Timely Master Service Agreement
Last updated: May 10th, 2019
1. Introduction
These terms and conditions apply to use of the time tracking service Timely described below and provided by Memory AS, a limited liability company registered in Norway (reg.no. NO 916 517 203) ("Provider").
Upon acceptance of these terms and conditions, a legally binding agreement ("Agreement") is entered into between the Provider and the entity ordering access to the Service ("Subscriber"). The Agreement shall remain effective for an agreed Service term or until terminated as described below.
Violation of any of the Terms of Service will result in the termination of your Account. While Timely prohibits conduct and content in violation of these Terms of Service, you understand and agree that Timely cannot be responsible for the content posted on the Service and you nonetheless may be exposed to such materials. You agree to use the Service at your own risk.
2. Description of the Service
The Agreement allows the Subscriber to use the Provider’s time tracking service Timely (“Service”) during the term of the Agreement. The Service is a standardized service offered on a SaaS basis. The Subscriber therefore acknowledges that the functionality in the Service may change. The Service is not tied to any specific version of the underlying software or any set functionality.
The Agreement gives the Subscriber and the Subscriber's users a right to use the Service. A user shall mean a physical person who has been assigned a unique username and a password by the Subscriber's administrator.
3. User administration
The Provider will define the Subscriber as a user of the Service with sufficient administrative rights and authority to create ordinary users. The users may be assigned different roles with different permissions.
4. Processing of personal data
The users' personal data will be processed when using the Service. For such processing, the Subscriber shall be considered the controller and the Provider shall be considered the processor.
The Subscriber agrees and warrants that:
- The Subscriber owns or otherwise has the right to transfer the personal data to the Service for processing, and that the Subscriber is responsible for the accuracy, integrity, contents, and legality of the personal data, including transfer and instructions;
- Where applicable, that the processing of personal data is covered by an applicable permit, and/or has been notified to the applicable regulatory authorities and/or users, and that the processing of personal data is not in violation of applicable law;
- It is the Subscriber’s obligation, in accordance with the applicable legislation, to notify the applicable regulatory authorities and/or users in case of breach or the unauthorized transfer of special categories of personal data;
- The Subscriber, by way of its risk assessment, has verified that the Service’s security measures are effective and appropriate for the processing in question;
- The Provider has provided sufficient guarantees in terms of logical, technical physical and organizational security measures.
This section fulfils the requirements for a data processing agreement and governs the Provider’s processing of personal data on behalf of the Subscriber, and the Provider’s obligation to have in place required information security measures.
The Provider may only process personal data on behalf of the Subscriber during the term of the Agreement, or if there exists another legal basis for processing.
The terms “personal data”, “sensitive personal data”, “processing”, “controller”, “processor”, “data subject” etc. used herein shall have the meaning assigned to them in applicable legislation.
4.1 Purpose, subject matter and duration
The processing of personal data by the Provider on behalf of the Subscriber shall only cover categories of personal data that are implied under the Agreement for the purposes specified below and only to the extent necessary to fulfil such purposes.
The Provider will process personal data for the purposes of:
- providing the Service,
- improving or otherwise modifying the Service and notifying Subscriber’s users thereof,
- customizing the content and/or layout of the Service for the particular Subscriber’s user,
- replying to the Subscriber’s user’s communications and contacting them,
- performing the Provider’s obligations towards the Subscriber and the Subscriber’s users,
- exercising and enforcing the Provider’s rights according to the Agreement
The Provider may anonymise and aggregate data for the purpose of machine learning and statistics in order to improve the Service.
The Provider does not intend to process special categories of personal data, such as data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. To the extent the Subscriber's users choose to submit special categories of personal data to the Service, such submission shall be regarded as a consent allowing the Provider to process such data within the limits specified above.
4.2 The Provider’s obligations as the data processor
The Provider shall process personal data only in accordance with the Agreement.
The Provider shall ensure persons authorised to process the personal data are subject to confidentiality obligations.
