Terms of Service

Plan-365 Service Terms

Updated on 19 June 2022

  1. The service and these service terms

    1. These terms of Service (the “Service Terms”), including the appendices listed below and the online order form, constitute the agreement (“Agreement”) between the customer (the "Customer" or "you") and Perjantai Markkinointiviestintä Oy, trading as Plan-365 (”Service Provider” or “we”) regarding the Customer's use of our services specified in these Service Terms (including the cloud-based or on-premises version of the plan management tool called Plan-365, www.plan-365.com website and thereto related services, and all versions and aspects of the aforesaid, which are collectively referred to as the “Service”).
    2. The Agreement regarding the Service is entered into between the Customer and the Service Provider. The Customer shall name a contact person on the online order form and the said contact person will act as the point of contact at the Customer with respect to matters concerning the Agreement. Any action made by the said contact person will be deemed as an action made by the Customer. The contact person will also act as the account administrator for the Customer.
    3. In addition to the named contact person, the Customer may authorise its employees or other individual authorised users (collectively, together with the named contact person, “Authorised Users”) to use the Service, and they must register and accept these Service Terms as a condition for their use of the Service. The Customer agrees that it is fully responsible with respect to any use of the Service by an Authorised User, including any breach by an Authorised User of these Service Terms.
    4. The Customer and each Authorised User accepts these Service Terms when they commence the use of the Service, which may include using the website, entering into the Agreement regarding the Service or otherwise utilizing the Service. If the Customer or any Authorised User does not accept these Service Terms, they shall not use the Service.
    5. The Service is intended solely for business purposes and it is not intended for users that are consumers (being an individual acting primarily for purposes other than a trade, business or profession) and the applicability of consumer protection legislation is therefore excluded. You (meaning for the purposes of this Clause the user registering and entering into the Agreement on behalf of the Customer) represent that you are 18 years of age or older and have the authority to bind the Customer entity listed on the Agreement.

  2. Account registration and activation of the service

    1. The Customer and all Authorised Users must register to use the Service. The Customer agrees to, and cause all Authorised Users to: (a) provide accurate, current and complete information as may be prompted by registration forms on the Service (“Registration Data”); (b) maintain the security of, and not share with any third party, any logins, passwords, or other credentials that the Customer or any Authorised User selects or that are provided to you or any Authorised User for use of the Service; (c) maintain and promptly update the Registration Data, and any other information the Customer or any Authorised User provides to the Service Provider, and to keep all such infor-mation accurate, current, and complete (including that any contact information is up-to-date); and (d) notify the Service Provider immediately of any unauthorised use of any Authorised User account or any other breach of security by emailing us at security@plan-365.com. The activities of an Authorised User’s account shall be at the sole responsibility of the Customer.
    2. Each Authorised User must register separately and create their own respective user account. The Customer or its Authorised Users must not create shared user accounts.
    3. The Service Provider will activate the Service without delay upon the Customer's order of the Service from the Service Provider. The Service will be available to the Customer from the aforesaid activation date, provided that the Customer has pro-cured the User Equipment and the necessary network connections as set out in Clause 5.

  3. Scope of service and service provider's obligations

    1. The Service is a cloud-based plan management tool that includes various features determined by the Service Provider from time to time. The Service Provider may make changes to the Service as described in Clause 6 below. These Service Terms exhaustively define the Service and the Service Provider's tasks, other obligations and liabilities in relation to the Service.
    2. The Service includes a description of the system requirements to be procured by the Customer for the proper functioning of the Service ("User Equipment"). The User Equipment shall be at the responsibility of the Customer
    3. The Service Provider shall deliver the Service in a professional manner with all due skill, diligence and prudence that would reasonably be expected from a professional software as a service provider and by using personnel of appropriate qualification, skills and experience. Notwithstanding the foregoing, the Service Provider does not guarantee that the Service would be error-free or provided without interruptions. The Service Provider is not obliged to provide end-user support or other similar services to the Customer or the Authorised Users.
    4. The Service Provider shall be entitled to use subcontractors in the provisioning of the Service.

