Albert-ISO

Terms and Conditions

| CONTROL BRIDGE GROUP |

SOFTWARE AS A SERVICE SUBSCRIPTION AGREEMENT

Please read this Software as a Service Subscription Agreement (“SaaS Agreement”) before purchasing Control-Bridge Group’s (Control-Bridge) subscription services. By Purchasing or using the Subscription services, you are consenting to be bound by this Agreement. which will govern exclusively the legal relationship between Control-Bridge and the Customer, or the entity the Customer is representing, regarding the access to Albert ISO27001 (SaaS) and the use of Services.

Albert ISO27001 is a Software provided as a Software as a Service to manage ISO27001 Compliance for its clients. Control-Bridge operates Albert ISO27001 (SaaS) for businesses only and does not accept Consumers as defined under the UK Consumer Protection Act, 1987 and Consumer Rights Act, 2015.

Customer, in case of an individual, warrants that he is lawfully able and has the capacity to enter into contracts (e.g. he is not a minor). If any person is entering into this agreement as a representative for an entity, such as the company for which the Customer is working for, such person warrants to Control-Bridge that his company is duly organised, validly existing and in good standing under the laws of the country in which it is organised or incorporated and that he has legal authority, permission, resolution or power of attorney to bind that company.

Terms and conditions of Customer or of third parties that deviate from or conflict with the terms and conditions of this Agreement will not apply, even if Service Provider does not expressly contradict these terms and conditions of the Customer.

Individual contracts concluded with the Customer (including collateral agreements, addenda and amendments) in a specific case shall without exception take precedence over this SaaS Agreement. Control-Bridge Group is entitled to commission any Service from third parties acting as a Partner/Vendor.

In this Agreement, unless the context otherwise requires, capitalised terms shall have the meanings ascribed to them in the Definitions section.

  1. Definitions
  1. ‘Agreement’ means this SaaS subscription agreement, including all schedules, exhibits, and amendments hereto.

  2. Authorised User’ means a User who has been granted access credentials by the Customer to access and use the SaaS Service.

  3. ‘SaaS Service’ means the software-as-a-service solution or Web Application provided by the Service Provider, as described in the Service Description Schedule.

  4. ‘Service Provider’ means Control-Bridge Group the party providing the SaaS Service under this Agreement.

  5. ‘Customer’ means the party subscribing to and using the SaaS Service under this Agreement.

  6. ‘Confidential Information’ means any information disclosed by one party to the other party, either directly or indirectly, in writing, orally, or by inspection of tangible objects, which is designated as “Confidential,” “Proprietary,” or some similar designation.

  7. ‘Data Protection Laws’ means all applicable laws and regulations relating to the processing of Personal Data, including but not limited to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

  8. ‘Documentation’ means online documentation, help, user guides, and training materials published on Service Providers website at https://albert-iso.com/or accessible through the applicable Services, as may be updated by Service Provider from time to time.

  9. ‘Effective Date’ means the date on which this Agreement becomes effective, as specified on the cover page.

  10. ‘Intellectual Property Rights’ means all patents, copyrights, trademarks, trade secrets, and other intellectual property rights, whether registered or unregistered, that may provide a right in either hardware, software, content, documentation, source code, confidential information, trade-marks, ideas, formulae, algorithms, concepts, inventions, processes or know- how generally, or the expression or use of such hardware, software, content, documentation, confidential information, trade-marks, ideas, formulae, algorithms, concepts, inventions, processes or know-how any and all applications, registrations, licenses, sub-licenses, franchises, agreements or any other evidence of a right in any of the foregoing .

  11. ‘Indemnified Party’ means the party entitled to be indemnified under the Indemnification section of this Agreement.

  12. ‘Indemnifying Party’ means the party obligated to indemnify the Indemnified Party under the Indemnification section of this Agreement.

  13. ‘Personal Data’ means any information relating to an identified or identifiable natural person, as defined under applicable Data Protection Laws.

  14. ‘Service Level Agreement’ or ‘SLA’ means the service level commitments made by the Service Provider regarding the availability, performance, and support of the SaaS Service, as set forth in the Service Level Agreement Schedule.

  15. Subscription’ means the right granted to the Customer to access and use the SaaS Service during the Term pursuant to payment for the Subscription Plan opted by the Customer, subject to the terms of this Agreement and includes any User guides or manuals for use of the Saas Services that is made available to the customer in connection with the Subscription.

  16. ‘Subscription Fees’ means the fees payable by the Customer to the Service Provider for the Subscription, as set forth in the Pricing Schedule.

  17. ‘Support Services’ means the support and maintenance services provided by the Service Provider for the SaaS Service, as described in the Support Services Schedule.

  18. ‘Service Level Agreement’ or ‘SLA’ means the service level commitments made by the Service Provider regarding the availability, performance, and support of the SaaS Service, as set forth in the Service Level Agreement Schedule.

  19. ‘Subscription Term’ means the date when the payment is made by the Customer till the date the Subscription Plan is terminated either by the Customer or the Service Provider as specified in the Term and Termination section.

  20. ‘User’ means an individual authorized by the Customer to access and use the SaaS Service.

  21. ‘User Data‘ means any data or information (including personally identifiable information) of Customer or its Users including, without limitation account profile information, usernames, passwords, or other information provided by Customer or its Users in connection with the Services.

2. Subscription and Fees

a. Subscription Plans and Services. The Service Provider shall use commercially reasonable efforts to make available to the Customer the Subscription Services in accordance with the Premium Plus subscription plan selected by the Customer via the Web Application between the parties for Customers internal business purpose only and subject to the following limitation on availability 1) planned downtime provided the Service Provider notified the Customer in advance; and 2) any circumstances outside the Service Provider’s control , including but not limited to acts of God, pandemics, acts of government , earthquake, fire, civil unrest, labor stoppages, or shortages, , or Customers inability to access the internet or the Subscription Services (the “Subscription“). The features and functionality of the SaaS Service included in each Subscription plan are set forth in the Service Description attached hereto as Schedule I.

b. The Customer may upgrade its Subscription plan at any time during the Term by providing written notice to the Service Provider. A separate contract needs to be signed for the upgrade, and the Subscription Fees shall be adjusted accordingly.

c. The Service Provider reserves the right to modify, enhance, or discontinue any feature or functionality of the SaaS Service at any time, provided that the Service Provider shall use commercially reasonable efforts to maintain the overall functionality and performance of the SaaS Service.

