Terms and conditions

WeldEye Cloud Service

WeldEye Cloud Service Terms

1. Service

Kemppi Oy (“Kemppi”) shall provide the Customer with the WeldEye – Welding Management System (“WeldEye”) as subscription based service from the cloud (the "Cloud Service”). These terms and conditions (“Terms”) govern your  use of the Cloud Service. If you are entering into these Terms on behalf of another legal entity, you represent that you have the actual authority to bind such entity (you and/or such entity collectively the “Customer”) to these Terms.

Upon registration of the cloud subscription for the Cloud Service (the “Cloud Subscription”) Kemppi grants to the Customer a right to use the Cloud Service specified in these Terms, including possible upgrades and help desk function. The granted right to use the Cloud Service in accordance with these Terms is limited to the validity of Terms, and these Terms do not grant any other right or license, whether express or implied, to the Customer to exploit the Cloud Service in any other manner than expressly specified in these Terms. All other rights are expressly retained by and reserved to Kemppi.    

The Cloud Service is provided “as is”. Kemppi assumes no responsibility or liability of the Cloud Service’s or Software’s functionality or fit for purpose.  The use of the Cloud Service is limited to the Cloud Service modules specified in these Terms. The Customer is responsible and liable for any use of the Cloud Service under the Customer’s usernames and passwords.


2. Activation 

In order to use the Cloud Service, the Customer is required to activate the Cloud Service by i) registering a new customer account (“Account”) or ii) using the existing customer’s My Kemppi ID account, and to enter the license key of the purchased Cloud Subscription. Customer must provide true, accurate and current billing information when activating the Cloud service. Upon activation of the Cloud Service Kemppi is granted a right to charge the Service fees as specified in these Terms.

3. Availability

The Cloud Service will be available for the Customer through an Internet connection arranged by the Customer, and will be hosted on servers appointed by Kemppi. The Cloud Service may not be available in some countries and may be provided only in selected languages. The Customer is aware of and acknowledges that the Customer’s access to the Internet cannot be guaranteed and that Kemppi shall not, under any circumstances, be liable for any deficiencies or errors in the Customer’s own Internet connections and/or network.

4. Security measures

The Cloud Service includes the following security measures: 1) regular back-up of information the Customer has entered into WeldEye; 2) secured server connection; 3) password protection; and 4) virus control.

Backup of data includes one full back-up every week. Incremental back-up of WeldEye file system and database is done daily.

5. Upgrade Package

Kemppi may from time to time update the Cloud Service in accordance with reported errors, reported user needs and/or according to Kemppi’s development plans for the Cloud Service.

6. Support and maintenance services

The Customer is entitled to receive information about the use of the Cloud Service in a form of a support Service. This support Service is provided to the Customer, provided that the Customer has read any instruction material Kemppi has made available. All support requests may be sent by the Customer by using the Support section available at WeldEye.com.

7. Scope of Cloud Service and prices
  1. Direct costs:
    The Customer has purchased Cloud Subscription for “Welding Procedures” and “Personnel and Qualifications” modules of WeldEye.

  2. Costs during the use: basic user fee/month + additional active users fee/month 

Basic user fee covers the use of one user only. The additional active user fee is based on the number of other users that have actually logged into WeldEye at least once within a calendar month (Active Users).

All prices are charged in accordance with the valid Price List. All prices are in Euro (€) and net of any taxes, whether VAT, sales taxes, withholding taxes or similar.

All prices will be reviewed on an annual basis and are subject to change upon Kemppi’s prior notice, which will be provided to the Customer thirty (30) days prior to possible changed prices become effective. If the Customer does not agree to the changed prices, the Customer must cease to use the Cloud Service on the date the changed prices become effective at the latest.

8. Limitation of liability

Section 5 of Kemppi General Terms and Conditions attached hereto shall apply to these Terms.

9. Confidentiality and data protection

Section 7 of the Kemppi General Terms and Conditions shall apply to these Terms.

