Download Data processing agreement
The service Fuga Cloud and related services of Fuga Cloud (“Services”) are offered by FUGA B.V. (‘Fuga Cloud’), located in Alkmaar, Netherlands.
The Services include the provision of a Cloud Infrastructure as a Service (IaaS) based on the OpenStack platform. OpenStack is not a product of Fuga Cloud. OpenStack is an open source cloud operating system which is made available by OpenStack.org under the Apache 2.0 license.
The conditions under which Fuga Cloud makes the OpenStack platform and its infrastructure available are listed below.
1.1 The definitions of the Fuga Cloud Terms and Conditions apply to this agreement.
1.2 Application Software:
The application that provides functionality to users, including OpenStack.
1.3 As Is:
The properties of the Hosting and IaaS are not (entirely) described and Customer indicates the characteristics of the Hosting and IaaS are sufficiently known and accepts the Hosting and IaaS as it is offered. Parties exclude their rights to terminate the agreement due to a misconception resulting from incorrect information (in Dutch: ‘dwaling’).
1.5 Confidential Information:
Data and information concerning each other’s organization, clients, procedures, Products (including specifications and other Product documentation), etc. of which parties become aware while working for each other.
1.6 Fuga Cloud IaaS (Infrastructure as a Service):
Providing and maintaining the Infrastructure made available to Customer by Fuga Cloud on the basis of a virtual platform.
1.7 Fuga Cloud SaaS (Software as a Service):
OpenStack made available by Fuga Cloud via Hosting.
A datacenter is a facility where servers can be connected to networks and especially the Internet. Part of the Infrastructure is in one or more Datacenters.
The provision of and access to webspace for the purpose of storing data on the Infrastructure.
1.10 Identification Codes:
Login name, passwords, address and / or other codes.
A report of a deviation from the expected operation of the Services and / or a disruption of the standard operation of the system which has the effect that a User cannot (fully) make use of the system.
The set of information and communications technology services such as software and hardware, including cabling used for data processing.
Maintenance includes providing updates and correcting errors.
Software comprising the Open Source Cloud Operating System under the name OpenStack which can be used by Customer to manage the Infrastructure. OpenStack is made available under the Apache 2.0 license by the OpenStack Foundation via www.openstack.org.
1.15 OpenStack Interface:
The OpenStack API and web interface Horizon which Customer can use to log into online.
The services Fuga Cloud offers consisting of Hosting, Fuga Cloud IaaS and Fuga Cloud SaaS.
1.17 Service Window:
The period in which Incidents and / or errors can be corrected, as agreed by the parties.
1.18 Third Party Infrastructure:
The part of the Infrastructure managed by third parties and / or delivered via Fuga Cloud to Customer and where Fuga Cloud in principle has no control over. Third Party Infrastructure is a Third Party Product.
1.19 Third Party Products:
All products and services provided by Fuga Cloud, the resulting provisions and related activities, which originate from third parties – such as OpenStack – and whose intellectual property rights and other rights are not held by Fuga Cloud.
The people who use services provided by Fuga Cloud.
1.21 Working days:
Normal Dutch working hours (9:00 to 17:30 CET) and days (Monday / Friday) except public holidays.
1.22 All of the above terms and words used in the singular shall have the same meaning as in the plural and vice versa.
1.23 The headings above the articles of the Agreement are only intended to increase the legibility of the Agreement. The content and meaning of an article placed under a particular heading is, therefore, not limited to the meaning and content of the heading.
2.1 Fuga Cloud grants Customer the right for the length of the Agreement to make use of the Infrastructure and OpenStack via Hosting.
2.2 Fuga Cloud aims to make available the latest version of OpenStack. OpenStack is a Third Party Product to which Fuga Cloud makes no modifications. OpenStack is provided ‘As is’.
