Agreement of Software as a Service (SaaS)
This Software Agreement for Secure Access CLOUD as a service is performed between the following parties:
ON THE FIRST PART, OPEN DATA SECURITY S.L. (hereinafter, ODS), with CIF B-76.741.222, with registered office at C/ Santiago, Nº 56, 38001, Santa Cruz de Tenerife. Spain, and main business headquarters in C/ San Francisco, Nº 9, 4ºD, 38002, Santa Cruz de Tenerife, Spain.
ON THE SECOND PART, THE SUBSCRIBER that contracts the Secure Access CLOUD software as a service offered through the website https://secureaccess.com/ owned by ODS.
The acceptance of the Present Agreement presupposes:
- That has understood the content.
- That the undersigned has enough legal capacity to sign on behalf of THE ENTITY he represents.
- That assumes all the terms and conditions set forth therein.
- That they have a binding force between the parties, on the one hand, ODS as a supplier of the service, and on the other hand, THE SUBSCRIBER for using the software as a service.
The license for the use of the Secure Access CLOUD software as a service is exclusively addressed to companies, associations and public administrations. Therefore, under no circumstances will ODS provide the service to a final consumer.
This Agreement is based on the following TERMS AND CONDITIONS:
DESCRIPTION OF THE SERVICE. The service provided by ODS to THE SUBSCRIBER and to which this agreement is linked is the use of the Secure Access CLOUD software as a service consisting of a platform to improve the security of corporate web environments published on the Internet. It is an additional layer of security that protects web applications exposed to the Internet isolating them from possible attacks. Secure Access acts as a platform in the cloud of access control between the servers that host these applications and Internet users verifying their identity and permissions before redirecting web traffic. In this way, it is guaranteed that only authorized users can access the applications exposed behind Secure Access CLOUD.
Its technical foundation is based on an authentication proxy hosted in the cloud that forces the final users to go through the process of validating their credentials before accessing the applications registered by the SUBSCRIBER.
The main characteristics of the service are the following:
- Users multi-factor authentication.
- Secure communication through HTTPS protocol.
- Web attack protection thanks to the integrated Firewall (WAF)
- Granular monitoring and control of access.
- Protection against denial of service attacks.
- Generation and automatic renewal of SSL certificates.
- These functionalities are accessible from the administration panel available to users with privileged permissions designated by the SUBSCRIBER.
To increase security in access control, service administrators designated by the SUBSCRIBER will have the possibility to activate a second factor in the process of user identification. Users have the possibility to download the Secure Access CLOUD mobile application (available in Apple App Store and Google Play Store) to make use of this extra security mechanism. The application can be used to generate temporary access codes or to receive authorization notifications and allow user access.
GRANT LICENSE OF ACCESS AND USE OF THE SERVICE. Through this, ODS grants to THE SUBSCRIBER, including all its authorized Users, a license to use the Secure Access CLOUD software as a service.
The subscription of any of the methods for use of the Secure Access CLOUD software as a service will not entitle THE SUBSCRIBER nor its authorized Users to commercialise, license, sublicense, lease, rent, sell, resell, transfer, relinquish, distribute , make available to third parties or in any other way or benefit of the service that has not been authorized in this Agreement.
THE SUBSCRIBER cannot or will not allow its users with access, as well as third parties, to make any modification to the Secure Access CLOUD software, to try to discover the source code, to use reverse engineering or any other type of penetration test, code or measurement audit of security.
THE SUBSCRIBER must ensure that all users who authorize access to use the Secure Access CLOUD software as a servicemust comply with these terms and conditions.
THE SUBSCRIBER is responsible for the use of the Secure Access CLOUD software as a service in accordance with these conditions and will respond directly to ODS for any damage or harm that may be caused or may be caused as a result of the improper use of the service by the staff in charge. It is understood as "misuse" any use of the service that is contrary to these conditions of use of the service, good faith and current regulations.
ODS must be notified in a reliable manner of any irregularity that has been committed, as well as, in the case of access by a third party not authorized to proceed to take the necessary security measures. In case of breach of this obligation by THE SUBSCRIBER, ODS may withdraw the service unilaterally, as well as pass on to THE SUBSCRIBER any damage or injury that may have been caused or may have caused.
The right to use the Secure Access CLOUD license does not imply ownership or any other right. All copyrights and property rights are exclusive to ODS.
Free subscription for one month for use of Secure Access CLOUD. The scope of authorized use of free trial for a month is as follows:
The use of "FREE TRIAL OF Secure Access CLOUD FOR 1 MONTH", may be used only once for 1 month counted from the same day of its activation (date to date). ODS will send during the period of use of "FREE TRIAL OF Secure Access CLOUD FOR 1 MONTH" emails notifying the remaining time, the day of the end of the service, as well as the information and possibility of moving to a payment plan.
The "FREE TRIAL OF Secure Access CLOUD FOR 1 MONTH" will be limited to 1 TB (terabyte) of transfer without limitation of users with access within their organization, in addition to the number of domains and subdomains (web applications) registered.
