of services related to the memoQ technology, provided by memoQ Ltd.
Valid from: October 31, 2019
Click here to download the General Terms of Service in a PDF document
I. PROVIDER DETAILS II. SCOPE OF THE GENERAL TERMS OF SERVICE III. DEFINITIONS IV. METHODS TO ENTER INTO AGREEMENT WITH PROVIDER V. ONLINE memoQ CLOUD SERVER SERVICE VI. memoQ SERVER HOSTING SERVICE VII. NO REVERSE ENGINEERING, DERIVED PRODUCTS, REDISTRIBUTION, REPACKAGING, OR COMPETITION VIII. AVAILABILITY OF SERVICE IX. SUPPORT AND MAINTENANCE SERVICE X. GENERAL HELPDESK RULES XI. NO LICENSE XII. ACCESS AND DELEGATION. ADMINISTRATIVE ACCESS XIII. WARRANTY AND INDEMINIFICATION XIV. SECURITY, DATA INTEGRITY AND BACKUP XV. OWNERSHIP AND PROTECTION OF DATA XVI. PROCESSING AND PROTECTING PERSONAL DATA XVII. TERMINATION; CANCELLING, RESTRICTING, SUSPENDING, AND TRANSFERRING THE SERVICE XVIII. LANGUAGE TERMINAL XIX. MISCELLANEOUS TERMS, LITIGATION, AND JURISDICTION XX. DATA PROCESSING ADDENDUM
I. PROVIDER DETAILS
1. Registered details of provider memoQ Translation Technologies Ltd. registered seat: Mester u. 12, I em. 1., Budapest, 1095 Hungary registry court: Fővárosi Törvényszék Cégbírósága (Company Registry Court of the Court of Budapest) registry number: Cg. 01-10-140071 Tax number: 25429356-2-43 EU VAT ID: HU25429356 contact point: firstname.lastname@example.org website address: https://www.memoq.com (hereinafter referred to as ‘Provider’ or ’memoQ’) 2. Contact details of provider’s customer support Mailing address: Béke sgt. 14., Gyula, 5700 Hungary e-mail address: email@example.com internet: https://www.memoq.com/contact-us support site: https://support.memoq.com business hours: Weekdays 9:00 am to 5:00 pm. For helpdesk hours, see Section 32. 3. Availability of General Terms of Service in force: The General Terms of Service of the Provider as in force are always published on the website of the Provider (https://www.memoq.com/legal/terms-of-service), in a form that can at all times be retrieved, printed, and copied. In addition, in an e-mail sent to the customer support address, Customers may request that Provider send them an electronic copy of the General Terms of Service.
II. SCOPE OF THE GENERAL TERMS OF SERVICE
4. These General Terms of Service apply to the following Services provided by the Provider (hereinafter referred to as Service): a) Online memoQ cloud server service b) memoQ server hosting service c) support and maintenance for subscription services and licensed products (conditions apply) d) Language Terminal (separate terms apply, see Chapter XVIII, Sections 77-87) 5. Parties to the Service Agreement are the Provider and the Customer: These General Terms of Service apply to customers using or purchasing services listed in Paragraph 4. Customer is an individual or an organization that uses services listed in Paragraph 4 as part of, in relation to, or to the direct benefit of their profession, trade, or business activity. 6. These General Terms of Service provide details about the rights and obligations of the Customer and the Provider, pertaining to the Services listed in Paragraph 4.
6. For the purposes of these General Terms of Service, the following terms shall be defined: memoQ server: a software product offered by Provider that provides for collaborative translation by sharing resources and managing translation projects. memoQ server is licensed software, and is usually installed on a server computer owned or at least operated by the Customer and not Provider. A memoQ server may be operated by Provider in two cases: a) if the Customer subscribes to a memoQ cloud server, or b) if the Customer orders hosting services from Provider, so that they do not have to operate their memoQ server in their own infrastructure Composition and changes of version numbers: A downloaded and installed copy of the memoQ product has three version numbers (for example, 9.1.2). In this number: a) 9 is the major version, b) 1 is the minor version c) 2 is the build number. memoQ package: A compressed file to be downloaded from the https://www.memoq.com website that contains the installation files of a memoQ product. Update: A new memoQ package where only the build number increases; the new package contains fixes for problems only. Upgrade: A new memoQ package where the minor or the major version number increases; the new package contains new functionality. Feature release: A new memoQ package where either the minor version number or both the major and minor version number increase. The new memoQ package contains one or more new features (complex groups of new functionalities). Maintenance: The availability to Customer of new versions of the memoQ products that Provider releases during the validity period of the support and maintenance service. Compatible version: A version of the memoQ desktop software that is able to connect a memoQ server of specific version for specific purposes. A project manager’s copy of the memoQ desktop software is a compatible version only if the major version and the minor version is exactly the same as those of the server. Supported version: A version of the memoQ software that receives updates and fixes from memoQ, and that memoQ provides helpdesk services for. If a version is not supported, updates are not issued and helpdesk is not provided for it, even if the user has a valid SMA. Unless expressly stated otherwise, the latest minor version of the two latest major versions are supported. At the time of writing, the two supported versions are 8.7 and 9.1 (memoQ 2015). Down-level version: A version of the memoQ software that is no longer supported through updates, fixes, or helpdesk. Every version that is not a supported version counts as a down-level version. Maintenance window: A time period when a memoQ cloud server or a hosted memoQ server undergoes planned maintenance, upgrade, or update. These activities may cause planned downtime, which shall not count as lack of availability, and shall not be counted against the general availability level of the Service. Business continuity: Infrastructure, processes, and measures that ensure that business is not lost because of the loss of data or functionality, or the malfunction or unavailability of equipment, network, or software.
IV. METHODS TO ENTER INTO AGREEMENT WITH PROVIDER
8. An individual agreement for a Service (hereinafter referred to as a Service Agreement) may be entered into a) as a distance contract, through electronic means, over the website of the Provider, or b) implicitly, by agreement expressed by conduct, or c) between attending Parties, in writing, at the seat or branch office of the Provider. Rules for entering into agreement for specific services are detailed in the corresponding Chapter about each service. In case of services that require advance payment, the agreement is entered into implicitly and automatically, by Customer making payment for a service period. 9. Registration requirement: As a prerequisite of entering into a Service agreement regarding a specific Service, Customer must register at Provider’s website, using their e-mail address. Provider may verify the e-mail address of Customer by sending an activation link in e-mail to Customer. In this case, Customer must activate their registration through this link. In order to enter into a Service Agreement, Provider may require the following details from Customer: a) Name of individual/contact person b) Billing name/name of legal entity c) Billing address d) Password e) Customer’s registration number f) Identification of the court or authority registering Customer g) Tax number or EU VAT ID h) Bank account details i) Billing currency j) Contact e-mail address (which may be different from the registration e-mail address) k) Telephone number To identify Service Agreements, Provider shall assign a serial number, or a unique name, or a unique web address (URL) to each Agreement. The contents of each Service Agreement are available through Provider’s website, under Customer’s account information. 10. Customer represents and warrants that they specify a valid e-mail address that will be reachable and active throughout the term of the Agreement. In the event of a change in contact details, Customer shall promptly notify Provider. Customer acknowledges and accepts that Provider may verify the validity of the contact details with other means. If Customer becomes unreachable through the main contact details for longer than 30 calendar days, Provider may terminate the Agreement and all related services with immediate effect, without refunding any of the service fees. 11. The governing language of these General Terms of Service and the specific Service Agreements is English.
