FORDATA Virtual Data Room Service Agreement
1. The object of the Agreement is the provision by the Supplier of FORDATA Virtual Data Room to the Client. By providing FORDATA Virtual Data Room, the Supplier will create, manage and maintain a secure Virtual Data Room (“VDR System”), in order to provide access to Client’s documents and other materials or documents and other materials for which the Client is authorized (“VDR Service”). Only Users designated by the Client will have access to the VDR System and documents stored therein.
2. The VDR Service provider is FORDATA Sp. z o. o. with its head office in Poznan, Poland at Taczaka street 24/302, 61-819 Poznan, listed In Entrepreneurs’ Register No 0000324804 kept by Local Court in Poznan, VIII Economic Division of National Court Register, VAT: 634-270-95-49, REGON: 241110970 (“Supplier”).
3. The parties agree that the Service will be provided under the terms and conditions described in the Terms and Conditions and Promotion Terms.
§ 2. Manner of concluding and duration of the Agreement
1. In order to conclude the Agreement, the Customer should perform the following actions:
a. complete the Promotion form available at https://new.fordatagroup.com/stop-covid-19/, accept terms indicated in the consent form and meet the conditions of the Promotion;
b. provide the Customer’s data necessary to conclude the Agreement;
c. click “JOIN” which confirms participation in the Promotion and conclusion of the Agreement with the Supplier for the provision of the VDR service. A copy of the Agreement is sent to the Customer to the e-mail address indicated by him.
2. The contract will be concluded when the Purchaser confirms participation in the Promotion by clicking the “JOIN” button.
3. The commencement date of the provision of the VDR Service free of charge for 30 (say: thirty) days is the date of enabling access to the VDR System to the Employer or designated persons. The login will be forwarded to the Purchaser within the time limit specified by the Purchaser, but no later than by 31/12/2020.
4. After 30 (say: thirty) days, the Agreement shall automatically expire. The contract will be extended for another one 1 (say: one) month, if the Customer in the period of the last 14 (say: fourteen) days of its validity will submit a written declaration of its will to extend it.
5. Upon conclusion of the Agreement referred to in par. 2, the Supplier is also entrusted with processing personal data on the principles referred to in § 8.
§ 3. The Supplier’s Obligations
1. The Supplier shall provide the Service in a scope described in detailed in the Order and at the level described in the Terms and Conditions.
2. At the Client’s written request, the Supplier may perform additional works listed in the Order and in § 6 Section 2, such as uploading documents into the VDR System, managing the VDR System for the client, executing orders, activating additional functions in the VDR System (“Additional Services”).
3. Some parts of the VDR services and/or complimentary services may be completed through third parties („Subcontractors”). Complimentary services are those to enhance the execution of this Agreement. The Supplier shall be fully responsible for all activities and/or negligence of the Subcontractors and shall ensure that the Subcontractors keep confidentiality as described in §7 herein. Parties agree that the Subcontractor might, but does not have to be the Sub-processor. The Provider informs the Client about the Subcontractor to which the Provider entrusts to process Personal Data (“Sub-processor”), according to § 8.
4. The Supplier takes full responsibility over Client’s paper documents (delivered through whichever means) from the moment they have been delivered to the Supplier.
5. All data and materials provided by the Client to the VDR System will be permanently removed immediately after Agreement finishes.
§ 4. The Client’s Obligations
1. The Client shall cooperate with the Supplier in order to allow the Supplier to perform its obligations under this Agreement and the Terms and Conditions.
2. Client bears absolute and sole responsibility for the contents and data uploaded to the VDR System, including the name of the VDR project, from the moment of providing him/her with Login details. Information and data placed by the Client will be lawful, in particular won’t violate copyrights, intellectual property rights, personal interest or any other third parties’ rights.
3. In case any party takes legal action against the Supplier and lay claims for compensation related to contents presented in VDR System, Client is liable for all the costs of damage and loss to the Supplier, including costs of legal advice. Client is liable for entering possible legal action supporting the Supplier under Art. 76 of Civil Code.
