General terms and conditions

1. Validity and application of contract terms

These Terms and Conditions apply to the services and products provided by Tuonetti (the “Service Provider”) to its customers (the “Customer”). These terms are valid until further notice, replacing the previous terms of the agreement.

2. Creation, Transfer and Termination of the Agreement

The agreement is created when the Customer orders the service and the Service Provider has confirmed the order. The agreement is created when the Customer accepts the offer made by the Service Provider. Confirmation is generally made by e-mail or via the Service Provider's customer pages.

The length of the contract period is the same as the length of the billing period selected for the service. The contract will automatically renew at the end of the period, unless terminated. The contract can be terminated at any time until the due date of the new invoice, when the contract automatically expires at the end of the paid period. The Customer may terminate the service only through the Service Provider's customer pages (tuonetti.fi), or by e-mail using the main contact person's e-mail address.

The Service Provider reserves the right to terminate the contract immediately without notice if the Customer violates the terms of the contract or the provision of the service cannot be continued due to an external factor. An external factor may be, for example, but not limited to an official order or other Force Majeure situation. In such a situation, the Service Provider is not obliged to reimburse the Customer for anything, and the Service Provider has the right to withhold the advance payment or part thereof, or charge a fee for work already performed for the service ordered by the Customer.

The Customer is not authorized to transfer the Agreement to a third party without the written permission of the Service Provider. The service provider has the right to change the terms of the contract. The Customer may terminate the service in a situation where a change in the terms of the contract significantly increases the Customer's obligations or reduces the Customer's rights, and if the change is not due to a change in law or an order of an authority.

3. Payments and Billing

The Customer pays the Service Provider for the service in periods of the billing period agreed upon in connection with the order. In principle, the service provider delivers the service after receiving the payment. Invoices are sent on the basis of the billing information provided by the Customer in accordance with the billing methods provided by the service provider. The Customer is responsible for ensuring that the billing information provided by the Customer is up-to-date.

The service provider has the right to close the service if the payment has not been made by the due date. The service provider also reserves the right to cancel the service without notice if payment is not made immediately after the notice. Fees are payable (unless otherwise stated) in advance. The Service Provider reserves the right to change its pricing by notifying the Customer in advance by e-mail or on the Service Provider's website. The new prices will take effect in the Customer's next billing period. Price changes due to legal or fiscal reasons take effect immediately. Due to a change in the price list made by the Service Provider, the Customer has the right to terminate the service before the new billing period. Late payments may be subject to a late fee, as well as interest in accordance with the Interest Act. A reopening of the service may also be subject to a closed service opening fee.

3.1 30 day right of withdrawal

The customer has the right to cancel the order within 30 days of delivery of the service. Domains or other services registered with the customer are not subject to the right of withdrawal. Hourly rate services are also not subject to the right of cancellation.

If the customer cancels the service, the price of which includes the registration of the domain name, the customer will be charged for any registered domain names in accordance with the price list.

4. Provision of Services

The billing period is considered to have started when the Service Provider has sent the information and IDs required for the implementation of the service by e-mail to the Customer. Some of the order, such as, but not limited to, domain registration or transfer, may be delayed for reasons beyond the control of the Service Provider. The customer accepts the delivery, unless he complains about it electronically, or in another way instructed by the service provider, within eight (8) days of delivery.

5. Service Content, Modifications, and Production

The service provider can provide the contracted service as it wishes. The service provider also reserves the right to change the content of the service. The service provider strives to inform the customer of any changes. Changes can be made, for example, related to security, without prior notice.

The Service Provider registers the Customer's domain name through registration services maintained by third parties. The service provider only acts as a payment intermediary for registration. The domain name will be registered with the information provided by the customer, unless otherwise agreed. Customer acknowledges that it has read and agrees to the terms and conditions of the domain name registries of its choice. Payments related to domain names cannot be refunded to the Customer.

The content of the service is determined by the service description and any accompanying appendices that accompany it. The customer is responsible for the material stored on the disk space. The customer has the right to use the disk space of the service only for the storage of his / her own company / community or personal material for internet use (hereinafter “site”). Resale of the Services is prohibited, except for virtual server services, and unless a resale right has been specifically agreed.

6. Customer rights and obligations

Service resource limits may be stated and limited in the service description. If the use of resources exceeds the specified limit, the service provider reserves the right to prevent / restrict the use of the service. It is the customer's responsibility to ensure data security and, for example, that the software they use is up-to-date. The Service Provider is not responsible for any non-service program used by the Customer. The Service Provider reserves the right to prevent, by technical means, activities that violate these terms and conditions. The Customer is responsible for all damages caused to the Service Provider or third parties by his username.

