Terms and Conditions
for Access and Use of GDP Shield Software as a Service (SaaS)
1.1. Contracting Parties
This fundamental document represents the legally binding Agreement between:
GDP Shield S.R.L. - headquartered in Sibiu, Negoi 29, Romania ("GDP Shield") - as a service provider,
"Customer" - any legal person who opens a User account at www.gdpshield.com, and implicitly accepts these Terms and Conditions.
Authority and Capacity. The parties and their legal representatives guarantee that they have the authority and capacity to enter into this agreement.
Enforceability. This agreement constitutes a legal, valid, and binding obligation, enforceable against the parties according to its terms.
The access to the Services is based on a monthly paid subscription. Upon ordering access to the Services, and confirming acceptance of the terms and conditions in this document, a legally binding agreement (“Agreement”) is entered into between GDP Shield and the Customer. All Services, as they are available at any time through the portal https://gdpshield.com, are subject to the terms of this Agreement.
Upon entering into this Agreement and the registration of the Customer in GDP Shield’s systems, the Customer is given a right to use the Services, under the terms of this Agreement. Once access to the Services has been granted, the Customer will receive an e-mail to its registered e-mail address with the necessary access and login details.
The full range of services consists of access to a private and secure personal database, plus a complete suite of automated adjacent services required to fully comply with international personal data protection Regulations. The beneficiary's right to use a certain range of services provided is related to the type of subscription it chooses.
In this Agreement, the following terms shall have the meanings set out below:
"Applicable Laws" means
(a) GDPR - EU General Data Protection Regulation 2016/679;
(b) US California Consumer Privacy Act - CCPA (Bill 2018/1121);
(c) Indian Personal Data Protection Bill;
(d) Canadian The Personal Information Protection and Electronic Documents Act (PIPEDA);
(e) Australian Privacy Act (No. 119/1988);
(f) Brazil's Lei Geral de Proteção de Dados Pessoais - LGPD (2018);
(g) Argentina's Bill No. MEN-2018-147-APN-PTE
(h) any other applicable law with respect to Personal Data;
"Controller" - the Customer, determining the purpose and means of the processing of personal data;
"Processor" - the entity that processes personal data for itself or on behalf of the controller. In this case: the Customer;
"Personal Information" - any personal data collected and processed by the Customer under the present Terms and Conditions;
"User" - any person (generally an employee) to whom the Customer grants limited rights of access and use of the GDP Shield services;
"Services" - SaaS services provided by GDP Shield and made available in accordance with the provisions of this document;
"Contract Cycle" - one month (or 30 days) calculated from the date of opening the account. The contractual cycle will take into account the calendar months.
"Operational Procedure" - service-specific documentation describing the precise operations of each service provided by the GDP Shield. The Customer has the possibility of downloading the Operational Procedure once the User account has been activated.
1.5. Description of the Services
The services provided by GDP Shield standardize and automate all the legal obligations imposed on companies and institutions by international personal data protection regulations. They are made up of secure access to a personal database which is linked to a set of automated law enforcement tools.
Disclaimer: GDP Shield is a SaaS provider and has no influence on the continuous information processing procedures of the Customer's personal database. Also, GDP Shield does not have access to personal data collected by the Customer. Effective data processing is performed by the Customer using the set of tools provided by the GDP Shield. GDP Shield is unaware of and has nothing to do with the purpose or basis of the processing of data, which is set by each individual Customer.
The Customer acknowledges that the software providing the Services may evolve and update, over time. In other words, the Customer is given the right to use our Services with the functionality as provided at any given time. The right to use our Services is not connected to any specific version of the software, or to any functionality provided at any time, but it is rather connected to the access and use of the Services as they are at any given time.
2. THE RIGHT TO USE THE SERVICES
The Customer requests the opening of the account through the "Registration" form, which can be found on the website. The account opening will be validated only after a preliminary verification of the GDP Shield's existence, the veracity of the contact data and its object of activity.
GDP Shield reserves the right to refuse services to anyone for any reason, at any time.
Upon requesting the opening of the account, the Customer is provided access to an Administrator’s account, with Username and password chosen by the Customer. The administrator has the ability, depending on the subscription chosen, to set up Users and give them limited access to services.
The Customer and its Users receive a limited, terminable, non-exclusive and non-transferable right of access and use the Services, in accordance with the terms of this Agreement, exclusively for the Customer’s internal business purposes. This right is conditional on the payment of the applicable subscription fee and other fees (“Subscription Fee”). Any applicable Subscription Fee is provided on the Customer’s account overview.
