This Main Services Agreement (MSA) governs Customer’s acquisition and use of SALESmanago services. Capitalised terms have the definitions set forth herein. This MSA applies to the Agreements concluded on or after 23 October, 2023. For any Agreements concluded before 23 October 2023, archived MSA is available below.
By accepting this Main Services Agreement, by executing an Order Form that references this MSA Customer agrees to the terms of this MSA. If the individual accepting this MSA is accepting on behalf of a company or other legal entity, such individual represents that they have the authority to bind such entity to these terms and conditions, in which case the term “Customer” shall refer to such entity. If the individual accepting this MSA does not have such authority or does not agree with these terms and conditions, such individual must not accept this MSA and may not use the services.
I. DEFINITIONS
- “Account” – an account enabling the use of the Services, understood as the use of a selected package.
- “Agreement” means the agreement concluded between the Customer and SALESmanago on the basis of the Order Form and the MSA.
- “Confidential Information” – all confidential information disclosed by either Party (“Disclosing Party”) to the other Party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood as confidential given the nature of the information and the circumstances of disclosure. However, Confidential Information will not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party (including its directors, officers, employees, contractors or agents) prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party.
- “Professional Services” – professional Services, including implementation Services, provided to the Customer in accordance with the Terms of Professional Services, attached as Appendix no. 3 to the MSA.
- “Customer” means the individual, a company or other legal entity which has entered into Order Forms.
- “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- “MSA” means this Main Services Agreement.
- “Order Form(s)” means an ordering document specifying the Services to be provided under said document that is entered into between Customer and SALESmanago, including any annexes and supplements to it.
- “Parties” – the Customer and SALESmanago.
- “Password” – a sequence of signs, including alphanumeric, necessary to perform an authentication process while accessing the Account, determined by the User during the registration process.
- “Personal Data Protection Regulations” – regulations regarding processing of Personal Data including GDPR and The Personal Data Protection Act.
- “Personal Data” – means any information relating to an identified or identifiable natural person according to the Personal Data Protection Regulations.
- “SALESmanago” means Benhauer sp. z o. o. based in Cracow (30-705) at Stanisława Klimeckiego 4, NIP: 676 244 77 54 REGON: 122334666, entered into the Register of Entrepreneurs kept by the District Court for Kraków Śródmieście in Kraków, Division XI of the National Court Register under entry number KRS: 0000523346, with a share capital in the amount of PLN 1 407 450.00.
- “Services” means the services that are ordered by Customer under an Order Form and made available online by SALESmanago including electronic services within the meaning of the Electronic Provision of Services Act of 18 July 2002 (Dz.U.2020.344 t.j., with subsequent amendments) which consist in: (i) providing the User an Account and (ii) enabling to use the System through the Account, including providing the User profile.
- “System” – online Customer Engagement Platform.
- “The Personal Data Protection Act” – the Act of 10 May 2018 on the Protection of Personal Data (Dz.U. 2019.1781 t.j. with subsequent amendments).
- “Third Party Provider” – a provider of Third Party Services approved by SALESmanago.
- “Third Party Services” – services provided by a Third Party Provider to Customer in connection with the use of the System.
- “User profile” – an arrangement that can store information, made available by SALESmanago within the ICT system, that enables the User to enter, store and modify data necessary for proper usage of the features of the System. This information is provided to the System voluntarily and solely by the User.
- “User” – a natural person above 18 years of age with legal capacity who uses Services on behalf of the Customer.
II. SUBJECT MATTER OF THE MSA
- SALESmanago grants the Customer a non-exclusive, non-transferable right and licence to use the System available at www.salesmanago.com, which collects behavioural and transactional data about the Customer’s clients and delivers personalised communications across all marketing channels.
- SALESmanago will provide Services described in the Order Form, including Professional Services (if applicable).
- SALESmanago may, at its own discretion, temporarily provide the Customer with additional functionalities of the System free-of-charge (hereinafter referred to as “Additional Functionalities”). Customer agrees that SALESmanago, in its sole discretion and for any or no reason, may terminate Customer’s access to the Additional Functionalities or any part thereof. Customer agrees that any termination of Customer’s access to the Additional Functionalities may be without prior notice, and Customer agrees that SALESmanago will not be liable to Customer or any third party for such termination. Notwithstanding the “Liability” section below, the Additional Functionalities are provided “as-is” without any warranty and SALESmanago shall have no indemnification obligations nor liability of any type with respect to the Additional Functionalities unless such exclusion of liability is not enforceable under applicable law in which case SALESmanago’s liability with respect to the Additional Functionalities shall not exceed EUR 100.
III. CUSTOMER SERVICE AND TRAINING
- The Customer can use the support service available at support@salesmanago.com with a maximum response time of 24 hours free-of-charge.
- SALESmanago enables the Customer to participate in free weekly online training on the use of the System carried out by SALESmanago Specialists.
IV. RESPONSIBILITIES OF THE PARTIES
- SALESmanago will provide Services with the due diligence required.
- Each Party agrees: keep in confidence any Confidential Information disclosed by the other Party, not to use any Confidential Information belonging to the other Party for any purpose outside the scope of the Agreement and to limit access to Confidential Information to those of its directors, officers, employees, contractors and agents who need such access for the purpose of the Agreement. The confidentiality obligations shall remain in effect for the term of the Agreement and 5 years after its termination. Either Party may disclose Confidential Information if it is compelled by the applicable law to do so, provided it gives the other Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance to contest the disclosure.