  4. Service levels

    1. The Service Provider strives to provide the Service without material interruptions on a 24/7 basis. However, the Customer acknowledges that the Service may be subject to interruptions from time to time, the Service Provider does not guarantee a specific service availability level and the Service Provider does not guarantee that the Service is error-free.
    2. Furthermore, the Service may be interrupted by maintenance breaks from time to time, during which the availability of the Service may be limited or suspended. The Service Provider aims to schedule the maintenance breaks to take place primarily during weekends. For further information regarding possible suspensions, please see Clause 7.

  5. Customer's obligations

    1. The Customer shall use and shall cause its Authorised Users to use the Service in accordance with these Service Terms.
    2. Without limiting the generality of the foregoing, the Customer shall not, and shall not permit or encourage any third party to:
      1. modify, create copies or derivative works of, reverse engineer, disassemble, decompile, or otherwise attempt to derive or gain improper access to any component of the Service, in whole or in part;
      2. sell, resell, rent, “frame”, “mirror”, deep link to or lease any portion of the Service or otherwise incorporate any part of the Service into any other service without our prior written authorization;
      3. use the Service in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or applicable law or other right of any third party;
      4. interfere with or disrupt the integrity of the Service or any content or data contained therein or transmitted thereby;
      5. access, monitor, or copy any content or information from the Service using any robot, spider, scraper, or other automated means or any manual process for any purpose without our express written permission;
      6. take any action that imposes, or may impose, in our discretion, an unreasonable or disproportionately large load on the Service's infrastructure (including, without limitation, carrying out penetration tests or network stress tests without the Service Provider's prior written approval);
      7. input any virus, malware, or other harmful code into the Service; or
      8. violate any applicable local, provincial national, or international law or regulation.
    3. The Customer is responsible at its cost for procuring the User Equipment and network connections for the Service in accordance with the description provided by the Service Provider. The description and requirements for User Equipment and network connections may be subject to change as the Service is developed. The Customer acknowledges that defects in the User Equipment may cause problems in the use of the Service and that the Service Provider shall not have any responsibility for the User Equipment, network connections and/or the problems they cause.
    4. The Customer is responsible at its cost for procuring the User Equipment and network connections required for the proper functioning of the Service. The Customer acknowledges that defects in the network connections may cause problems in the use of the Service and that the Service Provider shall not have any responsibility for the network connections and/or the problems they cause.
    5. The Customer is responsible for the safe-keeping of all user names and passwords of the Service and is liable for the use of the Service with such user names and passwords. The Customer is responsible for changing the user names and passwords, if needed for example due to security reasons.
    6. The Customer shall address all inquiries regarding the Service to the Service Provider. All inquiries regarding the Service shall be made by the named contact person(s) of the Customer. The Service Provider does not have the responsibility to answer to inquiries or service requests made by other individual Authorised Users. The Service Provider has the right to require such identification documentation as it considers necessary in order to ensure that the person is the named contact person and is authorised to act on behalf of the Customer.

  6. Changes to service

    1. The Service Provider shall be entitled at its discretion to make changes (including without limitation upgrades, updates, developments and error corrections, or changes or removals to the Service's functionalities) to the Service that may affect the scope, contents, functionalities, availability, usability and/or User Equipment of the Service, provided however that the use of the Service materially for its original purpose is still possible after such changes. In addition, the Service Provider shall be entitled to make such changes to the Service that (i) are necessary to prevent or repair a data security risk of the Service, or (ii) result from a change in the mandatory laws or regulations by competent authorities. The Service Provider will use reasonable efforts to notify you of any material changes to the Service in advance. In the event of material changes to the Service, the Service Provider may provide further instructions to you with respect to any actions required by you in order to continue access and use of the Service, if necessary.

  7. Suspension and restriction of access

    1. The Service Provider shall have the right to suspend the Service for a reasonable duration, if such suspension is necessary in order to perform changes to the Service and/or maintenance in respect of the Service. The Service Provider shall use reasonable endeavours to perform the changes and maintenance in respect of the Service during the maintenance breaks specified in Clause 4.2, provided however that the Service Provider shall also be entitled to suspend the Service during other times, if the changes and/or the maintenance is not possible to be performed during such maintenance breaks, for example, due to security issues or other urgent needs. The Service Provider will strive to minimise any inconvenience resulting from the suspension for the use of the Service.
    2. The Service Provider shall have the right to prevent the Customer's or any of its Authorised User's access to the Service, if the Service Provider in its reasonable opinion suspects that (i) the Customer or an Authorised User burdens or uses the Service in a manner that jeopardises the delivery of the Service to other users, (ii) the Customer or an Authorised User uses the Service in breach of these Service Terms, or (iii) the user account is being used by an unauthorised person or otherwise unlawfully.

