TERMS AND CONDITIONS

§ 1. General provisions

  1. This document (hereinafter: “Terms and Conditions”) define the terms and conditions for the provision of Software Services available through the https://deploynow.io/ (hereinafter: “Website”).
  2. The Terms and Conditions form a legal binding agreement between Customer and the Service Provider.
  3. The Services are provided by DevOpsi spółka z ograniczoną seated in Warsaw (address: ul. Leona Berensona 12E/106, 03-287 Warsaw, Poland), entered into the commercial register kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division, under the KRS number: 0000852755, having tax identity number (NIP): 5242904541, REGON number: 386672022and share capital: PLN 5,000.00 (hereinafter: “Service Provider” or “we”).
  4. Contact with the Service Provider is possible via e-mail, at the following address: support@deploynowdev
  5. Information about the Services available on the Website constitutes an offer within the meaning of Article 71 of the Act of 23 April 1964 Civil Code (hereinafter: “Civil Code”).
  6. Before using the Website, the Customer is obliged to read the Terms and Conditions and the Privacy Policy.

§ 2. Definitions

Words written with capital letters used in these Terms and Conditions have the following meanings: 

  1. Account – a panel created in the Service Provider’s IT system enabling the Customer to use the Services, 
  2. Account Service – a service provided by the Service Provider electronically, including the creation and maintenance of an Account, 
  3. Account Service Agreement – an agreement for the provision of electronic services within the meaning of the Act on the provision of electronic services, the subject of which is the provision of Account Services by the Service Provider to the Customer,
  4. Act on Consumer Rights – Polish Act of 30 May 2014 on Consumer Rights, 
  5. Act on the provision of electronic services – the term defined in § 1 section 2 of the Terms and Conditions.
  6. Agreement – Agreement for the provision of Account Service, Agreement for the provision of Software Services, Data Processing Agreement, 
  7. Agreement for the provision of Software Services – an agreement for the provision of electronic services within the meaning of the Act on the provision of electronic services, the subject of which is the provision of Software Services to the Customer as part of the Package purchased by the Customer,
  8. Civil Code – a term defined in § 1 section 5 of the Terms and Conditions, 
  9. Consumer – a natural person performing a legal transaction with the Service Provider not directly related to its business or professional activity,
  10. Content – all information, data, and materials in any form that the Customer has saved on the Website or otherwise made available to the Service Provider in connection with the Agreement. The Content includes, in particular: data of the Customer and information about his activity or employment, 
  11. Customer – a person who is a Consumer, Entrepreneur or Entrepreneur with the rights of a Consumer, having full legal capacity, who concluded an Agreement with the Service Provider or took actions aimed at its conclusion, 
  12. Data Processing Agreement – an agreement concluded between the Customer and the Service Provider, the subject of which is to entrust the Service Provider with the processing of personal data of employees or associates of the Customer in connection with the provision of Services. The entrustment agreement constitutes Appendix No. 1 to the Regulations, 
  13. Entrepreneur – a natural person, a legal person or an organizational unit without legal personality, whose special provisions grant legal capacity, conducting business or professional activity on its own behalf, 
  14. Entrepreneur with the rights of a Consumer – a natural person conducting business or professional activity on their own behalf, who has concluded an Agreement with the Service Provider directly related to its business activity, but not having a professional character for this person, resulting from the subject of its business activity,
  15. Package – a separate set of IT Services provided by the Service Provider to the Customer,
  16. Price list – a document containing price rates set for the purposes of mutual settlements available at: https://deploynow.io/ 
  17. Privacy Policy – a document containing information on the processing of personal data by the Service Provider,
  18. Service Provider – the term defined in § 1 section 3 of the Terms and Conditions,
  19. Software Service – a service provided by the Service Provider by electronic means including software services, in particular: programming services, development and implementation of software and cloud services, orchestration, configuration, creation of documentation, to the extent and scope resulting from the Package purchased by the Customer, 
  20. Terms and Conditions – the term defined in § 1 section 1 of the Terms and Conditions, 