3. Subscription Fees and Payment Terms

  1. The Customer shall pay the Service Provider the fees for the Subscription (the “Subscription Fees”) through the periodic payment methods set forth in the payment page on the SaaS Web Application for the subscription plan opted for by the Customer.

  2. The Subscription Fees shall be payable monthly or annually (based on the type of the subscription) in advance, and the Service Provider shall invoice the Customer for the Subscription Fees at least ten (10) days in advance before the consecutive month and payable on the first day of the subscription or the fifth (5th) day of every month.

  3. The Customer shall be responsible for the payment of any applicable taxes, duties, VAT or other charges imposed by any government authority. For Customers in the U.K, value added taxes (VAT) will be charged as per applicable U.K tax laws and rules.

  4. If the Customer fails to pay any undisputed Subscription Fees or other amounts due under this Agreement within (15) days after the due date, the Service Provider may, in addition to any other rights or remedies available to it, suspend the Customer’s access to the SaaS Service until all outstanding amounts are paid in full.

  5. The Service Provider reserves the right to increase the Subscription Fees for any recurring month by providing the Customer with at least (60) days’ prior written notice before the end of the then-current Term.

4. Refunds and Cancellations

a. The Customer may cancel its Subscription at any time before the end of the then-current Term.

b. If the Customer cancels its Subscription before the end of the then-current Term, the Customer shall not be entitled to a refund of any Subscription Fees paid in advance for the remainder of that Term; however, the customer shall have access to the application until the end of the term.

c. If the Service Provider terminates this Agreement for any reason other than the Customer’s breach, the Service Provider shall refund to the Customer a pro-rata portion of any Subscription Fees paid in advance for the remainder of the then-current Term which is applicable for the monthly subscription and only for the first month if the Customer has subscribed to the yearly subscription.

5. Use and Access

  1. User Accounts and Access Controls.

    I. The Service Provider shall make available the then current version of the SaaS Service for use limited to the use by Authorised Users under the Premium Plus Subscription plan and in accordance with the provisions of this Agreement on an external cloud infrastructure provided by the Service Provider’ Partner (hereinafter referred to as “Cloud”) from the time of execution of this Agreement. Registration by the Customer through a Customer generated ID which will be the responsibility of the Customer.

    II. Access to the SaaS Service by Customer shall be browser-based via the Internet.

    III. The Customer shall ensure that each Authorized User keeps their login credentials confidential and does not share them with any unauthorized parties.

    IV. The Customer shall implement and maintain appropriate security measures, including strong passwords and multi-factor authentication, to protect the confidentiality and security of Authorized User accounts and login credentials. Provider is not responsible for the consequences of misuse of user passwords. The Customer shall promptly notify the Service Provider of any unauthorized use or access of the SaaS Service.

    V. Notwithstanding the above, the Service Provider reserves the right to revoke, suspend, or disable any Authorized User account or login credentials if the Service Provider reasonably believes that such account or credentials have been compromised or used in violation of this Agreement.

    VI. Provider shall make storage space available for Customer and Usage Data on a shared virtual server to the extent that this is required for the intended use of the Saas Service. Further details on the scope of services of the storage space and on the storage of Customer Data can be found in the features provided under the Subscription Plan.

    VII. Customer Data shall be stored and be regularly backed-up by Provider throughout the duration of the contractual relationship.

    VIII. The Customer shall not, and shall not permit any third party to: (i) copy, modify, adapt, translate, or create derivative works based on the SaaS Service; (ii) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code or underlying ideas or algorithms of the SaaS Service; (iii) sublicense, rent, lease, or otherwise transfer rights to the SaaS Service; (iv) use the SaaS Service for any illegal or unauthorized purpose; or (v) remove or modify any proprietary notices or markings on the SaaS Service.

6. Technical availability of the Saas Services and Customer Data

a. Service Provider shall make available the SaaS Services as agreed in the SLA. Except as otherwise agreed in a SLA as provided in Schedule II of this Agreement, an availability of 96.5% per annum (calculated with effect from provision of the SaaS Services) shall be deemed agreed.

b. If the Application is not available on account of: (i) planned maintenance work (e.g. for updates and upgrades), (ii) other planned interruptions in operations, (iii) unplanned maintenance work for good cause or for other reasons for which Service Provider is not responsible, such as malfunctions in the field of the provision, operation and support of the Customer’s communications connection, in particular due to a failure in Customer’s Internet connection, then for the purposes of calculating availability, the SaaS Services shall be deemed to have been available during these times.

c. Service Provider shall owe the availability of the functionalities of the Application described in the service description only if the system requirements also regulated therein have been complied with by Customer. Customer shall be solely responsible for compliance with the system requirements

7. Support and Maintenance

  1. The Service Provider shall provide the Customer with Support Services as mentioned below:

    i. The Service Provider shall provide technical support to the Customer for the SaaS Service, including assistance with troubleshooting, issue resolution, and general inquiries related to the use and functionality of the SaaS Service, the details of which are provided in Schedule II of this Agreement.

    ii. The Service Provider shall provide support for Customer via a support centre for all incidents arising in the use of the Saas Services as defined in this Agreement. The support availability is regulated in the SLA. In connection with the support, for each incident an incident ticket shall be created by the Service Provider and be allocated a corresponding error category in accordance with the SLA.

    iii. The User/Customer shall be advised of the status and of its solution at regular intervals until such time as the solution is implemented and the incident is rectified. If, however, the qualification of the incident ticket by the Service Provider shows that the cause of the incident lies in a service or performance by Customer or has other reasons for which Provider is not responsible, then the incident ticket shall be forwarded to the Customer. In this case Customer himself shall be responsible for resolving the problem. If, in this case, the use of the Saas Services is restricted until the fault has been rectified, the Service Provider is not responsible for the resulting consequences and this does not discharge the Customer from paying the agreed remuneration.

    iv. The support, the provisioning and implementation of the SaaS Services updates and the execution thereof shall be effected by the Service Provider as required in accordance with the maintenance regulations for the Saas Services in the SLA provided in Schedule II.

