nebulaSUITE
Last updated: 12 November 2018
ONE
The Applicant, natural person who for the purposes of these general conditions acts on behalf of the Client, REQUESTS from VINTEGRIS, the provision of the nebulaSUITE service. nebulaSUITE includes the following services:
| Service Name | Description |
| nebulaUSERS | User management service |
| nebulaCERT | Centralized certificate management service |
| nebulaACCESS | Multifactor dynamic authentication service |
| nebulaSIGN | Digital signature storage service |
| nebulaSNE | Digital notification management service |
| nebulaDISCOVER | Digital certificate discovery service |
| Certification authority | Certificate issuing service qualified according to EU Regulation 910/2014 of 23 July, 2014 |
The services indicated are provided by VINTEGRIS in SaaS mode after their selection by the Client or licensee, using various computer applications owned by VINTEGRIS located on a technological platform to which the Client will have access, once the relevant licenses for use have been granted.
TWO
These General Terms of Service (General Conditions) are implemented subject to current regulatory legislation, including as applicable, Regulation (EU) No. 910/2014, of 23 July and European Union and Spanish legislation developed therefore, to their own agreements, and to the Certification Practice Statement (CPS) in force at the moment of the issue of the certificates, which can be found updated at the Internet address www.vintegris.com/types-certificates
The territorial scope of these General Conditions is limited to Spain, the Client can access the nebulaSUITE technological platform from anywhere in the world via the Internet.
THREE
The Applicant, at the time of requesting nebulaSUITE services and in accordance with the legislation in force, has been informed of the precise instructions for the use of the services, the limitations of use and the way in which VINTEGRIS limits its possible liability, as well as the sufficient authorization of VINTEGRIS, and the relevant dispute resolution procedures, and has expressly accepted them, for the purposes of that indicated in articles 5 and 7 of Law 7/1998, of 13 April, on general conditions of contracting.
FOUR
nebulaSUITE services are specifically regulated by the following service documentation:
1st) These General Conditions
2nd) Annex I “Specific Terms of nebulaSUITE Services”
3rd) Annex II “Service Level Agreements (SLA)”
4th) CPS of the Certification Authority of VINTEGRIS
FIVE
The Client will pay the corresponding sum for the services referred to in these General Conditions in accordance with the prices approved and published by VINTEGRIS at any time, and whose current value is indicated in the Financial Proposal approved by both parties prior to the start of the provision of nebulaSUITE services.
SIX
The validity of these General Conditions is that corresponding to the service provided.
SEVEN
Termination of the services
a. If the Services are cancelled (either at the request of the Client or VINTEGRIS), the right to access the Services will cease immediately and the license to use the software related to the Services will end.
b. To cancel the Services, go to the VINTEGRIS subscription page, or contact the Client Support Service at soporte@vintegris.com.
The Client must take into account that (i) he/she may be required to pay cancellation charges; (ii) he/she may be required to pay all charges made to their billing account for the Services before the cancellation date, and (iii) he/she may lose access to their account and may not use it when they cancel the Services. If the Client cancels the Services, these will end on the final date of the current Service period or, if we charge invoices to their account periodically, at the end of the period in which the cancellation was made.
Non-payment implies the cancellation of the service in the indicated terms.
EIGHT
License to use Software.
Unless accompanied by an independent license agreement between VINTEGRIS and the client, any software provided by VINTEGRIS as part of the Services is subject to these Terms:
a. The right to use license is granted in relation to the nebulaSUITE service mode contracted. The software or website that is part of the Services may include third-party code. Any script or code belonging to third parties, linked to the software or website or referred to from these, is granted under license by the third party owners of such code and not by VINTEGRIS. Notifications that may be included in this document regarding third party code are for informational purposes only.
