Log in Free trial See it live
In EnglishAuf DeutschEn Français
ENG
In English Auf Deutsch En Français

Last updated: 25.11.2025

Invendor Terms of Service 

These Invendor Terms of Service form a binding agreement between you, or the entity you represent, on the one hand as the Client, and Invendor on the other hand as the Service Provider. Please read these Terms carefully before subscribing to or using any Services. These terms become binding either upon express acceptance or indirect acceptance by commencing the use of the Services.

  1. Definitions and Interpretation
    • The following capitalised terms and acronyms shall have the meanings assigned to them below, unless the context requires otherwise:
      • Account means the central means of access to the Platform;
      • Affiliate means an entity that is (a) directly or indirectly owning or controlling a Party; (b) under the same direct or indirect ownership or control as a Party; or (c) directly or indirectly controlled by a Party; for so long as such ownership or control lasts. Ownership or control shall exist through direct or indirect ownership of fifty per cent (50%) or more of the nominal value of the issued equity share capital or of fifty per cent (50%) or more of the shares entitling the holders to vote for the election of the members of the board of directors or persons performing similar functions;
      • Applicable Laws means all local, state, national, and international laws, regulations, and treaties that apply to the Parties. This includes, without limitation, all forms of statutes, regulations, judgments, injunctions, orders, and decrees, as well as any governmental authorizations, licenses, and permits;
      • Business Day means any day which is not Saturday, Sunday or a public holiday in Estonia;
      • Client means the entity identified in the Service Plan that is purchasing Services from the Service Provider;
      • Client Data means all data, information, and materials provided, disclosed, or submitted by or on behalf of the Client to the Service Provider in connection with these Terms. This includes, but is not limited to, personal data, confidential business information, customer details, technical data, and any other information provided by the Client for the purpose of enabling the Service Provider to perform its obligations under these Terms or as otherwise agreed upon by the Parties;
      • Confidential Information means the data and documentation related to the businesses and clients of the Party and its Affiliates, including know-how and all other specifications, trade secrets, technical information, software, models, designs, business information, unpatented technology, research information, statistical information and analyses, information on methods, processes and facilities related either to any software or business activities of any of the Parties. For the avoidance of doubt, client information shall be deemed to be confidential. However, information that was in the possession of the disclosing Party without an obligation of confidentiality, before its disclosure and information that is generally available to the public shall not be deemed confidential;
      • Control means the direct or indirect ownership of more than 50% of the share capital of a company or more than 50% of the voting power;
      • Documentation means manuals, user guides, technical documentation, and any other relevant material related to the Services provided by the Service Provider to the Client;
      • Effective Date means the date these Terms become binding on the Parties;
      • Facility means an entity authorized by the Client to use the Platform with limited access rights;
      • Fees means the service or other fees payable by the Client in consideration for the Services;
      • Force Majeure Event means unforeseeable circumstances which the Party, who has violated the obligation, is unable to control and the prevention of which by the same cannot be expected proceeding from the principle of reasonableness. Force majeure events include but are not limited to severe acts of nature, war, riot, acts of terrorism, the activities of public authorities (e.g. the state, local government) and other circumstances independent of the parties (e.g. strike, the general failure of the computer system, failure of communications lines or power failure, denial-of-service attack);
      • GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) as well as other applicable data protection laws;
      • Intellectual Property Rights or IPR means all intellectual and industrial property rights and similar rights of whatever nature anywhere in the world whether currently existing or coming into existence in the future, whether recorded or registered in any manner or otherwise, including (but not limited to) any copyrights and related rights, industrial design rights and other design rights, registered designs, patents, utility models, inventions (whether or not patentable), trademarks, service marks, database and software rights, rights to layout-designs of integrated circuits, trade secrets, know-how, confidential information, business names, trade names, brand names, domain names and all other legal rights anywhere in the world protecting such property including, where applicable, all renewals, extensions and applications for registration, the right to apply for registration, and the right to sue for damages for past and then-current infringement in respect of any of the same;
      • Service Plan means the document which details the specific subscription terms for the Client, including the selected subscription cycle (monthly or annual), fees, and payment terms. Subscription cycle options may differ between product types. If no custom Service Plan is agreed in writing, the currently valid Invendor Price List & Service Plan shall serve as the applicable Service Plan;
      • Party or Parties means the Client and the Service Provider separately or together;
      • Personal Data means any information relating to an identified or identifiable natural person defined in the GDPR;
      • Platform means the software system, web app and/or smart device app, provided by the Service Provider to the Client;
      • Service Levels means the target performance levels applicable to the Services and any other service levels provided in ANNEX 1;
      • Service Provider means the entity identified in the Service Plan that is providing Services to the Client;
      • Services means all services provided by the Service Provider to the Client under these Terms, including making the Platform available to the Client. The exact scope of services is agreed upon in the Service Plan and may be amended from time to time with subsequent orders or by other means;
      • Term means the period during which time these Terms are binding on the Parties;
      • Terms means the Invendor Terms of Service contained herein as well as the Service Plan, any annexes attached hereto or thereto, the Documentation, and other information relating to the Services made available to the Client by the Service Provider from time to time;
      • User means any individual using the Platform under the authorization of the Client, including the individuals authorized by the Facilities;
    • In these Terms, the following rules of interpretation apply:
      • references to words “include” or “including” (or any similar term) are not to be construed as implying any limitation and general words introduced by the word “other” (or any similar term) shall not be given a restrictive meaning because they are preceded or followed by words indicating a particular class of acts, matters or things;
      • references to “hereby”, “herein”, “hereof”, “hereunder” or any similar expression shall refer to the Agreement as a whole and not to any particular provision thereof;
      • except where the context specifically requires otherwise, words importing one gender shall be treated as importing any gender, words importing the singular shall be treated as importing the plural and vice versa, and words importing the whole shall be treated as including a reference to any part thereof;