  2. Maintenance and Updates.

    i. Scheduled Maintenance. The Service Provider may perform scheduled maintenance on the SaaS Service from time to time. The Service Provider shall provide the Customer with at least forty-eight (48 hours) prior notice of any scheduled maintenance that may result in downtime or service interruptions.

    ii. Updates and Upgrades. The Service Provider may release updates, upgrades, or new versions of the SaaS Service from time to time. The Service Provider shall provide the Customer with reasonable notice of any updates or upgrades that may require action or cooperation from the Customer.

    iii. Emergency Maintenance. In the event of an emergency or security incident, the Service Provider may perform unscheduled maintenance on the SaaS Service without prior notice to the Customer. The Service Provider shall use commercially reasonable efforts to minimize any service interruptions or downtime during emergency maintenance.

  3. Customer Obligations.

    i. Cooperation and Information. The Customer shall cooperate with the Service Provider and provide all necessary information and access to enable the Service Provider to provide the support and maintenance services set forth in this Agreement.

    ii. Acceptable Use and System Requirements. The Customer shall comply with the Service Provider’s acceptable use policies and system requirements for the SaaS Service, as communicated by the Service Provider from time to time.

    iii. Backups and Data Protection. The Customer acknowledges that the appropriate data backups are managed by a third-Party Cloud Provider and each backup is done every four (4) hours. The Customer agrees that it shall be solely responsible for maintaining a copy of their data or documents atleast four (4) hours. In the event that the Customer fails to maintain a copy of its data for four (4) hours at a minimum and in the event of a service disruption, outage, corruption of data, accidental loss, ransomware or any related event, the Customer acknowledges the risk of data loss and may have to re-enter it into the SaaS Web Application.

    iv. Customer warrants that he and/or his licensors hold all rights to the Customer Data required for the granting of rights under this Agreement and the Customer Data does not violate this Agreement or applicable laws and does not infringe the intellectual property of a third party.

    v. The Customer is responsible for the security of Customer Data.

    vi. Service Provider is entitled to immediately block Customer’s use of the SaaS Services and the storage space if there is justified suspicion that the stored Customer Data is unlawful and/or infringes third-party rights. There is a justified suspicion of unlawfulness and/or of an infringement of rights in particular when courts, authorities and/or other third parties notify the Service Provider thereof. The Service Provider shall then notify Customer of the block, stating the reason for the block. The block shall be removed as soon as the suspicion has been refuted.

  4. Limitations and Exclusions from Support Services.

    i. The support services provided by the Service Provider under this Agreement shall not include support for any customizations, modifications, or third-party integrations made to the SaaS Service by the Customer or any third party without the Service Provider’s prior written consent.

    ii. The Service Provider’s liability for any failure to provide the support and maintenance services set forth in this Agreement shall be limited to the remedies and service credits expressly set forth in this Agreement.

    iii. The Service Provider makes no warranties, express or implied, regarding the support and maintenance services provided under this Agreement, except as expressly set forth in this Agreement. If in the event of a defect notification by Customer, defects in the SaaS Services including the documentation shall be dealt with by the Service Provider within the response times specified in the SLA. In the absence of a specification in the SLA, reasonable reaction times shall apply. The same shall apply with regard to other disruptions of the SaaS Services usability for which the Service Provider is responsible. Any potential damage claims based on defective performance for which the Service Provider is responsible shall be governed by Section 21of this Agreement

  5. Service Performance Reporting and Monitoring.

    i. The Customer shall have access to a dashboard or portal that provides real-time visibility into the service performance and availability of the SaaS Service when the Customer logs in to the Web Application through their registered account

8. Suspension or Termination of Service

  1. The Service Provider may suspend or terminate the Customer’s access to the SaaS Service if: (a) the Customer fails to pay any undisputed Subscription Fees or other amounts due under this Agreement within fifteen (15) days after the due date; (b) the Customer breaches any material term of this Agreement and fails to cure such breach within three (3) days after receiving written notice from the Service Provider; or (c) the Service Provider reasonably believes that the Customer’s use of the SaaS Service poses a security risk to the Service Provider or any other customer of the Service Provider.

  2. Upon any suspension or termination of the Customer’s access to the SaaS Service, the Service Provider shall have no obligation to maintain or provide the Customer with access to any Customer Data or other information stored in the SaaS Service, and the Customer shall be solely responsible for retrieving or exporting any such data or information before the effective date of the suspension or termination.

9. Intellectual Property Rights

The Customer acknowledges and agrees that the SaaS Service and all Intellectual Property Rights therein are and shall remain the exclusive property of the Service Provider or its licensors. Nothing in this Agreement shall be construed as granting the Customer any ownership rights or interest in the SaaS Service or any Intellectual Property Rights therein.

10. Third-Party Components

The SaaS Service may include or incorporate certain third-party software components or services. The Customer’s use of such third-party components shall be subject to any additional terms and conditions imposed by the respective third-party providers.

11. Compliance with Laws

The Customer shall comply with all applicable laws, regulations, and industry standards in its use of the SaaS Service, including but not limited to laws and regulations related to data protection, privacy, and intellectual property rights.

12. Audit Rights

The Service Provider shall have the right, upon reasonable notice and during normal business hours, to audit the Customer’s use of the SaaS Service to ensure compliance with the terms and conditions of this Agreement. The Customer shall cooperate with the Service Provider in conducting such audits and provide access to relevant records and systems.

13. Data Privacy and Security

a. Compliance with Data Protection Laws. The parties shall comply with all applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) in their respective roles as data controller and data processor.

b. Data Processing and Security Measures.

I. If Customer processes personal data, then Customer warrants that he/she is authorized to do so in accordance with applicable data protection regulations, and in the event of any infringement, Customer shall indemnify Service Provider from and against third party claims.

II. The Parties shall comply with the provisions of applicable data protection laws and bind their employees and third-party Vendors based worldwide engaged in connection with this contractual relationship and the execution thereof to data privacy and confidentiality, except to the extent that they are already under a general obligation to act accordingly.

III. If the Customer processes personal data, then the Customer guarantees that he/she is authorized to do so in accordance with the applicable laws and regulations, and that he/she has obtained all necessary consents, authorization and required permissions or has entered into necessary agreements with third parties in a valid manner in order to allow for the Service Provider to perform the tasks hereunder, including any access and processing of personal and other private data of all concerned individuals and/or third parties (e.g. end customers of Customers or Customer employees) which may be subject to special protection under applicable laws.

IV. To the extent the Customer Data is to be processed by the Service Provider is qualified as personal data, such processing by the Service Provider constitutes data processing. If the Service Provider engages any third-Party Vendor the Service Provider shall enter into appropriate data processing agreements with such third parties.

