Przejdź do treści

FORDATA Virtual Data Room Service Agreement


Version 08.11.2022


The online order placed via or sent to the Supplier in the form of a signed order (“Order”), and the Virtual Data Room Terms and Conditions (“Terms and conditions”) together with the below conditions form the agreement between the Supplier and the Client (“Agreement”). For all deadlines and concepts used in this Agreement, the Parties give the significance which was given in the Terms and Conditions and the Agreement, unless the Order clearly provides otherwise.


§1. General

1. The object of the Agreement is the provision by the Supplier of FORDATA Virtual Data Room to the Client. By providing FORDATA Virtual Data Room, the Supplier will create, manage and maintain a secure Virtual Data Room (“VDR System”), in order to provide access to Client’s documents and other materials or documents and other materials for which the Client is authorized (“VDR Service”). Only Users designated by the Client will have access to the VDR System and documents stored therein.
2. The VDR Service provider is FORDATA Sp. z o. o. with its head office in Poznan, Poland at Taczaka street 24/302, 61-819 Poznan, listed In Entrepreneurs’ Register No 0000324804 kept by Local Court in Poznan, VIII Economic Division of National Court Register, VAT: 634-270-95-49, REGON: 241110970 (“Supplier” / “Provider”)
3. The parties agree that the Service will be provided under the terms and conditions described in the Terms and Conditions and VDR Service Order.
4. Rules of processing data by the Provider are specified in Data Processing Agreement (“DPA Agreement”).
5. Data to be uploaded to the VDR Service might be provided by a different company authorized by the Client “Adviser”. Adviser’s contact details will be provided to the Provider via e-mail.


§ 2. Manner of concluding and duration of the Agreement

1. In order to conclude the Agreement, the Client should perform the following actions:
a. select individual services offered by the Supplier,
b. provide Client data, necessary to conclude the Agreement,
c. click the “Confirm purchase” button, which sends to the Supplier the Order for the services selected by the Client. The copy of the Order is sent to Client’s e-mail address.
send the Supplier a signed print of Order, which is an integral part of the offer submitted to the Client.
2. This Agreement is valid from its signing date until the Expiration Date.
3. The Agreement will be concluded for the period specified in the Order, once the Customer confirms the Order for the selected services provided by the Supplier, by clicking the “Confirm Purchase” button or while the signed Order is sent to the Supplier.
4. The Service provision starts when the Supplier provides the Client or indicated Users with the login code and password to gain full access to the VDR System. The login is sent to the Client within maximum 3 (in words: three) hours from the conclusion of the Agreement. In case the Agreement is concluded on weekends, holidays or business days after 17 CET, the access login is sent the next business day.
5. The access login to the VDR System will be sent to the Client after payment is confirmed. If the Client does not make payment for the Services agreed in accordance to the Order, the Supplier is entitled to withdraw from the Agreement due to the fault of the Client.
6. This Agreement will automatically renew on a month to month basis, unless the Client provides the Supplier written notice of its intent not to renew within 14 (fourteen)days from the Expiration Date. The Provider shall inform the Client by e-mail about the Expiration Date 14, 7 days before and on the Expiration Date.
7. Upon the conclusion of the Agreement, as described in Section 3 above, the Client entrusts the Supplier to process Personal Data on the principles referred to in the DPA Agreement.


§ 3. The Supplier’s Obligations

1. The Supplier shall provide the Service in a scope described in detailed in the Order and at the level described in the Terms and Conditions.
2. At the Client’s written request, the Supplier may perform additional works listed in the Order and in § 6 Section 2, such as uploading documents into the VDR System, managing the VDR System for the client, executing orders, activating additional functions in the VDR System (“Additional Services”).

