On one hand, CLOUDI NEXTGEN LTD, with registered office at Ronda General Mitre, 25, Bajos, Barcelona, VAT Number B-66.356.528, from now on CLOUDING.IO.
And on the other hand, the natural or legal person that fills out the assignment and hiring service form, at their disposal on the website www.clouding.io, from now on, the CLIENT.
Both parties reciprocally acknowledge the necessary legal capacity for the acceptance of the clauses contained in the present contract, for which
DECLARE
- That CLOUDING.IO is a company dedicated to the provision of services on the processing, hosting and data treatment and other services on the cloud (internet), having at its disposal the equipment, systems and IT and necessary electronic resources and in adequate functioning condition.
- That the CLIENT is interested in hiring the services provided by CLOUDING.IO online and remotely.
- That the CLIENT accepts and understands, in a free and unmistakable way, the conditions and clauses described below, in order to hire the CLOUD SERVER service, offered by CLOUDING.IO through its website www.clouding.io, establishing a commercial and contractual relationship between both parties, whose effects are those described in the following:
CLAUSES
ONE.- OBJECT.
The CLIENT, accepting the following clauses, is hiring the CLOUD SERVER service, consisting of the provision, by CLOUDING.IO in favor of the CLIENT of one or more virtual servers, hosted in the cloud (internet), which in order to be accessed need an internet connection and whose configuration will depend on the features hired at every moment, through the website www.clouding.io
TWO. - DEFINITIONS.
For the purposes of the present contract, it will be understood as:
- VIRTUAL SERVER: Group of technical elements that, through the installation and use of a virtualization software, treat and host information. The mentioned group of elements are located, in parallel and in an isolated way to other virtual servers, in a physical server.
- CLOUD SERVER: It is a virtual server, obtained throughout the virtualization of physical equipment, at disposal on the Internet network, whose access will be limited to the CLIENT.
- CLIENT: natural or legal person that proceeds the hiring of services provided by CLOUDING.IO, committing to the compliance of the obligations contained in the present document. In case that the CLIENT is a legal person, the physical person authorized by the legal person will be in charge of the management of the hired service, considered CLIENT for the purposes of the present document.
- CLOUD: System that allows creation, storing and access to the information from multiple spots or IP´s without technical limitations such as the equipment's capacity and the investment in technically complex infrastructures, whose only necessary element is Internet access and being authorized user to the data treatment and information contained in the Cloud Server.
- CONTROL PANEL: Access platform that CLOUDING.IO provides the CLIENT for the management, creation and cancellation of the different services provided by CLOUDING.IO.
- IP ADDRESS: Numeric label that identifies, in a logical way, the interface of a device inside a network that uses the IP protocol (Internet Protocol).
- ACCESS KEYS: Elements that configure the identification and authentication system, composed by a user name and a password, used with the aim of identifying in a clear and authoritative way the authorized user that access the net or the hired services.
- VIRTUALIZATION TOOL: Software installed on a physical server that allows the segmentation of its devices in different servers of dimensions, in terms of capacity, more reduced, keeping them separated and isolated from each other, isolating as well the resources, data and processes with the aim of allowing them to function as servers in an independent way.
- SECURITY COPIES: Support and/or group of processes oriented to the copy/replica of the data contained on the servers, in order to recover them in case of loss or incident.
- LICENSE USE: Authorization of the developer or owner of a group of processes for the information treatment (software) in favor of third parties, with the established contract limitations, or failing this, those established by the regulations.
- PAYMENT GATEWAY: Service provided by an external server provider, oriented to e-commerce that authorizes payments and collections in the hiring of electronic services (online), encrypting the economic information obtained from the CLIENT in order to guarantee security in the transaction.
THREE. - TECHNICAL FEATURES.
3.1 Registry and hiring.
Through the filling out of the contract form, the CLIENT formally asks for the hiring and enabling of the CLOUD SERVER service, with the chosen resources assignment, becoming that form, together with the description and correspondent fees, an integral part of the present contract as an Annex.
In order to proceed to the handling of the petition, the CLIENT will necessarily register as a user through the web portal www.CLOUDING.IO providing a user name and a password, of which the CLIENT will be the only responsible and that will become necessary from that moment on for the execution of the contracting and signing up in the CLOUDING.IO system. After that, CLOUDING.IO will ask for the verification, by telemetric means (mail or SMS), of the personal and contact data provided, as well as those regarding the authorised person, in the case that the CLIENT is a legal person.
3.2 .Access and activation.