2.3 Fuga Cloud provides access to OpenStack via the OpenStack Interface.
2.4 To the use of OpenStack the Apache
2.0 license from the Apache Software Foundation applies. The license terms are available on the website: www.apache.org/licenses.
3.1 The Fuga Cloud IaaS is ‘self-service’, which means that Fuga Cloud only provides Fuga OpenStack and Infrastructure. Fuga Cloud IaaS is therefore not a managed hosting solution.
3.2 Customer is responsible for how OpenStack and Fuga Cloud is being used and therefore for the stability of the final configuration of the Infrastructure which is realized by Customer via OpenStack.
3.3 The support of Fuga Cloud consists of answering questions from Users via its online portal as well as through the provision of manuals and tutorials via the website. English is the official language. Fuga Cloud does not give support by telephone.
4. SERVICES GENERAL
4.1 For providing the Services Fuga Cloud only uses approved locations and equipment.
4.2 At the discretion of Fuga Cloud, Fuga Cloud could make available to Customer the possibility to make its own enhancements, additions and / or changes to the Services. If Customer makes use of this possibility, Customer shall be responsible and liable for all the enhancements, additions and / or changes and the resulting consequences.
4.3 Customer must inform itself about using OpenStack. Fuga Cloud is never responsible for loss of data caused by the use of OpenStack by the Customer. The Customer must itself take care of backing up data.
4.4 Customer is required to follow instructions of Fuga Cloud about the use of the Services.
4.5 Fuga Cloud is entitled to view log files and the like for purposes of analyzing the use of the Services. The results of such an analysis will not be made available to third parties (third parties do not include holding or subsidiary organizations of Fuga Cloud). This does not apply to figures and data with regard to the use of the Services, which are not directly traceable to Customer’s use.
4.6 Fuga Cloud ensures the delivery of the Services, to the best of ability and effort. Fuga will on a best effort basis strive to deliver the Services according to the agreed availability percentage in our Service Level Agreement.
4.7 If Fuga Cloud agreed to an availability percentage of its Services, this percentage is measured over a calendar month. The time for Maintenance is not included.
4.8 The availability percentage does not apply in the following situations:
a) During the regular Service Window on Tuesday and Thursday from 0: 01 to 4: 00 AM local Amsterdam time and during unplanned upgrades and Maintenance that cannot be performed during the designated Service Window and of which Customer is informed by Fuga Cloud.
b) in case of Incidents due to force majeure;
c) any problem or malfunction as a result of acts by Customer or User; and
d) The unavailability of (coordinator of) Customer in case Fuga Cloud requests for assistance from the Customer in determining or isolate a problem or malfunction.
4.9 Fuga Cloud reserves the right to change the regular Service Window, provided this is communicated in writing to Customer.
4.10 Fuga Cloud does not warrant among others, that the telephone lines, the Internet and / or other networks will offer optimal access to the Services.
4.11 Fuga Cloud will endeavor to provide all useful and necessary measures to ensure the proper operation and the continuous quality of the Services. Fuga Cloud will strive for, according to the state of the current technology, adequate physical and logical security measures against unauthorized access by third parties to Fuga’s computer and computer programs and / or data stored in the context of the Agreement.
5. CHANGES IN THE SERVICES
5.1 Fuga Cloud is entitled, after notification within a reasonable time and without any fee chargeable to Customer, to make adjustments and / or changes in the Services, such as but not limited to access procedures, altering a Third Party Provider / supplier, location, hardware, software and other facilities necessary for delivering the Services.
5.2 If the changes have a demonstrable and such a large negative change to the operation of Customer’s company and / or the functionality of the Services, Customer may, after providing proof of the deterioration in writing, request Fuga Cloud to offer an alternative. If Fuga Cloud then provides no reasonable alternative, Customer has the right to end the use of the Services without Fuga Cloud being obligated to pay any compensation or refund of sums already paid.
6.1 Fuga Cloud does not control and / or understand the contents of the data traffic from and / or to User. Fuga Cloud acts only as an intermediary. Fuga Cloud makes no warranties regarding the contents of data which include reliability and completeness.