  8. Fees and payment terms

    1. The fees payable by the Customer for the Service, as well as the payment terms of such fees, are agreed between the Service Provider and the Customer in the online order form or otherwise in connection with the sale and purchase of the Service. The fees may vary depending on the length, version or features of the Customer's subscription. The Service Provider may also at its discretion offer a free version of the Service. The Service Provider reserves the right to change pricing from time to time at its discretion. The Service Provider will communicate the amended prices via the Service or otherwise in writing (including by email) in advance. The new prices will be effective for the Customer starting from the next renewal of the Customer's subscription (see section 13.3).
    2. All fees for the Service are due at the beginning of each subscription period or renewal thereof.
    3. Unless otherwise specified, all fees are in Euros. All fees are exclusive of all taxes, levies, or duties (including but not limited to value-added tax) imposed by competent authorities if not stated otherwise. If such taxes, levies or duties are imposed, the Customer shall gross-up the payment of the fees to the Service Provider so that the amount received by the Service Provider will be the same than what it would have been without the taxes, levies or duties imposed.
    4. The Service Provider may at its discretion offer various payment methods, including payment by credit card. The Customer shall ensure that the provided credit card is valid throughout the validity of the Agreement and that the payments can be processed.
    5. When the Customer purchases the Services and enters into the Agreement, the Customer authorises the Service Provider or its third party payment processors to charge the credit card identified by the Customer (which the Customers represents and warrants that it is authorised to use) all applicable fees for the Service, including all applicable taxes, and the Customer agrees that the Service Provider's payment provider can store the Customer's credit card information for that purpose. The Service Provider use a third-party payment processor for all purhases. The Customer's order is processed by our online reseller and Merchant of Record, Paddle (paddle.com), who may also handle all customer services enquiries and returns. More information can be found in Paddle’s Terms and Conditions and Privacy Policy. The Service Provider is not responsible for any and all errors by the payment processors and does not accept any responsibility for the acts and omissions of the payment service provider.
    6. If the Service Provider does not receive payment from your credit card provider, the Customer agrees to pay all amounts due upon demand and the Service Provider may suspend the Customer and Authorised Users' access to the Service until full payment is received or terminate the Agreement. All sales are final and the Service Provider will not issue refunds, including for prepaid monthly fees.

  9. Intellectual property rights

    1. All intellectual property rights in and to the Service, including any changes, modifications and further developments of the Service, shall vest in and remain the sole and exclusive property of the Service Provider or third parties.
    2. The Service Provider grants to the Customer a non-exclusive and limited right to use the Service for its internal business purposes in accordance with these Service Terms and the Agreement. The Customer's right to use the Service terminates automatically without separate notice immediately when the Customer's Service subscription ends or when the Agreement is otherwise discontinued or terminated for any reason.
    3. All intellectual property rights in and to the data and materials stored by the Customer in the Service shall vest in the Customer. The Service Provider shall be entitled to use such data and materials for the purposes of providing the Service to the Customer. In addition, the Service Provider shall have the right to use such data in aggregated form for its internal product development purposes.