V. ONLINE memoQ CLOUD SERVER SERVICE
12. Definition of Service: The Service agreed herein consists of the following components: 12.1. memoQ cloud server is a Software as a Service solution offerred by Provider (hereinafter referred to as ‘memoQ cloud server’); one running instance of the memoQ server software, owned and operated by Provider, for the benefit and the exclusive use of Customer. 12.2. Network access to the memoQ cloud server: Provider shall allow Customer to access this memoQ server instance from the memoQ desktop program (hereinafter: ‘Desktop Software’), from a Resources API connection, from an optional WS API connection, or from a web browser. The parameters and limitations of the connection are described in Paragraph 14.2. 12.3. The version of the memoQ server software in the Service shall always be the latest release of the memoQ server product. In the event that Provider releases a new version or a new build, the Service shall be upgraded automatically within 1 (one) to 14 (fourteen) days after the public release. In case of delay, Provider shall inform Customer about the reasons and expected upgrade schedule. a) Upgrade is mandatory: Provider cannot keep Customer’s memoQ cloud server software in an earlier version. As a result, Customer or users designated by Customer may be required to upgrade their copies of the memoQ desktop program. Provider shall not guarantee the availability of the memoQ cloud server service from earlier versions of the memoQ desktop program. b) When an upgrade or and update is released, Provider will perform the upgrade during the designated daily maintenance time of the memoQ cloud server. Maintenance times are part of the individual Service Agreement, and can be viewed or changed through Provider’s website, under Customer’s account information. 12.4. Limited functionality. Customer acknowledges and accepts that the memoQ desktop program offers more functionality for project management and server administration than the web-based interface of the Service. Further, Customer also acknowledges and accepts that, compared to a stand-alone licensed (hosted or on-premises) memoQ server, certain parts of functionality may not be available on a memoQ cloud server. 12.5. Desktop software license rental: From the memoQ server instance operated to Customer’s benefit, Customer or users designated by Customer may subscribe to one or more licenses of the project manager edition of the memoQ desktop program, and one or more licenses of the translator pro edition of the memoQ desktop program. a) Provider reserves the right to limit the number of licenses that Customer may subscribe to. Customer may subscribe for (more precisely, rent) a specific number of licenses, for a specific subscription fee. The actual maximum number of licenses depends on the subscription plan, as chosen by Customer. Customer acknowledges that using a higher number of licenses may incur higher subscription fees. License counts and usage information are available to Customer at all times through Provider’s website, under Customer’s account information. b) For each project manager license, Customer may use one or more free web licenses. Provider reserves the right to limit the number of web licenses that are available to Customer overall or per each project manager license. c) Customer shall rent at least one memoQ project manager license as part of the Service. d) The licenses shall remain active as long as the Customer’s agreement is in effect and the Service is not cancelled by either the Customer or the Provider. 12.6. Restriction of the amount of data: The storage used by Customer’s memoQ cloud server shall not exceed 5 (five) gigabytes. A higher storage allowance may be negotiated with Provider. 13. Subscribing to the service. Payment of the service fee: A memoQ cloud server subscription is available at a monthly subscription fee. The monthly subscription fee is available to Customer at all times through Provider’s website, under Customer’s account information. 13.1. One-month trial period a) The first calendar month of the Service – the trial – is free of charge. b) Customer may cancel the Service during the first calendar month at any point without specifying a reason. c) If Customer does not cancel the Service during the first month, Provider shall send notifications requiring payment to change the trial Service into a regular subscription. d) If Customer does not subscribe to the Service until or on the last day of the trial period, Provider will suspend the Service at the end of the trial month. Provider shall maintain the corresponding memoQ cloud server, in a suspended state, for a period of 30 (thirty) calendar days, during which Customer may reactivate the memoQ cloud server by paying the subscription fee for the Service. e) If Customer does not subscribe to the Service until or on the last day of the suspension period, Provider will terminate the Service and erase Customer’s data. After the termination of the trial Service, Customer may not enroll for another trial period. f) Customer may not enroll for a trial month of the Service more than once. The same person or organization using a different e-mail address is considered the same Customer. Circumventing this limitation by using different e-mail addresses shall be considered as a breach of these General Terms of Service and may result in the immediate termination of the subscription, as set forth in Paragraph 75.1. 13.2. Customer may pay the subscription fees for the Service using a credit card. Customer’s account is charged automatically on the first day of each monthly period, on the same day of the month as the subscription was created. If, instead of regular monthly payment, Customer chooses to pay the subscription fees at once for a period of six months or longer, bank transfer or PayPal are also accepted. This shall be agreed and managed between the Customer and the Provider, separately. 13.3. If automatic payment fails, both Customer and Provider are notified by the memoq.com portal. Customer shall have a grace period of 5 (five) calendar days to make the payment manually. Should Customer fail to make the payment manually within such 5-day period, the Service shall be suspended until the payment is confirmed. If the payment is not confirmed after the said 5 days, Provider will keep the Service suspended. Provider shall keep the memoQ cloud server in a suspended state for 30 (thirty) more calendar days, during which the Customer may ask Provider to resume the Service, after confirming payment. When the Service is resumed, Provider shall not charge for the period during which the Service was not active. 14. Access to the service: 14.1. Customer may connect to the memoQ cloud server by one or more of the following means: a) From a compatible version of the memoQ desktop program to the network access point (memoQ server URL) as indicated at Provider’s website, under Customer’s account information. The required licenses for the memoQ desktop program are distributed by the memoQ cloud server. Customer may also use some of their own existing licenses to access the Service. Provider may impose a connection limit, which restricts the number of users connecting to the Service at a time. Users running the memoQ desktop program with a project manager license must always use the current latest version of the memoQ desktop program. b) From a web browser to the network access point of the Service as indicated at Provider’s website, under Customer’s account information. Provider may impose a connection limit, which restricts the number of users connecting to the Service at a time. c) From a custom-made client application using the Web Services Application Programming Interface (WSAPI) of the Service, at a connection point indicated at Provider’s website, under Customer’s account information. To use the WSAPI, Customer must request Provider to add the WSAPI to their subscription plan. The addition will result in a higher subscription fee. Provider needs to enable the WSAPI manually: the WSAPI becomes available within 2 (two) working days from Customer’s request. d) From a custom-made client application or from an extension to a translation tool, using the Resources API on the memoQ cloud server, at a connection point indicated at Provider’s website, under Customer’s account information. The Resources API is subject to the same connection limit as web-based access: the number of client applications connecting at the same time may not exceed five times the project manager licenses rented as part of the subscription. e) Customer may not access the memoQ cloud server by any other means than listed above. 14.2. Network access parameters of the memoQ cloud server: Customer acknowledges that Provider offers the connection to the Service at the technical parameters listed below. If Customer experiences technical difficulties connecting to the Service, they may need to open or otherwise configure their firewall software to allow these connections, or else Customer may need to arrange with their Internet Service Provider (ISP) to allow communication to the ports listed below. Customer also acknowledges that Provider may change the access ports and protocols at any time, without prior notification. Such changes shall be reflected in these General Terms of Service. a) From the memoQ desktop program: secure TCP port 2705. The internet address is available at Provider’s website, under Customer’s account information. b) From a web browser: TCP port 443 (HTTPS). The internet address is available at Provider’s website, under Customer’s account information. c) memoQ server Resources API: secure TCP port 9091. The internet address is available at Provider’s website, under Customer’s account information. d) optional memoQ server WS API: secure TCP port 9091. The internet address is available at Provider’s website, under Customer’s account information.
VI. memoQ SERVER HOSTING SERVICE
15. Definition of Service: A hosted memoQ server is a server computer and the memoQ server software, where Customer’s organization owns the server license and controls memoQ server, but the server computer is operated by Provider. The Service consists of the following components: a) Server computer infrastructure: Provider shall procure and operate the means of infrastructure of running a memoQ server (hereinafter referred to as the ‘Server’). The memoQ server software must be licensed separately by Customer. b) Support and helpdesk: Provider shall monitor the operation of the server, and intervene in the event of a downtime. Provider shall also offer helpdesk service where Customer may request assistance regarding the infrastructure of memoQ server, and request intervention in the event of a malfunction unnoticed or not noticeable by Provider. Response times are described in Section 40. c) Automatic upgrades: If Customer has a valid SMA or a subscription license, Provider will, automatically or at a pre-negotiated time, upgrade the memoQ product on the server to the latest supported version and build. Customer may ask Provider not to upgrade, but in this case, Provider’s liability for damages is largely waived (see Paragraph 46). d) Support and helpdesk for the hosting service is restricted to the server computer and its infrastructure, and keeping the memoQ server service running. With the hosting service alone, Customer may not request support regarding memoQ or memoQ server itself. For support regarding memoQ and memoQ server, Customer must also have a valid SMA, that is, a paid Support and Maintenance service that has not expired. Support and Maintenance are described in Chapter VIII. 16. Access to the hosted Server: Customer may connect to the hosted memoQ server by the following means: a) From a compatible version of the memoQ desktop program to the network access point (memoQ server URL) of the Server, as provided by Provider. The protocol and ports are listed in Paragraph 17. b) From a web browser to the network access point of the Server as provided by Provider. Connection limits may apply: they are determined by the licenses owned by Customer, and are out of the scope of the Service. c) From a custom-made client application using the Web Services Application Programming Interface (WSAPI) of the Server. This is available only if Customer has a license for the WSAPI. d) From a custom-made client application or from an extension to a translation tool, using the Resources API on the Server. Connection limits may apply: they are determined by the licenses owned by Customer, and are out of the scope of the Service. e) Customer may not access the Server by any other means than listed above. 17. Network access parameters of the Server: Customer acknowledges and accepts that Provider offers the connection to the Service at the technical parameters listed below. If Customer experiences technical difficulties connecting to the Service, they may need to open or otherwise configure their firewall software to allow these connections, or else Customer may need to arrange with their Internet Service Provider (ISP) to allow communication to the ports listed below. Customer also acknowledges that Provider may change the access ports and protocols at any time, without prior notification. Such changes shall be reflected in these General Terms of Service. a) From the memoQ desktop program: secure TCP port 2705. Internet address provided by Provider. b) From a web browser: TCP port 443 (HTTPS). Internet address provided by Provider. c) memoQ server Resources API: subject to individual agreement between Customer and Provider. d) optional memoQ server WS API: subject to individual agreement between Customer and Provider.