b. The nebulaSUITE service is provided under license of use and is not sold. VINTEGRIS reserves all rights to software that VINTEGRIS does not expressly grant under these Terms. This license does not grant any rights with respect to the following; specifically, the Client may not do the following if it is not authorized by VINTEGRIS:
i. Avoid or omit the technical protection measures that the software or the Services contain or that are related to them;
ii. Disassemble, decompile, decrypt, hack, emulate, exploit a vulnerability or reverse engineer the software or any other aspect of the Services that is included therein or accessible through them, except and only to the extent that said activity is expressly permitted by the applicable intellectual property law;
iii. Separate the components of the software or the Services to use them in different devices;
iv. Publish, copy, rent, lease, sell, export, import, distribute or loan the software or the Services;
v. Transfer software, software licenses or rights to access or use the Services;
vi. Use the Services in an unauthorized manner that may interfere with their use by any other person or with their access to services, data, accounts or networks;
vii. Allow access to the Services or modification of devices authorized by VINTEGRIS by unauthorized third-party applications.
NINE
Limitation of Liability
a. VINTEGRIS will not be responsible for the contents, including links to third-party websites and the activities provided by users. Such content and activities are not attributable to VINTEGRIS nor do they represent the opinion of VINTEGRIS.
b. VINTEGRIS will only be liable if the material obligations of the Contract are infringed or if otherwise required by applicable law.
c. VINTEGRIS shall not be liable for any indirect loss or damage, including financial loss, such as loss of profits, unless VINTEGRIS or its legal representatives have committed, at least, some gross negligence or wilful misconduct.
d. VINTEGRIS will not be responsible for the breach or delay in the execution of its obligations under these Terms to the extent that such breach or delay derive from circumstances that exceed the reasonable control of VINTEGRIS (for example, labour conflicts, natural phenomena, wars or terrorist activities, malicious damage, accidents or compliance with applicable legislation or governmental provision). VINTEGRIS will make every effort to minimize the effects of such events and fulfil their obligations that are not affected by them.
Neither party shall be liable for any indirect, incidental, special, punitive or consequential damages, or for any loss of profits, revenues (excluding fees due under this Agreement), data or data usage.
The total liability of VINTEGRIS for any damage derived from, or in any other way related to this Agreement, whether contractual or non-contractual or otherwise, will be limited to the amount of the rates that have been paid to VINTEGRIS for the Services regulated in the contract that gives origin to the liability during the period of twelve (12) months immediately prior to the event giving rise to said liability, minus any refunds or credits that may have been received from VINTEGRIS under the contract.
TEN
Intellectual Property
The Program, as well as all its documentation and / or information concerning it, is the exclusive property of VINTEGRIS or, where appropriate, of the Software Providers of VINTEGRIS. VINTEGRIS or its Software Providers are responsible for all intellectual property rights and copyrights relating to the Program, documentation, as well as any other work, program and / or product that is delivered by VINTEGRIS to the user in compliance with this Agreement.
The licensee may not reverse engineer, decompile, or disassemble all or part of the Program, any form of access to the source code thereof being strictly prohibited. Likewise, the Client will refrain from deleting, modifying or altering in any other way the mentions of reservation of rights in favour of the licensor, as well as, among others, the name, logo or brand that identifies the latter entity in all documentation that is provided in any format in the context of this Agreement.
The licensee must notify VINTEGRIS of any possible infringement of the rights of the licensor as soon as it becomes aware of it, VINTEGRIS being the only beneficiary of the possible compensations granted under any procedure.
The Client may not create digital “links” with the services described in this Agreement, nor adapt or duplicate any content of the Program on any other server or wireless device; or access the product or services subject to these General Conditions in order to create a competitive product or service, or create a product using ideas, features, functions or graphics similar to the services provided in it.
ELEVEN
Personal data protection
Scope: The terms of this section apply to all nebulaSUITE Services, which are governed by the terms of privacy and security referred to in the Specific Terms of the corresponding nebulaSUITE Services.
