ContractZen General Terms and Conditions

These ContractZen General Terms and Conditions (“Agreement”) between Customer and ContractZen (a Finnish company with a business ID 2642898-8, “ContractZen”) set forth the terms and conditions for the use of the ContractZen Service.

IT IS IMPORTANT THAT YOU READ AND UNDERSTAND THE FOLLOWING TERMS AND CONDITIONS. BY REGISTERING WITH THE CONTRACTZEN SERVICE, INCLUDING BOTH PAID SUBSCRIPTIONS AND FREE TRIALS, AND/OR BY CLICKING AN “I ACCEPT” BUTTON OR BY OTHERWISE ENTERING INTO THIS AGREEMENT YOU CONFIRM THAT YOU HAVE READ AND UNDERSTOOD THE TERMS AND CONDITIONS SET OUT BELOW AND THAT YOU AGREE, AND YOU ARE AUTHORIZED, TO BIND CUSTOMER BY THIS AGREEMENT. If you do not accept or understand this Agreement, please do not use or access the ContractZen Service.

Any referral to “Agreement” shall include these ContractZen General Terms and Conditions and the documents referred to herein. In addition to these General Terms and Conditions, you agree to abide by any supplemental policies, procedures or operating rules of the ContractZen Service, such as any usage restrictions and usage limits, that may be published from time to time on the ContractZen Service, each of which is incorporated herein by reference.

If you wish to have a permanent copy of these General Terms and Conditions, please make a local copy of these terms, or contact ContractZen for a PDF copy.

  1. DEFINITIONS

    As used in the Agreement, capitalized terms shall have the meanings ascribed to such terms in the following:

    “Customer”
    shall mean the entity having subscribed to or purchased the ContractZen Service, including any “free trial” version thereof
    “Customer Data”
    shall mean any and all Customer’s data that Customer, a Designated User or another party acting on Customer’s behalf processes, stores, generates in or submits to the ContractZen Service. Customer Data may include personal data.
    “Designated Users”
    shall mean those employees, managers, service providers, consultants, contractors and agents or other persons designated by Customer who are entitled to use the ContractZen Service under this Agreement.
    “Intellectual Property Rights”
    shall mean copyrights and other similar rights and related rights (including database and catalogue rights), patents, utility models, trademarks, trade secrets, know-how and any other form of registered or unregistered intellectual property rights as well as any applications for any of the foregoing.
    “ContractZen Service”
    shall mean the proprietary ContractZen cloud service in the form provided by ContractZen from time to time and which may be accessed and/or used either via web browser or via a mobile application.
    “Party”
    shall mean Customer or ContractZen (jointly the “Parties”).
    In this Agreement the terms “controller”, “processor”, “personal data” and “processing” shall have the same meanings as set out in the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”) and shall be construed accordingly.

  2. CONTRACTZEN SERVICE

    1. Upon the subscription of the ContractZen Service by Customer, ContractZen grants to Customer’s Designated User(s), subject to the terms and conditions of this Agreement and the payment of the fees set out in the Agreement or in ContractZen’s price list in force from time to time, a limited, non-exclusive and non-transferrable license to access and use the ContractZen Service as it is made available by ContractZen from time to time solely for Customer’s internal use during the term of this Agreement.
    2. Unless otherwise expressly agreed, a separate subscription to the ContractZen Service is required for each Designated User. User credentials are personal to each Designated User and the use of ContractZen Service is not allowed by anyone other than the Designated User to whom ContractZen has granted the user credentials. For the avoidance of any doubt, if two persons from Customer organization wish to access the ContractZen Service, two separate subscriptions are required.
    3. Customer shall not on the basis of this Agreement have any rights to modify, decompile, reverse engineer, access the source code of or transfer, assign, sublicense or distribute the ContractZen Service.
    4. All Intellectual Property Rights in and to the ContractZen Service are and shall at all times remain the sole and exclusive property of ContractZen and/or any relevant third parties. The ContractZen Service is licensed, not sold, to Customer and Customer does not acquire any rights of ownership in the ContractZen Service. Nothing in this Agreement shall constitute a transfer of any Intellectual Property Rights of ContractZen or any third party to Customer. All rights not expressly granted to Customer shall be retained by ContractZen.
    5. Customer is responsible for acquiring any and all network, internet and telecommunications connections and all technical equipment required for using the ContractZen Service.
    6. ContractZen may at any time suspend the delivery of the ContractZen Service without any separate notice in case of default of any payment of the fees by Customer, which suspension does not for clarity relieve Customer from its payment obligations during such suspension. For clarity, ContractZen may also at its discretion and any time choose to terminate the Agreement in accordance with Section 13 in case of a payment default by Customer.

  3. SUPPORT

    1. Customer and ContractZen may separately agree on setup, support, onsite support, consultancy and training services related to the use of the ContractZen Service and the prices applicable to such support services.

  4. CHANGES TO THE CONTRACTZEN SERVICE

    1. ContractZen may, from time to time, at its sole discretion, modify and/or update the ContractZen Service or a part thereof. If such changes of the ContractZen Service require changes to be made to Customer’s equipment or software, ContractZen shall notify Customer of all such necessary changes at least one (1) month prior to implementing such changes to the ContractZen Service. Customer is responsible for carrying out such changes to its equipment or software at its own expense. This Agreement will automatically apply to all updates, modifications or amendments to the ContractZen Service.

