TERMS OF USE CONCERNING THE NERDCLOUD SERVICE

Welcome to the cloud-based NerdCloud service provided by Booni Oy under its auxiliary business name !NOOB. Booni Oy (business ID 2573663-9) is a limited liability company formed under Finnish law, which has its principal office at PL 178, 00101 Helsinki, Finland. Hereinafter Booni Oy may be referred to as “we”, “us” or “Company”.

Through the NerdCloud service, the Company carries out the business of providing scalable information technology services for its customers (“Customer”), which includes the provision of the cloud-based NerdCloud Platform for information technology project management as well as on-demand technology human resources for actual information technology projects managed on the NerdCloud Platform.

The Company has agreed to permit the Customer to use its services upon the terms of use hereinafter contained, which apply to the legal relationship between Customer and Company when the Customer uses the services provided by the Company.

The Customer accepts the terms of use hereinafter contained as legally binding by using the service of the Company. In addition, a separate statement of work relating to these terms of use becomes legally binding and annexed to these terms of use when the Customer has approved it as specified in the statement of work. These terms of use as well as all subsequent statements of work form together a contract, which creates legally binding terms between the Customer and the Company when the Customer uses the services of the Company.

1. ESSENTIAL DEFINITIONS

NerdCloud Platform” means the Company’s cloud-based platform meant for project management and all thereto associated proprietary technology (including software, hardware, products, business concepts, and processes, logic algorithms, graphical user interfaces (GUI), techniques, designs and other tangible or intangible technical material or information) made available to the Customer by the Company in providing the Service.

"Party" or "Parties" means the Company or the Customer, or them both.

"Service" means the NerdCloud Platform and any other software related applications, tools and platforms that the Customer has subscribed to by the Service Agreement or that we otherwise make available to the Customer, and are developed, operated, and/or maintained by us, accessible via a designated URL, and any information technology products and services that we provide to the Customer subject to a project-specific Statement of Work."

Service Agreement" means the terms of use specified herein.

Statement of Work” means the agreement evidencing the technology resources the Company has agreed to provide to the Customer for its information technology projects, and any subsequent Statements of Work, specifying, among other things, the content of the provided resources, the term, the applicable fee of the Company, the billing period, and other services and charges, as agreed to between the Company and the Customer, each such Statement of Work to be incorporated into and to become a part of the Agreement (in the event of any conflict between the Service Agreement and the terms of any such Statement of Work, the terms of the applicable Statement of Work shall prevail).

2. GRANT OF RIGHTS; TERM AND RESTRICTIONS

2.1. Pursuant to the terms and conditions of this Service Agreement, the Company hereby grants the Customer a limited, non-exclusive, non-transferable and worldwide right to use the Service (incl. the NerdCloud Platform) solely for the Customer’s own internal business purposes (“User Right”). This User Right shall be for the period the Customer selected on the Statement of Work attached hereto and made a part hereof. The Company and its licensors reserve all rights not expressly granted to the Customer.

2.2. The Customer shall not (i) license, grant, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party the NerdCloud Platform in any way; (ii) reverse engineer or access the NerdCloud Platform in order to (a) build a competitive product or service, (b) build a product using similar ideas, features, functions or graphics of the NerdCloud Platform, or (c) copy any ideas, features, functions or graphics of the NerdCloud Platform; (iii) modify or make derivative works based upon the NerdCloud Platform or the content made available on the NerdCloud Platform; or (iv) create Internet "links" to the NerdCloud Platform or "frame" or "mirror" any content made available on the NerdCloud Platform on any other server or wireless or Internet-based device.

3. THE SERVICE

3.1. The Company will provide the Customer with use of the NerdCloud Platform, including a browser interface and data encryption, transmission, access and storage. Through the Service the Company may also provide hosting services as well as other thereto related services as agreed with the Customer.

3.2. The Customer may use the Service in regard to on-going and future information technology projects. The NerdCloud Platform can be used as a cloud-based platform on which the Customer may develop and manage new information technology projects as well as define the level of technology human resources needed for specific projects. Through the NerdCloud Platform, the Company and the Customer can interact and continuously monitor the development of agreed information technology projects.