      • references to “form reproducible in writing” include electronic mail (including pdf);
      • references to “persons” or “individuals” include private individuals, legal entities, unincorporated associations and partnerships and any other organisations, whether or not they have separate legal personality;
      • the section and paragraph headings used in this Agreement are inserted for ease of reference only and shall not in any way affect or define the construction, meaning, or scope of any of the provisions thereof;
      • any reference to a section, paragraph, or an Annex means a reference to a section, paragraph, or an Annex of this Agreement;
      • the Annexes form an integral part of this Agreement and shall have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes its Annexes.
  1. Structure and Order of Precedence
    • In the event of any discrepancy between any of the provisions of an annex and of the main body of the Terms, the provisions in the main body of the Terms shall prevail. This does not apply to the Data Processing Agreement and its provisions, which shall prevail in case of conflict with any provision of these Terms.
  2. Access To and the Use of the Platform
    • Subject to the Parties having agreed on Platform access rights in an Service Plan or otherwise, payment of all applicable fees, and the limitations and restrictions contained herein, the Service Provider grants the Client a non-exclusive, non-transferable, sub-licensable subscription right to access and use the Platform and the Documentation for the Term. The Client may use the Platform to access its functions with accounts (the administrative Account and User accounts). The Client acknowledges that subscription terms, including billing cycle and renewal period, are defined in the Service Plan and may vary depending on the selected product (e.g., monthly for Storeroom App; monthly or annual for Capture and Gravity Cabinets).
    • For Clients with a sublicensable access right to the Platform (according to the Service Plan or otherwise), the Client may create Facility Accounts with administrative rights. By adding Facility Accounts, the Client sublicenses the subscription right to the Facility, whereas the administrative Account holder of the Facility may use the Platform and Users of the Facility are authorised to access the Platform subject to User rights. To change the subscription details, e.g. amending the number of Facilities included in the subscription or the number of services, the Client must submit a request to the Service Provider for changing the subscription. The Client assumes all responsibility of actions taken by the Facility, including Users authorized by the Facility.
    • To access and use the Services, the Client shall have the right to an Account with administrative control. The Service Provider shall create such an Account for the Client and disclose the credentials to the Client. The Client shall retain ultimate administrative control over their Account for the Term.
    • The Client shall have the right to create, designate, and terminate User accounts (and Facility Accounts, if applicable) via the Account with administrative control. Users shall be permitted to access the Platform subject to User rights assigned to them, e.g. only via the app and with a limited functionality. The Client agrees and acknowledges that they approve all creation, designation, and termination of User accounts (and Facility Accounts, if applicable).
    • The Client is responsible for all its activity within the Platform. The Client assumes responsibility of all Users it authorizes to use the Platform. The Client will promptly notify the Service Provider if the Client becomes aware of any unauthorised use of, or access to, the Platform.
    • The Client shall use the Platform only in accordance with these Terms and Applicable Laws. Unless expressly otherwise agreed upon between the Parties, the Client shall not:
      • modify, copy, enhance, improve, alter, reverse engineer, decompile, disassemble, deconstruct, translate, decrypt, reverse compile or convert into human readable form the Platform or any part thereof, except to the extent permitted by Applicable Laws;
      • work around any technical limitations of the Platform or restrictions in the Documentation;
      • remove, deface, cover or otherwise obscure any proprietary rights notice or identification from the Platform or Documentation (including without limitation any copyright notice);
      • authorize or permit any third party to engage in the aforementioned activities.
      • use the Platform in any way that is or may be unlawful, illegal, fraudulent, harmful or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity;
      • transmit malware to the Platform or use the Platform maliciously;
      • significantly increase the workload of the Services above what is reasonably expected from the Client;
      • use the Platform in any other way that is reasonably likely to result in damage to the Service Provider or another client.
    • The Service Provider may improve, alter, enhance, or add additional features to the Platform. However, the Service Provider agrees to maintain and not restrict the base functionality of the Platform. The Client agrees that its continued usage of the Platform constitutes a binding acceptance of the altered Platform and that it is not bound by the description and functionalities at the time of subscribing. The Client further agrees that no written or oral statements about future functionalities or developments of the Platform are binding and such information cannot be relied upon.
  3. Intellectual Property Rights
    • All IPR to the Services, including the Platform, its components, any upgrades, additions, corrections, improvements, and any other proprietary software made available by the Service Provider to the Client will at all times remain the sole property of the Service Provider or its licensors. These Terms do not transfer or convey any IPR from the Service Provider to the Client, nor does it grant the Client any rights in or to the Service Provider’s IPR.
    • The Parties acknowledge and agree that the Client and/or the Facilities shall retain sole ownership of all IPR in and to the Client Data. These Terms does not constitute a transfer of any IPR over the Client Data from the Client and/or the Facilities to the Service Provider. The Service Provider is authorized to use the Client Data exclusively for the purpose of rendering the Services as stipulated in these Terms, including maintaining, improving, and making the Platform available. Any such use shall be in compliance with the Terms, the GDPR, and the Service Provider’s privacy policy. The Service Provider acknowledges that it has no right to disclose, replicate, or use the Client Data for any purpose other than as expressly permitted in these Terms.
  4. Availability and Incident Management
    • In accordance with these Terms, the Service Provider commits to maintaining the availability of the Platform and manage incidents according to the Service Level Agreement annexed hereto as ANNEX 1.
    • The Service Provider shall use commercially reasonable efforts to ensure that the Platform is available with the uptime and performance standards specified in ANNEX 1. However, the Service Provider does not warrant uninterrupted or error-free operation of the Platform and does not guarantee that the Platform will be available 24/7, year-round.
    • The Service Provider’s obligations regarding incident management are exhaustively defined in ANNEX 1.
    • The Service Provider agrees to perform any maintenance or support activities for the Platform with reasonable skill and care, in accordance with the terms outlined in the Service Level Agreement.
    • The Service Level Agreement provides the Client’s sole and exhaustive remedies related to availability, incident management, support, and maintenance.
    • The Parties may, from time to time, agree on additional work relating to the Platform based on the Client’s needs and requirements.
