1. Validity and application of contract terms
These terms and conditions shall apply to: Tuonetti ("Service Provider") for services and products provided by the "Customer") to its customers. These terms are valid until further notice, replacing the previous terms of the agreement.
2. Conclusion, transfer and termination of the contract
The agreement arises when the Customer subscribes to the service and the Service Provider has confirmed the order. The agreement arises when the Customer accepts the offer made by the Service Provider. As a rule, confirmation is made by e-mail or through the Customer Pages of the Service Provider.
The length of the contract period is the same as the length of the billing period selected for the service. The agreement will continue automatically after the end of the period if it has not been terminated. The contract can be terminated at any time until the due date of the new invoice, when the contract ends automatically at the end of the paid period. The Customer may terminate the service only through the Service Provider's customer tuonetti.fi (or by e-mail using the e-mail address of the main contact person.
The Service Provider reserves the right to terminate the contract immediately without notice if the Customer violates the terms of the contract or the provision of the service cannot be continued due to an external factor. An external factor may be, for example, but not just an official order or other Force Majeure situation. In such a situation, the Service Provider is not obligated to reimburse the Customer for anything, and the Service Provider has the right to withhold all or part of the prepayment, or to charge a fee for work already done on the service ordered by the Customer.
The Customer is not authorized to transfer the contract to a third party without the written consent of the Service Provider. The Service Provider is entitled to changes in the terms of the contract. The Customer may terminate the service in a situation where the change in the terms of the contract significantly increases the Customer's obligations or reduces the Customer's rights, and if the change is not due to a change in the law or an order from the authority.
3. Fees and invoicing
The Customer pays the Service provider for the service in periods of the invoice period agreed at the time of ordering. As a rule, the service provider delivers the service after receiving the payment. Invoices are sent based on the billing information provided by the Customer in accordance with the invoicing methods offered by the service provider. The Customer is responsible for keeping the billing information provided by the Customer up-to-date.
The service provider has the right to close the service if the payment has not been made by the due date. The Service Provider also reserves the right to terminate the service without notice if payment is not made immediately after the notice. The fees are paid (unless otherwise stated) in advance. The Service Provider reserves the right to change its pricing, informing the Customer in advance by email or on the Service Provider's website. The new prices will take effect in the Customer's next billing cycle. Price changes due to legislative or fiscal reasons will enter into force immediately. Due to the change in the price list made by the Service Provider, the Customer has the right to terminate the service before the new invoicing period. Late payments can be subject to a late payment fee and interest in accordance with the Interest Act. A closed service opening fee may also be charged for the reopening of the service.
3.1 30-day right of withdrawal
The Customer has the right to cancel the order within 30 days of the delivery of the service. Domain names or other services registered with the customer are not covered by the right of withdrawal. Services with hourly debts are also not covered by the right of cancellation.
If the customer cancels a service whose price includes domain registration, the customer will be charged for any registered domain names in accordance with the price list.
4. Provision of services
The billing period is considered to have started when the Service Provider has sent the information and IDs required to enable the service by email to the Customer. Some subscriptions, such as, but not just domain name registration or transfer, may be delayed for reasons beyond the control of the Service Provider. The Customer accepts the delivery unless they complain electronically or in any other manner instructed by the service provider, within eight (8) days of delivery.
5. Content, changes and production of the Service
The service provider may provide the service provided in accordance with the contract as it liks. The Service Provider also reserves the right to change the content of the service. The Service Provider aims to inform the customer of any changes. Changes can be made, such as security, without prior information.
The Service Provider registers the Customer's domain name through third-party registration services. The service provider acts only as a payment intermediary for registration. The domain name is registered with the information provided by the customer, unless otherwise agreed. The Customer declares that he/she has read and accepts the terms of the domain name registers of his/her choosing. It is not possible to refund payments related to domains to the Customer.
The content of the service is determined by the service description and any attachments that accompany it. The customer is responsible for the material stored on the disk space. You have the right to use the service's disk space only for the storage of your company/ability or personal materials for internet use (in the future, the "Site"). The resale of the Services is prohibited, excluding virtual server services, and unless specifically agreed on the resale right.
6. Customer's rights and obligations
The limits of the service's resources may be indicated and limited in the service description. If the use of resources exceeds the specified limit, reserve the service provider's right to block/restrict the use of the service. You are obligated to take care of the security and, for example, to ensure that the software they use is up-to-date. The Service Provider is not responsible for any program outside the Service used by the Customer. The Service Provider reserves the right to use technical means to prevent activities that violate these terms and conditions. The Customer is liable in full for any damages caused by his/her username to the Service Provider or third parties.
