1. Validity and application of the terms of the contract
These Terms and Conditions apply to services and products provided by Tuonetti("Service Provider") to its customers ("Customer"). These terms and conditions are valid until further notice, replacing the previous terms and conditions.
2. Creation, transfer and termination of the contract
The contract is created when the Customer orders the service and the Service Provider has confirmed the order. The contract is concluded when the Customer accepts the offer made by the Service Provider. Confirmation is usually made by e-mail or via the Service Provider's customer website.
The length of the contract period is the same as the length of the billing period selected for the service. The contract is automatically renewed at the end of the season if it has not been terminated. The contract can be terminated at any time up to the due date of the new invoice, in which case the contract will automatically expire at the end of the paid period. The Customer may terminate the service only through the Service Provider's customer website (tuonetti.fi), or by e-mail using the e-mail address of the main contact person.
The Service Provider reserves the right to terminate the contract immediately without notice if the Customer breaches the terms of the contract or the service cannot be continued due to an external factor. An external factor can be, but is not limited to, an order from the authorities or other Force Majeure situation. In such a situation, the Service Provider is not obliged to compensate the Customer for anything, and the Service Provider has the right to retain all or part of the advance payment, or to charge a fee for work already performed for the service ordered by the Customer.
The Customer is not allowed to transfer the contract to a third party without the written permission of the Service Provider. The Service Provider has the right to change the terms and conditions of the contract. The Customer may terminate the service if a change in the terms of the contract significantly increases the Customer's obligations or reduces the Customer's rights, and if the change is not due to a change in the law or an order of a public authority.
3. Fees and billing
The Customer shall pay the Service Provider for the Service in periods during the billing period agreed upon in the subscription. In principle, the service will be provided by the service provider after receipt of payment. Invoices are sent based on the billing information provided by the Customer in accordance with the billing methods offered by the service provider. The Customer is responsible for ensuring that the billing information provided by the Customer is up to date.
The Service Provider has the right to close the Service if payment is not made by the due date. The Service Provider also reserves the right to terminate the Service without notice if payment is not made immediately after notification. Fees are payable in advance (unless otherwise stated). The Service Provider reserves the right to change its pricing by notifying the Customer in advance by email or on the Service Provider's website. The new prices will take effect in the Customer's next billing cycle. Price changes due to legislative or fiscal reasons will take effect immediately. The Customer has the right to terminate the service before the new billing period due to a change in the price list made by the Service Provider. A late fee may be charged for late payments, as well as interest in accordance with the Interest Act. You may also be charged a fee for reopening a closed service.
3.1 30-day right of withdrawal
The customer has the right to cancel the order within 30 days of the delivery of the service. Domain names or other services registered with the customer are not subject to the right of withdrawal. Hourly services are also not covered by the right of withdrawal.
If the customer cancels a service whose price includes the registration of a domain name, the customer will be charged for any domain names registered in accordance with the price list.
4. Delivery of services
The billing period is deemed to have started when the Service Provider has sent the information and IDs required to activate the service to the Customer by e-mail. Part of the order, such as, but not limited to, the registration or transfer of domain names, may be delayed for reasons beyond the control of the Service Provider. The Customer accepts the delivery, unless he/she complains about it electronically, or in any other way instructed by the Service Provider, within eight (8) days of delivery.
5. Content, changes and provision of the service
The service provider may provide the contracted service in any way it wishes. The Service Provider also reserves the right to change the content of the Service. The service provider will endeavour to inform the customer of any changes. Changes can be made, for example to security, without prior notification.
The Service Provider registers the Customer's domain name through third party registration services. The service provider only acts as a payment intermediary for the registration. Unless otherwise agreed, the domain name will be registered using the information provided by the customer. You declare that you have read and accept the terms and conditions of the domain name registries you have chosen. Fees for domain names are non-refundable to the Customer.
The content of the service is determined by the service description and any accompanying annexes. The customer is responsible for the material stored on the disk space. The customer is entitled to use the disk space of the service only for the storage of his/her own business/community or personal material for internet use (hereinafter "website"). Resale of the Services is prohibited, except for virtual server services, and unless resale rights are expressly agreed.
6. Customer rights and obligations
The resource limits of the service may be indicated and limited in the service description. If the use of resources exceeds the specified limit, the provider reserves the right to block/restrict the use of the service. It is the customer's responsibility to ensure security and, for example, that the software they use is up to date. The Service Provider is not responsible for any non-service software used by the Customer. The Service Provider reserves the right to prevent by technical means any activity that violates these Terms and Conditions. The Customer shall be fully liable for any damage caused to the Service Provider or third parties by his/her user ID.