VII. NO REVERSE ENGINEERING, DERIVED PRODUCTS, REDISTRIBUTION, REPACKAGING, OR COMPETITION
18. Customer may not access the Service in any manner other than the documented user interfaces and application programming interfaces. In particular, Customer may not reverse engineer, disassemble, or invasively probe the Service or the related downloaded software, for any purpose including but not restricted to, sidestepping or overriding connection or license limits, gaining unauthorized or undocumented access to the service, retrieving non-Customer-related data or code, implementing or using undocumented functionality, or gaining business intelligence. 19. Customer may not develop and publicly offer any derived software products without Provider’s express, prior, written consent. This restriction applies to licensed software as well as software offered in the form of a service. Customer acknowledges and accepts that such use is subject to a separate agreement between Customer and Provider, and is not available at the standard service or license fees. 20. Customer may not redistribute or repackage the Service and the related licensed software, neither directly, nor in a derived form, for third parties as a service or software product offered by Customer, except for the purpose of offering an online service to provide language services to end-users. Customer acknowledges and accepts that such use is subject to a separate agreement between Customer and Provider, and is not available at the standard service or license fees. 21. Provider may not be forced to sell Services to competitors: Customer represents and warrants that they are not a direct competitor of Provider, or affiliated with a direct competitor of Provider in any manner. For the purpose of these Terms, a ‘competitor’ is an organization that develops and offers translation productivity technology (except if this activity is restricted to machine translation or business management). ‘Affiliated’ means one of the following: one party owned by the other (either in full or in part); one party controlling another; one party having an employee or contractor who is a board member or executive officer in the other party; parties that have explicit and exclusive partnership agreements. If Provider receives evidence that Customer is, or aims at, providing translation productivity technologies (except for machine translation or business management) to third parties, or is or plans to be affiliated to such an organization, Provider may terminate the Service with immediate effect, without refunding any service fees.
VIII. AVAILABILITY OF SERVICE
22. Provider shall monitor the operation of memoQ cloud servers and hosted memoQ servers, provided that Customer has a valid subscription or otherwise a paid service period. 23. Provider shall guarantee a level of availability, in percent of time, of the Server. The general level of availability is published on the https://www.memoq.com/service-availability page, unless agreed otherwise. The level of availability excludes maintenance windows, which shall not count as lack of availability. (A daily maintenance window is considered as part of the desired operation, and as such, it would not be counted as unavailability. Depending on the server size, daily maintenance typically takes only a couple of minutes.) 24. Compensation: if the availability of service, over a 12-month period, falls under the level guaranteed on Provider’s website, Provider shall refund part of the service fee to Customer. (The availability level is shown at https://www.memoq.com/service-availability.) Refunds are given at the request of Customer, and for months when the downtime exceeds the level allowed by the availability shown on Provider’s website. The refund is proportional to the time when the service was not available. The maximum amount of refund for a month with excessive downtime is 40% (forty percent) of the monthly service fee. No refund will be paid for months when service availability stays above the guaranteed level. 25. Customer acknowledges and accepts that the backup and maintenance processes of the Service may require downtime for the time of the backup, and that this downtime may not be counted as unavailability of the Server, and may not be counted against the availability level defined on Provider’s website. Provider shall conduct security maintenance once a month, which requires up to 2 (two) hours of downtime. This shall not count against the availability level, either. 26. Provider will not be required to guarantee the availability of a network connection from any specific location, especially from Customer’s premises, offices, or other places of business. Customer represents and warrants that, on their premises and other places of business, they procure and operate sufficient network connections as required to access and use the Service. 27. Customer acknowledges and accepts that in most cases, the availability of a network connection is out of Provider’s control. However, Provider shall use its best efforts to receive and forward compensation to Customer in the event that the unavailability of a network connection on the Provider’s side prevents the use of the Service at the availability level defined on Provider’s website. Customer acknowledges and accepts that such action on Provider’s part is possible only in the event that the network outage occurs within the infrastructure of the hosting provider where Provider rents physical or virtual devices, and network access.
IX. SUPPORT AND MAINTENANCE SERVICE
28. Definition of Service. Conditions of using the service: 28.1. To use the Support and Maintenance Service (hereinafter referred to as ‘SMA’), Customer must meet the following prerequisites: a) Have a perpetual license for a supported version of any memoQ product, and b) Have paid the agreed SMA fee for the current service period (hereinafter: ‘have a valid SMA’), or c) Have a valid, paid subscription license for any memoQ product, or d) Have a valid, paid subscription for a memoQ cloud server, or e) Use a memoQ product or a memoQ cloud server in a trial period that has not expired. Some of the terms described in this section also apply to the Support and Helpdesk relating to the memoQ server hosting service (see Chapter VI). However, Support and Helpdesk for server hosting is a limited service, and does not inclue memoQ upgrades or support regarding memoQ and memoQ server. To access the latter, Customer must have a valid SMA, or a valid and paid subscription license. 28.2. By purchasing a perpetual license for a memoQ product, Customer shall automatically receive the Support and Maintenance Service (hereinafter referred as ‘SMA’) that is valid for 1 (one) calendar year from the date of purchase. The date of purchase is the purchase date indicated on Customer’s invoice. Upon expiry of the one year, Customer must extend the SMA with one more year by paying the service fee, in order to continue receiving the Service. 28.3. If Customer uses the hosting service but they do not have a valid SMA, the Service shall be limited to the hosting service and shall not cover general memoQ support. 28.4. If a Customer has a valid subscription to a memoQ cloud server, or a subscription license to any memoQ product, or an ongoing trial of a memoQ product, they are eligible to receive the Service. 28.5. The SMA agreed herein consists of the following components: a) Product maintenance: Provider shall provide Customer with new numbered versions of licensed memoQ software products (hereinafter referred to as ‘Product’), as well as maintenance builds (updates) of the Product, within the period of the Service, for software products licensed by Customer. b) Product support: Provider shall provide product support and helpdesk in order to solve issues related to software products licensed by Customer. c) Installation assistance: At the request of Customer, Provider shall assist with the installation and configuration of on-premises server software products licensed by Customer. Installation assistance includes the installation and configuration of a working memoQ server, as well as memoQweb and Customer Portal if they are licensed. If Customer has licenses for the WS API and for the Resources API, they will also be configured at installation. However, installation assistance does not include the implementation of custom functionality or customized workflows, customized settings, customized data processing, or integration with external systems. Customer may access the latter services by ordering Business Services from Provider. Business Services are subject to separate terms and conditions, and are not available under the General Terms of Service. 29. Product maintenance: Upgrades and Updates 29.1. Upgrades: During the term of the SMA, at Customer’s request, Provider shall issue upgrade licenses to Customer for any new numbered versions of supported Products that Customer has licenses for, in the quantity licensed by Customer. a) The upgrade licenses are issued when Customer installs and activates a new version of a memoQ product. b) Provider always assigns version numbers to all new releases. c) Provider may display the product version by using a brand name instead of the major and minor version numbers. However, the product version number is always displayed in the respective activation windows of each licensed memoQ product. d) A release of the Product is considered different from the previous release if there is a difference in either the major and minor version numbers, or the minor version numbers. Two releases that differ in the build number only are not considered different versions. (Examples: 8.1.6 and 8.2.4 are different versions; 8.2.4 and 8.2.6 are not different versions but different builds.) 