Logo FORDATA small

FORDATA Virtual Data Room Service Agreement

The online order placed via https://fordatagroup.com/ or sent to the Supplier in the form of a signed order (“Order”), and the Virtual Data Room Terms and Conditions (“Terms and conditions”) together with the below conditions form the agreement between the Supplier and the Client (“Agreement”). For all deadlines and concepts used in this Agreement, the Parties give the significance which was given in the Terms and Conditions and the Agreement, unless the Order clearly provides otherwise.

§1. General

1. The object of the Agreement is the provision by the Supplier of FORDATA Virtual Data Room to the Client. By providing FORDATA Virtual Data Room, the Supplier will create, manage and maintain a secure Virtual Data Room (“VDR System”), in order to provide access to Client’s documents and other materials or documents and other materials for which the Client is authorized (“VDR Service”). Only Users designated by the Client will have access to the VDR System and documents stored therein.

2. The VDR Service provider is FORDATA Sp. z o. o. with its head office in Poznan, Poland at Taczaka street 24/302, 61-819 Poznan, listed In Entrepreneurs’ Register No 0000324804 kept by Local Court in Poznan, VIII Economic Division of National Court Register, VAT: 634-270-95-49, REGON: 241110970 (“Supplier”).

3. The parties agree that the Service will be provided under the terms and conditions described in the Terms and Conditions and VDR Service Order.

§ 2. Manner of concluding and duration of the Agreement

1. In order to conclude the Agreement, the Client should perform the following actions:
a. select individual services offered by the Supplier,
b. provide Client data, necessary to conclude the Agreement,
c. click the “Confirm purchase” button, which sends to the Supplier the Order for the services selected by the Client. The copy of the Order is sent to Client’s e-mail address.
or
send the Supplier a signed print of Order, which is an integral part of the offer submitted to the Client.
2. This Agreement is valid from its signing date until the Expiration Date.
3. The Agreement will be concluded for the period specified in the Order, once the Customer confirms the Order for the selected services provided by the Supplier, by clicking the “Confirm Purchase” button or while the signed Order is sent to the Supplier.
4. The Service provision starts when the Supplier provides the Client or indicated Users with the login code and password to gain full access to the VDR System. The login is sent to the Client within maximum 3 (in words: three) hours from the conclusion of the Agreement. In case the Agreement is concluded on weekends, holidays or business days after 17 CET, the access login is sent the next business day.
5. The access login to the VDR System will be sent to the Client after payment is confirmed. If the Client does not make payment for the Services agreed in accordance to the Order, the Supplier is entitled to withdraw from the Agreement due to the fault of the Client.
6. This Agreement will automatically renew on a month to month basis, unless the Client provides the Supplier written notice of its intent not to renew within 14 (fourteen)days from the Expiration Date.
7. Upon the conclusion of the Agreement, as described in Section 3 above, the Client entrusts the Supplier to process Personal Data on the principles referred to in § 8 herein.

§ 3. The Supplier’s Obligations

1. The Supplier shall provide the Service in a scope described in detailed in the Order and at the level described in the Terms and Conditions.
2. At the Client’s written request, the Supplier may perform additional works listed in the Order and in § 6 Section 2, such as uploading documents into the VDR System, managing the VDR System for the client, executing orders, activating additional functions in the VDR System (“Additional Services”).
3. Some parts of the VDR services and/or complimentary services may be completed through third parties („Subcontractors”). Complimentary services are those to enhance the execution of this Agreement. The Supplier shall be fully responsible for all activities and/or negligence of the Subcontractors and shall ensure that the Subcontractors keep confidentiality as described in §7 herein. Parties agree that the Subcontractor might, but does not have to be the Sub-processor. The Provider informs the Client about the Subcontractor to which the Provider entrusts to process Personal Data (“Sub-processor”), according to § 8.
4. The Supplier takes full responsibility over Client’s paper documents (delivered through whichever means) from the moment they have been delivered to the Supplier.
5. All data and materials provided by the Client to the VDR System will be permanently removed immediately after Agreement finishes.

