Terms of service 2021-03-08

These Terms of Service for Privaon Software as a Service (the “Terms of Service”) govern and apply to the use of the Services provided by Privaon to the User via the Website.


In these Terms of Service and any agreement to which they apply to, unless the context otherwise requires, the following capitalized terms shall have the meanings given to them hereunder:

“Agreement” means these Terms of Service, together with any agreement to which they apply to, and all exhibits, schedules and attachments appended thereto;

“Data Protection Legislation” means all applicable laws relating to protection of personal data, including without limitation the laws implementing EU Directive 2002/58/EC and the GDPR and any amendments thereto;

“Documentation” means Privaon’s proprietary manuals and other documentation and materials for the Services;

“Effective Date” means the date of the Agreement or the date on which the User begins to use the Services, whichever is earlier;

“Fees” means the fees payable by the User to Privaon for the Services;

“GDPR” means the EU General Data Protection Regulation (EU) 2016/679;

“Intellectual Property Rights” means (i) patents, inventions, designs, copyright and related rights, database rights, trade marks and related goodwill, trade names (whether registered or unregistered) and rights to apply for registration; (ii) proprietary rights in domain names; (iii) knowhow and confidential information; (iv) applications, extensions and renewals in relation to any of these rights; and (v) all other rights of a similar nature or having an equivalent effect anywhere in the world;

“Party” means Privaon or the User individually;

“Parties” means Privaon and the User jointly;

“Personal Data” means any information relating to an identified or identifiable natural person that is processed under the Agreement;

“Privaon” means Privaon Oy, a limited liability company registered under the laws of Finland under company registration number 2647800-2, and with registered address at Upseerinkatu 1-3, 02600 Espoo, Finland;

“Security Breach” means any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the personal data that Privaon processes in the course of providing the Services;

“Services” means the services provided to the User by Privaon via the Website;

“Term” means the term of the Agreement;

“User” means the legal entity that uses the Services provided by Privaon;

“User Material” means data or material uploaded by the User to the Services or otherwise communicated to or made available to Privaon on behalf of the User for the provision of the Services or other material which is separately defined as the User Material by the Parties;

“Website” shall mean Privaon’s Internet website (www.dpo365.com).


2.1 In consideration for the due payment of the Fees by the User to Privaon, Privaon shall, during the Term, provide the Services and make available the Documentation to the User subject to the terms of the Agreement.

2.2 Privaon grants to the User a non­exclusive, non-transferable, non-sublicensable, limited right and license to use the Services during the Term in accordance with the Agreement. The User’s right to use the Services is limited to the User’s internal business operations and internal business purposes only. For the sake of clarity, the User shall have no right to use the Services for any marketing purposes.

2.3 The User may not use the Services for the benefit of any third party or grant any third-party access to the Services. The User shall be solely liable for the use of the Services, including any breach of the Agreement by the User. The User Material shall not contain any viruses or other malware that may damage or interfere with the Website or the Services, and the User Material shall not infringe upon any third-party rights.

2.4 Privaon shall have the right to make changes to the Services at any time. If a change made by Privaon has a material adverse effect on the agreed contents of the Services, or the agreed service levels (if any), Privaon shall inform the User of such change at least thirty (30) days before the effective date of the change. In such a case the User shall have the right to terminate the Agreement as of the effective date of the change by delivering a written termination notice to Privaon in writing no later than fourteen (14) days prior to the effective date of the change.

2.5 The Services are provided on an “as is” and “as available” basis, and Privaon disclaims all warranties, express or implied, including but not limited to, implied warranties of merchantability and fitness for a particular purpose and non-infringement.

2.6 Privaon (a) does not warrant that the Services will be uninterrupted or error free; nor that the Services, Documentation and/or the information obtained by the User through the Services meet the User’s needs, requirements or intended purpose; and (b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the User acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.