29.2. New upgrade licenses issued under the SMA shall be valid indefinitely, unless the original licenses, for which the upgrade licenses are issued, were also time-restricted. Upgrade licenses issued to subscription licenses are valid till the end of the subscription period. If an initial license is time-restricted or is a subscription license, the upgrade license shall have the same restriction (with an expiry date of the same day), and it shall be issued only if the expiration time is still in the future at the time of the upgrade. 29.3. Updates: Provider shall issue new releases of existing versions, without releasing a new minor version, that include fixes and improvements over earlier builds. If Customer has a license to a specific version of the Product, Customer may apply the updates released for that version, even if Customer has no valid SMA. 29.4. Discontinuing down-level versions: Provider may discontinue updates for Product versions earlier than the newest minor versions for the two newest major versions, without prior notice. (For example, in April 2019, the supported versions are memoQ 8.7 and memoQ 2015.) If Provider discontinues updates for a Product version, issues in that Product version will not be fixed by updates. Provider may require Customer to upgrade to a supported Product version in order to have specific issues solved. 29.5. Customer remains entitled to use all Product versions for which they have licenses. Customer shall not be required to upgrade to the newest Product version in order to continue using earlier versions of the same Product. 29.6. Customers with a valid SMA may apply updates (new builds of existing product versions) by connecting to Provider’s website, and downloading the newest installer package of the same version. Customer may also use the automatic update functionality built into the Product. 29.7. New versions of the same Product are not available through automatic updates. To upgrade the Product to a newer version, Customers having a valid SMA or a subscription license must connect to the memoQ website, and download the newest installer package of the newer version. 29.8. Partial upgrade results in reduction of number of licenses: If Customer owns a server license together with a client license pool, and Customer does not agree to pay the full SMA fee, but extends the SMA for a subset of the licenses only, Provider may deactivate or revoke those licenses from the license pool where the SMA was not extended. The same happens if Customer has a subscription license, and seeks to reduce the subscription fee. This may be a technical necessity: if the licenses are not valid for a memoQ client version that is compatible with the memoQ server, they will not work without an upgrade. 30. Support and user assistance: 30.1. During the term of the Service, Customer may request the assistance of Provider’s Support and Helpdesk team in using or troubleshooting the Product. 30.2. Customer must have a valid SMA, a subscription license, or a memoQ cloud server subscription before they can contact Provider’s Support service. Customers who do not have a valid SMA may not contact Provider’s Support service. 30.3. Customers with a valid SMA, a subscription license, or a memoQ cloud server subscription may contact Provider’s Support and Helpdesk team using one of the following means: a) By connecting to Provider’s Support website at the address indicated at the beginning of these General Terms of Service, and clicking Submit a ticket to request assistance (preferred) b) By sending an e-mail to Provider’s Support and Helpdesk team at the e-mail address indicated at the top of the beginning of these General Terms of Service. 30.4. Customer shall submit one incident, question, or issue in one email or ticket. Customer shall describe the phenomenon and its impact. Customer must sufficiently document the issue with error messages or screenshots. Customers understands and acknowledges that Provider may not keep the response times if there are more than two questions, issues or incidents described in one message (ticket). Furthermore, Provider may be unable to keep the response times if the issue is not sufficiently documented. 30.5. Provider may change the helpdesk addresses without prior notification. However, changes shall be published in these General Terms of Service, as well as at Provider’s website and in newsletters. 30.6. Provider’s Support (Helpdesk) team shall be available at times listed in Section 37. Provider shall respond to Customer’s support requests within the times listed in Section 40. 30.7. When reporting a support incident, Customer shall clearly indicate the urgency of the issue. When the support incident is reported through Provider’s Support website, the priority of urgent tickets must be set to Urgent or Critical. Customer shall not report Critical priority unless they experience a complete service outage. If the support incident is reported in e-mail, the subject line of the e-mail must start with the word ‘URGENT’ or ‘CRITICAL’ to indicate urgency. Customer shall also indicate any delivery times or possible deadlines that they are aware of. Customer shall always indicate urgency in the subject line of the e-mail. An incident where the urgency is referred to in the e-mail body will not be considered urgent or critical. 30.8. Upon receiving a support incident report, Provider may request further data or documents in order to successfully resolve the incident. Customer understands and acknowledges that, without the requested data or documents, Provider may not be able – and shall not be required – to resolve the support incident. 30.9. Provider represents and warrants that data and documents received as part of a support incident report shall be used exclusively for resolving the support incident and related errors in the Product. Such data and documents shall not be transferred to third parties other than Provider’s regular subcontractors. Provider represents and warrants that it has entered into sufficient non-disclosure agreements with all regular subcontractors. Provider may retain the documents and resources in the issue tracking databases as long as this is necessary to resolve and follow up on related problems. Both the memoQ support database and the issue tracking system are available to authorized customer support and development personnel only, and they are protected from unauthorized access. 30.10. If Customer does not respond to a request for data or documents within 72 hours from the last correspondence, Provider’s helpdesk system will automatically close the incident. However, Customer may reopen the support incident by sending an e-mail to the official support e-mail address, quoting the identifier (number) of the support ticket from the last correspondence. 30.11. In order to resolve a support incident, Provider’s Support and Helpdesk team may request remote view or remote control of one or more of Customer’s computers. Customer understands and acknowledges that without the requested access, Provider may not be able – and shall not be required – to successfully resolve the support incident. 30.12. Provider represents and warrants that they and their employees or agents shall treat all information viewed or acquired over such access as highly confidential. Provider and their agents shall not record or transmit the information viewed or acquired over a remote viewing or control session. 30.13. If Customer reports an incident that originates in a known programming error, and that error was resolved in a more recent version of the Product, Provider’s Support personnel may recommend that Customer upgrade to the version containing the solution. Following the recommendation, Provider’s support personnel may close the ticket without providing further assistance. 31. Fees, payment, and continuity of the Support and Maintenance Service: 31.1. This Section applies to Customers who purchase perpetual licenses to memoQ products by paying a license fee. This section does not apply to Customers who have subscription licenses or a memoQ cloud server subscription. For the payment terms of the memoQ cloud server, see Chapter V. For the payment terms of subscription licenses, see the End-User License Agreement. 31.2. When Customer purchases a license for a Product for a specific serial number, the license fee includes one year of SMA. The one year starts from the date of purchase of the first license purchased for that serial number. 31.3. When an SMA period expires, a new SMA can be concluded, with a term starting on the next day after the expiration of the previous SMA. A new SMA for the same serial number must always follow the previous one. No time may pass between the expiration of a SMA period and the start of a new SMA term. 31.4. Parties may conclude multiple consecutive SMAs, for multiple consecutive years after the expiry of the current SMA. 31.5. For the SMA, or for the subsequent renewal of the SMA, Customer shall pay a yearly service fee. The service fee is calculated and paid as follows: a) If Customer purchases additional licenses for licensed products under the same product key, the SMA service fee for the product key shall be changed. If the new purchase is made in the middle of a SMA period, Provider shall charge a proportional amount for the next period, for the products licensed over the course of the last SMA period. b) If a SMA period ends and no new SMA is concluded immediately – that is, if the SMA service lapses for a given product key –, Customer shall pay the SMA service fees for all of the missed years in order to resume the SMA service. A SMA is not valid for one year from the time of purchase – it is valid for one year from the last day of the previous SMA. Example: if the previous SMA ends on January 1, 2018, and the next SMA is concluded on April 14, 2018, the new SMA shall be valid till January 1, 2019. c) If the Customer is already in agreement with Provider to continue with the SMA fee, a grace period is considered, so that the service will not lapse when the SMA technically expires. This applies only if the delay is caused by a longer payment term or it is due to internal approval procedures.