§ 4. The Client’s Obligations

1. The Client shall cooperate with the Supplier in order to allow the Supplier to perform its obligations under this Agreement and the Terms and Conditions.
2. Client bears absolute and sole responsibility for the contents and data uploaded to the VDR System, including the name of the VDR project, from the moment of providing him/her with Login details. Information and data placed by the Client will be lawful, in particular won’t violate copyrights, intellectual property rights, personal interest or any other third parties’ rights.
3. In case any party takes legal action against the Supplier and lay claims for compensation related to contents presented in VDR System, Client is liable for all the costs of damage and loss to the Supplier, including costs of legal advice. Client is liable for entering possible legal action supporting the Supplier under Art. 76 of Civil Code.

§ 5. License

1. The Supplier declares that he holds the copyright of the VDR System based on the copyright transfer agreement concluded with the creator.
2. The Supplier declares that using the VDR System based on the Agreement does not violate any copyright of third parties and in particular does not require any third party permit.
3. The Supplier grants the Client with non-exclusive and territory unlimited License to use the VDR System in Software as a Service model, as permitted by this Agreement. The license does not include installation scripts related to the server side of the VDR System, nor its source code. The License is granted for the period of the validation of the Agreement.

§ 6. Pricing and Terms of Payment

1. For the VDR Service as set forth in §1, in the scope indicated in the Order, the Client is obliged to pay the amount resulting from the Order. The fee includes also the license throughout the period of providing the VDR Service.
2. In the event of the extension of the VDR Service, referred to in § 2 Section 3 or in the event of the exceeding the parameters of the VDR Service specified in the Order, such as the amount of data uploaded into the VDR System, the number of users invited to the VDR System and the number of Data Rooms launched during the Agreement and in the event of Additional Services referred to in § 3 Section 2, the Client is obliged to pay an additional fee in accordance with the rules indicated in the Order and in the table below:

Service Price (EUR net)

Monthly subscription for Virtual Data Room service (1GB, 15 users)

€ 165/month

Additional users

€ 16/user/month
€ 120/package of 25

Additional 1GB of data

€ 165/month
(> 5GB € 123,75/mo; >10GB € 82,5/mo)

Customer Service Support - document uploading and project management

€ 150/h

Encrypted media (DVD or USB) with Data Room contents (documents, reports, Q&A forum history)

€ 100/1 copy (if <1GB)
€ 200/1 copy (if 1GB-4GB)
€ 400/1 copy (if 4GB-8GB)
€ 600/1 copy (if >8GB)

Dedicated Link to the client's project (before project setup)

€ 20/mo

Bilateral authentication with SMS codes (X.509 certificate)

€ 50/activation (including 500 sms)
€ 0,07/1sms

Possibility to limit the IP addresses pool

€ 250 (including 25 entrees)
€ 25 /1 change

Extra administrative reports:
- Users deleted
- Changes in the names of documents and folders
- Documents and folders uploaded
- Documents and folders deleted
- Changes of access rights to documents and folders
- Changes to groups' access rights
- Changes to user's access rights

€ 10/month/1 report

Providing secure and controlled communication module Q&A

€ 50 / month

Group discussions on specific documents or folders

€ 10 / month

Interface personalization (corporate logo, colours), custom watermarks (inserting corporate logo and individual content for instance: DO NOT COPY), custom invitations

€ 10 / month

Client WWW integration

€ 50 / month

3. Payments will be made on the basis of a VAT invoices issued by the Supplier, as described below:
a. Basic services fee, as set forth in the Order, paid in advance,
b. Recurring fee and Additional Services fee, as set forth in the Order and in §6 Section 2, paid every 30 (in words: thirdy) days from signing date of the Agreement.
4. If the Supplier does not receive the payment after the due date, the Supplier is entitled, without prior notice to the Client, to deny access to the VDR System for the Client and all Users invited by the Client, until the payment is recorded.
5. VAT tax rate will be added to all payments according to the provisions of Polish law.
6. The Client is obliged to settle invoices within 7 (seven) days from their issue date.
7. Parties agree that VAT invoices will be issued only in electronic format i.e. PDF files.
8. Electronic invoices will be sent to the address indicated in the Order.
9. The Client accepts electronic form and delivery of invoices.