The material stored on the disk space must not be contrary to Finnish law or good practice. The storage of erotic, pornographic, racist, defamatory and extremist material on the disk space is strictly prohibited. The Service Provider reserves the right to remove any material deemed to be in breach of the terms of the Agreement. The server space is Client-specific and cannot be shared.
You are responsible for ensuring that you have up-to-date backups of your website and emails, and other material stored on the Service. The service provider does not guarantee the preservation of the data in the service. The customer has the right to display third party advertisements on the site.
You may not use the Service for direct marketing by e-mail in violation of law or morality. Sending spam is prohibited. This includes, in particular, sending illegal, unwanted advertising to third parties. When sending e-mail messages, it is prohibited to provide false information about the sender or otherwise conceal the sender's identity. The Customer shall be fully liable for any damage caused to the Service Provider or third parties by his/her user ID.
The distribution of large files related to or through the Service or other activities that significantly increase the load on the normal use of the website must always be agreed in advance with the Service Provider on a case-by-case basis.
You are responsible for ensuring that your username and password are not disclosed to third parties. The customer is responsible for all actions and misconduct under that username.
The Customer is obliged to read and act in accordance with the information and notices provided by the Service Provider concerning the Service and any changes that may be made to it.
Notices and new terms and conditions will be published on the Service Provider's website (tuonetti.fi).
7. Rights and obligations of the service provider
A service is considered to be defective if it deviates substantially from the characteristics defined in the service description and the deviation substantially hinders the use of the service. The Service Provider is not liable for indirect or consequential damages, such as loss of profit, loss of production or turnover, damages caused by interruption, failure to fulfil obligations to third parties, or any other unforeseeable damage.
The Service Provider reserves the right to temporarily suspend the provision of the Service if necessary for repair, maintenance or other work. A security threat to the Service Provider or the Customer also entitles the Service Provider to temporarily suspend the provision of the Service.
The customer is obliged to report the error as soon as he/she notices it. The customer is obliged to report the error as soon as he/she notices it and to complain about it in writing within seven (7) days of noticing the error. Otherwise, the customer loses the right to claim the error.
The Service Provider reserves the right not to correct an error caused by the Customer's own actions, such as misconduct or incorrect use of the Service.
The Service Provider is not responsible for errors or interruptions in service caused by force majeure, third party actions, such as problems with third party networks or software, or other errors. The Service Provider is not responsible for consultant errors, problems with third party software, or other errors.
The total liability of the service provider for damages shall not exceed the amount of one (1) month's charges for the service in question in all circumstances.
8. Customer information
It is the Customer's responsibility to provide the Service Provider with correct information when ordering the service. The Service Provider reserves the right not to provide the Service if the information is incorrect or incomplete. Changes can be made by the Customer on the Service Provider's customer website.
9. Other terms and conditions
The Agreement is between the Service Provider and the Customer. The Customer agrees to keep confidential all information relating to the Agreement, the Service and/or its pricing. The Customer is responsible for ensuring that any employees, subcontractors or other parties involved in the Service comply with these Terms.
The Service Provider has the right not to transfer the Customer's domain name until all claims of the Service Provider against the Customer have been settled.
The contract is governed by Finnish law. Disputes will be resolved primarily through negotiation.
- PERSONAL DATA PROCESSING AGREEMENT
PERSONAL DATA PROCESSING AGREEMENT
1. Scope and application of the agreement
1.1. Subject of the contract
This Agreement applies where the Supplier processes personal data on behalf of the Customer on the basis of a contract between the parties.
1.2. Roles of the parties
The Customer is the controller of the Customer's personal data processed in connection with the service agreed in the Contract, who determines the purposes and means of the processing of personal data. The Supplier is the processor of the personal data, which processes the personal data on behalf of and on behalf of the Customer as agreed in this Processing Agreement. In the contract, the parties shall specify the nature of the processing, the categories of data subjects, the types of personal data, the processing activities of the supplier and the security procedures.
This Agreement defines the contractual terms and conditions for the processing of personal data and data protection, binding on the Customer and the Supplier, under which the Supplier processes personal data on behalf of the Customer on behalf of the Customer. Unless otherwise agreed in these Terms, no separate compensation will be paid for the Supplier's actions and obligations described in these Terms.
This Agreement forms part of the agreement between the Parties (the "Main Agreement") and constitutes an annex to the General Terms and Conditions. The terms of the Main Agreement shall apply to this Agreement to the extent not otherwise agreed in this Agreement. In the event of any conflict between this Agreement and the Main Agreement, this Agreement shall prevail with respect to the processing of personal data.
