Terms and conditions about GDPR Asistent

GENERAL CONDITIONS FOR THE USE OF A SOFTWARE PRODUCT „GDPR ASSISTANT“

I. PARTIES UNDER THE AGREEMENT

    1. The present General conditions describe in details all rights and obligations, related to the use of the software product „GDPR ASSISTANT“ and shall appear an integral part of the executed agreement between the developer „APIS EUROPE“ AD (hereinafter referred to as APIS) and the USER for grant of non-exclusive and temporary right of use of the product.
    2. By using the software product, the USER shall accept all rules and conditions, regulated in the agreement for grant of non-exclusive and temporary right of use of „GDPR ASSISTANT“ and the present General conditions.

II. SUBJECT OF THE GENERAL CONDITIONS

    1. Against payment of the subscription price, determined by the agreement between the parties APIS shall provide the USER with the non-exclusive and non-transferable right of use of the web-based software product „GDPR ASSISTANT “ (hereinafter referred to as the PRODUCT) under the form of a software as a service (SaaS).
    2. The purpose of the PRODUCT is to assist the USER in introducing and implementing the requirements of the General data protection regulation (GDPR), the keeping of the related documentation and the observing of the principle of reporting.
    3. The PRODUCT does not appear legal or expert advice and it is not in conformity with the particular needs of the USER, nor can it replace the specialized consultation by a qualified lawyer, jurist or other competent specialistAPISshall not be liable for incidental and consequential losses of the USER, occurred as a result of non-adherence to this rule.
    4. The term of use of the PRODUCT shall be 12 months, except if the agreement between the parties provides otherwise. Upon payment of the subscription price the term of use shall be extended for a new 12-month period, resp. another term, agreed between the parties.
    5. The right of use of the PRODUCT включва shall include one basic license, which shall provide the following rights to the USER:
      • To register up to three users of the PRODUCT, authorized by it, as at least one of them shall have administrative rights and shall allocate the roles of the other users;
      • To enter in „GDPR ASSISTANT “ information and documents for one organization or company, which appears controller and/or processor of personal data.
    6. Upon order of the USER and against additional subscription fee,APIS shall provide one or more additional licenses as follows:
      • License for keeping information of next organization or company;
      • License for registration of users in addition to the three ones, included to the basic license.
    7. The PRODUCT shall be accessible through Internet and shall be offered under the principle „as it stands“, upon observing the conditions and provisions of the present General conditions and the Agreement between the parties.
    8. For the purposes of execution and implementation of the agreement for use of the PRODUCT and for activating the access to it, the USER shall provide to APIS and shall hereby agree to be processed the following data of it:

      10.1. Name of the organization or company, resp. the names of the person, when theUSER is a natural person;

      10.2. UIC, resp. PIN of the USER;

      10.3. Given name and family name and valid e-mail of a person with administrative rights, authorized by the USER;

      10.4. When it is requested by APIS – user name, by which the person, authorized by the USERwith administrative rights shall identify itself upon entry in the PRODUCT.

    9. APIS does not process any data of the USER except those under the previous i. 10. APIS hereby declares that the personal data under i. 10 shall be processed only for the purposes of the execution and implementation of this agreement and for the term of its validity.
    10. The activation of the access to the PRODUCT shall be made by the person, authorized from the USER with administrative rights through :

      12.1.An User name, specified by the USER and a password provided by APIS which the authorized person has to change upon first entry, or

      12.2.Activation link, received by e-mail, sent from APIS on the e-mail of the authorized person.

    11. After activation of the access, the person authorized by the USER with administrative rights may register the other users of the PRODUCT in accordance with the paid licenses and may determine their roles (administrator, editor or observer).
    12. The access to the PRODUCT shall be realized through browser from the site https://gdpr.apis.bg after signing in with a user name and password from the registered users.

III. INTELLECTUAL PROPERTY RIGHTS OVER THE PRODUCT

    1. The developer „APIS EUROPE“ AD holds all intellectual property rights over the contents and software of the PRODUCT, including but not only, names, trademarks, forms of documents, design and etc.
    2. Except if otherwise provided in the Copyright and neighboring rights act, the USER shall have no right to amend, adapt, translate or in other way create derivatives of the PRODUCT, nor shall have the right to transfer or cede completely or partially to another person the use of right, granted to it under i. 3.

IV. RIGHTS AND OBLIGATIONS OF THE USER

    1. The USER shall have the right :

      17.1. to use the PRODUCT within the frameworks of the granted basic license, as he shall register up to 3 /three/ users, пat least one of which shall have full rights to administer the access and to determine the roles of the other users;

      17.2. to enter information in the PRODUCT within the frameworks of the granted basic license for one organization, appearing controller or processor of personal data;

      17.3. to register in the PRODUCT additional users and organizations– controllers and/or processors of personal data, according to the conditions of the granted additional licenses to it;

      17.4. to upload in the PRODUCT documents in any type of file formats, incl. audio- and video files as the maximum admissible size of each particular document (file), which can be uploaded shall be 10 MB;

      17.5. To use up to 1 GB space in the storage, provided by APIS for entering data and attaching files for each individual organization–controller and/or processor of personal data, for which he has obtained basic and the respective number of additional licenses;

      17.6. to require from APIS at any time from the validity of the contract to be provided with additional space in the storage against payment of a charge according to the valid price list of APIS.

    2. The USER shall have the following obligations:

      18.1. to use the PRODUCT only in accordance with its purpose, specified in i. 4 of the present General conditions;

      18.2. not to upload in the PRODUCT which is forbidden by or in violation of the requirements of the Bulgarian legislation, the EU law or an international treaty, under which Republic of Bulgaria is a party. APIS shall not be liable towards the USER or third parties for the information, uploaded by the USER.

