Agreement of Software as a Service (SaaS)

This Software Agreement for Secure Access CLOUD as a service is performed between the following parties:

ON THE FIRST PART, OPEN DATA SECURITY S.L. (hereinafter, ODS), with CIF B-76.741.222, with registered office at C/ Santiago, Nº 56, 38001, Santa Cruz de Tenerife. Spain, and main business headquarters in C/ San Francisco, Nº 9, 4ºD, 38002, Santa Cruz de Tenerife, Spain.

ON THE SECOND PART, THE SUBSCRIBER that contracts the Secure Access CLOUD software as a service offered through the website https://secureaccess.com/ owned by ODS.

The acceptance of the Present Agreement presupposes:

• That has understood the content.
• That the undersigned has enough legal capacity to sign on behalf of THE ENTITY he represents.
• That assumes all the terms and conditions set forth therein.
• That accepts and knows our Privacy Policy, Legal Notice and Cookies Policy.
• That they have a binding force between the parties, on the one hand, ODS as a supplier of the service, and on the other hand, THE SUBSCRIBER for using the software as a service.

The license for the use of the Secure Access CLOUD software as a service is exclusively addressed to companies, associations and public administrations. Therefore, under no circumstances will ODS provide the service to a final consumer.

This Agreement is based on the following TERMS AND CONDITIONS:

1. DESCRIPTION OF THE SERVICE. The service provided by ODS to THE SUBSCRIBER and to which this agreement is linked is the use of the Secure Access CLOUD software as a service consisting of a platform to improve the security of corporate web environments published on the Internet. It is an additional layer of security that protects web applications exposed to the Internet isolating them from possible attacks. Secure Access acts as a platform in the cloud of access control between the servers that host these applications and Internet users verifying their identity and permissions before redirecting web traffic. In this way, it is guaranteed that only authorized users can access the applications exposed behind Secure Access CLOUD.

   Its technical foundation is based on an authentication proxy hosted in the cloud that forces the final users to go through the process of validating their credentials before accessing the applications registered by the SUBSCRIBER.

   The main characteristics of the service are the following:

   • Users multi-factor authentication.
   • Secure communication through HTTPS protocol.
   • Web attack protection thanks to the integrated Firewall (WAF)
   • Granular monitoring and control of access.
   • Protection against denial of service attacks.
   • Generation and automatic renewal of SSL certificates.
   • These functionalities are accessible from the administration panel available to users with privileged permissions designated by the SUBSCRIBER.

   To increase security in access control, service administrators designated by the SUBSCRIBER will have the possibility to activate a second factor in the process of user identification. Users have the possibility to download the Secure Access CLOUD mobile application (available in Apple App Store and Google Play Store) to make use of this extra security mechanism. The application can be used to generate temporary access codes or to receive authorization notifications and allow user access.

2. GRANT LICENSE OF ACCESS AND USE OF THE SERVICE. Through this, ODS grants to THE SUBSCRIBER, including all its authorized Users, a license to use the Secure Access CLOUD software as a service.

   The subscription of any of the methods for use of the Secure Access CLOUD software as a service will not entitle THE SUBSCRIBER nor its authorized Users to commercialise, license, sublicense, lease, rent, sell, resell, transfer, relinquish, distribute , make available to third parties or in any other way or benefit of the service that has not been authorized in this Agreement.

   THE SUBSCRIBER cannot or will not allow its users with access, as well as third parties, to make any modification to the Secure Access CLOUD software, to try to discover the source code, to use reverse engineering or any other type of penetration test, code or measurement audit of security.

   THE SUBSCRIBER must ensure that all users who authorize access to use the Secure Access CLOUD software as a servicemust comply with these terms and conditions.

   THE SUBSCRIBER is responsible for the use of the Secure Access CLOUD software as a service in accordance with these conditions and will respond directly to ODS for any damage or harm that may be caused or may be caused as a result of the improper use of the service by the staff in charge. It is understood as "misuse" any use of the service that is contrary to these conditions of use of the service, good faith and current regulations.

   ODS must be notified in a reliable manner of any irregularity that has been committed, as well as, in the case of access by a third party not authorized to proceed to take the necessary security measures. In case of breach of this obligation by THE SUBSCRIBER, ODS may withdraw the service unilaterally, as well as pass on to THE SUBSCRIBER any damage or injury that may have been caused or may have caused.