Payment subscription for use of Secure Access CLOUD. The scope of the authorized use of the payment method for use of Secure Access CLOUD is as follows:
The cost for using Secure Access CLOUD will depend on the number of users you want to add. Both the number of users with access, service cost and payment method will be chosen by the SUBSCRIBER in the control panel of his account.
Any type of subscription chosen by you will have a limit of 1 TB (terabyte) of data transfer per month. The cost per TB (terabyte) extra will be 150€ which will be charged to the bank account provided by the SUBSCRIBER for this purpose.
Any of the modalities of subscription of the license of use includes all the updates of Secure Access CLOUD realized by ODS during the period of subscription.
Price. THE SUBSCRIBER will pay ODS a monthly subscription fee in accordance with the following scheme:
Number of users Price per month Applied price Up to 50 users 5 €/user 1 - 50 users Next 200 users 4 €/user 51 - 250 users Next 250 users 3 €/user 251 - 500 users More than 500 users Personalized Price > 500 users
If you contract one-year a 10% discount is applied, if you contract directly for 2 years a 25% discount will be applied. All discounts are applied on final price.
Each subscription includes 1 TB of bandwidth/month. An extra 150€/TB will be charged if the default bandwidth is consumed.
* The price per month is progressive. This means that we apply discounts per volume the more users you hire. The unit price per user is based on the range in which the user is located.
** If a subscription is contracted for 12 months, it cannot be monthly again, only extended to 24 months.
*** If a subscription is contracted for 24 months, it cannot be monthly or annual again.
Payment. THE SUBSCRIBER will pay the subscription fee to ODS:
In payments by credit or debit card for amounts less than 2.500 euros.
For amounts over 2.500 euros THE SUBSCRIBER should contact ODS through the email address [email protected].
Expiration. Expired month expiration.
Taxes. Payment amounts subscribed under this agreement do not include taxes. THE SUBSCRIBER will pay all taxes applicable in each case:
- If you are a business owner established in the Canary Islands, the transaction is subject to IGIC (7%).
- If you are a business owner established in the Canary Islands and have the status of a ZEC company, the transaction will be exempt from IGIC pursuant to the provisions of article 47 of Law 19/1994. As long as the services are used in the ZEC activity.
- If you are a community/non-community business owner, this transaction is not subject to IGIC article 17, of Law 20/1991. The Budget and invoice will be issued without VAT and without IGIC, the recipient will declare and enter the tax in their place of residence (investment of the taxpayer).
Suspension of service. ODS reserves the right to suspend the service to THE SUBSCRIBER of use of Secure Access CLOUD in any of its contracted modalities in case of:
- Breach of the terms and conditions of this agreement.
- When considers necessary to suspend the service for security reasons that may affect THE SUBSCRIBER of the service.
- Scheduled maintenance work.
- Causes of force majeure.
- Problems associated with computing devices, local area networks or connections of Internet service providers.
- The inability of ODS to provide the service due to the acts and omissions of THE SUBSCRIBER or users with access.
We will get in touch with you before the service is interrupted except in the case that this is not possible (force majeure).
TECHNICAL SUPPORT. Through this, ODS grants to THE SUBSCRIBER, including all its authorized Users, a license to use the Secure Access CLOUD software as a service.
(a) Telephone or electronic assistance during normal business hours to assist THE SUBSCRIBER in locating and correcting problems with the Service and any related software.
(b) The Support system will be available as described in the following section.
Availability. The components of the service destined to each of the tasks will have the following availability associated:
- 99.9% service availability.
- 2.000 concurrent users.
- 20.000 requests per second.
- 45 Gb/s of guaranteed bandwidth.
The services provided will be offered with the aforementioned availability except for the fringes established for the maintenance windows.
Continuity. ODS undertakes to restore the service to the service levels offered, before the materialization of a serious contingency within a period not exceeding 8 hours from the time of the incident.
Capacity. ODS is committed to managing the capacity of the services provided to the SUBSCRIBER according to their needs. In any case, the increase in resources for the provision of the service will always be subject to the express authorization of the SUBSCRIBER.
In order to guarantee adequate levels of service, the SUBSCRIBER must inform ODS of possible peaks related to the use of resources derived from its business activity. Said notification must be made at least 48 hours in advance.
Incident management and service requests. The provision of the service may be subject to incidents that may compromise the maintenance of adequate levels of service. In this sense and to try that these incidents impact as little as possible in the provision of the service, criteria of prioritization of incidents are established that allow to offer correct response and resolution times. These prioritization criteria are included in 3 types: Petitions, Normal Incidents and Critical Incidents:
- Requests: Support requests of a normal nature not related to the continuity of the service.
- Normal: Incidents that do not imply the total stoppage of the service or that do not compromise the security of the service in any of its parameters but that may affect a specific user or domain/subdomain.
- Critical: Incidents that imply the total detention of the service or that may compromise the safety of the service.
Regarding the response and resolution times, the following service levels have been established:
Homework Response time Resolution time Requests 24 hours 1 week Normal incident 8 hours 48 hours Critical incident 2 hours 24 hours
The Customer Service Center (CAU) will be available at the following support hours: From Monday to Friday (non-holidays) from 8:00 a.m. to 6:00 p.m. (GMT+1 Hour - London).