  5. Fees
    • The Client shall pay to the Service Provider as consideration for the Services the Fees specified in a Service Plan. The Parties may agree on any additional fees payable by the Client for ancillary services. The pricing may be modular, in which case the Client may upgrade their subscription at any time via the Platform. Any modifications to a Service Plan, inclusive of adjustments to Fees, shall take effect at the commencement of the subsequent billing cycle, whether monthly or annual. For example, Capture and Gravity cabinet software may be subscribed to on either a monthly or annual basis, while the Storeroom App is offered exclusively on a monthly cycle.
    • All Fees are exclusive of ancillary fees and taxes. If VAT or any other taxes are applicable to any Fee, such taxes shall be added to the respective invoice pertaining to the relevant Fee.
    • The Service Provider shall issue invoices to the Client per the sums agreed upon the Service Plan. All invoices shall be sent electronically to the Client’s invoicing address.
    • The Fee shall be deemed to be paid if such Fee is credited to the Service Provider’s bank account indicated on the invoice. The Client shall pay any additional costs required for payment of the Fee, such as bank transfer fees.
    • The payment term is 14 calendar days for each invoice, unless otherwise agreed upon by the Parties. The Client agrees to pay the Service Provider a late payment fee for undue delay of payment. The late payment fee shall be calculated per each day that the Client is in delay, and the daily amount shall constitute 0.06 % of the principal debt.
    • All sums payable under this Agreement shall be paid in euros (EUR) and shall be paid in full without any set-off, counterclaim, deduction or withholding unless required by law or unless the Service Level Agreement requires otherwise.
    • The Service Provider reserves the right to adjust the Fee rates and amend the Terms at its discretion at any time. In the event of such an adjustment, the Service Provider is obligated to provide the Client with a written notice at least 30 days prior to the implementation of the new rates and amended Terms. Should the Client find the revised Fee amount and the amended Terms unacceptable, it retains the right to terminate these Terms by unsubscribing from the Platform via the Account. The Client’s ongoing payment for the Platform after the effective date of the new Fee rates and amended Terms shall be deemed as the Client’s acceptance of the said adjustment and binding on the Client.
  6. Confidentiality
    • The Parties shall maintain and keep confidential and shall not disclose directly or indirectly to any third party the other Party’s Confidential Information and shall prevent the third parties’ access to such information. Either Party shall:
      • use Confidential Information only for performing their obligations under the Terms;
      • treat all Confidential Information as being strictly confidential and implement and maintain all such technical and organizational security measures as may be reasonably available (having regard to technical developments at the time) and as are appropriate in the circumstances to protect Confidential Information against unauthorized or unlawful processing, accidental loss, distribution or damage;
      • not, without the express prior written consent of the disclosing Party, disclose any Confidential Information to any person other than its advisers and members of governing bodies, directors, officers, members, employees, agents, managers, consultants, and individuals required to perform these Terms, and will ensure that all those to whom Confidential Information is disclosed are aware of and observe the Terms in all respects as if they were a party to these Terms;
      • not, without the disclosing Party’s prior written consent, use Confidential Information for its advantage, commercial or otherwise.
    • Notwithstanding the foregoing, disclosure of Confidential Information is not considered a breach of these Terms if the receiving Party is required to disclose it by applicable law or a court of competent jurisdiction, but only to the minimum extent of such requirement.
    • In case of any reasonable doubt, whether the particular information shall be treated as Confidential Information and whether and to what extent it might be disclosed to third parties, the Parties shall consider such information as Confidential Information.
    • The disclosing Party makes no representation or warranty as to the accuracy, completeness or otherwise of Confidential Information supplied, and the receiving Party agrees that it is responsible for making its own evaluation of such information.
    • Upon termination of these Terms, each Party shall erase all the other Party’s Confidential Information from computer and communications systems and devices used by it, including such systems and data storage services provided by third parties (to the extent technically practicable).
    • The confidentiality obligation in this Section 7 shall remain effective for an indefinite term after the termination of the Agreement due to whatever reason.
  7. Indemnification
    • The Service Provider shall defend and indemnify at its own expense the Client against claims and actions that the use of the Services infringes the IPR of a third party (the IPR Claim), provided that the Client notifies the Service Provider without delay, in writing, after becoming aware of such claims, permits the Service Provider to independently defend or settle the claims, gives the Service Provider all reasonably necessary information and assistance available and all necessary authorisations and does not agree to the settlement of any such claim prior to a final judgment thereon, or make any admission in relation to the claim, without the prior written consent of the Service Provider. The Service Provider shall, to the extent possible, endeavour to protect the goodwill and reputation of the Client in connection with such claims. The Service Provider shall, however, not have any liability nor indemnification obligations toward any IPR Claim that results from: (i) the Client’s non-compliance with applicable laws; (ii) Client Data; or (iii) using the Services in breach of these Terms.
    • The Client shall defend and indemnify the Service Provider, its Affiliates, licensors, employees, service providers, and agents from and against any losses, damages, fines, and costs awarded to or claimed by a third party in relation to: (i) the use of the Services excluding IPR Claims; (ii) Client Data; (iii) any hardware, product, software or service of a third party not furnished by the Service Provider; or (iv) non-compliance with international or domestic standards or laws.
    • The indemnified party shall provide: (i) prompt written notice of any claim subject to indemnification under this Section 8 (each, a Claim); (ii) the indemnifying party with sole control over the defence or settlement of such Claim; provided, that the indemnifying party will not settle any Claim or consent to any final judgment with respect to any Claim, without the indemnified party’s prior written consent; and (iii) all reasonable information and assistance to settle or defend any such Claim. The failure of an indemnified party to comply with the foregoing requirements shall not relieve the indemnifying party of its obligations under this Section except to the extent the indemnifying party is prejudiced by such failure.
    • This Section 8 states the entire liability of the Service Provider and the Client’s sole and exclusive remedies for any IPR Claim.
  8. Limitations of Liability
    • Neither Party shall be liable to the other Party for any loss of use, goodwill, revenue, or profits or for any incidental, indirect, special, consequential, or exemplary damages. However, neither Party limits its liability for causing death or personal injury, fraud, and any other act, error, or omission, or type of damages for which liability may not be limited under Applicable Laws.