Client Details: In these General Conditions, Client Data is understood to mean personal data of individuals or interested parties that are incorporated into the databases of each service, as well as those that may be generated and maintained in nebulaSUITE services.
Client Data Processing; Property:
The Client Data will be used only to provide the Client with nebulaSUITE Services that include purposes compatible with the provision of said services. VINTEGRIS will not use the Client Data – nor will it derive information from them – for advertising purposes or similar commercial purposes.
As regards the parties, the Client retains all rights, ownership and interests over its data. VINTEGRIS does not acquire rights over the Client’s Data, except for the rights that the Client grants to VINTEGRIS to provide the NebulaSUITE Services to the Client. This paragraph does not affect the rights of VINTEGRIS over the software or services that VINTEGRIS licenses to the Client.
Disclosure of Client Data:
VINTEGRIS will not disclose Client Data outside VINTEGRIS, except (1) as indicated by the Client, (2) as described in these General Conditions or (3) as required by Law.
VINTEGRIS will not disclose the Client’s Data to the judicial authority, unless required by law. In the event that the judicial authority contacts VINTEGRIS for the purpose of requesting Client Data, VINTEGRIS will attempt to urge the competent authority to request the data directly from the Client. If VINTEGRIS is forced to disclose Client Data to the judicial authority, it will immediately notify the Client and provide a copy of the request unless prohibited by current legislation.
Once the request for Client Data has been received from a third party, VINTEGRIS will notify the Client immediately, unless prohibited by current legislation. VINTEGRIS will reject the application, unless the law requires compliance with it. If the request is valid, VINTEGRIS will attempt to redirect said third party to request the data directly from the Client.
VINTEGRIS will not provide third parties: (a) direct, indirect, or general access to Client Data; (b) the platform encryption keys that are used to protect the Client Data or the ability to decipher such keys; nor (c) any type of access to Client Data if VINTEGRIS is aware that said data will be used for purposes other than those indicated in the third party’s application.
To carry out the provisions of the preceding paragraphs, VINTEGRIS may provide third parties with the Client’s basic contact information.
Personal data of the licensee, applicant or client:
Your personal data will be subject to automated data processing for which VINTEGRIS is responsible, and the purpose of which is management, administration, maintenance (including the performance of satisfaction checks and surveys), updating of contracted services and marketing of new services.
The data will be processed under the legal basis of the execution of a contract (for the management and administration of the contractual relationship) and legitimate interest (for the marketing of new services, the increase of business relations between the parties being the legitimate interest of the responsible party). The data will be kept for the time that the contractual relationship is maintained.
Processing of Personal Data: VINTEGRIS complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
The Personal Data provided to VINTEGRIS by or on behalf of the Client through the use of the Service is Client Data.
A) Roles and Responsibilities
For the purposes of these Terms regarding personal data, the Client and VINTEGRIS agree that the Client is responsible for the processing of the Personal Data of the Client and that VINTEGRIS is the manager of said data, with the exception that (a) if the Client is acting as manager, then VINTEGRIS acts as a sub-manager, or (b) if otherwise established in the specific terms of the nebulaSUITE Services. VINTEGRIS will process the Personal Data only according to the Client’s documented instructions. The Client accepts that its license agreement, together with the use and configuration that the Client makes of the functions present in the NebulaSUITE Services, constitute the final and complete documented instructions that the Client provides to VINTEGRIS with respect to the processing of the Personal Data. Any additional or alternative instructions will have to be agreed according to the procedure to modify the volume licensing agreement of the Client.
B) Processing
The parties acknowledge and agree that:
- The processing will have the same duration as the Client’s right to use the NebulaSUITE Services and until all Personal Data is removed or returned in accordance with the Client’s instructions or the terms of these General Conditions.
- The nature and purpose of the processing will consist of providing the Online Service in accordance with these General Conditions and other applicable documentation;
- The types of Personal Data processed by the nebulaSUITE Services include those expressly identified in Article 4 of GDPR; and
- The categories of interested parties are the representatives and end users of the Client, such as their employees, contractors, collaborators and Clients.