- The Customer is obliged to use the System in compliance with the rules of law and in good faith, including compliance with SALESmanago Marketing Automation Anti-Spam Policy as described in Section VIII.3(b) below.
- While using the Services, the Customer is obliged, in particular to:
- a. use the System in a way that does not violate the SALESmanago’s intellectual property rights, especially in a way that does not distort its functioning, in particular through the use of certain software or devices;
- b. keep the Password secret and make every effort to prevent third parties from gaining possession of the Password; and
- c. not using the System for the purpose of any illegal activity.
- The Customer is responsible for:
- a. any User’s use and/or misuse of the Service; and
- b. the legality, reliability, integrity, accuracy and quality of its data.
- The minimum technical requirements which enable using the Services and/or the System are as follows:
- a. Services available through the Customer’s website (widgets): any modern browser which supports HTML5, CSS3, JavaScript, cookie files, LocalStorage, Web Push notifications, and is not restricted from accessing the resources located on SALESmanago infrastructure.
- b. Services available through salesmanago website (admin panel): access to the internet, the latest version of one of the following web browsers: Google Chrome, Mozilla Firefox with a default configuration.
- At the time of signing the Agreement, the System is compatible with the above requirements. Temporary incompatibility may result from changes made by third-party vendors. SALESmanago will exercise due professional care in ensuring the continued compatibility of the System.
- The Customer may choose to obtain Third Party Services (e.g. applications) to use with features within the System. To use such features, the Customer will be required to obtain access to Third Party Services from Third Party Providers. The Customer agrees to comply with the terms and conditions of the Third Party Services and the policies and guidelines pertaining thereto. Notwithstanding the foregoing, SALESmanago does not assume any responsibility for the Third Party Services, the terms of which have been regulated directly between the Customer and the Third Party Provider and specifically disclaims any liability, warranty, and obligation with respect to such Third Party Services, whether or not it is recommended or approved by SALESmanago, or otherwise noted. SALESmanago may terminate the cooperation with any Third Party Provider at any time without reason or change the Third Party Provider and such change shall not constitute a breach of the Agreement. SALESmanago assumes no responsibility for: (i) claims arising from the combination of any Services with any other products, services, hardware, data or business processes or use of Services by Customer other than in accordance with the Agreement; and (ii) for any amendment or modification to the Services not carried out by SALESmanago or one of its approved partners.
- The Customer shall only use the Services for its own internal business operations. The Customer acknowledges and agrees that it will not allow any third party, including Customer’s vendors and service providers, to access or use the Services unless such third party is allowed access for the purpose of providing authorized customer support services or in connection with Customer’s appropriate use of the Services for its business purposes.
V. FEE AND PAYMENTS
- The Customer will be charged a fee for the Services under the detailed price list described in the Order Form.
- The terms of payment for Services are described in the Order Form. Invoices will be issued at the end of each first month of the settlement period.
- Fees indicated in the Order Form will be increased by the indicated value on each anniversary of the entry into force of the Agreement in the form of an Annual Innovation Premium. The beforementioned fee increase does not require an amendment to the Agreement.
- If during the term of the Agreement the Customer reaches a given threshold of the number of contacts in the System database, indicated in the Order Form, the charge for this threshold becomes the minimum commitment monthly amount for the Customer under the Agreement in terms of the fee depending on the number of e-mail contacts stored in the System database.
- Except as otherwise specified herein or in an Order Form, (i) fees are based on the number of contacts stored in the System database and not actual usage of the System, (ii) payment obligations are non-cancelable and fees paid are non-refundable.
- The payment terms for the Services are agreed in the Order Form. Failure to make timely payment may result in the initiation of bad debt collection proceedings, the imposition of interest for late payment or the temporary restriction of System functionality (and this restriction does not affect the remuneration payable to SALESmanago).
- All amounts due or payable by the Customer under this Agreement shall be paid free and clear of any deduction, withholding or set off.
VI. COMPLIANCE
- The Customer shall comply with all applicable export controls, economic sanctions, and import laws and regulations, including without limitation the regulations of the European Union, United Kingdom, and the United States, as in force and amended from time to time. This means that Customer will not, directly or indirectly enter into a business relation with any person or entity resident in, located in, or organised under the laws of any country or territory subject to comprehensive economic sanctions (including, currently, Crimea, Cuba, Iran, North Korea, and Syria) (hereafter “Sanctioned Countries”), or (ii) identified on any applicable restricted party lists (including without limitation the U.S. Treasury, Office of Foreign Assets Control’s Specially Designated Nationals List; the HM Treasury Consolidated List of Financial Targets in the UK; and the European Union’s Consolidated List of Sanctioned Individuals and Entities) (hereafter “Restricted Party Lists”).
- The Customer warrants that it is, and will remain during the term of this Agreement, not (i) resident in, located in, or organised under the laws of a Sanctioned Country, or (ii) identified on, or majority-owned or controlled by one or more parties identified on, a Restricted Party List. SALESmanago reserves the right to request the Customer to periodically confirm in writing that it complies with the obligation under the Agreement and specifically with those in this section VI, Compliance.