    • The Service Provider shall not be liable for any errors, unavailability, or malfunctions of the Services that result from actions or omissions not attributable to the Service Provider, including:
      • Force Majeure Events;
      • the fault or failure of computer systems or networks (including fault or failure of the internet or any public telecommunications network, network overload, disturbances or malfunctions);
      • third party integrations or the software or systems that make the Platform available;
      • loss of connection with devices connected to or otherwise communicating with the Platform;
      • loss, alteration, or unauthorised access to the Client Data; or
      • any errors, bugs or any inappropriate functioning or malfunctioning of the Platform which results from any changes or modifications to the Platform made by the Client or any third party acting on behalf of the Client.
    • The Service Provider’s liability for the availability of the Platform shall be defined, governed, and limited by the terms set forth in ANNEX 1. The Parties expressly acknowledge and agree that the Service Level Agreement contains specific provisions related to liabilities, including but not limited to, representations, warranties, remedies, and limitations of liability. In the event of any inconsistencies or conflicts between the Terms and the Service Level Agreement concerning liability, the terms of the Service Level Agreement shall prevail.
    • Without limiting the above, the Service Provider’s liability shall be strictly limited to damages arising directly from its own wilful misconduct. The Service Provider shall not be liable for any acts, errors, or omissions that do not constitute wilful misconduct as defined under Applicable Laws. The Service Provider is also not liable for any damages suffered by third parties.
    • The Service Provider’s liability is limited whether or not the Service Provider has been informed of the possibility of such damages, even if a remedy set forth in the Terms is found to have failed its essential purpose. The Service Provider will have no liability for any failure or delay due to matters beyond the Service Provider’s reasonable control. Subject to Sections 1 and 9.2, the maximum aggregate liability of the Service Provider shall in no event exceed the amount that is equal to the Fees the Client paid to the Service Provider in the course of the previous three months from the occurrence of the event that resulted in the Service Provider’s liability, or if fewer than three months have passed since the Effective Date, 100% of the Fees attributable to the full calendar months that have passed since the Effective Date.
  9. Representations and Warranties
    • The Platform is provided “as is” and, except as expressly set forth in these Terms, without any warranties or representations of any kind, either express or implied. The Service Provider specifically disclaims all implied warranties, including but not limited to warranties of merchantability, non-infringement, and fitness for a particular purpose. Furthermore, the Service Provider makes no warranties or representations regarding the use of the Services, or results obtained or intended to be obtained in the course of using the Services. The Client acknowledges that it has relied on no warranties other than the express warranties in these Terms and that no warranties are made by any of the Service Provider’s agents, employees, or representatives.
    • The Client acknowledges and agrees that, while the Service Provider endeavours to deliver high-quality services, no software service can be guaranteed to be completely free from bugs or errors. Accordingly, the Service Provider does not represent or warrant that the Platform will operate with 100% uptime or be entirely free from bugs and errors. Furthermore, the Service Provider disclaims any warranties regarding the acts and omissions of third-party vendors and hosting partners, including but not limited to their ability to provide the necessary hardware, software, networking, storage, and related technology required to deliver the Platform. The Service Provider’s obligations with respect to service availability and performance are solely as expressly set forth in the Service Level Agreement annexed to these Terms.
  10. Notices and Communications
    • Any notices, requests, or other communications to be given or made under these Terms to a Party shall be directed to the respective designated contact person(s) indicated in the Service Plan or otherwise agreed upon. Each Party is obliged to promptly notify the other of any changes in their designated contact person(s).
    • All documents to be furnished or communications to be given or made under these Terms shall be at least in a form that can be reproduced in writing and in the English language, unless the Parties agree otherwise.
  11. Term and Termination
    • These Terms shall become effective and binding upon the Parties as of the date of acceptance of the Service Plan. Unless the Parties agree otherwise, these Terms are concluded for an initial term of 1 (one) month or 1 (one) year, depending on the selected Service Plan and product type (the Initial Term). These Terms are subject to a renewal period equal to the Initial Term (the Renewal Period), and unless the Parties terminate the Terms or expressly agree otherwise, the Terms will automatically renew for the same Renewal Period.
    • The Client is entitled to terminate these Terms and to unsubscribe from the Platform at their discretion, without the need to provide any reasoning for such termination. Such termination by the Client shall be effective commencing at the start of the subsequent billing cycle following the submission date of the termination notice. Upon the Client’s termination of this Agreement, no refunds shall be issued for any Fees previously paid by the Client for the current billing period during which termination occurs.
    • The Service Provider may terminate these Terms and the Client’s access to the Platform for any reason with immediate effect. If the Service Provider terminates these Terms and the Client’s access to the Platform without any cause, it refunds the Client for the duration of the subscription that remains unused due to the Terms being terminated.
    • Termination of the Terms does not release the Parties from their outstanding obligations arising from the Terms and does not affect the rights or remedies of a Party arising out of breach of the Terms.
    • Termination of these Terms shall, however, not affect the validity of such terms which by their nature survive the termination .
  12. Final Provisions
    • The Terms constitute the entire agreement between the Parties relating to the subject matter hereof, and supersede any previous communications, whether oral or written, between the Parties in respect of the subject matter hereof.
    • The Service Provider is an independent contractor and nothing in the Agreement shall render the Service Provider an agent, affiliate, or broker of the Client and the Service Provider shall not present themselves towards third persons as such.
    • The Client may not transfer or otherwise assign any of their rights or obligations arising from the Terms to a third party without the prior written consent of the Service Provider.
    • The invalidity of any portion of this Agreement shall not render these Terms itself or any other portion hereof invalid. If any provision of the Terms is held invalid or unenforceable, the remaining provisions will remain in full force and effect.
    • These Terms are governed by and construed in accordance with the laws of the Republic of Estonia, except for the conflict of laws rule.
    • All disputes arising from the Terms shall be settled via negotiations. If an amicable settlement cannot be reached, the dispute shall be exclusively settled in accordance with the laws of the Republic of Estonia, in Harju County Court in Tallinn.
    • These Terms are executed in a single electronic copy in the English language.

