Weldeye

Terms and conditions

WeldEye Cloud Service

  1. Home
  2. WeldEye Terms and conditions

WeldEye Cloud Service Terms

1 Scope

Kemppi Oy (“The Supplier”) shall provide the Customer with the WeldEye – Welding Management System (“WeldEye”) as a subscription-based service from the cloud (the "Cloud Service”) according to the agreement Kemppi and Customer have separately entered into (“the Agreement”). These terms and conditions (“Terms”) govern the Customer’s use of the Cloud Service.

2. Service

The Supplier shall provide the Customer with the WeldEye upon Activation as specified in Section 3.1.

Upon purchase of agreed cloud subscriptions for the Cloud Service of WeldEye (the “Cloud Subscription”) the Supplier grants to the Customer a right to use the Cloud Service as specified in the Agreement, including possible upgrade package and help desk function. The granted right to use the Cloud Service in accordance with the terms is limited to the validity of the Agreement, and the Agreement does not grant any other right or license, whether express or implied, to the Customer to exploit the Cloud Service in any other manner than expressly specified in the Agreement, its Appendices, these Terms and Kemppi General Terms, and Conditions. All other rights are expressly retained by and reserved to the Supplier.   

The Cloud Service is provided “as is”. The Supplier assumes no responsibility or liability for the Cloud Service’s or Software’s functionality or fitness for purpose.  The use of the Cloud Service is limited to the number of Cloud Subscriptions and the Cloud Service modules specified in the Agreement and the number of the Customer’s users at any given time may not exceed the number of the Cloud Subscriptions purchased by the Customer and its subsidiaries. The Customer and its subsidiaries may order additional Cloud Subscriptions under the terms and conditions of the Agreement and the current Price List. The Customer is responsible and liable for any use of the Cloud Service under the Customer’s usernames and passwords.

EXCEPT AS EXPRESSLY PROVIDED ABOVE IN THIS CHAPTER 2 AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SUPPLIER AND ITS SUBCONTRACTORS PROVIDE THE CLOUD SERVICE AS IS. THE SUPPLIER DOES NOT WARRANT NOR GUARANTEE THAT THE CLOUD SERVICE WILL BE ERROR-FREE OR UNINTERRUPTED OR THAT THE SUPPLIER WILL CORRECT ALL ERRORS OR FAULTS. TO THE EXTENT PERMITTED BY LAW, THESE LIMITED WARRANTIES ARE EXCLUSIVE IN CONNECTION WITH THE PROVISION OF THE CLOUD SERVICE, AND THE SUPPLIER AND ITS SUBCONTRACTORS MAKE NO OTHER WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OR CONDITIONS, INCLUDING ANY WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE CLOUD SERVICE.

3. Activation, Availability, Hardware, and Security measures 
3.1. Activation 

The Supplier shall activate and make available the Cloud Service purchased by the Customer in the agreed scope defined in The Agreement. If separately agreed in The Agreement, the Supplier may provide WeldEye-related training and other Services.    

3.2. Availability

The Cloud Service will be available for the Customer through an Internet connection arranged by the Customer and will be hosted on servers appointed by the Supplier. The Cloud Service may not be available in some countries and may be provided only in selected languages. The Customer is aware of and acknowledges that the Customer’s access to the Internet cannot be guaranteed and that the Supplier shall not, under any circumstances, be liable for any deficiencies or errors in the Customer’s own Internet connections and/or network.

3.3. Hardware

If specified in the Agreement, the provision of the Cloud Service for WeldEye may include a selected amount of hardware. The Customer shall be responsible for the connection between the purchased hardware to the Customer’s networks. The Supplier may provide support when connecting first time the purchased hardware to the Customer’s networks and the Supplier shall validate and accept the Customer’s network in writing unless agreed otherwise.

Hardware provided by the Supplier shall be governed by the terms and conditions of the Agreement and a warranty for such hardware is provided in accordance with Kemppi’s warranty policy (available at www.kemppi.com). All hardware provided by Kemppi are CE-marked. 

3.4. Security measures

The Cloud Service includes the following security measures: 1) regular back-up of information the Customer has entered into WeldEye; 2) secured server connection; 3) password protection; and 4) virus control.

The backup of data includes one full backup every week. Incremental back-up of the WeldEye file system and database is done daily.