VII. LIABILITY
- In no event shall the aggregate liability of SALESmanago arising out of or related to the Agreement exceed the total amount paid by Customer hereunder for the services giving rise to the liability in the twelve months preceding the first incident out of which the liability arose or € 10,000, whichever amount is lower. In no event will SALESmanago have any liability arising out of or related to the Agreement for any lost profits, revenues, goodwill, or indirect, special, incidental, consequential, cover, business interruption or punitive damages. The foregoing disclaimer will not apply to the extent prohibited by law.
- SALESmanago will not be responsible for delays, delivery failures or other loss resulting from the transfer of Customer’s data over communications network or facilities, including the internet.
- If the Service are held or are likely to be held infringing, SALESmanago will have the option, at its expense to (i) replace or modify the Services as appropriate, (ii) obtain a licence for Customer to continue using the Services, (iii) replace the Services with a functionality equivalent service or (iv) terminate the applicable Services and refund any prepaid charges applicable Services following the effective date of termination. To the fullest extent permitted by law, remedies described in the preceding sentence will constitute the sole and exclusive remedy available to Customer in relation to third party claims.
VIII. TERM AND TERMINATION
- The Agreement enters into force on the date and for a fixed period indicated in the Order Form and will automatically renew for successive periods indicated in the Order Form unless terminated by the Customer in writing at least 30 days before the end of the Agreement.
- The Customer has the right to terminate the Agreement if the main System’s features remain unavailable for consecutive 7 days from receiving the notification from the Customer.
- SALESmanago has the right to terminate the Agreement in the following cases:
- a. the Customer’s failure to pay invoices by more than 30 days; or
- b. violation by the Customer of the fundamental rules of social coexistence or business ethics having an impact on SALESmanago’s image or SALESmanago brand in particular violation of the SALESmanago Marketing Automation Anti-Spam Policy available here; or
- c. breach by the Customer of the rules of law
- d. violation by the Customer of the business ethics in communication with SALESmanago (in particular abusive behaviour).
- The above breaches, in the event of a written notice to the other Party, result in the immediate termination of the Agreement along with the cessation of the provision of services to the Customer, and the Customer is obliged to pay remuneration to SALESmanago for each day on which the service was performed.
- Declaration of termination of the Agreement by the Customer must be, under pain of invalidity, sent: (i) by e-mail to support@salesmanago.com or (ii) by mail to the address of the SALESmanago’s registered office. The declaration of termination of the Agreement for its effectiveness must be submitted by a person authorised to represent the Customer.
- In the event of termination of the Agreement by SALESmanago for reasons attributable to the Customer, SALESmanago shall be entitled to charge a contractual penalty in the amount corresponding to the unpaid portion of SALESmanago’s remuneration under the current Agreement term based on the remuneration from the last month before the termination times the Agreement duration till end of the Agreement or next renewal date. The charging of contractual penalty does not exclude SALESmanago to claim the deficiency compensation transferring the amount of withheld contractual penalty. The Customer will be obliged to pay the contractual penalty within 7 days from the date of receipt of the debit note to the bank account indicated in the note.
- The Order Form prices contain the discount attributable for definite period contracts. The discounts are as follows:
- a. For an Agreement of at least 6 months, but not more than 12 months, a discount of 30% had been applied;
- b. For an Agreement for 12 months or longer, a discount of 50% had been applied. In the event of termination of the Agreement by the Customer or by SALESmanago for reasons attributable to the Customer before the expiration of the term for which the Agreement – related to the granting of the discount to the Customer – has been concluded, SALESmanago shall be entitled to claim reimbursement of the discount granted to the Customer less its pro rata value for the period from the date of conclusion of the Agreement until the date of its expiration. The Customer will be obliged to return the relief granted to the Customer in the amount indicated in the preceding sentence within 7 days from the date of receipt of the debit note to the bank account indicated in the note.
IX. MISCELLANEOUS
- The Customer authorises SALESmanago to use the Customer’s name and trademark (or logo) to represent the fact that the Customer is a customer of SALESmanago, especially for the purpose of informing about using the System on its website and social media channels.
- SALESmanago may at any time make any change to any Service that is necessary to comply with applicable law, or that does not materially affect the nature or quality of the Service.
- SALESmanago may amend the MSA for important reasons, which are: a) changes in generally applicable laws affecting the provisions of the MSA; b) the issuance of a judgement or decision directly affecting the provisions of the MSA by a court or public administration authority; c) introduction of new functionalities of the System or changes to them; d) removal of ambiguities or doubts of interpretation. In case of the amendment of the MSA, SALESmanago shall notify the Customer of the change by the message that will be communicated to the User via the System.The Parties agree that the User is authorised to accept or reject the new terms and conditions on behalf of the Customer. Failure to respond to information about the change in the MSA within 14 days from the date of notification of the change is considered acceptance of the new terms and conditions. Customer’s objection to the new terms and conditions means that the existing MSA applies to the performance of the Agreement, whereby, the Customer may not object to changes resulting from the reasons indicated in letters b) and c) above.
- According to the Personal Data Protection Regulations, Parties have regulated the principles of entrusting the processing of Personal Data, in the agreement constituting Appendix No. 1 to the MSA. Appendix No. 1 shall apply when the performance of the Agreement involves the processing of personal data to which the provisions of the GDPR apply.
- To execute the Agreement, the Parties, as independent data controllers, will share the personal data of their representatives indicated in the Agreement, representatives and persons appointed to execute the Agreement, including the following categories of data: identification data (including, but not limited to, name, position of representative). In connection with the execution of the Agreement, the Parties may also transfer the personal data of employees and associates not listed in the Agreement.