 

 

 

  • Service Level Agreement

This ANNEX 1 “Service Level Agreement” is an integral part of the provision of services by the Service Provider to the Client in accordance with the main Agreement. The capitalised terms used in this Service Level Agreement shall have the meaning assigned to them in the main Agreement.

  1. Scope and Subject
    • The Service Provider undertakes to provide the Client with the following ancillary services regarding the Services:
      • Availability;
      • Incident Management;
      • Support;
      • Maintenance and Updates.
    • Notwithstanding any other provision of this SLA, the Service Provider’s obligations concerning Availability and Incident Management, and the Client’s corresponding remedies, shall only apply if the Client’s personnel—who are presumed to have a reasonable level of technical proficiency—have first made reasonable attempts to resolve the availability issue or incident using appropriate means available to them (for example, installing software updates, reconnecting devices, or restarting hardware).
    • If the Service Provider provides a designated communication channel, integrated with the Platform interface, for exchanging information pertaining to this SLA, the Client shall use that channel to submit all information regarding availability, support, and incident management. If the Client provides such information through any method other than the designated channel, the Service Provider shall have no obligation to address or resolve those requests.
  2. Availability
    • The Service Provider shall ensure that the Services are available at least 99% of the total time. The Services availability is calculated as the cumulative availability of all requests of the Services, by taking into account successful requests divided by total requests in a calendar month (excluding time spent under maintenance) (the Availability).
  3. Service Credits
    • In the event that the Service Provider fails to meet the Availability, Service Credits will be granted to the Client at the latter’s request.
    • The following sums shall be credited to the Client if the Service Provider fails to meet the following availability criteria (the Service Credits):
      • if below 99% availability – 5% of the monthly fee;
      • if below 95% availability – 10% of the monthly fee;
      • if below 90% availability – 15% of the monthly fee.
    • The Service Credits are not cash refunds but are instead applied to the next month’s invoice issued to the Client for payment of the Fee.
    • To be eligible for Service Credits, the Client must notify the Service Provider of its intent to claim such Service Credits within fifteen (15) days following the end of the calendar month during which the Client first became entitled to the Service Credit. Failure to comply with this notification requirement within the specified timeframe will result in the Client forfeiting the right to receive the Service Credit for that particular incident.
    • This Section 3 states the entire liability of the Service Provider and the Client’s sole and exclusive remedies regarding the Availability.
  4. Maintenance and Scheduled Interruptions
    • The Service Provider shall maintain the Services and its availability during the term of the Agreement.
    • The Service Provider shall maintain the Solution in a cloud. The maintenance costs are borne by the Client as part of the Fee.
    • The Service Provider shall notify the Client in advance of planned interruptions to improve the functionality, add new features, solve errors, or otherwise improve the operation of the Services.
  5. Incident Management
    • The Service Provider provides an incident management service to the Client (the Incident Management), which is differentiated based on incidents occurring within or outside of working time:
Priority Severity Description Response time Rectification of error Time To Resolve Process
09:00-17:00 (EET)
1 Blocking 1) Usage completely blocked for all