  5. CUSTOMER DATA AND PROCESSING OF PERSONAL DATA

    1. The provision of the ContractZen Service to Customer may require ContractZen to process personal data included in Customer Data on behalf of Customer. In connection with such processing, Customer shall act as controller and ContractZen shall act as processor. The terms and conditions governing ContractZen’s processing of personal data on behalf of Customer are set out in the Data Processing Appendix attached hereto as Appendix 1, which forms an integral part of this Agreement.
    2. ContractZen explains how it may process personal data as a controller in the ContractZen Privacy Policy, available at https://my.contractzen.com/privacy. The ContractZen Privacy Policy is not a part of this Agreement.
    3. ContractZen uses Azure automated backup capabilities and geo-redundancies to back-up Customer Data as part of the ContractZen Service. However, ContractZen does not guarantee availability of back-up functionality or back-up copies in all cases, and Customer shall be solely responsible for making backup copies of Customer Data. In the event of any loss of or damage to Customer Data, ContractZen’s sole and exclusive remedy shall be for ContractZen to use reasonable commercial efforts to restore the lost, altered or damaged Customer Data from the latest back-up of such Customer Data maintained by ContractZen or its subcontractor.
    4. Customer is solely responsible for the legality, accuracy and non-infringing nature of its Customer Data and of the means by which it acquired any personal data included in its Customer Data. Customer warrants that Customer has acquired and shall acquire any and all necessary consents from or has informed or shall inform its employees and subcontractors and other concerned data subjects, and has made and shall make any possibly required notifications to any relevant data protection authorities required in order for the Parties to legally process personal data for the purposes set forth herein in accordance with the requirements set out by applicable law. Customer shall remain fully responsible and liable for having duly complied with its statutory obligations. Customer acknowledges and agrees that it is the responsibility of Customer to ensure that Customer’s use of the ContractZen Service complies with laws and regulations to which Customer is subject.
    5. Customer understands that Customer Data may be stored on Microsoft Azure and thus subject to Microsoft Azure international and industry-specific data security standards. Customer agrees that such measures are appropriate for the purposes of processing Customer Data under this Agreement. Customer is responsible for having and maintaining appropriate data security safeguards for its own data systems and communications networks. ContractZen shall not be deemed responsible for data security of or any disturbance in Customer’s data systems or communications networks nor general communications network nor for any other impediment affecting the security of Customer Data beyond ContractZen’s control nor for any damage resulting therefrom.
    6. Customer agrees not to submit to the ContractZen Service or use the ContractZen Service to collect, store or process, including not to, directly or indirectly, submit, store, process or include as part of Customer Data, any of the following types of sensitive data (a) Protected Health Information (as defined in the U.S. Health Insurance Portability and Accountability Act of 1996 and regulations thereunder, as amended, “HIPAA”) or similar information under other comparable laws or regulations (such as special categories of personal data under Article 9 GDPR), or (b) financial account numbers (including without limitation credit or debit card numbers, or any related security codes or passwords, bank account information, or Non-Public Information (as defined in the Gramm-Leach-Bliley Act of 1999, as amended, “GLBA”) or similar information under other comparable laws or regulations. Customer understands and acknowledges that the ContractZen Service is not configured to receive and store the types of sensitive data listed above.
    7. Customer retains the title and all Intellectual Property Rights in and to Customer Data. Customer hereby grants ContractZen a non-exclusive, sub-licensable, transferrable, worldwide, royalty-free license and permission to use, copy, process, store, modify and otherwise exploit Customer Data for the sole purpose of providing the ContractZen Service to Customer.
    8. Notwithstanding what is stated elsewhere in this Agreement, Customer agrees that ContractZen may process Service usage data and Customer Data to create and compile anonymized, aggregated datasets and/or statistics, provided that such aggregated datasets do not allow the identification of Customer or individual users.
    9. Customer undertakes without delay to inform ContractZen of any matters that are of relevance for ContractZen to fulfil its obligations related to the processing of personal data on behalf of Customer. For the avoidance of doubt it is hereby stated that ContractZen shall not in any way be responsible or liable towards Customer, data subjects or third parties for any damages or claims arising from failure of Customer in fulfilling the foregoing duty to inform or from failure of Customer in fulfilling its statutory obligations.

      Customer understands that the personal data may be stored on Microsoft Azure. Should Customer wish to extend the audit to Microsoft Azure, such audit shall be subject to Microsoft Azure terms and conditions.

  6. GENERAL RIGHTS AND RESPONSIBILITIES OF CUSTOMER

    1. The person signing or otherwise accepting the Agreement represents that it has the authority to bind Customer organization to this Agreement.
    2. Customer must:

      (i) maintain confidential and secure all identifying codes, passwords and any other confidential information relating to the ContractZen Service and the provision thereof and ensure that all Designated Users comply with the obligations set out herein. Customer shall be liable for the actions of the Designated Users as of its own actions;

      (ii) immediately inform ContractZen regarding any threats or suspected threats against the security of the ContractZen Service and of any unauthorized disclosure of confidential information or personal data related to the ContractZen Service;

      (iii) prevent unauthorized access to or use of the ContractZen Service, and notify ContractZen promptly of any such unauthorized access or use; and

      (iv) use the ContractZen Service only in accordance with this Agreement, applicable laws and government regulations.

