End-User license Agreement
These terms constitute a legal agreement between on the one hand you, who will hereinafter be referred to as Customer and/or User, and on the other hand the société anonyme under the name “TEAM CANDI S.A.” and the brand name “TEAM CANDI” a company with its seat in Kallithea Attica, at 2A Argyroupoleos Street, with General Electronic Commercial Registry number 124117503000, with TIN 800467450 that is the owner of the SaaS- software as service under the brand name “Candisign” (hereinafter referred to as Software) and relate to the Licensing of the above Software to you via the internet under the following specific terms and agreements.
Team Candi is a Quest Group company and partner of Microsoft and DocuSign in the field of Modern Workplace solutions, with many years of experience in automation and digitization projects.
Interpretation
In this Agreement, the following terms in capital letters, which have the meaning assigned to them hereinbelow, are understood as Terms of Use:
“Agreement” — these terms of service (as amended from time to time), any supplements, Software updates and support services and any other terms relating to the Service to which the Customer agrees at the Supplier’s prompting. This comes into effect upon your acceptance of all terms set forth herein upon installation or commencement of use of the SOFTWARE in any manner. This LICENSE is binding for the entire copyright term of the SOFTWARE, except as otherwise provided in this LICENSE or in a separate agreement entered into between you and TEAM CANDI and may depend on the scope of the License, as described in this LICENSE.
“License” means the non-exclusive right granted to you to install and use the functions of the SOFTWARE, in accordance with the terms and conditions of this LICENSE.
“Supplier” or “Company” –. — Team Candi, a company incorporated under the laws of Greece, with its seat in Kallithea Attica, with TIN 800467450, having as activity the provision of Services (SaaS)
“Content” – the information (including texts, images, audio-visual material), functionality, technical resources of the Supplier and the availability of the Services provided by the Supplier.
“Account” the unique account created by or for a Customer to allow its Authorized Users to access and use the DocuSign Products and Subscription Service.
“Customer” — any natural person or legal entity that subscribes to the Services and accesses an Account.
“End User” — any natural person employee or agent of the Customer, identified by a unique email address and password, who is registered in the Account.
“Automated Processing” means the processing of files using automated functions to use the DocuSign API to send files.
“DocuSign API” means the application programming interface that supports application interaction with the Products and Subscription Service.
“Candisign” The Company’s product into which Docusign functionality is integrated using the DocuSign API.
“File” the electronic file containing electronic documents consisting of a single page or group of data pages uploaded to the Products and Subscriptions Service as purchased on the respective Order Form.
“Subscription Package or Service Subscription” the Customer’s choice for the number of files he will have pre-purchased and will be able to use during Twelve (12) Months upon the purchase of the Package.
“Intellectual Property” — all existing and future trademarks, service marks, domain names and company names, rights to inventions, designs, databases and proprietary information (including but not limited to trade secrets and know-how), copyright, moral rights and any other asset and benefit commonly regarded as intellectual property, whether registered or not.
“Party” — a term common to both Customer and Supplier.
“Registration Information” — the information provided by Customer when registering for the Services, when requesting a change to the Service Plan, or when completing forms through the Services, including Customer’s full name or business name; registration/company/registry/enterprise number or personal identification number (or equivalent), place of residence, address, email address, telephone number and other similar information reasonably requested by the Supplier from the Customer.
“Software” — the software applications included in the Services with the characteristics described in these Terms, including any modifications and replacements thereof that may be made by the Supplier or the Company from time to time at their absolute discretion. These license terms apply to the software referred to in these terms, as well as any subsequent versions of the software (including any updates or supplements), services based on third-party software, and support services for this software, unless there are other terms accompanying these items.
“Services” — the Software, provided “as a service” (SaaS).
“Registration Form” — the electronic form available for Customer to register for the Services or to request a change to the Service Plan, or any other registration or modification form executed by the parties for the aforementioned purpose.
“Provider” — the Company jointly with the manufacturer DocuSign.
“DocuSign” — the Provider of digital signatures (simple, authorized and advanced) and manufacturer of the electronic signature issuance product.
“eSignature” electronic indication that the User intends to agree with the content of a document or collection of data associated with the signature and proves that the signatory intends to be bound by the content of the signed document.
“Advanced Electronic Signature” Uniquely associates the signature with the signatory. It is created in such a way that the person who signs, controls the signature mechanism (knows when he is signing) and is linked to the electronic document in such a way that any change in the data is traceable (integrity assurance).
“Qualified” eSignature” has all the elements of an advanced electronic signature but is created only through a “Qualified” Signature Creation Device, is based on a “Qualified” Digital Certificate for esignature, and is expressly recognized as legally equivalent to a handwritten signature in all the Member States of the European Union.
The phrases “herein”, “hereby”, “hereof”, “by virtue hereof” and similar phrases used in the document of these Terms refer to the Agreement.
This Agreement in its current form, and the information published on this website, to the extent that it describes the Services and the prices, constitute the entire agreement between the Parties regarding the subject matter hereof and supersede all previous agreements, arrangements and understandings entered into between the parties on this subject.
In the event of a conflict or dispute between any provision contained herein and any announcement, statement or other information posted on this website, the provisions of the Agreement shall prevail.
Term
This Agreement shall enter into force between the Parties from the time Customer subscribes to the Services or obtains a User Account or begins using the Services, whichever is earlier. The use of the selected Subscription Package is valid for one year. In the event that the pre-purchased files have not been used within the above annual deadline, it will not be possible to transfer files after the end of this period and, therefore, it will not be possible to provide Services. Each renewal of the Package automatically renews the validity for another year.