Once received the petition for the service, the CLIENT will receive, via e-mail, the following list of steps to be followed:
- Access to the “CLIENT control panel”: in order to be able to manage the billing and/or modify the number of Cloud Servers hired, with the increase, if applicable, of the correspondent rates in every case.
The mentioned access will only be sent by CLOUDING.IO in case of a new CLIENT. Those users who want to ask for more Cloud Servers will have to do so through the access keys and panel control already assigned at the beginning.
The access keys to the panel control will be those given by the CLIENT the moment he has registered. Clouding,io has no previous control of the access keys provided by the CLIENT, who is the only responsible of their assignment of the authorized user and its custody.
- The “access to the Cloud Server” data hired, constituted by: predetermined IP address, user and password, that the CLIENT will have to modify afterwards and will only be known by the CLIENT, not giving CLOUDING.IO any access to them. These keys will be stored, in an encrypted way, on the CLOUDING.IO Servers.
According to the former, through the access keys, the CLIENT will have access to their Cloud Server and perform the tasks and setups deemed appropriate, within the parameters and technical and contractual limitations laid out in this contract and the existing enforcement rules.
The CLIENT is the only one responsible for the custody and confidentiality of the access keys, regarding the panel control as well as those about the access to the Cloud Server. Its loss will prevent the access to their Cloud Server, having to start the technical procedures addressed to CLOUDING.IO in order for its restoration.
3.3. Setup of the Cloud Service.
The virtualization platform used by CLOUDING.IO is an OpenStack platform. Owing to the great complexity of this platform, CLOUDING.IO will perform two updates per year. These updates will be informed with a 24-hour minimum advance, via e-mail, so that the CLIENT can perform the contingency tasks deemed adequate in case these tasks were necessary.
The initial setup and following management, as well as the resources assignment and reassignment of the Cloud Servers contracted by the CLIENT will be done through the panel control provided by CLOUDING.IO at their disposal. From this control panel, the CLIENT will be able to perform on the Cloud Servers actions such as create, erase, start, restart, stop and access the dashboard of the Contracted Cloud Servers and related services available for the CLIENT.
3.4 Security copies system.
The CLOUD SERVER service does not include the security copies service of the content hosted in the Cloud Servers acquired by the CLIENT, the latter being the only one responsible for its setup and effective implementation.
The CLIENT will have to either set up or hire the correspondent security copies service following the technical specifications that the CLIENT has setup for their Cloud Servers. By no means will be demandable to CLOUDING.IO the providing of this service, by default or understanding it included in the setup and acquisition of one or several Cloud Servers.
In the acquisition of the Cloud Server, CLOUDING.IO recommends the setup by the CLIENT of a copy system that allows to perform a full complete copy of the system/unit and afterwards performs data copies deemed necessary to keep, with the frequency that fits their interests and needs, that being complete copies or partial copies of the latest changes.
Notwithstanding the latter, CLOUDING.IO will perform, in compliance with the correspondent security measures, back up and data recovery before any eventuality or loss, but always considered as an internal measure and not an element available for the CLIENT or demandable to CLOUDING.IO.
FOUR. - OBLIGATIONS AND RESPONSABILITIES OF CLOUDING.IO.
CLOUDING.IO commits to:
- Act with due diligence and within the parameters of loyalty and good faith.
- Provide with its available means in order to offer an optimum service for it to be developed adequately 24 hours a day, 7 days a week, in a safe, efficient and effective manner.
- Not to access illegitimately, without previous permission, in written and consent of the CLIENT to the data, content and applications contained in the Cloud Server and/or any of the Cloud Servers for the performance of maintenance and issues management tasks.
- Report to the CLIENT all the changes and modifications, regarding either of software or hardware, that may affect the adequate functioning of the hired services. CLOUDING.IO uses Openstack system for the virtualization of the physical equipment and the setup of the Cloud Servers. CLOUDING.IO will perform the necessary updates and maintenance tasks to keep the adequate functioning of Openstack.
- CLOUDING.IO reserves the right to interrupt the service, owing to repairs and technical and maintenance upgrades, previous warning to the CLIENT, with a 24-hour minimum prior notice, taking the necessary security measures for the correct use and development of the hired service. The mentioned notice will not be necessary in the case that the interruption of the service is owed to force majeure causes.
- The CLIENT accepts to withstand, within reasonable limits, the risks and imperfections or, if such were the case, the unavailability of the service owing to the complexity of the used programs as well as the state of the technique and the technology. Therefore, the CLIENT expressly waives the claim of any responsibility, contractual or non-contractual, of damages or any other similar to CLOUDING.IO because of possible failures, slow speed or eventual mistakes regarding the access and use of the hired service.