System Maintenance. ODS can:
(a) Disconnect the Service for scheduled maintenance that provides THE SUBSCRIBER with written programming (although this scheduled maintenance time will not count as System Availability)
(b) All updates to the system will be notified in advance to the email address provided by THE SUBSCRIBER.
Monitoring of the service. All the tasks described in SECTION 1 (DESCRIPTION OF THE SERVICE) of this agreement will have monitoring that allows real-time monitoring of the degree of compliance with service levels. THE SUBSCRIBER may Access through his control panel all the information of the use of the last month´s service.
Definition of system availability.
(a) Percentage of minutes per month. "System availability" means the percentage of minutes in a month when the key components of the Service are operational.
(b) Not included in”System Availability". "System availability" will not include any minute of downtime resulting from any of the following circumstances:
- 1. Scheduled maintenance.
- 2. Events due to force majeure.
- 3. Malicious attacks on the system.
- 4. Problems associated with THE SUBSCIRBER, computing devices, local área networks or Internet service provider connections.
- 5. Inability to provide services due to the acts or omissions of THE SUBSCRIBER.
DATA PROTECTION – RELATIONSHIP AS MANAGERS OF THE TREATMENT – EUROPEAN REGULATION (Eu) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF APRIL 27, 2016.
- Data Controller: SUBSCRIBER
- Processor: ODS
Obligations of the Processor (art. 25 and ss. GDPR).
The Processor and all his staff is obliged to:
Use personal data that may have access according to the purpose of the assignment and in no case may use it for other purposes that has not been authorized by the Data Controller.
Treat the personal data that may be accessed under the instructions of the Data Controller. If the Data Controller considers that any of the instructions infringes the GDPR or any other provision in terms of data protection, the Manager will immediately inform the Responsible.
In accordance with art. 30 GDPR, to keep, in writing, a record of all the categories of treatment activities carried out on behalf of the Responsible, which contains:
- Name and contact information of the Manager or person in charge and of each Responsible person on behalf of which the Manager and, where appropriate, the representative of the Responsible or Manager and the Delegate of Data Protection.
- The categories of treatments carried out on behalf of each Responsible party.
- Where applicable, the transfer of personal data to a third county or international organization, including the identification of said third country or international organization and, in the case of the transfers indicated in art 49 paragraph 1, Second paragraph of the GDPR, the documentation of adequate guarantees.
- A general description of the appropriate technical and organizational safety measures that you are applying.
Not to communicate the data to third parties unless it has the express authorization of the Data Controller in the Treatment in the legally admissible cases. The Manager can communicate the data to other people in charge of the treatment of the same Person in Charge of the Treatment in accordance with the instructions of the Responsible, in this case the Responsible will identify in advance and in writing the entity to which the data and the measures of security to apply.
If the Manager must transfer to a third country or to an international organization by virtue of the law of the Union or of the states in which it is applicable, it will inform the Responsible of that legal requirement in advance unless that right prohibits it for important reasons of public interest.
The Processor and all its personnel must keep secret the data they may access in the exercise of their functions, with which, all of them must maintain confidentiality and comply with the necessary security measures.
The Processor must guarantee the training of personnel who may have access to the personal data of the Data Controller.
When the affected persons exercise the rights of access, rectification, deletion and opposition, limitation of the treatment and portability of data before the Processor, the latter must communicate it by email to the address indicated by the Responsible. The communication must be made immediately and in no case beyond the working day following the reception of the request, together with, where appropriate, other information that may be relevant to resolve the request.
Subcontracting. The Processor cannot subcontract any of the services that form part of the subject of these conditions, which involve the processing of personal data, except for the auxiliary services necessary for the normal functioning of the Services of the Manager.
If it is necessary to subcontract any treatment, this fact must be previously communicated in writing to the Responsible Party, thirty days in advance, indicating the treatments that are intended to be subcontracted and clearly and unambiguously identifying the subcontractor company. The subcontracting can be carried out if the person in charge does not show his opposition within the established term.
The subcontractor, who will also have the status of Processor, is also obliged to comply with the obligations established in this document for the Person in Charge of the Treatment and the instructions issued by the Responsible Party. It is the responsibility of the initial manager to regulate the new relationship so that the new manager is subject to the same conditions (instructions, obligations, security measures ...) and with the same formal requirements as he, in relation to the appropriate treatment of personal data and the guarantee of the rights of the people affected. In the case of non-compliance by the sub-manager, the initial Manager will continue to be fully responsible to the Processor in relation to compliance with the obligations.
Notifications of data security violations (art. 33 GDPR).
The Processor will notify the Data Controller, without undue delay, through the email address indicated by the person responsible, and in any case before the maximum period of 72 hours, the breaches of the security of the personal data to your position of which you have knowledge, together with all the relevant information for the documentation and communication of the incident. Notification will not be necessary when it is unlikely that such a breach of security constitutes a risk to the rights and freedoms of natural persons.
The communication must be done in a clear and simple language and must contain:
- Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and approximate number of personal data records affected.
- The name and contact information of the Data Protection Delegate or other point of contact where more information can be obtained.