V. The obligations pursuant to the above shall continue to exist as long as Customer Data are in the area of influence of Service Provider.

VI. The Service Provider shall process Customer- related Personal Data only for the purposes of providing the SaaS Service to the Customer and in accordance with the Customer’s documented instructions, unless required to do otherwise by applicable law. The Customer acknowledges and confirms the collection and processing of such personal data to this extent. Its employees will be trained on security and privacy regulations specific to their role within the operation and support of the SaaS Services.

VII. Data Retention and Disposal.
I. The Service Provider shall retain Personal Data only for as long as necessary to provide the SaaS Service or as required by applicable law.

II. Upon termination of this Agreement or upon the Customer’s request, the Service Provider shall securely delete or return all Personal Data to the
Customer, unless otherwise required by applicable law.

VIII. Upon termination of this Agreement, the Service Provider shall, at the Customer’s option and instructions, either securely delete or return all Personal Data to the Customer, and shall certify in writing that it has done so, unless otherwise required by applicable law.

14. Acceptable Use Policy

The Customer is prohibited from doing the following when using the SaaS Services:

a. use the SaaS Service to upload, transmit, or store any illegal, harmful, or infringing content, or engage in any activities that may disrupt or interfere with the SaaS Service or the Service Provider’s systems or networks. The Service Provider reserves the right to suspend or terminate the Customer’s access to the SaaS Service for any violation of this Acceptable Use Policy.

b. use the SaaS Service solely for lawful purposes and in accordance with the terms of this Agreement and any applicable laws and regulations.

c. use the SaaS Service in any way that may cause harm, damage, or disruption to the Service Provider’s systems, networks, or services, or to any third party.

d. Shall not attempt to gain unauthorized access to the SaaS Service, its systems, networks, or data, or to circumvent any security measures implemented by the Service Provider.

e. shall not engage in any data scraping, data mining, or excessive automated access to the SaaS Service without the prior written consent of the Service Provider.

f. shall not utilize robots, spiders, scrapers or other similar data collection or extraction tools, to utilize programs, algorithms or methods to search, access, acquire, copy, or monitor the SaaS Services outside of the documented API endpoints;

g. shall not send Customer Data with viruses, worms, Trojans or other infected or harmful components, or to otherwise interfere in the proper functioning of the SaaS Service;

h. shall not decrypt, decompile, disassemble, reconstruct or to otherwise attempt to discover the source code of the Saas Service, any software or proprietary algorithms used, except as permitted under mandatory applicable laws;

i. shall not test, scan, or examine the vulnerability of the SaaS Service, or

j. to intentionally utilize devices, software or routines which have a disruptive effect on the applications, functions or usability of the SaaS Service or wilfully destroy other data, systems or communications, generate excessive load, or harmfully interfere, fraudulently intercept or capture.

15. Prohibited Activities and Content

a. The Customer shall not upload, transmit, or store any illegal, infringing, defamatory, obscene, or otherwise harmful content through the SaaS Service.

b. The Service Provider reserves the right to remove or disable access to any content that it reasonably believes violates this Agreement or applicable laws and regulations.

c. The Service Provider may suspend or terminate the Customer’s access to the SaaS Service if the Customer engages in any prohibited activities or uploads, transmits, or stores any prohibited content.

16. Monitoring and Auditing

a. The Service Provider may monitor and audit the Customer’s use of the SaaS Service to ensure compliance with this Agreement and applicable laws and regulations.

b. The Customer shall cooperate with the Service Provider’s reasonable requests for information and assistance in connection with any monitoring or auditing activities

17. Compliance with Laws and Regulations

a. The Customer shall comply with all applicable laws and regulations, including but not limited to data protection laws and regulations, in its use of the SaaS Service.

b. The Customer shall cooperate with the Service Provider and provide reasonable assistance in the event of any regulatory inquiries or investigations related to the Customer’s use of the SaaS Service.

18. Suspension and Termination of Access

a. The Service Provider may suspend or terminate the Customer’s access to the SaaS Service, in whole or in part, if Service Provider reasonably determines that:

i. the Customer has breached any provision of this Agreement or engages in any prohibited activities or uploads, transmits, or stores any prohibited content;

ii. the Customer Content and/or the Customer’s use of the SaaS Services

• poses a security risk to the SaaS Services and/or any third party;
• may adversely impact the SaaS Services provided or the systems or Content of any other Customer;
• infringes any applicable law or any third party right;
• may subject the Company, or any third party to liability, or
• may be fraudulent.

iii. the Customer is in breach of this Agreement, by failing to pay any undisputed Subscription Fees or other amounts due under this Agreement, if the Customer violates the Acceptable Use Policy or any other provision of this Agreement

iv. the Customer has ceased to operate in the ordinary course, made an assignment for the benefit of creditors or similar disposition of the Customer’s assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution or similar proceeding

b. The Service Provider shall provide reasonable notice to the Customer before suspending or terminating access, except in cases where immediate suspension or termination is unless due to the seriousness and urgency of the matter Service Provider needs to act immediately and is unable to provide prior notice.

c. Upon suspension or termination of access, the Service Provider shall have no obligation to retain or provide the Customer with any data or information stored or processed through the SaaS Service, unless otherwise required by applicable laws and regulations.

d. The Service Provider shall promptly reinstate the Customer’s access to the SaaS Service upon the Customer’s cure of the applicable breach or resolution of the applicable security risk or harm.

19. Indemnification

a. Indemnification by Service Provider. Subject to Section 21 and as ordered by the Court, the Service Provider shall indemnify, defend, and hold harmless the Customer, its affiliates, and their respective officers, directors, employees, agents, successors, and permitted assigns (collectively, the “Customer Indemnified Parties”) from the Customer and/or any third-party claim which is proven by the Customer such third party, pertaining to the following:

i. Infringement or misappropriation of a third party’s intellectual property rights arising from the Customer’s use of the SaaS Service in accordance with this Agreement;

ii. A violation of applicable laws, rules, or regulations by the Service Provider in connection with the performance of its obligations under this Agreement; or

iii. Any breach of the Service Provider’s representations, warranties, or obligations under this Agreement.

