InvoiceNow Terms & Conditions
Master Subscription Agreement
This Master Subscription Agreement (further referred to as “MSA”) consists of the General Terms and Conditions (further referred to as “GTC”) with incorporated appendices and the Data Processing Agreement (further referred to as “DPA”) with appendices.
General Terms and Conditions
1.1. These General Terms and Conditions and incorporated appendices (the “GTC”) are entered into by Customer (as defined according to the Section 2 of the GTC) and Datapost Pte Ltd, a company registered under number 202103840H in Singapore, having its registered office at 176 Orchard Road, #05-05 The Centrepoint, Singapore 238843 (“Datapost”).
1.2. The Customer acknowledges that the GTC may change from time to time and agrees to follow the applicable GTC at any time. If the Customer does not agree to such changes, the Customer is entitled to terminate the Agreement. Customer must notify Datapost thereof within (30) days from the receipt of such change notification.
1.3. The following appendices are incorporated into the GTC and thus constitute an integral part of the GTC:
a) GTC Appendix 1 ‐ Authorization for outsourced e‐invoice issuance and validation
b) GTC Appendix 2 ‐ Authorization for outsourced e‐invoice issuance where an electronic signature is applied
c) GTC Appendix 3 ‐ Authorization for outsourced signature validation
2.1. For any new co‐operation (the “New Agreement”): The Customer is the organization stated in the electronic application, uniquely identied by its UEN-number.
2.2. For any extension of existing co‐operation, i.e. adding a new User Account under an already existing Agreement (the “Agreement Extension”): The Customer is the organization that has been defined in the electronic application, uniquely identied by its UEN-number.
2.3. For the purpose of these GTC, wherever the term Customer is used it also includes Customer’s authorized users.
3. Agreement acceptance
3.1. For new agreements ‐ according to the terms outlined in the contract.
3.2. For online agreement and agreement extensions – acceptance in the Datapost Portal.
3.3. Irrespective of the way of acceptance, Customer agrees to comply with all the terms and conditions of the MSA, including all appendices.
3.4. In the event, the Agreement has already been concluded between the Customer’s authorized representative and Datapost and is still in force, while this MSA is being accepted online by a new end user of the Customer, only sections 4, 7‐16, 22‐26, 28 and 30 of the GTC are applicable to the individual end user. For the avoidance of doubt, where there is no existing Agreement in place between the Customer and Datapost, the MSA is considered to be accepted as a whole with no exceptions.
“Admin User Account” means the User Account created in the Datapost portal by or on behalf the authorized representative of Customer in connection with concluding the Agreement with Datapost.
“Agreement” means the MSA and, as the case may be, Proposal, Professional Services Agreement (the “PSA”), Service Level Agreement (the “SLA”), and other appendices and addendums. These documents are available at www.Datapost/agreements and it is the most recent version which is binding for the Customer.
"Affiliate" means a company, corporation or other entity which directly or indirectly controls, is controlled by or is under common control with, a Party to this Agreement.
“Business Day” means any day which is not Saturday or Sunday, or a public holiday in Singapore.
“Change Request” means a process or a form under which the Customer requests Datapost to implement new or amend existing Software Services.
“Customer Contact Data” means any kind of Personal Data that can be linked directly or indirectly to a natural person who is Customer’s employee or otherwise represents Customer towards Datapost or uses or administrates Datapost Online on behalf of Customer.
“Customer Data” means the data Customer is processing via Datapost Online, such as E‐messages and their content, payment files or user account details.
“e‐Invoice” means a document or dataset that can be considered an invoice under applicable legislation and which has been issued and/or received in any electronic format.
“e‐Message” means for the purpose of this Agreement an electronic business document exchanged between the Trading Partners, including but not limited to electronic orders, order confirmations, dispatch advises, delivery confirmations, electronic invoices, reminders and payment files.
“Tax e‐Invoice” means the e‐invoice which is allowed to be used for the tax purposes by the Trading
Partners as opposed to an e‐invoice copy.
“Datapost Portal” means the online portal provided by Datapost (Access Point and cloud-based User Front-End), including but not limited to any related materials and documentation and services developed, modified and/or owned by Datapost.
”Datapost Partner” is a third party collaboration partner to Datapost, setting up and/or managing accounts in the Datapost portal on behalf of Customer(s) under a separate agreement between Customer and the Datapost Partner.
“Personal Data” means any kind of information that can be linked directly or indirectly to a natural person.
“Professional Services” means provided professional services as defined in the Proposal or a Change
Request, including but not limited to help desk and support.
“Proposal” means a proposal regarding the provision of Professional and Software Services.
“Recipient” means a party receiving an invoice or other electronic document, usually the buyer.
“Sensitive personal data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person's sex life or sexual orientation or Personal Data relating to criminal convictions and offences or related security measures.
“Services” means Professional and Software Services collectively.
“Software Services” means provided software services as defined in the Proposal or a Change Request, including but not limited to Datapost Online.
“Supplier” means an organization that supplies goods or services to buyer and that may be obligated to issue and store an Invoice, as well as, where applicable, to report, account for, and pay output VAT. “Trading Partner” means either Supplier or Recipient, who together are referred to as “Trading Partners”.
“User Account” means a logged‐in environment within the Datapost Portal through which the Customer’s representative have access to E‐messages distributed or received via Datapost’s network, as well as ordered Customer specific settings.
5.1. Customer confirms and authorizes eInvoice Pte Ltd, registered in Singapore, to register for a Peppol Identity and undertake transmission/routing of E-Invoices for and on behalf of the customer.
6. Grant of license
6.1. Subject to the terms and conditions of the Agreement, Datapost hereby grants Customer a non‐exclusive, non‐transferable and non‐sub licensable license to use the ordered Software Services solely within Customer’s business during the Agreement Period. Datapost reserves all rights not expressly granted.