Software / Service Description
CandiSign is an innovative SaaS – software as service with combined capabilities as it is an innovative platform using a Web app, which undertakes to connect the DocuSign solution with the existing applications used by a Client. CandiSign supports a very efficient and secure way of signing documents. With its “Software as a Service” architecture, it provides easy management of multiple Customer accounts, supporting alternative work models.
License
Based on Customer’s Registration Information and subject to these Terms, Supplier grants to Customer, and Customer accepts, a limited, non-exclusive, non-transferable license to use the Software and Content included in Customer’s “subscription package” for the purpose of using its individual functions under the condition that the Customer (a) duly pays the amount of the Subscription corresponding to the Subscription Package chosen and (b) complies with all these terms as well as with the terms of the Docusign Provider.
The Software and the Content are used exclusively in a way that is necessary for utilizing the Services, achieving the intended purpose and only during the time that the Agreement between the Parties is in force. Customer acknowledges that it has no right to access the Software in source code or open coding form.
With regard to assignment and sublicensing, the Parties agree that Customer shall not have the right to sublicense or assign the rights and obligations of this Agreement (in whole or in part) nor to sublicense or resell the Software or any other part of the Services as the subject of any charge, privilege or burden without the express consent of the Supplier.
The Customer uses and/or installs the Software in compatible applications which should already be installed in the Customer’s Company and the Users.
Moreover, installation or use of the Software requires access to or processing of certain standard computer information during validation, automatic download and installation of certain updates, and for Internet-based services.
Services
The Customer selects a Subscription Package and creates an Account through the web application, which is provided and allows the Customer’s End User to
- Register, record and store information, files and data related to a document to be signed
- Register basic personal information (name, contact details)
- Accept and keep copies of signed contracts
- Send, distribute files for signature to as many people of his choice he wishes.
The Customer acknowledges that (i) the Services are not designed to meet his individual needs; (ii) the Services may occasionally experience technical or other operational problems and are not necessarily uninterrupted or error-free.
The Supplier is committed to providing customer service, and aims to be able to deal with the majority of support issues including problems related to the availability of the Supplier. However, the Supplier provides no guarantees regarding the time to provide support.
The selection and use of the appropriate Service package constitutes the Customer’s responsibility, and the same applies to downloading and uploading as well as the transmission and possession of information, programs and other objects of Customer and End Users from the Service package.
The Supplier has no obligation to upgrade, amend or replace any part of the Services or the obligation to continue developing or releasing a new version thereof. The Service includes access to renewals, improvements and updates (newer versions) of Candisign which the Company may implement and make available to the Customer at its discretion, without any commitment for any minimum number of such updates, etc., in accordance with the more specific terms of the Company’s agreement with the Provider.
The Customer accepts that Candisign is provided “AS IS” and “AS AVAILABLE”, without any warranty of fitness for any purpose, uninterrupted availability, absence of errors. The Company does not guarantee that Candisign will meet the Customer’s requirements. To the maximum extent permitted by applicable law, the Company disclaims any liability that may be related to warranties, conditions or the Software’s response to specific properties or specifications. It is the Customer’s sole responsibility to check and ensure that the Software meets his needs.
Updates, improvements, any newer versions, etc. are installed automatically and the Customer does not have the option to keep using an older version, and/or functions and parameters of previous versions. Continued use of the Service implies automatic unconditional acceptance of the newer version.
The Company provides training, if requested, following a special agreement with the Company. The Company also provides support services for CandiSign via the email address support@candisign.gr. For this issue, more specific terms may apply in accordance with the more specific terms of the Company’s agreement with the Provider.
The Customer is responsible for the maintenance and repair of damage to the equipment on the Customer’s premises.
It is noted that the CandiSign solution, according to this Agreement, provides simple esignature services, while, depending on the Subscription Package and the Customer’s Order, it is possible to choose Advanced or Approved esignature, the terms of which will be analysed in the relevant terms.
Payment
By subscribing to the “Service package” “the Customer” accepts the fee, rates and billing cycles associated therewith as (i) communicated by the Supplier at the time of subscription or acceptance of the offer and (ii) as are amended from time to time in accordance with the terms of the Agreement.
Unless otherwise agreed at the time of subscription, the Customer’s billing cycle commences on the day immediately following their subscription to the relevant “Service package”, or, in the case of a free trial period, on the day immediately following the end of the trial period.
The Supplier may upgrade or modify the Services without prior notice and may change the fee, rates, billing cycle applicable under the Customer’s Service package. In the event that the Customer disagrees with the respective amendment(s), he has the right to be deleted from such “package of Services” by discontinuing the use of the Services.
The fee for the provision of the Services is paid at the beginning of the billing cycle and payment is made according to the payment terms agreed during the license activation request. The “Customer” accepts that any overdue payment may lead to interruption of the provision of Services or termination of the Agreement.
In the event that the Customer is deleted from the Service package or the Customer’s Service package is amended or the Agreement is terminated before the end of the agreed current billing cycle, the Supplier is not obligated to refund the amount of money corresponding to the remaining duration of the services provided to him provided in the current billing cycle.
Customer’s Commitments
The Customer must be a person (natural person or legal entity), or an entity with legal capacity.