X. GENERAL HELPDESK RULES
32. Provider will not provide user assistance in an anonymous manner. Users requesting assistance must identify themselves and provide proof of one of the following: a valid memoQ or memoQ server license; an active and paid subscription license; an active trial period; a valid memoQ cloud server subscription. 33. Provider shall offer user assistance concerning the operation and use of the supported memoQ software, the memoQ server service, and the hosted memoQ server service. 34. User assistance does not include generic training on the use of the supported memoQ software. Customer may access training through Provider’s e-learning site, or through certified trainers or certified training sites that are independent from Provider. 35. User assistance does not include the implementation of custom functionality or customized workflows, customized settings, customized data processing, or integration with external systems. Customer may access the latter services by ordering Professional Services from Provider. Professional Services currently fall out of the scope of these General Terms of Service. 36. Provider may refuse to assist if the support request is unreasonable or irrelevant. 37. Provider’s Support and Helpdesk team shall be available at the following times: a) On weekdays (from Monday to Friday) 24 hours a day, including public holidays of Hungary. On Monday, the service starts at 6:00AM, CET or CEST. b) On Saturdays from 10:00am till 6:00pm CET or CEST, with longer response times (see Section 40). On Sundays, availability will be provided for incidents marked as ‘CRITICAL’. 38. Customer shall report incidents and requests in writing. Further rules of contacting Support are detailed in Section 30. 39. Customer may access all past and pending issues they have submitted. Customer may not access issues submitted by other customers. Customer support issues that belong to an organization may be visible to all authorized personnel from that organization. Customer may contact Provider’s Support and Helpdesk team if they wish to clarify the group of authorized personnel. 40. Provider offers the following response times from the time of submitting a support ticket, during support working hours: a) On weekdays (from Monday to Friday), ‘Regular’ or ‘Normal’ tickets shall be answered in 24 (twenty-four) working hours, ‘Urgent’ tickets shall be answered in 8 (eight) working hours, and ‘Critical’ tickets shall be answered in 4 (four) working hours. Customer may expect the first response within the indicated times. The response time does not guarantee the resolution of the support incident. The automated e-mail response acknowledging receipt shall not count as a response. b) On Saturdays and Sundays, ‘Regular’ or ‘Normal’ tickets shall be answered in 24 (twenty-four) working hours. ‘Urgent’ and ‘Critical’ tickets shall be answered till the end of the support hours, provided that they are submitted at least 3 (three) hours before the end of the support hours.
XI. NO LICENSE
41. The Service does not include licenses that would allow Customer to operate a memoQ Server or any other memoQ product on their premises or by which Customer may access and use the Server. Licenses are subject to a separate End-User License Agreement, to be concluded separately. The End-User License Agreement is available on the Provider’s website at https://www.memoq.com/legal/end-user-license-agreement.
XII. ACCESS AND DELEGATION. ADMINISTRATIVE ACCESS
42. Scope of access and delegation: Customer may allow third parties to access the memoQ cloud server service or a hosted memoQ server under the following conditions and in the following numbers. a) Customer may allow their employees and contractors to access the memoQ cloud server and hosted memoQ server by one of the means listed in Paragraph 14.1 and Section 16, provided that Customer has a license or subscription to use the specific means of access. b) Customer’s representative and appointed administrators may allow access to the memoQ cloud server and hosted memoQ server by means of creating a user account. A user account must represent a person, and must always be used by the person represented. Authorized users who have a user account may not pass on the access credentials to third parties. c) Authorized users, the representatives and appointed administrators of Customer may not attempt to access the memoQ cloud server and hosted memoQ server in any other means than listed in Paragraph 14.1and Section 16. d) Customer represents and warrants that the content processed in memoQ cloud server and hosted memoQ server, and the method of processing content do not violate the rights of third parties, and do not violate the laws of the country of Customer’s operation or the laws of the country where the Server is hosted (see Section 91). Customer assumes full responsibility for the actions of users to whom Customer grants permission to use the Server. 43. Administrative access: Provider retains and reserves the right to access the Server and the computer operating the Service for administrative purposes. a) Provider shall have exclusive administrative access to the Windows desktop of hosted Servers and the server computer(s) where the memoQ cloud server runs, either directly, or through a remote control facility (such as Remote Desktop). b) Customer may not have and may not request administrative access to the server computer(s).
XIII. WARRANTY AND INDEMINIFICATION
44. If Provider is requested to resolve an incident by taking control of one or more of Customer’s computers, where Customer has a valid SMA and optionally a server hosting agreement, Provider shall proceed with the greatest possible care for to prevent any loss of data or functionality on Customer’s end, as well as any loss of productivity or business. 45. If loss of data or functionality occurs, and Provider’s responsibility is proven by Customer, and the loss of data or functionality causes loss of business or revenue for Customer, Provider shall be liable for the damages. If the extent and amount of the damage can be documented, and it is proved that the damage is exclusively the result of Provider’s fault, misconduct, or neglect, and it is also proved that the damage cannot be averted or mitigated in any other way, Provider shall be liable to the entire amount of the damage, through Provider’s professional liability insurance. If the extent of damage cannot be documented, Provider shall be liable for a maximum of the purchase price of the licensed products affected by the operations of the computer that is controlled by Provider at the time the loss occurs. 46. Provider’s liability is expressly and entirely waived in the following cases: a) if Customer is using a non-documented workflow or functionality, or b) Customer was specifically advised against the workflow or methodology they are using, especially if Customer was warned of the potential damages, or c) Customer previously rejected Provider’s offer of consultancy, ‘sanity check’, training, or any other form of Business Services, or ignored the advice or consultancy received from these services, or d) Customer allowed untrained or unauthorized personnel to access and manage their systems, or e) Customer denies access to their systems to Provider, or refuses or fails to supply sufficient data for Provider to investigate the claim, or f) Customer or any of Customer's representatives had at least one active administrative session on the device running the server at the time the damage occurred, g) Customer refuses, neglects or prevents the upgrade or the update of their systems to the latest supported version and build, provided that the upgrade or update was published and offered to Customer by Provider in a timely manner. 47. Provider represents and warrants that they at all times have and maintain a valid professional liability insurance to cover damages relating to the Services under these General Terms of Service, of an aggregate damage coverage of a minimum of 1 million USD. 48. If Customer is hosting a memoQ server on their own premises, Customer shall be responsible to maintain an infrastructure that facilitates busi-ness continuity. In this case, the responsibility of regularly creating backup copies is with Customer, because Provider lacks sufficient access to ensure this. If loss of data or functionality occurs, and Customer is not in possession of a reasonably recent backup copy, Provider’s liability is waived. If Customer uses a memoQ cloud server or a memoQ server hosted by Provider, it is Provider’s responsibility to maintain a business continuity infrastructure, as detailed in Paragraphs 49-59.
XIV. SECURITY, DATA INTEGRITY AND BACKUP
49. Provider represents and warrants that they have and will maintain an information security system certified under ISO 27001. 50. Provider shall use its best efforts to prevent unauthorized access to a hosted Server or to Customer’s memoQ cloud server and the data stored therein (whichever is applicable), and to prevent data loss or malfunction due to unauthorized access or storage device malfunction. This includes redundant storage, regular backups and access control. 51. Provider shall use its best efforts to prevent the unavailability, malfunction, or the temporary or permanent loss of Service, caused by a hardware malfunction, a malicious attack, or an unfavorable change in the environment. Provider shall also use its best efforts to mitigate the consequences, should any of the aforementioned events occur. 52. Provider shall not be responsible or liable for data security and system integrity if Customer does not use the infrastructure operated by Provider; that is, if Customer possesses a memoQ server license, and uses an on-premises server, or else they arrange the hosting themselves. The following para-graphs in this section apply to the memoQ cloud service and the memoQ server hosting service only. 53. Provider shall configure the memoQ cloud server or the memoQ server hosting service so that it will accept encrypted connections only. 54. If Customer does not use (does not enable) the secure connection offered by the Product, Provider shall not be liable for insufficient encryption or lack of data security. Neither shall Provider be liable for any resulting damages or loss of business. 55. Provider shall configure an automatic backup process for the memoQ cloud server service and for hosted memoQ servers. A backup copy of all data in the Service shall be created once every day. Provider will not configure any automatic backups for servers outside Provider’s control (hosted on Customer’s own premises or at a hosting center where the hosting is organized by Customer). 56. Provider shall, at its own expense, acquire and maintain backup storage space with sufficient capacity to hold all of Customer’s data. The backup storage may not be located on the same physical or virtual device that runs the Server. 57. Customer may at any time request the latest backup copy of the server data from the Provider. 58. Provider shall continuously monitor the operation of memoQ cloud servers and hosted memoQ servers, and receive automatic notifications of failure events. Provider will not monitor servers hosted by Customer. a) If the Service becomes unavailable, Provider shall use its best efforts to restore the operation of the server in 2 (two) hours during regular support hours (see Section 40), and in 36 (thirty-six) hours outside regular support hours, counted from the detection of the failure. b) If it is not possible to restore the Service to full operation within 2 (two) hours from starting the intervention, Provider shall inform affected Customers on the nature of the failure, the expected diagnostics and/or repair actions, and provide an estimate of the time it will require to restore full operation. 59. For the memoQ cloud server, Customer may configure daily backup and maintenance times at Provider’s website, under Customer’s account information.