    3. Customer warrants that Customer will not:

      (i) make the ContractZen Service available to anyone other than Designated Users;

      (ii) sell, resell, license, sublicense, distribute, rent or lease the ContractZen Service;

      (iii) use the ContractZen Service to store or transmit infringing, libellous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights;

      (iv) use the ContractZen Service to store or transmit malicious code;

      (v) interfere with or disrupt the integrity or performance of the ContractZen Service or third-party data contained therein;

      (vi) attempt to gain unauthorized access to the ContractZen Service or its related systems or networks;

      (vii) permit direct or indirect access to or use of the ContractZen Service in a way that circumvents a contractual usage limit;

      (viii) copy the ContractZen Service or any part, feature, function or user interface thereof, or create derivative works of the ContractZen Service or any part, feature, function or user interface thereof;

      (ix) modify, translate, decompile, bootleg, disassemble, or extract the inner workings of any software constituting part of the ContractZen Service, or otherwise attempt to discover the source code of any such software;

      (x) copy the look-and-feel or functionality of the ContractZen Service; or

      (xi) use any automated system, including without limitation, “robots,” “spiders,” “offline readers,” etc., in connection with the ContractZen Service.

      Customer agrees that ContractZen may terminate Customer’s access to the ContractZen Service immediately, if Customer is found to be in violation of this Section 6.3.

  7. AI FEATURES

    1. The ContractZen Service includes artificial intelligence-assisted features (the “AI Features”) that allow Designated Users, for example, to hold a conversation with artificial intelligence about a document they upload to the ContractZen Service and to compare documents.
    2. Customer agrees that when Designated Users use the AI Features, ContractZen and its AI Features’ service providers may process the prompts entered, files uploaded for the relevant interaction and the outputs provided by the AI Features. Such prompts, uploaded files and AI outputs are not used to train artificial intelligence models.
    3. Files uploaded in connection with the use of AI Features are generally stored only for the duration of the interaction with the AI Feature and are deleted afterwards. Customer acknowledges and accepts that Microsoft and other service providers used from time to time provide the AI Features and process prompts and outputs in accordance with their own terms applicable from time to time, for example to detect and prevent misuse of the service provider’s service.
    4. The AI Features assist the Designated User and do not make automated decisions that produce legal or similarly significant effects concerning the Designated User within the meaning of Article 22 of the GDPR.

  8. FEES AND PAYMENT

    1. As a compensation for the use of the ContractZen Service, Customer shall pay ContractZen the fees set forth in ContractZen’s price list in force from time to time. Unless otherwise agreed, ContractZen shall charge fees monthly or annually as agreed by the Parties. Late payment interest for due but unpaid amounts shall be calculated in accordance with the Finnish Interest Act (633/1982, as amended).
    2. All fees and prices set out in this Agreement are net amounts and exclusive of any value-added taxes, sales or use taxes and any other taxes or levies.
    3. Except as otherwise expressly specified herein, payment obligations are non-cancellable and fees paid are non-refundable.
    4. ContractZen shall have the right to adjust the fees and prices for the ContractZen Service from time to time. A change in the pricing for the ContractZen Service shall be notified by ContractZen to Customer in writing at least three (3) months prior to such change taking effect. If Customer does not accept the price amendment, Customer shall have the right to terminate the Agreement as of the effective date of the price amendment by a written notice to ContractZen which notice shall be issued at least thirty (30) days prior to the effective date of the price amendment. Any price list changes shall not apply to such subscriptions to the ContractZen Service that have already been paid for by Customer (for the avoidance of doubt, the changed price list shall be applied to any renewals of such ContractZen Service subscriptions). If Customer does not issue a termination notice as set out above, the price amendment shall be deemed to be approved by Customer.

  9. INDEMNIFICATION BY CUSTOMER

    1. Customer shall indemnify, defend and hold ContractZen harmless with respect to any and all liability, loss or damage in connection with any third party claim, demand or judgment (including but not limited to claims related to Customer Data) arising out of or relating to Customer’s use of the ContractZen Service or Customer’s breach of this Agreement.