3. SUBSCRIPTION MODALITIES FOR USE OF Secure Access CLOUD. All personal data collected in the registration forms for use of Secure Access CLOUD will be used in accordance with our Privacy Policy.

   The right to use the Secure Access CLOUD license does not imply ownership or any other right. All copyrights and property rights are exclusive to ODS.

   1. Free subscription for one month for use of Secure Access CLOUD. The scope of authorized use of free trial for a month is as follows:

      The use of "FREE TRIAL OF Secure Access CLOUD FOR 1 MONTH", may be used only once for 1 month counted from the same day of its activation (date to date). ODS will send during the period of use of "FREE TRIAL OF Secure Access CLOUD FOR 1 MONTH" emails notifying the remaining time, the day of the end of the service, as well as the information and possibility of moving to a payment plan.

      The "FREE TRIAL OF Secure Access CLOUD FOR 1 MONTH" will be limited to 1 TB (terabyte) of transfer without limitation of users with access within their organization, in addition to the number of domains and subdomains (web applications) registered.

   2. Payment subscription for use of Secure Access CLOUD. The scope of the authorized use of the payment method for use of Secure Access CLOUD is as follows:

      The cost for using Secure Access CLOUD will depend on the number of users you want to add. Both the number of users with access, service cost and payment method will be chosen by the SUBSCRIBER in the control panel of his account.

      Any type of subscription chosen by you will have a limit of 1 TB (terabyte) of data transfer per month. The cost per TB (terabyte) extra will be 150€ which will be charged to the bank account provided by the SUBSCRIBER for this purpose.

      Any of the modalities of subscription of the license of use includes all the updates of Secure Access CLOUD realized by ODS during the period of subscription.

   3. 1. Price. THE SUBSCRIBER will pay ODS a monthly subscription fee in accordance with the following scheme:

         Number of users	Price per month	Applied price
         Up to 50 users	5 €/user	1 - 50 users
         Next 200 users	4 €/user	51 - 250 users
         Next 250 users	3 €/user	251 - 500 users
         More than 500 users	Personalized Price	> 500 users

         If you contract one-year a 10% discount is applied, if you contract directly for 2 years a 25% discount will be applied. All discounts are applied on final price.

         Each subscription includes 1 TB of bandwidth/month. An extra 150€/TB will be charged if the default bandwidth is consumed.

         * The price per month is progressive. This means that we apply discounts per volume the more users you hire. The unit price per user is based on the range in which the user is located.

         ** If a subscription is contracted for 12 months, it cannot be monthly again, only extended to 24 months.

         *** If a subscription is contracted for 24 months, it cannot be monthly or annual again.

      2. Payment. THE SUBSCRIBER will pay the subscription fee to ODS:

         In payments by credit or debit card for amounts less than 2.500 euros.

         For amounts over 2.500 euros THE SUBSCRIBER should contact ODS through the email address [email protected].

      3. Expiration. Expired month expiration.

      4. Taxes. Payment amounts subscribed under this agreement do not include taxes. THE SUBSCRIBER will pay all taxes applicable in each case:

         • If you are a business owner established in the Canary Islands, the transaction is subject to IGIC (7%).
         • If you are a business owner established in the Canary Islands and have the status of a ZEC company, the transaction will be exempt from IGIC pursuant to the provisions of article 47 of Law 19/1994. As long as the services are used in the ZEC activity.
         • If you are a community/non-community business owner, this transaction is not subject to IGIC article 17, of Law 20/1991. The Budget and invoice will be issued without VAT and without IGIC, the recipient will declare and enter the tax in their place of residence (investment of the taxpayer).

      5. Suspension of service. ODS reserves the right to suspend the service to THE SUBSCRIBER of use of Secure Access CLOUD in any of its contracted modalities in case of:

         • Breach of the terms and conditions of this agreement.
         • When considers necessary to suspend the service for security reasons that may affect THE SUBSCRIBER of the service.
         • Scheduled maintenance work.
         • Causes of force majeure.
         • Problems associated with computing devices, local area networks or connections of Internet service providers.
         • The inability of ODS to provide the service due to the acts and omissions of THE SUBSCRIBER or users with access.

         We will get in touch with you before the service is interrupted except in the case that this is not possible (force majeure).

4. TECHNICAL SUPPORT. Through this, ODS grants to THE SUBSCRIBER, including all its authorized Users, a license to use the Secure Access CLOUD software as a service.

