Legal

General Terms of Service

RELATED TO MEMOQ TECHNOLOGY, PROVIDED BY MEMOQ LTD. 

Valid from: 22 October, 2024

I. PROVIDER DETAILS

1. Registered details of Provider memoQ Translation Technologies Ltd.

registered seat: Rákóczi út 70-72. II. emelet, Budapest, 1074 Hungary
registry court: Fővárosi Törvényszék Cégbírósága (Company Registry Court of the Court of Budapest)
registry number: Cg. 01-10-140071
tax number: 25429356-2-42
EU VAT ID: HU25429356
contact point: sales@memoq.com
website address: https://www.memoq.com
(hereinafter referred to as ‘Provider’ or ’memoQ’)

2. Contact details of Provider’s customer support

mailing address: Béke sgt. 14., Gyula, 5700 Hungary
e-mail address: support@memoq.com
internet: https://www.memoq.com/en/contact-us
support site: https://support.memoq.com
business hours: Weekdays 9:00 am to 5:00 pm. For helpdesk hours, see section 42.

3. Availability of General Terms of Service in force: The General Terms of Service of the Provider as in force are always published on the website of the Provider (https://www.memoq.com/legal/terms-of-service), in a form that can at all times be retrieved, printed, and copied. In addition, in an e-mail sent to the customer support address, Customers may request that Provider send them an electronic copy of the General Terms of Service.

4. These General Terms of Service apply to the following Services offered by the Provider (hereinafter referred to as Service – for certain definitions, see section 8 below):

a) provision of memoQ TMS and memoQ Linguist software- as-a-service deployments;
b) add-ons to the memoQ TMS software, to the extent they are provided as software-as-a-service deployments or solutions, subject to the conditions and availability limits applicable to the various memoQ TMS plans;
c) automated translation services, including the training and provision of neural machine translation engines and translation automation solutions based on the use of generative artificial intelligence;
d) support and maintenance for subscription services and licensed products (conditions apply).

These General Terms of Service also apply to the delivery of services by memoQ to a Customer when there is a written contract about the business engagement that references these General Terms of Service.

5. Parties to the Service Agreement are the Provider and the Customer: These General Terms of Service apply to customers using or purchasing services listed in section 4. Customer is an individual or an organization that uses services listed in section 4 as part of, in relation to, or to the direct benefit of their profession, trade, or business activity. Services are not designed or intended for use during high-risk activities which include, but are not limited to, use in hazardous environments requiring fail-safe controls, weapons systems, aircraft navigation, control, or communications systems, and/or life support systems.

Services listed in section 4 are not intended and allowed to be used for personal purposes.

If the Customer is a student or professional working in education in a relevant field, or an educational institution, the Customer can access the Service – including functionality usually reserved for paid licenses – for free with an educational license. The Provider reserves the right to allocate such educational licenses. The Customer warrants that information provided in respect of an educational license account is accurate and complete. Otherwise, if the Customer fails to provide adequate information about its educational licenses, the Provider may suspend and remove access to the Service.

6. These General Terms of Service provide details about the rights and obligations of the Customer and the Provider, pertaining to the Services listed in section 4.

7. The Services do not create or, in any other way, imply any third-party rights, and they are not intended to do so either. No third party shall have any right to enforce, or rely on, any provision of the Services, which does or may confer any right or benefit on any third party, directly or indirectly, expressly or impliedly. The Parties expressly exclude the application of any legislation that give, or confer on, third parties any contractual or other rights..

8. The terms below are used in these General Terms of Service with the following definitions:

memoQ TMS: (Translation Management System): a software product offered by Provider that provides for collaborative translation and translation or localization management by sharing resources and managing translation or localization projects. An instance of memoQ TMS may be deployed in one of the following methods:

a) as a public cloud service, when memoQ TMS is deployed as a cloud application, a segregated service endpoint, in a shared environment operated by the Provider within the Microsoft Azure worldwide infrastructure;

b) as a private cloud service, when the memoQ TMS is deployed as a cloud application in a segregated environment operated by Provider, dedicated for the Customer’s exclusive use;

c) as an on-premises configuration, operated by the Customer, when Customer subscribes to or licenses the memoQ TMS software and installs it in Customer’s infrastructure or in a hosting service under Customer’s control.

memoQ Linguista software product offered by Provider, as a computer-assisted translation environment tool, for individuals performing, editing and reviewing translations. It may be accessible both as a desktop client and as a web-based interface.
memoQ AGT (Adaptive Generative Translation): a generative AI-based translation automation solution, a software method performing domain-adapted machine translation by combining the in-context learning ability of large language models (“LLMs”) with the text retrieval functionality of a translation management system (“TMS”).
Composition and changes of version numbers: The memoQ software product has three version numbers (for example, 9.12.1). In this number: 9 is the major version, 12 is the minor version, 1 is the build number.
memoQ package: A compressed file to be downloaded from the https://www.memoq.com website that contains the installation files of a memoQ product.

Update: A new memoQ package where only the build number increases; the new package contains fixes for problems only.

Upgrade: A new memoQ package where the minor or the major version number increases; the new package contains new functionality.

Feature release: A new memoQ package where either the minor version number or both the major and minor version number increase. The new memoQ package contains one or more new features (complex groups of new functionalities).

Maintenance: The availability to Customer of new versions of the memoQ products that Provider releases during the validity period of the support and maintenance service, or the activity by the Provider to update or upgrade the memoQ software on the infrastructure operated by Provider.

Compatible version: A version of the memoQ desktop software that is able to connect a memoQ server of specific version for specific purposes. A project manager’s copy of the memoQ desktop software is a compatible version only if the major version and the minor version is exactly the same as those of the server.

Supported version: A version of the memoQ software that receives updates and fixes from memoQ, and that memoQ provides helpdesk services for. If a version is not supported, updates are not issued and helpdesk is not provided for it, even if the user has a valid SMA. Unless expressly stated otherwise, the latest minor version of the two latest major versions are supported.

Down-level version: A version of the memoQ software that is no longer supported through updates, fixes, or helpdesk. Every version that is not a supported version counts as a down-level version.

Maintenance window: A time period when a memoQ TMS cloud or private cloud system undergoes planned maintenance, upgrade, or update. These activities may cause planned downtime, which shall not count as lack of availability, and shall not be counted against the general availability level of the Service.

Business continuity: Infrastructure, processes, and measures that ensure that business is not lost because of the loss of data or functionality, or the malfunction or unavailability of equipment, network, or software.

9. An individual agreement for a Service (hereinafter referred to as a Service Agreement) may be entered into

a) as a distance contract, through electronic means, over the website of the Provider, or

b) implicitly, by agreement expressed by conduct, or

c) between attending Parties, in writing, at the seat or branch office of the Provider.

Provider and Customer agree any documents to be delivered in connection herewith may be electronically signed, and that any electronic signatures appearing on the documents are the same as handwritten signatures for the purposes of validity, enforceability, and admissibility. Electronic signatures include any data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.

Rules for entering into agreement for specific services are detailed in the corresponding Chapter about each service.

In case of services that require advance payment, the agreement is entered into implicitly and automatically, by Customer making payment for a service period.

10. Registration requirement: As an administrative task of entering into a Service agreement regarding a specific Service, Customer must register at Provider’s website, using their e-mail address. Provider may verify the e-mail address of Customer by sending an activation link in e-mail to Customer. In this case, Customer must activate their registration through this link. In order to enter into a Service Agreement, Provider may require the following details from Customer:

a) Name of individual/contact person

b) Billing name/name of legal entity

c) Billing address

d) Password

e) Customer’s registration number

f) Identification of the court or authority registering Customer

g) Tax number or EU VAT ID

h) Bank account details

i) Billing currency

j) Contact e-mail address (which may be different from the registration e-mail address)

k) Telephone number

To identify Service Agreements, Provider shall assign a serial number, or a unique name, or a unique web address (URL) to each Agreement. The contents of each Service Agreement are available through Provider’s website, under Customer’s account information.