The Provider shall reasonably assist the Subscriber by appropriate technical and organisational measures, insofar as this is possible, for the Subscriber’s compliance with the law regarding processing of personal data and fulfilment of the Subscriber’s obligation to respond to requests for exercising the data subject's rights. If such assistance results in additional costs or expenses for the Provider, then the Provider shall be entitled to charge for such assistance on a time and material basis.
The Provider shall have implemented and documented appropriate technical and organisational security measures to protect data from loss, misuse and unauthorized alternation or disclosure. The documentation shall be shown to the Subscriber upon the Subscriber’s request.
In case of personal data breach, or security incidents with potential impact on personal data, the Provider shall notify the Subscriber promptly after becoming aware of the breach or the incident.
Unless prohibited by law, the Provider shall promptly notify the Subscriber of any request for the disclosure of or access to the data by authorities. The Provider will disclose the Customer’s data to governmental authorities or police only to comply with legally binding requests.
The Provider shall notify the Subscriber of any request received directly from a data subject without responding to that request, unless the Provider has been otherwise authorized to do so in writing, or the Provider is obliged to comply by applicable law.
4.3 Use of subcontractors
Everyone who, on behalf of the Provider, performs assignments where the processing of the personal data in question is included, shall be made aware of the Provider’s contractual and regulatory commitments, and abide with the terms of these.
The Provider shall provide a list of relevant Contractors used for processing data. This list will only contain relevant Contractors directly executing Service related to processing of personal data.
The Subscriber acknowledges that the Subscriber is aware of the necessary details related to the technical platform and subcontractors involved in that regard.
4.4 Transfer of personal data abroad
The Provider shall not, without the ensuring necessary data processing arrangements for such transfer or access, transfer personal data outside the European Economic Area (EEA) or give anyone outside the European Economic Area (EEA) access to the personal data. The Subscriber acknowledges that the Subscriber’s cooperation may be requires allowing for such transfer.
The Subscriber acknowledges that the Subscriber is aware of the necessary details related to the technical platform described above, and any transfer of personal data abroad in that regard.
4.5 Deletion of data
All data received from the Subscriber, as data controller, must be deleted or anonymized by the Provider without undue delay upon termination or expiry of the Agreement or cancellation of a Service, or upon expiry of a mandatory retention period. No data will be returned to the Subscriber.
5. Routines for planned maintenance
Some types of Service maintenance may imply a stop of operations and reduce availability of the Service. The Provider does not warrant any particular level of Service availability, but will try to limit impact of any planned maintenance on the availability of the Service.
6. Liability for errors
There is an error if the Subscriber is not able to access the Service or a material function in the Service, and this is caused by circumstances which are the responsibility of the Provider. The Subscriber acknowledges that errors might occur from time to time and the Subscriber waives any right to claim for compensation as a result of errors in the Service.
When an error occurs, the Subscriber shall notify the Provider of the error and provide a description of the error situation and the Provider will try to correct the error within reasonable time. If the Provider requests, the Subscriber shall provide necessary assistance in order to reproduce/identify the error situation. If repeated errors are caused by the Subscriber’s incorrect usage of the Service, the Provider may request that the Subscriber's users with administrative rights fulfill further training.
7. Subscription fee
The Subscriber shall pay an agreed subscription fee. All payments are non-refundable.
8. Start date
The Service shall be accessible once the Provider has approved the Subscriber's request for access to the Service.
9. Use of Service
The Subscriber undertakes to use the Service in accordance with the applicable law and regulations and in accordance with the requirements in the Agreement and any applicable acceptable usage policy. The Subscriber is responsible for the material and information that the Subscriber and its users produce by using the Service and that users use the Service in accordance with the applicable law and regulations.
10. Payment and conditions
The subscription fee shall be paid in advance by using a payment method supported by the Provider and chosen by the Subscriber. Other costs and payments will be invoiced on an ongoing basis with the due date 14 days after the date of invoice.
The Subscriber shall notify the Provider in advance if the size of the Subscriber's organization changes in such way that the subscription fee shall be adjusted.
11. Termination of the Agreement
The Agreement has an initial agreed term from the start date, and is thereafter renewed automatically for new periods of same duration, unless the Agreement is terminated by one of the parties by giving a written notification to the other party at least three months before the automatic renewal of the Agreement.