  10. NO WARRANTY

    1. THE CONTRACTZEN SERVICE SHALL BE PROVIDED ON AN “AS IS” BASIS. CONTRACTZEN MAKES NO REPRESENTATIONS, WARRANTIES OR GUARANTEES REGARDING THE CONTRACTZEN SERVICE AND DISCLAIMS ALL IMPLIED AND EXPRESS WARRANTIES AND REPRESENTATIONS, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, PERFORMANCE, OR SUITABILITY; OR ANY WARRANTY CONCERNING THE RESULTS TO BE OBTAINED FROM THE CONTRACTZEN SERVICE. CUSTOMER IS SOLELY RESPONSIBLE FOR ENSURING THAT THE CONTRACTZEN SERVICE IS SUITABLE FOR THE PURPOSES FOR WHICH CUSTOMER INTENDS TO USE IT.
    2. CONTRACTZEN DOES NOT WARRANT THAT THE CONTRACTZEN SERVICE WILL MEET OR FULFIL CUSTOMER’S REQUIREMENTS, EXPECTATIONS OR PURPOSES OF USE, OR THAT THE CONTRACTZEN SERVICE WILL BE FREE OF DEFECTS OR ERRORS OR INTERRUPTIONS. CONTRACTZEN SHALL HAVE NO RESPONSIBILITY (OR RELATED LIABILITY) FOR BACKING UP CUSTOMER DATA OR ANY INFORMATION THAT CUSTOMER PROVIDES TO CONTRACTZEN. FOR THE AVOIDANCE OF DOUBT, CONTRACTZEN DOES NOT WARRANT THE CONTINUED AVAILABILITY OF THE CONTRACTZEN SERVICE AND IT SHALL NOT BE LIABLE TO COMPENSATE CUSTOMER ANY DOWNTIME OF THE CONTRACTZEN SERVICE. TO THE EXTENT PERMITTED BY COMPELLING APPLICABLE LAW CONTRACTZEN DOES NOT WARRANT THAT CUSTOMER DATA WILL BE PROTECTED AGAINST LOSS, MISUSE, OR ALTERATION BY THIRD PARTIES.

  11. LIMITATION OF LIABILITY

    1. EXCEPT FOR CUSTOMER’S INDEMNIFICATION OBLIGATIONS HEREUNDER OR CUSTOMER’S BREACH OF ANY INTELLECTUAL PROPERTY RIGHTS, CONFIDENTIALITY OBLIGATIONS AND/OR PROPRIETARY INTERESTS RELATING TO THE AGREEMENT, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES RESULTING FROM THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS OR BUSINESS OR DAMAGE OR LOSS CAUSED AS A RESULT OF INTERRUPTIONS IN BUSINESS.
    2. TO THE EXTENT PERMITTED BY COMPELLING APPLICABLE LAW CONTRACTZEN SHALL NOT BE LIABLE FOR THE DESTRUCTION OR LOSS OF CUSTOMER DATA, NOR FOR ANY DAMAGES AND EXPENSES INCURRED TO CUSTOMER AS A RESULT. CONTRACTZEN SHALL NOT IN ANY WAY BE LIABLE FOR CUSTOMER’S OWN USE OF THE CONTRACTZEN SERVICE OR ANY DAMAGES OR LOSSES RESULTING THEREOF. CONTRACTZEN SHALL HAVE NO LIABILITY ARISING OUT OF ANY UNAVAILABILITY OF THE CONTRACTZEN SERVICE.
    3. CONTRACTZEN ACCEPTS NO LIABILITY WHATSOEVER FOR ANY PROBLEMS CAUSED BY NETWORK CONNECTIONS OR ELECTRICITY SUPPLY, OR ANY OTHER PROBLEMS RELATING TO ANY SERVICE OR PRODUCT PROVIDED BY ANY THIRD PARTY SERVICE PROVIDER.
    4. CUSTOMER ACKNOWLEDGES THAT THE AI FEATURES MAY, BY THEIR NATURE, GENERATE OUTPUTS THAT ARE INACCURATE, INCOMPLETE OR MISLEADING. CONTRACTZEN ACCEPTS NO LIABILITY WHATSOEVER FOR ANY DAMAGE CAUSED BY THE AI FEATURES, OR CUSTOMER’S USAGE OF AI FEATURES, INCLUDING, WITHOUT LIMITATION, INACCURATE, INCOMPLETE OR MISLEADING OUTPUTS BY THE AI FEATURES.
    5. CONTRACTZEN’S AGGREGATE MAXIMUM LIABILITY FOR ANY DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED FIFTY (50) PER CENT OF THE FEES ACTUALLY PAID BY CUSTOMER TO CONTRACTZEN FOR THE CONTRACTZEN SERVICE DURING THE LAST SIX (6) MONTHS IMMEDIATELY PRECEDING THE RECEIPT OF THE CLAIM FOR DAMAGES.
    6. THE LIMITATIONS SET FORTH IN THIS SECTION 11 WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
    7. NOTWITHSTANDING THE ABOVE IN THIS SECTION 11, NEITHER PARTY SEEKS TO EXCLUDE OR RESTRICT ITS LIABILITY FOR ANY MATTER IN RESPECT OF WHICH, BY LAW, IT IS NOT PERMITTED TO RESTRICT ITS LIABILITY, SUCH AS LIABILITY FOR DAMAGE CAUSED BY GROSS NEGLIGENCE OR INTENT.

  12. CONFIDENTIALITY

    1. The Parties each undertake and agree to keep confidential the other Party’s confidential information including but not limited to technical, financial and commercial information (hereinafter referred to as “Confidential Information”), unless such Confidential Information is required to be disclosed in order to comply with the obligations set out in this Agreement. The Parties are also required to ensure that those of their employees and subcontractors who have access to the information, are bound by a similar confidentiality obligation.
    2. The obligations set forth herein regarding Confidential Information shall not apply to information which is:

      (i) in the public domain other than by a breach of this Agreement on the part of the receiving Party;

      (ii) rightfully received from a third party not bound by any obligation of confidentiality;

      (iii) rightfully known to the receiving Party, as shown by the records of the receiving Party; or

      (iv) required to be disclosed by law or an authority decision or by a court of competent jurisdiction.