§ 5. License
1. The Supplier declares that he holds the copyright of the VDR System based on the copyright transfer agreement concluded with the creator.
2. The Supplier declares that using the VDR System based on the Agreement does not violate any copyright of third parties and in particular does not require any third party permit.
3. The Supplier grants the Client with non-exclusive and territory unlimited License to use the VDR System in Software as a Service model, as permitted by this Agreement. The license does not include installation scripts related to the server side of the VDR System, nor its source code. The License is granted for the period of the validation of the Agreement.
§ 6. Pricing and Terms of Payment
1. The Supplier provides the VDR Service referred to in § 1 to the extent indicated in the Promotion Regulations and grants the License referred to in § 4 free of charge for 30 (in words: thirty) days.
2. In the event of the extension of the VDR Service, referred to in § 2 para. 4 and in case of exceeding parameters of the VDR Service specified in the Promotion Regulations, such as the amount of data loaded into the VDR System, the number of users invited to the VDR System and in the case of ordering Additional Services, referred to in § 3 para. 2, the Customer undertakes to pay an additional fee in accordance with the rules indicated in the table:
|Price (EUR net)
|Monthly subscription for Virtual Data Room service (1GB, 15 users)
€ 120/package of 25
|Additional 1GB of data
(> 5GB € 123,75/mo; >10GB € 82,5/mo)
|Customer Service Support - document uploading and project management
|Encrypted media (DVD or USB) with Data Room contents (documents, reports, Q&A forum history)
|€ 100/1 copy (if <1GB)
€ 200/1 copy (if 1GB-4GB)
€ 400/1 copy (if 4GB-8GB)
€ 600/1 copy (if >8GB)
|Dedicated Link to the client's project (before project setup)
|Redaction tool that allows for identifying and anonymizing sensitive information, including PII
|Bilateral authentication with SMS codes (X.509 certificate)
|€ 50/activation (including 500 sms)
|Possibility to limit the IP addresses pool
|€ 250 (including 25 entrees)
€ 25 /1 change
|Extra administrative reports:
- Users deleted
- Changes in the names of documents and folders
- Documents and folders uploaded
- Documents and folders deleted
- Changes of access rights to documents and folders
- Changes to groups' access rights
- Changes to user's access rights
|€ 10/month/1 report
|Providing secure and controlled communication module Q&A
|€ 50 / month
|Group discussions on specific documents or folders
|€ 10 / month
|€ 10 / month
|Interface personalization (corporate logo, colours), custom watermarks (inserting corporate logo and individual content for instance: DO NOT COPY), custom invitations
|€ 10 / month
|Client WWW integration
|€ 50 / month
3. The remuneration shall be payable on the basis of a VAT invoice issued by the Supplier, as follows:
a) Remuneration for extending the service for another 30 days is payable in advance,
b) Remuneration for additional and cyclical Services, in accordance with the Table indicated in para. 2 above is payable on the basis of invoices issued periodically every 30 (say: thirty) days from the date of the Agreement.
4. If the Supplier, after the date of payment of invoices issued to the Customer, fails to record payment for these invoices, the Supplier shall be entitled, without prior notification to the Customer, to withdraw from the Customer and all Users invited by him access to the VDR System, until payment is recorded.
5. VAT shall be added to the remuneration specified above in accordance with applicable regulations.
6. The Purchaser undertakes to make the payment within 7 (say: seven) days to the date of the correct VAT invoice.
7. The Supplier declares that VAT invoices will be issued only in electronic form, in the form of PDF files, to the address indicated in the Order.
8. The Purchaser declares that he accepts the electronic form of issuing and delivering invoices.
§ 7. Confidentiality
1. The parties agree to consider any information, data and documents obtained or related to this Agreement as confidential and not to disclose or transmit it in any manner to third parties during the entire duration of the Agreement without the prior written consent of the counterparty.