The Registration Information provided by the Customer must be true, accurate and up-to-date and the Customer undertakes to promptly correct any Registration Information that is no longer valid or has been entered incorrectly. The Supplier has the right but not the obligation to verify the Customer’s Registration Information and may rely on such information without any confirmation.
The “Customer” is obliged to comply with all applicable legislation, regulations for the use of the Services, to comply with the, from time to time, applicable legislation, principles of morality and to refrain from any illegal or abusive behaviour.
With respect to the information (including all text, images, audio-visual material and any other content) that the Customer uploads, transmits or stores through the Services, the Customer represents and warrants to the Supplier, and for the benefit of the Company, that it has the right to upload, transmit and store said information.
The “Customer” is obliged not to use the Services to send unsolicited messages or to upload, transmit, deliver, operate or store harmful code, malicious or illegal content, and to ensure that End Users do not perform such acts. The Customer is obliged to refrain from any action that may affect or endanger the provision of the Service or cause damage to the infrastructure and systems of the Company, or third party partners, as well as to refrain from any action that may cause any kind of damage to the Company or third parties, being solely responsible for the restoration of any damage suffered by the Company or a third party arising out of the violation of the above obligations of this article.
In the event that Customer Content conflicts with the provisions of this Agreement, the Company may at its sole discretion remove, disable and/or destroy it without any warning or notification.
Without excluding or limiting the Customer’s obligations imposed by law, the Customer undertakes towards the Supplier, the obligation that himself and any End User will not (i) modify, reproduce or prepare derivative works, or decompile, reverse engineer or otherwise attempt to derive the source code from the Software or any other part of the Services; (ii) remove, alter, obscure or conceal any copyright, trademark or other proprietary rights notices incorporated in, appearing on or otherwise associated with the Services; (iii) create or attempt to create products or services that are similar to or otherwise competitive with the Services or that Supplier or the Company intends to create, provide or endorse; (iv) register to or modify the Customer’s registration to the Services with automated means.
By way of indication and without limitation, any use of Candisign in a manner that is prohibited by the from time-to-time applicable legislation or that involves a violation of third-party rights, to attempt to gain unauthorized access to any data, accounts or networks by any means, to process personal data is expressly prohibited.
In any case of termination hereof, the Customer is obliged to stop using the trademarks and/or distinctive features granted to him for use according to the terms of this agreement and not to repeat it in the future.
Given the aforementioned, the Customer is expressly forbidden to provide access and/or grant use of the Service to third parties, or even to authorize them to use it, in whole or in part, temporarily or not, or to sublease, resell or make available in any way the Service to third parties with the exception of his employees who need to register documents to be signed and the counterparties of the Customer to whom the documents to be signed will be sent.
In any case, the Customer is solely responsible for all the content, information and/or data he registers, and, in general, for any activity carried out in the application using his username and password and therefore assumes all risk related to the content which he may register and/or transfer using the Service.
The information and data in general that the Customer enters into the Service belong exclusively to the Customer. Only the Customer, the end Users of the Application, or any other persons to whom the Customer has expressly granted access may access such information and data. The Customer is solely responsible for any activity he performs using his personal username(s) and password(s), in accordance with the provisions of these Terms.
By registering to the Services and using Docusign’s eSignature solution, the Customer accepts and acknowledges through these Terms the more specific terms of use of DOCUSIGN MASTER SERVICES AGREEMENT FOR RESELL CUSTOMERS | DocuSign (https://www.docusign.com/legal/terms-and-conditions/reseller/).
User Account, Username and Password
Access to the Service requires the Customer to register, selecting a Service Subscription package and accepting these Terms.
If the first registration in the Service is done on behalf of a legal entity, then the natural person who registers in the Service declares that he legally represents such legal entity and that he has the necessary mandate and authorization to assume all obligations and rights that arise hereout and out of the use of the Service in the name of the legal entity and binds such legal entity automatically and ipso jure for the above terms and obligations undertaken on its behalf upon registration, which he recognizes and accepts unconditionally on his behalf as well.
The Customer is solely and entirely responsible for the activity that takes place in its own Account, and is required to promptly notify the Supplier of any breach of security relating to, or for any unauthorized use of such user account.
By accepting the Terms, the Customer states that he accepts and agrees with these detailed terms which govern his access and use of Candisign as a Subscriber / User. Given that the agreement is executed by electronic means, the Company provides the Customer with the possibility to gain access to the terms of the agreement in an electronically storable and printable form, prior to his commitment. If you do not agree with these terms, in whole or in part, please interrupt your Candisign registration process and refrain from any action of accessing and using it, because accessing and using Candisign implies that you accept all terms of the agreement.
The Customer in order to register and further use the Service is required to register a unique Username and Personal Security Code (password).
The Customer may change the password at any time as often as he wishes. The Customer is solely responsible for maintaining its secrecy and conceal it from third parties, given that only he has and must have access to such information. In case of loss or unwanted leakage of the password, he must promptly notify the Company, otherwise the Company or any other body with which the Company cooperates in the provision of the Service shall not bear any responsibility towards the Customer for the use of his password by an unauthorized person. Due to the nature of the data contained in the Service, but also for security reasons, it is recommended that the Customer changes the password at regular intervals and avoids the use of the same and easily detectable codes (e.g. date of birth).
With respect to Customer’s username and password, the Parties agree that Customer is responsible for (i) maintaining the confidentiality of the username and password, (ii) all actions of persons to whom the Customer grants access or who otherwise make use of his personal username or password, and (iii) all consequences of use or misuse of said username or password.