§ 3. Obligations and responsibilities of the Service Provider related to the Website administration

  1. The Service Provider provides Software Services without physical presence or the physical presence of his staff, exclusively through means of distance communication.
  2. The Service Provider is not responsible for disruptions in the functioning of the Website resulting from:
    • conservation and modernization work carried out on the Website,
    • reasons attributable to the Customer,
    • reasons beyond the service provider’s control, in particular the actions of third parties, for which the Service Provider is not responsible.
  3. The Service Provider undertakes to carry out the works referred to in paragraph 2(a) above in the least burdensome manner for the Service Recipients and, if possible, to inform them in advance about the planned works.
  4. The Service Provider undertakes to remove disturbances in the functioning of the Website on an ongoing basis.

§ 4. General rules for the provision of Software Services

  1. The Service Provider provides Software Services with due diligence, considering the professional nature of its activities.
  2. Software services are provided by subscription. The use of the Services requires payment of Services in advance, in accordance with the terms of the Package selected by the Customer.
  3. Software Services do not include IT support and guaranteed level of service.
  4. The Services are provided on the terms specified in the description of the Package, on schedule agreed by the Customer and the Service Provider.
  5. The Service Provider has the right to interfere with the data structure, conduct an audit, configure the Client’s software or IT system, if it is necessary to perform the work commissioned to the Service Provider. The Service Provider shall not be liable for damages that may arise in connection with the above-mentioned interference, if the cause of the damage were causes not attributable to the Service Provider, in particular incorrect configuration of services or the Customer’s personnel activity.
  6. The Service Provider informs that it uses cryptographic protection of electronic transfer and digital content by applying appropriate logical, organizational, and technical measures indicated in the Appendix 2, in particular to prevent access to data by third parties, including SSL encryption, the use of access passwords and anti-virus programs or against unwanted software.
  7. The Service Provider informs that despite the application of the safeguards referred to in section 6 above, the use of the Internet and services provided electronically may be at risk of getting into the ICT system and the Customer’s device of malware or gaining access to data on this device by third parties. To minimize the threat, the Service Provider recommends the use of anti-virus programs or measures to protect identification on the Internet.