   (a) Telephone or electronic assistance during normal business hours to assist THE SUBSCRIBER in locating and correcting problems with the Service and any related software.

   (b) The Support system will be available as described in the following section.

5. SERVICE LEVEL.

   1. Applicable levels.

      1. Availability. The components of the service destined to each of the tasks will have the following availability associated:

         • 99.9% service availability.
         • 2.000 concurrent users.
         • 20.000 requests per second.
         • 45 Gb/s of guaranteed bandwidth.

         The services provided will be offered with the aforementioned availability except for the fringes established for the maintenance windows.

      2. Continuity. ODS undertakes to restore the service to the service levels offered, before the materialization of a serious contingency within a period not exceeding 8 hours from the time of the incident.

      3. Capacity. ODS is committed to managing the capacity of the services provided to the SUBSCRIBER according to their needs. In any case, the increase in resources for the provision of the service will always be subject to the express authorization of the SUBSCRIBER.

         In order to guarantee adequate levels of service, the SUBSCRIBER must inform ODS of possible peaks related to the use of resources derived from its business activity. Said notification must be made at least 48 hours in advance.

      4. Incident management and service requests. The provision of the service may be subject to incidents that may compromise the maintenance of adequate levels of service. In this sense and to try that these incidents impact as little as possible in the provision of the service, criteria of prioritization of incidents are established that allow to offer correct response and resolution times. These prioritization criteria are included in 3 types: Petitions, Normal Incidents and Critical Incidents:

         • Requests: Support requests of a normal nature not related to the continuity of the service.
         • Normal: Incidents that do not imply the total stoppage of the service or that do not compromise the security of the service in any of its parameters but that may affect a specific user or domain/subdomain.
         • Critical: Incidents that imply the total detention of the service or that may compromise the safety of the service.

         Regarding the response and resolution times, the following service levels have been established:

         Homework	Response time	Resolution time
         Requests	24 hours	1 week
         Normal incident	8 hours	48 hours
         Critical incident	2 hours	24 hours

         The Customer Service Center (CAU) will be available at the following support hours: From Monday to Friday (non-holidays) from 8:00 a.m. to 6:00 p.m. (GMT+1 Hour - London).

   2. System Maintenance. ODS can:

      (a) Disconnect the Service for scheduled maintenance that provides THE SUBSCRIBER with written programming (although this scheduled maintenance time will not count as System Availability)

      (b) All updates to the system will be notified in advance to the email address provided by THE SUBSCRIBER.

   3. Monitoring of the service. All the tasks described in SECTION 1 (DESCRIPTION OF THE SERVICE) of this agreement will have monitoring that allows real-time monitoring of the degree of compliance with service levels. THE SUBSCRIBER may Access through his control panel all the information of the use of the last month´s service.

   4. Definition of system availability.

      (a) Percentage of minutes per month. "System availability" means the percentage of minutes in a month when the key components of the Service are operational.

      (b) Not included in”System Availability". "System availability" will not include any minute of downtime resulting from any of the following circumstances:

      • 1. Scheduled maintenance.
      • 2. Events due to force majeure.
      • 3. Malicious attacks on the system.
      • 4. Problems associated with THE SUBSCIRBER, computing devices, local área networks or Internet service provider connections.
      • 5. Inability to provide services due to the acts or omissions of THE SUBSCRIBER.

6. DATA PROTECTION – RELATIONSHIP AS MANAGERS OF THE TREATMENT – EUROPEAN REGULATION (Eu) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF APRIL 27, 2016.

   • Data Controller: SUBSCRIBER
   • Processor: ODS

   1. Obligations of the Processor (art. 25 and ss. GDPR).

      The Processor and all his staff is obliged to:

      1. Use personal data that may have access according to the purpose of the assignment and in no case may use it for other purposes that has not been authorized by the Data Controller.

      2. Treat the personal data that may be accessed under the instructions of the Data Controller. If the Data Controller considers that any of the instructions infringes the GDPR or any other provision in terms of data protection, the Manager will immediately inform the Responsible.

      3. In accordance with art. 30 GDPR, to keep, in writing, a record of all the categories of treatment activities carried out on behalf of the Responsible, which contains:

         • Name and contact information of the Manager or person in charge and of each Responsible person on behalf of which the Manager and, where appropriate, the representative of the Responsible or Manager and the Delegate of Data Protection.
         • The categories of treatments carried out on behalf of each Responsible party.
         • Where applicable, the transfer of personal data to a third county or international organization, including the identification of said third country or international organization and, in the case of the transfers indicated in art 49 paragraph 1, Second paragraph of the GDPR, the documentation of adequate guarantees.
         • A general description of the appropriate technical and organizational safety measures that you are applying.