Upon termination of the Agreement, the Subscriber may in writing request the Provider to hand over to the Subscriber all data that the Subscriber has stored in the Service. The hand over shall be done on a suitable data medium. To the extent this is specified by the Subscriber, the Provider may choose to accept to hand over the data in another format. The Provider will invoice for all costs and assistance that is a result of accepting to hand over the data in another format. The assistance will be charged in accordance with the Provider’s ordinary rates for such assistance.
Upon termination of the Agreement, The Subscriber will have access to the Service for the remainder of any the pre-paid period.
12. Intellectual property rights
The Provider keeps all rights to all elements that are parts of the Service. The Subscriber does not receive any license or usage rights beyond what is explicitly stated in this Agreement.
13. Transfer of rights
The Provider is entitled to transfer its rights and obligations pursuant to this Agreement to a third party as a part of a merger or acquisition process, or as a result of other organizational changes. The Subscriber’s transfer of rights and obligations requires the Provider’s written consent before the transfer may take place.
The Provider may not refer to the Subscriber’s use of the Service in marketing activities without the Subscriber’s specific and written consent to being named as the Provider's reference.
14. Force majeure
If the fulfilment of the Agreement in whole or partly is prevented or to a major degree made difficult by circumstances that are outside the parties’ control, the parties’ obligations shall be suspended to the extent the circumstances are relevant, and then for so long time as the circumstances last. Such circumstances include, but are not limited to, strike, lock-out and any other circumstance that according to the Norwegian law is considered force majeure. Each party is entitled to terminate the Agreement with one month’s written notice, if the force majeure situation makes it particularly burdensome for such party to maintain the Agreement.
15. Breach of agreement
There is a breach of the Agreement if one of the parties does not meet their obligations as defined in the Agreement. To the extent the Provider attempts to repair the relevant errors in the Service within reasonable time, the following shall not be deemed as breach of Provider’s obligations:
- the Service is inaccessible;
- the functionality of the Service is reduced; or
- the response time of the Service is increased.
16. Set off
The Subscriber is not entitled to set off the subscription fee against claims that the Subscriber has against the Provider.
17. Suspension of the Service and assistance
In case the Subscriber’s payment is delayed beyond 15 calendar days, the Provider may with 5 working days’ written notice close down the Subscriber’s access to the Service until the correct payment including interests has been done. The Provider may also suspend other assistance according to the Agreement or other agreements until such payment has been done.
The Provider can with immediate effect close down the access to the Service if the Subscriber or any of the users abuses the Service or if the Subscriber otherwise breaches its obligations pursuant to this Agreement.
18. Reduction of the Subscription fee
If the Service is inaccessible for more than 8 hours during a period of one calendar month, and this is caused by errors in the Provider’s environment, equipment or software, the Subscriber may request a proportional reduction of the subscription fee for the relevant calendar month. Other circumstances, e.g. errors and inaccessibility caused by communication lines, external elements or the Subscriber’s or the users’ use, equipment or software cannot be used as a basis for requesting reduction of the subscription fee.
19. Liability
The Subscriber is entitled to claim damages for direct documented loss that the Subscriber suffers as a result of the Provider’s breach of the Agreement. The Provider is not liable for indirect or consequential losses as lost profit, losses caused by delayed start or disruption of production, deprivation or losses caused by lost data, third party claims or governmental fines. The maximum accumulated damages during a 12 months’ period is under all circumstances limited to an amount equal to 10 % of the subscription fee for this period. Any reduction of the fee due to inaccessibility of the Service shall be deducted from the damages. These limitations shall not apply if the Provider or someone who the Provider is responsible for has acted with gross negligence or intent.
20. Termination
If the Subscriber materially breaches its obligations pursuant to this Agreement, the Provider may terminate the Agreement for breach with immediate effect and close down the Subscriber’s access to the Service.
21. Changes
The Provider may with 4 months' notice and with the effect from the following renewal of the Agreement, change prices and other terms of this Agreement.
22. Dispute resolution
The Agreement shall be subject to Norwegian law and Norwegian courts’ exclusive jurisdiction. Oslo city court shall be the agreed legal venue.