- Description of the posible consequiences of the violation of the security of personal data.
- Description of the measures adopted or proposed to remedy the violation of the security of personal data, including if aplicable the measures adopted to mitigate the posible negative effects.
Likewise, the Treatment Manager, at the request of the Responsible, will communicate in the shortest possible time the data security breaches to the interested parties, when it is probable that the violation supposes a high risk for the rights and the liberties of the physical persons. The communication must be done in a clear and simple language and must include the elements indicated in each case by the Responsible Party and at least those included in this section.
If applicable, the Processor undertakes to provide support to the Responsible Party in carrying out impact evaluations related to data protection, as well as to carry out prior consultations with the Control Authority when appropriate.
The Processor shall have at the disposal of the Responsible Person all the necessary information to demonstrate the fulfillment of its functions, as well as to carry out audits or inspections that the Responsible Party or others authorized by him may do.
In all cases, appropriate measures must be implemented to guarantee the security of the information processed to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and treatment services.
In case the Processor designates a Delegate for Data Protection, he must communicate his identity and contact information to the Responsible.
The Processor must return to the Data Controller the data of a personal nature and, if applicable, the supports where they appear once the provision of the services has been completed. The return must involve the total erasure of the existing data of the computer equipment used by the person in charge. However, the Warden may keep a copy with the data duly recorded as long as responsibilities for the execution of the provision of services can be derived.
Obligations of the Data Controller (art. 25 and ss. of the GDPR).
It corresponds to the Data Controller:
Provide to the Processor the necessary data so that he can provide the service.
Ensure, prior to and throughout the treatment, compliance with the GDPR by the person in charge.
Supervise the treatment.
Liability and non-compliance. In case the Processor fails to comply with the stipulations of this contract, assigning, communicating or using the data for another purpose, he will be considered responsible for the use of the data, responding to the File Manager, those affected or interested and the Agency Spanish Data Protection of breach of them and infractions that would have incurred personally.
STATISTICAL INFORMATION. ODS may anonymously collect statistical information related to the performance of the Service in order to improve its performance, only if such information does not identify the data as THE SUBSCRIBER or otherwise includes the name of THE SUBSCRIBER.
INTELLECTUAL AND INDUSTRIAL PROPERTY.
Property. The programs (software Secure Access CLOUD) covered by this agreement, the original reproductions of the same, any partial or total copy, the legal rights of copy, patent, trademarks, trade secrets, and any other intellectual right or industrial property, belong only to ODS.
ODS will maintain the property including all documentation, modifications, improvements, updates, derived words and all other intellectual property rights related to the Service, including the name of ODS and logos and trademarks reproduced through the Service.
No transfer of intellectual property rights. In no case, the contracting of the service supposes a total or partial cession of the aforementioned rights to THE SUBSCRIBER nor to its users who could have Access on their behalf.
OBLIGATIONS OF THE SUBSCRIBER.
Hardware obligations. THE SUBSCRIBER will be responsible for:
(a) Obtain and maintain all computer hardware, software and communications equipment necessary to Access the Service internally.
(b) Pay all third-party Access charges incurred during the use of the service.
Utilization of services. THE SUBSCRIBER shall:
(a) Comply with all national and international laws and regulations applicable to the use of the Service.
(b) Use the Service solely for the purposes set forth in this Agreement.
RESTRICTED USERS. THE SUBSCRIBER cannot perform the following behaviors:
Upload or distribute any file that contains viruses, corrupted files or any other similar software or program that may damage the operation of the Service.
Modify, disassemble, decompile or reverse engineer the service.
Probe, scan, test the vulnerability or bypass any mechanism of security used by the sites, servers or networks connected to the service.
Perform any action that imposes an excessive or disproportionate burden on the sites, servers or networks connected to the Service.
Copy or reproduce the Service.
Access or use other customer data or their users through the Service.
Maliciously reduce or impair the accessibility of the Service.
Use the service to publish, promote or transmit any illegal, harassing, defamatory, abusive, threatening, harmful, hateful or objectionable material.
Transmit or send any material that could incite others to carry out conduct constituting moral damage or cause civil liability.
OBLIGATIONS OF CONFIDENTIALITY. Both ODS and THE SUBSCRIBER undertake not to disclose the confidential information concerning the other party that they have knowledge of due to the execution of the Agreement and to keep it secret, even after the end of it.
Both parties agree to take the necessary measures regarding their staff and even third parties who may have access to said information, in order to guarantee the confidentiality object of this clause.
START OF EFFICAY OF THIS AGREEMENT. The beginning of the effectiveness of this Agreement will take place at the moment of the formalization of the subscription of the Secure Access CLOUD software as a service.
Conditions for the termination of the Agreement. In case of request for cancellation of the service before the end of the contracted period, THE SUBSCRIBER may cancel his account and terminate this agreement by performing the necessary action in the control panel of his account.
The SUBSCRIBER may continue to use Secure Access CLOUD for the period he has contracted. ODS will not reimburse THE SUBSCRIBER for any subscription fees paid prior to the effective cancellation date.