2.2. Sign-up Procedures and Fees
Upon the creation of the account, the Customer is given two options:
- Contract with payment of a registration fee - in which case the Customer may terminate the contract at any time;
- Contract without payment of a registration fee - in which case the contractual term is at least two years. In case of a termination request prior to the minimum period, the Customer will pay a "Termination Fee". This fee is calculated based on the number of unpaid months until the contract is completed. Payment is due within 24 hours from issuance of invoice. The procedures for terminating the Contract will apply accordingly.
The Payment of the Subscription Fee and the compliance with the terms of this Agreement is a precondition for the right to use the Services. GDP Shield may adjust the agreed Subscription Fee upon 3 months’ written notice. In case of changes in public taxes, charges or other duties or other changes in public administrative practice affects the vendor’s costs connected to the Service, the Subscription Fee may be adjusted correspondingly without prior notice.
The Customer may not allow a third party to use the Services in a service bureau or similar or offer services dependent on the Services to a third party. However, the Customer may allow in-hire consultants or temporary employees to use the services for Customers internal business purposes. The Customer may also use the services to collect data from the applications and databases of the Customer’s business partners.
Services depend on standard software. When purchasing access to the Services, the Customer does not purchase a copy of, or license to, the software used to deliver the Services, but consecutively pay for a subscription to access the Services.
2.3. The relationship between the Customer’s Users and GDP Shield
The Customer commits to adhere to the terms of this Agreement and to ensure that any of its Users do the same. The Customer accepts the full responsibility for all activities connected to its Users and its User’s compliance with the terms of the Agreement. When the individual User accepts any Terms upon logging into the Service, or on a later change of such terms, no Agreement is made between such individual User and GDP Shield. It is at all times the Customer who is a party to any agreement with GDP Shield, and who has all rights and obligations set out in such agreement.
The Customer accepts that GDP Shield may contact the Customer ( the Customer’s administrator), through registered e-mail addresses and through telephone, and provide general marketing information or other information about the services. Such information will not be sent to the Customer’s other Users.
2.4. User administration
Users are created and administrated by the Customer's administrator that is communicated to GDP Shield.
The log-on information of an individual User shall not be shared or used by more than one physical person, but may freely be re-assigned by the Customer’s administrator. The Customer’s administrator may also delete Users. The Customer shall ensure that all information about Users and administrator are up to date at all times.
Each User is responsible for keeping his/her Username and password confidential. In the case of unauthorized use of the User login information, the legal responsibility belongs strictly to the Customer, GDP Shield having no power or competence in this respect. The Users or the administrator are authorized to provide GDP Shield’s support personnel with access to their accounts where such access is necessary to provide support or else performed tasks asked for by the User or administrator.
2.5. Requirements for use of the Services
The Customer and any of its Users shall not transfer viruses, malware or any other harmful code to the Services or use the Services in a manner which gives a risk for such transfer. The Services shall not be used for any illegal or otherwise unauthorized purpose. The Customer is responsible for complying with the EU export regulations when the Services are used outside of EU, including assuring that the Services are not used in jurisdictions where such use would be contrary to such export regulations.
3. TECHNICAL INFORMATION
The Services are compatible and are being delivered through any major web browser, such as Microsoft Edge, Google Chrome, Mozilla Firefox, and Safari, as an operating environment. The Customer will be given a minimum of three months’ notice in case of significant changes to the operating environment. GDP Shield reserves the right to change the operating environment, but will in such event notify the Customer, in order to allow the Customer to evaluate the technical and legal effects of such change.
GDP Shield has no responsibility for any eventual errors and defects of the web browsers, nor for a Customer’s choice of an incompatible minor web browser.
4. RESPONSIBILITY FOR QUALITY OF SERVICE, AVAILABILITY, AND SUPPORT
4.1. Quality of Service
GDP Shield warrants that the Services will perform substantially as described in applicable documentation of Services (Operational Procedure). The Services will be subject to continual improvement.
If the Services does not function as described in applicable documentation of Services, GDP Shield will correct verified errors in the services at GDP Shield’s own expense. GDP Shield may choose to replace the Services or functionality therein instead of performing a correction. If GDP Shield does not solve the verified errors according to the time-limits set out together with the description of the Services in question or does not replace the Service within a reasonable time, the Customer may cancel their subscription in accordance with the terms in section 10. The Customer may not set forth any other claims due to defects or errors in the Services.