The Supplier is not responsible for any harm, damage or other consequences that may result from unauthorized use of the Customer’s User Account, Username or password.
Intellectual Property and Proprietary Rights
The Customer agrees that all Services related to the Intellectual Property belong to and remain the property of the Provider. Customer does not acquire any right, title or interest in the aforementioned Intellectual Property or in connection with the Services, other than the limited rights of use expressly set forth in the Agreement. Rights not expressly granted herein are deemed not granted.
The conclusion of this Agreement, the provisions hereof, any breach by the other Party of the obligations imposed by virtue of this Agreement, shall not be interpreted as providing the Customer with any ownership right, security in rem or any other security right in relation to any item or asset item owned by the Supplier or Provider.
The Supplier respects the Intellectual Property of others and may, under appropriate circumstances and at its discretion, deactivate or terminate the User Account through which the rights of others are infringed.
Disclaimer of Warranties
Supplier does not warrant (i) that the Services will meet the requirements or expectations of the Customer or End Users, (ii) that access to or use of the Services will be uninterrupted, timely, secure or error-free, (iii) that any defects of the Services are restored, (iv) that the Services or any other means by which the Services are made accessible are free of malicious or other harmful elements; or (v) with respect to any software, content, hardware, information, infrastructure or other resources or third party services that Customer or any End User acquires, uses, accesses or is exposed to through or because of the Services.
The Company adopts and implements all necessary technology to reasonably ensure the security and continuous provision of the Service, without interruption and/or interference, however, use of the Service is subject to the use and availability of appropriate network connections. The Company is not responsible if the Service is affected by events beyond its reasonable control and does not assume any responsibility in the event of damage to the Customer due to loss, alteration, destruction of data that is not due to its fault or that is due to errors or failures of the security systems, to the malicious action of third parties.
Limitation of liability
The Service is provided “as is” and this means that no declaration, guarantee, etc. is provided by the Company regarding fitness for a particular purpose in relation to Customer or End Users’ use of the Service and related software.
The Company shall not be liable to the Customer, any End User or to any person making a claim through the Customer or End User for any loss, damage, expenses, costs, claims or any consequential, indirect or incidental damage or any loss of profit or other consequences that arise out of (i) the use or inability to use the Services, (ii) the properties of the Services, (iii) the need to find or find substitute goods or services for the Services or for any item, service or other benefit received, belonging, owned or otherwise enjoyed through the Services, (iv) any message or other communication received or transactions entered into through or from the Services, (v) unauthorized access to or alteration of Customer or End User transmissions or data; (vi) the statements or conduct of any person accessing the Services, (vii) any damages, business interruption, loss of data or information of any type, business or otherwise, or loss of savings arising from and/or related to the use of the SOFTWARE or loss caused by possible errors or typographical errors in the SOFTWARE (viii) any other matter related to the Services; regardless of whether they arise directly or indirectly, are direct or consequential damages, and are legally founded on the agreement, in tort or otherwise provided, however, that this term does not exclude claims for direct economic damage suffered the Customer due to a breach of this Agreement by the Supplier through fraud or gross negligence, and that the Supplier’s total liability, whether contractual, tortious or on any other legal basis, may in no case exceed the amount paid by the Customer to the Supplier during the twelve months immediately preceding the infringement.
The aforementioned limitations and exclusions apply to the extent permitted by applicable law.
Force Majeure
Neither Party shall be liable to the other for a breach of its obligations due to circumstances beyond its control, such as, for example, an act of God, government intervention, war, civil unrest, act of terrorism, strike, interruption of internet services or any other circumstance that can be characterized as force majeure. However, this clause does not exempt the Parties from the payment obligations imposed herein.
The parties are not liable to each other for the default, inability or delay in fulfilling their obligations arising hereout for reasons and causes due to the occurrence of an event of force majeure. In case of events of force majeure, the obligation to provide the Service is suspended, as long as it is impossible or too burdensome for the Company, until the events that caused the impossibility cease to exist. Force majeure is any event independent of the will of the parties that is objectively unforeseeable and cannot be prevented with measures of extreme care and prudence, such as by way of indication: war, riots, acts of God, fires, explosions, sabotage, embargoes, strikes, acts of Greek, Community or other authorities.
Compensation
The Customer undertakes to defend, or at its option settle (without prejudice or expense to the Supplier or the Company), any third party’s action or other proceeding brought against the Supplier and/or the Company based on or otherwise in connection with (i) the use of the Services, (ii) the content, (iii) the unfair use of personal data, or (iv) the infringement of the Intellectual Property rights by the Customer or the End User.
Protection of data
The Customer acknowledges that the “Provider” may collect information about him and the End Users (i) during the conclusion of the Agreement by the Customer or the change of the Services (details filled in the Registration Form); (ii) by visiting the Software Provider (login information, browsing history, IP address, details of the specific software and hardware) or from filling out forms through the Services (information provided by the Customer or End Users); (iii) from accessing or use of the Services (location, manner, means and duration of use or access); and (iv) in any other way they are disclosed to the Supplier knowingly (information that the data subjects have). When visiting the Supplier’s website, cookies are stored on the visitor’s device.
The Customer acknowledges and warrants to the “Company” that the End Users accept, (i) the processing of their personal data (as set out in the relevant data protection legislation) by the Supplier for the purpose of fulfilling its obligations under this Agreement and, if necessary, the execution of the rights provided for herein; (ii) the processing of their personal data in their country of residence but also outside said territory; (iii) that the Supplier does not disclose their personal data to third parties other than to the members of his corporate group, except in the case where the law stipulates otherwise or when so sought for execution of the Agreement.
