SaaS terms and conditions (premium)
This premium software-as-a-service (SaaS) terms and conditions document contains all of the provisions in the standard version, but with a number of additions.
The additions include: (i) provisions covering the formal acceptance of the system by the customer; (ii) provisions covering customisation work performed by the service provider; (iii) much more detailed contract management provisions; (iv) optional requirements relating to customer computer systems and networks; and (v) a formal change control procedure.
This template is specifically designed to be used to create terms and conditions type documents. Usually, the specifics will be detailed in a separate document. This style of document is typically used where one party is imposing its standard terms of trading on the other party, and where the terms are not up for negotiation. It may be suitable for use in relation to an online sign-up procedure.
Where one person handles personal data on behalf of another in the course of a business, then both the supplier of the data and the person handling the data must comply with the General Data Protection Regulation (GDPR). Specifically, Article 28 of the GDPR includes a set of mandatory contract clauses. These terms and conditions include relevant clauses. NB the GDPR comes into force across the EU in May 2018.
The document includes a skeleton services order form. This highlights the information that will vary from contract to contract (e.g. customer details). It could be a signed document or a web page generated using information gathered from an online form.Ask about this document
SaaS terms and conditions (premium) contents
- Definitions: definitions.
- Term: commencement of term; end of term (indefinite); each services order form creates distinct contract.
Set Up Services: obligation to provide set up services; set up services timetable; delays in set up services consequent upon second party delays; hosted services set up and intellectual property rights.
- Acceptance procedure: obligation to carry our acceptance tests; assistance with acceptance tests; notification of results of hosted services acceptance tests; hosted services deemed to pass acceptance tests; information upon notice of failure of hosted services to pass acceptance tests; consequences of hosted services acceptance test failure; number of acceptance testing rounds; consequences of acceptance of hosted services.
Hosted Services: provision of hosted services access credentials (acceptance procedure option); grant of licence to use hosted services; limitations on use of hosted services; prohibitions on the use of the hosted services; security of access credentials; availability of hosted services and SLA; hosted services acceptable use policy; no damaging use of hosted services; no excessive use of the hosted services; no unlawful use of hosted services; no access to platform code. Customisations: agreement of parties to customisation (with SoF); rights in customisations owned by first party; rights to use customisations; use of customisations by others.
- Scheduled maintenance: right to suspend hosted services for scheduled maintenance; notice of scheduled maintenance to hosted services; times for provision of scheduled maintenance; maximum aggregate time for scheduled maintenance of hosted services.
Maintenance Services: maintenance services provision; standard of maintenance services; maintenance services in accordance with SLA; suspension of maintenance services. Support Services: support services provision; standard of support services; support services in accordance with SLA; suspension of support services.
- Customerobligations: general second party obligations; access to computer systems.
: compliance of second party computer systems.CustomerSystems
- CustomerData: licence of second party data (hosted services); warranties relating to second party data; back-up of second party data; restoration of second party data.
- Integrations with
Third Party Services: integration of third party services; right to integrate third party services; activation of third party services integration; right to remove third party services integrations;Providernot responsible for supplying third party services;Customerresponsibilities in relation to third party services; charges relating to third party services; no warranties or liability in relation to third party services. Mobile App: mobile App governed by separate terms.
- No assignment of
Intellectual Property Rights: no assignments of intellectual property rights.
- Representatives: instructions given by first party representatives; instructions given by second party representatives.
- Management: management meetings; notice to be given when requesting management meeting; attendance of representatives at management meetings.
Changecontrol: application of section to change requests; request changes at any time; change control notice to be in designated form; actions upon receipt of a change control notice; changes only take effect upon agreement of CCN.
- Charges: obligation to pay charges; time-base charges limitations; amounts inclusive or exclusive of VAT; variation of charges.
- Expenses: obligation to reimburse expenses; collection of evidence of expenses; supply of evidence of expenses.
- Timesheets: obligation to keep timesheets; obligation to supply timesheets.