C) Rights of the Interested Parties; Help with Applications
VINTEGRIS will make available to the Client in a manner consistent with the functionality of the Online Service and the role of VINTEGRIS as the person in charge of processing Personal Data, the ability to satisfy the requests of interested parties with respect to the exercise of their rights recognized by GDPR. VINTEGRIS will satisfy any reasonable requests that the Client presents to assist him/her in responding to the aforementioned requests of the interested parties. If VINTEGRIS receives a request to exercise one or more of its rights recognized by GDPR, in relation to an Online Service for which VINTEGRIS is Manager or Sub-manager of data, VINTEGRIS will redirect the interested party to make its request directly to the Client. The Client will be responsible for responding to any request, including, where necessary, the use of the Online Service functionality. VINTEGRIS will satisfy any reasonable requests that the Client presents to assist him/her in responding to the aforementioned requests of the interested parties.
D) Activities Processing Record
VINTEGRIS will keep all the records required by Article 30, section 2, of GDPR and, insofar as applicable to the processing of Personal Data that it carries out on behalf of the Client, it will make said records available to the Client when it so requests.
Data security:
A) Security Practices and Policies
VINTEGRIS will implement and maintain the corresponding technical and organizational measures to protect the Client’s Data and Personal Data. These measures will be stipulated in a VINTEGRIS Security Policy. VINTEGRIS will make this policy available to the Client, as well as the descriptions of the security controls for the Online Service and other information reasonably requested by the Client with respect to the security policies and practices of VINTEGRIS.
In addition, these measures will comply with the requirements established in ISO 27001. VINTEGRIS can add industry or government standards at any time. VINTEGRIS will not eliminate ISO 27001, unless they are no longer used in industry and replaced by a successor (if any).
B) Client Responsibilities
The Client is solely responsible for making an independent decision regarding the technical and organizational measures for the NebulaSUITE Service to comply with the Client’s requirements, including the security obligations under the GDPR or other applicable data protection laws and regulations. The Client acknowledges and accepts that (taking into account the technical status, the costs of implementation, and the nature, scope, context and purposes of the processing of its Personal Data, as well as the risks to persons) the practices and security policies implemented and maintained by VINTEGRIS provide a level of security appropriate to the risk with respect to its Personal Data. The Client is responsible for the implementation and maintenance of the privacy protections and security measures for the components that the Client provides or controls in his/her case.
C) Compliance Audit
VINTEGRIS will conduct audits of the security of the equipment, the computing environment and the physical data centres used in the processing of Client Data and Personal Data, as follows:
- When a standard or framework establishes audits, an audit of said framework or control standard will be initiated at least annually.
- Each audit will be conducted in accordance with the standards and rules of the regulatory or accrediting body corresponding to each applicable control framework or standard.
- Each audit will be carried out by third-party auditors, that are independent and qualified in matters of security, to be chosen and paid by VINTEGRIS.
In the event that the Client so requests, VINTEGRIS will provide the Client with each VINTEGRIS Audit Report. The VINTEGRIS Audit Report will be subject to the distribution and non-disclosure limitations of VINTEGRIS and the auditor.
If the Client has concluded the standard data protection clauses for the transfer of personal data to data controllers established in other countries that do not guarantee a sufficient level of data protection, as described in Article 46 of the GDPR (hereinafter, Standard Contractual Clauses) with VINTEGRIS or if the GDPR Terms apply, the Client agrees to exercise its right to audit by directing VINTEGRIS to perform the audit as described in this section. If the Client wishes to change this instruction, the Client has the right to do so as stipulated in the Standard Contractual Clauses and in the GDPR Terms, and must request it in writing.