The “Company” has no obligation to control or gain access to the Customers’ accounts, but has the right to do so in the event that this is done for reasonable reasons (e.g., preventing illegal or harmful activity or providing customer support services).
The Company is committed to ensuring the privacy, security and discretion of the personal data and information registered by the Customer, and to this end it has taken all the necessary technical measures to protect the data, in accordance with the commitments it has undertaken by law, including the clarifications provided herein.
Given that the Service is provided electronically over the Internet, all information entered into the Software is stored on Microsoft cloud infrastructures, and the Customer expressly consents and authorizes the Company to do so.
The Customer has the exclusive obligation, if he wishes to ensure the safe transfer of his data to the Software, to use secure and encrypted connections for his communication with the Service.
The Customer acknowledges that in addition to the information described in these Terms, the information provided or collected will be used and protected as described in the Privacy Policy (https://candisign.gr/privacy-policy/) and the Privacy Policy (see “Privacy Terms”).
Modification and suspension
The “Supplier” may modify the Services or any part of the Agreement at its absolute discretion at any time and inform the Customer of said modification, at the time he is connected to the User Account. In the event that the Customer disagrees with said modification(s), he may discontinue the use of the Services. Otherwise, all such amendments shall apply to the Customer as of the aforementioned update.
Termination
Each Party is entitled to terminate the Agreement for material reason, namely a material breach of these Terms.
Material breach of the Agreement shall be deemed to have occurred if (among other things): (i) a Party is in violation of any of its obligations hereunder and fails to cease or remedy such violation within two weeks of the other Party determining the violation and demanding its cessation or remedy; (ii) a Party is in continuous violation of any of its obligations hereunder and such violation is irremediable; (iii) a violation by one Party deprives the other of the total benefit, or essentially the total benefit, to which the latter aims.
Any termination of the Agreement shall not affect the rights and obligations and remedies of the parties arising prior to the cancellation.
The Customer understands and accepts that upon termination of the Agreement (i) all rights granted to the Customer hereunder cease; (ii) the Customer ceases all activities he was authorised to perform by virtue of the Agreement; (iii) the Customer promptly pays to the Supplier all amounts due hereunder; (iv) the Customer receives no refund or exchange for any subscription time used, any license or subscription fees, any content or data associated with his account, or for anything else.
In any case of termination of the validity of the Service, or its interruption as stated hereinabove, the Company may grant limited access to the Customer only for reading his data without right of processing. The Company will give the Customer a two (2) month period of time to recover his data and/or receive copies of them at his discretion in electronic or in physical form (hard copy) given that said data will thereafter be permanently and completely deleted. Any more specific terms contained in the Customer’s agreement will prevail.
Regardless of the above, the Company reserves the right to terminate with immediate effect the provision of the Service or to suspend or limit the right to access some functions of CandiSign in case:
- the Customer violates the industrial and/or intellectual property rights of the Company, and/or these terms and conditions and, in general, in the event that third party rights are violated or in case the Company has any indications that third party rights are being violated.
- the Customer violates the terms of use of the Service and/or any more specific terms set out by the Provider, and
- it is so ordered by decision of any administrative, judicial or governmental authority in accordance with the law.
- in case of death of the Customer, if the company is a sole proprietorship, in case of Customer’s declaration of bankruptcy, placement in a state of suspension of payments, forced administration, conciliation with creditors or other similar case and, in general, in any case where the Customer becomes insolvent
Any debt owed by the Customer to the Company arising out of the performance of this Agreement becomes due and payable upon termination/expiry of the agreement.
Applicable Law and Resolution of Disputes
(a) Disputes or disputes in general that may arise out of the interpretation of these terms will be governed by Greek law.
(b) The contracting parties will make every effort, so that any dispute, doubt or disagreement that may arise, either with regard the interpretation or the execution of this Agreement, is resolved in negotiations, in a spirit of good cooperation, within a reasonable period of time from the date of the written notification of the dispute by one of the contracting parties.
(c) If, notwithstanding the above, it is not possible to resolve the dispute, it is expressly agreed that the Contracting Parties will refer the dispute to mediation, which will be conducted in accordance with the provisions of Law 4640/2019 as in force and/or with the rules of the European Organization for Mediation and Arbitration (EODID – 23 Mavromichali St., 106 80 Athens, T: (+30)2103678910, E: info@eodid.org). The Mediator will be appointed by mutual agreement of the parties and if this is not possible, a Mediator will be appointed from the above Mediation Organization. If the parties reach an agreement, such agreement will be executed in writing, will be signed and will be binding on the parties.
(d) If an agreement is not reached within thirty calendar days after the appointment of the Mediator, then each contracting party will be entitled to refer the dispute for the resolution to the competent Courts of Athens, which have exclusive jurisdiction.
Miscellaneous
The Customer hereby gives his consent so that the Supplier includes the Customer’s name in the customer list, provided that the Customer is not the only customer listed.
Having given due consideration to each term of the Agreement, both individually and in combination with the other terms, each party confirms to the other that they consider the Agreement to be fair and reasonable.
The nullity of a specific term hereof shall not affect the validity of the remaining terms, The null term automatically ceases to be in force. Any omission or delay in exercising a specific right or condition on the part of the Company arising hereout does not constitute a waiver hereof. The headings of the Articles and paragraphs of the present agreement exist only for reason of convenience and do not affect the interpretation thereof.