6.2. During the license period, Customer has the right to use the Software Services for the agreed volume of e-Invoices per year as specified in the proposal.
6.3. Software Services are provided as standard solutions but may be adapted in order to be integrated with a Customer’s ERP system or similar. Unless otherwise agreed, only Datapost or a company appointed by Datapost may conduct such adaptations. Any such adaption shall be owned by Datapost and will be included in the Software Services. Subject to the terms and conditions of the Agreement, Datapost hereby grants Customer a non‐exclusive, non‐transferable and non‐sub licensable license to use such adaptions solely within Datapost’s e-Invoice services and within Customer’s business, during the Agreement Period.
6.4. Datapost’s standard delivery does not automatically include new features and/or solutions in the Software Services.
7. Payment and remuneration conditions
7.1. Unless otherwise have been agreed between the Parties, payment shall have been made no later than thirty (30) days after the invoice date.
7.2. In event of delay in payment, Datapost shall be entitled to charge interest on any overdue amount from the due date until the date of payment at the rate determined by applicable late payment interest legislation.
7.3. Datapost reserves the right to suspend Customer from the Services, in whole or in part, if Customer does not make timely payments, or if Customer commits any other breach of the Agreement.
7.4. For all Software and Transaction Services, the annual license fees will be invoiced in advance, however, not earlier than the Agreement Date, and transaction fees in arrears.
7.5. Professional Services will be invoiced monthly in arrears. Unless expressly exempted in this MSA, the agreed hourly rates for Professional Services shall apply for all work performed by Datapost for the Customer, including but not limited to (i) change requests, (ii) work resulting in breach of Customer’s responsibility (iii) support services, (iv) general consulting.
7.6. Datapost’s regular hourly rate applies to the performance of Professional Services during Ordinary Working Hours (as defined further in this paragraph), while for Overtime 1 – multiplication factor 1,5 is applied and for Overtime 2 – multiplication factor 2 is applied:
a) Ordinary Working Hours:
Weekdays, except Saturday and Sunday, 09 AM ‐ 06 PM Singapore Time
Weekdays, except Saturday and Sunday, 06 AM ‐ 08 AM and 06 PM – 8 PM Singapore Time
08 PM ‐ 06 AM Singapore Time, and Saturday and Sunday
Customer will reimburse Datapost for verified expenses for travel, accommodation and subsistence incurred by Datapost in the performance of the Services provided that the expenses have been approved by Customer beforehand. Such expenses will be invoiced monthly in arrears.
sg has the right to unilaterally adjust existing or add new fees. In this case, Datapost shall inform Customer of any such adjustments no later than three (3) months before the change(s) come into force. If Customer does not agree to such changes, Customer is entitled to terminate the Agreement. Customer must notify Datapost thereof within (30) days from the receipt of such change notification.
8. Datapost’s responsibilities
8.1. Datapost shall starting from the agreed start date to provide Software Services according to the Proposal or Online Offer.
8.2. Datapost reserves the right to undertake changes to the Software Services but shall inform Customer without undue delay of any material changes to Software Services affecting Customer.
8.3. Datapost shall offer standard updates or bug fixes of the Software Services during the Agreement Period and make such available to Customer without any additional charge.
9. Customer’s responsibilities
9.1. The Customer undertakes to:
ensure that the environment integrated with or otherwise used by the Customer is updated according to the, at the applicable time, instructions provided by Datapost (in case of on-premise connector software installed and used).
ensure that all instructions provided by Datapost are followed,
be solely responsible for any backup of Customer Data,
ensure that the Customer Data passed through Software Services is free from any viruses and, or other similar harmful software and can have in no way a negative effect on Datapost or its Software Services,
not attempt to use the Software Services with crawlers, robots, data mining or extraction tools other than those provided by Datapost.
ensure that Customer Data in Datapost-portal is provided according to, at that time applicable, Datapost’s instructions and recommendations,
ensure that log‐in credentials to the User Accounts are kept safe and that and all times sufficient security protocols and procedures are followed when Datapost is used,
appoint a physical person (officer) for receiving the Log‐in details for Datapost, and keep Datapost informed of the contact details to that person,
be solely responsible for the communication between Customer and Datapost, including ensuring that Customer has the necessary equipment and software applications or access points to access and use Datapost, as communicated by Datapost to Customer from time to other, and
update and correct information that has been submitted through Datapost including but not limited to the User Accounts and ensure that it is accurate at all times (outdated information may result in a User Account being blocked or otherwise invalidated).
The Customer undertakes to not:
attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the Software Services in any form or media or by any means, or
attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human‐perceivable form all or any part of the Software Services, or
access all or any part of the Software Services in order to build a product or service which competes with the Software Services, or
use the Software Services to provide services to third parties, unless otherwise explicitly agreed with
license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the Software Services available to any third party, or
attempt to obtain, or assist third parties in obtaining, access to the Software Services and/or any related documentation.
The Customer shall use all reasonable efforts to prevent any unauthorized access to, or use of, the Software Services and, in the event of any such unauthorized access or use, promptly notify Datapost or its Affiliates.
Customer has full responsibility for the following aspects of e‐Message:
Timely delivery of the e‐Message, especially payment instructions, to Datapost if certain time frames, e.g. bank holidays, must be observed,
Customer is solely responsible to ensure that the content of the exchanged e‐Messages is correct and complete, and that the e‐Message otherwise fulfills the legal requirements,
the right payment authority for VAT and any other applicable tax is used on e‐Messages according to applicable laws,
Customer has implemented and follows tailored business control processes, e.g. creation, issuance and receipt of invoices, credit notes, corrective invoices, etc.,
special requirements regarding self‐invoicing (self‐billing) and other indirect invoicing processes, are followed and complied with.