  13. TERM AND TERMINATION

    1. This Agreement commences on the date Customer first accepts it and continues until the purchased subscription to use the ContractZen Service hereunder has expired or has been terminated.
    2. Unless otherwise agreed, the term of the subscription is one (1) year. The purchased subscription will automatically renew for an additional period equal to the expiring subscription term or one (1) calendar year (whichever is shorter), unless either Party gives the other notice of termination at least fourteen (14) calendar days before the end of the subscription term.
    3. ContractZen may from time to time enable “free trial” to use the ContractZen Service. If Customer registers for a free trial, the license to access and use the ContractZen Service will terminate at the end of the free trial period unless Customer purchases a subscription to the ContractZen Service prior to the expiry date. ANY DATA ENTERED INTO THE CONTRACTZEN SERVICE MAY BE PERMANENTLY DELETED UPON THE EXPIRATION OF THE FREE TRIAL UNLESS CUSTOMER PURCHASES A SUBSCRIPTION TO THE SAME SERVICES AS THOSE COVERED BY THE TRIAL BEFORE THE END OF THE TRIAL PERIOD.
    4. ContractZen may upon Customer’s request provide reasonable termination assistance for a maximum of one (1) month after the termination of this Agreement, such termination assistance being assistance in the transfer of Customer Data from the ContractZen Service to a new service substituting the ContractZen Service. ContractZen shall have the right to charge Customer for the termination assistance in accordance with ContractZen’s price list in force from time to time. Customer shall reimburse any and all out-of-pocket expenses of ContractZen related to termination assistance. This Section 13.4 does not apply to free trials.
    5. A Party may terminate this Agreement with immediate effect if the other Party materially breaches the provisions of this Agreement and fails to correct the breach within fourteen (14) days of having received written notice of the breach. Customer acknowledges that a failure by Customer to pay the fees set forth in this Agreement shall constitute a material breach of this Agreement and Customer acknowledges that ContractZen may cease to provide the ContractZen Service to Customer due to such failure by Customer without prior notice.
    6. ContractZen may terminate this Agreement with immediate effect, in whole or in part, if Customer becomes bankrupt, liquidated or insolvent or enters any proceedings in this regard which can reasonably be considered to weaken its ability to make payments.
    7. If this Agreement is terminated by Customer due to a material breach by ContractZen in accordance with Section 13.5, ContractZen will refund Customer any prepaid fees covering the remainder of the term of the subscription after the effective date of termination. If this Agreement is terminated by ContractZen in accordance with Section 13.5 or 13.6, Customer is liable to pay any unpaid fees covering the remainder of the subscription term. Unless otherwise set forth above, any fees paid are non-refundable.
    8. Upon expiry or termination of the Agreement, Customer shall immediately cease using the ContractZen Service, and all licences and rights granted by ContractZen to Customer under this Agreement are revoked. Upon expiry or termination of this Agreement, Customer shall promptly return any possible Confidential Information of ContractZen.
    9. Within a reasonable time from the expiry or termination of the Agreement, ContractZen shall delete or anonymize Customer Data (including personal data processed by ContractZen on behalf of Customer). Upon Customer’s request ContractZen shall return, provided that such Customer Data has not already been deleted, to Customer the Customer Data (including personal data processed by ContractZen on behalf of Customer) electronically in a structured form, as well as delete all existing copies of such Customer Data. ContractZen may charge for the return of Customer Data to Customer. Notwithstanding anything in this Agreement, ContractZen shall have the right to retain copies of Customer Data to the extent that EU or Finnish law requires storage of the copies of data and not be required to delete copies of the personal data from its backup servers until such time that the backup copies are scheduled to be deleted.
    10. The provisions of this Agreement which by their nature reasonably should survive the termination or other expiration of this Agreement shall survive any expiration or termination of this Agreement.

  14. MISCELLANEOUS

    1. Reference Use. ContractZen may use general information (such as the name and/or logo) of the Parties to this Agreement in its marketing of the ContractZen Service pursuant to good business practises and reasonable guidelines submitted by the relevant Party from time to time.
    2. License by Customer to Use Customer’s Feedback. Customer grants to ContractZen a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate into the ContractZen Service any suggestion, enhancement request, recommendation, correction or other feedback provided by Customer or Designated User(s) relating to the ContractZen Service.
    3. Governing Law and Dispute Resolution. This Agreement shall be governed by and construed in accordance with the laws of Finland, excluding its conflict of laws or private international law provisions and the UN Convention on Contracts for the International Sale of Goods. Any dispute, controversy or claim arising out of or in connection with this Agreement or the breach, termination or invalidity thereof, shall be attempted to be amicably settled through negotiations between the Parties for a period of thirty (30) days and failing the same, shall be finally settled in arbitration in accordance with the Arbitration Rules of the Central Chamber of Commerce of Finland by one (1) arbitrator. The arbitration shall take place in Helsinki, Finland and shall be conducted in the English language. The award of the arbitration shall be final and binding on both Parties. Notwithstanding the above, ContractZen may always institute legal action in the District Court of Helsinki against Customer and is entitled to seek equitable and/or injunctive relief in any court of law. Moreover, each Party may seek to enforce an arbitration award in any court of law.