Terms of Personal Data Protection
This Annex regarding the Protection of Personal Data for the services provided (“DPA”) is incorporated into and forms an integral part of the terms of the Agreement. Unless otherwise set out in this DPA, Capitalized terms shall have the meaning given to them in the Agreement.
Definitions:
“Applicable Data Protection Laws” means all privacy or data protection laws or regulations applicable to the processing of personal data under the Agreement.
“personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person whose identity can be ascertained, directly or indirectly, in particular by reference to identifier, such as name, ID number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
“processing”: any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“natural person-data subject” or “natural person” or “data subject”: the natural person to whom the processed data belong and make it identified or identifiable;
“controller”: the natural person or legal entity, public authority, agency or other body which, alone or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by EU law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by EU law or the law of a Member State;
“processor”: the natural person or legal entity, public authority, agency or another body that processes personal data on behalf of the controller,
“processing subcontractor”: the natural person or legal entity entrusted by or on behalf of the processor to process personal data on behalf of the controller within the framework of the main contract,
“main contract”: one or more contracts that have been entered into or will be entered into in the future between the controller and the processor, whose object is the assignment of services by the processor, which requires the processing of personal data of natural persons collected by the data controller in the course of its business activity,
“personal data breach”: the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
-
GENERAL
This Annex applies to the Software and Services offered by the Company to the Customer and End Users as set out in the Agreement. Unless expressly provided otherwise, this DPA shall come into force and will remain in force throughout the term of the Agreement.
-
PROCESSING OF PERSONAL DATA
3.1 Roles and Competencies
The Customer is the Controller and the Company the Processor for the processing activities that take place within the framework of the Agreement for the provision of the relevant Services and for accessing the Software.
Each party is responsible for observing compliance with its own respective obligations under applicable data protection laws. For the avoidance of doubt, the Company is not obliged to comply with any data protection laws that may apply in the Customer’s area of operation or to the Customer, such as those that do not generally apply to internet service providers. With reference to the personal data that the Customer entrusts to the Company, in order to be processed on its behalf for the purpose of providing the services set out in the agreement, the Customer expressly acknowledges and agrees that, in relation to such data, it has fully complied with the respective regulatory requirements of lawful processing and has fulfilled all legal requirements necessary for the Processing of Personal Data by the Company and/or its Service Subcontractors, as set out in the Agreement.
The Company will process personal data only as long as it is necessary to provide the Services in accordance with the terms of the Agreement or in accordance with the written instructions of the Customer, including in electronic form.
Subject to the Customer’s instructions complying with applicable data protection laws, the Company will comply with such instructions to the extent and within such time frames as are reasonably necessary to comply with (a) its obligations in accordance with applicable data protection laws or (b) assist Customer in complying with its obligations under Applicable Data Protection Laws relating to Customer’s use of the Services. The Company will follow the Customer’s instructions at no additional cost to the Customer if the Company does not expect to incur additional fees or charges that are not reasonably covered by the fees for the Services payable under the Agreement, including but not limited to additional license or third party (contractor) fees. If additional charges or expenses are expected, the Company will promptly notify the Customer upon receipt of its instructions and the Parties will negotiate in good faith regarding any such charges. To the extent required by Applicable Data Protection Laws, the Company will promptly notify the Customer if, in its opinion, any instruction of the Customer violates the Applicable Data Protection Laws. The Customer acknowledges and agrees that the Company is not responsible for conducting legal research and/or providing legal advice to the Customer.
The Customer agrees that it will not provide the Company with sensitive or special categories of Personal Data that impose additional and specialized security or data protection obligations, which require additional safeguards than those specified in this DPA (including any appendix to the DPA) or the Agreement.
3.2 Description and particulars of the Processing
The Customer, in the context of the provision of the services agreed on the basis of the Agreement, entrusts the Company with the processing of personal data on his behalf. In particular, the Customer, either himself or through third parties who act as his agents and follow his orders and are subject to his control, such as by way of indication, his employees or partners, create an Account through the online application and through the End User register, record and store information, files and data relating to a document for the purpose of signing it, in accordance with the Agreement. In addition, through the Company’s online application, the End User registers basic personal information (name, contact details), accepts and keeps copies of signed contracts, sends and shares files to be signed by the people he wishes, making use of the services provided under the Agreement between us.
The Company performs the processing activities assigned to it by the Client for the provision of the services agreed on the basis of the Contract in accordance with the Client’s instructions and in full compliance with the Personal Data Protection Regulatory Framework. The Company does not process the personal data assigned to it in the context of the fulfilment of the Contract for any other purpose or in any other way beyond that provided for in the Contract, unless this is required in the context of its compliance with the applicable legal or regulatory framework or for the exercise or the defence of legal claims, however always respecting the regulatory framework of personal data protection.
The Company performs the processing activities assigned to it by the Customer for the provision of the services agreed on under the Agreement in accordance with the Customer’s instructions and in full compliance with the Personal Data Protection Regulatory Framework. The Company does not process the personal data assigned to it in the context of the execution of the Agreement for any other purpose or in any other way beyond that provided for in the Agreement, unless this is required in the context of its compliance with the applicable legal or regulatory framework or for the exercise or the defence of legal claims, however always respecting the regulatory framework of personal data protection.
The categories of personal data processed by the Company are determined by the services the Customer receives under the Agreement and include contact information such as name, address, telephone or mobile phone number, email address and passwords, goods and services provided, unique identifiers collected from mobile devices and IP addresses.