§ 5. Copyrights

  1. If, as a result of the provision of Software Services, the Service Provider creates a work within the meaning of the Act of 4 February 1994 on Copyright and Related Rights (hereinafter: “Work“), upon its return to the Customer, the Service Provider, as part of the remuneration for the purchase of the Package, grants the Customer a non-exclusive, unlimited in time and territory license to use the Work in the following fields of exploitation: 
    • Fields of exploitation of the Work that is not a computer program:
      • recording and multiplication of the Work, in particular:
        • recording and multiplication of the Work,
        • recording and multiplication by all known techniques, in particular by printing, reprographic technique, magnetic recording, digital recording, photosensitive, computer and digital recording, 
        • production of an unlimited number of copies and editions on any media, 
      • circulation of the originals and copies of the Work, in particular: 
        • marketing the originals and an unlimited number of copies of the Work within the territory of Poland and all other countries of the world, 
        • renting, leasing, and lending for use the originals and an unlimited number of copies of all kinds within the territory of Poland and all other countries, 
      • distribution of the Work in whole or in part, in particular: 
        • public performance, exhibition, display, reproduction, broadcasting and rebroadcasting as well as making it available to the public in such a way that everyone may access it from a place and at a time individually chosen by them, 
        • public presentation, in particular at conferences, meetings, and lectures,
      • sharing on the Internet, including on social media, 
      • introduction of the Work in its entirety or in part to computer memory or to multimedia and telecommunication networks (including those generally accessible, such as the Internet) and making them available to the users of such networks in a manner that enables them to see the Work, whether for remuneration or not, 
      • saving the Work in the non-volatile memory of a computer, other device or on other tangible media, 
      • saving the Work in the operational memory of a computer or other device, 
      • submitting or transferring the record of the Work between computers and servers by any means or technique,
      • exchange of the media on which the Work has been recorded, 
      • use of the Work in whole or in part (including in combination with other works or content) as part of advertising conducted by any means (in particular: radio, television, Internet, press, leaflet, billboard advertising) concerning any goods, services, brands, organisational units or persons, 
      • using and distributing the Work by using VR (virtual reality), AR (augmented reality) and MR (mixed reality) technologies, 
      • combination of the Work with other works or content and use of the materials created as a result of such combination in all fields of exploitation specified in this section, 
      • use of the Work in the field of merchandising/ancillary rights, including the use of characters, works, names and/or descriptions of characters, sayings, slogans, dialogues, situations, designs, signs, events and other distinctive elements and motifs of the Work and materials, clothing, gadgets, games, and other materials created based on the Work, in all fields of exploitation listed in this section; 
    • Fields of exploitation of the Work that is a computer program:
      • permanent or temporary reproduction of the Work in whole or in part by any means and in any form; including downloading, by placing it in computer memory (installation), running, displaying, using, or storing, 
      • translation, adaptation, change of layout or introduction of any other changes, in particular using the technique of computer printout, recording on a magnetic disk and digital disk, 
      • public dissemination of the Work, in particular by making it available in such a way that everyone could access it at a time and place of their choice, in particular:  
        • on the Internet,  
        • in closed networks,  
        • dissemination in the SaaS model,  
        • electronic sharing on demand, 
      • exploitation in whole or in part by using any new technology, including in particular radio and online television, regardless of the technology, form or manner of dissemination, including on demand, peer to peer and any related techniques, 
      • use of the Work as part of any telecommunications activity using any systems and devices and any available technology, including text, multimedia, audio-visual, wallpapers, icons, e-cards, screen savers, banners, thumbnails, pop-ups; programmes, games or applications for phones or tablets, computers, consoles, and any other devices, including tablets and any other mobile devices enabling transmission and reception of data, 
      • making any number of copies of the Work, 
      • reproduction of the source code or a translation of its form (decompilation), including the right of permanent or temporary reproduction in whole or in part by any means and in any form, as well as adaptation (translation, adjustment or any other alteration) without restricting the conditions for the admissibility of these acts, in particular, but not limited to, the use of the Work for the purposes of interacting with computer programmes or developing, manufacturing or marketing, selling, lending, renting or other forms of use of a similar form, 
      • specifying the name of the Work under which it will be distributed, including its trade name, 
    • All copyrights acquired under these Terms and Conditions might be transferred by the Customer, without restriction, in whole or in part, to third parties without Service Provider’s permission. 
    • To create Works, the Service Provider may use works of third parties in the public domain or open-source software; in these cases, the procedure for granting the license will be agreed between the Service Provider and the Customer separately from the Terms and Conditions.  

§ 6. Confidentiality 

  1. All documents and information made available to the Service Provider by the Customer for the purpose of providing Software Services are treated by us as confidential information (hereinafter: “Confidential Information“).  The Service Provider undertakes to keep confidential Information and use it only for the purposes of cooperation or for purposes accepted by the Customer. 
  2. The Service Provider undertakes that Confidential Information will be kept confidential also by its associates and representatives. 
  3. The Service Provider undertakes to store Confidential Information in compliance with security measures that will prevent access to it by third parties. 
  4. The Service Provider will not be obliged to keep confidential Confidential Information:
    • which have been made public,
    • which are publicly available or disseminated, including in particular by means of the mass media and on the Internet, 
    • in relation to an entity whose obligation to disclose Confidential Information results from mandatory provisions of law, 
    • in relation to the authority to which the obligation to disclose Confidential Information results from a final decision,
    • in relation to its legal advisors, auditors, providers of accounting and other services related to ensuring the Service Provider’s activity,
    • have been made available to the Service Provider from other sources, without the obligation to keep them confidential, unless the information has been provided to the Service Provider as Confidential Information, 
    • in relation to which the Customer has given written consent to their disclosure. 