The lack of valid registration does not affect the applicability of these General Terms of Service, if otherwise the requirements of entering into a service agreement in the scope of General Terms of Service are met.

11. Customer represents and warrants that they specify a valid e-mail address that will be reachable and active throughout the term of the Agreement. In the event of a change in contact details, Customer shall promptly notify Provider. Customer acknowledges and accepts that Provider may verify the validity of the contact details with other means. If Customer becomes unreachable through the main contact details for longer than 30 calendar days, Provider may terminate the Agreement and all related services with immediate effect, without refunding any of the service fees.

12. Subscribing to the Service. Payment of the service fee: Services are available at a periodic subscription fee indicated on Provider’s website, in a specific quote or in an individual Service Agreement.

13. Trial:

a) The Provider may make certain Services (such as memoQ TMS or memoQ Linguist deployments) available for a 30-day trial free of charge, so that the Customer may evaluate the Service before concluding a regular subscription.

b) Customer may cancel the trial at any point without specifying a reason.

c) The Customer may convert the trial to a regular subscription by payment of the subscription fee for the selected or agreed subscription period.

d) In case of memoQ TMS trials, if Customer does not conclude a regular subscription until or on the last day of the trial period, Provider will suspend the Service at the end of the trial. Provider shall maintain the corresponding memoQ TMS cloud system in a suspended state for a period of 30 (thirty) calendar days, during which Customer may reactivate the memoQ TMS cloud system by paying the subscription fee for the Service.

e) If Customer does not subscribe to the Service until or on the last day of the trial or the suspension period (whenever applicable), Provider will terminate the Service.

f) Customer may not enroll for more than one trial for the same Service. The same person or organization using a different e-mail address is considered the same Customer. Circumventing this limitation by using different e-mail addresses shall be considered as a breach of these General Terms of Service and may result in the immediate termination of the subscription, as set forth in section 112.

14. Renewal, price change and adjustment of the applicable terms: The Customer may choose to have the subscription automatically renew or terminate upon expiration of its term. If the existing term is longer than one calendar month, the Provider will send a notice of the automatic renewal before the expiration of the term. The Provider may from time to time make changes to the price of subscriptions, including recurring subscription fees, and shall communicate any price changes to the Customers in advance. Price changes will take effect at the start of the Customer’s next subscription period following the date of the price change and, by continuing to use the Service after the price change takes effect, the Customer will have accepted the new price. At the latest upon renewal, the applicability of any previous version of these General Terms of Service to the Customer’s
subscription shall terminate, and the renewed subscription will thereafter be governed by the terms and conditions set forth in the General Terms of Service on the date on which the subscription is renewed (the “Renewal Terms”). If the Customer does not agree to the price change or any Renewal Terms, they may cancel, or decline to renew, the subscription prior to the renewal date or 15 days thereafter.

15. Payment methods: Customer may pay the subscription fees for the Service using a credit card. Customer’s account is charged automatically on the first day of each period, on the same day of the month as the subscription was created. If, instead of regular monthly payment, Customer chooses to pay the subscription fees at once for a period of six months or longer, bank transfer or an online payment method offered by the Provider are also accepted. This shall be agreed and managed between the Customer and the Provider, separately. If automatic payment fails, both
Customer and Provider are notified by the memoq.com portal. Customer shall have a grace period of 3 (three) calendar days to make the payment manually. Should Customer fail to make the payment manually within such 3-day period, the Service shall be suspended until the payment is confirmed. If the payment is not confirmed after the said 3 days, Provider will keep the Service suspended. Provider shall keep the memoQ TMS cloud system in a suspended state for 30 (thirty) more calendar days, during which the Customer may ask Provider to resume the Service, after confirming payment. When the Service is resumed, Provider shall not charge for the period during which the Service was not active.

16. Modification of the subscription The Customer shall be entitled to the Service (in particular, shall remain in the selected memoQ TMS plan and keep the number of licenses, as well as the features and add-ons allocated to the subscription) throughout the subscription
term. However, the Customer may decide to upgrade to a higher plan of memoQ TMS, or subscribe to available additional Services, any time during the subscription term, in which case a pro-rated amount of the subscription fee applicable to the higher plan shall be due for the remaining period of the then-current subscription term.

17. memoQ TMS plans: The memoQ TMS (cf. section 8 above) is available in various plans, each of them tailored to the specific needs of different types of Customers. Depending on the plan, the Customer may choose from certain types of available public cloud, private cloud or on-premises deployments. A subscription to any of the plans shall entitle the Customer to a certain number of Project Manager licenses, as well as to a certain number of Linguist licenses per each Project Manager license. The Provider shall grant the Customer access to the core features of memoQ TMS and shall make available further features and add-ons, either included by default or available optionally for extra charge, depending on the plan chosen by the Customer. The list of deployment types, license numbers, features, add-ons and storage limits available in each plan is indicated, as updated from time to time, at the following website: www.memoq.com/pricing.

18. Limited right to use: The Customer retains all rights to its Content (defined below) and the Provider does not own or license the Customer’s Content. The Provider may view, use, modify, reproduce, process, and distribute the Content to the minimum extent this is necessary to provide and operate the Services. The Customer warrants that (i) they have the right to upload or otherwise share Content, and (ii) the uploading or processing of the Content in the context of the Services does not infringe on the rights of any third party. Each party agrees to apply reasonable technical,
organizational, and administrative security measures to keep Content protected in accordance with industry standards. The Provider shall not view, access or process any of the Content, except: (i) as authorized or instructed by the Customer or its users in this Service Agreement or in any other agreement between the parties, or (ii) as required to comply with the Provider’s policies, applicable law, or governmental request, to enable the Provider to provide the Service and to ensure the highest level of information security and business continuity. “Content” means files, documents, recordings, or similar data that the Provider maintains on the Customer’s behalf, as well as any other information the Customer may upload to the Service account in connection with the Services. The Customer is solely responsible for (i) all use of the Services by the Customer itself, (ii) maintaining lawful basis for the collection, use, processing and transfer of Content, and (iii) providing notices or obtaining consent as legally required in connection with the Services.

19. The Parties’ rights concerning the content uploaded to the Service: The Provider grants the Customer a limited right to use the Service. Customer acknowledges that the Provider or its licensors retain all proprietary rights, titles and interest in the Services, name, logo or other marks, and all related intellectual property rights, including, without limitation, all modifications, enhancements, derivative works, and upgrades thereto. The Customer agrees that it will not use or register any trademark, service mark, business name, domain name or social media account name or handle that incorporates, or is recognizably similar to, any of the above in whole or in part.

20. memoQ TMS version:In a public cloud deployment, the version of the memoQ TMS software in the Service shall always be the latest release of the memoQ TMS product. In the event that Provider releases a new version or a new build, the Service shall be upgraded automatically within 1 (one) to 14 (fourteen) days after the public release. In case of delay, Provider shall inform Customer about the reasons and expected upgrade schedule.

a) Upgrade is mandatory: Provider cannot keep Customer’s memoQ TMS cloud software in an earlier version. As a result, Customer or users designated by Customer may be required to upgrade their copies of the memoQ desktop program. Provider will not guarantee the availability and functionality of the memoQ TMS cloud service from earlier versions of the Desktop Software.

b) When an upgrade or and update is released, Provider will perform the upgrade during the designated daily maintenance time of the memoQ TMS cloud service. Maintenance times are part of the individual Service Agreement, and can be viewed or changed through Provider’s website, under Customer’s account information.
In a private cloud deployment, the version of the memoQ server must be one of the supported versions. However, Customers can decide when they upgrade, and to which supported version.