  10. IPR infringements

    1. Subject to section 16, the Service Provider holds the Customer harmless against claims made by a third party (excluding the Customer's affiliates) that are attributable to an infringement of such third party's copyright by the Service ("Claim"), provided that the Customer informs the Service Provider in writing of such Claim immediately (and in any case within fourteen (14) days of receiving such Claim from the third party) by email at legal@plan-365.com and that the Customer grants all necessary authorisations and assistance to the Service Provider to handle such Claims. The Service Provider shall have the right to decide how the Claim is handled and conduct any proceedings and negotiations in relation to the Claim in its sole discretion. The Service Provider shall pay to the third party making the Claim damages finally awarded by a court of competence and/or agreed to by the Service Provider in its sole discretion as a part of a settlement with the third party. The Customer shall not be entitled to admit any liability in relation to the Claim and/or settle the Claim without the Service Provider's express prior written consent. The Service Provider's liability for infringement of intellectual property rights by the Service is limited to this Clause 10.1 and the Service Provider shall have no other liability towards the Customer in relation to such infringement.
    2. In case of a Claim, the Service Provider may, in its discretion and at its own expense modify the Service in order to eliminate the infringement. If such modification is not commercially reasonable or otherwise possible, the Customer shall at the written re-quest of the Service Provider cease using the Service immediately upon such request.
    3. The Customer shall be responsible for ensuring that the data and materials stored by the Customer in the Service do not infringe any third party rights or violate any legislation in force from time, and the Service Provider shall have no responsibility for the same or any data or materials stored or processed by other customers or third parties in connection with the Service. The Customer shall indemnify and hold the Ser-vice Provider harmless against all claims made by a third party towards the Service Provider that are attributable to an infringement of third party's intellectual property or other rights by such data and/or materials and shall bear all costs and damages (including those of the Service Provider) in relation to such claims.
    4. The Service may contain links or interfaces to websites, services and content of third parties, including but not limited to Amazon web services or other cloud storage services. The Service Provider does not have any control over any third-party services or content and shall have no responsibility for the same, including that it will not have any responsibility to update or review any such web pages or third-party content. Additionally, if you follow a link or otherwise navigate away from the Service, please be aware that these Service Terms will no longer apply.

  11. Feedback

    1. Any feedback, comments, suggestions, ideas, or other information provided by the Customer or any Authorised Users in the form of email or other submissions to the Service Provider (collectively “Feedback”), are non-confidential and you hereby grant to us and our subcontractors and affiliates a non-exclusive, royalty-free, perpetual, irrevocable, and transferable right to use the Feedback for any purpose without compensation or attribution to you. You may send Feedback to feedback@plan-365.com.

  12. Data security and data protection

    1. The Service Provider will apply appropriate data security measures to the Service. The Service Provider shall be entitled to disconnect, suspend and/or otherwise limit the use of the Service in case of data security breaches or other data security issues of the Service.
    2. Both parties shall comply with the applicable Finnish and EU data and privacy laws and regulations, including the General Data Protection Regulation (Regulation (EU) 2016/679) in relation to the Service. The Service Provider will act as the data controller with respect to the subscription data collected or received in connection with the Agreement from the Customer or any Authorised Users (including e.g. names, contact information and payment details). With respect to the personal data stored by the Customer to the service, the Service Provider will act as the data processor and the Customer will be the data controller. The Data Processing Agreement attached as Schedule 2 to these Service Terms sets forth the parties’ obligations regarding data protection and compliance with data protection laws.
    3. The Service Provider is not obliged to make backup copies of the data stored by the Customer to the Service. In the event of any loss or destruction of any data by the Customer, the Service Provider does not have the responsibility to assist or retrieve copies of the Customer's data and does not guarantee the availability of any backup copies.