      Each Party agrees to the applicable governing law above without regard to choice or conflicts of legal rules, and to the exclusive jurisdiction of the applicable arbitration body and courts above. BOTH PARTIES KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVE ANY RIGHT THE PARTIES MAY HAVE TO A TRIAL BY JURY OF ANY DISPUTE ARISING UNDER OR RELATING TO THIS AGREEMENT.

    4. Each Party shall have the right to subcontract its obligations under this Agreement. Each Party shall ensure that its subcontractor shall comply with the provisions of this Agreement. Each Party shall be liable for the actions of its subcontractors as for its own. Upon a separate request of Customer, ContractZen shall provide information to Customer on the subcontractors used by ContractZen in connection with the provision of the ContractZen Service.
    5. Force Majeure. A Party shall not be deemed to be in breach of this Agreement as long as its failure to perform any of its obligations hereunder is caused solely by labour disturbance, fire, act of war or nature, information network or telecommunication network malfunction, government order or any other, similar cause beyond the Party’s reasonable control. If such event persists for over one (1) month, a Party may terminate this Agreement immediately upon written notice to the other Party.
    6. Assignment. Unless expressly agreed otherwise herein, neither this Agreement, nor any interest hereunder shall be assignable by Customer without the prior written consent of the ContractZen. ContractZen shall be entitled to assign and transfer this Agreement to an affiliate or third party or as a part of a sale of its business operations pertaining to this Agreement or a part thereof.
    7. Amendments. ContractZen is entitled to amend the Agreement and any appendices including without limitation the fees charged for the ContractZen Service by providing Customer with a one (1) month prior written notice to Customer’s email address. If Customer does not accept the change made by ContractZen to this Agreement or its appendices, Customer has the right to terminate the Agreement by notifying ContractZen thereof in writing at least two (2) weeks prior to the effective date of such change.
    8. Independent Contractors: The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the Parties.
    9. No waiver. A failure by any Party at any time or times to require performance of any provisions of this Agreement shall in no manner affect its right to enforce the same, and the waiver by any Party of any breach of any provision of this Agreement shall not be construed to be a waiver by such Party of any succeeding breach of such provision or waiver by such Party of any breach of any other provision hereof.
    10. Entire Agreement; Drafting; Headings. This Agreement represents the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior negotiations, understandings and agreements relating to the subject matter hereof. This Agreement shall be construed as having been mutually drafted by the Parties without regard to any actual division of responsibility in the drafting hereof. Headings and captions are for convenience of reference only and do not alter the meaning or interpretation of the Agreement.
    11. Severability. If any term or provision of this Agreement is held to be illegal or unenforceable, the validity of the remainder of this Agreement shall not be affected.
    12. U.S. Government Users: This Section 14.12 only applies to the U.S. Government or if you are, or are acting on behalf of, an agency or instrumentality of the U.S. Government. The ContractZen Service is “commercial computer software” developed exclusively at private expense. Pursuant to FAR 12.212 or DFARS 227.7202 and their successors, as applicable, use, reproduction and disclosure of the ContractZen Service is governed by the terms of this Agreement.

Appendix 1 – Data Processing Appendix

DATA PROCESSING APPENDIX

This Data Processing Appendix (“DPA”) forms a part of the Agreement. For the purposes of this DPA, ContractZen shall be referred to as the “Processor” and Customer as the “Controller”.

Purpose and background

  1. Processor provides to the Controller the ContractZen Service, which constitutes the purpose of processing under this DPA (the “Purpose”).
  2. In connection with the Purpose, Processor may process personal data on behalf of the Controller when the Controller inputs such data into ContractZen Service. This DPA governs the rights and obligations of the Parties regarding the processing of personal data in connection with the Purpose.

Definitions

Unless evident from the context, the definitions of the Agreement shall apply to this DPA.

As used in this DPA, the following terms and expressions shall have the following meanings.

“Laws”
shall mean Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).
“Personal Data”
means the personal data the Processor processes on behalf of the Controller under the Agreement.
“Personal Data Breach”
means a personal data breach involving Personal Data that the Processor has become aware of.
“Standard Contractual Clauses”
means the standard contractual clauses adopted by the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as may be amended or replaced or supplemented from time to time.

The terms “personal data”, “processing”, “data subject”, “controller”, “processor” and “personal data breach” and other terms defined in the Laws and used in this DPA shall have the same meanings as set out in the Laws and shall be construed accordingly.

  1. PERSONAL DATA PROCESSED

    1. Processor may process all Personal Data that it, a Designated User or another party acting on Controller’s behalf processes, stores, generates in or submits to the ContractZen Service. The Controller is fully liable for the contents of such Personal Data as set forth in more detail in the Agreement.
    2. Duration of processing. The Processor may process Personal Data for the term of the Agreement.
    3. Description of processing. It is acknowledged that the Processor does not have control over the type of personal data or categories of data subjects in relation to Personal Data. The type of data processed, stored, generated in or submitted to the ContractZen Service is in the sole control of the Controller. Due to the nature of the ContractZen Service, the type of personal data or categories of data subjects cannot be determined by the Parties in advance. The categories of data subjects may cover all data subjects whose personal data Controller chooses to process, store, generate in or submit to the ContractZen Service.