Given the situation that CLOUDING.IO breaches the commitments assumed in this contract providing a faulty service for a non-interrupted more-than-24-hours period, Clouding´s liability will be limited to the proportional reimbursement to the applied fee during that interruption period, and under no circumstance will pay under the concept of compensation amounts above one-year cost/fee.
By no means will CLOUDING.IO assume the responsibility regarding the data loss, interruption of the business or any other damage owing to the function of the service in the event the aforementioned doesn't fulfill the CLIENT´s expectations. The access and use of the Cloud Server service is the exclusive responsibility of the CLIENT, therefore CLOUDING.IO takes no responsibility (direct, indirect or otherwise) of any direct or indirect damage that may have been caused to the CLIENT, as well as third parties related to the CLIENT.
Therefore, and owing to the aforementioned, CLOUDING.IO will not take any responsibility:
- Of mistakes made by the providers to Internet access.
- Of virus contamination in the equipment, whose protection lies with the CLIENT.
- Of intrusions by third parties to the CLIENT´s equipment even though Clouding has established reasonable protection measures.
- Of the faulty or incorrect setup of the Cloud Server system by the CLIENT.
- Of the misuse of the service by the CLIENT, which becomes their complete responsibility. CLOUDING.IO will have to fulfill all the obligations laid out along this contract in spite of not being expressly included in this clause.
FIVE. - OBLIGATIONS AND RESPONSABILITIES OF THE CLIENT.
The CLIENT will have to comply with all the terms and conditions foreseen and accepted in this contract in the exercise of their activity, this being either personal, professional and/or commercial, acting in a loyal way and following the good faith parameters.
The CLIENT commits to not use the service of the Cloud Service against public order, in force and applicable legislation, and remaining forbidden in an explicit but not exhaustive way the following actions:
- Uses against Spanish law and breaching third parties´ rights.
- Any action that breaches third parties´ intellectual property rights, regarding contents as well as preinstalled software, such as the virtualization software used by CLOUDING.IO at any moment, to which the CLIENT has no license use. However, in case the CLIENT contracts the license use of any software, this being of virtualization or not, will have the right to place it in the Cloud Server, as long as this is pointed out to CLOUDING.IO at the installation moment.
- Obtaining and processing personal data without consent of the affected party by the CLIENT and all conducts contrary to the provisions of current regulations on personal data protection, being the CLIENT the only responsible.
- Any abusive and intensive use of assigned resources, such as the calculations of cryptocurrencies.
It is the CLIENT´s responsibility:
- To have the knowledge, capacities and enough ability for the use, handling, setup, maintenance and, when applicable, repair and restoration of the hired Cloud Server.
- To perform adequate use of the logical tools provided at their disposal with the aim to gain the best efficiency of the hired service. This implies that they will refrain from replicate, access without authorization to the setup of the correspondent applicative in order to access the Cloud Servers, and not to access in a non-legitimate way to the configuration systems of the equipment, property of CLOUDING.IO, aimed to the Cloud Server providing services.
- To fulfil the technical restrictions and specifications, provided in the applicative, as well as following the specifications that CLOUDING.IO reports the CLIENT regarding the functioning and management of the Cloud Server the CLIENT disposes.
- To the optimum management of the room destined to its Cloud Servers, as well as the data traffic managed and created in his/her/its Cloud Server(s). In case that CLOUDING.IO spots an excessive use of the common and assigned resources within the platform (storage speed, CPU use, net traffic use, amongst others), that causes or might cause any kind of failure or slowdown of the systems or that might damage third Cloud Servers. CLOUDING.IO reserves the right to intervene, or where appropriate, to stop the server, as a preventive security measure, aimed to be able to sort out any issue or extension of the service hired by the CLIENT.
- The CLIENT is the only responsible for the authorised access to the content inside the Cloud Servers, not being responsible for its enabling, authorization and control.
- To carry out all tasks required by the General Regulation (EU) 2016/679 on Protection of Personal Data in its article 32, regarding data security.
- To perform the corresponding security copies of the content within his/her/its Cloud Servers, therefore CLOUDING.IO will not take any responsibility in guaranteeing their recovery.
- To respond to the legitimacy in the use and installation of the applications and software tools within the Cloud Servers, being of exclusive use of the CLIENTs and their authorised users, being CLOUDING.IO fully exonerated of any responsibility before any eventual fault caused by the CLIENT or any of their authorised users.