The material stored on the disk space must not be contrary to Finnish law or good manners. The Service Provider reserves the right to remove the material if the material is found to be in breach of the terms of the contract. Server space is Customer Specific and cannot be shared.

The customer is responsible for having up-to-date backups of his website and emails, as well as other material stored on the service. The service provider does not guarantee the retention of information in the service. The customer has the right to keep third party advertisements on the site.

You may not use the Service for direct marketing in violation of the law or good manners by email. The Customer is responsible for all damages caused to the Service Provider or third parties by his username.

Distribution of large files related to or through the Service or other activities that significantly burden the normal use of the Site must always be agreed upon in advance with the Service Provider on a case-by-case basis.

The customer is responsible for ensuring that the username and password do not end up with third parties. The customer is responsible for all matters and misconduct committed with that username.

The Customer is obliged to read the Service and any changes to it

The service provider provides bulletins and announcements and to act accordingly.

Releases and new terms and conditions are published on the Service Provider's website (tuonetti.fi).

7. Rights and obligations of the service provider

A service is considered to be defective if it materially deviates from the features defined in the service description and the deviation materially impairs the use of the service. The Service Provider shall not be liable for any indirect or consequential damages, such as loss of profits, loss of production or turnover, damages caused by interruptions, non-performance of obligations to a third party, or other unforeseeable damages.

The Service Provider reserves the right to temporarily suspend the provision of the Service if it is necessary for repair, maintenance or other work. A security threat to the Service Provider or the Customer also entitles the Service Provider to temporarily suspend the provision of the Service.

The customer is obliged to report the error as soon as it is noticed. The customer is obliged to report the error as soon as it is noticed and to complain about it in writing no later than within seven (7) days after noticing the error. Otherwise, the customer loses the right to invoke the error.

The service provider reserves the right not to correct an error caused by the customer's own actions, such as misuse or incorrect use of the service.

Service Provider shall not be liable for errors or malfunctions caused by force majeure (force majeure), or a third party, such as, for example, networks or software of third parties existing problems, or other errors. The Service Provider is not responsible for consulting errors, problems with third-party software, or other errors.

The service provider's liability for damages is a total amount not exceeding the one (1) month service fees for the service in question in all situations.

8. Customer Information

The Customer is obliged to provide the Service Provider with the correct information when ordering the service. The Service Provider reserves the right not to provide the Service if the information is incorrect or incomplete. Changes can be made by the Customer on the Service Provider's customer pages.

9. Other terms

The agreement is between the Service Provider and the customer. The Customer undertakes to keep confidential all information related to the Agreement, the Service and / or its pricing. The Customer is responsible for ensuring that employees, subcontractors or other parties involved in the Service comply with these terms and conditions.

The service provider has the right not to assign the customer's domain name before all

The service provider's receivables from the customer have been settled.

Finnish law applies to the agreement. Disputes are primarily resolved through negotiation.

ANNEXES

  1. AGREEMENT ON THE PROCESSING OF PERSONAL DATA

AGREEMENT ON THE PROCESSING OF PERSONAL DATA

1. Subject matter and application of the Agreement

1.1. Subject of the contract

This agreement applies when the supplier processes personal data on behalf of the customer on the basis of an agreement between the parties.

1.2. Roles of the parties

The Customer is the data controller of the Customer's personal data processed in connection with the service agreed in the Agreement, which defines the purposes and means of the processing of personal data. The Supplier is a processor of personal data who processes such personal data on behalf of and for the account of the customer in the manner agreed in this processing agreement. The parties to the agreement shall specify the nature of the processing, the categories of data subjects, the types of personal data, the processing operations of the supplier and the data security procedures.

This agreement defines in a binding manner the Customer and the Supplier the terms and conditions of the agreement concerning the processing and data protection of personal data, in accordance with which the Supplier processes personal data on behalf of the Customer on behalf of the Customer. No separate compensation will be paid for the Supplier's actions and obligations described in these terms and conditions, unless otherwise agreed in these terms and conditions.

This Agreement forms part of the Agreement between the Parties (the "Master Agreement") and forms an appendix to the General Terms and Conditions. The terms of the Main Agreement shall apply to this Agreement to the extent not otherwise agreed in this Agreement. In the event of a conflict between this Agreement and the Master Agreement, this Agreement shall prevail over the processing of personal data.