21. Restriction of the amount of data:The storage occupied by the memoQ TMS cloud in the Customer’s use shall not exceed the respective limits allocated to the Customer’s deployment. When the storage space used by the Customer approaches this limit, Provider shall send a notice and ask Customer to reduce storage use. If necessary, the Provider shall assist with data backup and the reduction of active storage use. If the Customer does not take action to reduce storage use within 15 days from the Provider’s notice, Provider may suspend the Service, and/or offer an upgrade of the Service to a higher plan. If the Customer fails to reduce storage use within further 15 days, or else to subscribe to Provider’s upgrade offer, Provider shall have the right to terminate the Service on a 30-day notice.

22. Acceptable use:By using the Services, the Customer agrees not to (i) modify, prepare derivative works of, or reverse engineer, the Services; (ii) knowingly or negligently use the Services in a way that abuses or disrupts the Provider’s networks, user accounts, or the Services; (iii) transmit through the Services any harassing, indecent, obscene, or unlawful material; (iv) market, or resell the Services to any third party; (v) use the Services in violation of applicable laws, or regulations; (vi) use the Services to send unauthorized advertising, or spam; (vii) harvest, collect, or gather user data without their consent; (viii) transmit through the Services any material that may infringe the intellectual property, privacy, or other rights of third parties; or (ix) use the Services to commit fraud or impersonate any person or entity.

23. Legacy systems: In respect of memoQ TMS Services subscribed before October 22, 2024, Customers may keep the number of licenses, as well as the features, add-ons and storage limits allocated to them, until the expiry, if any, of their subscription or license period ongoing as of that date or, as regards Customers with perpetual licenses, until the expiry of their then-current SMA period (see Chapter IX below). Thereafter, Provider reserves the right to restrict the availability of certain previously available features and add- ons to certain memoQ TMS subscription plans, in accordance with the offering referred to in section 17 above. Provider further reserves the right to require that the Customer converts its legacy system into a subscription that is aligned with the then-current memoQ TMS subscription plan offering as regards the number of licenses, features, add-ons and storage limits available to the Customer. To the extent the General Terms of Service would not regulate certain questions concerning services that are no longer part of memoQ’s current offering, the version of the General Terms of Service that was in force on October 21, 2024 shall apply.

24. Access to the service: Customer may connect to the memoQ TMS server by one or more of the means and through the network access parameters described in the memoQ TMS documentation (available at https://docs.memoq.com) and applicable to the Customer’s deployment or, as regards private cloud deployments, individually specified by the Provider.

25. Machine translation engines: Provider may create and make available dedicated machine translation engines (as defined in section 8 above) for a Customer’s individual use. Depending on the Provider’s offer available from time to time, the Customer may avail themself of various deployment modes (cloud or on-premises) and various training levels (ranging from pre-trained, stock engines to custom, domain-adapted engines trained on the Customer’s data). Features of an on-premises system may be subject to limitations, due to technical reasons.

26. Engine lifecycle and support:From time to time, Provider may release new versions of its dedicated software platform designed for the training and management of machine translation engines. After the implementation of a new version, engines trained on an older version are supported for 6 additional months starting from the date of release of the new version. At the end of that period, engines reach the end of their supported life cycle and, although they can be technically used for further 3 months, the Provider shall not provide technical support in their respect. After 3 months from the end of the supported life cycle of an engine, engines shall be blocked for translation and must be fully retrained in order to be used again. The different stages in an engine’s life cycle are as follows:

a) The engine is on the latest technical version of the software platform and can be used for translation. It is fully supported.

b) The engine is on the previous technical version of the software platform. It can be used for translation; however, there is a new version available, and retraining might improve the engine. Support is limited to the correction of programming errors.

c)The engine has reached the end of its supported life cycle. It still can be used for translation; however, a full re-training is highly recommended. The engine is no longer supported.

d)The engine can no longer be used for translation until fully retrained.

27. AI Solutions: Provider may also offer various translation automation solutions based on the use of generative artificial intelligence (“AI Solutions”), combining, for example, the use of LLMs with the text retrieval functionality of a TMS (such as memoQ AGT) or with the domain-adapted nature of a custom machine translation engine.

28. LLM provider(s): Provider relies on AI models and LLMs of external provider(s) – currently on Microsoft’s Azure OpenAI, that processes data in Sweden. Provider reserves the right to choose and to modify, at its discretion, the LLMs behind its AI Solutions, and undertakes to inform, with 15-day prior notice, its affected Customers about any change in the LLMs relied on by the AI Solutions in question.

29. Acceptable use: Provider’s AI Solutions shall not be used in any way that violates the codes of conduct, the acceptable use policies or any other similar requirements formulated by the providers of the underlying LLMs. By using the AI Solutions, the Customer represents and warrants that they are aware of, and shall comply with, all the relevant requirements mentioned above. Nor shall Customer use the AI Solutions in breach of any applicable law or regulation, including, but not limited to, the United State’s Health Insurance Portability and Accountability Act (HIPAA) or the Federal Information Security Management Act (FISMA). Customer shall bear exclusive and entire responsibility for their use of the AI Solutions in question, and for a potential breach of any applicable law or other requirement.

30. Data shared with the LLM provider: Customer acknowledges that the data they send for processing through the AI Solutions may be shared with the provider(s) of the relevant LLMs. The Customer shall be fully responsible for the processed data and they shall ascertain that such processing is legitimate. When using the AI Solutions, the terms and conditions and the privacy policies of the LLM providers shall also apply; the Customer represents and warrants that they are aware of, and shall comply with the relevant terms and policies. Customer remains responsible for implementing appropriate abuse monitoring or other mitigations for their use case.

31. Data security and confidentiality: To the best of Provider’s knowledge, based on the relevant LLM provider(s)’ representations, the Customer’s prompts (inputs) and completions (outputs) shall not be available to other customers or third parties; shall not be used to train, retrain or improve LLMs or any third-party products or services; and any LLM relied on by the AI Solution is stateless: no prompts or generations are stored therein. However, Provider expressly disclaims all warranties of any kind or nature in respect of the LLM provider(s)’ representations. Customer remains exclusively responsible for gathering all the relevant information related to the data privacy and confidentiality considerations raised by the use of the given LLM(s), and shall bear exclusive and entire responsibility in connection with the data privacy and confidentiality implications of their use of the AI Solutions.

32. Use of data for service improvement: The Provider may request that the Customer allow access to data, including prompts (inputs) and completions (outputs), processed through the AI Solutions, when such data are necessary to resolve an issue or fix a programming error in the service. Such data may only be used with the Customer’s prior consent and shall not be used for any other purpose.

33. Customer may not access the Service in any manner other than the documented user interfaces and application programming interfaces. In particular, Customer may not reverse engineer, disassemble, or invasively probe the Service or the related downloaded software, for any purpose including but not restricted to, sidestepping or overriding connection or license limits, gaining unauthorized or undocumented access to the service, retrieving non- Customer-related data or code, implementing or using undocumented functionality, or gaining business intelligence.

34. Customer may not develop and publicly offer any derived software products without Provider’s express, prior, written consent. This restriction applies to licensed software as well as software offered in the form of a service (described in section 4). Customer acknowledges and accepts that such use is subject to a separate agreement between Customer and Provider, and is not available at the standard service or license fees.

35. Customer may not redistribute or repackage the Service and the related licensed software, neither directly, nor in a derived form, for third parties as a service or software product offered by Customer, except for the purpose of offering an online service to provide language or translation services to end-users. Customer acknowledges and accepts that such use is subject to a separate agreement between Customer and Provider, and is not included in the standard service or in the license fees.

36. Customer represents and warrants that they are not a direct competitor of Provider, or affiliated with a direct competitor of Provider in any manner. For the purpose of these Terms, a ‘competitor’ is an organization that develops and offers translation productivity technology (except if this activity is restricted to machine translation or business management). ‘Affiliated’ means one of the following: one party owned by the other (either in full or in part); one party controlling another; one party is employed by the other regardless of its contractual background; one party having an employee or contractor who is a board member or executive officer in the other party; parties that have explicit and exclusive partnership agreements; parties are considered affiliated pursuant to the Hungarian Act on Accounting. If Provider receives evidence that Customer is, or aims at, providing translation productivity technologies (except for machine translation or business management) to third parties, or is or plans to be affiliated to such an organization, Provider may terminate the Service with immediate effect, without refunding any service fees.