  13. Term and termination; automatic renewal; extraction of customer data

    1. These Service Terms become applicable between the Service Provider and the Customer when the Service is activated by the Service Provider in accordance with Clause 2 and shall apply between the parties during the entire period the Customer uses the Service.
    2. The term of the Agreement shall be specified in the online order form. Your Agreement for the Service is automatically renewable as set forth in Clause 13.3 below..
    3. Your subscription to the Service will remain in effect and will be renewed automatically for a new subscription period of similar length at the end of each subscription period unless you terminate your subscription in accordance with Clause 13.4 before the end of the then ongoing subscription period or we terminate it. If you do not terminate your subscription before the end of the then-ongoing subscription period, your subscription will automatically continue and you will be liable to pay the fees for the following renewal subscription period.
    4. The termination of the Agreement by the Customer shall be made by using the termination functionality on the Service located in the "account" section of the Service. The Service Provider will not accept terminations of the Service by other means. You have the right to use the Service and will be liable to pay the Service fees until the end of the subscription period. The Service Provider may terminate the Agreement by informing the Customer by email or in connection with the Service.
    5. Upon the termination or expiration of the Agreement, the Customer must immediately at the end of the subscription period stop using the Service. The Customer must ensure that it has extracted its data from the Service in accordance with Clause 13.7 prior to the expiry or termination of the Agreement.
    6. The Service Provider shall have the right to terminate the Customer's right to use the Service and, therefore, these Service Terms for cause with immediate effect, if the Customer:
      1. commits a material breach of these Service Terms, and if such breach is remediable fails to remedy such breach within thirty (30) days of receiving a written notice thereof; or
      2. becomes bankrupt or insolvent or enters into a compulsory or voluntary liquidation or reorganisation proceedings, or has a receiver or administrator appointed over the whole or part of its assets.
    7. When the Customer's use of the Service is terminated for any reason, the Customer is responsible for extracting the Customer's data and materials stored in the Service at its own cost and risk. The Service includes a functionality that allows the Customer to carry out the data extraction on its own. The Service Provider is not obliged to assist the Customer in extracting the Customer data from the Service.
    8. The Service Provider will retain the Customer's data and materials for a period of maximum 30 days after the termination or expiry of the Agreement and is not obliged to retain the Customer's data and materials beyond such period. The Service Provider may request a payment determined by the Service Provider for assistance requested by the Customer for the extraction of the data after the termination date.

  14. Customer reference

    1. The Customer agrees that the Service Provider may use the Customer's name and logo to identify the Customer as a customer of the Service Provider. The Customer may revoke such right at any time by contacting us at legal@plan-365.com.

  15. No warranties

    1. The Service is provided "as is", without any warranties. Except for any warranties expressly included in these Service Terms, the Service Provider disclaims all war-ranties, to the maximum extent permitted by law, express or implied, with respect to the Service, including any warranties of merchantability, non-infringement, or fitness for a particular purpose and we do not warrant the accuracy of any data provided in connection with the Service, or that the Service is free of errors.

  16. Limitation of liability

    1. Neither party shall be liable for any indirect loss and/or damage, including but not limited to any loss of business, profits or loss of data.
    2. The Service Provider's total aggregate liability for direct loss and/or damage under or in relation to these Service Terms shall in all cases be limited to an amount of 1000 euros or the amount of the Customer's fees for the Service for a period of 6 months, whichever is lower.
    3. The limitations of liability shall not apply if the damage and/or loss is caused by wilful misconduct or gross negligence by a party.
    4. Any claims by the Customer under the Agreement shall be made without delay by the contact person appointed by the Customer on the online order form upon the Customer becoming aware of any breach of the Agreement by the Service Provider to the email address legal@plan-365.com. The Service Provider will only be liable to-wards the Customer, and not towards any individual Authorised Users.

  17. Force majeure

    1. Neither Party shall be liable to the other for any delay or non-performance of its obligations under these Service Terms in the event and to the extent that such delay or non-performance is due to an event of force majeure. Events of force majeure are events beyond the reasonable control of a party and which were not reasonably foreseeable at the time of activation of the Service in accordance with Clause 2 and whose effects are not capable of being overcome without unreasonable expense and/or loss of time to the party concerned. Events of force majeure shall include, for example, war, acts of government, natural disasters, epidemics, pandemics, fire, breakdown on telecommunications infrastructure and explosions and labour disputes.
    2. If an event of force majeure results in delay or non-performance of a party for a period of ninety (90) days or longer, the other party shall in its sole discretion have the right to terminate the use of the Service, and therefore these Service Terms, by providing a written notice thereof to the other party without either party having any liability towards the other party due to such termination.