All information the Customer enters into WeldEye is information of the Customer.

Kemppi has a perpetual right to use the Customer’s information processed through and by WeldEye for the statistical purposes and business and product development purposes, and for the purposes of meeting Kemppi’s obligations under these Terms. This usage is executed so that the Customer’s identity or detailed information is not disclosed to third parties.

Should the Customer and/or its subsidiaries collect and process any personal data, identification data or other such data (e.g., location data)(collectively “Customer Group Personal Data”) and insert such initially collected Customer Group Personal Data into WeldEye, the Customer and its subsidiaries shall confirm that they have collected and processed and will collect and process such Customer Group Personal Data in accordance with applicable legislation and regulations and these Terms. The parties agree that Kemppi shall only process the Customer Group Personal Data to the extent necessary to provide the Cloud Service to the Customer and subsidiaries. Kemppi shall not be liable for circumstances where an individual makes a claim or complaint regarding Kemppi’s actions to the extent such actions result from instructions received from the Customer and/or its subsidiaries. In addition, Kemppi has a right to use the Customer Group Personal Data processed through and by WeldEye for the statistical purposes and business and product development purposes. This usage is executed so that the Customer’s identity or detailed information is not disclosed to third parties.

The Customer acknowledges and agrees that Kemppi’s and its third party sub-suppliers’ servers may locate also outside the EU and hence, the Customer Group Personal Data may be processed in connection with the provision of the Cloud Service also outside the EU. In the event the Customer is an entity whose domicile is in the EU, the Customer shall, on its own behalf and behalf of its subsidiaries, enter into the Standard Contractual Clauses Terms (“SCCA”) with Kemppi.

The Customer shall ensure that the Customer and its subsidiaries are entitled to transfer the relevant Customer Group Personal Data that is initially collected by the Customer and/or its subsidiaries and saved in the Customer’s systems to Kemppi so that Kemppi and its sub-suppliers may lawfully use, process and transfer the Customer Group Personal Data in accordance with these Terms on behalf of the Customer and/or its subsidiaries.

Kemppi may use sub-suppliers to provide certain Services on its behalf for the Cloud Service.

The duration of the data processing of the Customer Group Personal Data shall be the term of these Terms.

10. Retrieval of the Customer Data

Upon written request by the Customer made no later than one (1) month prior to the termination date of these Terms, Kemppi shall make the Customer data stored in the Cloud Service available to the Customer through the Cloud Service on a limited basis solely for purposes of the Customer retrieving the Customer data for a period of forty-five (45) days after such request is received by Kemppi. After said forty-five (45) days period, Kemppi has no obligation to maintain or provide any Customer data and shall thereafter be entitled to delete all Customer data. However, Kemppi shall not be required to remove copies of the Customer data form its servers or other backup media until such time as the backup copies are scheduled to be deleted.

11. Kemppi General Conditions

Kemppi General Terms and Conditions attached to these Terms are essential part of and supplement the terms and conditions of these Terms.                                                                                                            

12. Validity and Termination

These Terms shall become effective upon Activation of the Cloud Service (“Effective Date”) and shall continue to be effective for consecutive calendar months (“Period”) unless terminated in accordance with this Section 12.

The Customer may terminate its subscription by properly unsubscribing the Cloud Service at least thirty (30) days before the expiration of any Period. The Customer shall pay any accrued fees, charges and/or costs incurred prior to the effective date of the termination.

Kemppi expressly reserves the right to modify the Terms at any time at its sole discretion, and without prior notice to Customer, by including such modification in these Terms with notification of the effective date of such modified Terms. If at any time Customer do not agree to any modified Terms, Customer has a right to terminate the subscription according to these Terms and may no longer be able to use the Cloud Service.

13. Applicable Law and Dispute Resolution

Section 19 of the Kemppi General Terms and Conditions shall apply to this Terms.