- Payments: issue of invoices; time for payment of charges following invoice; payment methods; interest on late payments; interest on late payments.
- Confidentiality obligations: first party confidentiality undertaking; second party confidentiality undertaking; disclosure of confidential information to certain persons; exceptions to confidentiality obligations; disclosures of confidential information mandated by law etc; parties to stop using confidential information upon termination; parties to delete confidential information following termination; confidentiality obligations after termination.
- Publicity: limited public disclosures; limited public disclosures by first party; limited public disclosures by second party; confidentiality obligations overriding.
- Data protection: compliance with data protection laws; warranty of Customer's right to disclose personal data (GDPR); details of personal data processed bythe Provider(GDPR); purposes of processing of personal data bythe Provider(GDPR); duration of personal data processing byProvider(GDPR); personal data processed byProvideron instructions (GDPR); authorised international transfers of personal data (GDPR); informingCustomerof illegal instructions (GDPR); personal data processed byProvideras required by law (GDPR); confidentiality obligations onProviderpersons processing personal data (GDPR); security of personal data processed byProvider(GDPR); appointment of sub-processor byProvider(GDPR); authorisation forProviderto appoint sub-processors (GDPR);Providerto assist with exercise of data subject rights (GDPR);Providerto assist with compliance (GDPR); obligation to notifyCustomerof personal data breach (GDPR);Providerto provide data protection compliance information (GDPR); deletion of personal data byProvider(GDPR);Providerto allow audit (GDPR); changes to data protection law.
- Warranties: first party general warranties; hosted services general warranties; warranty of legality of hosted services; hosted services intellectual property infringement warranty; breach of hosted services infringement warranty; second party warranty of authority; exclusion of implied warranties and representations.
- Acknowledgements and warranty limitations: hosted services not error free; hosted services not entirely secure; hosted services compatibility limitation; no legal etc advice with hosted services.
- Indemnities: indemnity upon breach: any provision or specified provisions (with definition); conditions upon first party indemnity; indemnity upon breach: any provision or specified provisions (with definition); conditions upon second party indemnity; limitations of liability vs indemnities.
- Limitations and exclusions of liability: caveats to limits of liability; interpretation of limits of liability; no liability for force majeure; no liability for loss of profits; no liability for loss of revenue; no liability for loss of use; no liability for loss of opportunities; no liability for loss of data or software (subject to back-up obligations); no liability for consequential loss; per event liability cap upon services contract; aggregate liability cap upon services contract.
Force Majeure Event: obligations suspended for force majeure; force majeure notification and information; mitigation of effects of force majeure.
- Termination: termination without cause (optionally assymetric); termination by either party without cause; termination upon breach; termination upon insolvency; termination upon non-payment; rights of termination supplemental or exclusive.
- Effects of termination: surviving provisions upon termination; termination does not affect accrued rights; charges on termination of contract.
- Non-solicitation of personnel: non-solicitation of employees by second party; non-solicitation of employees by first party.
- Anti-corruption: mutual assurance of compliance with anti-corruption laws; mutual obligation to notify anti-corruption law breaches; Provideranti-corruption obligations for associated persons; parties to maintain books and records relating to payments and benefits;Providerto comply withCustomeranti-corruption policy;Providerto maintain anti-corruption policies; mutual co-operation with anti-corruption exercises; document does not prevent of reporting anti-corruption breaches; breach of section constitutes material breach.
- Anti-slavery: mutual assurance of compliance with anti-slavery laws; Provideranti-slavery obligations for associated persons;Providerto comply withCustomeranti-slavery policy;Providerto maintain anti-slavery policies; breach of section constitutes material breach.
- Anti-tax evasion: mutual assurance of compliance with anti-tax evasion laws; Provideranti-tax evasion obligations for associated persons;Providerto comply withCustomeranti-tax evasion policy;Providerto maintain anti-tax evasion policies; breach of section constitutes material breach.
- Notices: contractual notices must be in writing; methods of sending contractual notices; substitute contact details for notices; acknowledgement of notice by email; deemed receipt of contractual notices.