In the event that ODS wishes to terminate this agreement for any reason, it will give THE SUBSCRIBER a minimum of 30 days notice.
Termination for lack of payment. In case of default by the SUBSCRIBER, his subscription will be canceled and the service will be discontinued immediately and without prior notice. In addition, ODS reserves the right to collect any amounts pending payment through an external collection management company.
Data recovery. THE SUBSCRIBER will have 30 days from the date of termination to recover any information that THE SUBSCRIBER wishes to keep.
Compensation for lack of service. ODS (as indemnifying party) will indemnify THE SUBSCRIBER (as indemnified party) by 200% for the days of service that the system is not operational.
Requirements for compensation.
ODS will indemnify THE SUBSCRIBER only if the following circumstances occur:
The use of the Services by THE SUBSCRIBER complies with this agreement.
The inoperability of the service was not caused by THE SUBSCRIBER modifying or altering it.
The inoperability was not caused by THE SUBSCRIBER combining the Services with products not provided by ODS.
The inoperativeness of the service has not been a cause of force majeure.
The inoperativeness has not been due to causes beyond ODS.
ODS will not be responsible for the misuse that can be made of the use of Secure Access CLOUD during any of the contracted modalities. Therefore, THE SUBSCRIBER and all its registered users that include it depending on the modality of contracted use of the Secure Access CLOUD software as a service, will be responsible for any misuse that is beyond the scope of use permitted or out of the activity object of use of Secure Access CLOUD and that may harm ODS or third parties.
THE SUBSCRIBER of any of the modalities of use of the Secure Access CLOUD software as a service will be responsible for any infringement and filtering of the rights and content of Intellectual and Industrial Property.
ODS is not responsible for any partial or total damages, direct or indirect that may suffer the SUBSCRIBER, USERS with access or THIRD PARTIES during or after the use of the Secure Access CLOUD software as a service.
In the event of failure or system crash that would cause the SUBSCRIBER and/or USERS with access to be unable to access the Secure Access CLOUD license, ODS will not be responsible for any damages or losses that may be suffered by the SUBSCRIBER and/or USERS who may suffer from not being able to access their computer systems and equipment. However, ODS will be obligated to provide support as stipulated in this Agreement.
* Use of double factor tools:
The Secure Access CLOUD software as a service can be complemented with the use of double-factor tools. Secure Access CLOUD has its own Secure Access 2FA double factor tool that you can download THE SUBSCRIBER in the Android and iPhone stores Secure Access 2FA. Terms and Conditions of Secure Access 2FA App.
If THE SUBSCRIBER uses double factor tools other tan ODS, THE SUBSCRIBER shall decide on the use thereof under his/her full responsibility. Therefore, these double factor tools may have different prices, conditions of use and privacy policies of which ODS is completely foreign. ODS will not be responsible for partial or total, direct or indirect damages that the double factor tool outside of ODS could cause THE SUBSCRIBER, the USERS with access or third parties during or after the use of the Secure Access CLOUD software as a service.
Efficiency of the agreement.
This Agreement fulfills the following conditions:
Represent the final expression of the intention of the parties in relation to the object of this agreement.
Contain all the terms agreed upon by the parties in relation to the object.
Modifications. ODS may modify this Agreement for the use of Secure Access CLOUD software as a service. Any modification of this Agreement will be previously notified to the SUBSCRIBER with 30 days notice. If the prior notification cannot be made, the modifications will take effect 30 days after its publication for the existing SUBSCRIBER.
Assignment. Neither party may assign this agreement or any of its rights or obligations without the written consent of the other party.
Method of notification. The parties will communicate with each other by means of email addresses and telephone numbers that have been provided to each other.
Applicable law. This Agreement will be governed, interpreted and applied in accordance with Spanish laws.
Force majeure. Neither party shall be liable for any performance delays or non-compliance due to causes beyond its reasonable control, except for payment obligations.
Subscriber: user who registers to use the Secure Access CLOUD software as a service and who accepts the present terms and conditions of use of the service that constitute the contract between the parties.
Users: numbers of users with access chosen by the SUBSCRIBER in their organization, to use the Secure Access CLOUD software as a service.
The Entity: organization, corporation, company, society, governmental authority, company, association to which the SUBSCRIBER represents.
Legal Notice: information on this website based on the Law of Services of the Information Society and Electronic Commerce (LSSICE).
Cookies Policy: information about the cookies used by this website.
Data Protection: policy on data protection as data processors in the case of Access to personal data of the subscriber (responsible for processing).
Intellectual and Industrial Property: In general terms, rights that correspond to its creators on their Works and inventions including computer programs and:
- Brands and designs of the service, including all requests and registrations.
- Copyright in general.
- Business secrets and confidential information.
- Patents, applications and registrations.
- Websites and domain name registrations.
- Trademarks, interests, formats, graphic designs and images documents and texts including applications and records.
Commercial Secrets and Confidential Information: all confidential information that the parties cannot disclose to third parties without express authorization.
Service Level: description of availability of the Secure Access CLOUD.
Free Trial During 1 Month: license to use the Secure Access CLOUD for 1 month that is not subject to payment.