b. Indemnification by Customer. The Customer shall indemnify, defend, and hold harmless the Service Provider, its affiliates, and their respective officers, directors, employees, agents, successors, and permitted assigns (collectively, the “Service Provider Indemnified Parties”) from and against , including but not limited to any claims, penalties, losses, damages, fines, costs, expenses including reasonable attorney fees, arising out of or relating to violation or breach of the provisions of this Agreement and /or any third-party claim alleging:

i. A violation of applicable laws, rules, or regulations by the Customer in connection with its use of the SaaS Service;

ii. Any breach of this Agreement due to the use of Customer Content;

iii. Any breach of the Customer’s representations, warranties, or obligations under this Agreement;

iv. The usage of the SaaS Services by the Customer in a manner in which it infringes or violates any third-party rights;

v. Any claim arising from the Customer’s use of the SaaS Service in a manner not authorized by this Agreement or the Service Provider’s instructions;

vi. the use of Open-Source Software by the Customer;

vii. Any infringement of data protection law respectively applicable or other data protection law relevant stipulations as agreed between the Parties herein or in another context by the Customer or through Customer Content;

viii. any violation of applicable export and re-export control laws and sanctions regulations by the Customer, unless Customer is not responsible for the claim.

c. Indemnification Procedures. The indemnification obligations under this Section 19 are subject to the following procedures:

i. The indemnified party shall promptly notify the indemnifying party in writing of any claim for which indemnification is sought, provided that failure to give such notice shall not relieve the indemnifying party of its indemnification obligations except to the extent that the indemnifying party is materially prejudiced by such failure.

ii. The indemnifying party shall have the sole right to control the defense and settlement of any indemnified claim, provided that the indemnifying party shall not settle any such claim without the indemnified party’s prior written consent (which shall not be unreasonably withheld, conditioned, or delayed), unless such settlement includes a full and unconditional release of the indemnified party from all liability and does not impose any obligations or restrictions on the indemnified party.

iii. The indemnified party shall provide reasonable cooperation and assistance to the indemnifying party in connection with the defense and settlement of any indemnified claim, at the indemnifying party’s expense.

d. Exclusions. The indemnification obligations under this Section 19 shall not apply to the extent that the losses arise from the indemnified party’s gross negligence, wilful misconduct, or violation of applicable laws.

e. Survival. The indemnification obligations under this Section 19 shall survive the termination or expiration of this Agreement.

20. Warranties and Disclaimers

The Service Provider warrants solely to Customer that it will provide the Service in a manner consistent with general industry standards reasonably applicable to the provision thereof, the Service will be available to Customer and Users ninety-eight and five tenths percent (96.5%) of the time twenty-four (24) hours a day and seven (7) days a week, measured over each consecutive calendar month, excluding periods of planned downtime and downtime under normal use and circumstances, the Service will materially conform to Service Provider’s then current applicable Documentation. If Customer notifies Service Provider of a breach of any of the foregoing warranties, Service Provider will correct or modify the Service so that it conforms to the foregoing warranties. Customer’s right to terminate this Agreement in accordance with Section 23and the foregoing constitutes Service Provider’s entire liability and Customer’s sole and exclusive remedy for any breach of these warranties. If Customer opts to terminate this Agreement under Section 23 based on a breach of any these warranties, Customer agrees that Service Provider shall have no further obligation other than as set forth in Section 23 (C).

Disclaimers. EXCEPT FOR THE REPRESENTATIONS AND WARRANTIES SET FORTH IN SECTION 20, SERVICE PROVIDER MAKES NO REPRESENTATIONS OR WARRANTIES WHATSOEVER, EITHER EXPRESS, IMPLIED, OR STATUTORY, WITH REGARD TO THIS AGREEMENT OR THE SERVICES, VENDOR SOFTWARE, VENDOR CONTENT, ANY SERVICES PROVIDED BY SERVICE PROVIDER, THE DOCUMENTATION OR ANY OTHER MATERIALS PROVIDED BY SERVICE PROVIDER, INCLUDING ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. SERVICE PROVIDER DOES NOT GUARANTEE THAT THE SERVICES WILL BE PERFORMED ERROR-FREE OR UNINTERRUPTED, OR THAT VENDOR WILL CORRECT ALL SERVICES ERRORS. CUSTOMER ACKNOWLEDGES THAT’S ERVICE PROVIDER DOES NOT CONTROL THE TRANSFER OF DATA OVER COMMUNICATIONS FACILITIES, INCLUDING THE INTERNET, AND THAT THE SERVICE MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF SUCH COMMUNICATIONS FACILITIES. SERVICE PROVIDER IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS.

21. Limitation of Liability

IN NO EVENT SHALL THE SERVICE PROVIDER’S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE TOTAL SUBSCRIPTION FEES PAID BY THE CUSTOMER TO THE SERVICE PROVIDER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM AND THIS EXCLUDES THE PERIOD OF ONE MONTH OF TRIAL PROVIDED TO THE CUSTOMER AT THE TIME OF REGISTRATION. IN NO EVENT SHALL THE SERVICE PROVIDER BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, LOSS OF PROFITS, LOSS OF BUSINESS OPPORTUNITIES, LOSS OF DATA, OR BUSINESS INTERRUPTION, EVEN IF THE SERVICE PROVIDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

22. Confidentiality

For the purposes of this Agreement, “Confidential Information” means any information, data, or materials, in any form or medium, that is identified as confidential or proprietary, disclosed by one party (the “Disclosing Party”) to the other party (the “Receiving Party”) in connection with this Agreement. Confidential Information shall not include information that: (i) is or becomes publicly available through no fault of the Receiving Party; (ii) was already known to the Receiving Party prior to disclosure by the Disclosing Party, as evidenced by written records; (iii) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; or (iv) is required to be disclosed by law or court order, provided that the Receiving Party gives the Disclosing Party prompt written notice of such requirement and cooperates with the Disclosing Party’s efforts to limit or prevent such disclosure.

The Receiving Party shall: (i) keep the Disclosing Party’s Confidential Information strictly confidential and not disclose it to any third party without the Disclosing Party’s prior written consent; (ii) use the Confidential Information solely for the purposes of this Agreement and not for any other purpose; and (iii) protect the Confidential Information with at least the same degree of care as it uses to protect its own confidential information of a similar nature, but no less than a reasonable degree of care. The Receiving Party may disclose the Disclosing Party’s Confidential Information to its employees, contractors, or advisors who have a need to know such information for the purposes of this Agreement, provided that such individuals are bound by confidentiality obligations no less restrictive than those set forth in this Agreement.