6.2 Customer indemnifies and holds Fuga Cloud harmless for any claim, lawsuit or action by any third party in connection with (the contents of) the data traffic or the information provided by the User.
7. USE OF IDENTIFICATION CODES
7.1 Fuga Cloud will provide Identification Codes solely to Customer for use of the Services. Customer will treat the Identification Codes with care. Customer shall notify Fuga Cloud in case of loss, theft and / or other forms of unauthorized use, so that Fuga Cloud and Customer can take appropriate measures.
7.2 Customer carries all responsibility, liability and costs caused by the use of Identification Codes used and / or distributed by Customer. In no event is Fuga Cloud responsible for the abuse and / or unauthorized use of Identification Codes.
7.3 In case of termination of the Agreement for any reason, Fuga Cloud will immediately cancel all the Identification Codes.
8. CUSTOMER OBLIGATIONS
8.1 Customer should take care to purchase valid licenses for the software he installs.
8.2 If, through the Services personal information and / or other information / data are transported or commercial activities and / or other activities are undertaken through the Services, Customer indemnifies Fuga Cloud from any liability, costs or damages resulting from claims of third parties, in the event that such personal and / or commercial and / or other activities are undertaken in violation of the relevant (privacy) laws and / or other applicable regulations.
9. PERSONAL DATA
9.1 Customer is the Data controller and/or Data processor who determines the purpose and means of the processing of the personal data. The customer is the “responsible” party for the purposes of protection of personal data concerning law and regulations like the GDPR and is therefore responsible for the protection of (personal) data, transmitted or processed and / or processed by Customer using the Services. Customer will comply with all relevant obligations under the GDPR if (personal) data is obtained or processed from European individuals.
9.2 Customer indemnifies Fuga regarding all claims for invasion of privacy.
9.3 Where Customer is authorized, Customer explicitly agrees with the registration of (privacy) information of Users in the privacy registration of Fuga Cloud for administrative and management purposes. The privacy registration will contain, amongst others, Identification Codes and Process-data and will only be accessible for Fuga Cloud. This information will not be provided to third parties unless Fuga is obligated to do so on the basis of a court order.
9.4 Fuga Cloud will be responsible as ‘Data processor’ in terms of the GDPR for the protection of personal data of which the use by Fuga Cloud is necessary for the proper fulfilment of its obligations under the agreement and Fuga Cloud will indemnify Customer against allegations of private individuals for violation of their privacy as a result of an act or failure to act of Fuga Cloud. Fuga Cloud as ‘Data processor’ shall comply with all relevant obligations under the GDPR.
All data stored and/or processing of (personal) data using services of Fuga Cloud will stay the property of the customer and/or Data controller.
9.5 Instructions and processing of personal data
Fuga Cloud can act as a Data processor for personal data for their customers. Except where required to comply with law, Fuga Cloud will process personal data in accordance with the customer’s documented instructions (GDPR Art 28(2)(a)). The use of features and functionalities as part of the services of Fuga Cloud are the customers complete and final instructions to Fuga Cloud in relation to the processing of personal data.
9.6 Security Responsibilities
Fuga Cloud has implemented and maintains appropriate technical and organizational measures for the Fuga Cloud data center facilities, servers, networking equipment and host software systems that are within its control and are used to provide the Fuga Cloud service. Those technical and organizational measures are designed to help Fuga Clouds customers secure personal data against unauthorized processing and accidental or unlawful loss, access or disclosure.
Fuga Cloud works in accordance with ISO 20000, ISO27001 and NEN7510 which are considered to meet the security requirements given the state of the techniques.
9.7 Transfer of personal data to third countries.
Fuga Cloud provides the customer with the ability to choose a region so that customer can use services to store and process its data entirely within the country of that region. For example, when using region EU-West-1, all data will be stored and processed in the Netherlands.