Subscription of Payment for Use of Secure Access CLOUD: license to use the Secure Access CLOUD service subject to payment conditions.
TB (terabyte): is a unit of computer capacity measurement, whose symbol is TB, and is equivalent to 1.000 GBs (gigabyte).
Control Panel of the Account: control panel of the SUBSCRIBER that allows you to manage the mode of use of the software as a Secure Access CLOUD, service, number of users with access, payment methods and cancellation of the service.
Double Factor Tools: tool used to authenticate the identity of users with access, consisting of an additional layer of security to the process of starting the session.
Business day: excluding Saturdays, Sundays and holidays nationwide (Spain)
Data: means all the data that THE SUBSCRIBER creates with or uses with the Service, or that are related to the use of the Services.
Applicable Law: means applicable regulations in the interpretation of this Agreement.
Availability of the system: it is defined in section 5.4 of this Agreement.
Enterprise support services.
The Enterprise Services Support Services ("Enterprise Support") entitle THE SUBSCRIBER to the following:
Telephone or electronic assistance to assist the Client in locating and correcting problems with the Secure Access CLOUD 24x7 Software - 365 days a year.
Correction of errors and code corrections to correct malfunctions of the Secure Access CLOUD Software in order to place the Service in accordance with the operating specifications.
All extensions, improvements and other changes that the Company makes or adds to the Secure Access CLOUD Service and that the Company offers, free of charge, to all other Subscribers of the Service.
Requirements for compensation.
ODS will indemnify THE SUBSCRIBER only if the following circumstances occur:
The use of the Services by THE SUBSCRIBER complies with this agreement.
The inoperability of the service was not caused by THE SUBSCRIBER modifying or altering it.
The inoperativeness of the makeservice has not been a cause of force majeure.
The inoperativeness has not been due to causes beyond ODS.
Acces to Support services.
THE SUBSCRIBER may register up to two profiles (admin and superadmin) with access to the service support services.
Response and resolution objectives.
Gravity 1: the production system/application is down, seriously affected and currently there is no reasonable solution.
Upon confirmation of receipt, the Company will begin to work continuously on the problem, and a client's resource should be available at any time to help with the determination of the problem. Once the problem is reproducible or once we have identified the defect in the Software, the Company's support will provide a reasonable effort for the solution or solution within 24 hours.
Gravity 2: the system or application is seriously affected. The problem is not critical and does not meet the conditions of Gravity 1. Currently there is no solution available or the solution is complicated to use. The Company will work during normal business hours to provide a reasonable effort for the solution or solution within 7 business days, once the problem is reproducible.
Gravity 3: the system or the application is moderately affected. The problem is not critical, and the system has not failed. The problem has been identified and does not hinder normal operation, or the situation can be temporarily avoided using an available solution. The Company will work during normal business hours to provide a reasonable effort for the solution or solution within 10 business days, once the problem is reproducible.
Gravity 4: petitions related to non-critical problems.
The Company will seek during normal business hours to provide a solution in future versions of the Service.
In compliance with the duty of information contained in article 10 of Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce, the following data of the owner of this website are reflected below:
- Open Data Security, S.L. (hereinafter, ODS)
- CIF B-76.741.222
- Registered Office: C/ Santiago, Nº 56, 38001, Santa Cruz de Tenerife. Spain.
- Registered in the Mercantile Register of Santa Cruz de Tenerife, Volume 3.513, Folio 171, Sheet TF 59.401.
- Contact e-mail: [email protected]
- ES: 900 838 167
- UK: +44 203 034 0056
- US: +1 347 669 9174
Terms and conditions of use
The access and/or use of this website owned by ODS attributes the condition of USER that accepts from this access and/or use the present General Conditions of Use that regulate the access and the use of this website. The user undertakes not to use the information published on this website for illegal or harmful purposes contrary to those defined in this Legal Notice.
ODS cannot guarantee the inexistence of interruptions or errors in access to this website, despite having taken all necessary technological measures to avoid it.
Intellectual and industrial property
All intellectual property rights of all elements contained in this website, including trademarks, formats, graphic designs and images that make up the template of this website, belong to the developers of the same.
Likewise, the images, documents, texts, as well as other files that the holder of this web can include to configure this page to the activity that plays belong to ODS.
In both cases, they are protected by Spanish and international laws on Intellectual and Industrial Property. It is expressly forbidden the total or partial reproduction of this website and any of its contents without the express written permission of the owners mentioned above. Access to the website does not imply any waiver, transmission, license or assignment of said rights by the same, unless expressly stated otherwise. The USER undertakes to respect the rights of Intellectual Property and Industrial ownership of ODS.
Links to other websites
Modification of the present conditions and duration
ODS, Reserves the right to make any modifications that it deems appropriate in its portal without prior notice, being able to change, suppress or add both the contents and services provided through it and the way in which they appear presented or located in its Web, in accordance with current legislation and guidelines of the Official Bodies in this area.
Legislation and jurisdiction
The legislation applicable to the content of the website will be the Spanish and the jurisdiction, corresponding to the competent Courts and Tribunals in Santa Cruz de Tenerife.