Customer, when acting as the Recipient of an e‐Messages transaction, obliges itself to receive e‐Messages in an electronic form and to treat these electronic documents as Tax e‐Invoices for tax purposes, where applicable.
Customer acknowledges and confirms that they are fully liable towards the tax authorities for the einvoice, GST and other tax related consequences. Among other things, Customer is fully responsible for reporting and paying GST and other taxes as appropriate in the same way as if the e‐Invoice had been issued directly by Customer. Outsourcing of e‐Invoice issuing or validation functions does not lead to any change of liability when it comes to Customer’s tax or accounting law obligations.
In respect of the payment instructions, Customer is responsible for activating the file approval service in Datapost if the file is automatically processed (without approval in the bank interface) in the bank/clearing house (optional service).
10. Error management in Datapost Online
10.1. Through Datapost, Datapost receives and delivers e‐Messages between Trading Partners. Datapost will notify Customer of any failure in delivering any e‐Message, regardless of the reason, by sending a notification in Datapost, an e‐mail, or other agreed communication channel. Such notifications will be sent as soon as the failure is detected by Datapost. Thereafter Customer is responsible for taking appropriate actions.
11. Originals management
11.1. Unless otherwise agreed between the Trading Partners and explicitly communicated to Datapost, Datapost will have the right to determine the Tax Invoice and its format, according to the applicable regulations or otherwise best e‐Invoicing and where applicable other e‐Messaging practice in the given industry.
11.2. Datapost will ensure appropriate document labelling in Datapost.
11.3. Any print‐outs from Datapost Online shall constitute copies and shall be marked as such.
11.4. The invoice received via Datapost shall constitute the Tax e‐Invoice.
12. Duplicate control
12.1. Customer acknowledges and agrees that Datapost in order to perform its Services, or if requested or otherwise ordered by the Customer, has the right to perform necessary duplicate control of e‐Invoice and where applicable other e‐Message numbering, i.e. that the same e‐Invoice and where applicable other eMessage identification number has not already been used during the same fiscal year.
13. Format, content and code list conversions
13.1. Customer acknowledges and agrees that Datapost in order to perform its Services, or if requested or otherwise ordered by the Customer, has the right to perform necessary conversions of the format as well as the content of the e‐Messages and invoice data exchanged between the Trading Partners in order to ensure among others the correct delivery and originals management of e‐Messages.
14. Content validation
14.1. Customer acknowledges and agrees that Datapost in order to perform its Services, or if requested or otherwise ordered by the Customer, has the right to perform necessary content validation, e.g. control whether the mandatory data fields lack input, in order to ensure conformity of e‐Invoices or, as the case may be, other e‐Messages with the legislation as well as the Recipients’ requirements.
15. Content enrichment
15.1. Customer acknowledges and agrees that Datapost in order to perform its Services, or if requested or otherwise ordered by the Customer, has the right to perform necessary content enrichment, e.g. add missing data elements, in order to ensure conformity of e‐Invoices or, as the case may be, other eMessages with the legislation as well as the Recipients’ requirements.
16. Outsourcing authorizations
16.1. Where required and allowed by the local regulations, Customer, entitles Datapost or, as the case may be, Datapost’s subcontractors to perform certain services in the name or on behalf of Customer.
16.2. Details of such authorizations are stated in appendices to the GTC.
16.3. If it is necessary for compliance with applicable legislation, Customer agrees to sign further documentation as necessary to enable Datapost to provide its Services.
16.4. Customer acknowledges and agrees that the authorizations and other rights under this Agreement and its appendices have been provided to Datapost merely for the purpose of enabling correct E‐message handling and issuance of electronic invoices.
17. Data Export
17.1. Customer may at any time request a Customer Data export from Datapost or, as the case may be, the archiving service. Datapost will assist Customer with providing such exports in accordance with current hourly fees (optional service).
17.2. Customer has been informed and confirms that when exports of Customer Data from Datapost are requested only data from the last ninety (90) days will be available.
18. Datapost Free Webportal
18.1. Customers using Datapost’s Free Webportal acknowledge and agree that the initial 100 transactions per month (inbound and outbound calculated together) will be free of charge, thereafter Datapost reserves the right to charge a fee per transaction S$ 0.16 per transaction, to be invoiced in Singapore Dollars, unless otherwise stated in the Proposal.
19. Intellectual property rights and know‐how
19.1. Datapost retains all ownership and intellectual property rights to anything developed or modified by Datapost or its Affiliates and provided to, or accessed by, Customer.
19.2. Customer retains all ownership and intellectual property rights related to their software, content or data.
19.3. After termination of the Agreement, Customer undertakes to immediately remove and destroy all provided Log‐in details, documentation and similar materials of Datapost and its Affiliates.
20. Third‐Party Terms
20.1. Customer acknowledges that Datapost’s Software Services may contain software (including open source software) distributed under third party agreements (“Third‐Party Components”), which contain terms regarding the rights to use certain portions of Software Services (“Third‐Party Terms”).
20.2. Such Third‐Party Components may require notices or acceptance of additional terms and conditions. Such notices or additional terms and conditions can be obtained by visiting www.Datapost/third‐partycomponents and are incorporated by reference into this agreement.
20.3. Should the Third‐Party Terms conflict with the GTC the Third‐Party Terms shall take precedence over the GTC.
20.4. Datapost is not responsible for updating or maintaining such Third‐Party Components or for technical errors such as bugs or similar.
21.1. Customer acknowledges and agrees to Datapost and its Affiliates may engage subcontractors for performance of ordered Services without any notification to or approval from Customer.