The material stored on the plate space must not be contrary to Finnish law or good manners. It is strictly forbidden to store erotic, pornographic, racist, defaay and extremist material in disk space. The Service Provider reserves the right to remove the material if the material is deemed to be in breach of the terms of the contract. The server space is client-specific and cannot be shared.
The customer is responsible for having up-to-date backups of their site and emails, as well as other materials stored in the service. The service provider does not guarantee that the information will remain in the service. You have the right to keep third-party ads on the Site.
You may not use the Service for direct marketing that is contrary to law or good manners by e-mail. Sending junk e-mail is prohibited. This includes, in particular, sending illegal, unwanted advertising to third parties. When sending e-mail messages, it is forbidden to provide false sender information or to conceal the sender's identity in other ways. The Customer is liable in full for any damages caused by his/her username to the Service Provider or third parties.
Large file distributions related to or through the Service or other activities that are much more burdensome than normal use of the site must always be agreed in advance with the Service Provider on a case-by-case basis.
The Customer is responsible for ensure that the username and password do not reach third parties. The Customer is responsible for all matters and abuses made with that username.
The Customer is obligated to read and act in accordance with the Notices and Notices provided by the Service Provider concerning the Service and any changes that may be made to it.
The releases and the new terms and conditions are published on the Service Provider's website (tuonetti.fi).
7. Rights and obligations of the service provider
An error in the service is considered to be an error if it differs materially from the characteristics defined in the service description and the deviation materially impedes the use of the service. The Service Provider shall not be liable for indirect or indirect damages, such as unachieverded profits, reduced production or turnover, damage caused by interruption, failure to fulfil obligations to a third party, or other unforeseeable damages.
The Service Provider reserves the right to temporarily suspend the provision of the service if necessary due to repairs, maintenance or other work. A security threat to the Service Provider or customer also entitles the Service Provider to temporarily suspend the provision of the Service.
The Customer is obligated to report the error as soon as they have noticed it. The Customer is obligated to report the error as soon as it notices and complains about it in writing within seven (7) days at the latest after the error has been detected. Otherwise, the customer loses the right to invoke the error.
The Service Provider reserves the right not to correct any error caused by the customer's own actions, such as misconduct or incorrect use of the service.
The Service Provider is not responsible for errors or outages caused by force majeure, or for third-party actions, such as problems with third-party networks or software, or other errors. The service provider is not responsible for consultancy errors, or for problems with third-party software, or other errors.
The service provider's liability for damages shall not exceed the amount of the service charges corresponding to one (1) month of the service in question in all situations.
8. Customer information
It is the customer's duty to provide the Service Provider with the correct information when ordering the service. The Service Provider reserves the right not to provide the Service if the information is not correct or incomplete. Changes The Customer can make on the Customer Pages of the Service Provider
9. Other terms and conditions
The agreement is between the Service Provider and the Customer. The Customer undertakes to keep confidential all information related to the agreement, the Service and/or its pricing. The Customer is responsible for compliance with these terms and conditions by employees, subcontractors or other parties belonging to the Service.
The Service Provider has the right not to disclose the customer's domain name until all of the Service Provider's claims against the Customer have been completed.
The agreement is governed by Finnish law. The primary aim is to resolve disputes through negotiation.
- PERSONAL DATA PROCESSING AGREEMENT
PERSONAL DATA PROCESSING AGREEMENT
1. Subject-site and application of the Agreement
1.1. Subject-date agreement
This Agreement shall apply when the Supplier processes personal data on behalf of the Customer on the basis of an agreement between the parties.
1.2. Roles of the parties
The Customer is the controller of the customer's personal data processed in connection with the service agreed in the Agreement, which determines the purposes and means of processing personal data. The Supplier is a processor of personal data that processes such personal data on behalf of and on behalf of the customer as agreed in this processing agreement. In the agreement, the parties specify the nature of the processing, the groups of data subjects, the types of personal data, the supplier's processing operations and security procedures.
This Agreement defines in a binding manner the terms and conditions of the Customer and the Supplier regarding the processing of personal data and data protection under which the Supplier, on behalf of the Customer, processes personal data on behalf of the Customer. The Supplier's actions and obligations described in these Terms and Conditions shall not be remunerated separately, unless otherwise agreed in these Terms.
This Agreement is part of the Agreement between the Parties (the "Main Agreement") and constitutes an annex to the General Terms and Conditions. The terms of the Main Agreement shall apply to this Agreement to the extent that no other agreement has been agreed in this Agreement. In the event of a conflict between this Agreement and the Master Agreement, this Agreement shall primarily apply with regard to the processing of personal data.