Upon termination of this Agreement or upon written request by the Disclosing Party, the Receiving Party shall promptly return or destroy (at the Disclosing Party’s option) all Confidential Information in its possession or control, including all copies thereof, and provide written certification of such return or destruction. The Receiving Party acknowledges that any breach of its confidentiality obligations may cause irreparable harm to the Disclosing Party, for which monetary damages may be inadequate. In addition to any other remedies available at law or in equity, the Disclosing Party shall be entitled to seek injunctive relief or other equitable remedies to prevent or restrain any breach of this Confidentiality section. The obligations of confidentiality set forth in this section shall survive the termination or expiration of this Agreement.

23. Term and Termination

A. This Agreement shall expire upon the expiration or termination of Customer’s account or subscription to a Service

i. Termination by Customer For Cause. The Customer may terminate this Agreement for cause if the Service Provider commits a material breach of this Agreement and fails to cure such breach within thirty (30) days after receipt of written notice from the Customer describing the breach in reasonable detail.

ii. Termination by Service Provider:

a. For Non-Payment. The Service Provider may terminate this Agreement if the Customer fails to pay any undisputed Subscription Fees or other amounts due under this Agreement immediately after receipt of written notice from the Service Provider regarding such non-payment.

b. For Cause. The Service Provider may terminate this Agreement for cause if the Customer commits a material breach of this Agreement and fails to cure such breach within five (5) days after receipt of written notice from the Service Provider.


B. Termination for Insolvency.  This Agreement may be terminated by either party effective immediately upon written notice to the other party, if the other party takes any corporate action to dissolve, liquidate or wind-up its business, makes a general assignment for the benefit of its creditors, or proceedings or any case are commenced in any court of competent jurisdiction by or against such party seeking: (a) such party’s reorganization, liquidation, dissolution, arrangement or winding-up, or the composition or readjustment of its debts, (b) the appointment of a receiver or trustee for or over such party’s property, or (c) similar relief in respect of such party under any law relating to bankruptcy, insolvency, reorganization, winding-up or composition or adjustment of debt, and such proceedings or case will continue undismissed, or an order with respect to the foregoing will be entered and continue unstayed, for a period of more than thirty (30) days.

C. Effects of Termination.

i. Cessation of Access. Upon termination or expiration of this Agreement, the Customer’s access to and use of the SaaS Service shall immediately cease, and the Customer shall promptly return or destroy all Confidential Information of the Service Provider in its possession or control.

ii. Payment of Outstanding Fees. Upon termination or expiration of this Agreement, the Customer shall promptly pay to the Service Provider all outstanding and unpaid Subscription Fees and other amounts due and payable under this Agreement.

iii. Data Retrieval. Upon termination or expiration of this Agreement, the Service Provider shall, upon the Customer’s written request and payment of any applicable fees, provide the Customer with a copy of the Customer’s data stored in the SaaS Service in a standard file format.

iv. Survival. The provisions of Sections 19 to 23, 25, 26,27 and 28 shall survive the termination or expiration of this Agreement.

24. Suspension of Services

The Service Provider may suspend the Customer’s access to and use of the SaaS Service if (a) the Customer fails to pay any undisputed Subscription Fees or other amounts due under this Agreement (b) the Customer violates the Acceptable Use Policy, or (c) the Service Provider reasonably believes that the Customer’s use of the SaaS Service may pose a security risk or cause harm to the Service Provider or any third party. The Service Provider shall promptly reinstate the Customer’s access to the SaaS Service upon the Customer’s cure of the applicable breach or resolution of the applicable security risk or harm.

25. Intellectual Property

a. The Service Provider owns all right, title, and interest in and to the SaaS Service, including all intellectual property rights therein, including but not limited to all patent, copyright, trademark, trade secret and other proprietary property rights including any modifications, enhancements, or derivative works thereof. The Customer acknowledges and agrees that the SaaS Service and all associated intellectual property rights are the exclusive property of the Service Provider or its licensors, and that the Customer shall not acquire any ownership interest in the SaaS Service or any associated intellectual property rights, except for the limited permissions expressly granted under this Agreement and no rights or licenses shall be deemed or interpreted to be granted or transferred hereunder, whether by implication, estoppel or otherwise. All rights not expressly granted by Service Provider to Customer are hereby reserved to the Service Provider. There are no implied rights.

b. Customer Data and Intellectual Property.

i. The Customer retains all right, title, and interest in and to any data, information, or materials that the Customer uploads, submits, or creates through the SaaS Service (“Customer Data”).

ii. The Service Provider may use and process the Customer Data solely for the purpose of providing the SaaS Service and as otherwise permitted under this Agreement.

c. Third-Party Intellectual Property. The SaaS Service may incorporate or be used in conjunction with third-party software, data, or other materials that are subject to separate third-party terms and conditions. The Customer shall comply with all applicable third-party terms and conditions in connection with its use of the SaaS Service.

26. Force Majeure

“Force Majeure Event” means any event or circumstance beyond the reasonable control of the affected party, including but not limited to acts of God, natural disasters, wars, riots, strikes, epidemics, pandemics, government actions, or other events of a similar nature.  Each Party will use reasonable efforts to mitigate the effect of a force majeure event. If such event continues for more than thirty (30) days, either Service Provider or Customer may cancel unperformed services upon written notice. This Section does not excuse either party’s obligation to take reasonable steps to follow its normal disaster recovery procedures or Customer’s obligation to pay for the services.

27. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of England and Wales. The parties hereby submit to the exclusive jurisdiction of the courts of London for any disputes arising out of or in connection with this Agreement.

28. General Provisions

a. Assignment

Neither party shall assign, transfer, charge, or deal in any other manner with this Agreement or any of its rights and obligations under this Agreement, whether in whole or in part, without the prior written consent of the other party, such consent not to be unreasonably withheld or delayed. Notwithstanding the above, either party may assign or transfer this Agreement or any of its rights and obligations under this Agreement to any successor in interest resulting from a merger, acquisition, or other corporate reorganization, provided that the assigning party shall provide the other party with prompt prior written notice of such assignment or transfer.

b. Notices and Communication

Any notice or other communication required or permitted to be given under this Agreement shall be in writing and shall be delivered by hand, sent by registered mail or courier, or transmitted by email to the addresses or email addresses of the parties set forth in this Agreement or such other address or email address as may be designated by a party in writing from time to time.