The parties undertake to comply with the legislation, regulations and official regulations and instructions in force in Finland and the EU regarding the processing of personal data and, if necessary, to amend the terms of this agreement in accordance with them.

2. Purpose of the processing of personal data

2.1. The nature and purpose of the processing of the supplier's personal data

The purpose of the processing of the Supplier's personal data is 1) to ensure the availability and integrity of the data stored by the Customer in the service (eg backup and logging); 2) Secure identification of users invited by the Customer to the Service; and 3) upon request, assisting the Customer in various problem situations.

2.2. The type of personal data processed by the supplier and the groups of data subjects

The supplier handles 1) customer administrators; and 2) personal information of other users invited by the administrator. Personal information is of the type 1) contact information (name, e-mail address, telephone number); 2) technical identifiers and logs (IP addresses, login log, change log); and 3) content self-recorded by individuals (messages, recorded descriptions, etc.).

3. Principles, responsibilities and guidelines for the processing of personal data

3.1. Customer's right and responsibility in instructing the processing

The customer is responsible for the maintenance and availability of the instructions. If there are any deficiencies in the instructions, the Customer will supplement the instructions in cooperation with the Supplier.

3.2. Customer's responsibility for the lawfulness of the processing

The Customer is responsible for the personal data provided to the Supplier and the legality of their processing. The customer is also responsible for ensuring that all data subjects whose personal data are processed have been provided with the necessary, lawful notifications and information related to the processing of personal data. The customer is responsible for ensuring that the processing of personal data and its purpose and grounds comply with the Data Protection Regulation. The Customer is also responsible for ensuring that the personal data has been collected in accordance with the Data Protection Regulation and that the Customer has the right to transfer the personal data to the Supplier for processing in accordance with this processing agreement.

3.3. Data transfer outside the EU or the EEA

The Supplier has the right to transfer personal data freely within the European Union, the European Economic Area or countries identified by the European Commission as having an adequate level of data protection for the performance of the service. Unless otherwise agreed in writing, the supplier also has the right to transfer personal data outside the European Union or the European Economic Area in accordance with data protection law.

3.4. Obligation of the supplier to point out illegal instructions

The Supplier shall notify the Customer without undue delay if the instructions given by the Customer are incomplete or if the Supplier suspects that they are illegal.

Supplier's right to use anonymized information

During and after the processing, the supplier may retain and use the data generated by anonymizing personal data in the development of its operations and products. Anonymisation refers to the modification of data so that they can no longer be used to identify individuals.

4. Use of another personal data processor

4.1. The right to use subcontractors

The Supplier has the right to use subcontractors to process the Customer's personal data.

4.2. Notice of addition or change of subcontractors

Upon request, the Supplier shall notify the Customer in advance of the subcontractors that it intends to use for the processing of personal data in accordance with the Agreement.

The Customer may object to the change or addition of a subcontractor, in which case the Supplier has the right to terminate the contract with 30 days' notice.

4.3. Responsibility for the subcontractor's activities

The Supplier is responsible for the Subcontractor Processing Personal Data in accordance with this Processing Agreement and the Data Protection Legislation.

5. Confidentiality of personal information

5.1. Organization of professional secrecy

The Supplier shall ensure that all persons acting under its authority who have the right to process the Customer's personal data have undertaken to comply with the confidentiality conditions established in the agreement or are subject to a statutory obligation of confidentiality.

6. Protection of personal data

6.1. Security policies to be implemented

The Supplier shall take appropriate technical and organizational measures to protect the Customer's personal data, taking into account the risks involved in the processing, in particular the unintentional or unlawful destruction, destruction, alteration, unauthorized disclosure or access to personal data transferred, stored or otherwise processed.

The organization of safeguards shall take into account the technical options available and their costs in relation to the specific risks associated with the processing in question and the sensitivity of the personal data processed.

The customer is responsible for the appropriate and sufficient information security of the necessary equipment and IT operating environment for which he is responsible. Unless otherwise agreed, the Customer is responsible for backing up personal data and checking the functionality of the backups. The Customer is obliged to inform the Supplier of all matters related to the personal data provided by the Customer, such as risk assessments and the processing of special groups of personal data that affect the technical and organizational measures implemented in accordance with this processing agreement.

The Customer is obliged to ensure that the Supplier is informed of all matters related to the personal data provided by the Customer, such as risk assessments and the handling of special groups of persons that affect the technical and organizational measures under the agreement.