4.2. Service Level Agreement (SLA) targets, penalties
GDP Shield’s Service availability targets, SLA penalties, and fixed maintenance periods are set out together with the description of the Services in question.
GDP Shield may, from time to time, require maintenance periods, for example for major upgrades. Such maintenance periods will generally take place over weekends or overnight and will be notified to the Customer at least 48 hours in advance.
4.3. Notification of errors
If the Customer experiences that the Services in whole or in part are unavailable, or have reduced performance, the Customer shall report the error via email to firstname.lastname@example.org. In order to ensure that GDP Shield gets the necessary information to identify and correct the error, the Customer shall, together with the notification of error, provide accurate information about the error, including a description of how the error occurred, how many Users are affected, and which dataflows and/or systems are affected, or assist GDP Shield with gathering such information.
GDP Shield will provide basic technical and legal support to the Customer. This entails technical and legal assistance, but GDP Shield does not warrant that any solution will be found for any problems or requests. The administration and configuration of the Services for the Customer are not included in the support and may be provided according to separate agreements. This may include assistance connected to integrated applications/databases.
The Customer may contact GDP Shield support on business days (Monday to Friday except for Christmas Eve, New Year’s Eve and other public holidays) between 08:00 and 16:00 hours Central European Time. Any contact with GDP Shield support shall take place via email@example.com.
5.1. Rights to data
The Customer retains all rights to all the data which the Customer stores or transfers in connection with the use of the Services.
GDP Shield does not have access to the Customer’s stored data.
Upon termination of Services, GDP Shield may agree to assist the Customer in transferring the data to a designated and usable format. Such a service may be delivered within 10 days after the end of the subscription in question, in order to ensure that the Customer can receive the data before deletion. Such assistance is not invoiced by GDP Shield. On termination of the subscription, all Customer data will be deleted by GDP Shield.
GDP Shield provides secure and reliable services, and will at any time have in place administrative, physical and technical security measures including backup solutions according to corresponding standards.
- GDP Shield has established an information security governance system where systems, routines, and processes are set up in accordance with ISO 27001.
- A yearly third-party audit shall be carried out in accordance with ISO 27001
- A confidential summary report of the audit shall be produced and made available to the Customer upon request
- The summary report shall enable the Customer to assess whether the security level in GDP Shield’s services is according to the Agreement and the Customer’s requirements.
5.3. Processing of personal data
The Services offered by GDP Shield do not entail collecting and processing of Customer’s personal data relating to its data subjects, for the Customer. GDP Shield does not have any type of access to the database created by the Customer. The Services offered by GDP Shield may only entail collecting and processing of the personal data limited to Customer’s administrator and Users personal information.
The Customer is the Controller and Processor, in accordance with the international data protection regulations.
The Customer as the Controller agrees and warrants that:
- The Customer owns or otherwise has the right to transfer the personal data to the Service for processing, and that the Customer is responsible for the accuracy, integrity, contents, and legality of the personal data;
- It is the Customer’s obligation as the Controller to notify the applicable regulatory authorities and/or Data Subjects in case of breach or the unauthorized transfer of special categories of data such as personal data;
- The Customer, by way of its risk assessment, has verified that GDP Shield’s security measures are effective and appropriate for the processing in question;
- GDP Shield has provided sufficient guarantees in terms of logical, technical, physical and organizational security measures.
6. FEES AND PAYMENT TERMS
For Services included in GDP Shield, the Customer pays a Subscription Fee to as set out together with the description of the Services in question.
7. CHANGES TO THE AGREEMENT
GDP Shield reserves the right to change the terms of this Agreement upon at least 30 days’ notice.
8. LIABILITY, LIMITATION OF LIABILITY ETC.
8.1. Limitation of liability
If GDP Shield is held responsible for paying damages to the Customer as a consequence of breaches of any of the obligations under this Agreement, such damages may in no event include compensation for indirect loss or damages of any kind which may arise as a result of, or in connection with, such breach. Indirect loss includes, but is not limited to, loss of profit of any kind, losses as a consequence of disrupted operations, loss of data, lost savings. GDP Shield’s liability under this Agreement is therefore limited to direct loss, unless otherwise set out in mandatory applicable law, for example, damages due to gross negligence or intent. Any refunds or compensation for direct loss and costs during any 12-month period shall not exceed an amount equivalent to 6 month’s Subscription Fee’s ex. VAT for the Services during the same period.
If standardized sanctions are agreed, these standardized sanctions shall be the sole and exclusive remedy for the matter and no other claims may be made based on the same situation.