The CLIENT is responsible for the existing regulations in every moment, of any fault regarding e-commerce, author rights, maintenance of law and order, information security, personal data protection, protection of minors, as well as the rules and principles about the use of the Internet network, as well as any claim derived from the content that the CLIENT has in their Cloud Servers, that may breach third parties´ rights protected by the laws.
The CLIENT will have to fulfill all the obligations laid out through the present contract in spite of not being expressly included in the present clause. In the event that issues happen on the Cloud Servers and security systems as a direct consequence of negligent actions by the CLIENT, the latter will take any civil and penal responsibility that might arise in these cases.
The CLIENT will not be able to transfer to a third party rights and obligations deriving from this contract without the previous written consent of CLOUDING.IO. The CLIENT has full responsibility regarding the use and content of the hired Cloud Servers, of the stored information and of the treatment of that information.
SIX. - CHANGES REGARDING THE HIRED SERVICE.
Any change or modification of the features and/or reach of the service hired by the management of the CLIENT will have to be done through the control panel, enabled for the own management of the CLIENT, according to the technical specifications set by their own control panel at the beginning. In the aforementioned control panel the amount to be paid for any change on the Cloud Servers will be automatically set up, their capacity and reach, this one being computable by the end of every month. CLOUDING.IO reserves the right to modify the conditions, as well as the features of hire, always prior notification in writing to the CLIENT. Such modifications will be done with the aim to improve the service provisions hired and specified at the website https://clouding.io will report to the CLIENT referring the necessary documentation, including modifications of the present contract. In the case that the CLIENT did not agree the reported modifications, there will be a period of 14 calendar days, from the day of reception by the CLIENT of the new conditions, according to the notification system provided in Clause Fifteen of the present contract, in order to request the cancellation of the service, according to the notification system provided in Clause Ten of the present contract. If the CLIENT does not declare anything, CLOUDING.IO will consider that the CLIENT accepts the new conditions.
SEVEN. - ENTRY INTO FORCE.
The present contract will come into force the day of service activation, which is, the moment the CLIENT is able to access and use the hired service, receiving the access e-mail and confirmation of the formalization of hire, according to what has been established in the Clause Three.
EIGHT. - PRICES AND PAYMENT METHOD.
Prices are subject to what has been stated in the “FEES” for Cloud Server section and the plans available on the www.clouding.io website that will be part of the present contract as an Annex.
The billing system and the calculation of the costs of the hired service will be determined by the number of hours that the Server is created, even if it is stopped, and the management will be done by the CLIENT through the control panel.
Payments will be done monthly, within which a calculation of the number of hours the service has been hired, being the billing starting date, the date of the hire of the service done through the order form, fulfilled by the CLIENT though the website CLOUDING.IO. The aforementioned order form will be part of the present contract as an Annex.
CLOUDING.IO will issue the corresponding bill with all the concepts detailed, and will be sent online (e-mail indicated by the CLIENT, mainly).
The CLIENT will always indicate a payment method of those established in the order form. The payment methods allowed for this service are direct debit, Paypal or credit card. Depending on the volume of the hired services, will be assessed, for each case, the possibility of payment through bank transfer will be assessed.
The established payment methods will be developed as follows:
A.- Direct Debit: Payment receipts will be presented at the account number given by the CLIENT through the control panel, within the following 10 days to the end of the monthly billing period.
For each bank return occurred for causes imputable to the CLIENT, CLOUDING.IO will charge an additional fee of 6.01€, as return expenses.
B.- Paypal: Payments will be charged to the Paypal account appointed by the CLIENT, using a Paypal “payments agreement”, which authorises CLOUDING.IO to charge automatically the fees at the end of the monthly period in the aforementioned account.
C.- Credit Card: The charges in the credit card appointed by the CLIENT will be done by the end of the monthly period. By no means will CLOUDING.IO store any data of the credit cards of the CLIENT, but it will be used by the payment getaway ADYEN, which will be in charge of the electronic payments management, which will store such data safely. As a security measure for card verification, if a new credit card is added, a 1 euro charge will be done, being returned at the confirmation time, being thus confirmed the validity of the charging data provided.
In order to pass the correspondent charges to the CLIENT, CLOUDING.IO will be able to use electronic payment companies, in order to do so, the CLIENT expressly authorises the necessary data transfer to the management of the corresponding charges according to the generated billing and depending on the payment option selected.