3. Additional functions can be activated in the VDR System at any time during the billing period. No matter on which day of the billing period the function is activated, the first recurring fee is always charged in full.
4. The package of extra 25 (in words: twenty five) users is always activated and billed starting from the next billing period after the one in which it was purchased.
5. In case of ordering the encrypted media with VDR archive, the Client acknowledges and accepts that the time of media preparation depends on the amount of data to be recorded and the number of sets. Standard preparation time of 2 sets up to 3.5 GB each is 5 (five) working days. This time may be extended if there is more data or sets. Reducing this period upon Client’s request may incur additional charges.
6. Some parts of the VDR services and/or complimentary services may be completed through third parties („Subcontractors”). Complimentary services are those to enhance the execution of this Agreement. The Supplier shall be fully responsible for all activities and/or negligence of the Subcontractors and shall ensure that the Subcontractors keep confidentiality as described in §7 herein. Parties agree that the Subcontractor might, but does not have to be the Sub-processor. The Provider informs the Client about the Subcontractor to which the Provider entrusts to process Personal Data (“Sub-processor”), according to the DPA Agreement.
7. All data and materials provided by the Client to the VDR System, including documents, VDR instance and backup copies, will be permanently removed immediately after Agreement finishes, according to the ISO/IEC 27 001:2013 norm. The deletion will be confirmed by e-mail. The written data deletion protocol can be prepared by the Provider on the basis of Client’s template, at an extra cost of € 25 (twenty five) Euros.


§ 4. The Client’s Obligations

1. Client bears absolute and sole responsibility for the contents and data uploaded to the VDR System, including the name of the VDR project, content of documents uploaded to the VDR System, from the moment of providing him/her with Login details. Information and data placed by the Client will be lawful, in particular won’t violate copyrights, intellectual property rights, personal interest or any other third parties’ rights.

2. In case any party takes legal action against the Supplier and lay claims for compensation related to contents presented in VDR System, Client is liable for all the costs of damage and loss to the Supplier, including costs of legal advice. Client is liable for entering possible legal action supporting the Supplier under Art. 76 of the Code of Civil Procedure.


§ 5. License

1. The Supplier grants the Client with non-exclusive and territory unlimited License to use the VDR System in Software as a Service model, as permitted by this Agreement. The license does not include installation scripts related to the server side of the VDR System, nor its source code. The License is granted for the period of the validation of the Agreement.


§ 6. Pricing and Terms of Payment

1. For the VDR Service as set forth in §1, in the scope indicated in the Order, the Client is obliged to pay the amount resulting from the Order. The fee includes also the license throughout the period of providing the VDR Service.

2. In the event of the extension of the VDR Service, referred to in § 2 Section 3 or in the event of the exceeding the parameters of the VDR Service specified in the Order, such as the amount of data uploaded into the VDR System, the number of users invited to the VDR System and the number of Data Rooms launched during the Agreement and in the event of Additional Services referred to in § 3 Section 2, the Client is obliged to pay an additional fee in accordance with the rules indicated in the Order and in the table below:

ServicePrice (EUR net)
Monthly subscription for Virtual Data Room service (1GB, 15 users)€ 199/month
Additional users€ 16/user/month
€ 120/package of 25
Additional 1GB of data€ 165/month
(> 5GB € 123,75/mo; >10GB € 82,5/mo)
Customer Service Support - document uploading and project management€ 150/h
Encrypted media (DVD or USB) with Data Room contents (documents, reports, Q&A forum history)€ 100/1 copy (if <1GB)
€ 200/1 copy (if 1GB-4GB)
€ 400/1 copy (if 4GB-8GB)
€ 600/1 copy (if >8GB)

Shipping costs will be calculated separately.
Dedicated Link to the client's project (before project setup)€ 20/mo
Bilateral authentication with SMS codes (X.509 certificate)€ 50/activation (including 500 sms)
€ 0,07/1sms
Possibility to limit the IP addresses pool€ 250 (including 25 entrees)
€ 25 /1 change
Extra administrative reports:
- Users deleted
- Changes in the names of documents and folders
- Documents and folders uploaded
- Documents and folders deleted
- Changes of access rights to documents and folders
- Changes to groups' access rights
- Changes to user's access rights
€ 10/month/1 report
Providing secure and controlled communication module Q&A€ 50 / month
Group discussions on specific documents or folders€ 10 / month
Interface personalization (corporate logo, colours), custom watermarks (inserting corporate logo and individual content for instance: DO NOT COPY), custom invitations€ 10 / month
Client WWW integration€ 50 / month