XV. OWNERSHIP AND PROTECTION OF DATA
60. All data entered, created, imported, or added to the Server or the memoQ cloud server service (hereinafter referred to as ‘Data’) by Customer through the means listed in these General Terms of Service, are exclusively owned by Customer. 61. Provider shall not make available the Data added to the Server to unauthorized third parties. In addition, Provider shall make every effort to protect Customer’s data from unauthorized access. Provider shall not copy, publish, or otherwise make available the Data added to the memoQ cloud server to unauthorized third parties, with the exception of creating backup copies for Customer’s exclusive benefit and for the purpose of disaster recovery. 62. Under a valid Service Agreement for a memoQ cloud server service or for memoQ server hosting, Provider may make up to 2 (two) copies of the Data on their premises or on the storage space offered by the data cen-ter for the purpose of disaster recovery. Provider shall prevent unauthorized third parties and other unauthorized personnel from accessing these copies. 63. Customer may request a copy of the Data in the form of a full server backup from the Provider. Provider shall make available the latest backup of the server within 2 (two) working days.
XVI. PROCESSING AND PROTECTING PERSONAL DATA
XVII. TERMINATION; CANCELLING, RESTRICTING, SUSPENDING, AND TRANSFERRING THE SERVICE
70. Ordinary termination of the server hosting service: Parties may terminate the Service Agreement for the server hosting service in writing, with a 30-day notice. Parties agree to provide a reason in writing of such termination. During the termination period, Parties shall comply with all terms and conditions herein. At the end of the termination period, Parties shall settle all accounts. Unless Parties do not agree otherwise, Provider shall refund any excess payments for unrendered Services to Customer. Conversely, Customer shall pay any outstanding service fees to Provider. Parties agree to make the payment in 30 (thirty) days to the bank account specified by the other Party, by wire transfer. This termination shall not terminate the End-User License Agreement or the SMA part of the Service Agreement if such agreements are in place. 71. Termination of SMA and hosting by returning all licenses: If Customer is using Support and Maintenance relating to licenses only (that is, Customer is not using subscription services), and Customer sends a notice that they return all licenses they own, the Service Agreement is automatically terminated on the day the licenses are returned. 72. Termination of the memoQ cloud server service: Customer may terminate the Service through Provider’s website, under Customer’s account information, by using the Cancel subscription option. Customer may choose to terminate the Service Agreement by other means as well. However, Provider may charge a cancellation fee if an alternative method is used. Customer may cancel the Service by the end of the already paid service period or during the trial period in writing. In that event, Provider shall terminate Customer’s use of the Service at the end of the already paid service period. This is enforced automatically by Provider’s systems. a) To resume the Service, Customer may contact Provider within 30 (thirty) calendar days after cancellation. b) In the event that Customer does not resume the Service in 30 (thirty) calendar days, Provider will erase the memoQ cloud server, together with any backup data, without further notice. c) Before or on the last day of the 30-day period, Customer may request a full backup of the memoQ cloud server from Provider. 73. Termination of a subscription license: Customer may terminate the accompanying Service by a written notice to Provider. Customer may cancel the Service by the end of the already paid service period or during the trial period in writing. In that event, Provider shall terminate Customer’s use of the Service at the end of the already paid service period. Customer is responsible for backing up their systems before sending a termination notice. 74. Restriction of license distribution functionality in the event of non-payment for the SMA or for subscription licenses: If Customer uses Support and Maintenance Services without payment, Provider may restrict the functionality of the memoQ software used by Customer. The following specific rules apply: 74.1. At Customer’s request, Provider may exempt Customer from advance payment for Support and Maintenance Services. In the event of exemption, Customer is granted access to Support and Maintenance Services, and Parties agree in a payment schedule. 74.2. In the event of non-payment – if Customer is 90 or more days late with any agreed payment or agreed instalment –, Provider may restrict the functionality of the software used by Customer. Specifically, Provider may remotely disable the license distribution (ELM or CAL) functionality of the memoQ server software used by Customer. This will render the affected memoQ server(s) inaccessible for project managers, administrators and in-house or contracted translators who use ELM or CAL licenses from these servers. 74.3. If Customer fails to pay according to the payment schedule, and at least one payment or instalment becomes overdue by 90 days, Provider shall send a payment notice of 8 (eight) calendar days. 74.4. If, following the payment notice, Customer fails to pay any outstanding amounts within the allotted 8 (eight) calendar days, Provider will disable license distribution on Customer’s affected memoQ server(s) immediately, without further notice. The restriction applies to versions that Customer upgraded to during the SMA period affected by non-payment. 74.5. In the event of a license restriction, Customer may downgrade to a version earlier than the beginning of the affected period, and use license distribution again – but only for those down-level versions. The downgrade process may result in the loss of data or processes. Customer must always bear the entire risk in the event of the downgrade of the memoQ software. 75. Termination by extraordinary notice, especially in the event of non-payment: 75.1. In the event that Customer commits a proven material breach of the Service Agreement, including these General Terms of Service, or in case of owning licenses to memoQ products, Customer violates the End-User License Agreement, Provider may terminate the Service Agreement by sending a 15-day termination notice, documenting the breach with evidence. During the 15-day period, Customer may resolve the breach and thus restore access to affected Services. 75.2. In the event of non-payment, for the memoQ cloud server service: If Customer’s payment is overdue by 5 (five) calendar days or more, Provider will suspend (terminate Customer’s use of) the Service. This is enforced automatically by Provider’s systems. a) To resume the Service, Customer shall contact the Provider, and also pay the next month’s service fee. b) If Customer fails to resume the Service in 30 (thirty) calendar days, Provider may terminate the Service, and erase the memoQ cloud server with any backup data, without further notice. c) If the Service is suspended because of non-payment, before or on the last day of the 30-day suspension period Customer may request, on one occasion, a full backup of the memoQ cloud server from Provider. Provider may charge a one-time fee for the storage and the transmission of data. Provider may not charge for the data themselves, and Provider may not refuse to transmit the data since they are owned by Customer. 75.3. In the event of non-payment for the memoQ server hosting service: If Customer’s payment is overdue by 30 (thirty) calendar days or more, Provider may send a 10-day payment notice. If Customer does not pay the outstanding fees in that 10-day period, Provider may immediately terminate the Service in writing. a) In this event, Provider will not provide assistance in transferring the Server to a different provider. b) Upon termination of the service, Provider shall create a backup of all Server data, and make it available for Customer’s download for 30 (thirty) calendar days from the day of termination. After the expiry of said 30-day period, Provider will delete the backup data without further notice. 75.4. In the event of non-payment for a subscription license: If Customer’s payment is overdue by 30 (thirty) calendar days or more, Provider may send a 10-day payment notice. If Customer does not pay the outstanding fees in that 10-day period, Provider may immediately terminate the accompanying Service in writing. Provider will not create a backup copy or assist in creating a backup copy of Customer’s systems. 75.5. Termination rules for both the memoQ cloud server service and the memoQ server hosting service: a) If Customer’s use of the Service violates the law of a country, state, or other territory of jurisdiction, authorities may require the service to be terminated. In this case, the termination may be immediate, and without prior notice. In such an event, Provider shall notify Customer as soon as possible. Backup data shall remain available to Customer for 15 (fifteen) calendar days, unless authorities order the destruction of said data. b) In the event of Customer terminating the Service Agreement due to a proven material breach on Provider’s part, Provider shall transfer the backup data to a location specified by Customer within 2 (two) working days from receiving notice from Customer. 76. Physical transfer of the Service: 76.1. In the event of the termination of the memoQ cloud server service or the memoQ server hosting service, Customer may request Provider to assist with the transfer of the Service to a device of Customer’s choice. a) Provider shall assist with the transfer at an agreed hourly fee, unless Parties agree otherwise. b) Because the Service does not include licenses to use the server software on a dedicated on-premises or hosted device, Customer shall be required to purchase the required licenses prior to the transfer, at a license fee separately agreed by Customer and Provider. c) Provider shall not be required to assist with the transfer if the termination of the service does not happen by Parties’ mutual consent, or if the service is terminated due to a proven material breach on Customer’s part. d) For the purpose of the transfer, Customer, at its own expense, shall provide a device with equal or higher computing power and software configuration than the configuration defined by Provider. 76.2. After the termination of the Service, Provider must dispose of all data kept on the Server. Data deletion must happen immediately after the expiry of the data availability periods described above. Upon Customer’s request, Provider shall delete the data within 48 (forty-eight) hours from receiving a written notice from Customer.