The Parties undertake to comply with the legislation, regulations and regulations and instructions of the authorities concerning the processing of personal data in Force in Finland and the EU at any given time and, if necessary, to amend the terms of this Agreement to comply with them.
2. Purpose of processing personal data
2.1. Nature and purpose of the processing of the Supplier's personal data
The purpose of the processing of the Supplier's personal data is 1) to ensure the availability and integrity of the data stored by the Customer in the Service (e.g. backup and loging); 2) Safe identification of users invited to the service by the Customer; and 3) on request, assist the Customer in various problem situations.
2.2. Type of personal data processed by the Supplier and categories of data subjects
Supplier processes 1) customer's main users; and (2) the personal data of other users invited by the administrator. Personal data is of type 1) contact information (name, email address, telephone number); (2) technical identifiers and logs (IP addresses, login log, change log); and (3) content stored by the persons themselves (messages, recorded descriptions, etc.).
3. Principles, responsibilities and guidelines for the processing of personal data
3.1. Customer's right and responsibility in instructing processing
The customer is responsible for maintaining and availability the instructions. If the instructions are incomplete, the Customer supplements the instructions in cooperation with the Supplier.
3.2. Customer's liability for the lawfulness of processing
The Customer is responsible for the personal data provided to the Supplier and the legality of its processing. In addition, the Customer is responsible for providing all data subjects whose personal data are processed with the necessary, legal notifications and information related to the processing of personal data. The Customer is responsible for ensures that the processing of personal data and its purpose and grounds comply with the General Data Protection Regulation. In addition, the Customer is responsible for the fact that the personal data has been collected in accordance with the GdpR and that the Customer has the right to transfer the personal data to the Supplier for processing in accordance with this processing agreement.
3.3. Transfer of data outside the EU or EEA
For the purpose of implementing the service, the Supplier shall have the right to transfer personal data freely within countries found to be adequate in terms of data protection in the European Union, the European Economic Area or the European Commission. Unless otherwise agreed in writing, the Supplier also has the right to transfer personal data outside the European Union or the European Economic Area in accordance with data protection legislation.
3.4. Supplier's obligation to observe unlawful instructions
The Supplier will notify the Customer without undue delay if the instructions given by the Customer are incomplete or if the Supplier suspects that they are unlawful.
Supplier's right to use anonymised information
During and after processing, the Supplier may store and exploit data generated by anonymisation of personal data in the development of its operations and products. Anonymisation refers to the editing of data in such a way that no measures can be taken to identify persons.
4. Use of another personal data processor
4.1. Right to subcontractors
The Supplier has the right to use subcontractors in the processing of the Customer's personal data.
4.2. Notice of replacement or replacement of subcontractors
Upon request, the Supplier will inform the Customer in advance of the subcontractors it intends to use for the processing of personal data in accordance with the Agreement.
You may object to changing or adding a subcontractor, in which case the Supplier has the right to terminate the contract with 30 days' notice.
4.3. Responsibility for the subcontractor's operations
The Supplier is responsible for the fact that the subcontractor processes Personal Data in accordance with this Processing Agreement and data protection legislation.
5. Confidentiality of personal data
5.1. Organisation of professional secrecy
The Supplier shall ensure that all persons under its authority who have the right to process the Customer's personal data have undertaken to comply with the confidentiality conditions set out in the agreement or are subject to legal confidentiality.
6. Protection of personal data
6.1. Safety practices to be implemented
The Supplier shall take appropriate technical and organisational measures to protect the Customer's personal data, taking into account the risks involved in the processing, in particular the unintentional or unlawful destruction, destruction, modification, unauthorised disclosure or access of personal data transferred, stored or otherwise processed.
The organisation of safeguard measures shall take into account the available technical options and their costs in relation to the specific risks associated with the processing at hand and the sensitivity of the personal data processed.
The Customer is responsible for the appropriate and adequate information security of the necessary equipment and IT platform under his responsibility. Unless otherwise agreed, the Customer is responsible for backing up personal data and checking the functionality of the backups. The Customer is obligated to inform the Supplier of all matters related to the personal data provided by the Customer, such as risk assessments and the processing of special categories of personal data that affect technical and organisational measures taken in accordance with this processing agreement.
The Customer is obligated to ensure that the Supplier is informed of all matters related to the personal data provided by the Customer, such as risk assessments and the processing of special categories of persons that affect technical and organisational measures under the agreement.