37. Provider shall monitor the operation of Customer’s cloud Services, provided that Customer has a valid subscription or is otherwise entitled to use the Support and Maintenance Service.

38. Provider shall guarantee a level of availability, in percent of time, of cloud Services. The general level of availability is published on the Provider’s website. The level of availability excludes maintenance windows, which shall not count as lack of availability. (A daily maintenance window is considered as part of the desired operation, and as such, it would not be counted as unavailability. Depending on the size of the system, daily maintenance typically takes only a couple of minutes.)

39. Compensation: if the availability of service, over a 12-month period, falls under the level guaranteed on Provider’s website, Provider shall refund part of the service fee to Customer. Refunds are given at the request of Customer, and for months when the downtime exceeds the level allowed by the availability shown on Provider’s website. The refund is proportional to the time when the service was not available. The maximum amount of refund for a month with excessive downtime is 40% (forty percent) of the monthly service fee. No refund will be paid for months when service availability stays above the guaranteed level.

40. Customer acknowledges and accepts that the backup and maintenance processes of the Service may require downtime for the time of the backup, and that this downtime may not be counted as unavailability of any particular cloud instance, and may not be counted against the availability level defined on Provider’s website. Provider shall conduct security maintenance once a month, which requires up to 2 (two) hours of downtime. This shall not count against the availability level, either

41. Provider will not be required to guarantee the availability of a network connection from any specific location, especially from Customer’s premises, offices, or other places of business, or the accessibility with any equipment. Customer represents and warrants that, on their premises and other places of business, they procure and operate sufficient network connections as required to access and use the Service.

42. Customer acknowledges and accepts that in most cases, the availability of a network connection is out of Provider’s control. However, Provider shall use its best efforts to receive and forward compensation to Customer in the event that the unavailability of a network connection on the Provider’s side prevents the use of the Service at the availability level defined on Provider’s website. Customer acknowledges and accepts that such action on Provider’s part is possible only in the event that the network outage occurs within the infrastructure of the hosting provider where Provider rents physical or virtual devices, and network access.

43. Eligibility criteria: To use the Support and Maintenance Service (hereinafter referred to as “SMA”), Customer must meet the following prerequisites:

a) have a valid, paid subscription for a memoQ TMS or a memoQ translator pro; or

b) use a memoQ TMS or a memoQ translator pro in a trial period that has not expired; or

c) have a perpetual license for a supported version of either memoQ TMS or memoQ translator pro, and have paid the agreed SMA fee for the current service period (hereinafter: ‘have a valid SMA’); or

d) have a valid, paid subscription for Provider’s automated translation services.

44. Content of the Service:

The SMA agreed herein consists of the following components:

a) Product maintenance: Within the period of the Service, Provider shall provide Customer with new numbered versions, as well as maintenance builds (updates), of memoQ software products (memoQ TMS and memoQ translator pro) licensed or subscribed by Customer.

b) Product support: Provider shall provide product support and helpdesk in order to solve issues related to software products or Services licensed or subscribed to by Customer.

c) Installation assistance: At the request of Customer, Provider shall assist with the installation and configuration of on-premises TMS software products licensed by Customer (memoQ TMS on-premises). Installation assistance includes the installation and configuration of a working memoQ TMS, as well as any add-ons licensed. However, installation assistance does not include the implementation of custom functionality or customized workflows, customized settings, customized data processing, or integration with external systems. Customer may access the latter services by ordering Business Services from Provider. Business Services are subject to separate terms and conditions, and are not available under the General Terms of Service.

45. Product maintenance: Upgrades

During the term of the SMA, at Customer’s request, Provider shall grant access to Customer for any new numbered versions of memoQ software products (memoQ TMS and memoQ translator pro) that Customer has licenses for, in the quantity subscribed or licensed by Customer.

a) The upgrades are issued when Customer activates a new version of an eligible memoQ product.

b) Provider always assigns version numbers to all new releases.

c) Provider may display the product version by using a brand name instead of the major and minor version numbers. However, the product version number is always displayed in the respective activation windows of each subscribed or licensed memoQ product.

d) A release is considered different from a previous release if there is a difference in either the major and minor version numbers, or the minor version numbers. Two releases that differ in the build number only are not considered different versions. (Examples: 8.1.6 and 8.2.4 are different versions; 8.2.4 and 8.2.6 are not different versions but different builds.)

46. Upgrades issued to subscription licenses are valid till the end of the subscription period. If an initial license is timerestricted or is a subscription license, the upgrade license shall have the same restriction (with an expiry date of the same day), and it shall be issued only if the expiration time is still in the future at the time of the upgrade. New upgrade licenses issued under the SMA for products subject to a perpetual license shall be valid indefinitely.

47. Product maintenance: Updates
Provider shall issue new releases of existing versions, without releasing a new minor version, that include fixes and improvements over earlier builds. If Customer has a license to a specific version of an eligible product, Customer may apply the updates released for that version, even if Customer has no valid SMA.

48. Discontinuing down-level versions: Provider may discontinue updates for product versions earlier than the newest minor versions for the two newest major versions, without prior notice. If Provider discontinues updates for a product version, issues in that product version will not be fixed by updates. Provider may require Customer to upgrade to a supported product version in order to have specific issues solved.

49. Customer remains entitled to use all product versions for which they have licenses. Customer shall not be required to upgrade to the newest product version in order to continue using earlier versions of the same product.

50. Customers with a valid SMA may apply updates (new builds of existing product versions) by connecting to Provider’s website, and downloading the newest installer package of the same version. Customer may also use the automatic update functionality built into the product.

51. New versions of the same product are not available through automatic updates. To upgrade the product to a newer version, Customers having a valid SMA or a subscription license must connect to the memoQ website, and download the newest installer package of the newer version.

52. Partial upgrade reduces the number of licenses: If Customer owns a memoQ TMS together with a client license pool, and Customer does not agree to pay the full SMA fee, but extends the SMA for a subset of the licenses only, Provider may deactivate or revoke those licenses from the pool where the SMA was not extended. The same happens if Customer has a subscription license, and seeks to reduce the subscription fee. This may be a technical necessity: if the licenses are not valid for a memoQ client version that is compatible with the memoQ TMS system, they will not work without an upgrade.

53. Support and user assistance:
Entitled Customers may contact Provider’s Support and Helpdesk team using one of the following means:

a) By connecting to Provider’s Support website at the address indicated in section 2 above and clicking “Submit a request” to request assistance (preferred)

b) By sending an e-mail to Provider’s Support and Helpdesk team at the e-mail address indicated in section 2 above.

54. Customer shall submit one incident, question, or issue in one email or ticket. Customer shall describe the phenomenon and its impact. Customer must sufficiently document the issue with error messages or screenshots. Customer understands and acknowledges that Provider may not keep the response times if there are more than two questions, issues or incidents described in one message (ticket). Neither may Provider keep the response times if the issue is not sufficiently documented.

55. Provider may change the helpdesk addresses without prior notification. However, changes shall be published in these General Terms of Service, as well as at Provider’s website and in newsletters.

56. When reporting a support incident, Customer shall clearly indicate the urgency of the issue. When the support incident is reported through Provider’s Support website, the priority of urgent tickets must be set to Urgent or Critical. Customer shall not report Critical priority unless they experience a complete service outage. If the support incident is reported in e-mail, the subject line of the e-mail must start with the word ‘URGENT’ or ‘CRITICAL’ to indicate urgency. Customer shall also indicate any delivery times or possible deadlines that they are aware of. Customer shall always indicate urgency in the subject line of the e-mail. An incident where the urgency is referred to in the e-mail body will not be considered urgent or critical.

57. Upon receiving a support incident report, Provider may request further data or documents in order to successfully resolve the incident. Customer understands and acknowledges that, without the requested data or documents, Provider may not be able – and shall not be required – to resolve the support incident.