Taking into account the aforementioned in the previous paragraph, CLOUDING.IO keeps the right to suspend the hired service prior notice to the CLIENT, temporarily, if any issue is detected regarding the charge of the service and/or lack of payment, independently of the method payment chosen by the CLIENT. This situation might derive, in case of persistent non-payment, in the suspension and resolution of the contract on an unilateral basis by CLOUDING.IO, in the same terms provided in Clause Ten.
NINE. - CASE OF FORCE MAJEURE.
Parties will be exempt of responsibility for infringement of that stated in the present contract, when the mentioned infringement is owing to force majeure causes, not existing, therefore, right to compensation. In this case, if the infringement lasts at least two months, parties can opt to cancel the contract, according to terms established on the Clause Ten.
TEN. - CAUSES AND WAYS OF TERMINATION OF THE CONTRACT.
The following will be considered causes of termination of the present contract:
- Mutual agreement of the parties.
- End of the contract period or any of its extensions, according to what has been established in Clause Fourteen.
- For breach, by any of the parties, of the obligations, commitments and responsibilities acquired in the present contract.
- The non-payment, by the CLIENT, of two consecutive monthly payable rates. In this case, CLOUDING.IO, will be allowed, without previous warning, to conclude the service, cancelling any access facilitated to the CLIENT and erasing all the hired Cloud Servers, as well as their content.
- When any of the parties is in bankruptcy situation or suspension of payments.
- Force majeure causes, according to that established in Clause Nine. When the CLIENT decides to terminate the contractual relationship with CLOUDING.IO, they can notify this through the control panel,the withdrawal coming into effect at that very moment and being billable to the CLIENT the provided services up to the withdrawal date at the end of the current month being billable to the CLIENT. With the aim to avoid possible damage to the CLIENT will be responsible of recovering the software applications and tools as well as the contents hosted on the Cloud Servers, through the copy security systems that the CLIENT has set up previously to the end of the service. Otherwise, CLOUDING.IO will not be responsible for the information loss due to the lack of the security copy done before the end of the contract.
In the event that the CLIENT was a final user/consumer, the rules regarding the money-back guarantee will be governed by the provisions stated in the Consumers and Users applicable regulation.
Any pending payments will have to be cancelled in a maximum period of 15 business days, counting from the date when the billing is demandable to the CLIENT.
ELEVEN. - WITHDRAWAL.
According to that established in Art. 103(a) Royal Legislative Decree 1/2007, of November the 16th, which approves the consolidated text of the General Law for the Defence of Users and Consumers and other complementary laws and in its wording according to that established in section twenty-eight of the only article of the General Law for the Defence of Users and Consumers and other complementary laws, approved by the Royal Legislative Decree 1/2007, of November the 16th, applied to the contracts with consumers and users that have taken place since June the 13th 2014, the right to withdrawal of the CLIENT will not be applicable in the event that the contracts refer to the delivery of services once the service has been fully completed, with previous consent of the CLIENT.
According to the latter, regarding the duration of the contractual relationship between CLOUDING.IO and the CLIENT established in the Clause Sixteen of the present document, that will be done regarding the hours while the Server has been created , such creation and full availability of the service by the CLIENT, it will be understood that the service has been fully executed, and, therefore, through the acceptance of the service the CLIENT expressly and knowingly acknowledges their right to withdraw the service, the sum of the hours being billable the sum of the hours while their Cloud Servers have been created, according to their control panel.
TWELVE. - INDEPENDENCE FROM THE CONTRACT CLAUSES.
When any of the clauses contained in the present contract are declared or considered illegal or null by any judge or court, administrative body, arbitration board or public entity, the rest of the clauses of the present contract will be kept in force and effective. CLOUDING.IO and the CLIENT commit to comply to cooperate with the aim of replacing the illegal or null clause as soon as possible for a new clause that brings along a permissible result as similar as possible to the aimed result of the invalid clause, not incurring in the same invalidity or annulment cause.
THIRTEEN- PERSONAL DATA PROTECTION.
13.1 Current regulations on personal data protection.
- Regulation (EU) 2016/679 of the European Parliament and the Council, of April 27th, 2016, regarding the protection of natural persons regarding the processing of personal data and free circulation of these data, from now on RGPD.
- Organic Law 3/2018, of December 5th, on protection of personal data and guarantee of digital rights, from now on LOPDyGDD.
13.2 Definitions.
- Personal data: any information about an identified or identifiable natural person. An identifiable natural person must be considered any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of the physical, physiological, genetic, psychic, economic, cultural or social identity of this person.