If the Standard Contractual Clauses are applicable, this section is additional to that provided in Clause 5, paragraph f, and in Clause 12, paragraph 2, of the Standard Contractual Clauses.
These General Conditions do not change or modify the Standard Contractual Clauses or the Terms of the GDPR nor does it affect any right of the supervisory authority or the affected data owner under the Type Contractual Clauses or the GDPR. This section is stipulated in favour of VINTEGRIS as third party beneficiary.
Security Incident Notification:
If VINTEGRIS were aware of a security breach resulting in the destruction, loss, alteration, unauthorized disclosure of, or accidental or illegal access to the Client Data or Personal Data during its processing by VINTEGRIS (each one a “Security Incident”), VINTEGRIS, in a timely manner and without undue delay, (1) will notify the Client of the Security Incident; (2) investigate the Security Incident and provide the Client with detailed information about the Security Incident; and (3) will take reasonable measures to mitigate the effects and to minimize the damage resulting from the Security Incident.
The Security Incident notifications will be sent to the Client through any means selected by VINTEGRIS, including email. It is the sole responsibility of the Client to ensure that accurate contact information is maintained in each NebulaSUITE Service at all times. The Client is solely responsible for complying with their obligations under the incident notification laws applicable to the Client and for complying with the third party notification obligations related to any Security Incident.
VINTEGRIS will employ reasonable efforts to assist the Client in complying with their obligation under Article 33 of the GDPR or other applicable law or regulation, to notify the corresponding supervisory authority and interested parties about said Security Incident.
The obligation of VINTEGRIS to notify or respond to a Security Incident as provided in this section does not constitute acknowledgment by VINTEGRIS of any breach or liability with respect to the Security Incident.
The Client must notify VINTEGRIS, without delay, about any possible misuse that may have occurred in their accounts or authentication credentials, or about any security incident related to an Online Service.
Transfers and Location of Data
A) Data Transfers
The Client designates VINTEGRIS to store and process the Client Data and Personal Data for the purpose of providing the nebulaSUITE Services.
All Transfers of Client Data outside the European Union, the European Economic Area and Switzerland, where applicable, shall be governed by the Standard Contractual Clauses referred to in the GDPR, unless the Client has chosen to be excluded from those clauses.
VINTEGRIS will comply with the requirements established by the data protection laws of the European Economic Area and Switzerland in relation to the collection, use, transfer and other activities for the processing of Personal Data from the European Economic Area and Switzerland. All transfers of Personal Data to a third country or to an international organization shall be subject to the relevant guarantees as described in Article 46 of the GDPR and such transfers and guarantees shall be documented in accordance with Article 30, paragraph 2, of the GDPR.
B) Location of Client Data
For the provision of cloud services, VINTEGRIS uses Data Processing Centres (hereinafter “DPC”), in the area of the European Union (hereinafter “EU”). The DPCs located outside the indicated territory, may only be used for the provision of the service contracted in the case that they are regionalized.
In no case will the DPCs be located in locations that could involve infraction:
- Of the legislation with respect to the obligations imposed by Spanish Law.
- Of the legislation of the country of final destination of the data by transfer thereof.
- Of the legislation of the country of transit or temporary location of the data.
Specifically, the data will not be located in a jurisdiction where it is not possible to prevent infringing or criminal activities in relation to the Client’s data, or with third parties.
Data Retention and Deletion:
At all times during the term of its subscription, the Client may access the Client Data stored in the NebulaSUITE Service, as well as the ability to extract and delete them.
VINTEGRIS will keep the Client Data that is still stored in the nebulaSUITE Services in an account with limited functionality during the sixty (60) days following the expiry or termination of the Client’s subscription, in such a way that the Client can extract the data. After the end of the sixty (60) day retention period, VINTEGRIS will deactivate the Client’s account and eliminate the Client Data and Personal Data within a period of ninety (90) additional days, unless the applicable law requires VINTEGRIS to retain these data.