8.2. Force majeure
If the use and execution of the Services are wholly or partly prevented or materially impeded by circumstances beyond the parties’ control, both parties’ obligations are suspended for as long as the circumstances are relevant and as long as these circumstances last. Each party may, however, in accordance with section 10 of this Agreement, terminate the Agreement if the force majeure makes it particularly burdensome for that party to continue the Agreement.
In the event that law, rules or regulations applicable to the use or delivery of the Services is changed or new rules or regulations are adopted after the Services have been made available on the market and this prevents GDP Shield from fulfilling the Customer’s instructions regarding processing of personal data or other obligations in this Agreement, and/or this requires full or partial termination of access to the Services for a limited or indefinite period of time, this shall be considered as a force majeure circumstance. GDP Shield is not in any way responsible for any such or other force majeure circumstance.
8.3. Circumstances for which GDP Shield not, in any event, is responsible
Even though GDP Shield will use appropriate care to ensure secure transmission of information between the Customer and the Services, the Customer recognizes that the Internet is an open system and that GDP Shield cannot warrant that a third party cannot or will not intercept or alter data during the transmission. GDP Shield takes no responsibility for such unauthorized access to, use or alternation or publication or loss of data.
Neither is GDP Shield responsible for lack of availability of the Services when this is directly or indirectly caused by the Customer or by circumstances for which the Customer is responsible or the reconstruction of data regardless of cause.
9. CANCELLATION AND SUSPENSION
The Customer may cancel the Services and thereby cancel the entire subscription for GDP Shield’s Service using the Customer’s account tool, with applicable notice period. The cancellation takes effect at the end of the next billing cycle.
For non-paying Customers GDP Shield has the right to suspend or terminate access to all or any part of the Service at any time, with or without cause, with 5 days’ prior notice. In case of abuse, access to Services may be suspended or terminated without notice, effective immediately.
If payment is not made within 5 days of the due date, GDP Shield may suspend the Customer's access to services until the payment is made. The suspension will be notified to the Customer by email, together with a final and reasonable deadline of 15 days to pay the outstanding amount before the suspension takes effect. GDP Shield may delete the Customer's account if the payment is not made within 30 days of the entry into force of the suspension. The Customer pays contractual penalties of 0.7% per day, in accordance with the applicable laws, for all overdue amounts.
GDP Shield may terminate the Customer’s subscription with 5 days’ notice if the Customer is in breach of any of his obligations under this Agreement, or if it becomes apparent that the Customer will materially breach this Agreement in the future. GDP Shield may with 5 days’ notice to the Customer also suspend the Customer’s subscription to the Services if the Agreement is breached by the Customer. Such suspension may be in effect until the matter has been resolved.
GDP Shield reserves the right to terminate any service in its entirety, or its availability in any market, with 3 months’ notice before such termination takes effect or in case of force majeure with such notice which is reasonable under the circumstances.
Upon cancelation of Contract, the Customer is entitled to a copy of its database in a readable, unsecured, format. Provided the Customer has paid the ”Cancelation Fee” pursuant to the provisions set out in Section 2.2. of the present document, GDP Shield will assist the Customer in obtaining the readable and unsecured copy of the existing database pertaining to the Customer.
When the Services, hereunder Users, are terminated, all data and copies of such data will be deleted from GDP Shields servers upon the termination taking effect. The Customer will get access to his data as set out in section 5.1.
10. TRANSFER OF SUBSCRIPTION
Without obtaining GDP Shield’s prior written permission, the Customer is not entitled to transfer all or part of the right to use the Services to another entity (either through mergers, de-mergers, bankruptcy, change of ownership or control or to affiliates or otherwise). GDP Shield may fully or partially transfer its rights and obligations under the Agreement to subsidiaries or other companies within the same group, hereunder use these as sub-contractors, provided that this is done in such a manner that it is ensuring compliance with the obligations under all relevant data protection laws from the Customer’s perspective.
Confidentiality. As used in this Agreement, "Confidential Information" refers to any information which has commercial value and is either:
- technical information: including patent, copyright, trade secret, and other proprietary information, techniques, sketches, drawings, models, inventions, know-how, processes, apparatus, equipment, algorithms, software programs, software source documents, and formulae related to the current, future and proposed products and services of GDP Shield;
- non-technical information: relating to GDP Shield's products including, without limitation, pricing, margins, merchandising plans and strategies, finances, financial and accounting data and information, suppliers, Customers, Customer lists, purchasing data, sales and marketing plans, future business plans, and any other information which is proprietary and confidential to GDP Shield.