14. Assignment

Section 14 of the Kemppi General Terms and Conditions shall apply to this Terms.

Data processing agreement

1. Background and purpose

This Data Processing Agreement is an inseparable part of the WeldEye agreement including all appendices and documents incorporated thereto, entered into by and between the Supplier and the Customer (“Agreement”).

The purpose of this Data Processing Agreement is to agree on the terms and conditions for processing of personal data by the Supplier on behalf of the Customer, which also comprise the scope of this Data Processing Agreement.

2. Definitions

For the purpose of this Data Processing Agreement, unless expressly otherwise stated or evident in the context, the following capitalized terms shall have the following meanings, the singular (where appropriate) shall include the plural and vice versa, and references to Sections or Subsections shall be references to sections and subsections of this Data Processing Agreement.

2.1  “Customer” has the meaning given to it in the Agreement. In addition, anything stated in this Data Processing Agreement with reference to the Customer applies also to any party on behalf of which the Processor Processes Personal Data pursuant to the Agreement.

2.2  “Data Protection Laws” means applicable data protection regulations and legislation, including but not limited to the GDPR and the data protection or privacy laws of any other country.

2.3  “EU” means European Union.

2.4  “EEA” means the European Economic Area.

2.5  GDPR” means the Regulation (EU) 2016/679 of the European parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

2.6  “Party” means each the Customer and the Supplier individually and “Parties” shall mean jointly the Customer and the Supplier.

2.7  “Services” means the services, systems, any deliverables and other activities supplied by or on behalf of the Supplier to the Customer pursuant to the Agreement.

2.8 Standard Data Protection Clauses” has the meaning given to it in Section 5.3.

2.9  “Sub-processor” means another processor engaged by the Supplier in the Processing of Personal Data and, where applicable, possible other Processor engaged by the Sub-processor of the Supplier.

2.10 personal data”, “process” and “processing”, “controller”, “processor” and “data subject”, shall have the meaning set forth in the GDPR.

In addition, unless expressly otherwise stated, the applicable definitions provided in the Agreement shall be applied to this Data Processing Agreement. In case a definition provided in this Data Processing Agreement and a definition provided in the Agreement conflicts, for the purposes of this Data Processing Agreement the definition provided in this Data Processing Agreement shall prevail.

3. Processing of Personal Data

3.1 Subject matter, nature and purpose

3.1.1  Pursuant to the Agreement the Supplier supplies Services in connection of which the Supplier processes personal data on behalf of the Customer. The subject matter of the processing is the Customer Group Personal Data as set out in the Agreement and this Data Processing Agreement.

3.1.2  The nature and the purpose of the processing is to supply and enable the Services provided by the Supplier to the Customer pursuant to the Agreement.

3.1.3  Nothing in this Data Processing Agreement shall operate to transfer, assign or otherwise grant to the Supplier any right or interest to the personal data, unless otherwise expressly stated in the Agreement.

3.2 Personal Data and Data Subjects

3.2.1  Personal data comprises of Customer Group Personal Data. Personal data may include also other types of data if required by the purpose of the processing agreed between the Parties.

3.2.2  Processing involves personal data of Customer’s employees and possible other data subjects determinated by the Customer.

3.3  Roles of the Parties

3.3.1  The Customer and, where applicable, its subsidiaries shall be the Controller(s) and the Supplier, shall be the Processor of any and all personal data processed pursuant to the Agreement.

3.4  Duration and termination of Processing

3.4.1  The duration of the processing of personal data is conditional to the term of the Agreement. The processing shall be conducted as long as certain processing activities are required for the supply of the Services.

3.4.2  If any processing by the Supplier is required after termination of the Agreement, e.g. in order to transfer data back to the Customer such processing shall be conducted in accordance with the provisions of this Data Processing Agreement. Any other kind of processing is prohibited, unless otherwise agreed between the Parties or required by Data Protection Laws or other applicable laws.