2. Confidential information includes, but not limited to, the following:
a) potential business transactions of the Client,
b) login obtained by the Client to access the VDR System,
c) documents and other materials received from the Client in order to upload them to the VDR System,
d) any other contents, parts and pieces generated basing on abovementioned documents,
e) all information or data related to the operations of the Client and the Supplier, in particular all technical, technological, organizational, financial, marketing, strategic, legal or any other information with economic value as well as information generated as a result of analysis or processing of provided information and documentation irrespective of how the information has been disclosed to the Supplier, any other party that is the Supplier’s Subcontractor or acts on the Supplier’s behalf (in a written, oral or any other form) but excluding information or data that:
o is or become public through any channel without breech of this agreement by the Supplier or,
o were known to or were in the Supplier’s possession before obtaining them from the Client or,
o were revealed basing on the Client’s written consent.
3. The Parties undertake as follows:
a) Keep secret all Confidential Information received from the other Party, and specifically, undertake the same precautions and safety means, with reference to them, as are taken by the Party with reference to their own Confidential Information,
b) Guarantee adequate protection of Confidential Information against unauthorised release, copying, reproduction or use, unless permission is received in writing upon written request of the other Party, or otherwise null and void,
c) Adoption of Confidential Information exclusively for the purpose of rendering services specified in this Agreement,
d) Deal with any and all correspondence, i.e. emails, files attached to emails, as the exclusive property of the Party supplying them and use them exclusively according to their purpose understood as rendring Service specified in this Agreement.
4. The Client agrees that the Supplier is eligible to inform third parties about the cooperation with the Client by including this information in sales and marketing materials as well using Client’s logo in accordance with Client’s corporate its visualisation rules.
§ 8. Personal data processing
1. On the basis of this Agreement the Client provides the Provider with personal data of Users including: name, surname, company name, e-mail address, telephone number, IP address (“Personal Data of Users”) in order to properly perform the services covered by this Agreement by the Provider indicated in § 3 of the Agreement.
2. Parties independently determine the detailed purposes, scope and means of processing Personal Data of Users serving – each individually – as the administrator of personal data.
3. The Administrator of Personal Data of Users is: (a) The Client – with reference to various, justified purposes of processing these data by the Client (b) The Provider – with regard to processing these data for the purpose indicated in Sec. 1 of this paragraph.
4. The Client declares that, as the administrator of Personal Data of Users indicated in Sec.1 of this paragraph, has a legal basis for making this data available to the Provider.
5. Processing of personal data by the Provider for the purpose of providing services covered by the Agreement shall be based on the legal basis, i.e. art. 6 sec.1 let. f of Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC [Regulation] (legitimate interest of the Provider).
6. Processing of the Personal Data of Users by the Provider in order to provide the services specified in the Agreement will continue throughout the duration of this Agreement, including legislation currently in force.
7. Each Party undertakes to process Personal Data of Users in accordance with the provisions of the Regulation and other commonly applicable legal provisions.
8. Each of the Parties shall implement information obligations in respect of data subjects under art. 13 and 14 of the Regulation in their own scope resulting from the provisions of the Regulation.
9. Each Party performs obligations under Chapter III of the Regulation in their own scope.
10. Each Party shall apply appropriate technical and organisational measures to ensure adequate data protection, including the measures referred to in art. 32 of the Regulation, and shall perform other duties imposed by the Regulations on the data administrator. In particular, each Party shall ensure that only persons authorised pursuant to art. 29 of the Regulation have access to Personal Data of Users.
11. Each Party shall maintain its own Records of processing activities, in accordance with art. 30 of the Regulation, and shall report violations of the protection of Personal Data of Users, in accordance with art. 33 and 34 of the Regulation.
12. Each Party shall be liable, including towards data subjects, in accordance with art. 82 and 83 and other provisions of the Regulation.
13. In the event that either Party suffers damage as a result of violation by the other Party processing Personal Data of Users within the scope of the Regulation, in particular when any financial penalty is imposed, the injured Party shall have the right to demand from the other Party compensation for the damage suffered, including reimbursement of costs related to court proceedings or other appropriate proceedings.