- SALESmanago implements the information obligation to representatives and employees whose data is listed in the Agreement through the information clause, attached as Appendix 2 to the MSA.
- Persons representing the Customer acknowledge receipt of information regarding processing their personal data in connection with the Agreement. The Customer agrees to provide this information to employees and associates not mentioned in the content of the MSA, whose data will be transferred between the Parties to perform the Agreement.
- SALESmanago will be entitled to use data processed as part of the Services to produce: statistical analyses, insights, market data and predictive models to assist development of SALESmanago Services and third party products or services designed for use with them (hereinafter referred to as the “Analytics”). No Personal Data is used for the purpose of Analytics nor will Analytics identify Customer.
- Neither Party will be liable for any delay or failure to perform its obligation under the Agreement if the delay or failure is due to extraordinary and unforeseeable event or circumstance beyond its reasonable control (force majeure), such as a strike, blockade, war, act of terrorism, riot, natural disaster, failure or reduction of power or telecommunications or data networks or services, or government act.
- Subject to the provisions of the MSA stating that it may be amended, any amendment or variation to the Agreement must be in writing or a document form via the digital signature tools (e.g. DropboxSign). Otherwise null and void. The Parties exclude the application of Art. 661 § 1-3 of the Polish Civil Code.
- If any provision of the MSA is held by a court or other competent authority to be unlawful, void or unenforceable, it shall be deemed to be deleted from the MSA. It shall be of no force and effect, and the MSA shall remain in full force and effect as if such provision had not originally been contained in the MSA. In the event of any such deletion the Parties shall negotiate in good faith in order to agree the terms of a mutually acceptable and satisfactory alternative provision in place of the provision so deleted.
- The Agreement is governed by and constructed under Polish law.
- Any dispute in connection to the Agreement shall be subject to the exclusive jurisdiction of the courts having jurisdiction over SALESmanago registered office.
- Appendices shall form an integral part of the MSA.
- If a conflict occurs between this MSA, appendices to the MSA and the Order Form, unless otherwise specifically stated in these documents, the order of precedence shall be:
- a. Order Form
- b. Appendix No. 1 to the MSA
- c. Appendix No. 3 to the MSA
- d. MSA.
Appendix No. 1 to the MSA Personal Data Processing Agreement
Personal Data Processing Agreement
hereinafter referred to as „PDPA”
between
Customer, hereinafter referred to as “Entruster”
and
SALESmanago, hereinafter referred to as “Processor”
Whereas,
the Parties have concluded the Agreement, Parties hereby agree as follows:
§ 1 Statements of the Parties
- The Entruster declares that, regarding the entrusted personal data, it is either the data controller or the processor and has the right to process the data and entrust its processing.
- The Processor shall ensure that appropriate technical and organisational measures are implemented so that the processing meets the requirements of the Act and the GDPR and provides the protection of the rights of the data subject.
- The Processor declares that he applies all required technical and organisational measures so that the processing is carried out in accordance with Article 32 of the GDPR.
- The Processor declares that the Processor has the resources, including infrastructure resources, experience, knowledge, and qualified personnel, to the extent that it is able to duly perform the PDPA, in compliance with the applicable laws. In particular, the Processor declares that it is familiar with the principles of personal data processing and security resulting from the GDPR.
§ 2 Subject matter of PDPA
- Parties agree that for the purpose of fulfilling statutory obligations imposed by law, these being, in particular, the provisions of GDPR and the provisions of other Member States data protection laws that apply to the Agreement as well as the proper performance of the Agreement, the Entruster, entrusts the Processor with the processing of personal data in the scope as defined by this PDPA.
- The Parties declare that processing is to be carried out on behalf of the Entruster and the Processor provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subject.
- Where terms defined in the GDPR are used in this PDPA, these terms have the same meaning as in the GDPR.
§ 3 Description and scope of processing
- This PDPA applies to the processing of personal data set out below:
- a. categories of data subjects: users of the Entruster’s websites who are clients or potential clients of the Entruster;
- b. the type of personal data: name and surname, e-mail address, telephone number, Contact ID, IP number, online behavioural data of data subjects;
- c. the nature and purpose of personal data processing: performing the Agreement, using resources provided by the Processor;
- d. the subject-matter of the processing: personal data stored in the System in the duration of the same term as the performance of the Agreement.
- The Parties jointly agree that the Entruster entrusts the Processor only with personal data within the scope of and concerning the categories of persons specified in § 3(1) of the PDPA. In entrusting a broader scope of personal data than in § 3(1) of the PDPA (in particular special categories of personal data/sensitive data), the Entruster is obliged to indicate in the Order Form a new scope of personal data that will be entrusted on the date of the Agreement. If the scope of processed personal data changes during the execution of the Agreement, the Entruster is obliged to indicate a new scope of personal data to the Processor.
- The Processor undertakes to process entrusted personal data only for the purpose and scope specified in above, based on documented instructions from the Entruster, which also applies to the transfer of personal data to a third country or international organisation (unless such obligation is imposed by Union law or the law of the Member State to which the Processor is subject; in this case, the Processor shall inform the Entruster of this legal obligation prior to the commencement of processing, unless such law prohibits the provision of such information on grounds of important public interest).
§ 4 Rights and obligations of Parties
- The Entruster entrusts to the Processor lawfully collected personal data.