- Subcontracting: no subcontracting without consent; subcontracting permitted; first party responsible for subcontracted obligations; subcontracting of hosting.
- Assignment: assignment by first party; assignment by second party.
- No waivers: no unwritten waivers of breach; no continuing waiver.
- Severability: severability of whole; severability of parts.
- Third party rights: third party rights: benefit; third party rights: exercise of rights.
- Variation: variation in writing and signed, subject to change control.
- Entire agreement: entire agreement: documents; no mispresentation; section subject to caveats to limits of liablity.
- Law and jurisdiction: governing law; jurisdiction.
- Interpretation: statutory references; section headings not affecting interpretation; calendar month meaning; no ejusdem generis.
Schedule 1 (Acceptable Use Policy)
- Introduction: definitions for acceptable use policy; parties to acceptable use policy; agreement to policy by using services; express agreement to policy; services user minimum age under policy.
- General usage rules: no damaging use of services; no unlawful use of services; content must comply with provisions of part.
Content: no unlawful user content: general prohibition; no unlawful user content: specific prohibitions; previous complaints and user content.
- Graphic material: age suitability of user content; no violence in user content; no pornographic user content.
- Factual accuracy: content must be truthful; content must not risk defamation.
- Negligent advice: no professional advice in user content; no negligent advice in user content.
- Etiquette: content appropriate etc; no offensive content; no annoying content; no hostile communications; no deliberate offense; no content flooding; no duplicate content; categorisation of content; appropriate content titles; courtesy to service users.
- Marketing and spam: prohibition on marketing activities; no spam in user content; sending spam using email addresses; no promotion of marketing schemes; avoidance of IP blacklisting.
- Regulated businesses: no gambling-related activities; no pharmaceutical activities; no weapon-related activities.
- Monitoring: acknowledgement relating to monitoring.
- Data mining: no data mining.
- Hyperlinks: no hyperlinks to prohibited content.
- Harmful software: no harmful software; no risky software.
Schedule 2 (Availability SLA)
- Introduction to availability SLA: purpose of hosted services availability SLA; informal definition of uptime.
- Availability: uptime commitment; measurement of uptime; reporting of uptime measurements.
- Service credits: earning service credits; amount of service credits; application of service credits; service credits are sole remedy; service credits upon termination.
- Exceptions: list of exceptions to availablity commitment.
Schedule 3 (Maintenance SLA)
- Introduction: introduction to maintenance SLA.
Maintenance Services: notice of scheduled maintenance to hosted services; times for provision of maintenance services. Updates: notice of SaaS updates; application of platform updates. Upgrades: obligation to release upgrades; notice of SaaS upgrades; application of SaaS upgrades.
Schedule 4 (Support SLA)
- Introduction: introduction to support SLA.
- Helpdesk: helpdesk obligation; purpose of support services helpdesk; access to helpdesk; times of helpdesk availability; all requests for support to go through helpdesk.
- Response and resolution: hosted services support issue categorisation; allocation of support issue severity categories; support response times; contents of response to support request; support resolution times.
- Provision of
Support Services: support services to be provided remotely.
- Limitations on
Support Services: excessive use of hosted services support; misuse of hosted service and support services.
Schedule 5 (Form of
- Introduction: title of change; change control notice number; change proposor; date of change control notice; summary of proposed change.
Changedetails: insert details of change.
- Impact of
Change: impact upon resources; impact upon timetable; impact upon charges; other effects of proposed change.
- Agreement to
Change: acceptance of change by signature; form of signature block for first party; form of signature block for second party.
Schedule 6 (Data processing information)
- Categories of data subject: prompt for categories of data subject.
- Types of
Personal Data: prompt for types of personal data.
- Purposes of processing: prompt for personal data processing purposes.
- Security measures for
Personal Data: prompt for security measures for personal data.
- Sub-processors of Personal Data: prompt for identifying sub-processors of personal data.