- File: any structured set of personal data accessible according to certain criteria, whether centralized, decentralized or distributed in a functional or geographical way.
- Treatment: any operation or set of operations carried out on personal data or sets of personal data, whether by automated procedures or not, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, broadcast or any other form of enabling access, collation or interconnection, limitation, deletion or destruction.
- Responsible for the treatment: the natural or legal person, public authority, service or any other body that, alone or together with others, determines the purposes and means of the treatment; if the UE's or member states' legislation determines the purposes and means of the treatment, the responsible for the treatment or the specific criteria to its appointment may be established by the UE's or the member states' legislation.
- Person in charge of the treatment: the natural or legal person, public authority, service or any other body that processes personal data on behalf of the person responsible for the treatment.
For the purposes of the definitions, the CLIENT will be considered as Responsible of the treatment and CLOUDING.IO as Manager of the treatment.
13.3 CLIENT liabilities as Responsible of the treatment.
- Facilitate the right to information to interested parties at the time of collecting personal data.
- Guarantee that the data provided to CLOUDING.IO have been obtained lawfully and that they are adequate, pertinent and limited to the purposes of the treatment.
- Assessing the impact on the protection of personal data due to the operations processing that CLOUDING.IO has to carry out, if necessary.
- Make prior consultations to the Spanish Data Protection Agency on the assessment of the impact on the protection of personal data when appropriate, if necessary.
- Ensure, before and throughout the treatment, that CLOUDING.IO complies with the current regulations on personal data protection.
- Oversee the treatment carried out by CLOUDING.IO, including reviews and audits.
13.4 CLOUDING.IO liabilities as a Manager.
CLOUDING.IO and all its staff undertake to:
- Comply with all the obligations that may correspond to it as the one in charge of the treatment in accordance with the current regulations on the protection of personal data and any other provision or regulation that is equally applicable.
- Use the personal data object of treatment, or those collected for inclusion, only for the purpose of this contract. Under no circumstance data can be used for its own purposes.
- Treat the data in accordance with the CLIENT's documented instructions. If CLOUDING.IO considers that any of the instructions violates current regulations on the protection of personal data or any other provision on data protection of the UE or the member states, CLOUDING.IO must immediately inform the CLIENT.
- Make available to the CLIENT all the information necessary to demonstrate that it complies with its obligations regarding current regulations on the protection of personal data and the obligations stated in this contract, as well as to carry out the audits done by the CLIENT or another auditor authorized by the client.
Record of treatment activities
CLOUDING.IO will incorporate the treatments that carries out, on behalf of the CLIENT, for the execution of this contract in its record of treatment activities, with the content specified in article 30.2 of the RGPD.
This obligation will not apply to companies or organizations that employ less than 250 people unless one of the following circumstances occurs:
- If it's likely to be a risk to the rights and freedoms of the interested parties.
- If the treatment is not occasional.
- If it includes special categories of data or offenses and criminal convictions.
If any of these circumstances take place, CLOUDING.IO will have to include its treatments in the Registry.
Data communication to third parties
CLOUDING.IO can't communicate personal data object of this contract to third parties, unless it has the express authorization of the CLIENT, in the legally admissible cases.
The transmission of personal data to Public Authorities or Administrations in the exercise of their public functions are not considered data communications, therefore the authorization of the CLIENT will not be required if these transmissions are necessary to achieve the purpose of the object of this contract.
CLOUDING.IO can communicate the data to other managers of the treatment of the same CLIENT, in accordance with the CLIENT's instructions. In this case, the CLIENT has to identify, in advance and in writing, the entity to which the data must be communicated, the data to be communicated and the security measures that must be applied to proceed with the communication.
If CLOUDING.IO has to transfer personal data to a third country or an international organization, by virtue of the Union Law or the one applicable by member states, it has to inform the CLIENT of this legal requirement in advance, except if this right forbids it it for important reasons of public interest.
International transfers of personal data
CLOUDING.IO will not be able to carry out data transfers to third countries or international organizations not established in the EU, unless it has obtained prior written authorization from the CLIENT; which, if any, will be attached to this contract.
If CLOUDING.IO has to transfer personal data to a third country or to an international organization, by virtue of the Law of the Union or of the Member States that is applicable, it will inform the CLIENT of this legal requirement in advance, except that such Right prohibit it for important reasons of public interest.
Subcontracting of services that are part of the contract
CLOUDING.IO informs the CLIENT that the servers from which the contracted services are provided are physically located in the following location:
Evolutio Cloud Enabler S.A.U.