9.8 Use of third-parties or sub-processors
Fuga Cloud as Data processor may use third-parties and will deliver a list of third-parties (sub-processors) to the Data controller upon request.
Fuga Cloud as Data processor will ensure that third-parties comply to the terms-of-use as agreed upon with the Data controller. In case of errors of these third parties, Fuga Cloud is liable for all damage as if it had committed the fault(s) themselves.
9.9 Notification data breach
Data controller is at all times responsible for reporting a vulnerability and/or data breach (which means a breach in the security of personal data that leads to a chance of adverse consequences, or has adverse consequences for the protection of personal data) to the supervisory authority and / or parties involved.
In order to enable the Data controller to comply with this statutory obligation, the Data processor will notify the Data controller of the vulnerability and/or data breach within 48 hours after the leak has become known to him.
The duty to report in any case includes reporting the fact that there has been a leak. In addition, the obligation to report includes:
- the nature of the breach in relation to personal data, where possible with reference to the categories of data subjects and personal data registers concerned and, approximately, the number of data subjects and personal data registers concerned;
- the name and contact details of the data protection officer or any other contact point where more information can be obtained;
- the likely impact of the personal data breach;
- the measures proposed or taken by the Data processor to address the personal data breach, including, where appropriate, measures to mitigate any adverse effects.
9.10 Handling requests of the persons concerned
In the event that a data subject submits a request for the execution of his / her legal rights to the Data processor, the Data processor will forward the request to the Data controller, and the Data controller will further process the request. The Data processor may inform the data subject of this.
10.3. The Data processor (Fuga Cloud) shall cooperate with the audit and all relevant information reasonably relevant to the audit, including supporting data such as system logs, and employees as timely as possible and within a reasonable period of time, whereby a maximum period of two weeks is reasonable unless an urgent interest opposes this. order.
10.4. The findings as a result of the audit carried out will be assessed by the Parties in mutual consultation and, as a result thereof, be implemented by one of the Parties or jointly by both Parties.
10.5. The reasonable costs for the audit are borne by the Data controller, on the understanding that the costs for the third party to be hired will always be borne by the Data controller (or customer).
11. CODE OF CONDUCT
11.1 Customer will make use of the Services and/or other facilities offered in a responsible manner. It is prohibited to use the Services and/or other facilities offered in a manner that will result in:
a) Damage in the system and/or Infrastructure of Fuga Cloud and/or third parties; or
b) Interference with its use.
11.2 Customer will ensure that such damage and/or interference is not the result of misconfiguration on Customer’s part.
11.3 It is not permitted to use the Services for activities that are illegal and/or in violation of the Agreement or the performance or non-performance of any other act that makes hacking possible.
11.4 Fuga Cloud reserves the right, at Fuga Clouds sole discretion, if forced by law or a court order; and/or a third party informs Fuga and/or a suspicion exists that through the Services a violation is made of the rights of a third party; there is a breach of the Agreement and the resulting obligations in question have not been met wholly or partially, to bar access to the Services and/or other facilities offered, to remove the information in question and/or suspend its other obligations until Customer meets its obligations.
11.5 If the actions and/or failure to act of Customer justifies this and/or the actions and/or failure to act of Customer continues regardless of the measures under taken by Fuga Cloud, as set out in clause 11.4, Fuga Cloud will be entitled to terminate the Agreement, without any damage compensation or restitution of monies paid being required.
12. FAIR USAGE
12.1 Customer shall comply with instructions from Fuga Cloud about fair use. If Customer fails to follow the instructions given by Fuga Cloud, Fuga Cloud is entitled through technical means to reduce the load caused by the Customer or in case of a continuous overload to stop the Services to Customer.
12.2 Fuga Cloud shall never be liable for damages of any nature whatsoever by the Client or third parties as a result of the measures taken by Fuga Cloud.