2) Major business-critical functions unavailable for all

Examples:

1.     All users are unable to log in to the platform (web and mobile apps).

2.     All users are unable to register transactions in the mobile app.

3.     Cloud server outage affecting all cabinets or apps.

4.     Data loss after 24 hours (anything before 24 hours falls to the “Critical” section).

 4 hours Continuously during support hours until:

The problem is solved or degraded to a lower severity.

 24 hours* Manual
2 Critical 1) Critical function with a major impact on usage (major feature)

2) Completely blocked usage for a moderate number of users

3) Critical error but workaround available

Examples:

1. Access data of users is not updated in the mobile app.

2. Journals is not working.

3. Replenishment orders is not working.

4. Cabinet configuration is not working.

5. In mobile app, camera scanning is not working.

6. Invendor API is down.

 1 business day Continuously during support hours until:

The problem is solved or degraded to a lower severity.

 2 business days Manual
3 Normal (default) 1) Malfunction is minor; not critical: all other features that are not listed as critical

2) Minimal number of users affected and/or not in a significant way

Example:

Web reporting filtering is not working.

 2 business days Continuously during support hours until:

The problem is solved or degraded to a lower severity.

 10 business days Manual
4 Trivial Cosmetic

Examples:

1. Typo in UI.

2. Minor translation inconsistency in the UI.

3. Request to rename a user group or field label.

4. Question about a past log entry, not related to malfunction.

 5 business days The Developer will provide the resolution with the next update, if feasible. n/a Manual
Stand by, on request 24/7/365
1 Blocking 1) Usage completely blocked for all

2) Major business critical functions unavailable for all

 30 minutes Continuously 24/7/365 until degraded to a lower severity. 2 hours Manual

* Resolution timelines are subject to external factors outside the Provider’s control, such as app store or platform review and approval processes. In such cases, resolution may be delayed until the required approval is granted.

  • Optional 24/7/365 Standby Coverage: Standby coverage outside standard support hours (24/7/365) is only available upon prior written agreement. This level of support applies exclusively to Severity 1 (Blocking) issues and may be subject to additional fees, SLA terms, or dedicated response agreements. Unless explicitly agreed, standard support hours and conditions apply.
  • If the Client discovers any errors in the Services, the designated persons of the Client shall inform the Service Provider, providing at least the following information:
    • time of occurrence;
    • detailed description of the error (with pictures), log extract, relevant technical identifiers;
    • description of activities performed immediately prior to the error occurring.
  • The Service Provider shall use all commercially reasonable efforts to respond to the Client’s error reports in accordance with the above response times.
  • In the event that the Service Provider fails to meet the targets outlined in Section 1, the Client shall be entitled to compensation based on the incident severity:
    • Blocking – 20% of the monthly fee;
    • Critical – 15% of the monthly fee;
    • Normal – 10% of the monthly fee;
    • Trivial – no credit.
  • The maximum limit on the compensation that the Client can accrue in a given month is 50%.
  • To claim the compensation, the Client has to submit a notification to the Service Provider, detailing the percentage of compensation the Client is eligible for the calendar month.
  • The compensation for Incident Management is not a cash refund but is instead applied to the next invoice for payment of the Fee issued to the Client.
  • This Section 5 provides the entire liability of the Service Provider and the Client’s sole and exclusive remedies regarding the Incident Management.
  1. Support
    • The Client may require support from the Service Provider from time to time (the Support) such as:
      • manned telephone support;
      • monitored email support;
      • proactive real-time monitoring of the software;
      • remote assistance in the event of system failure;
      • software troubleshooting.
    • Fees for these Support services are detailed in the Service Plan.
  2. Final Provisions
    • The terms and conditions of the main Agreement shall apply to this Service Level Agreement accordingly.
    • In the event of any discrepancy between the provisions of this Service Level Agreement and the main Agreement, the provisions of this Service Level Agreement shall prevail.

Data Processing Agreement

This Data Processing Agreement and its Schedules (the DPA) reflects the Parties’ agreement with respect to the Processing of Personal Data by the Service Provider on behalf of the Client in connection with providing the Services under the Terms between the Parties.

This DPA is supplemental to, and forms an integral part of, the Terms and is effective upon its incorporation into the Terms. The term and expiry of this DPA will follow the term set forth in the Terms. In case of any conflict or inconsistency with the provisions of the Terms, this DPA will take precedence over the provisions of the Terms to the extent of such conflict or inconsistency.