§ 7. Liability of the Service Provider related to the provision of Software Services 

  1. The Service Provider shall not be liable for delay or non-performance of the Software Services Agreement to the extent that it was caused by force majeure. Force majeure shall be understood as external events, independent of the Parties and unforeseeable, such as, in particular: war, fire, epidemic, flood, communication blockades of a supra-regional nature, social cataclysms or catastrophes of structures or buildings. In the event of force majeure, the Service Provider shall immediately inform the Customer about the impossibility of performing its obligations under the Software Services Agreement and agree with the Customer to take possible measures to remove the effects of force majeure.  
  2. The Service Provider shall not be liable for non-performance or improper performance of the Service if it is the result of circumstances beyond the Service Provider’s control, which it was not able to prevent even with due diligence. 
  3. The Service Provider may terminate the Agreement for the provision of Software Services with immediate effect (without observing the notice period) in the event of the inability to provide Software Services lasting more than 14 days because of the lack of necessary cooperation on the part of the Customer. The Service Provider is then entitled to remuneration proportional to the number of Software Services performed by him until the date of termination. 
  4. The total liability of the Service Provider for non-performance or improper performance of Software Services is limited to twice the remuneration paid by the Customer in the last three months of providing Services preceding the occurrence of the damage. 
  5. The Service Provider is not responsible for the security of the IT system, services and data belonging to the Customer.

§ 8. Right of withdrawal

  1. The provisions of this § 8 apply only to the Customer who is a Consumer or Entrepreneur with the rights of a Consumer.  
  2. The Customer has the right to withdraw from the Agreement without giving any reason within 14 (fourteen) days from the date of its conclusion.  
  3. The Customer exercises the right to withdraw from the Agreement by submitting to the Service Provider a statement of withdrawal from the Agreement (hereinafter: “Statement“). To meet the deadline for withdrawal from the Agreement, it is sufficient to send a Statement before the deadline referred to in sec. 2 above. 
  4. The Statement may be submitted by the Customer in any form, in particular on the form constituting Annex 2 to the Act on Consumer Rights. However, to improve the exercise of the right to withdraw from the Agreement, the Service Provider recommends submitting a Statement in the manner indicated in section 5 below.  
  5. In the event of the will to withdraw from the Agreement, the Customer should send by e-mail to the address indicated in § 1 section 4 of the Terms and Conditions a message containing the following elements: 
    • name and surname of the Customer, 
    • e-mail address, 
    • a clear statement of withdrawal from the Agreement, 
    • the date of conclusion of the Agreement and its type, 
    • PKD codes of business activity conducted by the Customer (if the Service Recipient is an Entrepreneur with the rights of a Consumer), 
  6. The Service Provider sends by e-mail a confirmation of receipt of the Statement immediately after its receipt. 
  7. If the withdrawal concerns the Agreement for the provision of the Software Services, the Service Provider shall return to the Customer the payments made by him, less the part of the payment proportional to the period of using the Software Services by the Customer.  
  8. Pursuant to Article 38 point 1 of the Act on Consumer Rights, the Customer is not entitled to withdraw from the Agreement for the provision of the Service, which has been fully performed by the Service Provider or the Customer has agreed to its performance before the deadline for withdrawal from the contract. 

§ 9. Complaints

  1. The Customer may file a complaint if the Service Provider provides Services in a manner inconsistent with the Terms and Conditions.  
  2. The Customer submitting a complaint should send by e-mail to the address indicated in § 1 section 4 of the Terms and Conditions a message containing the following elements: 
    • company or name and surname of the Customer, 
    • e-mail address, 
    • a description of the noticed irregularities, 
    • request a complaint.  
  3. The deadline for considering the complaint and responding to it is 30 (thirty) days from the date of its receipt by the Service Provider in the correct and complete form. Lack of response within the time limit indicated in the preceding sentence means recognition of the complaint. 
  4. We shall respond to the complaint by e-mail.  

§ 10. Personal data protection 

Information on the processing of Customer’s personal data by the Service Provider can be found in the Privacy Policy available at: https://deploynow.io/privacy-policy/

§ 11. Pre-judical dispute resolution 

  1. The provisions of this paragraph apply only to Customers who are Consumers. 
  2. The Service Recipient can use out-of-court methods of dealing with complaints and pursuing claims. 
  3. Detailed information on the possibility for the Customer to use out-of-court methods of dealing with complaints and redress and the rules of access to these procedures are available at the premises and on the following websites:  
    • consumer ombudsmen, social organizations whose statutory tasks include consumer protection, 
    • Provincial Inspectorates of Trade Inspection, 
    • Office of Competition and Consumer Protection. 
  4. Notwithstanding the provisions of paragraph 3 above, the Customer may also use the Online Dispute Resolution Application (ODR) available at: http://ec.europa.eu/consumers/odr/.

§ 12. Amendment to the Terms and Conditions 

  1. The Service Provider may make a change to the Terms and Conditions in the case of: 
    • changes in the subject of the Service Provider’s activity. 
    • introduction of new services to the Service Provider’s offer, withdrawal of services previously provided or modification of currently provided services, 
    • make a technical modification of the Website requiring adaptation of the provisions of the Terms and Services to them,
    •  the legal obligation to make changes, including the obligation to adapt the Terms and Services to the current legal status.  
  2. The Service Provider notifies the Customers of the amendment to the Terms and Conditions by sending them its amended version by e-mail at least 14 (fourteen) days before the date of entry into force of the changes. Within the period referred to in the preceding sentence, the amended version of the Terms and Conditions will also be published on the Website. 
  3. The Customer who has concluded the Agreement for the provision of the Account Service and who does not agree to the amendment of the Terms and Conditions may terminate the Agreement for the provision of the Account Service until the amendments to the Terms and Conditions enter into force. To the termination referred to in the preceding sentence, the provisions of § 5 sections 5 and 7 of the Regulations shall apply accordingly. Failure to submit a notice of termination within the period indicated in this paragraph 3 shall be deemed to be consent to the provision of services by the Service Provider in accordance with the amended provisions of the Terms and Conditions.  
  4. In the event of termination of the Account Service Agreement in the manner indicated in paragraph 3 above, the Service Provider shall return to the Customer a part of the payment proportional to the unused part of the Package within 14 (fourteen) days from the date of deleting the Account. 
  5. The provisions of paragraphs 1-3 above shall apply mutatis mutandis to the amendment of Annexes to the Terms and Conditions.

§ 13. Data Processing Agreement

  1. If the Service Provider needs to process personal data administered by the Customer to perform IT services, the Data Processing Agreement is concluded.  
  2. The Data Processing Agreement is concluded for the duration of the Service Provision Agreement and terminates or expires with the termination or expiration of this Agreement.  

§ 14. Final provisions 

  1. In matters not covered by these Rules, the provisions of generally applicable Polish law, in particular the relevant provisions of the Polish law shall apply, unless it is not possible due to the need to apply the provisions of the law of the registered seat or place of the residence of the Service Provider. 
  2. An integral part of the Terms and Conditions are: 
    • Appendix 1 – DPA, 
    • Appendix 2 – Information on the security measures applied by the Service Provider.  
  3. These Terms and Conditions run into force on the day of its publication on the Website: https://deploynow.io/privacy-policy  

Appendix 1 

DATA PROCESSING AGREEMENT

(Hereinafter: “DPA”)

concluded between: 

DevOpsi spółka z ograniczonÄ… seated in Warsaw (address: ul. Leona Berensona 12E/106, 03-287 Warsaw, Poland), entered into the commercial register kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division, under the KRS number: 0000852755, having tax identity number (NIP): 5242904541, REGON: 386672022and share capital: PLN 5,000.00 (hereinafter: “Processor”) 

and 

Customer (hereinafter: “Controller”) 

Hereinafter collectively referred to as the “Parties” and each separately as the “Party“. 