4. Upgrade package

The Supplier may from time to time update the Cloud Service in accordance with reported errors, reported user needs, and/or according to the Supplier’s development plans for the Cloud Service.

5. Support and maintenance services

The Customer is entitled to receive information about the use of the Cloud Service in a form of a support Service. This Support Service is provided to the Customer, provided that the Customer has read any instruction material the Supplier has made available. All support requests may be sent by the Customer by using the Support section available at WeldEye.com.

6. Scope of Cloud Service and prices

Pricing principles and prices are specified in the Agreement and its appendices.

All prices are in Euro (€) (unless the parties have expressly agreed otherwise) and net of any taxes, whether VAT, sales taxes, withholding taxes, or similar.

Direct Costs shall be invoiced upon Activation. Thereafter, the subsequent annual yearly fees shall be invoiced on a quarterly basis.

All prices will be reviewed on an annual basis and are subject to change upon Kemppi’s prior notice, which will be provided to the Customer thirty (30) days prior to possible changed prices becoming effective. If the Customer does not agree to the changed prices, the Customer must cease to use the Cloud Service on the date the changed prices become effective at the latest.

7. Limitation of liability

Section 5 of Kemppi General Terms and Conditions attached hereto as Appendix 2 shall apply to this Agreement.

8. Confidentiality and data protection

All information the Customer enters into WeldEye is information of the Customer.

The Supplier has a perpetual right to use the Customer’s information processed through and by WeldEye for statistical purposes and business and product development purposes, and for the purposes of meeting the Supplier’s obligations under the Agreement and its Appendices. This usage is executed so that the Customer’s identity or detailed information is not disclosed to third parties.

For additional confidentiality terms, section 7 of Kemppi General Terms and Conditions shall apply to this Agreement.

Should the Customer and/or its subsidiaries collect and process any personal data, identification data, or other such data (e.g., location data) (collectively “Customer Group Personal Data”) and insert such initially collected Customer Group Personal Data into WeldEye, the Customer and its subsidiaries shall confirm that they have collected and processed and will collect and process such Customer Group Personal Data in accordance with applicable legislation and regulations and the Data Processing Agreement. The parties agree that the Supplier shall only process the Customer Group Personal Data to the extent necessary to provide the Cloud Service to the Customer and subsidiaries, and only for the purposes, as agreed upon between the Customer and the Supplier, as instructed by the Customer and in compliance with this Agreement. The Supplier shall not be liable for circumstances where an individual makes a claim or complaint regarding the Supplier’s actions to the extent such actions result from instructions received from the Customer and/or its subsidiaries. In addition, the Supplier has a right to use the Customer Group Personal Data processed through and by WeldEye for statistical purposes and business and product development purposes. This usage is executed so that the Customer’s identity or detailed information is not disclosed to third parties.

The Customer acknowledges and agrees that the Supplier’s and its third-party sub-suppliers’ servers may locate also outside the EU and hence, the Customer Group Personal Data may be processed in connection with the provision of the Cloud Service also outside the EU. In the event the Customer is an entity whose domicile is in the EU, the Customer shall, on its own behalf and on behalf of its subsidiaries, enter into the Standard Contractual Clauses Agreement (“SCCA”) with the Supplier. 

The Customer shall ensure that the Customer and its subsidiaries are entitled to transfer the relevant Customer Group Personal Data that is initially collected by the Customer and/or its subsidiaries and saved in the Customer’s systems to the Supplier so that the Supplier and its sub-suppliers may lawfully use, process and transfer the Customer Group Personal Data in accordance with this Agreement on behalf of the Customer and/or its subsidiaries.

The Supplier may use sub-suppliers to provide certain Services on its behalf for the Cloud Service.

The duration of the data processing of the Customer Group Personal Data shall be the term of this Agreement.

9. Retrieval of the Customer Data

Upon written request by the Customer made no later than one (1) month prior to the expiration of the agreed expiration or termination date of this Agreement, the Supplier shall make the Customer data stored in the Cloud Service available to the Customer through the Cloud Service on a limited basis solely for purposes of the Customer retrieving the Customer data for a period of forty-five (45) days after such request is received by the Supplier. After said forty-five (45) days period, the Supplier has no obligation to maintain or provide any Customer Data and shall thereafter be entitled to delete all Customer data. However, the Supplier shall not be required to remove copies of the Customer data from its servers or other backup media until such time as the backup copies are scheduled to be deleted.