§ 7. Confidentiality

1. The parties agree to consider any information, data and documents obtained or related to this Agreement as confidential and not to disclose or transmit it in any manner to third parties during the entire duration of the Agreement without the prior written consent of the counterparty.
2. Confidential information includes, but not limited to, the following:
a) potential business transactions of the Client,
b) login obtained by the Client to access the VDR System,
c) documents and other materials received from the Client in order to upload them to the VDR System,
d) any other contents, parts and pieces generated basing on abovementioned documents,
e) all information or data related to the operations of the Client and the Supplier, in particular all technical, technological, organizational, financial, marketing, strategic, legal or any other information with economic value as well as information generated as a result of analysis or processing of provided information and documentation irrespective of how the information has been disclosed to the Supplier, any other party that is the Supplier’s Subcontractor or acts on the Supplier’s behalf (in a written, oral or any other form) but excluding information or data that:
o is or become public through any channel without breech of this agreement by the Supplier or,
o were known to or were in the Supplier’s possession before obtaining them from the Client or,
o were revealed basing on the Client’s written consent.
3. The Parties undertake as follows:
a) Keep secret all Confidential Information received from the other Party, and specifically, undertake the same precautions and safety means, with reference to them, as are taken by the Party with reference to their own Confidential Information,
b) Guarantee adequate protection of Confidential Information against unauthorised release, copying, reproduction or use, unless permission is received in writing upon written request of the other Party, or otherwise null and void,
c) Adoption of Confidential Information exclusively for the purpose of rendering services specified in this Agreement,
d) Deal with any and all correspondence, i.e. emails, files attached to emails, as the exclusive property of the Party supplying them and use them exclusively according to their purpose understood as rendring Service specified in this Agreement.
4. The Client agrees that the Supplier is eligible to inform third parties about the cooperation with the Client by including this information in sales and marketing materials as well using Client’s logo in accordance with Client’s corporate its visualisation rules.