XVIII. LANGUAGE TERMINAL
XIX. MISCELLANEOUS TERMS, LITIGATION, AND JURISDICTION
88. By concluding the Service Agreement, Provider represents and warrants that they possess sufficient infrastructure, or access thereto, and sufficient expertise and personnel necessary to provide the Service defined in these General Terms of Service in compliance with the terms set forth herein. 89. By concluding the Service Agreement, Customer represents and warrants that they possess the authorization necessary to engage in the Service Agreement, and to transfer data necessary to use the Service over the network to Server or to the Service, and that this operation does not infringe the rights, including, but not limited to, privacy, confidentiality, and intellectual property rights, of third parties. 90. Terms and conditions relating to privacy and data protection are governed by Hungarian law and EU legal standards, particularly by the Hungarian Personal Data Protection Code that governs the processing of personal data. Furthermore, recognizing the global nature of the internet, Customer agrees to comply with all local laws including, without limitation, laws about the Internet, data, email, or privacy. Specifically, Customer agrees to comply with all applicable laws regarding the transmission of technical data exported from the country in which Customer resides. Customer shall indemnify Provider from any legal, material, or substantial consequences of the event that Customer fails or ceases to meet the above conditions. 91. In addition to these General Terms of Service, Parties shall comply with the laws and regulations of the respective countries of their registration, as well as the country where the Servers hosting the Service are being operated. At Customer’s request, Provider shall send information about the countries where the Servers operate. 92. Terms and conditions of these General Terms of Service and the Service Agreement are governed by the laws of Hungary. Any dispute regarding these General Terms of Service and/or the Service Agreement shall be decided by a competent ordinary court of law of Hungary. 93. If any provision of the Service Agreement or these General Terms of Service is declared to be invalid, illegal, or unenforceable by a Court of competent jurisdiction, said provision shall be severed from the Service Agreement or these General Terms of Service, while all other provisions shall remain in full force and effect.
XX. DATA PROCESSING ADDENDUM
This Data Processing Addendum is part of the General Terms of Service provided by memoQ Translation Technologies Ltd., acting as the Data Processor under the scope of this Data Processing Addendum. Data Processor Details: memoQ Translation Technologies Ltd. (memoQ Zrt.) registered seat: Mester u. 12., I em. 1., Budapest, 1095 Hungary EU VAT ID: HU25429356 Data Protection Officer / Chief Information Security Officer contact: firstname.lastname@example.org website address: https://www.memoq.com 94. This Data Processing Addendum shall apply to Customer as well as to the Service Agreement between Customer and Provider if a) Customer uses the memoQ cloud service, Language Terminal, or the memoQ server hosting service provided by Provider (see Chapters V, VI, and XVIII), or b) Customer sends project data to Provider’s Helpdesk, where the project data includes protected personal data, and Customer notifies Provider of the fact, and c) Customer resides in the European Union or collects or processes personal data of EU citizens. 95. Purpose and scope of this Addendum: This addendum applies to personal data collected by Customer and eventually processed by Provider. This addendum does not apply to the personal data of Customer or representatives of Customer, collected by Provider. 96. Processor and Controller: In this Data Processing Addendum, Provider shall be called Processor, whereas Customer shall be called Controller. 97. Definitions: The terms used in this Addendum shall have the meanings set forth in this Addendum. Terms not otherwise defined herein shall have the meanings given to them in the General Terms of Service. Except as modified below, the terms of General Terms of Service shall remain in full force and effect. In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly: a) Authorized Sub-processor: (a) The Sub-processors set out in the Sub-processing section; and (b) any additional Sub-processors consented to in writing by Controller in accordance with the Sub-processing section. b) Sub-processor: Any Data Processor (including any third party) appointed by the Processor to process Controller Personal Data on behalf of the Controller. c) Process/Processing/Processed, Data Controller, Data Processor, Data Subject, Personal Data, Special Categories of Personal Data and any further definition not included under this Agreement or the General Terms of Service shall have the same meaning as in EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (GDPR). d) Data Protection Laws: The EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (GDPR) as well as any local data protection laws. e) Erasure: Removal or destruction of Personal Data such that it cannot be recovered or reconstructed. f) EEA: The European Economic Area. g) Third country: Any country outside the EU or the EEA, unless the country is the subject of a valid adequacy decision by the European Commission on the protection of Personal Data in Third Countries. h) Controller Personal Data: Data described in the Details of processing of controller personal data section and any other Personal Data processed by Processor on behalf of the Controller, pursuant to or in connection with the General Terms of Service. i) Personal Data Breach: An event leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Controller Personal Data transmitted, stored or otherwise processed. j) Services: Services to be provided by Processor to Controller, pursuant to the General Terms of Service. k) Products: means the products to be supplied by the Processor to the Controller pursuant to the General Terms of Service. l) Standard Contractual Clauses: Standard contractual clauses for the transfer of personal data to Processors established in third countries, as approved by the European Commission Decision 2010/87/EU, or any set of clauses approved by the European Commission which amends, replaces or supersedes these. 98. Details of processing of controller personal data: This section includes certain details of the Processing of Controller Personal Data as required by Article 28(3) GDPR. a) Subject matter and duration of the Processing of Controller Personal Data: The subject matter and duration of the Processing of the Controller Personal Data are set out in the General Terms of Service and this Addendum. b) Nature and purpose of the Processing of Controller Personal Data: Providing storage and software functionality as a service for language translation services. c) Types of Controller Personal Data to be Processed: Name, address, telephone number, e-mail address, other personal data in text to be translated. d) Categories of the Data Subjects to whom the Controller Personal Data relates: Customers, clients, co-workers (server users), and data subjects referred to in the text to be translated. See Section 91 for further terms. 99. Main purpose of service is not personal data processing: Controller acknowledges and accepts that the main purpose of the service provided by Processor is not the processing of personal data. Processor will store the personal data, and whenever they need processing, Processor will process them as text, not as personal data. Controller acknowledges and accepts that, following from the General Terms of Service, Processor may not have the means or the right to access the Personal Data, and may not be able to identify the Data Subjects or the Controller Personal Data that need protecting. 100. Personal data in documents to translate: a) If Controller receives such documents from their customer, Controller’s role shall be Processor, and Processor’s role shall be Sub-Processor. In this case, the data controller is the customer of Controller. b) Controller acknowledges and accepts that Processor may not be aware of the presence of protected Controller Personal Data in the documents unless explicitly instructed by Controller. In this case, the responsibility of protecting such Controller Personal Data remains with Controller. c) Controller agrees to remove protected Controller Personal Data from documents before importing them in Processor’s systems, whenever such removal (anonymization or pseudonymization) is possible and feasible. 101. Data Processing Terms: While providing the Services and/or Products to the Controller pursuant to the General Terms of Service, Processor may process Controller personal data on behalf of Controller as per the terms of this Addendum. Processor agrees to comply with the following provisions with respect to any Controller personal data. a) To the extent required by applicable Data Protection Laws, Processor shall obtain and maintain all necessary licenses, authorizations and permits necessary to process personal data. b) Processor shall maintain all the technical and organizational measures to comply with the requirements set forth in the Addendum. 102. The Processing of Controller Personal Data: Processor shall not process Controller Personal Data for any purposes other than those set forth in the General Terms of Service or required by applicable law. a) Processor shall not process, transfer, modify, amend or alter the Controller Personal Data, or disclose or permit the disclosure of Controller personal data to any third parties, unless instructed so by Controller’s documented instructions, or unless processing is required by EU or Member State law to which Processor is subject. b) Processor shall, to the extent permitted by law, inform Controller of that legal requirement before processing the Personal Data and comply with the Controller’s instructions to minimize, as much as possible, the scope of the disclosure. 103. Reliability and Non–Disclosure: Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to Controller personal data, ensuring in each case that access is strictly limited to those individuals who require access to the relevant Controller Personal Data. Processor must ensure that all individuals that have a duty to process controller personal data: a) are informed of the confidential nature of the Controller Personal Data and are aware of Processor's obligations under this Addendum and the General Terms of Service in relation to the Controller Personal Data; b) have undertaken appropriate training/certifications in relation to the Data Protection Laws or any other training/certifications requested by Controller; c) are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; and d) are subject to user authentication and logon processes when accessing the Controller Personal Data in accordance with this Agreement, the General Terms of Service and the applicable Data Protection Laws. 104. Personal Data Security: Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of Controller Personal Data security appropriate to the risk, including but not limited to: a) operating an audited ISO 27001 ISMS; b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; c) the ability to restore the availability and access to Controller Personal Data in a timely manner in the event of a physical or technical incident; and d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing. In assessing the appropriate level of security, Processor shall take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Personal Data transmitted, stored or otherwise processed. 