and any pre-paid fees for Professional Services charged on a fixed-fee basis are non-refundable, to the extent permitted by applicable law. In no event will termination relieve Customer of its obligation to pay any fees for Services payable to Spaceti for the period prior to the effective date of termination.
- Surviving Provisions. The sections titled “Free Services,” “Fees and Payment,” “Proprietary Rights and Licenses,” “Confidentiality,” “Disclaimers,” “Mutual Indemnification,” “Limitation of Liability,” “Refund or Payment upon Termination,” “Surviving Provisions” and “General Provisions” will survive any termination or expiration of this Agreement, and the section titled “Protection of Customer Data” will survive any termination or expiration of this Agreement for so long as Spaceti retains possession of Customer Data.
- GENERAL PROVISIONS
- Export Compliance. The Services, other Spaceti technology, and derivatives thereof may be subject to export laws and regulations of the European Union, Czech Republic and other jurisdictions. Spaceti and Customer each represents that it is not named on any European Union or Czech government denied-party list. Customer will not permit any User to access or use any Service in a European Union or Czech-embargoed country or region or in violation of any E.U. or Czech export law or regulation.
- Anti-Corruption. Neither party has received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from an employee or agent of the other party in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction.
- Entire Agreement and Order of Precedence. This Agreement is the entire agreement between Spaceti and Customer regarding Customer’s use of Services, Professional Services and purchase of HW and supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. The parties agree that any term or condition stated in a Customer purchase order or in any other Customer order documentation (excluding Order Forms) is void. In the event of any conflict or inconsistency among the following documents, the order of precedence shall be: (1) the applicable Order Form or SOW, (2) any addenda, annex, schedule or exhibit to this Agreement, (3) this Agreement, and (4) the Documentation. Titles and headings of sections of this Agreement are for convenience only and shall not affect the construction of any provision of this Agreement.
- Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. Each party will be solely responsible for payment of all compensation owed to its employees, as well as all employment-related taxes.
- Third-Party Beneficiaries. There are no third-party beneficiaries under this Agreement.
- Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.
- Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect.
- Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all Order Forms and SOWs), without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. In the event of such a termination, Spaceti will refund Customer any prepaid fees covering the remainder of the term of all subscriptions for the period after the effective date of such termination. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
- No Agency. For the avoidance of doubt, Spaceti is entering into this Agreement as principal and not as agent for any other Spaceti company. Subject to any permitted Assignment under the “Assignment” section below, the obligations owed by Spaceti under this Agreement shall be owed to Customer solely by Spaceti and the obligations owed by Customer under this Agreement shall be owed solely to Spaceti.
- Notices. Except as otherwise specified in this Agreement, all notices related to this Agreement will be in writing and will be effective upon (a) personal delivery, (b) the second business day after mailing, or (c) except for notices of termination or an indemnifiable claim (“Legal Notices”), the day of sending by email. Notices to Spaceti will be addressed to the attention of Legal team to the Spaceti’s registered address, e-mail: email@example.com; or as updated by Spaceti via written notice to Customer. Billing-related notices to Customer will be addressed to the relevant billing contact designated by Customer, and Legal Notices to Customer will be addressed to Customer and be clearly identifiable as Legal Notices. All other notices to Customer will be addressed to the relevant Services system administrator designated by Customer.
- Governing Law. This Agreement, and any disputes arising out of or related hereto, will be governed exclusively by the laws of the Czech Republic.
- Venue. The courts located in Prague, the Czech Republic, will have exclusive jurisdiction over any dispute relating to this Agreement, and each party consents to the exclusive jurisdiction of those courts.
- Counterparts. This Agreement may be executed electronically and in counterparts.
Exhibit A – Data Processing Addendum
DATA PROCESSING ADDENDUM
(Revision August 2019)
This Data Processing Addendum, including its Schedules, (“DPA”) forms part of the Master Services Agreement between Spaceti and Customer for the purchase of services from Spaceti (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Personal Data.
All capitalized terms not defined herein shall have the meaning set forth in the Agreement.
In the course of providing the Services to Customer pursuant to the Agreement, Spaceti may Process Personal Data on behalf of Customer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith:
“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.
“Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement.
“Data Subject” means the identified or identifiable person to whom Personal Data relates.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” means any information relating to (i) an identified or identifiable natural person and, (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such data is Customer Data.
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the entity which Processes Personal Data on behalf of the Controller.
“Security Documentation” means the Security Documentation applicable to the specific Services purchased by Customer, as updated from time to time, and accessible via login to the applicable Service, or as otherwise made reasonably available by Spaceti. The Security Documentation as of Effective Date is attached as Schedule 2 to this DPA.
“Spaceti Group” means Spaceti and its Affiliates engaged in the Processing of Personal Data.
“Sub-processor” means any Processor engaged by Spaceti or a member of the Spaceti Group.
“Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR.
- PROCESSING OF PERSONAL DATA
- Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller, Spaceti is the Processor and that Spaceti or members of the Spaceti Group will engage Sub-processors pursuant to the requirements set forth in Section 5 “Sub-processors” below.
- Customer’s Processing of Personal Data. Customer shall, in its use of the Services and Professional Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.
- Spaceti’s Processing of Personal Data. Spaceti shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s) or SOW(s); (ii) Processing initiated by Users in their use of the Services; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.
- Details of the Processing. The subject-matter of Processing of Personal Data by Spaceti is the performance of the Services and Professional Services, if applicable, pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 (Details of the Processing) to this DPA.
- RIGHTS OF DATA SUBJECTS
- Data Subject Request. Spaceti shall, to the extent legally permitted, promptly notify Customer if Spaceti receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making, each such request being a “Data Subject Request”. Taking into account the nature of the Processing, Spaceti shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations. In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request, Spaceti shall upon Customer’s request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Spaceti is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Spaceti’s provision of such assistance.
- SPACETI PERSONNEL
- Confidentiality. Spaceti shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, and have executed written confidentiality agreements. Spaceti shall ensure that such confidentiality obligations survive the termination of the personnel engagement.
- Limitation of Access. Spaceti shall ensure that Spaceti’s access to Personal Data is limited to those personnel performing Services and Professional Services in accordance with the Agreement.
- Data Protection Officer. Members of the Spaceti Group have appointed a data protection officer. The appointed person may be reached at firstname.lastname@example.org.
- Appointment of Sub-processors. Customer acknowledges and agrees that (a) Spaceti’s Affiliates may be retained as Sub- processors; and (b) Spaceti and Spaceti’s Affiliates respectively may engage third-party Sub-processors in connection with the provision of the Services and Professional Services. Spaceti or a Spaceti Affiliate has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this Agreement with respect to the protection of Personal Data to the extent applicable to the nature of the Services and Professional Services provided by such Sub-processor.
- List of Current Sub-processors and Notification of New Sub-processors. Spaceti shall make available to Customer the current list of Sub-processors. Such Sub-processor lists shall include the identities of those Sub-processors and their country of location (the “Infrastructure and Sub-processor Documentation”). Spaceti shall make available to Customer the up-to date Infrastructure and Sub-processor Documentation as well as a mechanism to subscribe to notifications of new Sub-processors to which Customer shall subscribe, and if Customer subscribes, Spaceti shall provide notification of a new Sub-processor(s) before authorizing any new Sub-processor(s) to Process Personal Data in connection with the provision of the applicable Services. The Infrastructure and Sub-processor Documentation for Services, as of Effective Date, is for reference purposes only attached as Schedule 3 hereto.
- Objection Right for New Sub-processors. Customer may object to Spaceti’s use of a new Sub-processor by notifying Spaceti promptly in writing within ten (10) business days after receipt of Spaceti’s notice in accordance with the mechanism set out in Section 5.2 hereof. In the event Customer objects to a new Sub-processor, as permitted in the preceding sentence, Spaceti will use reasonable efforts to make available to Customer a change in the Services or Professional Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services or Professional Services to avoid Processing of Personal Data by the objected-to new Sub- processor without unreasonably burdening Customer. If Spaceti is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the applicable Order Form(s) or SOW(s) with respect only to those Services or Professional Services which cannot be provided by Spaceti without the use of the objected-to new Sub-processor by providing written notice to Spaceti. Spaceti will refund Customer any prepaid fees covering the remainder of the term of such Order Form(s) or SOW(s) following the effective date of termination with respect to such terminated Services or Professional Services, without imposing a penalty for such termination on Customer.