7. Assisting in the exercise of the data subject's rights
7.1. Assist in the processing of the request
The Supplier assists the Customer in fulfilling its obligation to respond to requests based on the data subject's rights. Requests may require the Supplier, for example, to assist the data subject in information and communication, in the exercise of the data subject's right of access, in rectifying or deleting personal data, in carrying out the restriction of processing or in transferring the data subject's personal data from one system to another.
7.2. Obligation to notify on receive a request
The Supplier shall promptly inform the customer of any claims and enquiries made by data subjects, the Data Protection Ombudsman or any other authority.
The vendor does not respond to these requests.
It is the customer's duty to take care of the responding to requests.
7.3. Charge for assistance
Unless otherwise agreed, the Supplier has the right to charge the Customer at the prices agreed in the contract if the assistance entails additional costs for the Supplier.The Supplier is obligated to inform the Customer in advance of any additional costs incurred by the Customer.
7.4. Inquiries from data protection authorities
The Supplier shall inform the Customer without delay of any claims or enquiries made by the data protection authority or other authorities. The Supplier does not have the authority to represent the Customer or act on behalf of the Customer with the data protection authorities that supervise the Customer.
8. Assisting information, impact assessment and prior coverage of data breaches
8.1. Reporting a data breach
The party shall notify the other Party without undue delay of any data breach that has come to its knowledge. When reporting a security breach, you must provide the Supplier with any information that can be considered to help resolve, demarcation or prevent a security breach.
8.2. Content of the notification of a data breach
When reporting a security breach, the Supplier shall always provide the Customer with the following information related to the breach: (a) a description of the breach, including, as far as possible, the groups and estimated numbers of the data subjects concerned, as well as the groups and estimated numbers of personal data types (to the extent that such information is available to the Supplier); (b) the contact details of the Supplier's Data Protection Officer or any other person from whom further information can be obtained; (c) a description of the likely consequences of the breach; and (d) a description of the measures taken by the Supplier in response to the Data Breach and any measures taken by the Supplier to mitigate the adverse effects of the Data Breach.
The customer is responsible for the necessary notifications to the data protection authorities.
If the breach is due to a reason under the Customer's responsibility, the Customer is responsible to the Supplier for the costs of the Data Breach and related notifications. The Supplier has the right to invoice the Customer for costs a result of clearing work that has been started at the Customer's request, in accordance with the Supplier's price list in force at the time.
9. Open information sharing and audit right
9.1. Right to audit
The Customer or its authorised auditor has the right to verify compliance with the personal data processing obligations of the Supplier or its subcontractors. The supplier shall allow and participate in audits carried out by the controller or any other auditor authorised by it.
The inspection may be carried out no more than once a year and shall be notified to the Supplier in writing at least 30 days in advance.
The audit shall be carried out in a manner that does not prejudice the commitments of the Supplier and its subcontractors vis-à-vis third parties.
The usual confidentiality commitments shall be signed by the customer's representatives and the auditor.
The auditor cannot be a competitor of the Supplier and the audit cannot be performed after the termination of this agreement.
9.2. Information sharing and supplier's participation
The Supplier shall participate in the carrying out of the inspection and shall provide the inspector with the information necessary to demonstrate the Supplier's compliance with the obligations set out in this Agreement. The inspector does not have the right to have access to the information of the Supplier's customers or partners.
9.3. Audit costs
The customer is responsible for all costs of the inspection and reimburses the Supplier for the costs of the inspections. If the inspections reveal significant deficiencies in the Supplier's operations, the Supplier shall bear the costs of the inspections.
10. Deletion or return of personal data to the controller at the end of processing
10.1. Removal after termination of the contract
At the end or termination of the Agreement, the Supplier will delete or return the personal data in accordance with the Customer's written request and delete all copies of it.
The data shall not be deleted if the personal data is retained by law or by a government order.
The Supplier has the right to charge the Customer for the return or destruction of personal data on an hourly basis in accordance with its current price list.
11. Entry into force of the Agreement
The Agreement shall remain in force for as long as the Main Agreement is in force or the parties have obligations towards each other based on the Processing of Personal Data.
11.2. Termination of the Agreement
The Agreement shall remain in force for a) as long as the main agreement is in force or (b) the parties have obligations towards each other based on the processing of personal data.
Amendments to the agreement shall be valid only if they have been made in writing and confirmed by both parties by signature or by means of an e-mailed confirmation of the amendment.
Obligations which, by their nature, are intended to remain in force irrespective of the expiry of this Agreement shall remain in force after the expiry of the Agreement.