Trade secret. It means all information possessed by, and all mechanisms (software or non-software, as presented above) developed by the GDP Shield, for which all of the following apply:
- the information derives independent economic value from not being generally known;
- the Recipient takes reasonable precautions to prevent such information from being disclosed and released to the public;
Non-Confidential Information. The restrictions of this Agreement will not apply to information that, without the breach of this agreement, is or becomes publicly known.
Nondisclosure and Nonuse Covenant.
(a) to use the Proprietary Information only for its consideration internally, and not for any other purpose;
(b) to maintain the Proprietary Information as secret, and exercise all reasonable precautions to prevent unauthorized access to it;
(c) not to copy the Proprietary Information;
(d) not to disclose Proprietary Information to any third party other than Recipient’s employees and agents who have a need to know for the permitted purpose and who are similarly bound (consistent with the restrictions in this Agreement) to protect the Proprietary Information;
(e) not to decompile, disassemble or otherwise reverse engineer any Proprietary Information, or use any similar means to discover its underlying composition, structure, source code or trade secrets;
(f) not to export or re-export (within the meaning of EU or other export control laws or regulations) any Proprietary Information or product thereof. Recipient shall promptly notify GDP Shield of any unauthorized use or disclosure of Proprietary Information, and shall be responsible for any breach of its confidentiality obligations by its employees and agents. The recipient will promptly notify GDP Shield if it decides not to proceed with the proposed business relationship or transaction.
This covenant shall apply to the geographical area that includes the continents of Europe, North America, South America, Asia, and Australia.
During the contractual agreement between parties and after the cancelation of Contract, Recipient:
- will not copy and reproduce, in total or in part, the business model of the GDP Shield or the concept and mechanism of the GDP Shield web-app solution;
- will not directly or indirectly engage in any restricted activity or business that competes with GDP Shield;
This covenant shall apply to the geographical area that includes the continents of Europe, North America, South America, Asia, and Australia.
During the contractual agreement between parties and after the cancelation of Contract, Recipient will not directly or indirectly solicit, induce or attempt to induce any employee of GDP Shield to terminate his or her employment with GDP Shield. Also, it will reject any employment of any ex GDP Shield employee.
This covenant shall apply to the geographical area that includes the continents of Europe, North America, South America, Asia, and Australia.
12. GOVERNING LAW
This Agreement is governed by and construed in accordance with all the applicable international laws. Exclusive jurisdiction and venue for any action arising under this Agreement are in the Courts of Justice from the headquarters of GDP Shield, and both parties hereby consent to such jurisdiction and venue for this purpose. In any action or proceeding to enforce or interpret this Agreement, the prevailing party will be entitled to recover from the other party its costs and expenses (including reasonable attorneys' fees) incurred in connection with such action or proceeding and enforcing any judgment or order obtained.
This Agreement shall govern all communications between the Parties. Recipient understands that its obligations under Paragraphs 3, 4 and 5 shall survive for a period of 5 years from the termination of the contractual relationship between the Parties.
Due to the relatively new and unique nature of the Proprietary Information (Trade Secret), Recipient agrees that any breach or threatened breach of this Agreement will cause not only financial harm to GDP Shield but also irreparable harm for which money damages will not be an adequate remedy. Therefore, GDP Shield shall be entitled, in addition to any other legal or equitable remedies, to an injunction or similar equitable relief against any such breach or threatened breach without the necessity of posting any bond.
15. ENTIRE AGREEMENT
No change, consent or waiver to this Agreement will be effective unless in writing and signed by the party against which enforcement is sought. The failure of GDP Shield to enforce its rights under this Agreement at any time for any period shall not be construed as a waiver of such rights. Unless expressly provided otherwise, each right and remedy in this Agreement is in addition to any other right or remedy, at law or in equity, and the exercise of one right or remedy will not be deemed a waiver of any other right or remedy.
In the event that any provision of this Agreement shall be determined to be illegal or unenforceable, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement shall otherwise remain in full force and effect and enforceable.
Any notice hereunder will be effective upon receipt and shall be given in writing, in English and delivered to the other party at its address given herein or at such other address designated by written notice.
18. ACKNOWLEDGMENT OF TERMS
The Customer acknowledges that they:
(a) have read this agreement prior to signing up for the corporate account;
(b) understand the terms of this agreement;
(c) have signed this agreement voluntarily, by signing up for the corporate account;
IN WITNESS WHEREOF, the Parties have executed this Agreement as of the date of the signup.