21.2. Datapost bares full liability towards Customers for the performance of each subcontractor or supplier that it engages.
22.1. Each Party undertakes during the Agreement Period and five (5) years thereafter to not disclose, without written consent from the other Party, any information regarding, or connected to, the other Party that can be considered confidential information and/or business secrets, regardless of if the information is specifically marked as confidential or not. Information regarding price lists and price models provided by Datapost shall at all times be considered business secrets and confidential.
22.2. The Customer shall, upon becoming aware of any unauthorized disclosure of such information, promptly notify Datapost of such event, and provide reasonable assistance to Datapost Group in rectifying such unauthorized disclosure.
22.3. The confidentiality undertaking is not applicable for information which the Party can prove is or has become common knowledge, without any breach of this Agreement. Nor is the confidentiality undertaking applicable if a Party is obliged by law to reveal such information. In such event, the Party revealing the information shall, prior to revealing the information, inform the other party of the request if not prevented from doing so by, at the time applicable, legislation.
22.4. If Customer has received access to Datapost through a Datapost Partner and/or a Datapost Partner manages Customer’s Datapost account, Customer consents to Datapost disclosing Customer Data to the Partner.
22.5. Datapost and the Datapost Partner may use anonymized Customer Data and data aggregated with other customer’s data for enhancing the Services and for statistical and marketing purposes.
22.6. The Parties shall by confidentiality agreement, or other corresponding actions, assure that the confidentiality undertakings, according to the Agreement, are followed by employees, consultants, subcontractors and others performing under or in connection to the Agreement.
22.7. Datapost may use the Customer’s name for marketing purposes
23. Personal Data Protection
23.1. Handling of Personal Data
The Parties agree and acknowledge that Customer will act as data controller and Datapost as data processor in respect of Personal Data processed under this Agreement, except of what is stated regarding Customer Contact Data which is outlined below. Customer is responsible for ensuring that their instructions to Datapost regarding the processing of personal data constitutes suitable measures for protection of personal data according to applicable personal data legislation.
Customer is solely responsible for establishing the purposes of and means for Datapost’s (or its subcontractor’s, as appropriate) handling of personal data in connection with Datapost.
Additional provisions regarding the handling of personal data are defined in the Data Protection Agreement.
23.2. Handling of Customer Contact Data
The Parties agree and acknowledge that they will both be acting independently as data controllers in respect to the Contact Data processed by them, respectively pursuant to the Agreement and that
sg will be the data controller in respect to any Customer Contact Data received from Customer.
sg will electronically process personal data pertaining to the contact persons of Customer, such as contact information, in order to provide Customer with the Services and to administer the business relationship with Customer. The data may also be used for statistical analysis and business reporting purposes and to comply with applicable laws and regulations. Datapost may disclose the information to its Affiliates, which may also use the information for the purposes described herein. Registered persons have, upon written request, right to access the data related to them. They also have the right to rectify such data. Further information may be obtained by contacting the controller of the data at office.sg@Datapost.com or at the registered address stated above.
sg may use Customer Contact Data in order to send newsletters, to conduct product surveys, to advertise similar products or services of Datapost and for event invitations. Datapost is entitled to submit Customer data, including its contact persons, to its Affiliates which are entitled to use the data for the purposes described above, to the extent permitted by law. The recipient of such advertising can opt out from receiving further marketing communication by contacting office.sg@Datapost.com.
24. Compliance with laws, rules and regulations
24.1. Each Party shall at all times comply with all laws, rules and regulations in connection with and applicable to each Party’s performance and activities under this Agreement, including but not limited to:
those concerning the furnishing of any documents or information required to comply with customs laws, rules and regulations, including required exportation or importation of documents,
those concerning the filing of reports and documents with any taxing authority and the payment of all taxes, duties and charges (and any penalties thereon) resulting from Party’s activities in connection with this Agreement, including income and social security taxes,
any security laws and regulations,
any registration requirement.
25. Code of Conduct and other directives
25.1. Customer undertakes to comply with the applicable requirements in Datapost at each time applicable code of conduct (the "Code of Conduct"), which will be provided to Customer upon request, or such equivalent code of conduct as jointly agreed by the parties.
25.2. If Customer does not comply with the Code of Conduct or equivalent code of conduct, Customer where reasonable and possible shall provide Datapost with a plan for implementation of the said Code of Conduct.
25.3. In the event Customer does not comply with Code of Conduct, and such non‐compliance cannot be remedied by Customer and is of significant importance for Datapost, Datapost shall have the right to terminate this Agreement.
26. Force Majeure
26.1. If the Parties are prevented from fulfilling their obligations under this Agreement due to circumstances which the Parties have no control over (e.g. lightning strike, fire, changed legal provisions or regulations provided by authorities, intervention by authorities, strike, communication or transport disruptions, changes in exchange rates or natural disasters) the Parties shall be released from its liabilities until the circumstance given rise to the Parties’ inability to fulfil their respective obligations are no longer enforced. If a Party is prevented from fulfilling its obligation for a period longer than thirty (30) calendar days due to any such circumstance mentioned above, Parties shall have the right, to terminate the Agreement with immediate effect without being liable to pay compensation.
27. Limitation of Liability
27.1. If a Party does not fulfil its obligations under this Agreement, the other Party shall be entitled to claim damages.
27.2. Neither Party is liable for unforeseeable damages or damages atypical for the Agreement, in particular for indirect or consequential damages.
27.3. In any event, Datapost’s entire liability for any cause of action or non‐action shall be limited to the value of all fees paid by Customer to Datapost during the past 12 months, or if 12 months has not passed, a calculated 12‐month period containing fees paid and expected fees payable.