  2. OBLIGATIONS OF THE PROCESSOR

    1. Compliance with the Laws and the Agreement. When processing Personal Data, Processor undertakes to comply with the Laws, the Agreement (and this DPA). The Agreement (and this DPA) shall be deemed to form the written instructions given by the Controller to Processor. Processor shall immediately inform Controller if, in its opinion, Controller’s written instructions infringe the Laws.
    2. No Independent Processing Rights to Personal Data. Processor has the right to process Personal Data for the Purpose but not for any other purposes. Processor shall process Personal Data in accordance with the Agreement and this DPA, unless otherwise required in the European Union or Member State law to which the Processor is subject. In such a case, Processor shall inform Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
    3. Confidentiality obligations applicable to Personal Data. Pursuant to the terms of the Agreement, the Processor undertakes to ensure that persons who have the right to process Personal Data are authorized and properly trained with a “need-to-know” and are subject to a contractual confidentiality obligation or to an appropriate statutory confidentiality obligation.
    4. Safeguarding Measures and Back-up. Processor has implemented and shall maintain appropriate technical and organizational measures (as set out in Article 32 GDPR) as set out in its policies to prevent Personal Data from being accidentally or unlawfully destroyed, lost or altered, or disclosed or made available without authorization, and to ensure a level of security that is adequate taking into consideration the nature of Personal Data and the Purpose. In assessing what is appropriate, Processor shall take into account the state of the art safeguarding measures, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The measures shall include but not be limited to keeping accurate records of processing of Personal Data processed in the context of the Purpose, and the currency of the firewall and antivirus protection of the Processor’s data systems. Processor shall follow its and/or its service provider’s standard archiving and back-up procedures for Personal Data. In the event of any loss or damage to Personal Data, Controller’s sole and exclusive remedy shall be to request Processor to use reasonable commercial efforts to restore the lost, altered or damaged Personal Data from the latest back-up of such Personal Data maintained by Processor or its service provider. Processor shall upon the Controller’s request provide Controller with sufficient information to enable Controller to ensure that Processor complies with its obligations under this DPA, including ensuring that the appropriate technical and organizational security measures have been implemented.
    5. Obligation to Assist in Fulfilment of Rights of Data Subjects. Taking into account the nature of the processing of Personal Data, Processor shall, in accordance with Controller’s reasonable request and against separate compensation, assist Controller by means of appropriate technical and organisational measures, insofar as this is possible, in carrying out the requests on the fulfilment of the rights of the data subjects laid down in the Laws, but only to the extent Controller cannot fulfil the rights of the data subjects by itself. Processor shall promptly notify Controller of all inquiries and questions of the data subjects related to Personal Data addressed directly to Processor, as well as requests regarding the fulfilment of the rights of the data subjects. The Processor shall not respond to any such requests by the data subjects.
    6. Obligation to assist Controller in complying with the Laws. At the reasonable request of the Controller and in accordance with such request, Processor shall against reasonable compensation assist Controller in carrying out its obligations laid down in the Laws and to make available all information necessary for Controller to demonstrate compliance with the obligations laid down in the Laws. The provision of information must be carried out in such a way that it does not in any way jeopardize the security of the operations or services of the Processor or the protection of personal data processed by the Processor on behalf of its other customers and will be made at Customer’s cost. Processor shall inform Controller of all inquiries and questions related to Personal Data of supervisory authorities or other authorities without undue delay. Unless the Controller otherwise instructs on a case-by-case basis, Processor shall not respond to any such requests of supervisory authorities or other authorities that relate to the Agreement (or this DPA).
    7. Personal Data Breaches. Processor shall document all Personal Data Breaches, the consequences and impacts of the Personal Data Breaches as well as the actions taken by Processor after becoming aware of such Personal Data Breach. In addition, Processor must inform Controller in writing of any Personal Data Breaches that Processor has become aware of without undue delay. The Processor’s notification shall include the following elements, insofar as they are relevant to the Personal Data Breach and known to the Processor, in particular:

      (A) Nature of the Personal Data Breach and a description of a security deviation that caused the Personal Data Breach;

      (B) Which data has been subject to the Personal Data Breach;

      (C) Description of the likely consequences of Personal Data Breach;

      (D) Description of the measures taken or proposed to be taken by Processor to address the Personal Data Breach including the measures to mitigate its possible adverse effects.

    8. International Transfers of Personal Data. The servers, service centers etc., used by Processor in the processing of Personal Data are primarily located in the European Economic Area (the “EEA”). However, the Processor may also use servers, service centers and public cloud infrastructure located outside of the EEA in the processing of Personal Data to provide the Processor’s services to the Controller provided that transfers of Personal Data outside of the EEA are based on appropriate safeguards, such as Standard Contractual Clauses if the local data protection legislation does not provide an adequate level of data protection under the Laws.