Furthermore, the categories of data subjects being processed are delimited by the Services the Customer receives under the Agreement and include the Customer’s Account Manager, Authorized Users, representatives and end users, including by way of indication the Customer’s employees, contractors, partners, suppliers and clients.
The duration of the processing of personal data by the Company follows and is identical to the Term of the Agreement under which the relevant Services are provided to the Customer, unless otherwise agreed in writing by the Parties or if otherwise set out in a relevant provision of the applicable legal or regulatory framework.
-
RIGHTS OF NATURAL PERSONS
Based each time on the type and nature of the processing of personal data carried out, taking appropriate technical and organizational measures, the processor has an explicit obligation to support the Customer in the fulfilment of his obligations regarding the exercise of the rights of Natural Persons – Data Subjects, as provided for in the Regulation.
The Customer, as a data controller, acknowledges that in accordance with the data protection regulatory framework, he bears the sole responsibility for responding to requests or queries of the data subjects regarding their rights over their personal data, and acknowledges that the Company bears no responsibility to answer or in any way respond to a request or query of a data subject on behalf of the Customer.
In this context, the Customer expressly agrees that for the needs of responding to relevant requests of data subjects that he receives, he will use his access to the User Account for the purpose of managing them, and if this access is not possible, he will send a relevant request for assistance to the Company in writing.
Furthermore, and in view of the aforementioned, in the light of the relevant provisions of the Regulation and in particular articles 12 to 23, especially the provisions that set out specific deadlines within which the requests to exercise the rights of natural persons-data subjects must be satisfied, the Processor:
Informs the Customer directly, in writing or orally, about the submission of a question, complaint, request to exercise the rights of the natural person- data subject, either to the Company itself or to any cooperating third-party processing subcontractor, and sends copies of the relevant requests the same day he receives them and if this is not possible as soon as possible but, in any case, within three working days, at the latest.
Ensures that neither he nor the third-party processor satisfies or responds to any request to exercise rights, unless otherwise provided by the law governing the exercise of business activity of the processor or the third-party processing subcontractor. In the latter case, the Company, as long as it is not prohibited by the relevant provisions in force, informs the Customer in advance about the legal obligation to respond/satisfy the request to exercise rights that either he or the third-party processing subcontractor has.
Especially in relation to the right to be informed of natural persons- data subjects (articles 12-14 of the Regulation), the Company has an obligation to provide the necessary assistance to the Customer and to proceed to all necessary reasonable actions indicated by the latter, in order for him to be able to provide the natural persons concerned with all the necessary information set out in the provisions of the Regulation in the context of exercising the right to be informed and the corresponding obligations of the data controller.
In relation to the right of access, the Company is aware of its content, as specified in the Regulation (article 15), and has taken all appropriate measures in order to be able to provide the Customer, upon his relevant written request, with any relevant assistance, for the fulfilment of its respective obligations.
In relation to the right to erasure (right to be forgotten, article 17 of the Regulation), the Company will never proceed with the satisfaction of a relevant request without receiving the written order of the Customer, unless the erasure is required by a provision of the law, or an enforceable decision of the supervisory authority, or an enforceable court order.
In relation to the rights to rectification (Article 16), deletion (Article 17) and limitation of processing (Article 18), the Customer communicates any correction, deletion, or limitation of processing to the Company which in turn communicates the relevant information to each third-party recipient to whom the personal data was disclosed, unless this proves impracticable or involves a disproportionate effort. In the latter case, the most appropriate alternative solution is sought in collaboration with the data controller.
In relation to the right to portability (Article 20 of the Regulation), the Company has taken all appropriate technical and organizational measures so that personal data concerning natural persons can be provided, in a structured, commonly used and machine-readable format, to the data controller, upon relevant written request of the latter.
-
PROCESSING SUBCONTRACTORS
The Customer grants the Company the right to hire another/other processing subcontractors according to the specific provisions of the Agreement and subject to any restrictions contained therein.
Service Processing Subcontractors are authorized by the Company to process Personal Data only in accordance with the terms of this DPA and the Agreement and are bound by written terms at least as protective as the Customer’s Personal Data as defined herein. The Company maintains a list of the Processing Subcontractors it uses to provide the services of the Agreement (including the name and the activities it will perform), which is available at the following link, and is updated whenever deemed necessary.
The Customer may periodically review the List of Processing Subcontractors and may object to the Company’s use of a new Processing Subcontractor by sending written notice to the Company within thirty (30) days from the date of updating the List of Processing Subcontractors on which such Processing Subcontractor was added and to whom the Customer objects. The Customer, for each corresponding amendment of the List, will be informed at the electronic address he has designated for receiving communications. If the Customer objects to the use of a new Processing Subcontractor pursuant to the foregoing, the Company shall have the right to remedy the objection within thirty (30) days from the receipt of Customer’s objection by doing any of the following (to be selected at the sole discretion of the Company): (a) the Company provides a commercially reasonable alternative to avoid the processing of personal data by the new Processing Subcontractor or (b) the Company terminates the affected Services that involve the use of the new Processing Subcontractor for the processing of the Customer’s Personal Data and provides a prorated refund to the Customer of any prepaid charges received by the Company under the Agreement corresponding to the unused portion of the Term of such Services terminated after its effective date, which shall be the sole and exclusive Customer’s remedy for the services of the Company that are terminated.