Notices or communications shall be deemed to have been received: (a) if delivered by hand, upon delivery; (b) if sent by registered mail or courier, on the fifth business day after posting; or (c) if transmitted by email, upon receipt of a delivery confirmation or read receipt.

c. Severability and Waiver

If any provision of this Agreement is held to be invalid, illegal, or unenforceable, such provision shall be severed from this Agreement, and the remaining provisions shall remain in full force and effect.

The failure of either party to enforce any provision of this Agreement shall not be construed as a waiver of such provision or the right to enforce it at any time.

d. Entire Agreement and Amendments

This Agreement, including any schedules or exhibits attached hereto, constitutes the entire agreement between the parties and supersedes all prior agreements, representations, or understandings, whether written or oral, relating to the subject matter hereof.

No amendment or modification of this Agreement shall be valid or binding unless made in writing and signed by authorized representatives of both parties.

e. Relationship of the Parties

The parties are independent contractors, and nothing in this Agreement shall be construed as creating a partnership, joint venture, agency, or employment relationship between the parties.

Neither party shall have the authority to bind or commit the other party in any way, nor shall either party hold itself out as having such authority.

f. Third-Party Rights

No person who is not a party to this Agreement will have any right to enforce it pursuant to the Contracts (Rights of Third Parties) Act 1999.

Schedule 1

Service Description

The Service Provider offers the Premium Plus Subscription plans for the SaaS Service:

Premium Plus Plan: The Premium Plus Plan is designed for ISO 27001 compliance for expanding enterprises

Core Features and Functionality. All subscription plans include the following core features and functionality:

Minimum Five users, ISO Requirements defined, ability to map enterprise controls against requirements, manage Exceptions, provision of Shared Virtual Server and provision of Priority support to the Customer.

Dedicated server with the below configuration will be provided and any enhancement to the servers will be charged separately.

1. Bitdefender Security

2. Server Configuration:

Plan-Specific Features and Functionality.

ISO 27001 compliance for expanding enterprises at ISO 27001 compliance for expanding enterprises at USD $35/month exclusive of VAT (Only in the U.K) or any other applicable taxes for the monthly subscription premium plus plan and USD $420/year for the annual subscription plan exclusive of VAT (Only in the U.K)   or any applicable taxes.

Usage Limits and Restrictions.

Premium Plus Plan: Minimum five users for this plan.

Schedule II

Service Level Agreement

Service Level Commitments.

Premium Plus Plan:  

This Service Level Agreement governs the provision on service levels, Availability, Maintenance Work, the availability of support, Incident Management and service reviews and reporting of Albert ISO27001 (“Application/SaaS Services”).

  1. Definitions

    1.1. Availability means that the Customer can execute and use the essential functions of the Application at the Handover Point as defined in the SaaS Agreement.

    1.2. SaaS Agreement means the SaaS agreement executed between the Customer and the Provider regarding the provision of the Application by the Service Provider and use of the Application by the Customer.

    1.3. Downtime means the total number of [minutes | hours] in which the essential functions of the Application as defined in the SaaS Agreement are not available for use by the Customer during the System Runtime.

    1.4. Handover Point are the internet hubs of Provider’s data center.

    1.5. Incident means any impairment on the SaaS Services, such as Downtimes, errors or a reduction of quality.

    1.6. Incident Management means the processing of Incidents.

    1.7. Incident Priority means the severity of the Incident.

    1.8. Response Time means the period of time to start working on a reported Incident by the Customer.

    1.9. Maintenance Work means all maintenance activities required to keep the SaaS Services running, to eliminate errors in the Application, to backup data and/or activities required to enhance, enlarge or renew functionalities to ensure that the Application can be used in accordance with the Contract.

    1.10. SLA means this Service Level Agreement.

    1.11. System Runtime means the time in which the system must be ready for operation.

  2. General Provisions

    2.1. This SLA sets forth the Availability of the Application and supporting services.

    2.2. This SLA is only valid in conjunction with the SaaS Agreement and shall not take effect until Customer and Service Provider have executed the SaaS Agreement.

    2.3. All obligations of the Service Provider in this SLA only apply to the Application as made available to the Customer at the Handover Point. Service Provider is not responsible for data transmission from the Handover Point to the Customer and/or in the area of Customer’s IT system.

  3. Availability and Service Credits

    3.1. The Service Provider shall provide the Application at the Handover Point during the System Runtime with the Availability as specified below:
System Runtime24×7 / 365 days / Mo-Fri
Availability97.5 %


3.2. The Service Provider is not required to make the Application available for use outside of the before mentioned System Runtime and scheduled Maintenance Work according to Section 6. If the Application is available outside the System Runtime and in case of scheduled Maintenance Work according to Section 6, the use of the Application is at risk of Customer. Customer accepts that outside of the System Runtime and in case of scheduled Maintenance Work the use of the Application might be limited regarding functionalities or performance and/or that the Application shall be switched off or restarted without notice. If the Application is made available outside of the System Runtime and in case of scheduled Maintenance and there is a reduction in the functions or functionality of the Application or a reduction of the Availability, Customer shall have no claim for breach of warranty or be entitled to any compensation.

3.3. The Availability of the Application is calculated according to the following formula as the percentage proportion of time in the course of a [calendar month] during the System Runtime.

3.4. When calculating the Availability, Downtimes for which the Service Provider is not responsible, are considered as available times. These Downtimes include the following:

a) Downtimes due to scheduled or unscheduled Maintenance Work as defined Section 6;

b) Downtimes due to Maintenance Work agreed with the Customer in advance;

c) Downtimes due to operational disruptions caused by a force majeure event or other unavoidable events beyond Provider’s control, which could not be averted with reasonable effort, which could not have been foreseen even when exercising with due care, and which make Service Provider’s obligations under this SLA considerably more difficult or completely or partially impossible, such as strikes, lockouts, exceptional weather conditions, power outages, operational or traffic disruptions and transport obstructions and which discharge Service Provider from its obligations under this SLA for the duration of such an event;

d) Downtimes due to virus or hacker attacks, unless the Service Provider has not taken the reasonable protective measures;

e) Downtimes due to interruptions caused by the Customer;

f) Downtimes due to software errors in Customer’s applications or due to errors in the system and system-related software caused by Customer’s applications or data;

g) Downtimes due to interruptions of third parties for which the Service Provider is not responsible.

3.5. The Customer shall report any impairment on the Availability of the Application to the Provider in accordance with Section 5.