  18. Other provisions

    1. Each party agrees to keep confidential and not to disclose to any third party any information received from the other party in connection with the use of the Service or the Agreement. The Service Provider is entitled to use the Customer's confidential in-formation and disclose it to third parties if and to the extent required to provide the Service in accordance with these Service Terms or if ordered by a competent court or authority to do so..
    2. The Customer shall not be entitled to assign the Agreement and/or the right to use the Service, to a third party (except to with regard to right to use the Service, to an Authorised User). The Service Provider shall be entitled to assign the Agreement to a company belonging to the same group of companies as the Service Provider or to a third party, for example, in connection with a business transfer or other corporate re-organisation.
    3. These Service Terms represent the entire agreement and understanding between the parties with respect to the subject matter hereof, and supersede all prior agreements, negotiations and understandings between the parties, whether in writing or oral, with respect to the subject matter hereof.
    4. The Service Provider reserves the right to make changes to these Service Terms. The Service Provider will communicate the changes to the Service Terms via the Service or otherwise in writing to the Customer in advance. The Customer is deemed to have accepted the changes if the Customer continues using the Service.
    5. The Service Provider may at its discretion send to the Customer and its Authorised Users information by email regarding new features of the Service or similar services. The Customer may unsubscribe such emails in its account settings or in connection with each message.
    6. The Customer shall address all notices and other communication in connection with these Service Terms in English to the following email address of the Service Provider, legal@plan-365.com. The Service Provider will send all notices to the Customer through the Service or by email.

  19. Governing law and disputes

    1. These Service Terms shall be governed by and construed in accordance with the laws of Finland, excluding its choice of law provisions.
    2. Any dispute, controversy or claim arising out of or relating to these Service Terms, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one (1). The seat of arbitration shall be Turku, Finland.

Schedule: data processing agreement

  1. Background and purpose

    1. In this Data Processing Agreement ("DPA") the Service Provider and the Customer agree on terms and conditions under which the Service Provider ("Processor") shall process personal data on behalf of the Customer ("Controller") jointly referred to as "Parties" or individually as the "Party". This DPA relates to the Agreement (as defined above) according to which the Controller shall use the services provided by the Processor as specified in the Agreement.
    2. In the event of any conflict between the terms of the Agreement and the terms of this DPA, the terms of this DPA shall primarily prevail.

  2. Definitions

    1. Unless otherwise provided the words and expressions defined in, and the rules of interpretation of, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation") shall have the same meaning in this Agreement.
    2. "Data Protection Provisions" means the General Data Protection Regulation and other applicable European Union or national EU countries' data protection laws.

  3. Responsibilities of the processor

    With this DPA, the Parties agree as follows:

    1. The Processor shall:
      1. process the personal data only on the Controller's behalf and in accordance with the Data Protection Provisions and this DPA;
      2. carry out possible transfers of personal data to a third party or to a country outside the European Union or the European Economic Area only in accordance with the Data Protection Provisions and this DPA;
      3. process the personal data only on documented instructions provided by the Controller from time to time, including with regard to transfers of personal data to a third country or an international organisation, unless and to the extent required to do so by mandatory European Union or national law to which the Processor is subject, in which case the Processor shall inform the Controller of such legal requirement before processing, unless and to the extent such law prohibits such information on important grounds of public interest. The Parties acknowledge and agree that this DPA and the Agreement contain the instructions provided by the Controller and all possible amendments to the instructions shall be agreed in writing between the Parties;
      4. ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
      5. take all security measures required pursuant to the Data Protection Provisions, including the mandatory security measures applicable to the Processor as required by the Article 32 of the General Data Protection Regulation;
      6. assist the Controller by appropriate technical and organisational measures and at the Controller's expense, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subjects' rights laid down in the Data Protection Provisions, including Chapter III of the General Data Protection Regulation;
      7. reasonably assist the Controller, at the request of and at the expense of the Controller, in ensuring compliance with the Controller's obligations pursuant to the Data Protection Provisions, including Articles 32 to 36 of the General Data Protection Regulation, taking into account the nature of processing and the information available to the Processor;
      8. at the choice and at the expense of the Controller, delete or return all the personal data to the Controller after the end of the provision of services relating to processing and delete existing copies, unless and to the extent mandatory European Union or national law to which the Processor is subject requires storage of the personal data; and
      9. make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and in the Data Protection Provisions and allow for, and contribute to, audits, including inspections, conducted by an auditor mandated by the Controller, provided that the Controller and the auditor enters into a confidentiality agreement with the Processor.
    2. The Processor shall notify the Controller without undue delay if:
      1. it becomes aware of a personal data breach; or
      2. in its opinion, an instruction referred to in Section 3.1.3 infringes any of the Data Protection Provisions. For the avoidance of doubt, the Parties acknowledge and agree that the Controller shall be responsible for ensuring that the instructions are in accordance with the Data Protection Provisions.
    3. The Processor may engage another processor when fulfilling its contractual obligations and for this purpose, transfer personal data in accordance with the Data Protection Provisions, without a separate, prior authorisation of the Controller, also to a country outside the European Union or the European Economic Area. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other processors (e.g. on its website). Where the Processor engages another processor, it shall:
      1. only use processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Data Protection Provisions and ensure the protection of the rights of the data subject; and
      2. impose, by way of a contract, at least the same or corresponding data protection obligations as set out in this DPA on any such processor.