      4. Not to communicate the data to third parties unless it has the express authorization of the Data Controller in the Treatment in the legally admissible cases. The Manager can communicate the data to other people in charge of the treatment of the same Person in Charge of the Treatment in accordance with the instructions of the Responsible, in this case the Responsible will identify in advance and in writing the entity to which the data and the measures of security to apply.

         If the Manager must transfer to a third country or to an international organization by virtue of the law of the Union or of the states in which it is applicable, it will inform the Responsible of that legal requirement in advance unless that right prohibits it for important reasons of public interest.

      5. The Processor and all its personnel must keep secret the data they may access in the exercise of their functions, with which, all of them must maintain confidentiality and comply with the necessary security measures.

      6. The Processor must guarantee the training of personnel who may have access to the personal data of the Data Controller.

      7. When the affected persons exercise the rights of access, rectification, deletion and opposition, limitation of the treatment and portability of data before the Processor, the latter must communicate it by email to the address indicated by the Responsible. The communication must be made immediately and in no case beyond the working day following the reception of the request, together with, where appropriate, other information that may be relevant to resolve the request.

      8. Subcontracting. The Processor cannot subcontract any of the services that form part of the subject of these conditions, which involve the processing of personal data, except for the auxiliary services necessary for the normal functioning of the Services of the Manager.

         If it is necessary to subcontract any treatment, this fact must be previously communicated in writing to the Responsible Party, thirty days in advance, indicating the treatments that are intended to be subcontracted and clearly and unambiguously identifying the subcontractor company. The subcontracting can be carried out if the person in charge does not show his opposition within the established term.

         The subcontractor, who will also have the status of Processor, is also obliged to comply with the obligations established in this document for the Person in Charge of the Treatment and the instructions issued by the Responsible Party. It is the responsibility of the initial manager to regulate the new relationship so that the new manager is subject to the same conditions (instructions, obligations, security measures ...) and with the same formal requirements as he, in relation to the appropriate treatment of personal data and the guarantee of the rights of the people affected. In the case of non-compliance by the sub-manager, the initial Manager will continue to be fully responsible to the Processor in relation to compliance with the obligations.

      9. Notifications of data security violations (art. 33 GDPR).

         The Processor will notify the Data Controller, without undue delay, through the email address indicated by the person responsible, and in any case before the maximum period of 72 hours, the breaches of the security of the personal data to your position of which you have knowledge, together with all the relevant information for the documentation and communication of the incident. Notification will not be necessary when it is unlikely that such a breach of security constitutes a risk to the rights and freedoms of natural persons.

         The communication must be done in a clear and simple language and must contain:

         • Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and approximate number of personal data records affected.
         • The name and contact information of the Data Protection Delegate or other point of contact where more information can be obtained.
         • Description of the posible consequiences of the violation of the security of personal data.
         • Description of the measures adopted or proposed to remedy the violation of the security of personal data, including if aplicable the measures adopted to mitigate the posible negative effects.

         Likewise, the Treatment Manager, at the request of the Responsible, will communicate in the shortest possible time the data security breaches to the interested parties, when it is probable that the violation supposes a high risk for the rights and the liberties of the physical persons. The communication must be done in a clear and simple language and must include the elements indicated in each case by the Responsible Party and at least those included in this section.

      10. If applicable, the Processor undertakes to provide support to the Responsible Party in carrying out impact evaluations related to data protection, as well as to carry out prior consultations with the Control Authority when appropriate.

      11. The Processor shall have at the disposal of the Responsible Person all the necessary information to demonstrate the fulfillment of its functions, as well as to carry out audits or inspections that the Responsible Party or others authorized by him may do.

      12. In all cases, appropriate measures must be implemented to guarantee the security of the information processed to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and treatment services.

      13. In case the Processor designates a Delegate for Data Protection, he must communicate his identity and contact information to the Responsible.

      14. The Processor must return to the Data Controller the data of a personal nature and, if applicable, the supports where they appear once the provision of the services has been completed. The return must involve the total erasure of the existing data of the computer equipment used by the person in charge. However, the Warden may keep a copy with the data duly recorded as long as responsibilities for the execution of the provision of services can be derived.