- Following a written request by the Entruster, the Processor shall be obliged to provide information regarding the processing of personal data entrusted to him, including details of technical and organisational means used for the purpose of processing data covered by the request, within 14 days of receiving such a request.
- The Processor shall inform the Entruster prior to the commencement of processing of data on the implementation of a possible legal obligation consisting of the transfer of personal data to a third country or an international organisation, in accordance with Article 28(3) point a of the GDPR.
- The Processor ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, in accordance with Article 28(3) point b of the GDPR.
- The Processor undertakes to ensure that every person acting under the authority of the Processor who has access to personal data processes them only at the request of the Entruster for the purposes and scope provided for in the PDPA.
- The Processor declares that he has taken safeguard measures required under Article 32 of the GDPR, in accordance with Article 28(3) point c of the GDPR. Ensuring data security includes data protection against security breaches leading to breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data (personal data breach). When assessing the appropriate level of security, the Parties shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
- The Processor declares that he respects the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor, in accordance with Article 28(3) point d of the GDPR.The Entruster may grant specific consent to the Processor for further entrustment of personal data processing. The Processor shall inform (in a documented form) the Entruster of its intention to further entrust personal data 7 days in advance.
- As a general rule, the Processor does not use sub-processors to perform the Agreement. However, access to certain functionalities of the System may require the Entruster’s consent to further entrustment of personal data. The Processor will not entrust personal data before obtaining the consent referred to above. The Entruster’s consent to further entrustment of personal data does not constitute an amendment to the PDPA.
- The Processor shall be fully responsible to the Entruster for fulfilling the obligations under the personal data processing agreement entered into between the Processor and the sub-processor. If the sub-processor fails to comply with its data protection obligations, the full responsibility to the Entruster for the fulfilment of the obligations of such sub-processor shall rest with the Processor.
- The Processor takes into account the nature of the processing, assists the Entruster by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Entruster’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR, in accordance with Article 28(3) point e of the GDPR. The Processor is neither entitled nor obliged to respond directly to the requests of the data subjects.
- The Processor assists the Entruster in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to the Processor, in accordance with Article 28(3) point f of the GDPR. In particular:
- 11.1 [Data breach concerning data processed by the Entruster] In the event of a personal data breach concerning data processed by the Entruster, the Processor shall assist the Entruster:
- 11.1.1 in notifying the personal data breach to the competent supervisory authority, without undue delay after the Entruster has become aware of it, where relevant (unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons);
- 11.1.2 in obtaining the following information which, pursuant to Article 33(3) of the GDPR, shall be stated in the Entruster’s notification, and should include:
- 11.1.2.1 the nature of the personal data including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
- 11.1.2.2 the likely consequences of the personal data breach;
- 11.1.2.3 the measures taken or proposed to be taken by the Entruster to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
- 11.1.3 in complying, pursuant to Article 34 of the GDPR, with the obligation to communicate without undue delay the personal data breach to the data subject, when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.
- 11.2 [Data breach concerning data processed by the Processor] In the event of a personal data breach concerning data processed by the Processor, the Processor shall notify the Entruster without undue delay but no later than 24 hours after the Processor having become aware of the breach. Such notification shall contain:
- 11.2.1 a description of the nature of the breach (including, where possible, the categories and approximate number of data subjects and data records concerned);
- 11.2.2 the details of a contact point where more information concerning the personal data breach can be obtained;
- 11.2.3 its likely consequences and the measures taken or proposed to be taken to address the breach, including to mitigate its possible adverse effects.
Where, and insofar as, it is not possible to provide all this information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay.
- 11.1 [Data breach concerning data processed by the Entruster] In the event of a personal data breach concerning data processed by the Entruster, the Processor shall assist the Entruster:
- The Processor makes available to the Entruster all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Entrusteror another auditor mandated by the Entruster, in accordance with Article 28(3) point h of the GDPR and under the conditions set out in §5 below.
- The Processor shall immediately inform the Entruster if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
§ 5 Audits
- The Entruster is entitled to carry out, not more than once during each subsequent calendar year, an audit of the security of personal data processing, in terms of compliance of their processing with the PDPA and applicable law, in particular the GDPR.
- The basic form of auditing is an audit carried out by electronic means. It consists in sending by the Entruster to the Processor questions regarding the compliance of the processing by the Processor of the entrusted personal data with the PDPA, the GDPR or the provisions of generally applicable law on the protection of personal data, including the security measures applied. The Processor is obliged to answer the Entruster’s questions, insofar as this is possible, within 30 days of receiving them.
- After the audit referred to in point 2 above, the Entruster, if necessary, is entitled to conduct an audit in a different form. After receiving a request to conduct such an audit, the Parties will determine the date of its commencement (which may not take place earlier than 10 business days from receipt of the Entruster’s request), its exact scope, and persons authorised to conduct it.
- Audits will be carried out during the working hours of the Processor’s business, to the extent and in the area necessary for the processing of personal data, without prejudice to the normal conduct of business by the Processor, the business secrets of the Processor and confidential information belonging to third parties. The Entruster undertakes to keep the above-mentioned information confidential. Before starting the audit activities, the Parties (and an external auditor appointed by the Entruster, if applicable) will sign an appropriate confidentiality agreement.
- The costs of the audit are borne by the Entruster.
§ 6 Data transfer outside the European Economic Area
- The Processor shall not transfer personal data entrusted by the Entruster outside the European Economic Area.