      18.3. To take the necessary preventive measures for non-admission of unauthorized access to the PRODUCT from third parties ;

      18.4.To notify APIS in written, by e-mail, as follows:

      • In case of failure of the PRODUCT – to the latest within 3 /three/ days following the ascertainment of the failure;
      • In case of change of the authorized person with administrator’s rights, and/or in case of change in his е-mail address – within 7 /seven/ дdays after the change has happened;
      • Immediately – in case he ascertains or is in doubt that there is an unauthorized access to the data and documents, uploaded by it in the PRODUCT.

 

V. RIGHTS AND OBLIGATIONS OF APIS

    1. Within the frameworks of the subscription period, APIS:

      19.1. shall update the models of documents, contained in the PRODUCT, in accordance with the amendments in the normative acts and the case law on implementation of the General data protection regulation (GDPR);

      19.2. Shall make upon its discretion new or additional functionalities in the PRODUCT;

      19.3.Shall provide the USER with all new versions of the PRODUCT for free and with no need of any further actions.

    2. APIS shall be obliged to :

      20.1. To keep the PRODUCT in good repair under 24/7 regime, as it shall provide the USER with non-interrupted access and opportunity to upload data and documents at an annual accessibility equal to 99% ;

      20.2.To render assistance upon use of the PRODUCT and to render technical assistance to the USER (help desk) by answers to questions, registration and settling incidents in working days within 9:00 a.m. to 18:00 p.m.;

      20.3. to remove failure in the operation of the software product to the latest within 3 /three/ working days following receipt of a written notification from the USER;

      20.4. To conduct training of the person with administrative rights, authorized by the USER against additional payment.

VI. PRIVACY AND PROTECTION OF THE USER’S INFORMATION

    1. The information, uploaded by the USER in the PRODUCT shall be exclusively owned by the USER.
    2. APIS and the USER shall hereby agree that it is possible this information to contain personal data or data of confidential nature.
    3. APIS shall be obliged to store the information of the USER in accordance with the requirements of the Bulgarian and European legislation for storage of confidential information and information, containing personal data.
    4. APIS shall ensure the privacy and confidentiality of the information uploaded by the USER through adequate security measures :

      24.1. Access to the information shall have only the persons, authorized by the USER USER and registered by it as users of the PRODUCT, through passwords with enhanced requirements as regards their degree of complexity ;

      24.2.The transfer of data between the browser of the USER and the software product shall be made through encrypted bidirectional connection, protected through Hypertext Transfer Protocol Secure (HTTPS) protocol;

      24.3. The information, uploaded by the USER in the data base of the PRODUCT shall be stored in encrypted form in the Microsoft Azure cloud, which provides maximum protection of the data in accordance with the requirements of the European and international standards for cloud services [1].

    5. The USER shall hereby agree that the access to the PRODUCT shall be made on the basis of the user name and password, known only to the persons, authorized by it and that the responsibility for keeping secret the user name and the password shall be on it. APIS shall not be liable, if through a fault of the USER is realized unauthorized access to the information, uploaded by it in the PRODUCT.
    6. Upon termination of the agreement, APIS shall be obliged to:

      26.1. to provide to the users, authorized by the USER access only for reading of the information, uploaded in the PRODUCT, for a period of 1 /one/ month as of the date of termination of the agreement.

      26.2. Within 7 /seven/ day term from receiving a written request from the USER to provide it with the information, uploaded in the PRODUCT in the following file formats:

      • The data, uploaded in the registers of the PRODUCT – in XLSX-files, which can be used with the program product Microsoft Excel;
      • The files, uploaded in the PRODUCT – in the same file format, in which they have been uploaded.

      26.3. To delete permanently the information, uploaded from the USER in the PRODUCT after expiration of 3 months as of the date of termination of the agreement.

      26.4.To observe the obligation to ensure the privacy and confidentiality of the information under i.24, uploaded by the USER, until it is completely deleted.

VII. OTHER PROVISIONS

    1. The present general conditions are published on the site https://gdpr.apis.bg together with all their amendments, which appear an integral part of them.
    2. APIS shall have the right to amend these general conditions at any time as it shall be obliged to notify the USER for the amendment by a message in the PRODUCT.
    3. If it does not agree with the changes in the present General conditions, the USER shall be obliged to notify APIS in written within 5-day term as from the message under i. 28. In this case in the relations between the parties shall apply the General conditions, which have been effective as of the date of execution of the agreement, resp. the last ones adopted by the USER, except if the changes in the General conditions are as a result of amendments in the legislation. In case the USERdoes not sent notification to APIS within the term under first sentence and continues using the PRODUCT after the notification under i. 28, it shall be deemed that it shall agree with the amendment.
    4. For the issues, not settled in the present General conditions and the agreement, executed between the parties, shall apply the provisions of the effective Bulgarian legislation.
    5. All disputes, which would arise in relation to the interpretation or implementation of the present General conditions and the agreement, executed between the parties, shall be settled from the parties through negotiations for reaching of agreement, and when this appears impossible, the dispute shall be addressed to the competent Bulgarian court under the Civil procedure code.

15.03.2018

 

[1] Microsoft is the first large international corporation, which yet in 2015 implemented and certifies itself under the international standard ISO/IEC 27018:2014, including a set of rules for good practices in the field of processing of personal data from the suppliers of cloud services (see the message on this occasion on the site of the Commission for the personal data protection - https://www.cpdp.bg/?p=element&aid=1130). More about information for the security of the cloud service Azure на Microsoft is published on this site : https://azure.microsoft.com/en-us/overview/trusted-cloud/ .