12.3 Fuga Cloud is entitled to adapt the agreed prices for the Services if Customer (Users) regularly exceed the agreed datalimit.
12.4 Fuga Cloud is not responsible for damage in the event of an unexpected temporary or sudden increase in data traffic.
13.1 The Services are provided As Is and without warranty or guarantee.
13.2 Fuga Cloud does not warrant that the Services function without interruption or error or will be suitable for a particular purpose.
14. INCIDENTS AND MAINTENANCE
14.1 In case of an Incident Customer should immediately report the Incident to Fuga Cloud. After reporting the Incident by Customer Fuga Cloud will take the actions that lead or could lead to repair.
14.2 The costs for resolving an Incident shall be borne by the Customer if it appears that the cause of the incident is the result of its improper use of the Services, or any other act or omission contrary to the Agreement.
14.3 Fuga Cloud will inform Customer in advance about planned maintenance on the Fuga Cloud Infrastructure if it leads to problems with regard to accessing the Services or the unavailability of the Services. If possible, notification will be sent five Business Days before the commencement of maintenance. Customer will be notified of the planned work and the expected unavailability.
14.4 If Maintenance is required due to an emergency and this leads to maintenance problems with regard to gaining access to the Services, Fuga Cloud will inform Customer as quickly as possible about the problems and to carry out maintenance as soon as possible.
15. PRICE AND PAYMENT
15.1 All prices are exclusive of VAT and any other levies imposed by the government. The amounts payable will include applicable VAT and other levies possibly imposed by the government.
15.2 Payment for the Services is made only by credit card through an external payment provider. Fuga Cloud stores no credit card information.
15.3 Fuga Cloud charges for the use of the Services on the basis of actual use at the agreed (hourly) rates. Payment is made monthly by means of collection of the amount of the credit card.
15.4 If payment for whatever reason fails, the user is automatically notified that payment has failed. In addition, a new term which indicates when a new payment attempt is made will be set. If the last payment fails, Fuga Cloud will block access to the Services and issue a warning to Customer in which a final payment term will be set. Access to the Services will only be restored if the Customer pays within the payment period stipulated in the warning. If no payment is made, access to the Services will be permanently. In addition, all data and the created instances will be permanently deleted.
15.5 A price increase shall enter into force 50 days after the Customer has been informed of such an increase.
15.6 Should Customer fail to fulfill any payment obligation, Customer is in breach without any further notification of breach being required. Fuga reserves the right to charge all incurred costs to Customer, including judicial and extra-judicial expenses, with regard to the collection of debts from Customer. Extra-judicial collection costs amount to 15% of the debt, with a minimum of € 500 (five hundred euros). In any case Customer will be charged interest on a monthly basis, at the legal percentage rate increased with 3%, on all outstanding debts starting from the date of failure to pay.
15.7 Until full payment has been made Fuga Cloud has the right to suspend all services and obligations to Customer. Customer’s obligation to meet Customer’s commitments remains unchanged.
15.8 Above mentioned stipulations leave all the legal rights of Fuga Cloud unhindered.
16. DELIVERY DATES
16.1 All (delivery) dates which may be named by and may be applicable to Fuga Cloud are determined to the best of Fuga Cloud’s knowledge on the basis of information made known to Fuga Cloud and will be taken into consideration as much as possible.
16.2 (Delivery) dates shall therefore not be considered to be absolute (delivery) dates within which must be delivered, but a time period within which Fuga Cloud shall strive with best efforts to deliver the agreed upon items. If it is not possible to keep to the (delivery) date, then Fuga Cloud and Customer will consult with each other to agree on a substitute (delivery) date.
16.3 Exceeding a given (delivery) date which may be applicable never constitutes an attributable shortcoming by Fuga Cloud. Fuga Cloud does not accept liability under any circumstances in cases where the (delivery) date may be exceeded.