10. Kemppi General Conditions

Kemppi General Terms and Conditions attached to these Terms are an essential part of and supplement the terms and conditions of this Agreement.                                                                                                             

11. Validity and Termination

These Terms shall become effective upon Activation of the Cloud Service and shall continue to be effective until the Agreement is terminated in accordance with this Section 11.

A party may terminate the Agreement by giving written notice to the other party at least six (6) months before the expiration of the Initial Period or any subsequent period, as applicable. The Customer shall pay any accrued fees, charges, and/or costs incurred prior to the effective date of termination on the effective date of termination at the latest. 

12. Applicable Law and Dispute Resolution

Section 19 of the Kemppi General Terms and Conditions shall apply to these Terms.

13. Assignment

Section 14 of the Kemppi General Terms and Conditions shall apply to these Terms.

Data processing agreement

1. Background and purpose

This Data Processing Agreement is an inseparable part of the WeldEye agreement including all appendices and documents incorporated thereto, entered into by and between the Supplier and the Customer (“Agreement”).

The purpose of this Data Processing Agreement is to agree on the terms and conditions for the processing of personal data by the Supplier on behalf of the Customer, which also comprises the scope of this Data Processing Agreement.

2. Definitions

For the purpose of this Data Processing Agreement, unless expressly otherwise stated or evident in the context, the following capitalized terms shall have the following meanings, the singular (where appropriate) shall include the plural and vice versa, and references to Sections or Subsections shall be references to sections and subsections of this Data Processing Agreement.

2.1. “Customer”

has the meaning given to it in the Agreement. In addition, anything stated in this Data Processing Agreement with reference to the Customer applies also to any party on behalf of which the Processor Processes Personal Data pursuant to the Agreement.

2.2. “Data Protection Laws”

means applicable data protection regulations and legislation, including but not limited to the GDPR and the data protection or privacy laws of any other country.

2.3. “EU”

means European Union.

2.4. “EEA”

means the European Economic Area.

2.5. “GDPR”

means the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

2.6. “Party”

means each the Customer and the Supplier individually and “Parties” shall mean jointly the Customer and the Supplier.

2.7. “Services”

means the services, systems, deliverables, and other activities supplied by or on behalf of the Supplier to the Customer pursuant to the Agreement.

2.8. “Standard Data Protection Clauses”

has the meaning given to it in Section 5.3.

2.9. “Sub-processor”

means another processor engaged by the Supplier in the Processing of Personal Data and, where applicable, possibly another Processor engaged by the Sub-processor of the Supplier.

2.10. “personal data”, “process” and “processing”, “controller”, “processor” and “data subject”

shall have the meaning set forth in the GDPR.

In addition, unless expressly otherwise stated, the applicable definitions provided in the Agreement shall be applied to this Data Processing Agreement. In case a definition provided in this Data Processing Agreement and a definition provided in the Agreement conflicts, for the purposes of this Data Processing Agreement the definition provided in this Data Processing Agreement shall prevail.

3. Processing of Personal Data
3.1.

The subject matter, nature, and purpose

3.1.1.

Pursuant to the Agreement the Supplier supplies Services in connection with which the Supplier processes personal data on behalf of the Customer. The subject matter of the processing is the Customer Group Personal Data as set out in the Agreement and this Data Processing Agreement.

3.1.2.

The nature and the purpose of the processing are to supply and enable the Services provided by the Supplier to the Customer pursuant to the Agreement.

3.1.3.

Nothing in this Data Processing Agreement shall operate to transfer, assign or otherwise grant to the Supplier any right or interest to the personal data, unless otherwise expressly stated in the Agreement.

3.2. Personal Data and Data Subjects
3.2.1.

Personal data comprises Customer Group Personal Data. Personal data may include also other types of data if required by the purpose of the processing agreed upon between the Parties.

3.2.2.

Processing involves the personal data of the Customer’s employees and possibly other data subjects determined by the Customer.

3.3.  Roles of the Parties
3.3.1. 

The Customer and, where applicable, its subsidiaries shall be the Controller(s) and the Supplier, shall be the Processor of any and all personal data processed pursuant to the Agreement.

3.4. Duration and termination of Processing
3.4.1.

The duration of the processing of personal data is conditional on the term of the Agreement. The processing shall be conducted as long as certain processing activities are required for the supply of the Services.