7. Assisting the data subject in exercising his rights

7.1. Assistance in processing the request

The Supplier shall assist the Customer in enabling the Customer to fulfill its obligations to respond to requests based on the rights of the data subject. Requests may require, for example, assistance from the Supplier in informing and communicating with the data subject, exercising the data subject's right of access, correcting or deleting personal data, enforcing a restriction on processing or transferring the data subject's own personal data from one system to another.

7.2. Obligation to notify upon receipt of a request

The supplier shall immediately inform the customer of all requests and inquiries from the data subject, the Data Protection Officer or another authority.

The supplier does not respond to these requests.

It is the customer's responsibility to take care of this. responding to requests.

7.3. Assistance fee

Unless otherwise agreed, the Supplier has the right to charge the Customer at the prices agreed in the contract if the assistance causes additional costs to the Supplier. The Supplier is obliged to inform the Customer in advance of any additional costs.

7.4. Inquiries from data protection authorities

The Supplier shall immediately notify the Customer of the requirements or inquiries of the data protection authority or other authorities. The Supplier is not authorized to represent the Customer or to act on behalf of the Customer with the data protection authorities supervising the Customer.

8. Assisting in information, impact assessment and prior consultation of security breaches

8.1. Reporting a security breach

Each party shall notify the other Party without undue delay of any knowledge of the breach. In connection with the notification of a security breach, the Customer shall provide the Supplier with all the information that can be considered to help in identifying, limiting or preventing the security breach.

8.2. Content of the security breach notification

Upon notification of a security breach, the Supplier shall always provide the Customer with the following information related to the security breach: a) a description of the security breach, including, where possible, the categories and estimated numbers of relevant data subjects and the types and estimated numbers of personal data (if available); (b) the contact details of the supplier's data protection officer or other person from whom further information can be obtained; (c) a description of the likely consequences of the breach; and d) a description of the measures taken by the Supplier as a result of the Security Breach and any measures taken by the Supplier to mitigate the adverse effects of the Security Breach.

The customer is responsible for the necessary notifications to the data protection authorities.

If the Security Breach is due to a reason for which the Customer is responsible, the Customer shall be liable to the Supplier for the costs arising from the Security Breach and related notices. The Supplier has the right to invoice the Customer for the costs arising from the investigations initiated at the Customer's request, which have been found to be unreasonable, in accordance with the Supplier's price list in force at the time.

9. Open information sharing and auditing rights

9.1. Right to audit

The customer or an auditor authorized by him has the right to check compliance with the obligations of the Supplier or the subcontractors used by him to process personal data. The supplier shall allow and participate in audits carried out by the controller or another auditor authorized by it.

The inspection may be performed no more than once a year and the Supplier must be notified in writing at least 30 days in advance.

The audit shall be performed in a manner that does not interfere with the obligations of the Supplier and its subcontractors vis-à-vis third parties.

Standard confidentiality commitments must be signed by the client's representatives and the auditor.

The Auditor may not be a competitor of the Supplier and the audit may not be performed after the termination of this Agreement.

9.2. Information sharing and supplier involvement

The Supplier shall participate in the performance of the inspection and provide the Inspector with the information necessary to demonstrate that the Supplier complies with the obligations specified in this Agreement. The inspector does not have the right to access the information of the Supplier's customers or partners.

9.3. Audit costs

The Customer is responsible for all costs arising from the inspection and reimburses the Supplier for the costs incurred during the inspections. If the inspections reveal significant deficiencies in the Supplier's operations, the Supplier shall bear its own costs arising from the inspections.

10. Deletion or return of personal data to the controller at the end of the processing

10.1. Deletion at the end of the contract

Upon termination or termination of the Agreement, the Supplier shall delete or return the personal data in accordance with the Customer's written request and delete all copies thereof.

Data may not be deleted if the Supplier or the authority requires the Supplier to retain personal data.

The Supplier has the right to charge the Customer for the return or destruction of personal data on an hourly basis in accordance with its price list in force at the time.

11. Entry into force of the Agreement

11.1. Signatures

The Agreement is valid for as long as the Main Agreement is valid or the parties have obligations to each other based on the Personal Data Processing Activities.

11.2. Termination of the Agreement

The agreement is valid a) for as long as the main agreement is valid or b) the parties have obligations to each other based on the processing of personal data.

Amendments to the agreement are only valid if they have been made in writing and have been confirmed by both parties by their signatures or by confirmation of the amendment sent by e-mail.

Obligations which, by their nature, are intended to remain in force regardless of the termination of this Agreement shall survive the termination of this Agreement.