In cases where for any reason the client does not have any access to their account, VINTEGRIS will put alternative mechanisms at their disposal so that the extraction of the Client’s Data can be carried out.
VINTEGRIS will not incur any responsibility for deleting the Client Data or Personal Data as described in this section.
Commitment of Confidentiality of the person in charge of processing: VINTEGRIS will ensure that the personnel involved in the processing of Client Data and Personal Data (i) only treat such data according to the Client’s instructions, and (ii) have the obligation to maintain the confidentiality and security of such data, even after these people cease in their roles.
Notifications and Controls of use by Sub-managers:
VINTEGRIS may hire third parties to provide certain limited or ancillary services on their behalf. The Client gives his/her consent for the interaction of these third parties with the VINTEGRIS Subsidiaries (where applicable) and Sub-Managers. The previous authorizations will constitute the prior written consent of the Client for the subcontracting by VINTEGRIS of the processing of Client Data and Personal Data, in case such consent is required under the Standard Contractual Clauses or the Terms of GDPR.
VINTEGRIS is responsible for compliance by the Assistant-manager of the obligations that VINTEGRIS assumes in these General Conditions. VINTEGRIS will report on the Sub-managers on a VINTEGRIS website. When interacting with any Sub-manager, VINTEGRIS will guarantee through a written contract that the Sub-manager will be able to access and use the Client Data or Personal Data, only to provide the services for which VINTEGRIS has hired them, and they are forbidden to use said Client Data or Personal Data for any other purpose. VINTEGRIS will ensure that the Sub-managers are bound by written contracts that oblige them to provide, at least, the same level of data protection that is required of VINTEGRIS in these General Conditions.
VINTEGRIS may interact with new Sub-managers. VINTEGRIS will provide the Client with a notification (by updating the website and providing the client with a method to obtain notification of such update) of any new Sub-manager at least fourteen (14) days before providing the Sub-manager with access to the Client’s Data or Personal information.
If the Client does not approve the incorporation of a new Sub-manager, the Client may terminate the subscription related to the affected Service, without any penalty. To do so, before the end of the relevant notification period, the Client must provide VINTEGRIS with a notice of termination that includes an explanation of the reasons for not approving. If the affected Service is part of a joint service contract, the termination will apply to the entire suite. Upon termination, on any subsequent invoice issued to the Client or their reseller, VINTEGRIS will cancel the payment obligations associated with any subscription related to the nebulaSUITE Service that has been terminated.
How to contact VINTEGRIS:
If the Client considers that VINTEGRIS is not complying with its privacy or security commitments, the Client can contact client support through the email address soporte@vintegris.com or use the VINTEGRIS Privacy web form, which is located in vintegris.com.
The postal address of VINTEGRIS is:
Víntegris Madrid
Calle Isabel Colbrand, 10-12
Oficina 108
28050 Las Tablas
Madrid
Spain
Víntegris Barcelona
Carrer Pallars, 99
Planta 3
Oficina 33
08018 Barcelona
Spain
TWELVE
Service level agreements The Service Level Agreements are detailed in Annex II “Service Level Agreements (SLA)”.
THIRTEEN
The clauses of these General Conditions are independent of each other, which is why if any clause is considered invalid or unenforceable, the rest of the clauses shall continue to be applicable, unless expressly agreed otherwise by the parties.
The Client can notify via an email sending procedure to the following VINTEGRIS addresses: soporte@vintegris.com.
FOURTEEN
It is expressly stated that a copy has been delivered in electronic format (by making them available on the website), of all the documentation referred to in these General Conditions..