3.4.2.

If any processing by the Supplier is required after termination of the Agreement, e.g. in order to transfer data back to the Customer such processing shall be conducted in accordance with the provisions of this Data Processing Agreement. Any other kind of processing is prohibited unless otherwise agreed between the Parties or required by Data Protection Laws or other applicable laws.

3.4.3

In the event of termination of the Agreement, the Supplier shall, at the choice of the Customer, delete or return all applicable personal data to the Customer and delete existing copies unless Data Protection Laws require storage of the Personal Data.

3.5. Instructions for Processing
3.5.1.

The Supplier shall process personal data only in accordance with the Customer’s instructions. The Parties agree that this Data Processing Agreement comprises the Customer’s complete and final documented instructions to the Supplier in relation to the processing of the personal data. The instructions may be amended from time to time as agreed between the Parties in accordance with the provisions of the Agreement.

3.5.2.

If the Supplier may not follow the instructions given by the Customer due to applicable compelling laws or it considers an instruction to infringe any law, the Supplier shall immediately inform the Customer of such matter, and the Supplier has a right to refrain from such processing without any consequences.

3.6. Obligations of the Supplier
3.6.1.

The Supplier shall comply with all applicable Data Protection Laws in the processing of personal data.

3.6.2.

The Supplier shall implement appropriate technical and organizational measures for the security of processing as provided in the Data Protection Laws. The Customer accepts and warrants that the security measures under the Agreement, are adequate to meet the aforementioned level of security considering the data which the Customer utilizes in the Service.

3.6.3.

The Supplier shall also assist the Customer with reasonable effort in ensuring compliance with the data security obligations pursuant to Data Protection Laws taking into account the nature of processing and the information available to the Supplier.

3.6.4.

The Supplier shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation.

3.6.5.

The Supplier shall assist the Customer by reasonable technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligation to respond to requests for exercising the data subject’s rights under the Data Protection Laws.

3.6.6.

The Supplier shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in the Data Protection Laws.

4. Subcontractors
4.1.

The Supplier shall be entitled to engage Sub-processors in the processing of the personal data.

4.2. 

Before the commencement of the processing by a Sub-processor the Supplier shall inform the Customer in writing of the Sub-processor or a change of a Sub-processor and the specific processing activities it is engaged for, thereby giving the Customer the opportunity to object to such processing.

4.3. 

Where the Supplier engages a Sub-processor for the processing of personal data on behalf of the Customer, the Supplier shall impose on the Sub-processor the same obligations related to the processing of personal data as set out in this Data Processing Agreement.

5. Location and transfers of data
5.1.

The Customer acknowledges and agrees that in connection with the Services the personal data may be processed also outside the EU.

5.2. 

The Customer hereby authorizes the Supplier to enter into and undertake on the Customer's behalf such appropriate contractual arrangements with the recipient in a non-EU/EEA country for the transfer of personal data to third countries outside the EU/EEA as adopted and approved by the EU Commission or competent data protection regulatory authority in accordance with applicable Data Protection Laws (“Standard Data Protection Clauses”). As an alternative to entering into the Standard Data Protection Clauses, the Supplier may rely upon an alternative framework permitting the lawful transfer of personal data outside of the EU/EEA, provided that such framework is in compliance with applicable laws.

6. Data breaches
6.1. 

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed (“Data Breach”), the Supplier shall without undue delay after having become aware of it notify in writing the Customer. The notification shall at least:

(a) describe the nature of the Data Breach, and the affected personal data, including the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;

(b) communicate the name and contact details of a contact point where more information can be directly obtained in case such person is other than the contact person under the Agreement;

(c) describe the likely consequences of the Data Breach, in particular to the personal data; and

(d) describe the measures taken or proposed to be taken by the Supplier to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

7. Audit
7.1. 

The Customer or another auditor mandated by the Customer may audit the level of the data protection on and appropriateness of the processing of personal data by the Supplier upon fifteen (15) working days prior to written notice to the Supplier to ensure their compliance with this Data Processing Agreement and Data Protection Laws.

7.2. 

The Supplier shall contribute to the aforementioned audits and make available all information required to complete the audits.

7.3. 

The audits shall be performed during normal working hours and shall not unreasonably disturb the operations of the Supplier. Each Party shall carry its own costs and expenses accrued in connection with audits.