105. Access control by Controller: Controller acknowledges and accepts that the service provided by Processor allows Controller to grant access to third parties without Processor’s prior knowledge or consent. Following from the General Terms of Service herein, this is Controller’s right. However, Controller agrees that this manner of granting access shall not constitute a data processing instruction towards Processor, and it shall be entirely Controller’s responsibility to ascertain that granting such access do not violate applicable laws and regulations. 106. Sub-Processing: As of the Addendum Effective Date, Controller hereby authorizes Processor to engage the following Sub-Processors: i) Hetzner Online GmbH Processing activity: server hosting Location of service center(s): Nuremberg, Germany ii) HostEurope GmbH (ServerLoft) Processing activity: server hosting Location of service center(s): Strasbourg, France iii) APH Inc. d/b/a Codero Processing activity: server hosting Location of service center(s): Dallas or Phoenix, United States iv) Microsoft Corp. (Azure Cloud) Processing activity: server hosting Location of service center(s): EU, USA, Canada, Netherlands, Japan, Korea, or UK - by Controller's choice Processor shall not engage any Data Sub-Processors to Process Controller Personal Data other than the Subprocessors listed above, without the prior written consent of Controller, which Controller may refuse with absolute discretion. With respect to each Sub-processor, Processor shall: a) Provide Controller with full details of the Processing to be undertaken by each Sub-processor. b) Carry out adequate due diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organizational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the General Terms of Service and the applicable Data Protection Laws. c) Include terms in the contract between Processor and each Sub-processor which are the same as those set out in this Addendum. Upon request, Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review. d) Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses or such other mechanism as directed by the Controller into the contract between Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data. e) Remain fully liable to Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data. 107. Data Subject Rights: Taking into account the nature of the Processing, Processor shall assist Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Controller's obligation to respond to requests for exercising Data Subject rights as laid down in EU GDPR. Processor shall promptly notify Controller if it receives a request from a Data Subject, the Supervisory Authority and/or other competent authority under any applicable Data Protection Laws with respect to Controller Personal Data. Processor shall cooperate as requested by Controller to enable Controller to comply with any exercise of rights by a Data Subject under any Data Protection Laws with respect to Controller Personal Data and comply with any assessment, enquiry, notice or investigation under any Data Protection Laws with respect to Controller Personal Data or this Agreement, which shall include: a) the provision of all data requested by Controller within any reasonable timescale specified by Controller in each case, including full details and copies of the complaint, communication or request and any Controller Personal Data it holds in relation to a Data Subject; b) where applicable, providing such assistance as is reasonably requested by Controller to enable Controller to comply with the relevant request within the timescales prescribed by the Data Protection Laws; c) implementing any additional technical and organizational measures as may be reasonably required by Controller to allow Controller to respond effectively to relevant complaints, communications or requests. 108. Personal Data Breach: Processor shall notify Controller without undue delay and, in any case, within twenty-four (24) hours upon becoming aware of or reasonably suspecting a Personal Data Breach. Processor will provide Controller with sufficient information to allow Controller to meet any obligations to report a Personal Data Breach under the Data Protection Laws. Such notification shall as a minimum: a) describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned; b) communicate the name and contact details of Processor's Data Protection Officer, Privacy Officer or other relevant contact from whom more information may be obtained; c) describe the estimated risk and the likely consequences of the Personal Data Breach; and d) describe the measures taken or proposed to be taken to address the Personal Data Breach. Processor shall co-operate with Controller and take such reasonable commercial steps as are directed by Controller to assist in the investigation, mitigation and remediation of each Personal Data Breach. In the event of a Personal Data Breach, Processor shall not inform any third parties without first obtaining Controller’s prior written consent, unless notification is required by EU or Member State law to which Processor is subject, in which case Processor shall, to the extent permitted by such law, inform Controller of that legal requirement, provide a copy of the proposed notification and consider any comments made by Controller before notifying the Personal Data Breach. 109. Data Protection Impact Assessment and Prior Consultation: Processor shall provide reasonable assistance to Controller with any data protection impact assessments which are required under Article 35 of GDPR and with any prior consultations to any supervisory authority of Controller which are required under Article 36 of GDPR, in each case solely in relation to Processing of Controller Personal Data by Processor on behalf of Controller and considering the nature of the processing and information available to the Processor. 110. Erasure or return of Controller Personal Data: Processor shall promptly and, in any event, within 90 (ninety) calendar days of the earlier of: (i) cessation of Processing of Controller Personal Data by Processor; or (ii) termination of the General Terms of Service, at the choice of Controller (such choice to be notified to Processor in writing) either: a) return a complete copy of all Controller Personal Data to Controller by secure file transfer in such format as notified by Controller to Processor, and securely erase all other copies of Controller Personal Data Processed by Processor or any Authorized Sub-processor; or b) securely wipe all copies of Controller Personal Data Processed by Processor or any Authorized Sub-processor, and in each case, provide a written certification to Controller that it has complied fully with the requirements of section Erasure or Return of Controller Personal Data. c) Processor may retain Controller Personal Data to the extent required by Union or Member State law, and only to the extent and for such period as required by Union or Member State law, and always provided that Processor shall ensure the confidentiality of all such Controller Personal Data and shall ensure that such Controller Personal Data is only Processed as necessary for the purpose(s) specified in the Union or Member State law requiring its storage and for no other purpose. 111. Audit rights: Processor shall make available to Controller, upon request, all information necessary to demonstrate compliance with this Addendum and allow for, and contribute to audits, including inspections by Controller or another auditor mandated by Controller. Processor shall provide full cooperation to Controller with respect to any such audit and shall, at the request of Controller, provide Controller with evidence of compliance with its obligations under this Addendum. Processor shall immediately inform the Controller if, in its opinion, an instruction pursuant to this section Audit (Audit Rights) infringes the GDPR or other EU or Member State data protection provisions. Audit rights must be exercised in a manner so as not to infringe or violate the rights of other Controllers and customers that have a similar contract with Processor. 112. International Transfers of Controller Personal Data: Processor shall not process Controller Personal Data nor permit any Authorized Sub-processor to process the Controller Personal Data in a Third Country other than those recipients in Third Countries (if any) listed in Sub-processing section, unless authorized in writing by Controller in advance. Controller, using the capabilities of the service provided by Processor, may grant access to another Processor or Sub-Processor without Processor’s prior knowledge or agreement. Such a manner of granting access shall constitute a transfer performed or permitted by Controller, and not by Processor. In this case, Controller shall take the entire responsibility for ascertaining for the transfer not to violate applicable data protection laws. When requested by Controller, Processor shall promptly enter into (or procure that any relevant Sub-processor of Processor enters into) an agreement with Controller including Standard Contractual Clauses and/or such variation as Data Protection Laws might require, in respect of any processing of Controller Personal Data in a Third Country, which terms shall take precedence over those in this Addendum. 113. Codes of Conduct and Certification: At the request of Controller, Processor shall comply with any Code of Conduct approved pursuant to Article 40 of GDPR and obtain any certification approved by Article 42 of EU GDPR, to the extent that they relate to the processing of Controller Personal Data. 114. General Terms: a) Subject to this section, Parties agree that this Agreement and the Standard Contractual Clauses shall terminate automatically upon termination of the General Terms of Service or expiry or termination of all service contracts entered into by Processor with Controller, pursuant to the General Terms of Service, whichever is later. b) Any obligation imposed on Processor under this Addendum in relation to the Processing of Personal Data shall survive any termination or expiration of this Addendum. c) This Addendum, excluding the Standard Contractual Clauses, shall be governed by the governing law of the General Terms of Service for so long as that governing law is the law of a Member State of the European Union. d) Any breach of this Addendum shall constitute a material breach of the General Terms of Service. e) With regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including but not limited to the General Terms of Service, the provisions of this Addendum shall prevail with regard to the parties’ data protection obligations for Personal Data of a Data Subject from a Member State of the European Union. f) Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.