3.6. Service Credits

If the Service Provider is responsible for a failure to meet the agreed Availability according to Section 3.1, Customer may claim Service Credits in the amount described below:

AvailabilityService Credit in %
97.5%2
92.5%5
87.5%10
82.5%30
  1. To claim Service Credits under this Section 3.6, Customer must submit a written notice to Provider within fifteen (15) business days after the end of the calendar month in which the Provider did not meet the Availability as provided in Section 5. Service Provider reserves the right to deny the service credit if the Customer does not qualify taking into consideration the downtimes listed in Section 3.4 in this SLA. The service credit remedy set forth in this Service Level Schedule is the Customer’s sole and exclusive remedy for the unavailability of the Service Providers SaaS Service. If Customer fails to provide such written notice as provided above, such claim is deemed to be time barred and Service Provider shall have no obligations.

4. Support

4.1. Operating times of first-level support

Business DaysSunMonTueWedThuFriSat
Operating TimesHoliday7:00 BST – 18:00 BST7:00 BST – 18:00 BST7:00 BST – 18:00 BST7:00 BST – 18:00 BST7:00 BST – 18:00 BSTHoliday
LanguageEnglishEnglishEnglishEnglishEnglishEnglishEnglish

4.2. First-level support comprises the following:

a. The Customer shall send their incident details through their registered account to the email provided for support available on the SaaS Web application, only during the support hours mentioned above. A service desk for receiving Incident reports from Customer prioritizing Incident reports according to the urgency of the Incident, analyzing and isolating the Incident, and forwarding the Incident to the second-level support, if the Incident cannot be solved by the first-level support;

b. Coordination between first- and second-level support;

c. Check the Incident resolution and delivery to the Customer provided by second-level support.

4.3. Only the following persons shall contact the first-level-support: Only Registered users have access to raise a support request.

4.4. Operating times of second-level-support.

Business DaysSunMonTueWedThuFriSat
Operating TimesHoliday9:00 BST – 17:00 BST9:00 BST – 17:00 BST9:00 BST – 17:00 BST9:00 BST – 17:00 BST9:00 BST – 17:00 BSTHoliday

4.5. The second-level-support is responsible for the solution of Incidents reported by the Customer according to Section 5. The activation of the second-level-support is always carried out by first-level-support.

4.6. All times are based on UTC time valid in the United Kingdom.

5. Incident Management

5.1. Incident Management shall comprise all the activities between the Customer and the Service Provider associated with the notification and management of Incidents until resolution.

5.2. Incident Priority
a. All Incidents within the Application shall be assigned an Incident Priority which shall determine the target Response Time.

Incident PriorityDescriptionResponse Time
1 CriticalThere is an Incident Priority 1 if the use of the Application or major parts of the Application is completely unavailable or severely restricted for instance due to malfunctions, false work results or response times.Eight (8) working hours
2 MajorThere is an Incident Priority 2 if, although the use of the Application is not unavailable or severely restricted, for instance due to malfunctions, false work results or response times, the use is subject to restriction(s) which is (are) material. One (1) working day
3 MinorThere is an Incident Priority 3 if the use of the Application is not directly and/or significantly/considerably impaired, such as an instance that basic settings which are unfavourably defined or without “nice-to-have” functions.Three (3) working days
4 NonThere is an Incident Priority 4 if there is no limitation of the use of the Application functionalities; e.g. minor flaws, questions or requests for improvement by the Customer.five (5) working days

b) The Service Provider shall, in its sole discretion, prioritize Incidents taking into account the definitions included in the table above.

5.3. Process

a. Customer shall immediately notify the Service Provider of all Incidents.

b. All Incidents must be communicated to the Provider via eMail. In case of an Incident Priority 1, Customer shall also contact the service hotline of first-level-support.

c. The Customer shall ensure that when the Incident is reported, the Incident reporting must include the following required information:

(1) Description of the Incident;
(2) Functionality of the Application affected;
(3) Environment affected;
(4) Gateways affected;
(5) Date and time when the Incident occurred;
(6) Incident Priority;
(7) The action(s) which the Customer has already taken to remedy the Incident and any results from the action to remedy the Incident taken by the Customer.

d. Once the Customer provides all required information, the resolution process shall start and the first feedback after receipt of the Incident report shall be given according to the Response Time in relation to the Incident Priority according to Section 5.2.

e. The Service Provider shall notify the Customer upon Incident closure.

f. Incident processing shall be performed during the business days and operating times as defined in Section 5.

6. Maintenance Work

6.1. The Service Provider has the right to interrupt the provision of the Application for Maintenance Work.

6.2. The Service Provider shall plan Maintenance Work to minimize the interruption of the use of the Application, so that the use of the Application by the Customer is affected as little as possible.

6.3. Alternative 1: Service Provider shall use the following maintenance windows for Maintenance Work.

 SunMonTueWedThuFriSat
Maintenance Window9:00 BST – 17:00 BST5:00 BST – 7:00 BSTXX:XX – XX:XX5:00 BST – 7:00 BSTXX:XX – XX:XX5:00 BST – 7:00 BST9:00 BST – 17:00 BST
Major Upgrades9:00 BST – 17:00 BSTXX:XX – XX:XXXX:XX – XX:XXXX:XX – XX:XXXX:XX – XX:XXXX:XX – XX:XX9:00 BST – 17:00 BST
Data BackupsEvery 4 hoursEvery 4 hoursEvery 4 hoursEvery 4 hoursEvery 4 hoursEvery 4 hoursEvery 4 hours

6.4. The Provider is also permitted to conduct unscheduled Maintenance Work on the Application for important reasons, e. g. if the Application operation is jeopardized. This includes but is not limited to emergency changes, e. g. the implementation of security patches, which are necessary for securing and maintaining operations and require immediate implementation. The Customer must be notified hereof without undue delay and the unscheduled Maintenance Work must be carried out in such a way as to minimize malfunctions in operational processes as far as possible.

6.5. All times are based on UTC London time.

7. Service Level Reviews and Reporting

7.1. The Service Provider shall provide the Customer with the following values in a monthly report available on the dashboard on the SaaS Web Application:

a. Availability of the Application;
b. Maintenance Work conducted;
c. Number of Incidents broken down by Incident Priority;

7.2. The monthly report does not encompass non-productive, free and/or try-out versions of the Application, integration or test systems. Such reports are not incorporated in the service level review.

8. Miscellaneous

The provisions of the SaaS Agreement shall remain in full force and effect.