58. Provider represents and warrants that data and documents received as part of a support incident report shall be used exclusively for resolving the support incident and related errors in the Product. Such data and documents shall not be transferred to third parties other than Provider’s regular subcontractors or technology service provider (a provider of products or services to the Provider who has no involvement in the delivery of the Services but who might, in the provision of such products or services, have access to certain information). Provider represents and warrants that it has entered into sufficient non-disclosure agreements with all regular subcontractors. Provider may retain the documents and resources in the issue tracking databases as long as this is necessary to resolve and follow up on related problems. Both the memoQ support database and the issue tracking system are available to authorized customer support and development personnel only, and they are protected from unauthorized access.

59. If Customer does not respond to a request for data or documents within 72 hours from the last correspondence, Provider’s helpdesk system will automatically close the incident. However, Customer may reopen the support incident by sending an e-mail to the official support e-mail address, quoting the identifier (number) of the support ticket from the last correspondence.

60. In order to resolve a support incident, Provider’s Support and Helpdesk team may request remote view or remote control of one or more of Customer’s computers. Customer understands and acknowledges that without the requested access, Provider may not be able – and shall not be required – to successfully resolve the support incident.

61. Provider represents and warrants that they and their employees or agents shall treat all information viewed or acquired over such access as highly confidential. Provider and their agents shall not record or transmit the information viewed or acquired over a remote viewing or control session.

62. If Customer reports an incident that originates in a known programming error, and that error was resolved in a more recent version of the Product, Provider’s Support personnel may recommend that Customer upgrade to the version containing the solution. Following the recommendation, Provider’s support personnel may close the ticket without providing further assistance.

63. Provider shall not be under any obligation in any circumstances to update a written support response after the support has been provided. Any support provided to the Customer by the Provider in any form is supposed to serve the Customer’s own benefit and information only. The Customer shall not copy, refer to or disclose the support response provided by Provider, in whole (save for the Customer’s own internal purposes) or in part, without the Provider’s prior written consent (unless the disclosure is required by law or by a competent authority). The support response is not intended to be, and must not be, relied on by a third party. Provider will not accept any responsibility or liability to any other person or third party for the support response. Any support response, statement of expectation, forecast or recommendation provided by the Provider as part of the support services shall not amount to determination or prediction of future events or circumstances.

64. Continuity of the Support and Maintenance Service:
When an SMA period expires in respect of a perpetual license to a memoQ product and a new SMA is concluded (subject to the provisions of section 23 above), the new SMA for the same serial number must always follow the previous one: its term shall start on the next day after the expiration of the previous SMA. No time may pass between the expiration of a SMA period and the start of a new SMA term.

For the SMA, or for the subsequent renewal of the SMA, Customer shall pay a yearly service fee. The service fee is calculated and paid as follows:

a) If Customer purchases additional licenses for licensed products under the same product key, the SMA service fee for the product key shall be changed. If the new purchase is made in the middle of a SMA period, Provider shall charge a proportional amount for the next period, for the products licensed over the course of the last SMA period.

b) If a SMA period ends and no new SMA is concluded immediately – that is, if the SMA service lapses for a given product key –, Customer shall pay the SMA service fees for all of the missed years in order to resume the SMA service. A SMA is not valid for one year from the time of purchase – it is valid for one year from the last day of the previous SMA. Example: if the previous SMA ends on January 1, 2024, and the next SMA is concluded on April 14, 2024, the new SMA shall be valid till January 1, 2025.

65. Provider will not provide user assistance in an anonymous manner. Users requesting assistance must identify themselves and provide proof of entitlement.

66. User assistance does not include generic training on the use of the supported memoQ software. Customer may access training as a separate Business Service, or through Provider’s e-learning site, certified trainers or certified training sites that are independent from Provider.

67. User assistance does not include the implementation of custom functionality or customized workflows, customized settings, customized data processing, or integration with external systems. Likewise, user assistance does not include the migration of memoQ TMS or memoQ TMS data to a different system or location when it happens for the Customer’s convenience or at Customer’s request, and is not performed to prevent or mitigate an imminent service outage. Customer may access the latter services by ordering Business Services from Provider. Business Services are subject to separate terms and conditions, and are not available under these General Terms of Service. memoQ TMS and memoQ TMS data migration shall still be part of user assistance if it happens at memoQ’s request, or it is required to resolve an issue.

68. Provider may refuse to assist if the support request is unreasonable, irrelevant, or if its content violates the Provider’s policies, in particular as regards the prohibition of cooperation in respect of hateful, degrading or otherwise unlawful content.

69. Provider’s Support and Helpdesk team shall be available at the following times:

a) On weekdays (from Monday to Friday) 24 hours a day, including public holidays of Hungary.

b) On Saturdays from 10:00am till 6:00pm CET or CEST, with longer response times (see section 42). On Sundays, availability will be provided for incidents marked as ‘CRITICAL’.

70. Customer may access all past and pending issues they have submitted. Customer may not access issues submitted by other customers. Customer support issues that belong to an organization may be visible to all authorized personnel from that organization. Customer may contact Provider’s Support and Helpdesk team if they wish to clarify the group of authorized personnel.

71. Provider offers the following response times from the time of submitting a support ticket, during support working hours:

a) On weekdays (from Monday to Friday), ‘Regular’ or ‘Normal’ tickets shall be answered in 24 (twenty-four) working hours, ‘Urgent’ tickets shall be answered in 8 (eight) working hours, and ‘Critical’ tickets shall be answered in 4 (four) working hours. Customer may expect the first response within the indicated times. The response time does not guarantee the resolution of the support incident. The automated e-mail response acknowledging receipt shall not count as a response.

b) On Saturdays and Sundays, ‘Regular’ or ‘Normal’ tickets shall be answered in 24 (twenty-four) working hours. ‘Urgent’ and ‘Critical’ tickets shall be answered till the end of the support hours, provided that they are submitted at least 3 (three) hours before the end of the support hours.

72. The Service does not include licenses that would allow Customer to operate a memoQ TMS system or any other memoQ product on their premises or by which Customer may access and use the TMS system. Licenses are subject to a separate End-User License Agreement, to be concluded separately. The End-User License Agreement is available on the Provider’s website at https://www.memoq.com/legal/end-user-license-agreement.

73. Scope of access and delegation: Customer may allow third parties to access the memoQ TMS cloud service or a hosted memoQ TMS system under the following conditions and in the following numbers:

a) Customer may allow their employees and contractors to access the memoQ TMS cloud service or hosted memoQ TMS system by one of the means listed in sections 13 and 16, provided that Customer has a license or subscription to use the specific means of access. However, the right to grant access does not create the right to sublicense the Services to these persons or any other third party. Granting access cannot serve the individual professional or business purposes of the employee or contractor.

b) Customer’s representative and appointed administrators may allow access to the memoQ TMS cloud service and hosted memoQ TMS system by means of creating a user account. A user account must represent a person, and must always be used by the person represented.

c) Authorized users who have a user account may not pass on the access credentials to third parties. However, creating a user account does not create the right to sublicense the Services to these persons or any other third party.Authorized users, representatives and appointed administrators of Customer may not attempt to access the memoQ TMS cloud service or a hosted memoQ TMS system in any other means than listed in sections 13 and 16.

d) Customer represents and warrants that the content processed in the memoQ TMS cloud service or a hosted memoQ TMS system, and the method of processing content do not violate the rights of third parties, and do not violate the laws of the country of Customer’s operation or the laws of the country where the system or service is hosted (see section 103). Customer assumes full responsibility for the actions of users to whom Customer grants permission to use the service.

74. Administrative access: Provider retains and reserves the right to access the system or service, and the computer(s) operating the service, for administrative purposes. Provider shall have exclusive administrative access to the infrastructure systems hosting the memoQ TMS systems and the memoQ TMS cloud service, either directly, or through a remote control facility. Customer may not have and may not request administrative access to the infrastructure systems.