14. The Client, acting on the basis of Art. 28 items 2-4 of the Regulations, being the Administrator or a processing entity within the meaning of the abovementioned Regulation of Personal data potentially contained in the documents entered to the VDR system [Personal Data], hereby:
a) Entrusts to process Personal Data with the aim and within the scope indispensable for the performance of this Agreement and performance of services of FORDATA Virtual Data Room for the period of its validity and in pursuance of the provisions specified in the Agreement,
b) Grants the Supplier with General consent concerning sub-processing of Personal Data to other data processing subjects [Sub-processor], with the aim and within the scope indispensable for the performance of this Agreement and for the period of its validity.
15. In the event, the Client is a Processor, as mentioned in the Section 14 above, the Client declares that the Client has the Administrator’s consent for further entrusting Personal Data.
16. The Supplier, as the Processor, and in the event referred to in Section 15 above – further processing entity, is obliged to the following:
a) Guarantee that the people authorised to process personal data are obliged to keep these personal data confidential,
b) Guarantee safety of processed personal data entrusted to them according to the requirements specified in the Regulation, and according to applicable national legal regulations of the Parties,
c) Following the completion of the performance of the services concerning personal data processing and depending on the decision of the Client, to delete or return to the Client all personal data and to delete any existing copies of such data,
d) Provide the Client with all required information indispensable to confirm completion of obligations specified in the provisions of the Regulations as vested in the Supplier as the subject processing data, and allow the Client or an Auditor authorised by the Client, to carry out an audit, including inspection. Client is entitled to carry out 1 (one) inspection within a calendar year, that shall last no longer than 2 (two) working days. Client shall inform the Supplier about a date and scope of the inspection minimum 30 (thirty) days before. In the event the Client shall carry out inspection at the seat of the Supplier more frequently that once a calendar year and/or the inspection shall last longer than 2 (two) working days, the Client is obliged to pay the charge for such inspection in the amount of 200 zl (two hundred zlotys)net for every additional hour of inspection at the seat of the Supplier.
e) Assist the Client, according to available technical and organisation extent, with the performance of the requirements of a person, the data refer to, concerning compliance with the person’s rights specified in Part 2 of the Regulation, as well as with reference to the performance of the Client obligations specified in Articles 32-36 of the Regulation.
17. The Client, is obliged to the following:
a) Hold the rights to process Personal Data entrusted to the Supplier,
b) Inform the Supplier about the necessity to discontinue processing of specific personal data or their category and of their permanent deletion,
c) Cooperate with the Supplier in the performance of obligations of the Parties resulting from the Regulation and applicable national legal regulations of the Parties,
18. The Supplier declares that the Supplier shall not transfer any entrusted Personal Data to any third countries. The Supplier shall not be held responsible for any release, if any, of such personal data to any third entities.
19. The Client declares that the Client does not entrust to process Personal Data concerning judgements of conviction or infringement to law.
20. In the event of concluding an agreement on personal data processing by the Supplier as mentioned in item 1 b), the Supplier is obliged to:
a) Guarantee that the Sub-processor is obliged to perform the duties as specified in item 16 a) – e),
b) In situations mentioned in item 17 b) undertakes adequate actions towards Sub-processor.
21. In the event of intended change/amendment, such as adding or replacing Sub-processor with another data processing subject, the Supplier informs the Client about such intention.
Within 7 (in words: seven) days the Client has the right to lodge an objection against such change/amendment. In case of lack of such objection of the Client or delayed objection filed after the mentioned period, it is understood as a consent to make such change/amendment of the Sub-processor by the Supplier. In the event the Client fails to give such consent the Supplier is authorised to terminate the Agreement with immediate effect. If the objection of the Client, as mentioned in this provision, turns out to be unjustified, the Client bears liability for damages towards the Supplier for both actual loss and loss of profit.
22. The Supplier shall not bear responsibility for any infringement of personal data protection by the Client or any subjects the Client entrusts their personal data processing, including especially the infringement of obligations as mentioned in item 17 a)-c) neither for:
a) Processing of sensitive personal data without legal basis,
b) Processing of personal data concerning judgements of conviction or infringement to law or associated safety means without any legal basis.