27.4. This limitation shall not apply to damages caused by Datapost’s gross negligence or wilful misconduct.
27.5. For the avoidance of doubt, this Section 30 shall survive the expiration or termination of the Agreement
28. Notices under this Agreement
28.1. Notice of termination or any other correspondence under this Agreement shall be made in writing by letter or E‐mail to the contact details provided in the Agreement or as agreed otherwise in writing.
29. Assignment of the Agreement
29.1. The Agreement cannot be transferred without a written approval from the other party. Notwithstanding the foregoing, Datapost may transfer its rights and obligations under this Agreement to its Affiliates and its right to receive payments under this Agreement to a third party.
30. Agreement period
30.1. The Agreement will initially be valid until the Contracted End Date as defined in the Proposal or, if no such Contracted End Date has been set out, for a period of twelve (12) months from the moment the Agreement became legally binding as defined in the Proposal and this MSA.
30.2. Unless cancelled by either Party with a written notice at least three (3) months before the expiry of the agreement period, the Agreement will thereafter be prolonged for a successive period of twelve (12) months.
31. Termination of the Agreement
31.1. Either Party may terminate the Agreement with immediate effect upon written notice if:
the other Party materially breaches any provision of the Agreement, or
the other Party repeatedly or continuously fails to meet its obligations under the Agreement and does not upon the other Party’s request remedy such failures within a reasonable time frame denoted by the other Party, or
the other Party has provided incorrect or misleading information, or has concealed circumstances of importance, or
the other Party, or its representatives, may be suspected of having committed a criminal offence in connection with the performance of the Agreement or usage of Software Services, or
the other Party may be expected to go bankrupt, enter into corporate or composition proceedings, suspend payments or otherwise be deemed insolvent or have significant financial difficulties.
32. Effect of cancellation or termination of the Agreement
32.1. Upon cancellation or termination of this Agreement:
Customer shall promptly cease use of Datapost’s Software Services, and Datapost has the right to cease all further Customer access to Software Services.
All outstanding invoices immediately become due and payable by Customer.
Customer shall promptly return to Datapost and/or destroy all Datapost property, including, but not limited to, all copies of Log‐in details to Datapost Online and any other proprietary information of Datapost Group delivered under the Agreement.
Customer acknowledges that, unless prevented by law, all Customer Data will be deleted after ninety (90) days after termination of the Agreement, except of payment instructions which will be deleted after twenty‐four (24) months. Datapost may however keep anonymized and aggregated Customer Data for herein agreed purposes.
Customer acknowledges that it is Customer’s responsibility to before the termination of the Agreement store any Customer Data that Customer wishes to keep after the termination. Datapost may upon
Customer’s request at applicable remuneration assist in such preservation work (Data Export).
In event of termination of the Agreement with immediate effect by Customer according to section 30, Datapost shall repay any outstanding annual fees from the date of termination.
33. Document hierarchy
33.1. This Agreement supersedes all existing agreements between the Parties on the subject matter hereof, whether written or oral, and all such prior agreements are hereby terminated by mutual consent by the
33.2. This Agreement consists of the following documents, and in case of conflict between the provisions of such, shall be given precedence in the order listed below:
The most recently dated amendments to the Agreement,
The Data Processing Agreement (DPA) and incorporated appendices,
The General Terms and Conditions (GTC) and incorporated appendices,
The Professional Services Agreement (PSA),
The Service Level Agreement (SLA),
Other agreed appendices and addendums
33.3. In the event Datapost has provided a Convenience Translation of the Agreement or any other document (i.e. a version in a language different from the original language), the original text in ENGLISH remains the only legally binding text.
34. Severability clause
34.1. If for any reason a court of competent jurisdiction finds any provision of this Agreement, or any portion thereof, to be invalid, null or unenforceable, that provision or portion shall be enforced to the maximum extent permissible so as to affect the original intent of the Parties, and the remainder of this Agreement shall continue in full force and effect.
35. Dispute resolution
35.1. The Parties recognize that the amicable resolution of any disputes is in their mutual best interests. As such, the Parties agree to promptly notify the other Party of any dispute and to engage in good faith in consultations to resolve such disputes.
35.2. Would the Parties fail to reach such amicable resolution, either Party may refer any difference to be settled in accordance with section 35 of these GTC.
36. Governing law and dispute resolution
36.1. This Agreement shall be governed by and construed in accordance with the substantive laws of Singapore.
36.2. Any dispute arising out of or in connection with this Contract, including any question regarding its existence, validity or termination, shall be determined by arbitration in Singapore in accordance with the LawSoc Arbitration Rules in force at the commencement of the arbitration.
36.3. The place of arbitration shall be Singapore.
36.4. The language to be used in the proceedings shall be English.
Service Level Agreement
Subject to the terms and conditions of the Agreement and to the Customer’s timely payment of charges, Datapost hereby agrees to:
make the Datapost Product(s) available in accordance with the provisions of this Exhibit;
provide maintenance and support with respect to this/these Datapost Product(s):
Availability of the Datapost Product
The Datapost Product is deployed on a Google public cloud and shall be made available on a single production environment which can be used by multi- tenants.
Datapost provides the Datapost Product with an Availability of 99,7 % or higher as measured per calendar month. This calculation period will start on the first day of the month. This 99,7 % Availability is only applicable to the production environment and not to potentially agreed test, training or non- production environments. Available means that the Datapost Products are available for access and use by the Authorised Users over the Internet and operating materially in accordance with the Documentation.
The Availability shall be calculated in accordance with the following formula:
Availability (%) = ((SL – DT) / SL) * 100
SL meaning the Datapost Product Level, i.e. 24 hours a day, every day of the month.