75. If Provider is requested to resolve an incident by taking control of one or more of Customer’s computers, Provider shall proceed with the greatest possible care to prevent any loss of data or functionality on Customer’s end, as well as any loss of productivity or business.

76. If loss of data or functionality occurs, and Provider’s responsibility is proven by Customer, and the loss of data or functionality causes loss of business or revenue for Customer, Provider shall be liable for the damage. If the extent and amount of the damage can be documented, and it is proved that the damage is exclusively the result of Provider’s fault, willful, or gross neglect, and it is also proved that the damage cannot be averted or mitigated in any other way, Provider shall be liable for the foreseeable damage, through Provider’s professional liability insurance. However, in these cases (except if the loss or damage is caused by the Provider’s deliberate action or willful negligence) the Provider’s aggregate liability to the Customer, including its contractors and employees, shall be limited to the proportional amount of 1.5 times the purchase price or subscription fee of the affected services or licensed products in the relevant period. If the extent of the damage cannot be documented, Provider’s aggregate liability shall be limited to the proportional part of the purchase price or subscription fee of the affected services or licensed products in the relevant period.

77. Provider’s liability shall be furthermore limited to that proportion of the foreseeable loss or damage in accordance with the Hungarian Civil Code, which is fair and reasonable having regard to the degree of culpability (if any) of (i) the Customer, (ii) any other party also liable or potentially liable to the Customer in respect of the same loss or damage (“Another Liable Party”) and (iii) the Provider for the loss or damage concerned (or if that cannot be determined, the extent of their contribution to the loss or damage). For such purposes no account shall be taken of the Customer or the concerned other party having ceased to exist, having ceased to be liable, having had imposed an agreed limit on its liability or being impecunious or for other reasons unable to pay. Where there is more than one beneficiary of the Services (“Beneficiary”), the damages paid by the Provider under this Chapter to each Beneficiary shall be apportioned by them amongst them. No Beneficiary shall dispute or challenge the validity, enforceability or operation of this paragraph on the ground that no such apportionment has been so agreed or on the ground that the agreed share of the damages apportioned to any Beneficiary is unreasonably low. In this paragraph, “Beneficiary” shall include Customer and other Beneficiaries. Any Beneficiary shall be entitled to submit their claim in an eighteen-month limitation period that commences upon the delivery of the Services where Services have been delivered or upon the date of termination of the service.

78. Provider’s liability is expressly and entirely waived, among others, in the following cases:

a) if Customer is using a non-documented workflow or functionality, or

b) Customer was specifically advised against the workflow or methodology they are using, especially if Customer was warned of the potential damages, or

c) Customer previously rejected Provider’s offer of consultancy, ‘sanity check’, training, or any other form of Business Services, or ignored the advice or consultancy received from these services, or

d) Customer allowed untrained or unauthorized personnel to access and manage their systems, or

e) Customer denies sufficient access to their systems to Provider, or refuses or fails to supply sufficient data for Provider to investigate the claim, or

f) Customer or any of Customer's representatives had at least one active administrative session on the device running the TMS system at the time the damage occurred,

g) Customer refuses, neglects or prevents the upgrade or the update of their systems to the latest supported version and build, although the upgrade or update was published and offered to Customer by Provider in a timely manner.

h) Customer installs, connects or integrates external software, applications, plugins, or other operating systems in the Service or combine them in any way regardless of any recommendation made by any party including the Provider with respect to the damage arising in connection with the installation, connection, integration or other combination of the external software, applications, plugins, or other operating systems.

 

79. Provider represents and warrants that they at all times have and maintain a valid professional liability insurance to cover damages relating to the Services under these General Terms of Service, of an aggregate damage coverage of a maximum of 1 million USD.

80. If Customer is hosting a memoQ TMS system on their own premises, Customer shall be responsible to maintain an infrastructure that facilitates business continuity. In this case, the responsibility of regularly creating backup copies is with Customer, because Provider lacks sufficient access to ensure this. If loss of data or functionality occurs, and Customer is not in possession of a reasonably recent backup copy, Provider’s liability is waived. If Customer uses a memoQ cloud TMS system or a memoQ TMS hosted by Provider, it is Provider’s responsibility to maintain a business continuity infrastructure, as detailed in Chapters ХIII-ХIV.

81.In the event the Customer or other beneficiary breaches any of its obligations and, based on a resolution of a court or an authority, any third party enforces a claim against the Provider or its subcontractor under or in connection with the services, Customer shall indemnify the Provider or the subcontractor against any loss, damage, expense or obligation incurred by the Provider or subcontractor due to or in connection with such claims and exonerate the Provider or subcontractor from paying any related expense. If the Provider or any other Beneficiary pays any amounts pursuant to this paragraph, Customer or any other Beneficiary may not request reimbursement from the Provider or its subcontractor at any time. In this paragraph “Provider” shall include all Affiliates.

82. Provider represents and warrants that they have and will maintain an information security system certified under the ISO 27001 standard.

83. Provider shall use its best efforts to prevent unauthorized access to a hosted memoQ TMS or to Customer’s memoQ cloud TMS and the data stored therein (whichever is applicable), and to prevent data loss or malfunction due to unauthorized access or storage device malfunction. This includes redundant storage, regular backups and access control.

84. Provider shall use its best efforts to prevent the unavailability, malfunction, or the temporary or permanent loss of Service, caused by a hardware malfunction, a malicious attack, or an unfavorable change in the environment. Provider shall also use its best efforts to mitigate the consequences, should any of the aforementioned events occur.

85. Provider shall not be responsible or liable for data security and system integrity if Customer does not use the infrastructure operated by Provider; that is, if Customer possesses a memoQ TMS license, and uses an on-premises server, or else they arrange the hosting themselves. The following sections in this Chapter apply to the memoQ cloud service and the memoQ TMS hosting service only.

86. Provider shall configure the memoQ cloud TMS or the memoQ TMS hosting service so that it will accept encrypted connections only.

87. If Customer does not use (does not enable) the secure connection offered by the Product, Provider shall not be liable for insufficient encryption or lack of information security. Neither shall Provider be liable for any resulting damages or loss of business.

88. Provider shall configure an automatic backup process for the memoQ cloud TMS service and for hosted memoQ TMS systems. A backup copy of all data in the Service shall be created once every day. Provider will not configure any automatic backups for TMS systems outside Provider’s control (hosted on Customer’s own premises or at a hosting center where the hosting is arranged by Customer).

89. Provider shall, at its own expense, acquire and maintain backup storage space with sufficient capacity to hold all of Customer’s data. The backup storage may not be located on the same physical or virtual device that runs the TMS system.

90. Customer may at any time request the latest backup copy of the TMS data from the Provider.

91. Monitoring and breaches: Provider shall continuously monitor the operation of memoQ cloud TMS systems and hosted memoQ TMS systems, and receive automatic notifications of failure events. Provider will not monitor TMS systems hosted by Customer.

a) If the Service becomes unavailable, Provider shall use its best efforts to restore the operation of the TMS system in 2 (two) hours during regular support hours (see section 42), and in 36 (thirty-six) hours outside regular support hours, counted from the detection of the failure.

b) If it is not possible to restore the Service to full operation within 2 (two) hours from starting the intervention, Provider shall inform the affected Customers on the nature of the failure, the expected diagnostics and/or repair actions, and provide an estimate of the time it will require to restore full operation.

c) If the Service is breached, and data are lost, compromised, or accessed by unauthorized agents, the Provider shall notify the Customer and begin mitigation and/or recovery within 6 hours from detecting the breach. The Provider shall also send a full report and a recovery plan within 48 hours from detecting the breach.

92. For the memoQ cloud TMS service, Customer may configure daily backup and maintenance times at Provider’s website, under Customer’s account information.

93. All data entered, created, imported, or added to the memoQ Services (hereinafter referred to as ‘Data’) by Customer through the means listed in these General Terms of Service, as well as derivative data (including, but not limited to, machine translation engines created on the basis of Customer Data), are exclusively owned by Customer.