§ 8. Personal data processing

1. On the basis of this Agreement the Client provides the Provider with personal data of Users including: name, surname, company name, e-mail address, telephone number, IP address (“Personal Data of Users”) in order to properly perform the services covered by this Agreement by the Provider indicated in § 3 of the Agreement.
2. Parties independently determine the detailed purposes, scope and means of processing Personal Data of Users serving – each individually – as the administrator of personal data.
3. The Administrator of Personal Data of Users is: (a) The Client – with reference to various, justified purposes of processing these data by the Client (b) The Provider – with regard to processing these data for the purpose indicated in Sec. 1 of this paragraph.
4. The Client declares that, as the administrator of Personal Data of Users indicated in Sec.1 of this paragraph, has a legal basis for making this data available to the Provider.
5. Processing of personal data by the Provider for the purpose of providing services covered by the Agreement shall be based on the legal basis, i.e. art. 6 sec.1 let. f of Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46/EC [Regulation] (legitimate interest of the Provider).
6. Processing of the Personal Data of Users by the Provider in order to provide the services specified in the Agreement will continue throughout the duration of this Agreement, including legislation currently in force.
7. Each Party undertakes to process Personal Data of Users in accordance with the provisions of the Regulation and other commonly applicable legal provisions.
8. Each of the Parties shall implement information obligations in respect of data subjects under art. 13 and 14 of the Regulation in their own scope resulting from the provisions of the Regulation.
9. Each Party performs obligations under Chapter III of the Regulation in their own scope.
10. Each Party shall apply appropriate technical and organisational measures to ensure adequate data protection, including the measures referred to in art. 32 of the Regulation, and shall perform other duties imposed by the Regulations on the data administrator. In particular, each Party shall ensure that only persons authorised pursuant to art. 29 of the Regulation have access to Personal Data of Users.
11. Each Party shall maintain its own Records of processing activities, in accordance with art. 30 of the Regulation, and shall report violations of the protection of Personal Data of Users, in accordance with art. 33 and 34 of the Regulation.
12. Each Party shall be liable, including towards data subjects, in accordance with art. 82 and 83 and other provisions of the Regulation.
13. In the event that either Party suffers damage as a result of violation by the other Party processing Personal Data of Users within the scope of the Regulation, in particular when any financial penalty is imposed, the injured Party shall have the right to demand from the other Party compensation for the damage suffered, including reimbursement of costs related to court proceedings or other appropriate proceedings.
14. The Client, acting on the basis of Art. 28 items 2-4 of the Regulations, being the Administrator or a processing entity within the meaning of the abovementioned Regulation of Personal data potentially contained in the documents entered to the VDR system [Personal Data], hereby:
a) Entrusts to process Personal Data with the aim and within the scope indispensable for the performance of this Agreement and performance of services of FORDATA Virtual Data Room for the period of its validity and in pursuance of the provisions specified in the Agreement,
b) Grants the Supplier with General consent concerning sub-processing of Personal Data to other data processing subjects [Sub-processor], with the aim and within the scope indispensable for the performance of this Agreement and for the period of its validity.
15. In the event, the Client is a Processor, as mentioned in the Section 14 above, the Client declares that the Client has the Administrator’s consent for further entrusting Personal Data.
16. The Supplier, as the Processor, and in the event referred to in Section 15 above – further processing entity, is obliged to the following:
a) Guarantee that the people authorised to process personal data are obliged to keep these personal data confidential,
b) Guarantee safety of processed personal data entrusted to them according to the requirements specified in the Regulation, and according to applicable national legal regulations of the Parties,
c) Following the completion of the performance of the services concerning personal data processing and depending on the decision of the Client, to delete or return to the Client all personal data and to delete any existing copies of such data,
d) Provide the Client with all required information indispensable to confirm completion of obligations specified in the provisions of the Regulations as vested in the Supplier as the subject processing data, and allow the Client or an Auditor authorised by the Client, to carry out an audit, including inspection. Client is entitled to carry out 1 (one) inspection within a calendar year, that shall last no longer than 2 (two) working days. Client shall inform the Supplier about a date and scope of the inspection minimum 30 (thirty) days before. In the event the Client shall carry out inspection at the seat of the Supplier more frequently that once a calendar year and/or the inspection shall last longer than 2 (two) working days, the Client is obliged to pay the charge for such inspection in the amount of 200 zl (two hundred zlotys)net for every additional hour of inspection at the seat of the Supplier.
e) Assist the Client, according to available technical and organisation extent, with the performance of the requirements of a person, the data refer to, concerning compliance with the person’s rights specified in Part 2 of the Regulation, as well as with reference to the performance of the Client obligations specified in Articles 32-36 of the Regulation.
17. The Client, is obliged to the following:
a) Hold the rights to process Personal Data entrusted to the Supplier,
b) Inform the Supplier about the necessity to discontinue processing of specific personal data or their category and of their permanent deletion,
c) Cooperate with the Supplier in the performance of obligations of the Parties resulting from the Regulation and applicable national legal regulations of the Parties,
18. The Supplier declares that the Supplier shall not transfer any entrusted Personal Data to any third countries. The Supplier shall not be held responsible for any release, if any, of such personal data to any third entities.
19. The Client declares that the Client does not entrust to process Personal Data concerning judgements of conviction or infringement to law.
20. In the event of concluding an agreement on personal data processing by the Supplier as mentioned in item 1 b), the Supplier is obliged to:
a) Guarantee that the Sub-processor is obliged to perform the duties as specified in item 16 a) – e),
b) In situations mentioned in item 17 b) undertakes adequate actions towards Sub-processor.
21. In the event of intended change/amendment, such as adding or replacing Sub-processor with another data processing subject, the Supplier informs the Client about such intention.
Within 7 (in words: seven) days the Client has the right to lodge an objection against such change/amendment. In case of lack of such objection of the Client or delayed objection filed after the mentioned period, it is understood as a consent to make such change/amendment of the Sub-processor by the Supplier. In the event the Client fails to give such consent the Supplier is authorised to terminate the Agreement with immediate effect. If the objection of the Client, as mentioned in this provision, turns out to be unjustified, the Client bears liability for damages towards the Supplier for both actual loss and loss of profit.
22. The Supplier shall not bear responsibility for any infringement of personal data protection by the Client or any subjects the Client entrusts their personal data processing, including especially the infringement of obligations as mentioned in item 17 a)-c) neither for:
a) Processing of sensitive personal data without legal basis,
b) Processing of personal data concerning judgements of conviction or infringement to law or associated safety means without any legal basis.
23. If any national institution or person the data refer to, claims damaged from the Supplier for any infringement mentioned in item 17 a)-c) and items 22 a)-b), the Client undertakes to release the Supplier from responsibility towards the person the data refer to, by removing the infringement or payment of the claim (release from the debt) inclusive. In the event the Client fails to perform obligations mentioned in the previous sentence, the Client bears liability for damages towards the Supplier.
24. In the event of payment of damages, financial penalty, fine, or any other amount payable by the Supplier in favour of the person the data refer to, or in connection with decision or sentence of a public authority, the Client is obliged to reimburse the paid amount to the Supplier including any incurred charges such as legal services charges, administrative and legal procedure charges.