The Parties undertake to comply with the legislation, regulations and instructions of the authorities in force in Finland and the EU at the time regarding the processing of personal data and, if necessary, to amend the terms of this Agreement in accordance with them.
2. Purpose of processing personal data
2.1. Nature and purpose of the Supplier's processing of personal data
The purpose of the Supplier's processing of personal data is to. 1) ensure the availability and integrity of the data stored by the Customer in the Service (including backup and logging); 2) Secure identification of users invited to the service by the customer; and 3) on request Helping the client in various problem situations.
2.2. Type of personal data processed by the Supplier and categories of data subjects
The supplier deals with 1) the customer's end users; and 2) personal data of other users invited by the root user. Personal data are of the type 1) contact information (name, email address, phone number); 2) technical identifiers and logs (IP addresses, login log, change log); and 3) content recorded by the individuals themselves (messages, recorded descriptions, etc.).
3. Principles, responsibilities and guidelines for the processing of personal data
3.1. The customer's right and responsibility in providing instructions for processing
The customer is responsible for the maintenance and availability of the guidelines. If the instructions are incomplete, the Customer shall complete the instructions in cooperation with the Supplier.
3.2. Customer responsibility for the lawfulness of processing
The Customer is responsible for the personal data provided to the Supplier and for the lawfulness of their processing. The customer is also responsible for ensuring that all data subjects whose personal data are processed have been provided with the necessary, lawful notices and information regarding the processing of personal data. The customer is responsible for ensuring that the processing of personal data and its purposes and grounds are in compliance with the GDPR. The Customer is also responsible for ensuring that the personal data has been collected in accordance with the GDPR and that the Customer has the right to transfer the personal data to the Supplier for processing in accordance with this Processing Agreement.
3.3. Transfer of data outside the EU or EEA
The Supplier is entitled to freely transfer personal data within the European Union, the European Economic Area or any country that the European Commission deems to have an adequate level of data protection for the purposes of providing the service. Unless otherwise agreed in writing, the Supplier also has the right to transfer personal data outside the European Union or the European Economic Area in accordance with data protection legislation.
3.4. Supplier's obligation to point out unlawful instructions
The Supplier shall inform the Customer without undue delay if the instructions provided by the Customer are incomplete or if the Supplier suspects them to be unlawful.
Supplier's right to use anonymised data
During and after the processing, the Supplier may retain and use the data generated from the personal data by anonymisation for the development of its activities and products. Anonymisation is the modification of data in such a way that they can no longer be used to identify individuals by any means.
4. Use of another processor
4.1. Right to use subcontractors
The Supplier has the right to use subcontractors to process the Customer's personal data.
4.2. Notification of addition or change of subcontractors
Upon request, the Supplier shall inform the Customer in advance of the subcontractors it intends to use for the processing of personal data under the Contract.
The Customer may object to the replacement or addition of a subcontractor, in which case the Supplier has the right to terminate the contract with 30 days' notice.
4.3. Responsibility for the subcontractor's activities
The Supplier is responsible for ensuring that the subcontractor processes the Personal Data in accordance with this Processing Agreement and the Data Protection Legislation.
5. Confidentiality of personal data
5.1. Organisation of confidentiality
The Supplier shall ensure that all persons under its authority who are entitled to process the Customer's personal data are bound by the confidentiality conditions set out in the contract or are subject to a legal obligation of confidentiality.
6. Protection of personal data
6.1. Safety practices to be implemented
The Supplier shall take appropriate technical and organisational measures to protect the Customer's personal data, taking into account the risks inherent in the processing, in particular accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
The organisation of the safeguards will take into account the technical options available and their cost in relation to the specific risks associated with the processing at hand and the sensitivity of the personal data processed.
The customer is responsible for the appropriate and adequate security of the necessary equipment and IT environment under his responsibility. Unless otherwise agreed, the Customer is responsible for backing up the personal data and checking the functionality of the backups. The Customer is obliged to inform the Supplier of all aspects of the personal data provided by the Customer, such as risk assessments and the processing of special categories of personal data, which affect the technical and organisational measures to be taken under this Processing Agreement.
The Customer is obliged to ensure that the Supplier is informed of all matters relating to the personal data provided by the Customer, such as risk assessments and the processing of special categories of persons, which affect the technical and organisational measures provided for in the contract.