94. Provider may acquire sensitive, confidential information concerning the Customer’s business or affairs in the course of delivering the Services (“Confidential Information”). In relation to Confidential Information, the Provider shall comply with the confidentiality restrictions imposed on the Provider by any authority in Hungary with whose requirements the Provider is bound to comply, as well as any obligations imposed on the Provider by Hungarian law. Provider may be obliged to disclose Confidential Information if that is required in order to comply with requirements of Hungarian law or resolutions of a competent authority that are applicable to Provider. Furthermore, the Provider is obliged to comply with any directly or indirectly applicable source of law issued by bodies of the European Union.

95. Provider may share information, including Confidential Information, with the Provider’s technology providers, subcontractors and other affiliates relating to the Customer, to the Provider’s relationship with the Customer and to Provider’s Services, to facilitate the administration of the parties’ business activities, to maintain the quality and standards of the Provider’s work, to conclude risk management or for financial accounting and system testing or other lawful purposes. Provider shall remain responsible for confidentiality if Confidential Information is shared with other parties.

96. Provider shall not make available the Data and Confidential Data added to the memoQ Services to unauthorized third parties. In addition, Provider shall make every effort to protect Customer’s data from unauthorized access. Provider shall not copy, publish, or otherwise make available the Data added to the memoQ Services to unauthorized third parties, with the exception of creating backup copies for Customer’s exclusive benefit and for the purpose of disaster recovery and the purposes detailed in sections 100-105.

97. Under a valid Service Agreement for a memoQ TMS cloud service, Provider may create up to 2 (two) copies of the Data on their premises or on the storage space offered by the data center for the purpose of disaster recovery. Provider shall prevent unauthorized third parties and other unauthorized personnel from accessing these copies. Customer may request a copy of the Data in the form of a full TMS system backup from the Provider. Provider shall make available the latest backup of the server within 2 (two) working days.

98. Customer recognizes that, during the term of the Services, Provider may also share sensitive or confidential data, documents, or other information. Customer agrees to treat such data as confidential, and not disclose it to any third parties or unauthorized personnel without Provider’s prior written consent. The Provider may disclose the aforementioned information to its technology providers or subcontractors to the minimum extent required to provide and operate the Services. The confidentiality obligation does not apply to information that was independently disclosed by Provider or a third party, or was available to the public before disclosure by Customer. Any other information, unless deemed otherwise by Provider, must be treated as confidential.

99. Customer acknowledges and accepts that in order to provide and/or further improve the Services, Provider may convert the Data into anonymized or pseudonymized, aggregated information. Such Data shall no longer be considered as Customer’s content, provided that such Data cannot reasonably be de-anonymized or depseudonymized. Provider may use such Data to improve the Services or to conduct risk assessment or mitigation, provided that Provider shall not use such anonymized or pseudonymized Data in a manner that links any individual or the Customer to such anonymized Data, without Customer’s prior written approval.

100. Provider shall treat and manage all personal details of Customer confidentially, observing privacy regulations specified by domestic data protection law; Regulation 2016/679/EC of the European Commission (GDPR); and Provider’s Privacy Policy, available at all times at this Web address: https://www.memoq.com/privacy-policy.

101. Provider may store and process personal data for the purposes listed in the Privacy Policy (https://www.memoq.com/privacy-policy).

102. As a processor, the Provider may process data pursuant to the Customer’s instructions or the instructions of third parties based on the Customer’s decision. In such cases, the Customer as the data controller is fully responsible for the processing of data. On the other hand, Provider may process personal data as a controller too. Among other things, in such cases, Provider ensures that (a) its processing complies with the basic principles of data processing outlined in data processing regulations and that the Provider has appropriate legal basis to do so; (b) adequate information is provided to individuals as data subjects about the processing of their data; (c) appropriate technical and organizational measures are in place to avoid unauthorized or unlawful processing and the unintended loss, destruction or damage of personal data;
(d) individuals as data subjects can exercise all of their rights guaranteed by law. However, in such cases, Provider assumes no responsibility for the accuracy, scope or lawfulness of the collection of the data received by the Provider or forwarded to the Provider, or for failure to meet any of Customer’s obligations regarding the collection and processing of data.

103. Furthermore, personal data may be collected, used, retained by the Provider, its affiliates, third party service providers or subcontractors providing support services to the Provider for administrative, technological, internal statistical and business purposes, including customer acceptance procedures and updating engagement profiles as well as for the purpose of compliance with applicable laws and regulations or professional standards (including quality performance control).

104. Provider shall not forward Customer’s personal data to unauthorized third parties, and shall not employ third-party data processing agents without entering into a Data Processing Agreement with them. Provider shall have the right to store and manage such data according to the data retention rules in the Privacy Policy. The Privacy Policy also lists the third-party data processing agents currently in use.

105. Provider’s affiliates, regular subcontractors and technology providers shall count as authorized third parties and shall be allowed to access the Data on TMS systems or cloud TMS systems in Customer’s use, as well as Customer’s personal details. The access shall be granted solely for the purpose of problem resolution, and to the minimum extent that is required to resolve the problem. Provider represents and warrants that it has entered into sufficient non-disclosure agreements with all regular subcontractors. Provider may also share the data with its Affiliates.

106. If Customer resides or is operated in the European Union, or processes personal data of citizens of the European Union, the rules of Regulation 2016/679/EC of the European Commission (GDPR) may apply to them. In this case or in the event of the Provider’s personal data processing pursuant to the Customer’s instructions, the Data Protection Addendum will automatically apply to Customer’s contract with Provider. The Data Protection Addendum, whenever applicable, shall form an inseparable part of these General Terms of Service, and consequently, of all Service Agreements between Customer and Provider.

107. If Customer is accessing third-party online services through a licensed memoQ product, that access shall not count as data collection performed by Provider. Provider shall not be responsible for the collection and processing of data by third parties where Customer registers or subscribes directly for the third-party service (such as a machine translation provider). When using such third-party services, the terms and conditions and the privacy policies of the owner or operator of the third-party service shall apply.

108. Termination of a subscription service: Customer may terminate the Service through Provider’s website, under Customer’s account information, by using the “Cancel subscription” option or, if the option is not available, by sending a written notice to Provider. Customer may choose to terminate the Service Agreement by other means as well. However, Provider may charge a cancellation fee if an alternative method is used. Customer may cancel the Service by the end of the already paid service period or during the trial period in writing. In that event, Provider shall terminate Customer’s use of the Service at the end of the already paid service period. As regards monthly subscriptions, no refund shall be due when the Service is cancelled. As regards subscriptions of more than one month, if the Customer cancels the Service within 15 days of the date on which the subscription became effective or was renewed, a pro-rated subscription fee must be paid for the initial 15 days of the subscription, but no payments will be due for the remaining portion of the terminated subscription. If the Customer cancels the Service at any other time during the subscription term, the subscription fee must be paid for the remainder of the term, and no refunds will be provided. Customer is responsible for backing up their systems before sending a termination notice.

109. Within 30 (thirty) calendar days after cancellation, Customer may request Provider to resume the Service. In the event that Customer does not resume the Service in 30 (thirty) calendar days, Provider will erase Customer’s Data in the Service, together with any backup data, without further notice in 90 days from the date of cancellation, unless Provider is requested to erase the backup data sooner.

110. Before or on the last day of the 30-day period, Customer may request a full backup of the memoQ cloud TMS system from Provider. Otherwise, when a trial period expires, the backup data may be stored for 30 days, unless Provider is requested to erase the backup data sooner.