-
TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
The transfer of personal data to a third country outside the European Union is prohibited, unless one of the following conditions is met:
- the European Commission has taken a decision establishing the assurance of an adequate level of personal data protection in the country to which the data is to be transferred,
- the transfer will be governed by the standard data protection clauses issued by the European Commission.
-
INFORMATION AND ASSISTANCE
Following prior written request, the Company will provide the Customer with all reasonable assistance and information regarding the Services provided under the Agreement to assist the Customer with respect to (a) the Customer’s performance of a data protection impact assessment regarding the services provided pursuant to the Agreement and (b) investigation by any Regulatory Authority(ies) to the extent that such investigation relates to the Customer’s use of the Services and Personal Data processed by the Company pursuant to the Agreement.
-
SECURITY OF PROCESSING
Taking into account the latest developments, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity for the rights and freedoms of natural persons, the Company implements appropriate technical and organizational measures to ensure an appropriate level of security against risks, including, inter alia, as appropriate:
- the pseudonymization and encryption of personal data,
- the ability to ensure the confidentiality, integrity, availability and reliability of processing systems and services on an ongoing basis,
- the ability to restore availability and access to personal data in a timely manner in the event of a physical or technical event,
of the procedure for the regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing. When assessing the appropriate level of security, particular account is taken of the risks deriving from the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed. The Customer is responsible for implementing appropriate technical and organizational measures that guarantee secure data processing, including measures regarding the correct application of access controls and use of the software related to the provision of the services of the Agreement, but also the appropriate configuration of its features and functions in a way that achieves the highest degree of data protection, according to the specific conditions and specific the security needs of the Customer, such as indicatively by implementing measures to ensure appropriate security and data protection, but also by creating backup copies of his personal data at regular intervals.
-
AUDIT RIGHTS AND CORRESPONDING OBLIGATIONS
The Company makes available to the Customer all necessary information and relevant documents in order for the latter to be able to prove that it complies with the obligations imposed by the Regulation regarding the delegation of the execution of processing activities.
The Company allows audits to be carried out, even with an on-site investigation at its premises, and cooperates during audits both with the Customer and with a third-party auditor, to whom the controller has assigned the audit.
The Customer:
- notifies the Company in writing and in good time at least thirty (30) days in advance of his intention to conduct an audit or on-site investigation,
- during the time that either he or the auditors appointed by him are at the Company’s premises to carry out an audit and/or on-site investigation, he takes all appropriate measures in order to exclude, and if this is not reasonably possible at least to minimize, any damage, injury, destruction, obstruction, etc., to the facilities, equipment, personnel and in general the business activity of the Company.
The Company has the right to refuse access to its premises for the purpose of audit in any of the following cases:
- the persons requesting access to the Company’s premises do not show identity cards or other proof of identity and/or do not show a relevant authorization/audit order from the data controller,
- the inspection or on-site investigation is requested outside of working hours, unless it is necessary to carry out an inspection and/or on-site investigation due to an emergency and the Customer has informed in advance and in time of the extraordinary circumstances that require the conduct of an audit/on-site investigation,
- the Customer requests the performance of more than two remote audits and more than one on-site audit in a year, unless additional audits and/or on-site investigations are required a) because there are valid reasons to question compliance, b) because the Customer has the obligation either under the provisions of the legislative framework for the protection of personal data, or following a relevant order from the Personal Data Protection Authority or any other authority or court responsible for the application of the relevant legislation in any member state of the European Union.
-
PERSONAL DATA BREACH MANAGEMENT
The Company implements control measures and policies designed to detect and promptly respond to data breach incidents (Data Incident). The Company will report, without undue delay, to the Customer any Data Incident concerning the personal data and the processing activities assigned to it in the context of the provision of the services of this agreement, as soon as it becomes aware that this has occurred and to the extent that this is not prohibited under with the applicable legislation. The Company’s obligation to report a Data Incident under this DPA is not and shall not be construed as an admission by the Company of any fault or liability in respect of such Data Incident. Customer is solely responsible for determining whether to notify affected data subjects and for providing such notification, as well as for determining whether to notify Regulatory Authorities of a breach of personal data, as may be required for the Customer’s business and activities. In addition to the above, the Customer agrees to coordinate with the Company regarding the content of the Customer’s intended public statements or the required notifications for the affected Data Subjects and/or notifications to the competent Regulatory Authorities regarding the Data Incident.
In any case, the Company cooperates with the Customer and takes all necessary actions, commercial and other, in accordance with his instructions, with the aim of investigating, mitigating the possible consequences and fully restoring, to the extent possible, any incident of breach of personal data.
-
CONTACT DETAILS
DPO Name & Surname: Elena Aggloupa
Job Position in the Company: DPO
Telephone: 211 999 4800
E-mail: dataprotection@candi.gr
-
RETURN OR ERASURE
Prior to termination or expiry of the Agreement for any reason, the Customer may delete Personal Data processed by the Company providing the Services in accordance with the terms of the Agreement. After the in any way termination or expiry of the Services, the Company allows for full recovery of all its Data for a period of up to two (2) months and after the end of said period it deletes all personal data contained in its systems unless applicable laws require the Personal Data to be stored for a longer period of time.
With regard to personal data stored in the Customer’s service environment or for the Services for which no bulk-logged data recovery function is provided by the Company as part of the Services, the Customer is advised to take appropriate measures to create copies or to otherwise store separately any Personal Data while the Company Services environment is still active prior to termination.