7. Helping the data subject to exercise his or her rights
7.1. Assistance in dealing with the request
The Supplier shall assist the Customer in order to enable the Customer to fulfil its obligation to respond to requests based on the rights of the data subject. Requests may require the Supplier to, for example, assist the data subject with information and communication, exercise the data subject's right of access, rectify or erase personal data, restrict processing or transfer the data subject's own personal data from one system to another.
7.2. Obligation to notify on receipt of a request
The Supplier shall promptly inform the Customer of any requests and enquiries from data subjects, the Data Protection Ombudsman or any other authority.
The supplier itself does not respond to these requests.
It is the customer's responsibility to take care of the following. responding to requests.
7.3. Charges for assistance
Unless otherwise agreed, the Supplier has the right to charge the Customer at the prices agreed in the contract if the assistance causes additional costs to the Supplier.The Supplier is obliged to inform the Customer in advance of any additional costs.
7.4. Enquiries to data protection authorities
The Supplier shall inform the Customer without delay of any requests or enquiries from the data protection authority or other authorities. The Supplier is not authorised to represent the Customer or to act on the Customer's behalf with the data protection authorities supervising the Customer.
8. Helping to inform, assess the impact of and consult on security breaches
8.1. Reporting a data breach
The Contracting Party shall notify the other Contracting Party without undue delay of any breach of security of which it becomes aware. When reporting a security breach, the Customer shall provide the Supplier with all information that can be considered helpful in detecting, limiting or preventing a security breach.
8.2. Content of a data breach notification
The Supplier shall always provide the Customer with the following information related to the data breach when notifying the Customer of a data breach: (a) a description of the Data Breach, including, where possible, the categories and estimated numbers of data subjects affected and the categories and estimated numbers of types of personal data (to the extent such information is available to the Supplier); (b) Contact details of the supplier's data protection officer or other person who can provide further information; c) a description of the likely consequences of the Data Breach; and (d) a description of the measures taken by the Supplier in response to the Data Breach and any measures taken by the Supplier to mitigate the adverse effects of the Data Breach.
The customer is responsible for making the necessary notifications to the data protection authorities.
If the Data Breach is caused by a cause attributable to the Customer, the Customer shall be liable to the Supplier for the costs of the Data Breach and any notification thereof. The Supplier shall be entitled to charge the Customer for the costs arising from investigations initiated at the Customer's request that are found to be unjustified, in accordance with the Supplier's price list in force from time to time.
9. Open information sharing and right to audit
9.1. The right to be audited
The Customer or an auditor authorised by the Customer shall have the right to verify the compliance of the Supplier or its subcontractors with their obligations to process personal data. The supplier shall allow and participate in audits carried out by the controller or another auditor authorised by the controller.
The inspection may be carried out no more than once a year and the Supplier must be notified in writing at least 30 days in advance.
The audit shall be carried out in a manner that does not prejudice the Supplier's and its subcontractors' obligations towards third parties.
The client's representatives and the auditor must sign the usual confidentiality undertakings.
The auditor cannot be a competitor of the Supplier and the audit cannot be performed after the termination of this Agreement.
9.2. Information sharing and journalist involvement
The Supplier shall participate in the inspection and provide the inspector with the information necessary to demonstrate that the Supplier is complying with its obligations under this Contract. The Inspector shall not have access to the data of the Supplier's customers or partners.
9.3. Cost of the audit
The Customer shall bear all costs of the inspection and shall reimburse the Supplier for the costs of the inspection. If the inspections reveal significant deficiencies in the Supplier's operations, the Supplier shall bear its own costs of the inspections.
10. Deletion or return of personal data to the controller at the end of processing
10.1. Removal at the end of the contract
Upon termination or cancellation of the Agreement, the Supplier shall delete or return the personal data in accordance with the Customer's written request and delete all copies thereof.
The data may not be deleted if the Supplier is required by law or by order of a public authority to retain the personal data.
The Supplier has the right to charge the Customer for the return or destruction of personal data on an hourly basis in accordance with its current price list.
11. Entry into force of the Agreement
The Agreement shall remain in force for as long as the Main Agreement is in force or the parties have obligations towards each other arising from the Personal Data Processing Activities.
11.2. Termination of the contract
The agreement is valid for a) for as long as the main contract is in force; or (b) the parties have obligations towards each other arising from their processing activities.
Amendments to the Agreement are only valid if they are made in writing and confirmed by both parties by their signatures or by an e-mail confirmation of the amendment.
Obligations which, by their nature, are intended to survive the expiry of this Agreement shall survive the expiry of the Agreement.