17.1 Fuga Clouds total liability shall be limited, in accordance with clauses 17.2 and 17.3, to compensation for direct damage and to a maximum of the amount of the price actually paid by Customer in the year the damage occurred (excluding VAT) to a maximum of € 100.000,- (hundred thousand), whereby a sequence of events is regarded as one event.
17.2 Fuga Cloud has insured itself against damage. Fuga Cloud is in any case not liable for further damage and will not compensate for any further damage which Customer may suffer on the basis of the agreement entered into with Fuga Cloud, however caused, including possible claims of liability against Customer by third parties, than is covered and actually compensated for by the insurance increased with Fuga Cloud’ deductible (own risk), except in case of malicious intent (opzet) or reckless disregard (bewuste roekeloosheid).
17.3 Fuga Cloud’s total liability for damage resulting from death or physical injury will in no event amount to more than € 1,000,000 (one million euros), whereby a sequence of events is regarded as one event.
17.4 Direct damage is exclusively understood as: a) The reasonable costs made in determining the cause and extent of the damage; b) The reasonable costs incurred in prevention or limitation of the damage, to the degree that Customer can demonstrate that these costs have led to the limitation of the damage.
17.5 Fuga Clouds liability for indirect damage, including consequential damage, loss of profit, loss of savings, mutilated and/or lost data, delays, losses, damage as a result of a failure of Customer to provide the required information or assistance, damage through corporate inactivity and/or claims from third parties against Customer, is expressly rejected.
17.6 With the exception of the cases named in this clause, Fuga Cloud has no liability for damage compensation regardless of what an action towards compensation could be based upon.
17.7 Fuga Clouds liability exists solely when Customer immediately and appropriately notifies Fuga Cloud of the deficiency in writing, proposing therein a reasonable time period for correction of the deficiency and Fuga Cloud then culpably fails to meet the aforesaid obligations. The notification of deficiency ought to be as detailed a description of the deficiency as possible so that Fuga Cloud is able to react adequately.
17.8 The condition for the existence of any right to compensation is always that Customer notifies Fuga Cloud in writing by registered mail within 60 (sixty) days after the damage came into existence and takes the necessary measures to limit the damage as much as possible.
17.9 Customer indemnifies Fuga Cloud from all liability regarding third parties due to allegations as a consequence of deficiency in a product, system or service provided by Customer to third parties that consisted of a delivery made by Fuga Cloud.
17.10 Fuga Cloud does not accept any liability for damage regardless of its nature caused by Third Party Products which Fuga Cloud has delivered to Customer. If possible Fuga Cloud will transfer its rights for damage compensation from the supplier of the Third Party Product in question to Customer.
17.11 Fuga Cloud is not liable for any damage regardless of its nature, which is the result of a failure to provide Support, Maintenance and/or Warranty on time.
18. CONFIDENTIAL INFORMATION AND INTELLECTUAL PROPERTY RIGHTS
18.1 Nothing in this Agreement intends to transfer intellectual property rights of Fuga Cloud to Customer.
18.2 Both Parties agree not to use the Confidential Information of the other party or to disclose it to a third party.
19.1 The Agreement comes into effect when Fuga Cloud has confirmed the order of Customer.
19.2 The Agreement terminates at the moment Customer stops using the Services.
20.1 After the end of the Agreement for any reason, Customer may derive no rights from the Agreement, leaving unhindered the existence of the rights and obligations of both parties which by their nature continue automatically after the conclusion of the Agreement.
21. TERMS AND CONDITIONS
21.1 Purchase conditions or any other conditions used by Customer will not be applicable.
21.2 The Appendices to the Agreement are an integral part of the Agreement. If there is a discrepancy between the Agreement and the Appendices, the Agreement will prevail.
22. APPLICABLE LAW
22.1 This agreement is governed by Dutch law, unless the parties agree otherwise in writing. The parties explicitly agree that the CISG does not apply.
22.2 In case of a dispute, the district court of Amsterdam will be the only competent court.