DT or Downtime, meaning the period within the SL that the Datapost Product is not available. Downtime is calculated from when the failure was reported by the SPOC until the Datapost Products were again available.
Downtime shall not include (i) interruptions due to problems in the systems of Customer and/or its Authorised Users, (ii) interruptions which result from a Force Majeure Event, (iii) interruptions due to network availability or bandwidth limitations outside Datapost’s network and the network of its subcontractors and (iv) scheduled maintenance as set out in clause 3.3 (Maintenance) of this Exhibit and (v) other downtime to which the Customer has specifically agreed..
Datapost shall be responsible for all changes and updates and maintenance to the Datapost Product which may from time to time be necessary and/or useful.
Changes and updates: Datapost may at its discretion make changes or updates to the Datapost Product specifications (such as infrastructure, security, technical configuration, application or platform features, interfaces, …) during the term of this agreement, including to reflect changes in technology, industry practices and patterns of system use.
However, Datapost shall take all reasonable commercial efforts not to make any changes to the specification which result in a material reduction of the level of functionality, performance, security or Availability of the Datapost Product provided to the duration of the term.
Scheduled and unscheduled maintenance: Datapost shall provide maintenance with reasonable skill and care. Schedule maintenance does not count as Downtime. Datapost shall inform Customer and the Customer SPOCs via e-mail of any Scheduled maintenance (i.e. starting point of the maintenance and expected duration) at least twenty four (24) hours in advance that is likely to affect the access and/or use of the Datapost Product.
Whenever possible, Datapost shall use its reasonable efforts to perform the scheduled maintenance outside Business Hours.
In addition, Datapost may for corrective and preventive reasons in its sole discretion take the Datapost Product down for unscheduled maintenance. Datapost will take all reasonable effort to inform Customer in advance and if not possible inform Customer and its Authorised Users within 48 Business Hours after the start of the unscheduled maintenance. Information will be provided via an e-mail to the Customer SPOCs. Unscheduled maintenance will be counted as Downtime for the purpose of calculating the Availability.
Before Datapost and/or Customer make changes to integration interfaces between the backend and the Customer’s internal data stores or systems, Datapost, respectively Customer shall provide notice to the other in order to ensure the continued operation of any integration interfaces affected by such changes.
Datapost shall provide support services in relation to the Datapost Product in accordance with the terms set out in this Clause 4 (Support). As a prerequisite, the Parties agree that Customer shall provide the first level of technical and functional support for services requests or incidents raised by the users (technical users and/or end- customer of Customer) of the Datapost Product. In this respect, Customer will have sufficient internal help- desk facilities, including a help- desk for ICT infrastructure problem.
Contacting the service desk
Customer shall be entitled to contact the Datapost support desk. Customer shall designate an agreed number of SPOC’s who are authorised to contact the support desk. Customer can contact the support desk to:
report an Incident.
together referred to as ‘Support’
Datapost will not charge for such Support, it being understood that Incident support shall, provided that the Incident was not caused by Customer or its Authorised Users and unless otherwise set out in this Agreement, be included in the Charges. Unless otherwise set out in the Order Form, Service Requests will be charged on a time and material basis, based on Datapost’s then current hourly rates. A minimum of one hour will be charged per issued Service Request.
The contact details of the support desk:
The service desk is available during on Business Hours. Incidents received outside Business Hours will be analysed by the Service Desk, starting the next Business Day.
When reporting an Incident, Customer shall provide Datapost with the following information in English:
the name and job title of the user;
a short description of the Incident and how it is manifested;
how the Incident can be reproduced or verified;
in what situations the Incident occurs;
the type of device and browser used;
user/logingname- URL of the used system / problematic page
exact time when the Incident occurs (especially with respect to the transfer of documents)
the effects of the Incident; and
invoice number(s) affected, if the Incident can be related to generated/processed invoice numbers;
transmission paths, to the extent that these play a role;
any other relevant information (screen prints, logs, etc.)
When asking for a Service Request, Customer shall provide Datapost with the following information in English:
Email address of the Authorized User:
a short description of the Service Request
an indication of desired timing
any other relevant information (screen prints, logs, etc.)
Customer shall inform Datapost of Incidents without undue delay following the detection thereof.
Classification of incidents
Incidents are classified by Datapost. Priority setting of the Incident is done on the basis of 2 axes:
Impact: the amount of end- users (meaning customers using the Datapost Product) impacted by the issue
Affects more than 85% of average daily end- users
Affects between 15% and 85% of average daily end- users
Affects less than 15% of average daily end- users
Severity: the severity of an issue for the impacted end-users
Blocking for the core usage of the Datapost Product. No Work Around is available
Blocking for the core usage of the Datapost Product. A Work Around is available
None blocking for the core usage of the Datapost Product
This gives the following matrix
An incident shall only exist when such can be demonstrated and reproduced using a version of the supported release.
Response and reProduct
In relation to Incidents, Datapost shall adhere to the Response Times set out in the table below.
Datapost shall make reasonable attempts to resolve the Incident as soon as reasonably possible. Datapost shall have no obligation to correct the Incident in respect of:
Incidents resulting from any modifications of the Datapost Product made by any other person than Datapost or a third party authorised by Datapost;
the incorrect use of the Datapost Product or the use of the Datapost Product in conflict with any instructions from Datapost;
incidents not related to the Datapost Product.
In the event that any of the aforementioned situations would occur, Datapost may, after consultation with Customer, decide to correct the incident in relation to (a) and (b), or support and collaborate with Customer in the event of (c). In such case the service levels related to response and reProduct time shall not apply and Datapost shall be entitled to invoice Customer for such correction and/or support/collaboration at its then current hourly rates.
Response to Service Requests
In the event that Customer would issue a Service Request, Datapost shall take all reasonable efforts to respond as soon as possible.