- Liability. Spaceti shall be liable for the acts and omissions of its Sub-processors to the same extent Spaceti would be liable if performing the services of each Sub-processor directly under the terms of this DPA.
- Controls for the Protection of Personal Data. Spaceti shall maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data, as set forth in the Security Documentation. Spaceti regularly monitors compliance with these measures. Spaceti will not materially decrease the overall security of the Services during a subscription term.
- Cooperation and Audits. Spaceti shall make available to Customer such information as is requested by Customer to demonstrate its compliance with applicable statutory obligations, in a commonly used and machine-readable format. In cases of official requests of data protection authorities with jurisdiction over the Processing hereunder, or, in case Customer has reasonable grounds to assume that a Customer Data Incident has taken place, Customer may upon at least fourteen (14) days prior written notice to Spaceti conduct a site visit of the applicable Spaceti operations center at Customer’s expense by a representative of Customer or its independent third party auditor (always not a direct competitor of Spaceti). Such audits shall be carried out at normal business hours without disrupting the on-going business operations of Spaceti. Spaceti may make the audits dependent on the signing of a nondisclosure agreement with Spaceti.
- CUSTOMER DATA INCIDENT NOTIFICATION
Spaceti shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by Spaceti or its Sub-processors of which Spaceti becomes aware (a “Customer Data Incident”). Spaceti shall make reasonable efforts to identify the cause of such Customer Data Incident and take those steps as Spaceti deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within Spaceti’s reasonable control. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.
- RETURN AND DELETION OF CUSTOMER DATA
The procedure is set forth in Section 2.2 of the Agreement.
Spaceti shall ensure that the transfer of Personal Data which are undergoing Processing or are intended for Processing after transfer to a third country shall take place only if such transfer meets the conditions outlined in the GDPR, specifically Chapter V.
- EUROPEAN SPECIFIC PROVISIONS
- GDPR. Spaceti will Process Personal Data in accordance with the GDPR requirements directly applicable to Spaceti’s provision of its Services or Professional Services.
- Data Protection Impact Assessment. Upon Customer’s request, Spaceti shall provide Customer with reasonable cooperation and assistance needed to fulfil Customer’s obligation under the GDPR to carry out a data protection impact assessment related to Customer’s use of the Services or Professional Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent such information is available to Spaceti. Spaceti shall provide reasonable assistance to Customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to Section 10.2 of this DPA, to the extent required under the GDPR.
List of Schedules
Schedule 1: Details of the Processing
Schedule 2: Security Documentation (as of Effective Date)
Schedule 3: Spaceti Infrastructure and Sub-processors (as of Effective Date)
SCHEDULE 1 – DETAILS OF THE PROCESSING
Nature and Purpose of Processing
Spaceti will Process Personal Data as necessary to perform the Services or Professional Services pursuant to the Agreement, as further specified in the Documentation, and as further instructed by Customer in its use of the Services or Professional Services.
Duration of Processing
Subject to Section 8 of the DPA, Spaceti will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing.
Categories of Data Subjects
Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
- Employees or visitors of Customer
- Agents, advisors, freelancers of Customer (who are natural persons)
- Customer’s Users authorized by Customer to use the Services
Type of Personal Data
Customer may submit Personal Data to the Services, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:
- First and last name
- Contact information (company, email, phone, physical business address)
- ID data
- Professional life data
- Personal life data
- Connection data
- Localisation data
SCHEDULE 2 – SECURITY DOCUMENTATION
(As of Effective Date)
|Spaceti has implemented the following technical and organizational security measures to provide the ongoing confidentiality, integrity, availability and resilience of processing systems and services:
Spaceti has implemented the following technical and organizational security measures to protect the confidentiality of processing systems and services, in particular:
- Spaceti processes all customer data on remote server sites owned and operated by industry leading cloud service providers that offer highly sophisticated measures to protect against unauthorized persons gaining access to data processing equipment (namely telephones, database and application servers and related hardware). Such measures include:
- a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection;
- data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders;
- access logs, activity records, and camera footage are available in case an incident occurs;
- data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training;
- access to the data center floor is only possible via a security corridor which implements multi-factor access control using security badges and biometrics;
- only approved employees with specific roles may enter.