OPEN DATA SECURITY S.L. (hereinafter, ODS) informs users that it has proceeded to adopt all the technical and organizational measures required by current legislation on the Protection of Personal Data and with Regulation (EU) 2016/679 of the European Parliament and of the Board, of April 27, 2016; in order to maintain the security of personal data provided and thus avoid its possible loss, destruction or access by unauthorized personnel.
- Data Controller: OPEN DATA SECURITY S.L.
- CIF: B-76.741.222
- Contact address: C/ San Francisco, Nº 9, 4ºD, 38002, Santa Cruz de Tenerife, Spain.
- Contact e-mail: [email protected]
- ES: 900 838 167
- UK: +44 203 034 0056
- US: +1 347 669 9174
Purpose: The personal data provided to our company ODS through this website, will be used for the following purpose:
- Registration forms: the personal data provided through the registration forms (name, surname, e-mail, telephone number) will be used to manage the subscription, contact and provision of the service for use of Secure Access CLOUD in their different modalities and in ACCORDANCE WITH THE SOFTWARE AS SERVICE (SaaS). Once the registration is made, in the event that THE SUBSCRIBER contract the payment method, the information (bank account or card) necessary for the payment and billing of the service will be requested.
- Management of requests, sending of information and communications about consultations made through forms, telephones and contact email.
- Where appropriate, sending commercial communications about products, services, activities, campaigns and initiatives of a similar nature.
The personal data provided by our users must be adequate, relevant and not excessive in relation to the scope and the specific, explicit and legitimate purposes for which they were obtained.
The USER will be solely responsible for the veracity and accuracy of the data provided. The USER will personally respond to ODS in front of those affected or interested and before the Spanish Agency for Data Protection in the case of providing false data or third parties without their consent.
Likewise, it is reported that the personal data provided in the contact forms must be completed voluntarily with the exception of those data that appear as mandatory. If the mandatory data required is not provided, the management of the request cannot be guaranteed.
The recipient of the service undertakes to notify ODS, the changes that occur in his/her data, so that they respond with truth to the current situation at all times.
(*) If you are a user of the Secure Access 2FA APP owned by ODS, it is informed that through the same, usage data is collected without information identifying the owner.
(*) Treatment of underage data: ODS, will not collect data from minors without the authorization of their father, mother or legal guardian. In the case that a minor completes the contact forms and the authorization is not accredited, the application will be destroyed without addressing its content.
(*) Legitimation: The legal basis for the processing of your personal data is your express consent to request information, as well as the commercial relationship and billing for the contracting of the service for use of Secure Access CLOUD.
(*) Commercial communications: Your consent for the delivery of commercial communications by electronic means (mail) or other means of equivalent communication, which ODS can offer, by checking the corresponding boxes in the contact and registration forms or by request of express consent will be understood.
In the case, if you do not wish to receive information about the products and services that we offer in ODS, you can request your cancellation by sending an email with the indication “UNSUBSCRIBE SENDING COMMERCIAL COMMUNICATIONS” to the following email address: [email protected].
Term of Conservation: Your data will be stored during the following periods:
- Registration forms: during the time that the commercial relationship for the use of Secure Access CLOUD subsists and once it has ended, during the established legal obligations.
- Request for information and commercial communications: until the revocation of your consent.
Recipients: No data will be transferred to other third parties, except legal obligation.
If, in the future, ODS will make other assignments of personal data, it will inform in a timely manner.
With our treatment managers, there is a contract in accordance with current regulations on data protection for compliance with the guarantees of protection of personal data.
The hosting of the servers of this website is within the territory of the European Union. The transfer of data internationally is not contemplated.
Application for the exercise of legally established Rights: In accordance with the current regulations of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, of direct application and mandatory compliance starting on May 25, 2018, all users/interested parties may exercise their rights with the following denomination:
- Access right to have knowledge of the data that is being processed by ODS.
- Right to rectify incomplete or inaccurate data.
- Right of opposition to oppose the processing of data.
- Right of cancellation to cancel or delete personal data.
- Right of portability, the interested party will have the right to receive the personal data that concern him, that has been provided to a data controller, in a structured format, of common use and mechanical Reading, and to transmit them to another controller without preventing in the person responsible to whom it was given.
- Limitation of treatment to limit treatment.
- Limit automated individual decisions so as not to be subject to individualized decisions.
To exercise the above rights, you can send us your request, by means of a document that proves your identity, addressed to the contact address: C/ San Francisco, Nº 9, 4ºD, 38002, Santa Cruz de Tenerife, or to e-mail: [email protected].
ODS must answer the request for the exercise of rights within two months of your request. The term may be extended to two months taking into account the complexity and the number of applications. ODS, will inform the interested party of any such extension within one month of receipt of the request, stating the reasons for the delay. When the interested party submits an application electronically, the information will be provided by electronic means when possible, unless the interested party requests that it be provided by other means.
In the case of not having obtained satisfaction in the exercise of their rights, you can file a claim with the Control Authority: Spanish Agency for Data Protection.
You can revoke your consent at any time by sending an email to: [email protected].
We use social networks such as LinkedIn and Twitter in order to publish information of interest to our users.