3. Payments will be made on the basis of a VAT invoices issued by the Supplier, as described below:
a. Basic services fee, as set forth in the Order, paid in advance,
b. Recurring fee and Additional Services fee, as set forth in the Order and in § 6 Section 2, paid every 30 (in words: thirty) days from signing date of the Agreement.
4. The Provider declares that the Provider is aware of and complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [ “Regulation“]. In addition, the Provider declares that the Provider has a valid PN-ISO/IEC 27 0001: 2013 certificate (international standard in the field of information security management) [“Certificate“], that can be found under the link:
5. All formal obligations on the Provider’s side required by the Client, that go beyond the scope of VDR Service (e.g. completing security surveys, data processing surveys and other documents required by the Client; providing evidence that the requirements of the Regulation and Certificate have been met by the Provider) will be performed by the Provider only at the justified request of the Client sent by e-mail and will be charged an additional fee of € 100 (hundred Euros)) for 1 hour of work.

6. Taking inflation into account, the Provider’s renumeration will be subject to periodic indexation adjusted annually, starting 12 months after the Agreement comes into force and after each subsequent 12-month period of this Agreement. The index to be used for calculating the adjustment of the salary shall be the sum of the indexes of increase or decrease in the prices of total consumer goods and services announced by the President of the Central Statistical Office (GUS) for the last four quarters prior to the remuneration change. The Provider shall inform the Client about the change in remuneration immediately, but no later than thirty (30) days after the date of publication of the index. The change in remuneration shall apply to the first invoice following the date of informing the Client about the indexation. A change in the amount of remuneration resulting only from the above-described indexation does not require an amendment to the Agreement as an annex, but can be announced to the Client through the e-mail channel.
7. If the Provider does not receive the payment after the due date, the Provider is entitled, without prior notice to the Client, to deny access to the VDR System for the Client and all Users invited by the Client, until the payment is recorded.
8. VAT tax rate will be added to all payments according to the provisions of Polish law.
9. The Client is obliged to settle invoices within 7 (seven) days from their issue date.
10. Parties agree that VAT invoices will be issued and delivered only in electronic format i.e. PDF files.
11. Electronic invoices will be sent to the address indicated in the Order.


§ 7. Confidentiality

1. The parties agree to consider any information, data and documents obtained or related to this Agreement as confidential and not to disclose or transmit it in any manner to third parties during the entire duration of the Agreement without the prior written consent of the counterparty.
2. Confidential information includes, but not limited to, the following:
a) potential business transactions of the Client,
b) login obtained by the Client to access the VDR System,
c) documents and other materials received from the Client in order to upload them to the VDR System,
d) any other contents, parts and pieces generated basing on abovementioned documents,
e) all information or data related to the operations of the Client and the Supplier, in particular all technical, technological, organizational, financial, marketing, strategic, legal or any other information with economic value as well as information generated as a result of analysis or processing of provided information and documentation irrespective of how the information has been disclosed to the Supplier, any other party that is the Supplier’s Subcontractor or acts on the Supplier’s behalf (in a written, oral or any other form) but excluding information or data that:
– is or become public through any channel without breech of this agreement by the Supplier or,
– were known to or were in the Supplier’s possession before obtaining them from the Client or,
– were revealed basing on the Client’s written consent.
3. The Parties undertake as follows:
a) Keep secret all Confidential Information received from the other Party, and specifically, undertake the same precautions and safety means, with reference to them, as are taken by the Party with reference to their own Confidential Information,
b) Guarantee adequate protection of Confidential Information against unauthorised release, copying, reproduction or use, unless permission is received in writing upon written request of the other Party, or otherwise null and void,
c) Adoption of Confidential Information exclusively for the purpose of rendering services specified in this Agreement,
d) Deal with any and all correspondence, i.e. emails, files attached to emails, as the exclusive property of the Party supplying them and use them exclusively according to their purpose understood as rendring Service specified in this Agreement.
4. The Client hereby gives its consent to the Provider to inform about the cooperation of the parties in the Provider’s marketing materials, including the consent to use the Client’s logo by the Provider for the purpose of its visualization in accordance with corporate governance rules. This consent will come into force after the execution of the agreement or at the moment of public disclosure of information about the process covered by the agreement, whichever occurs first. The consent is pending until its express withdrawal by the Client. The Client also agrees to cooperate with the Provider in spreading information about the process this Agreement relates to.