If Customer desires any Non Standard Changes or updates of the Datapost Product which are not on the roadmap of Datapost, Customer may notify Datapost by sending a change request. Datapost shall not be obliged to make such specific change or update.
In this Exhibit the capitalised terms will have the same meaning as those set out in the Terms of Service. In addition to this, the following words and expressions shall have the following meaning:
‘Availability’ means the availability of the Datapost Product calculated on a monthly basis in accordance with this Exhibit.
‘Business Day’ means any day except any Saturday, any Sunday and any legal holiday in the country where the Datapost entity has its registered office.
‘Business Hours’ means Monday to Friday, from 9 am to 5 pm with the exception of public and banking holidays in the country where the Datapost entity has its registered office.
‘Incident’ means any deviation from the standard operation of the Datapost Product which causes an interruption to, or a reduction in quality of the Datapost Product;
‘Response Time’ means the time between when Datapost received a report from Customer indicating an Incident and when Datapost responds back to Customer that the Incident has been identified and a case ID number has been created;
‘Service Request’ means a request for a Customer SPOC for technical or functional information or technical or functional advice, or for a Standard Change or for access to an IT service;
‘Standard Change’ means changes which do not require a detailed analysis or architectural engineering before implementation as they are considered to be part of the typical tasks of a system or application administrator. Non-Standard change need to be discussed via the Datapost account manager;
‘Work around’ means any method/action that, after the occurrence of an Incident, brings the system back into normal operation, without necessarily correcting the Problem (i.e. the root cause, the software error) that caused the Incident.,
Data Processing Agreement
This Data Processing Exhibit (hereinafter DPA) supplements the Agreement, entered into between Customer and Datapost in relation to the processing of Personal Data.
In this DPA, the following definitions shall have the following meaning:
“Annex”: an annex to this DPA, which forms an integral part thereof.
"Data Subject", "Personal Data", "Personal Data Breach" and "Processing" shall have the same meanings as in the Data Protection Legislation. "Processed" and "Process" shall be construed in accordance with the definition of "Processing";
"DPA" This Data Processing Addendum, including the Annexes, in which the general rules are laid down with regard to the conditions pursuant to which Datapost will perform the activities for the Processing of Personal Data on behalf of the Customer. The DPA shall be an integral part of the Agreement. This DPA will take effect as from Effective Date and shall continue to be in force and effect until the termination of the Agreement.
"Data Protection Legislation" means applicable data protection laws;
"Third Party" means any person or entity which is not a party to the Agreement, including any contractors (including Sub Processors).
"Services" means the services, functions, responsibilities and outputs to be provided and fulfilled by Datapost under the Agreement.
"Sub Processor" means a Third Party engaged by Datapost as sub-processor to provide the Services or any part of them.
Datapost will Process Personal Data on behalf of the Customer in relation to the Services requested by Customer. In this respect the Customer determine the purposes and means of the Processing and expressly acknowledges and warrants that you have all necessary rights to provide the Personal Data to Datapost, and that one or more lawful bases set forth in the Data Protection Legislation supports the lawfulness of the processing. Datapost shall without undue delay inform the Customer if, in its our opinion, an instruction infringes this DPA, Data Protection Legislation or other EU or Member State data protection provisions.
Where Personal Data is Processed by Datapost, its agents, Sub Processors or employees under or in connection with the Agreement, Datapost shall, and shall procure that its agents, Sub Processors and employees shall:
only Process the Personal Data or disclose or permit the disclosure of the Personal Data to any Third Party:
in accordance with the instructions the Customer as stated in this DPA and Annex 1; or
where required by EU or Member State law to which Datapost is subject, in which case Datapost shall inform the Customer of that legal requirement before Processing that Personal Data, unless that law prohibits such information being provided on important grounds of public interest;
take reasonable measures to ensure that all employees, agents and Sub- Processors who may have access to the Personal Data:
are informed of the confidential nature of the Personal Data; and
are subject to confidentiality undertakings or professional or statutory obligations of confidentiality that apply with respect to (the Processing of) such Personal Data;
except where statutory guidance indicates that a Personal Data Breach is not required to be notified by Datapost, notify the Customer without undue delay upon becoming aware of a Personal Data Breach and otherwise assist the Customer taking into account the nature of Processing and the information available to Datapost, in meeting its obligations regarding the notification, investigation, mitigation and remediation of a Personal Data Breach under the Data Protection Legislation, without prejudice to Datapost’s right to charge the Customer for any reasonable costs for such assistance;
assist as reasonably requested by the Customer, to the extent necessary to enable the Customer to comply with any exercise of rights by a Data Subject under the Data Protection Legislation in respect of Personal Data Processed by Datapost under the Agreement or comply with any assessment, enquiry, notice or investigation under the Data Protection Legislation, including by any regulator, subject to reasonable advance notice and without prejudice to Datapost’s right to charge the Customer for any reasonable costs for such assistance;
only authorise Sub- Processors to Process the Personal Data ("Sub-Processor") not reasonably objected to by the Customer, subject to:
informing the Customer of the identity of the proposed Sub-Processor. Datapost will inform the Customer of all intended changes with regard to the addition or replacement of other Sub- Processors. Customer is entitled to give its written and motivated objections to such Sub- Processor within a period of five (5) days after such notification. In absence thereof, the Sub- Processor shall deemed to be accepted. In the event Customer provide Datapost with a motivated objection, the parties will discuss these objections. In the even the Parties do not find a reasonable agreement, the Customer is entitled to terminate the Agreement and this DPA.; and
including terms in the contract between Datapost and the Sub-Processor which are the same as those set out in article 28 (3) of the GDPR; and
Datapost remaining liable to the Customer in accordance with the terms of the Agreement relating to liability, for any failure by a Sub-Processor to fulfil its obligations in relation to the Processing of any Personal Data;
cease Processing the Personal Data upon the termination or expiry of the Agreement or, if sooner, the Service to which it relates and, at the Customer’s option, either (if technically possible) return or delete the Personal Data and any copies of it or of the information it contains unless the parties have agreed otherwise in the Agreement and without prejudice to any EU or Member State legal obligations for Datapost to store or archive such Personal Data..