3.1 The User undertakes to perform the tasks for which it is responsible in conformity with the Agreement, in a timely manner and with due care. The User shall be responsible for its devices, systems, applications, connections and software as well as their functionality. The User shall also be responsible for devices, systems, applications, connections and software which it has acquired from third parties as well as their functionality.

3.2 The User shall be responsible for the protection of User’s data communications and data systems and costs for communications and other comparable costs related to the use of the Services. The User shall be responsible for procuring the hardware, connections, software and data systems to meet the operating environment specifications to use the Services as specified by Privaon.

3.3 The User shall ensure that only its own users are able to use the Services in accordance with the Agreement and licenses granted to the User under the Agreement. The User shall be responsible for ensuring that its users using the Services maintain their usernames and passwords diligently and do not disclose them to third parties. The User shall be responsible for all use of the Services when such User’s usernames and passwords are used.

3.4 The User undertakes to inform Privaon immediately if any username or password has been disclosed to a third party, or if the User has a reason to suspect misuse of a username or password. The User shall change the username or password required for the use of the Services upon written request of Privaon if necessary due to data security risk to the Services.


4.1 Privaon shall not be liable under the Agreement for any indirect, special, incidental, punitive or consequential damages, including but not limited to, damages for loss of goodwill, work stoppage, computer failure or malfunction, lost or corrupted data, lost profits or lost business. The total aggregate liability of Privaon under the Agreement shall not exceed an amount equal to the Fees paid by the User to Privaon during the six (6) months immediately preceding the event giving rise to liability, or three thousand euros (EUR 3.000), whichever is lower. The limitations of liability shall not apply to damages caused by gross negligence or wilful misconduct.


5.1 The User acknowledges and agrees that Privaon and/or its licensors own all Intellectual Property Rights in the Services and the Documentation. Except as expressly stated herein, the Agreement does not grant the User any rights to patents, copyrights, database rights, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of the Services or the Documentation.

5.2 All rights, title and interest, including all Intellectual Property Rights in and to the User Materials shall belong to the User or a third party.

5.3 The User shall be responsible for the User Material. The User shall be responsible for that the User Material does not infringe upon any third-party rights or applicable laws. By submitting any data to Privaon or to the Services, the User warrants that it has obtained all necessary rights, licenses and permissions under the applicable laws, decrees, regulations and agreements to submit the data to Privaon and its subcontractors or to the Services and have Privaon process such data for the purposes of the Agreement.


6.1 The User shall pay to Privaon the Fees set out in the Agreement (the “Fees”). The Payment term of the Fees is net thirty (30) days. The payment of the Fees shall be carried out by wire transfer to the bank account of Privaon.

6.2 Payments shall be made in Euro and the Fees are quoted exclusive of any taxes (such as VAT) or other charges, which taxes and other charges shall be added to the Fees at the time of invoicing in accordance with the then applicable tax laws and regulations.

6.3 Fees for DPO365 Service license are invoiced twelve (12) months in advance. Fees for DPO365 related consultancy services are invoiced upon completion of respective consultancy services.


7.1 Privaon shall be entitled to suspend the provision of the Services for a reasonable period of time if this is necessary in order to perform installation, change or maintenance work in respect of the Service or if such suspension results from installation, change or maintenance work in respect of public communication networks. Privaon shall also be entitled to suspend the provision of the Services due to a data security risk to the Service or if law or administrative order requires Privaon to do so.

7.2 Privaon shall always have the right to suspend the Services, if the User is in default with its payment of the Fees under the Agreement. The suspension can be continued until the User has paid all the unpaid Fees.

7.3 Privaon may suspend the Services if the User ceases to conduct its business, is adjudicated in bankruptcy or liquidation or corporate restructuring, is found insolvent in recovery proceedings.

7.4 Privaon shall be entitled to deny the User’s access to the Services without first hearing the User if Privaon reasonably suspects that the User burdens or uses the Services contrary to the Agreement, applicable laws or administrative orders or for a purpose prohibited by the Agreement, applicable laws or administrative orders or in a manner that jeopardises the provision of the Services to other users.