23. If any national institution or person the data refer to, claims damaged from the Supplier for any infringement mentioned in item 17 a)-c) and items 22 a)-b), the Client undertakes to release the Supplier from responsibility towards the person the data refer to, by removing the infringement or payment of the claim (release from the debt) inclusive. In the event the Client fails to perform obligations mentioned in the previous sentence, the Client bears liability for damages towards the Supplier.
24. In the event of payment of damages, financial penalty, fine, or any other amount payable by the Supplier in favour of the person the data refer to, or in connection with decision or sentence of a public authority, the Client is obliged to reimburse the paid amount to the Supplier including any incurred charges such as legal services charges, administrative and legal procedure charges.
§ 9. Breach of the Agreement
1. In case the Client violates the provisions of the Agreement as well as the Terms and Conditions, the Supplier call the Client to cease the violation within 14 (fourteen) days from the moment of delivery of the call. The call is being made in written and delivered to Client’s e-mail address as indicated in the Order. Shall the violation continue, the provisions of Section 2 and 3 below apply.
2. In case the Client violates the provisions referred to in §4 Section 1, as well as §7 and §8 of the Agreement or in case the Supplier receives a credible information that the contents provided by the Client violate copyright, intellectual property rights, corporate confidential information or they violate legal order or proper decorum in any other way, by fault of the Client, Supplier is entitled to terminate the Agreement with immediate effect. Client is liable to compensate the Supplier each of the commenced billing period, as well as damages suffered.
3. In case the Supplier is informed about suspicion that the Client has violated articles of the Agreement or Terms and conditions, in particular a suspicion that contents provided by the Client violate copyright, intellectual property rights, corporate confidential information or they will violate legal order or proper decorum in any other way, Supplier is entitled to disable access to information provided by the Client until the matter clarification. In case the suspicion turns out groundless, the Agreement extends automatically for the period of disabling access to the VDR System to the Client without the necessity for the Client to bear any additional costs.
4. The Client is not entitled to damages if the Supplier ceases the Service in accordance with clauses 2 and 3 above.
5. The Supplier bears responsibility for not completing this Agreement basing on rules included in the Terms and Conditions.
6. Subject to the provisions of the Terms and conditions, in case the Supplier violates the provisions referred to in § 7 and § 8, the Client will be entitled to call the Supplier to remove the infringement without delay, no later than within 14 days from the date of the call, and after the expiry of this deadline, the Client will be entitled to terminate this Agreement through the fault of the Supplier immediately. The Supplier shall be obliged to return the remuneration due to the Supplier for each commenced settlement period and to the remuneration incurred by the Client.
§ 10. Notifications
1. The person authorized by the Supplier to make decisions resulting from implementation of this Agreement is Dorota Wójtowicz, Aleksandra Prusator, Alicja Kukla-Kowalska.
2. The person authorized by the Client to make decisions resulting from implementation of this Agreement is the person indicated in the Order.
3. Any correspondence to be given under or in connection with this agreement shall be sent to following addresses of Parties as well as via email:
a) To the Supplier: FORDATA sp. z o.o., ul. Taczaka 24/302, 61-819 Poznan, Poland,
e-mail: email@example.com, firstname.lastname@example.org, email@example.com
b) To the Client: to the address indicated in the Order.
§ 11. Miscellaneous
1. Any modifications to this Agreement shall be done in document form and shall be duly executed. The appendices to this agreement shall be and considered an integral part hereof.
2. In accordance with art. 78 par. 2 of the Civil Code:
a) in order to maintain the electronic form of a legal act, it is sufficient to submit a declaration of will in electronic form and affix it with a qualified electronic signature,
b) a declaration of will submitted in electronic form is equivalent to a declaration of will made in writing.
3. In case of matters not regulated by this Agreement, adequate legal rules apply, in particular those of the Polish Civil Code.
4. The appropriate court to settle any disputes resulting from completion of this Agreement is the court of the Supplier.
5. This Agreement has been drawn up in duplicate, one original for each party.