§ 8. Breach of the Agreement

1. In case the Client violates the Terms and Conditions, DPA Agreement, as well as the provisions referred to in §4 Section 1 and in  §7 of the Agreement, or in case the Provider receives a credible information that the contents provided by the Client violate copyright, intellectual property rights, corporate confidential information or they violate legal order or proper decorum in any other way, by fault of the Client, the Provider calls the Client to cease the violation. Shall the violation continue after 14 (fourteen) days from the moment of receiving the call, the Provider is entitled to terminate the Agreement with immediate effect. Client is liable to compensate the Provider each of the commenced billing period, as well as damages suffered.

2. In case the Provider is informed about suspicion that the Client has violated articles of the Agreement or Terms and conditions, in particular a suspicion that contents provided by the Client violate copyright, intellectual property rights, corporate confidential information or they will violate legal order or proper decorum in any other way, the Provider calls the Client to cease the violation. Shal the violation continue after 14 (fourteen) days from the moment of receiving the call, the Provider is entitled to disable access to information provided by the Client until the matter clarification. In case the suspicion turns out groundless, the Agreement extends automatically for the period of disabling access to the VDR System to the Client without the necessity for the Client to bear any additional costs.

3. The Client is not entitled to damages if the Provider ceases the Service in accordance with clauses 1 and 2 above.

4. Subject to the provisions of the Terms and conditions, in case the Provider violates the DPA Agreement, as well as the provisions referred to in §7 of the Agreement, the Client will be entitled to call the Provider to cease the violation. Shall the violation continue after 14 (fourteen) days from the moment of receiving the call, the Client is entitled to terminate the Agreement through the fault of the Provider immediately. The Provider shall be obliged to return the remuneration due to the Provider for each commenced settlement period and to the remuneration incurred by the Client.


§ 9. Information clause

1. Both Parties become the Personal Data Administrator of the personal data of members of authorities, as well as proxies and employees of the other Party.

2. Information Clauses regarding the processing of personal data of the other Party’s members of authorities, proxies, entities authorized to represent the Party and the people indicated in the Agreement for contact purposes, can be found on each Party’s website under Privacy Policy. The Privacy Policy of the Provider is available at the following link:

3. The Party undertakes to provide the information referred to in Section 2 to the Party’s members of authorities, proxies and employees.


§ 10. Notifications

1. The person authorized by the Supplier to make decisions resulting from implementation of this Agreement are Aleksandra Prusator, Marcin Rajewicz, Piotr Miszczyk, Angela Czajko, Magda Zdunek.
2. The person authorized by the Client to make decisions resulting from implementation of this Agreement is the person indicated in the Order.
3. Any correspondence to be given under or in connection with this agreement shall be sent to following addresses of Parties as well as via email:
a) To the Supplier: FORDATA sp. z o.o., ul. Taczaka 24/302, 61-819 Poznan, Poland,
b) To the Client: to the address indicated in the Order.


§ 11. Miscellaneous

1. Any modifications to this Agreement shall be done in document form and shall be duly executed.
2. The appendices to this agreement shall be and considered an integral part hereof.
3. In case of matters not regulated by this Agreement, adequate legal rules apply, in particular those of the Polish Civil Code.
4. The appropriate court to settle any disputes resulting from completion of this Agreement is the court of the Supplier.
5. This Agreement has been drawn up in duplicate, one original for each party.



Latest versions:

Version 25.02.2022

Version 19.03.2021

Version 16.10.2020

Version 05.06.2020

Confidential. Property of FORDATA – copying prohibited. After printing, e-document not supervised.