8.1 Each Party shall keep in confidence all material and information received from the other Party and marked as confidential or which should be understood to be confidential (“Confidential Information”), and may not use such Confidential Information for any other purpose than those set forth in the Agreement. The confidentiality obligation shall, however, not apply to material and information (a) which is or later becomes generally available or otherwise public; or (b) which the receiving Party bas received from a third party without any obligation of confidentiality; or (c) which was rightfully in the possession of the receiving Party prior to receipt of the same from the disclosing Party without any obligation of confidentiality related thereto; or (d) which a Party has independently developed without any use of or reference to the Confidential Information received from the other Party.

8.2 Each Party shall promptly upon termination of the Agreement, or when the Party no longer needs the Confidential Information in question for the purpose of performing its obligations or exercising its rights under the Agreement, cease using the Confidential Information received from the other Party and, unless the Parties separately agree on destruction of such Confidential Information, return the Confidential Information in question (including all copies, back-ups and reproductions thereof) to the other Party. Each Party shall, however, be entitled to retain the copies required by law or administrative orders applicable to such Party.

8.3 Notwithstanding the confidentiality obligation set forth herein, each Party shall be entitled to use the general professional skills and experience acquired in connection with the performance of the Agreement. The rights and obligations related to the Confidential Information shall survive the termination or cancellation of the Agreement for a period of three (3) years from such termination or cancellation.


9.1 Each Party shall comply with the Data Protection Legislation. The terms “controller”, “processor”, “data subject”, “processing” and “appropriate technical and organisational measures” shall be interpreted in accordance with the GDPR. The User acts as the controller and Privaon acts as the processor in relation to the personal data that Privaon processes in the course of providing the Services. Privaon’s privacy policy at the Website (https://dpo365.com/privacy-notice/) sets out the nature, duration and purpose of the processing, the types of personal data Privaon processes and the categories of data subjects whose personal data is processed in the course of providing the Services.

9.2 When Privaon processes personal data in the course of providing the Services, Privaon shall:

  • process the personal data only in accordance with documented instructions from the User which are included in this Agreement. Additional instructions need to be agreed in writing between the Parties.
  • notify the User immediately if, in Privaon’s opinion, an instruction for the processing of personal data given by the User infringes Data Protection Legislation;
  • ensure that Privaon’s personnel required to access the personal data are subject to a binding duty of confidentiality in respect of such personal data;
  • implement and maintain appropriate technical and organisational measures to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure;
  • keep records of processing necessary to demonstrate compliance and, upon the User’s request, make available such records of processing in reasonable time to the User;
  • notify the User without undue delay after becoming aware of any Security Breach as required by the Data Protection Legislation and take reasonable steps to mitigate any damage resulting from the Security Breach;
  • taking into account the nature of the processing and the information available to Privaon, provide reasonable assistance to the User in responding to requests relating to the exercise of data subject rights as well as ensuring compliance with the User’s obligations set out in the Data Protection Legislation relating to data security, Security Breaches, data protection impact assessments, and prior consulting obligations.

9.3 Privaon is entitled to use sub processors processing personal data in accordance with this section 9. The list of sub processors is available at the Website (https://dpo365.com/privacy-notice/). The User hereby consents to Privaon’s use of sub processors when processing personal data in accordance with this section 9. Privaon shall use its commercially reasonable efforts to ensure that its sub processors are subject to equivalent terms as set out in this section 9 and remains fully liable for its sub processors’ obligations. User may object to the addition of new sub processors only if User has well-grounded doubts about the ability of the sub processor to comply with Data Protection Legislation. If User does not object to the addition within four (4) weeks after a new sub processor has been added to the Website, Privaon may use the new sub processor in processing personal data.

9.4 Privaon shall not transfer any personal data to a country outside the European Economic Area unless that personal data is transferred to a country approved by the European Commission as providing an adequate level of protection for personal data, the transfer is made pursuant to Standard Contractual Clauses for the transfer of personal data, or other appropriate legal data transfer mechanisms agreed by the Parties.