FIFTEEN
In all matters not foreseen in these general conditions, agreement will be regulated by Spanish civil and commercial legislation. The competent jurisdiction is that indicated in Spanish law 1/2000, of 7 January, on Civil Procedure. In case of discrepancy between the parties in relation to the interpretation or compliance with these General Conditions, the parties will first attempt to reach a friendly resolution. If the parties do not reach an agreement in this regard, either may submit the dispute to the civil jurisdiction, adhering to the courts of the registered office of VINTEGRIS, and where appropriate, the consumer, in the event that the subscriber acts in said condition as indicated in Royal Legislative Decree 1/2007, of 16 November, which approves the revised text of the General Law for the Defence of Consumers and Users and other complementary laws.
Further information on dispute resolution is available at the Internet address www.vintegris.com
SIXTEEN
Cessation of Operations. In the event that VINTEGRIS unexpectedly ceases its commercial operations, all reasonable efforts will be made to notify the client with the maximum advance notice and to put at its disposal mechanisms for the recovery of its personal data and audit records. This does not include services related to the VINTEGRIS Certification Entity that has a detailed cessation plan in the service’s CPS.
ANNEX I
Specific Terms of the nebulaSUITE Services
1. nebulaUSERS Terms
1.1. Collection of personal data. The creation of new users involves the collection of the following personal information: name, surname, user ID, email and telephone (optional). This information is treated in accordance with the provisions of the tenth clause of the nebulaSUITE General Conditions.
1.2. Integration with corporate user repository. The personal information imported to nebulaUSERS from the corporate repositories is used and stored in the same way as the information collected directly. In no case is information that could put the user’s security at risk, such as the password recovered from client’s corporate systems.
1.3. Distribution of proprietary software. All the client software and/or documentation published on the nebulaUSERS website follows the licensing and usage model detailed in the eighth clause of the nebulaSUITE General Conditions
2. nebulaACCESS Terms
N/A
3. nebulaCERT Terms
3.1. Legal compliance. The nebulaCERT service, unless otherwise specified, is configured in Advanced mode, which means that its signature engine produces advanced digital signatures according to Regulation (EU) 910/2014 of 23 July, 2014. For this, the certificates that are imported or issued directly in the system must be recognized and issued by a Trusted Electronic Provider; For more information, consult the European Commission website: https://webgate.ec.europa.eu/tl-browser.
3.2. Issue of qualified certificates. For the configuration and activation of the qualified certificate issuing feature of the VINTEGRIS certification body “vinCAsign nebulaSUITE2 Authority” in any of its forms, the signing of a contract between VINTEGRIS and the client is required. Without the signing of this contract, the Client may only centralize certificates issued with other recognized Certification Authorities.
3.3. Use of qualified certificates. It is the Client’s responsibility to make use of their qualified digital certificates in accordance with the stipulations of the trusted service provider issuing them. The conditions of use of the certificates are detailed in the “acceptance sheet” or contract signed by the certificate holder at the time of its submission. VINTEGRIS will not be held responsible for the consequences of breach of contract between the certificate holder and the issuing certification body
4. nebulaSIGN Terms
4.1. Signature formats. nebulaSIGN allows the most common signature formats to be generated, among which are the CAdES, PAdES and XAdES formats in their different forms. Detailed information on the different recognized signature formats can be found in the electronic administration website:
http://firmaelectronica.gob.es/Home/Ciudadanos/Formatos-Firma.html
5. nebulaSNE Terms
N/A
6. nebulaDISCOVER Terms
6.1 Collection of personal data. During the registration process, the following personal information is collected: name, surname(s), company and email. This information is treated in accordance with the provisions of the tenth clause of the nebulaSUITE General Conditions.
Annex II
Service Level Agreements (SLA)
Definitions
- Error Rate: (i) the total number of internal server or service availability errors returned by each service divided by (ii) the total number of requests during a five-minute period. The Error Rate for each nebulaSUITE account and for each service separately will be calculated as a percentage for each five-minute period in the billing cycle. The calculation of the number of internal server or service availability errors will not include errors that arise directly or indirectly as a result of any SLA exclusion of services, as defined below
- Average Service Availability Percentage (ASAP): calculated as the difference between 100% of the average Error Rates of each 5-minute period of the billing cycle, whatever this is.