- In situations where the Entruster processes personal data or has an establishment outside the European Economic Area (hereinafter: EEA) and therefore a transfer of personal data is necessary as referred to in §6(1) of the PDPA, the standard contractual clauses referred to in Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council, with the following content, shall apply:
- An amendment to the “List of sub-processors” appendix does not constitute an amendment to the PDPA.
- If it is necessary to conclude the standard contractual clauses referred to in § 6(2) of the PDPA in written form, the Processor shall forward the request to conclude them in this form to the Processor at dpo@salesmanago.com.
- Standard contractual clauses referred to in §6(2) of the PDPA apply only in the absence of a decision pursuant to Article 45(3) GDPR.
§ 7 Liability
- Each Party shall be liable for any damage caused to the other Party or to any third parties in connection with the performance of this PDPA, pursuant to provisions of the GDPR or this PDPA.
- The Processor shall not be responsible for the personal data provided by the Entruster beyond the scope specified in §3(1) of the PDPA unless the Entruster indicates the new scope of data in the Order Form. To avoid any doubts, the Processor shall be responsible for the personal data specified in the Order Form to the same extent as the data specified in §3(1) of the PDPA.
- In the event of damage caused by actions undertaken by the Processor, the Processor shall be liable as guilty of the actual damage incurred by the Entruster. In no event shall the aggregate liability of the Processor arising out of or related to the PDPA exceed the total amount paid by the Entruster for the services giving rise to the liability in the twelve months preceding the first incident out of which the liability arose. In no event will Processor have any liability arising out of or related to the PDPA for any lost profits, revenues, goodwill, or indirect, special, incidental, consequential, cover, business interruption or punitive damages. The foregoing disclaimer will not apply to the extent prohibited by law.
- The Processor shall be excluded from liability for adequately securing personal data in accordance with this PDPA in the part of the information system administered by the Entruster.
§ 8 Representatives of the Parties
For the purposes of implementing this PDPA, the Entrusterand the Processor appoint a contact person:
- a. The Entruster: contact person indicated in the Order Form
- b. The Processor: email: dpo@salesmanago.com
- – the indicated person may be changed at any time via email. Such change does not constitute an amendment to the PDPA.
§ 9 Final provisions
- The Processor shall not charge any additional fees for the performance of any of the provisions of this PDPA.
- This PDPA is concluded for the duration of the Agreement and for the performance of all obligations under this PDPA.
- In the event of terminating the Agreement, the Entruster shall, within 7 days of the date of expiry hereof, individually secure any personal data entrusted to Processor for processing. 14 days following the date of expiry of the PDPA, the Processor shall permanently delete any and all records containing personal data entrusted for processing, made in connection with or while performing the Agreement in accordance with Article 28(3) point g of the GDPR.
- The Parties declare that any previously signed agreements regarding the processing of personal data are revoked and replaced by this PDPA.
- Any issues falling outside the scope of this PDPA shall be governed by the provisions of the GDPR.
Appendix No. 2 to the MSA Information on the processing of personal data for the Customer, persons representing the Customer, Users and contact persons
The data controller: The data controller of your personal data is Benhauer sp. z o.o. based in Cracow entered in the Register of Businesses maintained by Division XI of the National Court Register of the District Court for Kraków-Center in Kraków under KRS number 0000523346, REGON number 122334666 and NIP number 6762447754 (hereinafter referred to as “Benhauer” or “the controller”).
Purposes and legal basis of personal data processing: The controller will process personal data of the contractors who are natural persons:
- to perform an agreement between the contractors and the controller or take action at the request of the contractors before the conclusion of the contract (Article 6(1)(b) of the GDPR);
- fulfilling the legal obligations incumbent on the controller, arising in particular from tax and accounting legislation (Article 6(1)(c) of the GDPR);
- pursuing or defending against claims, which is the legitimate interest of the controller (article 6(1)(f) of the GDPR).
Purposes and legal basis of personal data processing: The controller will process personal data of the contractor’s representatives persons conducting agreements, users and contact person:
- to maintain business contacts, which is the legitimate interest of the controller (Article 6(1)(f) of the GDPR);
- fulfilling the legal obligations incumbent on the controller, arising in particular from tax and accounting legislation (Article 6(1)(c) of the GDPR);
- for the purpose of creating a user account to perform the contract concluded with the customer, which is a legitimate interest of the controller (Article 6(1)(f) of the GDPR);
- pursuing or defending against claims, which is the legitimate interest of the controller (Article 6(1)(f) of the GDPR).
The recipients of the personal data: The controller may disclose the personal data of the contractors to entities authorised by the law. Entities supporting the controller, including IT services providers, may also have access to the personal data of the contractors on the basis of agreements conducted with the controller.
Processing period: The personal data of the contractors shall be processed for the period required by the law or by the limitation period for any claims, depending on which of these events occurs later. The personal data processed for contact purposes will be processed for the time for the duration of the business relationship.
Voluntary/obligation to provide personal data: Providing personal data is voluntary however necessary to conclude an agreement with the controller.
Transfers of personal data to third countries or international organisations: Your personal data will also be processed in tools/systems provided by the entities supporting the data controller that are based or process data outside the European Economic Area. In this case, personal data is transferred on the basis of standard contractual clauses approved by the European Commission or a decision of the European Commission stating an adequate level of protection in a given country, e.g. on the basis of the EU-US Data Protection Framework.