      Should any such processor fail to fulfil its data protection obligations, the Processor shall remain liable to the Controller for the performance of any such processor's obligations. The Processor shall inform the Controller in writing (e.g. on its website) of any intended changes concerning the addition or replacement of other processors, and the Controller shall have the right to ob-ject to such changes.

    4. Unless otherwise agreed in the Agreement, the Processor shall be entitled to charge, at an hourly rate and according to its pricing applicable from time to time, for the actions taken and concerning the obligations set out in this DPA.

  4. Rights and responsibilities of the controller

    1. The Controller shall process the personal data in compliance with the Data Protection Provisions and good data processing practise. The Controller shall be obligated, at its own expense, to give documented instructions and all necessary information to the Processor on the processing of personal data, which instructions and information shall be binding on the Processor. In the event the Processor is not able to adhere to the instructions, it shall notify the Controller without delay. The Controller shall be responsible for all the responsibilities of the controller in relation to the data subjects and to the Processor, based on the Data Protection Rules.
    2. The Controller represents and warrants and is responsible for ensuring that it has the right to give to the Processor, all personal data received by the Controller under the Agreement and this DPA. The Controller authorizes the Processor to process the disclosed personal data in accordance with the Agreement and this DPA.

  5. Specifying the processed data

    1. The subject-matter and duration of the processing, the nature and purposes of the processing, the type of personal data and categories of data subjects shall be specified in the Annex to this DPA. The Annex shall constitute an integral part of this DPA.

  6. Limitation of liability

    1. The limitations of liability agreed in the Agreement shall also apply to this DPA.

  7. Term and termination

    1. This DPA shall apply during the period of time that the Agreement is in force and shall continue to be in effect until the Agreement has been terminated and the Processor has completed all of its obligations pursuant to the Agreement.

  8. Governing law and dispute resolution

    1. This DPA shall be governed by and construed in accordance with the laws of Finland.
    2. Any claim, controversy or dispute arising out of or relating to this DPA shall be finally settled by arbitration in accordance with the Arbitration Rules of the of the Finland Chamber of Commerce. The arbitral tribunal shall be comprised of one arbitrator. The place of arbitration shall be Turku, Finland and the arbitration proceedings shall be conducted in the Finnish language.
    3. In case any claim, controversy or dispute relates to the Agreement in addition to this DPA, it shall be finally settled, notwithstanding the Sections 8.1 and 8.2 agreed above, pursuant to the dispute resolution terms of the Agreement with regard to both the Agreement and the DPA.

Annex to the data processing agreement

The processing operations concern the following types of personal data:

The personal data processed concern the following categories of data subjects:

  1. Nature, duration and purposes of the data processing

    1. For the duration of the Agreement (unless otherwise specified below), the Processor agrees to process personal data on behalf of the Controller in accordance with the terms and conditions set out in the Data Protection Provisions to offer the services pursuant to the Agreement, as follows:
      1. The cloud-based plan management tool called Plan-365, www.plan-365.com website and thereto related services as defined in the Agreement (including hosting of the said service and service content on Amazon Web Services or another third party cloud platform)

  2. Categories of data

    1. Contact details, such as names (including also company/organisation names), email addresses, phone numbers and addresses;
    2. Online identifiers, such as internet protocol addresses, device identifiers, client identifiers;
    3. Other personal data submitted by the Controller to the services within the scope of the Agreement.

  3. Data subjects

    1. Controller's users' personal data stored by the Controller to the service.

Plan-365 -vuosikelloa käyttävät jo