9.5 At the User’s written request, sole costs and expenses and at least thirty (30) days in advance, the User is entitled to audit Privaon’s compliance with its obligations under this section 9 once every twelve (12) months.

9.6 If not instructed otherwise in writing by the User, Privaon shall delete and destroy the personal data processed hereunder within twelve (12) months after the termination of the Agreement. In case the User demands that the personal data are returned to the User or to a third party, the User will pay Privaon for any additional costs and expenses arising out such return of personal data.


10.1 Privaon shall be free to use subcontractors in the performance of its obligations and exercise of its rights under the Agreement. Privaon shall be liable for the acts and omissions of its subcontractors under the Agreement as for its own.

10.2 Privaon shall have the right to use its relationship with the User as a reference in its marketing and sales promotion activities.

10.3 No failure of Privaon to exercise or enforce any of its rights under the Agreement will act as a waiver of such rights.

10.4 Privaon shall not be liable for any delays or non-performance of its obligations or any damages caused by an impediment beyond its reasonable control, which it could not have reasonably taken into account at the time of entering into the Agreement, and whose consequences it could not reasonably have avoided or overcome. For instance, errors in public communication networks or electricity supply shall constitute such an impediment. Strike, lockout, boycott and other industrial action shall constitute a force majeure event also when Privaon is the target or party to such action. A force majeure event suffered by a subcontractor of Privaon shall also discharge Privaon from liability, if the work to be performed under subcontracting cannot be done or acquired from another source without incurring unreasonable costs or significant loss of time. Privaon shall without delay inform the User in writing of a force majeure event and the termination of the force majeure event.

10.5 The User shall not be entitled to assign nor transfer all or any of its rights, benefits and obligations under the Agreement, without the prior written consent of Privaon.

10.6 If any of the clauses or sections of the Agreement is declared void or without effect, in whole or in part, by a competent court, it shall only affect that provision or the part thereof that is void or without effect. Any terms and conditions that by their nature or otherwise reasonably should survive a cancellation or termination of the Agreement shall also be deemed to survive.


11.1 The Agreement shall commence on the Effective Date and shall continue in force for the Term, unless terminated earlier by a Party in accordance with the Agreement.

11.2 A Party has the right to terminate the Agreement for convenience by giving ninety (90) days’ prior written notice to the other Party.

11.3 Privaon has the right to terminate the Agreement with immediate effect and without any obligation to pay damages or any other liability to the User where the User has itself used or allowed any third party to use of the Services contrary to the Agreement, or when a serious data security threat so demands.

11.4 A Party may terminate this Agreement if (a) the other Party becomes insolvent, applies for or is adjudicated in bankruptcy or liquidation or corporate restructuring or otherwise ceases to carry on its business; or (b) the other Party is in material breach of the terms and conditions of the Agreement and fails to remedy such breach within thirty (30) days from the date of receipt of a written notice by the non-defaulting Party, such written notice detailing the breach and the intention to terminate.

11.5 On termination of the Agreement for any reason: (a) the User shall immediately cease to use the Services; (b) Privaon may destroy or otherwise dispose of any of the User Material in its possession unless Privaon receives, no later than ten (10) days after the effective date of the termination of the Agreement, a written request for the delivery to the User of the then most recent back-up of the User Material. Privaon shall use reasonable commercial endeavours to deliver the back-up to the User within thirty (30) days of its receipt of such a written request, provided that the User has, at that time, paid all Fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The User shall pay all reasonable expenses incurred by Privaon in returning or disposing of User Material; and (c) the accrued rights of the Parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced.


12.1 The Agreement shall be governed by and construed in accordance with the substantive laws of Finland, excluding its conflict of law provisions.

12.2 Any dispute, controversy or claim arising out of or relating to the Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one. The seat of arbitration shall be Helsinki, Finland. The language of the arbitration shall be English.