   2. Obligations of the Data Controller (art. 25 and ss. of the GDPR).

      It corresponds to the Data Controller:

      1. Provide to the Processor the necessary data so that he can provide the service.

      2. Ensure, prior to and throughout the treatment, compliance with the GDPR by the person in charge.

      3. Supervise the treatment.

   3. Liability and non-compliance. In case the Processor fails to comply with the stipulations of this contract, assigning, communicating or using the data for another purpose, he will be considered responsible for the use of the data, responding to the File Manager, those affected or interested and the Agency Spanish Data Protection of breach of them and infractions that would have incurred personally.

7. STATISTICAL INFORMATION. ODS may anonymously collect statistical information related to the performance of the Service in order to improve its performance, only if such information does not identify the data as THE SUBSCRIBER or otherwise includes the name of THE SUBSCRIBER.

8. INTELLECTUAL AND INDUSTRIAL PROPERTY.

   1. Property. The programs (software Secure Access CLOUD) covered by this agreement, the original reproductions of the same, any partial or total copy, the legal rights of copy, patent, trademarks, trade secrets, and any other intellectual right or industrial property, belong only to ODS.

      ODS will maintain the property including all documentation, modifications, improvements, updates, derived words and all other intellectual property rights related to the Service, including the name of ODS and logos and trademarks reproduced through the Service.

   2. No transfer of intellectual property rights. In no case, the contracting of the service supposes a total or partial cession of the aforementioned rights to THE SUBSCRIBER nor to its users who could have Access on their behalf.

9. OBLIGATIONS OF THE SUBSCRIBER.

   1. Hardware obligations. THE SUBSCRIBER will be responsible for:

      (a) Obtain and maintain all computer hardware, software and communications equipment necessary to Access the Service internally.

      (b) Pay all third-party Access charges incurred during the use of the service.

   2. Utilization of services. THE SUBSCRIBER shall:

      (a) Comply with all national and international laws and regulations applicable to the use of the Service.

      (b) Use the Service solely for the purposes set forth in this Agreement.

10. RESTRICTED USERS. THE SUBSCRIBER cannot perform the following behaviors:

    1. Upload or distribute any file that contains viruses, corrupted files or any other similar software or program that may damage the operation of the Service.

    2. Modify, disassemble, decompile or reverse engineer the service.

    3. Probe, scan, test the vulnerability or bypass any mechanism of security used by the sites, servers or networks connected to the service.

    4. Perform any action that imposes an excessive or disproportionate burden on the sites, servers or networks connected to the Service.

    5. Copy or reproduce the Service.

    6. Access or use other customer data or their users through the Service.

    7. Maliciously reduce or impair the accessibility of the Service.

    8. Use the service to publish, promote or transmit any illegal, harassing, defamatory, abusive, threatening, harmful, hateful or objectionable material.

    9. Transmit or send any material that could incite others to carry out conduct constituting moral damage or cause civil liability.

11. OBLIGATIONS OF CONFIDENTIALITY. Both ODS and THE SUBSCRIBER undertake not to disclose the confidential information concerning the other party that they have knowledge of due to the execution of the Agreement and to keep it secret, even after the end of it.

    Both parties agree to take the necessary measures regarding their staff and even third parties who may have access to said information, in order to guarantee the confidentiality object of this clause.

12. START OF EFFICAY OF THIS AGREEMENT. The beginning of the effectiveness of this Agreement will take place at the moment of the formalization of the subscription of the Secure Access CLOUD software as a service.

13. TERMINATION.

    1. Conditions for the termination of the Agreement. In case of request for cancellation of the service before the end of the contracted period, THE SUBSCRIBER may cancel his account and terminate this agreement by performing the necessary action in the control panel of his account.

       The SUBSCRIBER may continue to use Secure Access CLOUD for the period he has contracted. ODS will not reimburse THE SUBSCRIBER for any subscription fees paid prior to the effective cancellation date.

       In the event that ODS wishes to terminate this agreement for any reason, it will give THE SUBSCRIBER a minimum of 30 days notice.

    2. Termination for lack of payment. In case of default by the SUBSCRIBER, his subscription will be canceled and the service will be discontinued immediately and without prior notice. In addition, ODS reserves the right to collect any amounts pending payment through an external collection management company.

    3. Data recovery. THE SUBSCRIBER will have 30 days from the date of termination to recover any information that THE SUBSCRIBER wishes to keep.