Decision-based solely on automated processing/profiling: The controller is not making decisions based solely on automated processing, including profiling (concerning the purposes of data processing described above).
Data subjects rights: You have the right, as applicable, to:
- request access to your personal data, rectification, deletion and limitation of processing, and if your personal data is processed by automated means on the basis of a contract, you also have the right to transfer your personal data;
- withdraw your consent at any time, if that data was processed on the basis of this consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- object to the processing of your personal data – when the data is processed on the basis of the controller’s legitimate interest.
- You also have the right to lodge a complaint with the supervisory authority (PUODO – President of the Office for Personal Data Protection) Stawki 2 st., 00-193 Warszawa, email: kancelaria@uodo.gov.pl
The data controller:
Benhauer sp. z o.o. based in Cracow
Stanisław Klimecki 4 st.
30-705 Kraków
e-mail: rodo@salesmanago.com
Data Protection Officer
e-mail: dpo@salesmanago.com
Appendix No. 3 to the MSA – Terms of Professional Services
These Terms of Professional Services (“Terms”) govern Customer’s acquisition of SALESmanago Professional Services. Capitalized terms have the definitions set in the MSA unless expressly stated otherwise below.
§ 1 Subject matter of the Terms
- SALESmanago agrees to provide to the Customer the Professional Services in accordance with the package selected by the Customer, as indicated in the Order Form.
- For the avoidance of doubt, if the Customer does not order Professional Services, these Terms do not become part of the Agreement between the Customer and SALESmanago.
- The MSA shall apply to these Terms to the extent not covered by these Terms, unless expressly stated otherwise.
- In the event of any discrepancy between the provisions of the MSA and these Terms, these Terms shall prevail.
§ 2 Project scope and objectives
- Notwithstanding anything to the contrary, the Parties acknowledge and agree that the Professional Services provided hereunder are limited in scope to the following. SALESmanago and Customer jointly agree there shall be no customizations to System’s standard features and functionality.
- SALESmanago and the Customer shall work together to achieve the agreed-upon objectives below, according to the selected Professional Service package:
- 2.1 SALESmanago – Essential services offering
- 1) Complete discovery sessions to determine business requirements for the workflows, contact forms, dashboards and other functionalities for Customer’s live of the System, including:
- a) Kickoff meeting
- b) Discovery session
- c) Scope, schedule & reporting planning meeting
- 2) Provide access to the project portal established for complete project management
- 3) Work with Customer to fully populate and utilise the environment
- a) Configure System environment
- b) User set-up
- 4) Data discovery and architecture workshop
- a) Work with Customer to document the necessary attributes for the System contact and event data
- b) Mentoring and documentation for maintaining all data imports and transfer, and the ongoing integration of data
- c) User Acceptance Testing (UAT) criteria
- d) XML file integration
- e) DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) configuration completion
- 5) Complete the training and enablement sessions and provide the Customer with:
- a) Live Q&A sessions to address specific use cases and challenges
- b) documentation and self-paced learning resources for users to get familiar with the System
- c) Up to one (1) preparation meeting with new Customer System operational and technical stakeholder to prepare for the go-live
- 6) Design and implementation of workflows (up to 3), not to exceed 3 System workflows
- 7) Final go-live of above-mentioned System implementations – onboarding and implementation review
- a) Status report
- b) Roadmap development and next steps
- c) Review ongoing services needs
- 8) Project summary meeting
- 1) Complete discovery sessions to determine business requirements for the workflows, contact forms, dashboards and other functionalities for Customer’s live of the System, including:
- 2.2 SALESmanago – Standard services offering
- 1) Complete discovery sessions to determine business requirements for the workflows, contact forms, dashboards and other functionalities for Customer’s live of the System, including
- a) Kickoff meeting
- b) Discovery session
- c) Scope, schedule & reporting planning meeting
- 2) Provide access to the project portal established for complete project management
- 3) Work with the Customer to fully populate and utilise the environment
- a) Configure System environment
- b) User set-up
- c) Initial setup of System business dashboard
- 4) Data discovery and architecture workshop
- a) Work with the Customer to document the necessary attributes for the System contact and event data
- b) Mentoring and documentation for maintaining all data imports and upload processes, and the ongoing integration of data
- c) User Acceptance Testing (UAT) criteria
- d) XML file integration
- e) DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework)
- 5) Contact data integration
- a) Initial load of contacts to the System
- 6) Complete the training and enablement sessions and provide the Customers with:
- a) Offering live Q&A sessions to address specific use cases and challenges
- b) Providing documentation and self-paced learning resources for users to get familiar with the System
- c) Up to two (2) preparation meetings with new Customer SALESmanago operational and technical stakeholder to prepare for the go-live
- 7) Design and implementation of workflows (up to 4), to exceed 4 SALESmanago workflows
- 8) Final go-live of above-mentioned System implementations – onboarding and implementation review
- a) Status report
- b) Roadmap development and next steps
- c) Review ongoing services needs
- 9) Project summary meeting
- 1) Complete discovery sessions to determine business requirements for the workflows, contact forms, dashboards and other functionalities for Customer’s live of the System, including
- 2.3 SALESmanago – Premium services offering
- 1) Complete discovery sessions to determine business requirements for the workflows, contact forms, dashboards and other functionalities for Customer’s live of the System, including
- a) Kickoff meeting
- b) Discovery session
- c) Scope, schedule & reporting planning meeting
- 2) Provide access to the project portal established for complete project management
- 3) Work with the Customer to fully populate and utilise the environment
- a) Configure System environment
- b) User set-up
- c) Email marketing account set-up