In compliance with Law 34/2002, of July 11, on Information Services and Electronic Commerce, this website informs you about the policy of collecting and processing cookies.
What is a cookie?
A cookie is a file that is downloaded to a computer while browsing a certain website. Cookies allow a web site, among other things, to store and retrieve information about the browsing habits of a user or their equipment and, depending on the information they contain and the way they use their equipment, they can be used to recognize to user.
What types of cookies are there?
There are different types of cookies depending on the different criteria
Depending on your ownership:
- Own cookies: those that belong to the entity that manages the domain that provides the requested service.
- Third-party cookies: those that are owned by a third party, different from the entity that manages the domain that provides the service requested by the user, and who will be the one who processes the information collected or those that are treated by a third party.
Depending on the time they remain active in the terminal or device:
- Session cookies: these are cookies that are generated to collect and store browsing data while the user accesses a web site. They remain active until the page is abandoned and the browser is closed, so that by restarting the browser and revisiting the web site, the web site does not recognize the user.
- Permanent cookies: these are cookies that are stored in the terminal equipment and can be accessed during the period of time defined by the entity that manages the cookie. These files will remain in the computer until they are deleted manually, or the browser deletes them according to the established period of the cookie, which can be from a few minutes to several years.
Depending on its purpose:
- Technical cookies: tThese are strictly necessary for the proper functioning of a web page. They are generated when the user accesses or initiates session in the site and they are used to identify it during their navigation in the site and to check if they are authorized to access services or restricted areas of the website.
- Personalization cookies: these are cookies that allow the user to customize some functions or contents of the website according to the characteristics defined in his terminal or by himself when accessing the site.
- Analysis cookies: cookies that allow the person responsible for them to monitor and analyze the user's behavior when they connect to a website. They allow to quantify the number of users and perform statistical analyzes on the use of the site in order to improve the services offered.
- Advertising cookies: these are those that allow managing, in the most efficient way possible, the offer of advertising spaces that are presented on a website based on criteria such as content or the frequency with which the ads appear.
- Behavioral advertising cookies: these are those that allow managing, in the most efficient way possible, the offer of advertising spaces that are presented on a website. These cookies store information on the behavior of users extracted by the continuous observation of their browsing habits. In this way, a navigation profile is developed, and advertising is shown depending on it.
What kind of cookies does this website use?
|secureaccess.com||XSRF-TOKEN||Protection against CSRF (Cross-site request forgery) attacks in which commands not authorized by the user are transmitted.||2 hours|
|secureaccess.com||cookieconsent||Registers the user's action when accepting the cookies policy of our website.||10 years|
|secureaccess.com||locale||Store the user's language preference to view our website.||5 years|
|secureaccess.com||secureaccess_session||Stores a backup of the user session.||2 hours|
|secureaccess.com||__utmt_UA-83915344-2||Google Analytics cookie used to limit the percentage of requests.||10 minutes|
|secureaccess.com||__utmc||Google Analytics cookie that is set to determine if the user is in a new session or visit.||End of session|
|secureaccess.com||_hjIncludedInSample||Hotjar cookie that is used to analyze the user experience.||End of session|
|secureaccess.com||__stripe_sid||Stripe session cookie that is used to identify the user in Stripe.||1 day|
|cloudflare.com||__cfduid||Cloudflare cookie that is set to identify traffic on the web.||1 year|
|stripe.com||cid||Stripe session cookie to measure web traffic.||End of session|
|stripe.com||country||Stores the country of the user who registers a payment in Stripe.||5 years|
|stripe.com||lang||Stores the programming language used to communicate with Stripe.||5 years|
|stripe.com||__stripe_mid||Stripe session cookie that is used to identify the user in Stripe.||1 year|
|stripe.com||__stripe_sid||Stripe session cookie that is used to identify the user in Stripe.||30 minutes|
|stripe.com||__stripe_orig_props||Stripe session cookie to measure web traffic.||1 year|
|stripe.com||_ga||Stripe session cookie to measure web traffic.||2 years|
|stripe.com||_gid||Stripe session cookie to measure web traffic.||1 day|
|hotjar.com||__hssc||Hotjar session analysis cookie.||30 minutes|
|hotjar.com||__hssrc||Hotjar session analysis cookie.||End of session|
|hotjar.com||__hstc||Hotjar's main cookie for tracking visitors.||2 years|
|hotjar.com||hubspotutk||Hotjar analysis cookie that stores the identity of the visitor.||10 years|
|hotjar.com||mp_XXXXXXXXXX_mixpanel||Hotjar analysis cookie for statistical purposes.||1 year|
|hotjar.com||_ga||Hotjar analysis cookie to measure web traffic.||2 years|
|hotjar.com||_gid||Hotjar analysis cookie to measure web traffic.||1 day|
You can allow, block or delete the cookies installed on your computer by configuring the browser options installed on your computer.
In the following links you will get information about the most common browsers:
- For more information on the Chrome browser, click here
- For more information about the Explorer browser, click here
- For more information on the Firefox browser, click here
- For more information on the Safari browser, click here
Last modification: 03-04-2019