14. COMPENSATION.

    1. Compensation for lack of service. ODS (as indemnifying party) will indemnify THE SUBSCRIBER (as indemnified party) by 200% for the days of service that the system is not operational.

    2. Requirements for compensation.

       ODS will indemnify THE SUBSCRIBER only if the following circumstances occur:

       1. The use of the Services by THE SUBSCRIBER complies with this agreement.

       2. The inoperability of the service was not caused by THE SUBSCRIBER modifying or altering it.

       3. The inoperability was not caused by THE SUBSCRIBER combining the Services with products not provided by ODS.

       4. The inoperativeness of the service has not been a cause of force majeure.

       5. The inoperativeness has not been due to causes beyond ODS.

15. RESPONSABILITY.

    ODS will not be responsible for the misuse that can be made of the use of Secure Access CLOUD during any of the contracted modalities. Therefore, THE SUBSCRIBER and all its registered users that include it depending on the modality of contracted use of the Secure Access CLOUD software as a service, will be responsible for any misuse that is beyond the scope of use permitted or out of the activity object of use of Secure Access CLOUD and that may harm ODS or third parties.

    THE SUBSCRIBER of any of the modalities of use of the Secure Access CLOUD software as a service will be responsible for any infringement and filtering of the rights and content of Intellectual and Industrial Property.

    ODS is not responsible for any partial or total damages, direct or indirect that may suffer the SUBSCRIBER, USERS with access or THIRD PARTIES during or after the use of the Secure Access CLOUD software as a service.

    In the event of failure or system crash that would cause the SUBSCRIBER and/or USERS with access to be unable to access the Secure Access CLOUD license, ODS will not be responsible for any damages or losses that may be suffered by the SUBSCRIBER and/or USERS who may suffer from not being able to access their computer systems and equipment. However, ODS will be obligated to provide support as stipulated in this Agreement.

    * Use of double factor tools:

    The Secure Access CLOUD software as a service can be complemented with the use of double-factor tools. Secure Access CLOUD has its own Secure Access 2FA double factor tool that you can download THE SUBSCRIBER in the Android and iPhone stores Secure Access 2FA. Terms and Conditions of Secure Access 2FA App.

    If THE SUBSCRIBER uses double factor tools other tan ODS, THE SUBSCRIBER shall decide on the use thereof under his/her full responsibility. Therefore, these double factor tools may have different prices, conditions of use and privacy policies of which ODS is completely foreign. ODS will not be responsible for partial or total, direct or indirect damages that the double factor tool outside of ODS could cause THE SUBSCRIBER, the USERS with access or third parties during or after the use of the Secure Access CLOUD software as a service.

16. GENERAL PROVISIONS.

    1. Efficiency of the agreement.

       This Agreement fulfills the following conditions:

       1. Represent the final expression of the intention of the parties in relation to the object of this agreement.

       2. Contain all the terms agreed upon by the parties in relation to the object.

    2. Modifications. ODS may modify this Agreement for the use of Secure Access CLOUD software as a service. Any modification of this Agreement will be previously notified to the SUBSCRIBER with 30 days notice. If the prior notification cannot be made, the modifications will take effect 30 days after its publication for the existing SUBSCRIBER.

    3. Assignment. Neither party may assign this agreement or any of its rights or obligations without the written consent of the other party.

    4. Method of notification. The parties will communicate with each other by means of email addresses and telephone numbers that have been provided to each other.

    5. Applicable law. This Agreement will be governed, interpreted and applied in accordance with Spanish laws.

    6. Force majeure. Neither party shall be liable for any performance delays or non-compliance due to causes beyond its reasonable control, except for payment obligations.

17. DEFINITIONS.

    1. Subscriber: user who registers to use the Secure Access CLOUD software as a service and who accepts the present terms and conditions of use of the service that constitute the contract between the parties.

    2. Users: numbers of users with access chosen by the SUBSCRIBER in their organization, to use the Secure Access CLOUD software as a service.

    3. The Entity: organization, corporation, company, society, governmental authority, company, association to which the SUBSCRIBER represents.

    4. Privacy Policy: policy on data protection that ODS makes of the personal data that may be collected through this website and/or the dashboard of the application. You can access it in the links available for it.

    5. Legal Notice: information on this website based on the Law of Services of the Information Society and Electronic Commerce (LSSICE).