Calle Montserrat Roig, 42 - 44. Dt Datacenter
L'Hospitalet de Llobregat
08908 Barcelona
The CLIENT expressly authorizes CLOUDING.IO to subcontract the services or part of them with third parties, when for technical reasons the provision of the service must be guaranteed, always respecting the obligations provided for in the RGPD.
The subcontractor, who is also in charge of the treatment, is also compelled to comply with the obligations that this document establishes for CLOUDING.IO and the instructions issued by the CLIENT. It's up to CLOUDING.IO to regulate the new relationship, so that the subcontractor is subject to the same conditions (instructions, obligations, security measures ...) and with the same formal requirements as CLOUDING.IO, regarding the proper processing of personal data and the rights guarantee of the affected persons. If the subcontractor fails to comply, CLOUDING.IO continues to be fully responsible to the CLIENT in terms of compliance with the obligations.
Confidentiality and training
CLOUDING.IO has to maintain the duty of secrecy regarding the personal data to which it has had access by virtue of this contract, even after the object of the same ends.
CLOUDING.IO has to guarantee that the staff authorized to process personal data undertake, expressly and in writing, to follow the CLIENT's instructions, to respect confidentiality and to comply with the corresponding security measures, of which they must be duly informed.
CLOUDING.IO has to keep at the CLIENT's disposal the documentation that proves that the obligation established in the previous paragraph is being fulfilled.
CLOUDING.IO has to guarantee the necessary training regarding the protection of personal data of the staff authorized to process personal data.
Rights of the interested parties
CLOUDING.IO will assist the CLIENT in responding to the exercise of rights, when necessary.
When the affected people exercise their rights before CLOUDING.IO, they have to communicate it by e-mail to the CLIENT. The communication must be made without undue delay and in no case beyond the day after the business day on which the request was received, together, if applicable, with other information that may be relevant to fulfil the request.
Security measures
CLOUDING.IO, at a minimum, has to implement the necessary security measures to:
a) Guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
b) Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
c) Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.
d) Put pseudonyms and encrypt personal data, if applicable.
It also has to implement all those other measures that, taking into account the set of treatments carried out, are necessary to guarantee a level of security appropriate to the risk resulting from the risk analysis carried out.
CLOUDING.IO informs the CLIENT that it has an information security management system certified in the standard ISO / IEC 27001.
The CLIENT authorizes CLOUDING.IO so that, in the event that technical improvements must be made or solving any incident that could influence the correct functioning of the contracted service and the achievement of the legitimate purposes of this contract, technicians or suppliers, could connect or access the CLIENT's Cloud Servers.
Notification of personal data security breaches
CLOUDING.IO must inform the client without further ado and in any case, before the 72-hours maximum deadline, by e-mail, of the security breaches of the personal data under its protection known by it, together with all the relevant information to document and communicate the issue.
Notification is not necessary when it is unlikely that this breach of security constitutes a risk to the rights and freedoms of natural persons.
If available, the following information must be provided as a minimum:
a) Description of the nature of the personal data security breach, including, when possible, the categories and the approximate number of affected interested parties and the categories and the approximate number of affected personal data records.
b) Name and contact details of the data protection officer or other contact point where more information can be obtained.
c) Description of the possible consequences of the personal data security breach.
d) Description of the measures adopted or proposed to solve the personal data security breach, including, if applicable, the measures adopted to mitigate the possible negative effects.
If it's not possible to provide the information simultaneously, and to the extent that this it is not possible, the information must be provided gradually without further undue delay.
Impact assessment on personal data protection
CLOUDING.IO will support the CLIENT when carrying out impact assessments regarding data protection, as well as when prior consultations with the control authority must be made, when appropriate.
Data Protection Officer
CLOUDING.IO has a Data Protection Delegate. The contact e-mail address is dpd@clouding.io.
The CLIENT can contact the Data Protection Officer to consult, request information and/or clarify doubts about compliance with current regulations on personal data protection.
13.5 Duty of information on the personal data of the contract signatories.
The CLIENT declares the veracity and accuracy of the data provided, being responsible of the request for the corresponding consent in the event that they process personal data belonging to third parties.
The personal data provided by the CLIENT, for cases in which they are a natural person or in the case of representatives of a legal person or Administration will be processed by CLOUDING.IO in order to carry out the management and maintenance of commercial relations and/or professionals established with the CLIENT, as well as to keep him/her informed of new services and offers that CLOUDING.IO considers to be of interest to him./her. Likewise, both parties are informed of the possibility of exercising their rights of access, rectification, cancellation and opposition, among others, regarding their personal data, being able to exercise these rights in writing by means of a letter addressed to the address of the corresponding party.