§ 9. Breach of the Agreement

1. In case the Client violates the provisions of the Agreement as well as the Terms and Conditions, the Supplier call the Client to cease the violation within 14 (fourteen) days from the moment of delivery of the call. The call is being made in written and delivered to Client’s e-mail address as indicated in the Order. Shall the violation continue, the provisions of Section 2 and 3 below apply.
2. In case the Client violates the provisions referred to in §4 Section 1, as well as §7 and §8 of the Agreement or in case the Supplier receives a credible information that the contents provided by the Client violate copyright, intellectual property rights, corporate confidential information or they violate legal order or proper decorum in any other way, by fault of the Client, Supplier is entitled to terminate the Agreement with immediate effect. Client is liable to compensate the Supplier each of the commenced billing period, as well as damages suffered.
3. In case the Supplier is informed about suspicion that the Client has violated articles of the Agreement or Terms and conditions, in particular a suspicion that contents provided by the Client violate copyright, intellectual property rights, corporate confidential information or they will violate legal order or proper decorum in any other way, Supplier is entitled to disable access to information provided by the Client until the matter clarification. In case the suspicion turns out groundless, the Agreement extends automatically for the period of disabling access to the VDR System to the Client without the necessity for the Client to bear any additional costs.
4. The Client is not entitled to damages if the Supplier ceases the Service in accordance with clauses 2 and 3 above.
5. The Supplier bears responsibility for not completing this Agreement basing on rules included in the Terms and Conditions.
6. Subject to the provisions of the Terms and conditions, in case the Supplier violates the provisions referred to in § 7 and § 8, the Client will be entitled to call the Supplier to remove the infringement without delay, no later than within 14 days from the date of the call, and after the expiry of this deadline, the Client will be entitled to terminate this Agreement through the fault of the Supplier immediately. The Supplier shall be obliged to return the remuneration due to the Supplier for each commenced settlement period and to the remuneration incurred by the Client.

§ 10. Notifications

1. The person authorized by the Supplier to make decisions resulting from implementation of this Agreement is Dorota Wójtowicz, Aleksandra Prusator, Alicja Kukla-Kowalska.
2. The person authorized by the Client to make decisions resulting from implementation of this Agreement is the person indicated in the Order.
3. Any correspondence to be given under or in connection with this agreement shall be sent to following addresses of Parties as well as via email:
a) To the Supplier: FORDATA sp. z o.o., ul. Taczaka 24/302, 61-819 Poznan, Poland,
e-mail: aleksandra.prusator@fordata.pl, alicja.kukla@fordatagroup.com, piotr.miszczyk@fordatagroup.com
b) To the Client: to the address indicated in the Order.

§ 11. Miscellaneous

1. Any modifications to this Agreement shall be done in document form and shall be duly executed. The appendices to this agreement shall be and considered an integral part hereof.
2. In accordance with art. 78[1] par. 2 of the Civil Code:
a) in order to maintain the electronic form of a legal act, it is sufficient to submit a declaration of will in electronic form and affix it with a qualified electronic signature,
b) a declaration of will submitted in electronic form is equivalent to a declaration of will made in writing.
3. In case of matters not regulated by this Agreement, adequate legal rules apply, in particular those of the Polish Civil Code.
4. The appropriate court to settle any disputes resulting from completion of this Agreement is the court of the Supplier.
5. This Agreement has been drawn up in duplicate, one original for each party.

Appendices:
1. The terms and conditions
2. The Order