- Compensation for Service: this is a credit in Euros, calculated as established in this section, that VINTEGRIS will reimburse the Client in the event that the established service commitments are not met.
Service Commitment
VINTEGRIS will make commercially reasonable efforts to guarantee the availability of services with an Average Service Availability Percentage or ASAP of at least that indicated in the following table for each service. In the event that VINTEGRIS does not comply with the service commitment, the Client may receive compensation as described below.
| Service | PDSM |
| nebulaUSERS | 99,90% |
| nebulaCERT | 99,90% |
| nebulaACCESS | 99,90% |
| nebulaSIGN | 99,75% |
| nebulaSNE | 99,50% |
| nebulaDISCOVER | 99,90% |
Service Compensation
Service Compensation is calculated as a percentage of the total charges paid by the Client for the services that VINTEGRIS is responsible for during the billing cycle, whichever it may be, in which the error has occurred according to the following table.
| Service | PDSM | Porcentaje de Compensación por Servicio |
| nebulaUSERS | Between 98,00% y 99,90%
Less than 98,00% |
10%
25% |
| nebulaCERT | Between 98,00% y 99,90%
Less than 98,00% |
10%
25% |
| nebulaACCESS | Between 98,00% y 99,90%
Less than 98,00% |
10%
25% |
| nebulaSIGN | Between 95,00% y 99,75%
Less than 95,00% |
10%
25% |
| nebulaSNE | Between 95,00% y 99,50%
Less than 95,00% |
10%
25% |
| nebulaDISCOVER | Between 98,00% y 99,90%
Less than 98,00% |
10%
25% |
VINTEGRIS will apply any Service Compensation exclusively against future payments that in some way or other are owed by the Client. At its discretion, VINTEGRIS may pay the Service Compensation directly to the Client’s account. Service Compensation will not entitle the Client to any refund or other payment by VINTEGRIS. A Service Compensation may be applicable and issued only if the amount of compensation for the applicable billing cycle is greater than ten euros (10 EUR). Service Compensations may not be transferred or applied to any other account. Unless otherwise provided, the sole and exclusive legal remedy for any unavailability, failure to perform, or any other inability to provide services will be the receipt of a Service Compensation in accordance with the terms of this document.
Compensation Request and Payment Procedures
To receive a Service Compensation, the Client must submit a claim, opening a ticket through the VINTEGRIS support service. To be eligible, the compensation request must be received no later than sixty (60) days after the billing cycle during which the incident occurred and must include:
a) The words “Compensation Request” in the subject line.
b) The dates and times of each incident of Error Rates claimed for.
c) Its application records documenting the errors and corroborating its claim (any confidential or sensitive information should be deleted or replaced with asterisks).
If the Monthly Activity Time Percentage applicable to the billing period of said request is confirmed by VINTEGRIS and is lower than the established Service Level Agreement, a proportional credit will be issued within the next billing cycle in which the application was confirmed.
If the Client does not submit the request with the information as specified in this section, they will not be eligible to receive compensation for service.
SLA exclusions
The Service Commitment does not apply to any unavailability, suspension or termination of any of the services, or any other performance problem regarding these: (i) resulting from a suspension; (ii) caused by factors beyond the reasonable control of VINTEGRIS, including any event of force majeure or Internet access or related problems beyond its demarcation point; (iii) resulting from any action or omission on the part of the Client or a third party; (iv) resulting from the Client’s personnel, software or any other technology and / or equipment, software or technology of a third party (other than third-party equipment that is under the direct control of VINTEGRIS); (v) resulting from a suspension and termination of the right to use the services by the Client in accordance with the service contract; (vi) that affects test, development, or preproduction environments, or environments with commercial purposes. If availability is impacted by factors other than those used in calculating the Error Rate, then VINTEGRIS may offer service compensation considering such factors at its discretion.