FOURTEEN. - INTELLECTUAL PROPERTY
The CLIENT, by virtue of the present contract, acquires no right or licence on the software attached to the Cloud Server service, nor any of its applications. Any fraudulent and non-authorised use will be considered a breach of the intellectual property rights, including its source code, usability and devices designed for the aims they were created for, and will have to respond for the damages done to CLOUDING.IO or third parties whose rights are legitimately protectable by the applicable regulation.
CLOUDING.IO uses the OpenStack applicative as a virtualization platform of the Cloud Servers. The CLIENT only has access to the control panel for the setup of their Cloud Servers. The virtualization platform has an Apache 2.0 Licence, therefore the CLIENT will have to accept the conditions and specifications that, at the beginning of the installation of the applicative are deemed necessary, holding only the licence use, not exclusively and non-transferable of it, independently of the applications that the CLIENT installs within the limitations established in the present document, in their Cloud Servers.
FIFTEEN. - NOTIFICATION
All the notifications, requirements, petitions and other communications that have to be done between the parties regarding the present contract, will have to be done in writing via e-mail, the ones addressed to CLOUDING.IO to soporte@clouding.io and the ones addressed to the CLIENT to the e-mail address setup in the service order form and which is part, as an Annex, of the present contract.
It is the responsibility of the CLIENT to keep the e-mail account provided active, not being imputable to CLOUDING.IO the lack of notification because of the inactivity or outdating of the aforementioned e-mail account, understanding as well done communications from CLOUDING.IO to the e-mail address pointed out by the CLIENT.
In case the CLIENT´s e-mail address is a different one from the provided one, the latter will have the obligation to communicate so to CLOUDING.IO through the control panel, or through communication to CLOUDING.IO through the e-mail address soporte@clouding.io.
Furthermore, and regarding the possibility that the CLIENT has to create and authorise access users to the Cloud Servers available, if any issue arises, CLOUDING.IO will answer and assist the CLIENT, being this one the intermediary in any issue with their authorised users. CLOUDING.IO will not assist any other users that are not the CLIENT or duly authorised person by the CLIENT.
SIXTEEN. - DURATION
The providing of Cloud Server services is done by one-hour periods. It will be the sum of the hours when the Cloud Server/s are created, being those actively used or not, that will be billable to the CLIENT by the end of each month.
SEVENTEEN. - CONFIDENTIALITY
The content of the present contract is considered confidential between the parties. This way, the CLIENT as well as CLOUDING.IO will be forced to keep confidentiality of the agreements reached in the present contract and in all of those related and based on it. This obligation will still persist even when the relationship between the parties is over.
The revelation of the agreements annexed to the present contract as well as the reach of its content by any of the parties, will be considered as a breach of the obligations laid out in the present document, being able to derive on the resolution of the contract, according to what has been established in Clause Ten.
EIGHTEEN. - TRANSFER
Neither the present contract nor the rights and obligations established in it will be transferred by the CLIENT to third parties without the previous consent in writing by Clouding.
NINETEEN. APPLICABLE LEGISLATION AND ARBITRATION
In case of a conflict in the interpretation, execution and/or resolution of the content contained in the present contract, Spanish Law it will be applicable and in force.
Furthermore, and, before the lack of resolution of the conflict by mutual agreement, upon request of any of the parties, arbitration can be requested, previous communication in writing to the other party, to the Barcelona Commerce and Industry Chamber, according to the legal applicable regulation, mainly the 60/2003 Law.
In case the contracting party was a consumer or final user, arbitration will be lead by the Consumption Arbitration Board of the autonomous region where the CLIENT resides, according to Legislative Decree 1/2007 and when applicable the 22/2010 Law, July 20th, of the Consumption Code of Cataluña.
Each part will assume its own expenses regarding arbitration, although the compensation and arbitrator expenditures will be assumed in the way decided by the arbitral decision.
TWENTY. - COMPETENT JURISDICTION
What has been stipulated in the previous clause, will be understood without prejudice that the parties might submit to a judicial procedure, in this case it will be done through the jurisdiction of the Barcelona Courts, expressly renouncing their own jurisdiction in those cases when procedural rules allow so, in case it is another one. If it results as being reasonably possible, the compliance of the present contract will be on any disagreement and/or arbitral or judicial procedure.