The nature and purpose of the Processing, type of personal data and categories of Personal Data to be Processed are further detailed in Annex 1.
The Customer hereby agrees that Datapost, at the moment of entering into this Agreement, will engage with the Sub- Processors as detailed in Annex 1 for the Processing of Personal Data as stated in this DPA.
Datapost can only be held liable for an infringement of this DPA that is directly attributable to them, or the provisions that apply directly to Datapost on the basis of the applicable Data Protection Legislation insofar as the Customer has complied with its own obligations as set out in this DPA and the applicable Data Protection Legislation. The liability provision set out in the Agreement is fully applicable. In the event no limitation of liability was agreed in the Agreement, the liability that Datapost may incur shall be limited to the value of the Agreement.
Upon reasonable request, Datapost shall make available to the Customer all information necessary to demonstrate compliance with its obligations under Article 32 to 36 of the GDPR., If such information is not sufficient and Datapost is not able to give the Customer a sufficient answer to your additional questions, the Customer is allowed to conduct or mandate another auditor to conduct an audit. Such third party auditor may be refused by Datapost if this is a competitor of Datapost or if there is a conflict of interest with this mandated auditor. The audit may be conducted for the purpose of verifying the compliance with its obligations under this DPA and shall be without prejudice to Datapost’s right to charge the Customer any costs for such assistance. An audit may not take place more than once per contract year and must be notified at least 60 days in advance. All audit costs are exclusively borne by the Customer. Datapost may limit the access of the Customer to the premises of Datapost to a space provided by Datapost and the auditor may not copy or delete documents from Datapost without the prior approval and consent of Datapost. The Customer shall guarantee that the audit is carried out in such a way that the inconvenience for Datapost is kept to a minimum. The Customer will impose sufficient confidentiality obligations on its auditors. In addition, Datapost has the right to require the auditors to sign a non-disclosure agreement before the start of the audit. In all cases, it is essential to protect the confidential information of Datapost. The Customer must, or will request that its external auditors, send a draft version of the audit report to Datapost. Datapost has the right to submit its comments within a timeframe as agreed between the Parties. The auditor shall take the comments of Datapost into account.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall implement the measures stated in article 32 of the GDPR and ensure that its agents, Sub Processors and employees implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account in particular the risk of accidental or unlawful destruction, loss, alteration or unauthorised disclosure of or access to the Personal Data. Datapost shall take steps to ensure that any natural person acting under its authority who has access to personal data does not process them except on instructions from the Customer, unless he or she is required to do so by EU or Member State law.
Any transfer of Personal Data to a third country or international organisation may only take place in accordance with the principles set out in the applicable Data Protection Legislation and this DPA. The Customer grants Datapost permission to transfer Personal Data to a third country or to an international organisation, as set out in the Annex 1. Any change or addition to the list as stated in the Annex 1, as proposed or required by Datapost, will be communicated to the Customer before such transfer takes place. The Customer has the right to object to such transfer within five (5) days of notification of the change. The Parties agree on whether or not to proceed with the transfer and the consequences thereof for the provision of the Services in terms of scope, timing and budget. Any transfer to a third country or international organisation can take place on the following grounds:
An adequacy decision by the Commission;
Appropriate safeguards, including the availability of enforceable rights of Data Subjects and effective legal means. Appropriate safeguards must be adhered to in the following cases: (i) binding corporate rules; (ii) standard data protection clauses adopted by the Commission or by a Supervisory Authority and approved by the Commission; or (iii) an approved code of conduct or an approved certification mechanism.
If you are located outside the EEA, the similar rules may apply.
If there is new guidance or a change in the Data Protection Legislation or case law that renders all or part of the Services illegal, Datapost may terminate the Agreement unless the Parties reach agreement to change the Services whereby the Services are no longer illegal.
This DPA is governed by the internal laws of the country where Datapost entity is located.
All Disputes arising from of related to this DPA shall be settled by the competent court determined in the Agreement.
If a provision of this DPA is proven to be invalid or unenforceable in whole or in part, it will be regarded as severable (insofar as it is invalid or unenforceable) and the validity of the other provisions of this DPA and the remainder of the provisions in question will remain unaffected. If the invalid provision is of fundamental importance for achieving the goal of this DPA, the Parties shall negotiate in good faith to remedy the invalidity, illegality or unenforceability of the provision or otherwise change this DPA to achieve its purpose.
ANNEX 1: DETAILS OF PROCESSING OF PERSONAL DATA
This Annex1 includes further information relating to the processing activities, in addition to the information already provided in the Agreement.
The subject-matter of the Processing of Personal Data
Personal Data may be processed for the performance the Services set out in the Agreement
The nature and purpose of the Processing of Personal Data
Personal Data may be processed for the following purpose: login of users
The categories of Data Subjects
the personal data concern the following categories of Data Subjects:
The processing activities concerning the following categories of Personal Data:
The Personal Data concerns the following ordinary categories of data
The Personal Data concern the following special categories of data:
The addition or removal of a Sub- Processor will not negatively affect the level of security within the agreement to less that which existed at the time of the signing of the DPA.
Transfer(s) of Personal Data
Personal Data are transferred to the following third countries (outside the EEA):
PDPA for Singapore