- Spaceti implements suitable measures to prevent its data processing systems from being used by unauthorized persons. This is accomplished by:
- automatic time-out of user terminal if left idle, identification and password required to reopen;
- issuing and safeguarding identification codes;
- letting customers define individual user accounts with permissions across Spaceti resources;
- Spaceti’s employees entitled to use its data processing systems are only able to access Personal Data within the scope of and to the extent covered by their respective access permission (authorization). In particular, access rights and levels are based on employee job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. This is accomplished by:
- limited access to Personal Data to only authorized persons;
- industry standard encryption; and
Spaceti has implemented the following technical and organizational security measures to protect the integrity of processing systems and services, in particular:
- Spaceti implements suitable measures to prevent Personal Data from being read, copied, altered or deleted by unauthorized parties during the transmission thereof or during the transport of the data media. This is accomplished by:
- use of state-of-the-art firewall and encryption technologies to protect the gateways and pipelines through which the data travels;
- industry standard encryption; and
- avoiding the storage of Personal Data on portable storage media for transportation purposes and on company issued laptops or other mobile devices.
- Spaceti does not access any customer content except as necessary to provide that customer with the Spaceti products and professional services it has selected. Spaceti does not access customers’ content for any other purposes. Accordingly, Spaceti does not know what content customers choose to store on its systems and cannot distinguish between Personal Data and other content, so Spaceti treats Customer Data the same. In this way, Customer Data benefits from the same robust Spaceti security measures, whether this content includes Personal Data or not.
Spaceti has implemented the following technical and organizational security measures to protect the availability of processing systems and services, in particular:
- Spaceti implements suitable measures to provide that Personal Data is protected from accidental destruction or loss. This is accomplished by:
- infrastructure redundancy;
- policies prohibiting permanent local (work station) storage of Personal Data; and
- performing regular data back-ups.
Spaceti has implemented the following technical and organizational security measures to protect the resilience of processing systems and services, in particular:
- Spaceti designs the components of its platform to be highly resilient. This is accomplished by:
- selection of best-in-class infrastructure providers with data centres that have daily backups with an assured uptime and availability of 99.9999% by the service providers.
Spaceti Infrastructure and Sub-processors
(As of Effective Date)
This documentation describes the infrastructure environment and sub-processors and certain other entities material to Spaceti’s provision of the Services.
Capitalized terms used in this documentation are defined in Spaceti’s Master Services Agreement and/or Data Processing Addendum. In the event of conflict, the Data Processing Addendum definition shall prevail.
Infrastructure – Personal Data Storage
The following table describes the countries and legal entities engaged in the storage of Personal Data submitted by customers to the Services.
|Amazon Web Services, Inc.
||Third-party hosting provider
||Third-party hosting provider
Personal Data Processing
The following legal entities are engaged in processing Personal Data for non-storage purposes.
The Services may use network providers to provide the Services, for security purposes, to support user authentication, and to optimize content delivery (the “Network Providers”). Spaceti uses Network Providers to provide private network capabilities and also to provide Content Delivery Network services (the “CDN”). CDN are commonly used systems of distributed services that deliver content based on the geographic location of the individual accessing the content and the origin of the content provider. Content items to be served to subscribers or end users, such as images or attachments uploaded to the Services, may be stored with a CDN to expedite transmission, and information transmitted across a CDN may be accessed by the CDN to enable its functions. The following describes use of Network Providers by the Services:
|Network provider used
||Description of Services
||Spaceti may use Google Firebase CDN services to provide the Services and to optimize content delivery via the Services.
||Spaceti may use Vodafone to provide the Services to enable more private communication between sensors used for the provision of the Services by creating a private network.
Spaceti customers may subscribe to notifications of new sub-processors by sending an e-mail to email@example.com.