3.3. The Company makes no guarantees as to the continuous availability of the NerdCloud Platform or of any specific feature(s) of the NerdCloud Platform. The Company will inform the Customer of any significant changes to the NerdCloud Platform that it may make from time to time.

4. PAYMENTS

4.1. The Company does not currently charge a separate monthly subscription fee from the Customer for the right to use the NerdSloud Platform. However, the Company reserves the right to charge such a fee by giving the Customer a 14-day advance notice in writing specifying the changes to the fee(s) concerning the use of the NerdSloud Platform.

4.2. The Company charges a payment from the Customer for the Service as separately agreed in the Statement(s) of Work.

5. RESPONSIBILITIES OF CUSTOMER

5.1. The Customer is responsible for all activity occurring under the Customer’s user accounts and shall abide by all applicable laws, regulations or generally accepted policies or guidelines in connection with the Customer’s use of the Service, including those related to data privacy, international communications and the transmission of technical or personal data. The Customer shall: (i) notify the Company immediately of any unauthorized use of any password or account or any other known or suspected breach of security; (ii) report to the Company immediately and use reasonable efforts to stop immediately, any copying or distribution of content made available on the NerdCloud Platform that is known or suspected by the Customer or any Customer under this grant of rights; and (iii) not impersonate another Customer or provide false identity information to gain access to or use the Service.

5.2. The Customer is solely responsible for his/her electronic devices, communication devices and other such devices and matters such as hardware condition, internet connection, antivirus, backup, and other similar issues.

5.3. The Customer agrees not to take up any actions that disturb or in any other way hinder the NerdCloud Platform or its servers or networks.

5.4. The NerdCloud Platform may contain links to third party websites. When the Customer visits third party websites, the Customer does so on its own responsibility and risk.

6. ACCOUNT INFORMATION AND DATA

6.1. By this User Right, the Company does not attain ownership in any data, information or material that the Customer submits to the NerdCloud Platform in the course of using the Service ("Client Data"). The Customer, not Company, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Client Data, and the Company shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any Client Data.

6.2. The Company shall use reasonable efforts to protect Client Data behind a secure firewall system and to conduct daily data backups.

6.3. In the event this Service Agreement is terminated, the Company will make available to the Customer a file of the Client Data within 30 days of termination, if the Customer so request in writing at the time of termination. The Customer agrees and acknowledges that the Company has no obligation to retain the Client Data, and may delete such Client Data, on the 31st day after termination. The Company reserves the right to withhold, remove and/or discard Client Data, without notice, for any breach, including, without limitation, the Customer’s non-payment as agreed in any Statement of Work.

7. DATA PROCESSING AGREEMENT (DPA)

7.1. For the Company to be able to provide the Service to the Customer, the Company has to process the personal data the Customer discloses to the Service. The Company processes such personal data on behalf of the Customer, and the Customer is ultimately in charge of such personal data. Therefore, according to the General Data Protection Regulation of the EU (679/2016) (hereinafter “GDPR”), the Company is a processor and the Customer is a controller for such personal data.

7.2. This Section 7 contains the data processing agreement (DPA) between the Parties in accordance with Art. 28 of the GDPR as follows (the definitions used in this Section 7 shall have the same meaning as in the GDPR):

7.2.1. Subject-matter and duration of the processing
Personal data is processed as a part of the provision of the Service.   Personal data is processed for the duration the Service Agreement is valid between the processor and the controller.

7.2.2. Nature and purpose of processing
Personal data is processed by the processor so that the controller could use the processor’s Service and the Parties could conclude the Service Agreement with each other.  

7.2.3. Type of personal data and categories of data subjects
Types of personal data include contact information and other information relevant to the provision of the Service.   Categories of data subjects consist of the controller’s contact persons.  

7.2.4. Obligations and rights of the controller
The controller is solely in charge of the legality of personal data it discloses into the Service, and the controller warrants that it has a right to process all personal data it discloses into the Service. If the controller unlawfully discloses personal data to the Service, the controller shall fully reimburse the processor for all the costs that arise to the processor for the said activity.   The controller may, if necessary and possible in light of the provision of the Service, provide the processor with binding written instructions regarding this DPA.

7.2.5. Documented instructions of the controller
The processor: i) is not allowed to process the personal data for any other purposes than what the parties have specifically agreed on; ii) has an obligation to follow all applicable data protection laws; iii) ensures that only authorized persons gain access to personal data; and iv) ensures that all persons processing personal data are under an obligation of secrecy.  The processor is granted a general permission to hand over, transfer or in any similar way process personal data outside the EU/EEA. Upon such processing, the processor has an obligation to follow all applicable data protection laws, the instructions of the controller and the Agreement (including this DPA). If any of the prerequisites of the approval seize to exist, the processor has an obligation to immediately: (a) perform an action that ensures the lawful processing of the personal data and that the processing is conducted according to the instructions given by the controller and the Agreement; or (b) seize the transfer of personal data outside the EU/EEA and return the personal data transferred outside the EU/EEA to Finland.

7.2.6. Confidentiality
The processor is under an appropriate statutory obligation of confidentiality when it processes personal data.

7.2.7. Data security
The processor shall ensure that appropriate technical and organizational data protection measures is taken to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data. Each Party is responsible for ensuring that the documented relevant risk management and security processes are applied to the processing of personal data. Such measures may include (i) encryption or pseudonymization of personal data, (ii) adequate protection of systems and communications, (iii) organization of ongoing confidentiality, integrity, availability and fault tolerance of processing systems and services and (iv) the ability to recover data quickly and to access data in the event of a physical or technical failure.

The processor shall notify the controller of any data breaches immediately. In addition, the processor shall, without delay and within 48 hours of the occurrence or threat of the violation, provide the controller with the information necessary to fulfil the statutory obligations of the controller, to investigate the matter, to prevent similar violations and to make statutory declarations, including a description of the data breach and the consequences of the breach, and a description of the actions taken by the processor. The processor shall complete this information at the request of the controller and in accordance with the instructions.

7.2.8. Subprocessors
The processor has a right to use other processors (e.g. cloud services providers) (hereinafter ”subprocessor”) to process personal data. Subprocessors shall be under the same obligations as the processor.

7.2.9. Obligation of the processor to assist the controller
The processor has an obligation to assist the controller: (i) by appropriate measures, insofar as this is possible, in regard to the fulfilment of the data subjects’ rights; and (ii) in ensuring compliance with the obligations pursuant to the Articles 32 to 36 of the GDPR.  The processor shall have a right to a remuneration from the controller for all direct costs that arise from fulfillment of the processor’s obligation under this Section.  

7.2.10. Deletion or return of personal data
After the Service Agreement is no longer in force between the processor and the controller, the processor and its subcontractors shall return, at their own expense and without delay, the personal data to the controller. If the return of personal data is not possible, then the Parties must agree on the destruction of the material in a separate agreement.

7.2.11. Controller’s compliance
At the written request of the controller, the processor shall make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR, and the processor authorizes and participates in audits performed by the controller or another auditor authorized by the controller.

The processor shall have a right to a remuneration from the controller for all direct costs that arise from fulfillment of the processor’s obligation under this Section.

8. INTELLECTUAL PROPERTY OWNERSHIP

8.1. The Company alone (and its licensors, where applicable) shall own all right, title and interest, including all related intellectual property rights to the NerdCloud Platform. The Company name, logo(s), and the product names associated with the Service are trademarks of the Company or third parties, and no right or license is granted to use them. This Service Agreement is not a sale and does not convey to the Customer any rights of ownership in or related to the afore specified items, the NerdCloud Platform or the intellectual property rights owned by the Company. The Customer acknowledges that, except as specifically provided under this Service Agreement, no other right, title, or interest in these items is granted.

9. LIMITATION OF LIABILITY

9.1. Unless otherwise provided for in any Statement(s) of Work, in no event shall the Company’s aggregate liability exceed the amounts actually paid by and/or due from the Customer for the Service, as agreed in the applicable Statement of Work provided further that the Customer has as per the applicable Statement of Work notified the Company of the non-acceptance of a delivery.

9.2. In no event shall the Company and/or its licensors be liable to anyone for any indirect, punitive, special, exemplary, incidental, consequential or other damages of any type or kind (including loss of data, revenue, profits, use or other economic advantage) arising out of, or in any way connected with the use or inability to use the NerdCloud Platform, or for any content obtained from or through the NerdCloud Platform, any interruption, inaccuracy, error or omission, regardless of cause in the content, even if the party from which damages are being sought or such party's licensors have been previously advised of the possibility of such damages.

9.3. Some jurisdictions do not allow the exclusion or limitation of certain damages, whereby some or all of the exclusions and limitations in this Section may not apply to the Customer.

10. REPRESENTATIONS AND WARRANTIES

10.1. Each Party represents and warrants that it has the legal power and authority to enter into this Service Agreement. The Company represents and warrants that it will provide the Service in a manner consistent with general industry standards reasonably applicable to the provision thereof. The Customer represents and warrants that the Customer has not provided any false information to gain access to the Service and that the Customer’s billing information is correct.

10.2. The Company and its licensors make no representation, warranty, or guaranty as to the reliability, timeliness, quality, suitability, truth, availability, accuracy or completeness of the Service or any content made available on the NerdCloud Platform. The Company and its licensors do not represent or warrant that (a) the use of the Nerdcloud Platform will be secure, timely, uninterrupted or error-free or operate in combination with any other hardware, software, system or data, (b) the NerdCloud Platform will meet the Customer’s requirements or expectations, (c) any stored data will be accurate or reliable, (d errors or defects will be corrected, or (e) the service or the server(s) that make the Nerdcloud Platform available are free of viruses or other harmful components.

10.3. The NerdCloud Platform and all content made therein available is provided to the Customer strictly on an "as is" basis. All conditions, representations and warranties, whether express, implied, statutory or otherwise, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, or non-infringement of third party rights, are hereby disclaimed to the maximum extent permitted by applicable law by the Company and its licensors.

11. TERMINATION

11.1. This Service Agreement is valid for indefinitely. Either Party may terminate the Service Agreement by notifying the other party in writing at least thirty (30) business days prior to the termination date. By terminating the Service Agreement, the Customer is not however exempt from the obligations it has undertaken under any Statement(s) of Work prior to the termination.

11.2. Any breach of the Customer’s payment obligations as agreed in any Statement(s) of Work or any use of the NerdCloud Platform or Service contrary to the terms and conditions of the Service Agreement and the license granted hereby will be deemed a material breach of the Service Agreement. The Company, in its sole discretion, may terminate the Customer’s password, account or use of the Service if the Customer breaches or otherwise fails to comply with the Service Agreement.

12. GOVERNING LAW AND DISPUTES

12.1. The Service Agreement and the relationship between the Customer and the Company shall be governed by and construed and interpreted in accordance with the laws of Finland without regard to its principles and rules on conflict of laws.

12.2. Any dispute, arising out of or relating to the Service Agreement, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one (1). The seat of arbitration shall be Helsinki, Finland. The language of the arbitration shall be English. However, evidence may be submitted, and witnesses may be heard in Finnish, to the extent the arbitral tribunal deems it appropriate.

13. MISCELLANEOUS

13.1. The Company reserves the right to change the Service Agreement. The Company shall notify the Customer through email or the NerdCloud Platform of such changes. The changes shall take effect 14 days after the notification. By using the Service after the changes, the Customer accepts the changes as legally binding.

13.2. This Service Agreement may not be assigned by a Party without the prior written approval of the other Party but may be assigned without the other Party’s consent by Party to (i) a parent or subsidiary, (ii) an acquirer of assets, or (iii) a successor by merger. Any purported assignment in violation of this section shall be void.

13.3. The Customer agrees that if the Company does not exercise or enforce any legal rights under this Service Agreement, it does not imply that the Company formally waives its rights, whereby the Company still has the right to exercise its rights.

13.4. The Customer agrees that any cause of action that the Customer may have arising out of or related to the Service Agreement must commence within one (1) year after the cause of action accrues, otherwise, such cause of action is permanently barred.

13.5. If, by a court decision, any provision of the Service Agreement is declared void, then only that invalid provision will be removed from the Service Agreement, in which case the Service Agreement will continue to be valid.

13.6. Sections 5, 8-10 and 12 shall prevail and stay in force even after the termination of the Service Agreement.