  1. Definitions
    • In this DPA, Data Protection Laws means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data (the GDPR) and any national laws implementing or supplementing the same and any updated, additional, modified or replacement laws, provisions, directives, guidance or regulations thereto even as may be promulgated after the effective date of this DPA.
    • The capitalised terms used in this DPA shall have the meaning given to them in the GDPR or applicable Data Protection Laws. Any other capitalised terms shall have the meaning given to them in the Terms.
  2. Subject Matter
    • The Service Provider provides services to the Client on the basis of the Terms agreed upon between the Parties. The Client (or the Facility, as the case may be) as the Controller hereby authorises The Service Provider as the Processor to process Personal Data in accordance with this DPA and its Schedules.
    • Subject matter of the DPA, type and purpose of the data Processing, types of Personal Data and categories of Data Subjects are described in Schedule 1 to this DPA.
    • This DPA shall, unless otherwise agreed upon by the Parties, apply as long as The Service Provider processes Personal Data on behalf of the Client.
  3. Processing of Data Bound by Instructions
    • The Parties acknowledge that, in relation to this DPA, the Client has provided the Service Provider with the instructions for processing Personal Data as set out in Schedule 1.
    • The Client further acknowledges that no data processing shall occur outside of the scope laid out in Schedule 1, unless required to do so by Union or Member State law to which the Service Provider is subject, in such a case, the Service Provider shall inform the Client of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
  4. Obligations of the Client
    • The Client bears primary responsibility for ensuring that processing activities under this DPA are done in accordance with any Data Protection Laws.
    • The Client is responsible for:
      • providing the Service Provider with the relevant instructions, specified in Schedule 1 of this DPA;
      • maintaining a record of processing under its responsibility;
      • implementing, reviewing and updating either directly or through its service providers’ appropriate technical and organisational measures to ensure adequate level of protection of Personal Data;
      • the transparency and information provided to its customers in its service terms, privacy policies and contracts regarding the details of the services provided by the Service Provider.
  1. Obligations of the Service Provider
    • The Service Provider shall only process Personal Data entrusted by the Client and exclusively in accordance with the Client’s instructions and for the specific purposes described in Schedule 1 of this DPA.
    • Where the Service Provider considers that the Client’s instructions infringe the Data Protection Laws, the Service Provider shall inform the Client without undue delay.
    • The Service Provider is responsible for:
      • ensuring strict confidentiality of the Personal Data and imposing confidentiality obligations, under an appropriate statutory obligation of confidentiality, on all persons authorised to process the Personal Data (employees, consultants, subprocessors, etc.);
      • ensuring that persons acting under its authority only process Personal Data according to instructions from the Client, unless the person is required to do so by Union or Member State law;
      • properly documenting any act of Personal Data Processing carried out when providing the services;
      • ensuring the security of the Personal Data it processes by implementing appropriate technical and organisational measures as required by article 32 of the GDPR or any other applicable Data Protection Laws and taking into account the state of the art, the appropriate standards, the costs of implementation as further described in the Terms in relation to the services performed by the Service Provider and the nature and associated risks of the processing of Personal Data;
      • assisting the Client for the fulfilment of its obligations to respond to data subject requests. For the avoidance of doubt, the Service Provider shall not itself respond to any data subject requests, unless expressly required by applicable law;
      • notifying the Client about any Personal Data Breach in accordance with this DPA.
  1. Engaging Another Processor
    • The Service Provider may engage Subprocessors listed in Schedule 3. The Client gives the authorisation of engaging these Subprocessors. The Service Provider shall inform the Client of any intended changes concerning the addition or replacement of Subprocessors by updating Schedule 3.
    • The Service Provider shall impose on the Subprocessors the same data protection obligations which are set out in this DPA. Where the Subprocessor fails to comply with the data protection obligations set out in this DPA, the Service Provider shall remain fully liable to the Client for compliance with the data protection obligations of the Subprocessor.
    • The Service Provider shall properly verify compliance with the data protection obligations by the engaged Subprocessor on a regular basis.
  2. Transfer of Personal Data
    • Any transfer into a third country (incl. giving access to personal data) either by the Service Provider itself or any Subprocessor is subject to prior written approval, including in electronic form, by the Client. The Client gives the authorisation for third-country transfers to engaged Subprocessors, which are listed in Schedule 3.
    • Where personal data is transferred from the Service Provider located in the European Union (EU) or the European Economic Area (EEA) to a Subprocessor located in a country not recognised by the European Commission as providing an adequate level of protection for personal data, the Client appoints the Service Provider and the Service Provider assures to enter into the EU Standard Contractual Clauses on the Client’s behalf with such Subprocessor based outside of the EEA or the EU. The Client will accede to these Standard Contractual Clauses concluded between the Service Provider and the Subprocessor.
  3. Cooperation and Support Obligations
    • The Service Provider assists the Client with all necessary and economically appropriate means as well as by appropriate TOMs for the fulfilment of the Client’s obligation to respond to requests for exercising the Data Subjects’ rights.
    • Direct communication with the Data Subject in data subject access requests (DSAR) shall only take place with the prior written permission of the Client. The Service Provider shall forward all inquiries related to the Data Subjects’ rights to the Client without undue delay.
  4. Assistance in Ensuring Compliance with the Obligations of the Client
    • The Service Provider is aware that in case of a Personal Data Breach, the Client must notify the Personal Data Breach the supervisory authority and/or the Data Subject without undue delay and, where feasible, not later than 72 hours after having become aware of the Personal Data Breach. In the event of a Personal Data Breach, the Service Provider will support the Client by all necessary and economically reasonable means in performing its notification duties pursuant to Art. 28 (3) (f) GDPR. The Service Provider will inform the Client of any Personal Data Breach as well as suspected cases and provide at least the following information:
      • the nature of the Personal Data Breach including, where possible, the categories and approximate number of Data Subjects concerned and of Personal Data records concerned;
      • the name and contact details of the data protection officer or another contact point, where more information can be obtained;
      • the likely consequences of the Personal Data Breach;
      • the measures taken or proposed to be taken by the Client to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.
  1. Deletion and Return of Personal Data
    • Upon expiration of the services provided under the Terms, or as the case may be, where no further processing is required, The Service Provider shall, at the Client’s choice, either delete, anonymise or return all Personal Data, provided there is no legal obligation to keep records for retention periods set by Schedule 2 to this DPA or any applicable law. In this latter case, The Service Provider shall ensure the confidentiality and security of the Personal Data.
  2. Demonstrating Compliance with the Obligations and Contributing to Audits
    • The Service Provider makes available to the Client all information necessary to demonstrate compliance with the obligations laid down in Art. 28 GDPR.
    • The Service Provider undertakes to assist the Client in accordance with applicable Data Protection Laws on queries by the Client, the Client’s auditors or supervisory authorities for audits or inspections. Such assistance is subject to the audit conditions already provided in the contractual documentation or if these do not already exist, with The Service Provider’s internal audit protocols and procedures. The Service Provider may invoice the Client with all related reasonable costs and expenses.
  3. Further Obligations
    • In the event of suspicion of violations of the data protection obligations or other data breaches or complaints regarding the processing of Personal Data or resulting from inspections or other measures taken by the supervisory authorities, the Client shall be immediately notified.
    • Where required by law, The Service Provider shall appoint in writing a data protection officer according to Art. 37 GDPR and a representative according to Art. 27 GDPR.
  4. Liability
    • Either Party’s liability for one or more breaches of this DPA shall be subject to the limitations and exclusions of liability set forth in the Terms. The relevant Party’s liability for a breach of this DPA shall in no event exceed the liability cap set forth in the Terms, if applicable. Neither Party shall however limit or exclude its liability that cannot be limited or excluded, including under Data Protection Laws.
  5. Indemnity
    • The Client will indemnify, keep indemnified and hold harmless The Service Provider, its clients, officers, directors, employees, agents, representatives, and affiliates (each an Indemnified Party) from and against all third-party loss, harm, cost (including reasonable legal fees and expenses), expense and liability that an Indemnified Party may suffer or incur as a result of the Client’s non-compliance with the requirements of this DPA.
  6. Other Provisions
    • The Parties shall keep confidential all business secrets and data security measures they gain knowledge of in the context of the contractual relationship. Business secrets are all (but not limited to) business-related facts, circumstances and activities which are not generally accessible, but only accessible to a limited group of persons unless The Service Provider has no legitimate interest in non-proliferation. Data security measures are all TOMs taken by one contracting party. This obligation of secrecy remains effective after the termination of this DPA.
    • In the event of contradictions, inconsistencies, or discrepancies between this DPA and the Terms, the provisions of this DPA shall take precedence over the provisions of the Terms. Furthermore, the provisions of the standard contractual clauses/standard data protection clauses shall take precedence, if applicable.
    • Should any of the provisions of this DPA be or become invalid, the remaining provisions shall remain valid and unaffected.
    • Any modification of this DPA, including its termination, must be in a written form.
    • Irrespective of the provisions concerning the duration of the DPA, both Parties shall be entitled to termination upon good cause in the event of serious violations of the data protection provisions laid down in this DPA.