  3. OBLIGATIONS OF CONTROLLER

    1. Compliance with Laws, other regulations applicable to Controller and the Agreement. Controller agrees to comply with the Laws, other regulations applicable to Controller, the Agreement and this DPA. Controller warrants that it has the right to transfer Personal Data to Processor for processing. Controller warrants that it has, as a controller, carried out or will carry out necessary measures for full compliance with the Laws. Controller shall remain fully responsible and liable for having duly complied with its statutory obligations, including without limitation, informing data subjects about the specifics of processing of Personal Data related to them. Controller acknowledges and agrees that it is the responsibility of the controller to ensure that the Controller’s use of ContractZen Service complies with the laws and regulations to which Controller is subject.
    2. Data Security Safeguards. Controller is responsible for having and maintaining appropriate data security safeguards for its own data systems and communications networks as well as for requiring the same from its customers and end users. Processor shall not be deemed responsible for data security of or any disturbance in the Controller’s, its customers’ or end users’ data systems or communications networks nor general communications network nor for any other impediment affecting the security of Personal Data beyond the Processor’s control nor for any damage resulting therefrom.
    3. Obligation to inform. Controller shall without delay inform Processor of any matters that are of relevance for Processor to fulfil its obligations specified in this DPA or the Laws. For avoidance of doubt, it is hereby agreed that Processor shall not in any way be responsible or liable towards the Controller, data subjects or third parties for any damages or claims arising from failure of Controller in fulfilling its statutory obligations or obligations of Controller based on this DPA.

  4. USE OF SUBCONTRACTORS IN THE PROCESSING OF PERSONAL DATA

    1. Controller authorises Processor to use subcontractors in the processing of Personal Data. Processor shall provide a list of subcontractors used by the Processor from time to time at Controller’s request. In the event the Processor makes any changes or additions to the list of subcontractors, the Processor shall notify the Controller of any such changes or additions.
    2. Controller may object to Processor’s use of a new subcontractor by notifying Processor in writing within ten (10) business days after any updates are made by Processor to the list of subcontractors. In the event of such objection by Controller, Processor will take commercially reasonable steps to address Controller’s objection and provide Controller with reasonable written explanation of the steps taken to address such objection. Should Controller deem that the steps taken by Processor are not sufficient to cure Controller’s objection, the Parties will negotiate on the matter in good faith. If no amicable solution is found, either Party shall have the right (without prejudice to any shorter notice period in the Agreement) to terminate the Agreement with thirty (30) days’ written notice.
    3. When using subcontractors, Processor shall enter into a written agreement with each subcontractor. The agreement entered into between the Processor and subcontractor shall require the subcontractor to comply with obligations that materially correspond to those applicable to Processor under this DPA and the Laws, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Laws. Processor shall be deemed responsible for the actions and omissions of its subcontractors as for its own.

  5. AUDIT

    1. Controller has the right once annually, at its own cost and against a reasonable compensation to Processor, either by itself or with assistance of a third-party auditor mandated by Controller to audit the facilities and processing activities of Processor under this DPA to assess the compliance of Processor with the Laws and this DPA. The Parties shall separately agree in writing on the specifics of the audit.
    2. Controller is responsible for notifying Processor of the performance of an audit thirty (30) days in advance, unless otherwise stipulated by compelling decision of the competent authorities.
    3. The auditor shall upon the Processor’s request sign a customary non-disclosure agreement, and treat all information obtained or received from Processor confidentially, and may only share the information with the Controller.
    4. Processor shall allow the auditor access to its premises and data systems during the agreed time within the Processor’s normal office hours so that the audit does not in any way compromise the security of the Processor’s operation or services, or protection of personal data of its other customers. Whenever required by the auditor, Processor shall provide the auditor with information, documents and other material reasonably required, and otherwise reasonably assist in carrying out the audit.

  6. TERM AND TERMINATION

    1. This DPA shall, unless otherwise expressly agreed in the Agreement, become effective on the signing date of the Agreement and shall remain in full force for as long as the Agreement is in force. To the extent Personal Data received from Controller is processed by the Processor, for whatsoever reason, after the termination or expiration of the Agreement, this DPA shall continue to apply to such processing of Personal Data for as long as such processing of Personal Data is carried out by Processor.
    2. After the termination of the Agreement, Processor shall, at the choice of the Controller, destroy or return to Controller all Personal Data, as well as destroy all existing copies of such data, unless the Personal Data and copies have already been destroyed or anonymized, or unless applicable law requires storage of the copies of data. Processor shall not, however, be required to delete copies of the Personal Data from its backup servers until such time that the backup copies are scheduled to be deleted.
    3. If any term, covenant or condition of this DPA shall for any reason be held unenforceable by a court of competent jurisdiction, the rest of this DPA shall remain in full force and shall in no way be affected or impaired.

  7. OTHER PROVISIONS

    1. It is hereby expressly stated that the Parties are obligated to comply with the Laws regardless of the content of this DPA. Should there be a conflict between the Laws and the provisions of this DPA, each Party is entitled and obliged to comply with the Laws and such actions of complying with the Laws shall not be deemed as a breach of obligations of the Agreement or this DPA. A Party shall without undue delay inform the other Party of such discrepancies.
    2. Any amendments to this DPA shall be made in writing and be duly signed by the Parties.
Version 14.6.2026