    6. Cookies Policy: information about the cookies used by this website.

    7. Data Protection: policy on data protection as data processors in the case of Access to personal data of the subscriber (responsible for processing).

    8. Intellectual and Industrial Property: In general terms, rights that correspond to its creators on their Works and inventions including computer programs and:

       • Brands and designs of the service, including all requests and registrations.
       • Copyright in general.
       • Business secrets and confidential information.
       • Patents, applications and registrations.
       • Websites and domain name registrations.
       • Trademarks, interests, formats, graphic designs and images documents and texts including applications and records. 

    9. Commercial Secrets and Confidential Information: all confidential information that the parties cannot disclose to third parties without express authorization.

    10. Service Level: description of availability of the Secure Access CLOUD.

    11. Free Trial During 1 Month: license to use the Secure Access CLOUD for 1 month that is not subject to payment.

    12. Subscription of Payment for Use of Secure Access CLOUD: license to use the Secure Access CLOUD service subject to payment conditions.

    13. TB (terabyte): is a unit of computer capacity measurement, whose symbol is TB, and is equivalent to 1.000 GBs (gigabyte).

    14. Control Panel of the Account: control panel of the SUBSCRIBER that allows you to manage the mode of use of the software as a Secure Access CLOUD, service, number of users with access, payment methods and cancellation of the service.

    15. Double Factor Tools: tool used to authenticate the identity of users with access, consisting of an additional layer of security to the process of starting the session.

    16. Business day: excluding Saturdays, Sundays and holidays nationwide (Spain)

    17. Data: means all the data that THE SUBSCRIBER creates with or uses with the Service, or that are related to the use of the Services.

    18. Applicable Law: means applicable regulations in the interpretation of this Agreement.

    19. Availability of the system: it is defined in section 5.4 of this Agreement.

18. ENTERPRISE SERVICE.

    1. Enterprise support services.

       The Enterprise Services Support Services ("Enterprise Support") entitle THE SUBSCRIBER to the following:

       1. Telephone or electronic assistance to assist the Client in locating and correcting problems with the Secure Access CLOUD 24x7 Software - 365 days a year.

       2. Correction of errors and code corrections to correct malfunctions of the Secure Access CLOUD Software in order to place the Service in accordance with the operating specifications.

       3. All extensions, improvements and other changes that the Company makes or adds to the Secure Access CLOUD Service and that the Company offers, free of charge, to all other Subscribers of the Service.

    2. Compensation.

       1. Compensation for lack of service. ODS (as indemnifying party) will indemnify THE SUBSCRIBER (as indemnified party) by 200% for the days of service that the system is not operational.

       2. Requirements for compensation.

          ODS will indemnify THE SUBSCRIBER only if the following circumstances occur:

          1. The use of the Services by THE SUBSCRIBER complies with this agreement.

          2. The inoperability of the service was not caused by THE SUBSCRIBER modifying or altering it.

          3. The inoperability was not caused by THE SUBSCRIBER combining the Services with products not provided by ODS.

          4. The inoperativeness of the makeservice has not been a cause of force majeure.

          5. The inoperativeness has not been due to causes beyond ODS.

    3. Acces to Support services.

       THE SUBSCRIBER may register up to two profiles (admin and superadmin) with access to the service support services.

    4. Response and resolution objectives.

       1. Gravity 1: the production system/application is down, seriously affected and currently there is no reasonable solution.

          Upon confirmation of receipt, the Company will begin to work continuously on the problem, and a client's resource should be available at any time to help with the determination of the problem. Once the problem is reproducible or once we have identified the defect in the Software, the Company's support will provide a reasonable effort for the solution or solution within 24 hours.

       2. Gravity 2: the system or application is seriously affected. The problem is not critical and does not meet the conditions of Gravity 1. Currently there is no solution available or the solution is complicated to use. The Company will work during normal business hours to provide a reasonable effort for the solution or solution within 7 business days, once the problem is reproducible.

       3. Gravity 3: the system or the application is moderately affected. The problem is not critical, and the system has not failed. The problem has been identified and does not hinder normal operation, or the situation can be temporarily avoided using an available solution. The Company will work during normal business hours to provide a reasonable effort for the solution or solution within 10 business days, once the problem is reproducible.

       4. Gravity 4: petitions related to non-critical problems.

          The Company will seek during normal business hours to provide a solution in future versions of the Service.

Last modification: 04-04-2023