 

Schedule 1. Subject Matter of this DPA

  1. Parties
Party Details
The Client The Client, as defined in the Terms and the Service Plan, is the Data Controller with respect to Client Users.

If the Service Plan enables the Client to establish Facilities, the Client is the Data Processor with respect to Facility Users.
The Facility The Facility, if authorized to use the Platform by the Client, is the Data Controller with respect to Facility Users.
The Service Provider The Service Provider, as defined in the Terms, provides the Services for the Client and is the Processor of Personal Data with respect to Client and Facility Users.
User (i.e. Facility User or Client User) The User, which is the data subject engaged by the Client or the Facility, as the case may be (e.g. employee, independent contractor, consultant) who is assigned a User account to access and use the Platform.
  1. Nature, Purpose, and Subject Matter of Data Processing
Aspect Description
Nature of Processing The Service Provider is providing the Platform, in the course of which it has access to User personal data.
Purpose of Processing Providing the Services to the Client under the Terms.
Subject Matter of Processing Processing includes User personal data for providing the Services, including the Platform, to the Client and involves enabling the Client to manage User account and enable Users to access the Platform and use its features, send and receive requests.
  1. Data Categories
Category of Data Examples
User (both Facility User and Client User) Names, email addresses, access card data, access simplification data (PINs).
  1. Data Subjects
Type of Data Subject Description
User An individual engaged by the Client or Facility and authorized to use the Platform.

 

Schedule 2. Retention Periods

Data Category Retention Period
User data User personal data is retained for the duration the Client has an active subscription or the Facility has access rights. If the Client removes the Facility from its subscription or the Client subscription is terminated, the User data is deleted.

 

Schedule 3. List of Engaged Subprocessors

Subprocessor Location of the processing Type of Service
Microsoft Azure Northern Ireland Hosting the Platform and User data