3.4.3  In the event of termination of the Agreement, the Supplier shall, at the choice of the Customer, delete or return all applicable personal data to the Customer and delete existing copies unless Data Protection Laws require storage of the personal Data.

3.5  Instructions for Processing

3.5.1  The Supplier shall process personal data only in accordance with Customer’s instructions. The Parties agree that this Data Processing Agreement comprises Customer’s complete and final documented instructions to the Supplier in relation to processing of the personal data. The instructions may be amended from time to time as agreed between the Parties in accordance with the provisions of the Agreement.

3.5.2  If the Supplier may not follow the instructions given by the Customer due to applicable compelling laws or it considers an instruction to infringe any law, the Supplier shall immediately inform the Customer of such matter, and the Supplier has a right to refrain from such processing without any consequences.

3.6  Obligations of the Supplier

3.6.1  The Supplier shall comply with all applicable Data Protection Laws in the processing of the personal data.

3.6.2  The Supplier shall implement appropriate technical and organisational measures for security of processing as provided in the Data Protection Laws. The Customer accepts and warrants that the security measures under the Agreement, are adequate to meet the aforementioned level of security considering the data which Customer utilises in the Service.

3.6.3  The Supplier shall also assist the Customer with reasonable effort in ensuring compliance with the data security obligations pursuant to Data Protection Laws taking into account the nature of processing and the information available to the Supplier.

3.6.4  The Supplier shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation.

3.6.5  The Supplier shall assist the Customer by reasonable technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the data subject’s rights under the Data Protection Laws.

3.6.6  The Supplier shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in the Data Protection Laws.

4. Subcontractors

4.1  The Supplier shall be entitled to engage Sub-processors in the processing of the personal data.

4.2  Before commencement of the processing by a Sub-processor the Supplier shall inform the Customer in writing of the Sub-processor or a change of a Sub-processor and the specific processing activities it is engaged for, thereby giving the Customer the opportunity to object to such processing.

4.3  Where the Supplier engages a Sub-processor for processing of personal data on behalf of the Customer, the Supplier shall impose on the Sub-processor the same obligations related to the processing of personal data as set out in this Data Processing Agreement.

5. Location and transfers of data

5.1  The Customer acknowledges and agrees that in connection with the Services the personal data may be processed also outside the EU.

5.2  The Customer hereby authorises the Supplier to enter into and undertake on Customers behalf such appropriate contractual arrangements with the recipient in a non-EU/EEA country for the transfer of personal data to third countries outside the EU/EEA as adopted and approved by the EU Commission or competent data protection regulatory authority in accordance with applicable Data Protection Laws (“Standard Data Protection Clauses”). As an alternative to entering into the Standard Data Protection Clauses, the Supplier may rely upon an alternative framework permitting the lawful transfer of the personal data outside of the EU/EEA, provided that such framework is in compliance with applicable laws.

6. Data breaches

6.1  In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed (“Data Breach”), the Supplier shall without undue delay after having become aware of it notify in writing the Customer. The notification shall at least:

(a) describe the nature of the Data Breach, the affected personal data, including the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

(b) communicate the name and contact details of a contact point where more information can be directly obtained in case such person is other than the contact person under the Agreement;

(c) describe the likely consequences of the Data Breach, in particular to the personal data; and

(d) describe the measures taken or proposed to be taken by the Supplier to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

7. Audit

7.1  The Customer or another auditor mandated by the Customer may audit the level of the data protection on and appropriateness of the processing of personal data by the Supplier upon fifteen (15) working days’ prior written notice to Supplier to ensure their compliance with this Data Processing Agreement and Data Protection Laws.

7.2  The Supplier shall contribute to the aforementioned audits and make available all information required to complete the audits.

7.3  The audits shall be performed during the normal working hours and shall not unreasonably disturb the operations of the Supplier. Each Party shall carry their own costs and expenses accrued in connection with audits.