Taking into consideration that:  

  • The Parties have concluded a Software Services Agreement (hereinafter: the “Major Agreement“) about software services,  
  • performance of the Major Agreement requires that the Controller entrusts the Processor with the processing of personal data, 

The Parties have decided to enter into this Entrustment Agreement (attached to the Major Agreement) with the following content:  

§ 1. Entrustment of personal data processing

  1. The Controller entrusts the Processor with the processing of personal data pursuant to Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: “General Data Protection Regulation” or “GDPR“). 
  1. The Controller declares that he is the administrator of the data entrusted to the Processor under the EDPA. 
  1. The Controller entrusts the Processor with the processing of personal data to the extent specified in § 2 of the DPA. 

§ 2. Subject, nature, purpose, and duration of data processing 

  1. The personal data entrusted by the Controller shall be processed by the Processor only under the documented instruction of the Controller and exclusively for the purposes of performing the Major Agreement.  
  2. The subject of processing shall be personal data necessary for the performance of the Major Agreement, in particular personal data (hereinafter: “entrusted personal data“) in the form of: 
    • first names, surnames, 
    • residential addresses,
    •  business addresses, 
    • e-mail addresses, 
    • – concerning: 
    • customers, 
    • employees, 
    • contractors, 
    • associates. 
  3. Processing of the entrusted personal data shall be carried out with the use of Controller’s and Processor’s IT systems. 

§ 3.  Obligations, rights, and declarations of the Processor

  1. The Processor shall ensure the security of the personal data by implementing, prior to the processing and by maintaining technical and organizational measures appropriate to the nature, scope, context, and purpose of the processing of the personal data, including those required by the applicable laws so that the processing of the personal data meets the requirements of the GDPR.  
  2. The Processor shall ensure that persons authorized to process the personal data entrusted under the DPA are bound by an obligation of secrecy or are subject to an appropriate statutory secrecy obligation.  
  3. To the extent justified by the subject matter of the DPA, the Processor undertakes to assist the Controller in fulfilling its obligation to respond to requests from data subjects regarding the exercise of their rights under generally applicable law, including Chapter III of the GDPR. 
  4. The Processor shall immediately notify the Controller of: 
    •  any breach of the protection of the entrusted personal data, whereby “breach of the protection of the entrusted data” shall mean any accidental or unlawful destruction, loss, modification, unauthorized disclosure, or unauthorized access to the entrusted personal data. The notification referred to in this point a) shall be made at the latest within 24 hours after the detection of a breach of security of the entrusted data, 
    • each request received from the data subject, while withholding its response to the request until it has received the Controller’s opinion. The notification referred to in this point b must be made at the latest within 24 hours of receipt of the request, 
    • any legally authorized request to disclose personal data to a competent state authority, unless the prohibition to notify results from legal regulations, and in particular from the regulations of criminal proceedings, when the prohibition aims to ensure the confidentiality of an investigation launched the performance of an audit of the compliance of the processing of personal data by the President of the Office for Personal Data Protection or any other supervisory authority and the results thereof, as well as other activities of public authorities concerning such data. 
  5. The Processor shall, to the extent justified by the subject matter of the DPA and the information available to the Processor, assist the Controller in complying with its obligations under generally applicable laws, including Articles 32 to 36 of the General Data Protection Regulation, concerning the security of the processing of personal data, the notification of a personal data breach to the supervisory authority and to the data subject, the data protection impact assessment and the related consultations with the supervisory authority.  
  6. The Processor shall make available to the Controller all information necessary to demonstrate the fulfilment by the Controller of its obligations under generally applicable law, including enabling and contributing to audits, including inspections, by the Controller or an auditor authorized by the Controller. 
  7. The Processor shall comply with the Controller’s post-audit recommendations referred to in § 4 of the DPA aimed at remedying the deficiencies and improving the security of the processing of personal data. 