- d) Customization of emails according to brand theme
- e) Initial setup of the System business dashboard
- 4) Data discovery and architecture workshop
- a) Work with the Customer to document the necessary attributes for the System contact and event data
- b) Mentoring and documentation for maintaining all data imports and upload processes, and the ongoing integration of data
- c) User Acceptance Testing (UAT) criteria
- 5) Transactional data mapping and transfer
- a) XML file integration
- b) DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework)
- c) Historical transaction migration (up to and not exceeding 500,000 events)
- 6) Contact data integration
- a) Initial load of contacts to the System
- b) Pre-import data aggregation
- c) Initial segmentation of contacts
- 7) Complete the training and enablement sessions and provide the Customers with:
- a) Live Q&A sessions to address specific use cases and challenges
- b) Providing documentation and self-paced learning resources for users to get familiar with the System
- 8) Design and implementation of workflows (up to 5), not to exceed 5 System workflows
- 9) Up to three (3) preparation meetings with new Customer System operational and technical stakeholder to prepare for the go-live
- 10) Final go-live of above-mentioned System implementations – onboarding and implementation review
- a) Status report
- b) Roadmap development and next steps
- c) Review ongoing services needs
- 11) Project summary meeting
- 1) Complete discovery sessions to determine business requirements for the workflows, contact forms, dashboards and other functionalities for Customer’s live of the System, including
- 2.1 SALESmanago – Essential services offering
§ 3 Project assumptions and considerations
- It is estimated that the chosen Professional Services will be completed within the time indicated in the Order Form starting from the Agreement start date according to the Order Form. If the Professional Services (or any part thereof) provided are not complete at the end of the above mentioned period due to Customer’s failure to make the necessary resources (e.g. data which should be imported into the System) available to SALESmanago or to perform other Customer obligations in timely manner (e.g. unavailability of contact persons, failure to implement System integration), such Professional Services will be deemed to be complete at the end of the above mentioned delivery period. If the Professional Services provided are not complete at the end of the delivery period due to SALESmanago failure to make the necessary resources available to the Customer or to perform SALESmanago obligations, the delivery period will be extended accordingly to allow SALESmanago to complete such Professional Services.
- Without affecting the date of payment of the remuneration, the Customer may request a one-time postponement of the date of commencement of Professional Services, for a period not exceeding 2 months.
- All services shall be delivered remotely. Travel and related expenses shall not be required, and are not included in the fixed fee amount. No other fees and/or expenses will be permitted without the prior written approval of the Customer and SALESmanago.
- SALESmanago may choose to change any personnel assigned to the Professional Services at any time for any or no reason.
- The Customer will provide:
- a. appropriately qualified personnel, knowledgeable regarding the existing Customer’s environment to support SALESmanago’s activities in terms of the Professional Services. These personnel will be available without undue delay to clarify the business requirements and for validation of results as needed. Customer’s personnel must include: (i) the person who will use the System on a daily basis responsible for learning how to use the System involving participation in educational workshops; and (ii) a technically qualified person with knowledge of an IT/ICT field. The above mentioned personnel shall, in particular, be authorised to approve the results of the work produced in the provision of Professional Services (e.g. integration tests);
- b. ongoing access to the software required for this effort (e.g. plug-ins, if applicable);
- c. reasonably quick and expeditious resolution for business or technical questions or issues arising from the effort;
- d. that any data transferred to SALESmanago will be password protected and that the size of any file transferred will not exceed 20 MB.
- The Customer agrees to provide content in a timely manner to SALESmanago for the development of email templates, pop-ups, forms, web pushes, landing pages. The Customer also agrees to accept the content prepared by SALESmanago to the Customer in a timely manner.
- The Customer undertakes to perform full System integration (monitoring code, transaction event submission, submission and contact monitoring, contact consent and subscription management, XML or product API configuration).
- The Customer undertakes to inform about a possible change of the persons referred to in point 5a well in advance.
§ 4 Fees and payments
- The Customer will be charged a fixed fee for the Professional Services under the price list described in the Order Form.
- The terms of payment for the Professional Services are described in the Order Form. Invoice for the Professional Services will be issued on Agreement start date, according to the Order Form (upfront payments).
- Failure to make timely payment may result in the initiation of bad debt collection proceedings, the imposition of interest for late payment or withholding the provision of Professional Services.
- Unknown circumstances may cause actual cost and effort to vary from the fees and timing outlined in these Terms and the Order Form. Any services beyond those described above will be subject to separate pricing.
- Professional Services are non-cancellable, and all fees for Professional Services are non-refundable.
§ 5 Liability
In no event shall the aggregate liability of SALESmanago arising out of or related to the Professional Services exceed the total amount paid by Customer hereunder for the Professional Services. In no event will SALESmanago have any liability arising out of or related to the Professional Services for any lost profits, revenues, goodwill, or indirect, special, incidental, consequential, cover, business interruption or punitive damages. The foregoing disclaimer will not apply to the extent prohibited by law.
§ 6 Miscellaneous
- The Terms apply only to the services indicated therein and do not regulate any Customer support after SALESmanago has completed their provision within the meaning of these Terms.
- Termination of the provision of services under these Terms does not affect the validity and scope of the agreement regarding the use of the System.
Previous versions: