Customer Contract

Quanscient Allsolve® Service Description

Version: 15 March 2023

1 - Terms and definitions

AWS: Amazon Web Services cloud environment
Supplier: Quanscient - the supplier of the service
Customer: The customer company who is using the service
User: The user who is using the service within the Customer organization.
Service: Quanscient Allsolve® simulation platform

2 – About the Service

The Service consists of Quanscient Allsolve® simulation platform and support services that the Supplier maintains and provides for Customers usage.

3 - Changes to the Service

The Supplier may amend/update this service description and the Service with future effect from time to time and as necessary for technical, economic or legal reasons. The Customer is notified about the amendments and updates in due course via email.

4 – Usage environment

The Service is used via browser and an internet connection is required to use the service. The Service supports all modern, updated web browsers.

The Service is running on AWS servers, which are located physically inside the EU region or inside United States of America if specifically agreed with the Customer.

6 – Information and data security

AWS security documentation can be found here: https://aws.amazon.com/security/. More information about security can be found in Appendix 3 - Quanscient Allsolve® Data Processing Schedule.

7 – Support and maintenance

The Supplier updates and maintains the Service continuously and aims to inform Customers in advance about possible interruptions in the operation of the Service in advance. However, critical security updates and critical maintenance operations may be conducted without advance notice.

The Supplier strives to offer constant availability of the Service but cannot warrant uninterrupted availability thereof. The Supplier offers the Service on a software-as-a-service basis and therefore has no influence and is not responsible for the Customer’s Internet access or Internet connection including its availability, bandwidth or any costs and expenses of the Customer associated therewith.

The Supplier shall not guarantee any specific service level on the operation or availability of the Service.

All questions regarding usage of the Service or reporting problems in the Service can be sent to support@quanscient.com. The Supplier aims to answer all emails within the same day or the next Finnish business day of receiving them, but this is not always possible if there is a high volume of requests simultaneously.

Quanscient Allsolve® SaaS pricing

Version: 07 May, 2024

SaaS Pricing

Prices are in described in official Quotation.

Professional Service Pricing

Professional Service Pricing is described in official Quotation.

Payment and invoicing terms

Payment and invoicing terms are described in official Quotation.

Quanscient Allsolve® Data Processing Schedule

Version: 15 March, 2023

Article 1 – Introduction

This Data Processing Schedule (“Schedule”) sets forth the Parties’ obligations regarding personal data protection and compliance with all directly applicable EU legislative acts related to the protection of personal data (“Personal Data”) as in force from time to time, and all other applicable EU or national data protection legislation (“Data Protection Law”).

Under the Contract, the Supplier provides the Customer with the Service and related professional services that may require the processing of Personal Data controlled by the Customer.

The Supplier shall process Personal Data only for the purpose of providing the Service and the related professional services and performing other related contractual obligations. Types of Personal Data processed and the legitimate need for processing is defined in annex 1 (“Processing of Personal Data”).

Personal Data is processed during the term of the Contract and will be removed in due course after the termination of the Contract unless the Supplier has a legitimate retention need.

Article 2 – Compliance with law and Customer’s instructions

In relation to the performance of their obligations under the Contract the Parties agree to comply with this Schedule and the Data Protection Law. The Supplier shall process Personal Data only to the extent necessary for fulfilling its obligations under the Contract and following the Customer’s written instructions. If following any future instructions of the Customer results to obligations beyond those under the Contract or what is necessary for the Supplier to comply with legal obligations directly applicable to a data controller, the Customer will compensate the Supplier for incurred costs. Furthermore, the Customer will compensate the Supplier for incurred costs which result from accommodating changes in applicable laws.

After the termination of the Contract the Supplier shall at the choice of the Customer either delete or return to the Customer all Personal Data. The Supplier may retain copies of Personal Data only to the extent required under applicable laws.

Article 3 – Transfer of personal data

Unless otherwise agreed, the Supplier shall process Personal Data only within the EU or the EEA.

Article 4 – Subcontractors

The Supplier may engage subcontractors to process Personal Data provided that each such engagement will be agreed on a written contract whereby the subcontractor shall comply with the same data protection obligations applicable to the Supplier. The Supplier shall inform the Customer of any intended changes concerning the addition or replacement of such subcontractors and allow the Customer to object to such changes. In such a case, the Parties shall strive to find a commercially reasonable alternative solution. If no such solution is found, the Supplier may terminate or suspend the processing of personal data without being in breach of the Agreement.

Article 5 – Confidentiality

Except to the extent necessary for the Supplier to perform its obligations towards the Customer under the Contract, the Supplier shall keep Personal Data confidential, shall have no rights to Personal Data and, unless specifically agreed otherwise with the Customer in writing in this Schedule or otherwise, shall not access, use, process, disclose, or transfer Personal Data, in part or in whole, to any third party during or after the term of the Contract unless legally required. The Supplier shall also ensure that its personnel who have access to Personal Data will process Personal Data only in accordance with this Schedule and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Article 6 – Compliance assistance

In order to assist the Customer to comply with the obligations of controlling Personal Data as defined in the Data Protection Law, the Supplier shall:

1. take care that the Personal Data is processed with sufficient level of security, as described in Article 7 of this Schedule.
2. assist the Customer by notifying them of any data breach concerning the processed Personal Data without undue delay after becoming aware of it, as defined in Article 8 of this Schedule.
3. assist the Customer to communicate any detected Personal Data breach to the data subjects without undue delay, if the breach is considered high risk to the data subjects’ rights and freedoms of natural persons.
4. assist the Customer in assessing the impact to the data subjects’ rights and freedoms of natural persons, limited to the processing of Personal Data within the Service.
5. provide the Customer sufficient information required for prior consultation with the supervisory authority, if the processing of Personal Data within the Service is assessed to pose a high risk impact to the data subjects’ rights and freedoms of natural persons.

Article 7 – Security

The Supplier shall implement and use its reasonable efforts to maintain appropriate technical and organizational measures to protect Personal Data against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, or access. The Supplier shall implement, in compliance with the agreed information security requirements and the Data Protection Law, the appropriate measures, such as:

1. the pseudonymization and encryption of Personal Data where separately agreed,
2. ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services processing Personal Data,
3. restoring the availability and access to Personal Data in a timely manner in the event of a physical or technical incident,
4. regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Personal Data, and
5. keeping accurate records of all processing of Personal Data under the Contract. The information security measures are described further in annex 2 (“Information Security Measures”).

Article 8 – Data breach notices

The Supplier shall without undue delay, provide the Customer with reasonably detailed written notification of its discovery of any data breach. The notification shall contain at least:

1. a description of the nature of the data breach including, where possible, the categories and approximate number of individuals concerned and the categories and approximate number of Personal Data records concerned,
2. the name and contact details of the contact point where more information can be obtained,
3. a description of the likely consequences of the data breach, and
4. a description of the measures taken or proposed to be taken by the Supplier to address the data breach, such as measures to mitigate its possible adverse effects.

Article 9 – Audit procedures

The Customer shall have the right to audit the processing activities of the Supplier to examine the level of protection and security provided for Personal Data under the Contract.

The Parties agree that the audit right will be exercised by appointment of a recognized independent third-party auditor with proven experience in the field. Such a third party must not be a competitor of the Supplier, and prior to the commencement of any auditing activities the auditor must sign a confidentiality Contract with the Supplier that is substantially similar to the confidentiality provisions contained in the Contract. The Supplier shall have the right to arrange for auditing of its subcontractors by providing the Customer with a data protection audit report from an audit carried out by a recognized independent third-party auditor with proven experience in the field.

The audit timetable, method and scope will be agreed beforehand between the Parties and the audit may not burden the Supplier or endanger the Supplier’s or its other customers’ services provision, quality, security, or confidentiality. The Customer will pay all costs related to the audit.

Regarding an audit request directly from a supervisory authority regarding the processing of Personal Data, the Supplier must cooperate with the Customer in responding to the request.

Article 10 – Rights of data subjects

If requested by the Customer in order for the Customer to comply with the Data Protection Law, the Supplier shall at its standard rates:

1. provide the Customer with a copy of individuals’ Personal Data in tangible or electronic form,
2. correct, block or delete individuals’ Personal Data,
3. provide the Customer with such information and cooperation regarding the processing of Personal Data under the Contract as the Customer may reasonably request, including assisting in facilitating the exercise of individuals’ rights, and
4. assist the Customer in providing individuals whose Personal Data is being processed with such information regarding the processing as the Customer may reasonably request.

Article 11 – Division of liability

Each Party shall be fully liable for its own acts and omissions, including those of its subcontractors, under this Schedule, subject to the limitations of liability set forth in the Contract. Consequently, in the event a data subject presents claims, the liability shall be determined in accordance with article 82 of the general data protection regulation (EU) 2016/679 (“GDPR”) or corresponding Data Protection Law, and each Party shall be fully liable for any administrative fines imposed on it pursuant to article 83 of the GDPR or corresponding Data Protection Law.

Annex 1 – Processing of Personal Data

The Supplier processes following Personal Data within the scope of the Service:

Contact Information

We store and process data that the Customer has uploaded to the Service. This data may contain personally identifiable information.

This data is removed from the Service no later than 1 year after the Customer ends their contract with the Supplier, unless there is a legal requirement to retain this data longer.

In addition, we store the Customer’s name, email address and a hashed password. This information is needed to identify the Customer’s account within the Service reliably, and to separate the different users within the Customer’s organization and teams as set up in the Service, while allowing the other users to recognize other users easily by their name. Please see our Privacy Policy on our website for more information.

Cookies

The Service uses so-called cookies, which are small data files stored locally on the Customer’s client computer to store a Customer identifying hashed token. This token is received from the Service, and is used in communication with the Service to identify the Customer when they use the Service, without them having to constantly type in their username and password.

Other identifiers may be stored in cookies, such as anonymised identifiers (ie. identifiers that are specific to a single user, but cannot be mapped to their Personal Data) to gather usage analysis data to detect most used features, software errors and other information to improve the Service.

The security related cookies expire within a set amount of time. Some non-security related cookies, such as cookies storing user preferences, may have longer or indefinite expiration periods. The cookies may remain in the Customer’s computer even after they cease to use the Service, but the Customer can easily delete the cookies using the features offered by their chosen web browser.

Annex 2 – Information Security Measures

Information Security is one of the highest priorities of the Supplier. This overview describes the minimum security measures and precautions that are being considered when operating the Service and handling Personal Data.

AWS security documentation can be found here: https://aws.amazon.com/security/.

Security Practises

The Supplier has defined general security practices that are followed within the company. These practices include information security, system and asset management and development of the Service. These practices are reviewed at least annually.

Personnel Security

The personnel at the Supplier are required to attend security training. This training covers information security and data privacy. Personnel responsible for critical systems receive additional training relevant to their position.

The personnel are required to use encryption, backups and a company provided password manager on company related hardware and software systems when applicable.

Physical and Environmental Security

The Supplier provides the Service utilizing third party service providers, who have high security standards. They cover physical security (access control, personnel screening, etc.) and environmental security (protection from fires, natural disasters, etc.).

Access Controls

The Supplier follows the principle of least privileges, meaning that only relevant personnel are given access to information they need. Personnel does not have generic privileges that would allow access to all Personal Data or the Service infrastructure.

Service Development and Maintenance

The Service is developed separately from the production environment that is being utilized by Customers. This protects against data loss and employee misconduct in addition to the principle of least privilege.

Only selected persons have access to production systems for maintenance purposes.

Publicly released security vulnerabilities are automatically scanned for and checked if found by the Service development team.

Compliance

The Supplier makes constant efforts to be compliant with current regional laws and regulations applicable. Furthermore, the Supplier follows the industry best practices in development and governing processes.

Quanscient Allsolve® General SaaS Terms

Version: 17 May, 2023

Article 1 – Scope

These Quanscient Allsolve® General SaaS Terms (the “Terms”) apply between Quanscient Oy, a corporation established in Finland with business ID 3235241-4 and having its registered address at Åkerlundinkatu 8, FI-33100 Tampere, Finland (“Supplier”), and a legal entity or entrepreneur identified in the Contract (“Customer”) to whom the Supplier provides its Simulation-as-a-Service software platform on a SaaS basis (“Service”). The Service is used for the purpose of simulating physical processes using data uploaded into the Service by the Customer. The Service is neither intended nor fit for the use of consumers but for business use only.

Article 2 – Provision of Service

The Supplier shall provide the Customer with an access to use the Service subject to payment of fees as software as a service in accordance with the Contract. If the Service differs from its specifications, the Supplier shall correct the Service without undue delay after the Customer’s written notification. The Customer is responsible for acquiring and maintaining at its own expense equipment, connections, and software that are required to use the Service according to operating environment specifications. The Service is not designed to be fault-tolerant and therefore it is not intended to be used for the purposes of life-critical or hazardous environments that require fail-safe performance. The Customer is solely responsible for the correctness and completeness of the data that the Customer uploads into the Service and acknowledges that the results of the Service may be incorrect or insufficient if the Customer’s data has not been correct and complete.

Article 3 – Support and other services

The Supplier shall provide the Customer with support on the use of the Service as set forth in the Contract. In addition, the Supplier and Customer may agree on the provision of additional services by Supplier to Customer (the “Professional Services”) on a case by case basis. The Professional Services may include but are not limited to training and enablement services and/or general consulting services in connection with the use of the Service by Customer.

When providing the Professional Services, Supplier does not owe and shall not be liable for any specific outcome or result vis-à-vis Customer. Customer agrees to provide reasonable cooperation and information as necessary to permit Supplier to perform the Professional Services. Supplier staff shall not be integrated into the operational organization of the Customer. Instructions to Supplier staff must not be given by Customer’s staff or representatives but only by Supplier’s representatives.

Article 4 – Permitted use of Service

Unless otherwise set forth in the Contract, the Customer shall not (and shall not permit any third party to): (a) sublicense, sell, resell, transfer, assign, distribute, share, lease, rent, make any external commercial use of, outsource, or otherwise generate income from the Service; (b) copy the Service onto any public or distributed network; (c) decompile, reverse engineer or disassemble any portion of the Service, or attempt to discover any source code or other operational mechanisms of the Service; (d) modify, adapt, translate or create derivative works based on all or any part of the Service; (e) use any components of the Service other than together with the Service; (f) modify any proprietary rights notices that appear in the Service or components thereof; (g) use the Service in violation of any applicable laws and regulations or outside of the licence scope set forth herein; (h) configure the Service to collect (aa) any data that falls within the definition of ‘special categories of data’ within the meaning of the EU General Data Protection Regulation or a similar concept; (bb) passwords or other authentication credentials; (cc) any payment or other financial data, biometric data or genetic data; or (dd) any data relating to a person under the age of sixteen (16) years old (collectively, “Prohibited Data”); or (i) use the Service to (aa) store, download or transmit infringing, libellous, or otherwise unlawful or tortious material, or malicious code or malware, or (bb) engage in phishing, spamming, denial-of-service attacks or other fraudulent or criminal activity; (cc) interfere with or disrupt the integrity or performance of third-party systems, or the Service or data contained therein; (dd) attempt to gain unauthorized access to the Service or Supplier’s systems or networks; or (ee) perform, or engage any third party to perform, authenticated or unauthenticated penetration testing, vulnerability assessments or other security assessments on the Service.

Article 5 – Permitted users

The Customer’s employees and other authorized users are entitled to use the Service during the term of the Contract. The Customer will be responsible for the use of the Service by the employees and other authorized users in compliance with the Contract and written user instructions. The Customer must promptly notify the Supplier if the Customer suspects that an unauthorized third party may have access to the Service.

For the avoidance of doubt, Customer’s affiliates (and employees thereof) shall not use the Service without Supplier’s prior written consent.

Article 6 – Changes to Service

The Supplier will be entitled to develop and modify the Service to improve usability, security or stability of the Service or to extend its features or to ensure its compliance with statutory requirements. Updates and upgrades to the Service shall be provided at Supplier’s sole discretion.

Article 7 – Prices and payment terms

The prices of the Service and related professional services as well as payment terms are specified in the Contract. In other respects, prices and compensations for expenses are according to the Supplier’s valid price list. The Supplier shall be entitled to adjust prices by notifying the Customer in writing at least thirty (30) days before the effective date of the price change, in which case the Customer will have the right to terminate the Contract with a written notice on or before the effective date of the price change to end on such effective date. Unless otherwise specified, all prices are expressed and invoiced in EUR. Applicable value added tax and other duties will be added to the prices. Unless otherwise specified, the term of payment is 14 days net from the date of invoice. All objections regarding an invoice must be made before the due date. Interest on overdue payments is 10% p.a.

Article 8 – Privacy

To the extent the Supplier will process personal data on behalf of the Customer, the parties shall follow the terms and conditions of a data processing schedule, which will be attached to the Contract. In other respects, each party shall comply with applicable privacy and personal data legislation on its own behalf and shall ensure that its own operating environment is protected against data security threats in accordance with adequate data security procedures.

Article 9 – Confidentiality

Each party shall keep the other party’s trade secrets and other confidential information as strictly confidential, shall not disclose it to any third party, and shall not use it for any unauthorized purposes. The obligations of confidentiality shall survive the termination of the Contract. Unless otherwise agreed, the Supplier shall be entitled to use the Customer as its public customer reference regardless of the obligation of confidentiality.

Article 10 – Intellectual property rights

All intellectual property rights to material delivered by or on behalf of the Customer will remain the exclusive property of the Customer. The Customer is responsible for ensuring that the delivery of the material does not infringe any third-party rights or violate any applicable laws. The Supplier shall be entitled to use such Customer’s material only for the purpose of providing the Service and improving or optimizing the Service. All intellectual property rights to the results generated through the use of Service on the basis of the Customer’s data will remain the exclusive property of the Customer. All intellectual property rights relating to the Service and underlying software, including feedback given and suggestions for improvements made by the Customer or the users, will remain the exclusive property of the Supplier or its licensors.

In case the Contract is terminated, all material delivered by or on behalf of the Customer is deleted within 60 days of the Contract termination.

Article 11 – Limited warranty

Unless the parties have agreed upon separate service level terms in the Contract, the Service is provided on an ‘as-is’ and ‘as-available’ basis, and the Supplier will not give the Customer any warranty or guarantee, express or implied, for the Service or the results generated through the use of the Service, including but without limitation to warranties of merchantability, fitness for any particular purpose, or performance. Regarding training and other professional services related to the Service, the Supplier warrants to provide them using professional skill and care, and as a sole and exclusive remedy for defective professional services shall promptly correct any defects in such services or repeat the defective services.

Article 12 – Limited liability

The Supplier will be liable for direct damage which the Supplier has caused to the Customer through the negligent or intentional breach of the Contract up to the aggregate amount equal to the calculator monthly price of the Service at the time of a damaging event multiplied by six or, with regard to the professional services, up to the total amount paid by the Customer for such services. The Supplier will not be liable for any indirect, special, consequential, punitive, or incidental damage, or loss of revenue, profit, or data. These limitations will not apply to damage caused by fraud, intentional misconduct, or gross negligence. In order to be valid and enforceable, all claims by the Customer for damages must be made within one month from the date the damage was or should reasonably have been noticed by the Customer.

Article 13 – Assignment and third-party benefits

The Supplier may use subcontractors and assign the Contract in whole or in part to another group company or in connection with the trade sale which includes the provision of the Service. The Customer may assign the Contract with the Supplier’s prior written consent which the Supplier will not unreasonably withhold. The Contract will not create any third-party beneficiary rights in any third party.

Article 14 – Temporary suspension

If the Customer, or its employee or other authorized user has breached the provisions of the Contract or the Supplier has justifiable reasons to believe such a breach exists, the Supplier may temporarily suspend the provision of the Service. The Supplier shall also promptly notify the Customer of the suspension.

Article 15 – Termination for convenience

The Contract may be terminated for convenience by the Customer by giving a 1-month written notice, and by the Supplier by giving a 3-month written notice. The period of notice shall be calculated from the last day of the month during which the notice of termination was given.

Article 16 – Termination for cause

Either party may terminate the Contract with immediate effect if the other party has materially breached the provisions of the Contract and has failed to rectify the breach within a 15-day period from the receipt of a written notice thereof. In addition, each party may terminate the Contract with immediate effect by giving the other party a written notice if the other party files a petition in bankruptcy, becomes insolvent, bankrupt, or makes a general assignment for the benefit of creditors or goes into liquidation or receivership.

Article 17 – Refunds

The Supplier will refund advance payments made by the Customer only if the Customer has terminated the Contract due to the Supplier’s breach of the Contract or if the Supplier has terminated the Contract for any reason other than the Customer’s breach of the Contract. In such case the Supplier will refund an advance payment to the extent it corresponds to time after the termination of the Contract.

Article 18 – Entire Agreement and Amendments

The Contract constitutes the entire agreement and supersedes all previous commitments between the parties regarding the provision of the Service. Supplier may amend and/or update these Terms with future effect from time to time and as necessary for technical, economic or legal reasons.

Any revision of these Terms shall be announced to Customer in text form (simple email shall suffice) no later than thirty (30) days before their proposed effective date.

Customer may either approve or object to the revision before their proposed effective date. The revision shall be deemed approved by Customer, unless Customer objects in writing to the revision no later than ten (10) days before the proposed effective date and provides justification as to why the revision cannot be approved by Customer. Supplier shall expressly inform Customer thereof in the respective announcement. If the Customer has objected to the revision, the Supplier shall be entitled to terminate the Contract to end on the proposed effective date by sending a written notice of termination to the Customer on or before the proposed effective date.

Article 19 – Non-Waiver

The party’s failure to enforce any provision of the Contract will not be deemed to constitute a present or future waiver of such provision. All waivers must be made in writing.

Article 20 – Force Majeure

Force Majeure is an event that prevents, or makes unduly difficult, the performance of the Service or related services, or the fulfilment of the provisions of the Contract, such as war, rebellion, natural catastrophe, general interruption in energy distribution or telecommunications, epidemics, fire, strike, embargo, or another equally significant and unforeseen event independent of the parties. Each party shall be entitled to suspend its duties without liability thereof in case of Force Majeure affecting the party either directly or through its subcontractor.

Article 21 – Severability

Should any provision of the Contract be declared unenforceable by a court of competent jurisdiction, the remaining provisions of the Contract will remain in full force and effect to the fullest extent permitted by law. The parties shall attempt through negotiation in good faith to replace the unenforceable provision with such provisions that correspond as closely as possible to the original intention of the parties.

Article 22 – Governing Law and Arbitration

The Contract will be governed by the substantive laws of Finland, excluding any conflict of law principles in any jurisdiction. Any and all disputes, which the parties have failed to settle amicably, arising out of, or relating to the Contract will be finally settled by arbitration in English language in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The dispute shall be resolved by a sole arbitrator. The award of the arbitration will be final and binding upon the parties. However, claims for non-payment of monetary charges may be submitted to the district court of the respondent’s place of domicile provided the respondent has not contested its payment obligation with justified grounds. Furthermore, nothing in the Contract shall be deemed to limit the parties' rights to seek interim injunctive relief or to enforce an arbitration award in any court of law.