§ 4. Rights and obligations of Controller 

  1. The Controller shall have the right to inspect the performance of the DPA by way of preannounced 7 calendar days ad hoc inspections of the processing of personal data by the Processor and to require the Processor to provide written explanations.  
  2. At the end of the audit referred to in paragraph 1 above, a representative of the Controller shall draw up a report in 2 copies to be signed by the representatives of both Parties. The Processor may object to the protocol within 5 working days from the date of its signing by the Parties. 

§ 5. Further entrustment of personal data 

  1. The Controller gives its general consent for the Processor to use the services of another processor (hereinafter: “sub-processing“).  
  2. The Processor shall on each occasion ensure that the sub-processor provides sufficient guarantees to implement appropriate technical and organizational measures that the processing will meet the requirements of the General Data Protection Regulation and protect the rights of data subjects. 
  3. The Processor shall notify the Controller the intention to subcontract the processing of personal data or any changes regarding the processors based on subcontracting. The Controller shall have the right to object to such changes within 7 working days from the receipt of the notification referred to in the preceding sentence. During the period of the objection the Processor may not carry out any subcontracting. An objection shall prevent subcontracting by the Processor.  
  4. In case of sub-processing by the Processor, the Processor shall impose in a relevant agreement on the next processor analogous data protection obligations as in the DPA. 

§ 6. Confidentiality 

The Parties undertake to use the materials, data, and any information obtained from the other Party for the performance of the DPA exclusively for the performance thereof and to keep such materials, data, and information confidential both during the term of the DPA and after its termination.

§ 7. Duration of the Agreement 

The DPA is concluded for the duration of the Major Agreement. 

§ 8. Consequences of termination of the DPA 

  1. Where the DPA is terminated, the Processor shall immediately, but no later than within 14 working days remove from its own carriers all the personal data the processing of which it has been entrusted with, including effectively removing them also from the electronic carriers at its disposal. The provisions of the preceding sentence shall not apply to personal data which the Processor is required to keep pursuant to generally applicable laws for a period longer than the duration of the DPA. 
  2. In the event of termination of the DPA, the Processor is entitled to terminate the Software Services Agreement due to the inability to perform it.  

§ 9. Final provisions 

  1. The processor’s total liability under DPA is limited to twice the remuneration paid by the Customer in the last three months of providing Services preceding the occurrence of the infringement (damage).  
  2. The provisions of the DPA supersede any provisions on personal data contained in the Major Agreement. 
  3. Any amendments to the DPA shall be made in writing under pain of nullity.  
  4. The Parties shall seek to amicably resolve any disputes that may arise in connection with the execution, non-execution, or improper execution of the DPA. In case of failure to reach an agreement, the dispute will be settled by a court having jurisdiction over the Processor’s seat. 
  5. If any provision of the entrustment agreement is found to be invalid, the remaining provisions shall remain in force and the Parties shall replace the invalid provision with another one having legal force and economic effect as close as possible to the invalid provision.  
  6. In matters not regulated by the DPA the relevant provisions of Polish law shall apply.

Appendix 2 

Information on the security measures applied by the Service Provider 

To ensure the high level of security of our Customers’ data and systems we use the following logical, organizational, and technical security measures:  

  • SSL encryption, 
  • anti-virus programs, 
  • anti-spyware software, 
  • firewall, 
  • we conduct regular security audits of our services, 
  • our team connect to Customers’ systems and services only using VPN, 
  • we monitor vulnerabilities in our systems and services, 
  • only selected members of our team have access to Customer data – to the minimum extent necessary, 
  • our team members use two-factor authentication, 
  • we regularly create and test backup copies.