111. Restriction of license distribution functionality in the event of non-payment for the Services: If Customer uses a Service without payment, Provider may restrict the functionality of the memoQ software used by Customer. The following specific rules apply: At Customer’s request, Provider may exempt Customer from advance payment for a Service. In the event of exemption, Customer is granted access to the Service, and Parties agree on a payment schedule. In the event of non-payment – if Customer is 15 or more days late with any agreed payment or agreed instalment –, Provider may restrict the functionality of the Service used by Customer. Specifically, Provider may remotely disable the license distribution (ELM or CAL) functionality of the memoQ TMS software used by Customer. This will render the affected memoQ TMS system(s) inaccessible for project managers, administrators and in-house or contracted translators who use ELM or CAL licenses from these servers. If Customer fails to pay according to the payment schedule, and at least one payment or instalment becomes overdue by 15 days, Provider shall send a payment notice of 8 (eight) calendar days. If, following the payment notice, Customer fails to pay any outstanding amounts within the allotted 8 (eight) calendar days, Provider will disable license distribution on Customer’s affected memoQ TMS system(s) immediately, without further notice.

112. Termination by extraordinary notice, especially in the event of non-payment: In the event that Customer commits a proven material breach of the Service Agreement, including these General Terms of Service, or in case of owning licenses to memoQ products, Customer violates the End-User License Agreement, Provider may terminate the Service Agreement.

113. If Customer’s payment is overdue by 15 (fifteen) calendar days or more to be counted from a payment notice sent by the Provider, Provider will suspend (terminate Customer’s use of) the Service. This is enforced automatically by Provider’s systems.

a) To resume the Service, Customer shall contact the Provider, and also pay the outstanding fee.

b) If Customer fails to resume the Service in 30 (thirty) calendar days, Provider may terminate the Service, and erase the memoQ TMS cloud systems as well as any backup data, without further notice.

c) If the Service is suspended because of non-payment, before or on the last day of the 30-day suspension period Customer may request, on one occasion, a full backup of the memoQ cloud TMS system from Provider. Provider may charge a one-time fee for the storage and the transmission of data. Provider may not charge for the data themselves, and Provider may not refuse to transmit the data since they are owned by Customer.

114. If Customer’s use of the Service violates the law of a country, state, or other territory of jurisdiction, authorities may require the service to be terminated. In this case, the termination may be immediate, and without prior notice. In such an event, Provider shall notify Customer as soon as possible. Backup data shall remain available to Customer for 15 (fifteen) calendar days, unless authorities order the destruction of said data.

115. In the event of Customer terminating the Service Agreement due to a proven material breach on Provider’s part, Provider shall transfer the backup data to a location specified by Customer within 2 (two) working days from receiving notice from Customer.

116. Furthermore, the Provider is particularly but not exclusively entitled to terminate the Services Agreement with immediate effect under the following circumstances:

a) The Customer or any of the Customer’s affiliated companies is under an insolvency procedure or is threatened by insolvency;

b) The provision of services threatens or infringes the Provider’s independence, its rules on conflicts of interest, or is for any other reason incompatible with legal regulations, the Provider’s professional standards or internal risk assessment; or

c) Any significant change in the Customer’s position and/or circumstances which threatens or renders impossible the fulfilment of the Services Agreement by the Customer, or which makes the Provider unable to maintain the Services Agreement.

117. Termination of a legacy TMS hosting service: Parties may terminate the Service Agreement for a TMS hosting service in writing, with a 30-day notice. Parties agree to provide a reason in writing of such termination. During the termination period, Parties shall comply with all terms and conditions herein. At the end of the termination period, Parties shall settle all accounts. Unless Parties do not agree otherwise, and with the exceptions below, Provider shall refund any excess payments for unrendered Services to Customer. Conversely, Customer shall pay any outstanding service fees to Provider. Parties agree to make the payment in 30 (thirty) days to the bank account specified by the other Party, by wire transfer. This termination shall not terminate the End-User License Agreement or the SMA part of the Service Agreement if such agreements are in place. No refunds are due if the Customer terminates the hosting service for convenience. In the event of termination, the backup data may be stored for 90 days, unless Provider is requested to erase the backup data sooner.

118. Termination of SMA and hosting by returning all licenses: SMA is a fixed-term agreement, which Parties may not terminate for convenience. There is one exception: if Customer is using Support and Maintenance relating to licenses only (that is, Customer is not using subscription services), and Customer returns all licenses they own, the Service Agreement is automatically terminated on the day the licenses are returned. However, no refunds are due for SMA periods that already commenced, unless the termination is due to proven material breach of contract on the Provider’s part.

119. Physical transfer of the Service: In the event of the termination of the memoQ cloud TMS service or the memoQ TMS hosting service, Customer may request Provider to assist with the transfer of the Service to a device of Customer’s choice.

a) Provider shall assist with the transfer at an agreed hourly fee, unless Parties agree otherwise.

b) Because the Service does not include licenses to use the memoQ TMS software on a dedicated on-premises or hosted device, Customer shall be required to purchase the required access or license prior to the transfer, at a fee separately agreed by Customer and Provider.

c) Provider shall not be required to assist with the transfer if the termination of the service does not happen with Parties’ mutual consent, or if the service is terminated due to a proven material breach on Customer’s part.

d) For the purpose of the transfer, Customer, at its own expense, shall provide a device with equal or higher computing power and software configuration than the configuration defined by Provider.

After the termination of the Service, Provider must dispose of all data kept on the memoQ TMS system. Data deletion must happen immediately after the expiry of the data availability periods described above. Upon Customer’s request, Provider shall delete the data within 48 (fortyeight) hours from receiving a written notice from Customer.

120. Termination under this Chapter shall not affect any rights that may have been acquired by either party before termination and all sums due to Provider shall become payable in full when termination or suspension takes effect. Particularly, the following clauses of these General Terms of Service shall survive termination of the Services Agreement: Chapter XIII, Chapter XIV, Chapter XV, Chapter XVI, Chapter XVIII, Chapter XIX.

121. Provider may involve subcontractors in providing the Service. When the Provider appoints subcontractors, the Provider may share confidential information (detailed in Chapter XV) with them, and for all purposes in connection with the Services, the Provider shall accept responsibility for their work as if the Provider had performed the same which shall be deemed to be part of the Services provided.

122. By concluding the Service Agreement, Provider represents and warrants that it possesses sufficient infrastructure, or access thereto, and sufficient expertise and personnel necessary to provide the Service defined in these General Terms of Service in compliance with the terms set forth herein.

123. By concluding the Service Agreement, Customer represents and warrants that it possesses the authority necessary to engage in the Service Agreement, and to transfer data necessary to use the Service over the network to server or to the Service, and that this operation does not infringe the rights, including, but not limited to, privacy, confidentiality, and intellectual property rights, of third parties.

124. Terms and conditions relating to privacy and data protection are governed by Hungarian law and EU legal standards, particularly by the Hungarian Personal Data Protection Code that governs the processing of personal data. Furthermore, recognizing the global nature of the internet, Customer agrees to comply with all local laws including, without limitation, laws about the Internet, data, email, or privacy. Specifically, Customer agrees to comply with all applicable laws regarding the transmission of technical data exported from the country in which Customer resides. Customer shall indemnify Provider from any legal, material, or substantial consequences of the event that Customer fails or ceases to meet the above conditions.

125. In addition to these General Terms of Service, Parties shall comply with the laws and regulations of the respective countries of their registration, as well as the country where the servers hosting the Service are being operated. At Customer’s request, Provider shall send information about the countries where the servers operate.

126. Neither Party may assign any of its rights, obligations or claims under these terms. The Customer shall have no right to assign the benefit (or transfer the burden) of the Service Agreement to another party without the prior written consent of the Provider, which consent shall not be unreasonably withheld.

127. If there is any inconsistency between provisions in different parts of the agreement between the Parties, those parts shall have precedence as follows (unless expressly agreed otherwise): (a) the individual agreement between the parties, (b) these General Terms of Service, and (c) other business or general terms; or annexes.

128. Neither Party shall be liable for any damages arising from a breach of the contractual obligations nor shall either of the parties incur any liability to pay compensation to the other if the Provider or the Customer is unable to comply with them as a result of a force majeure event. In the event of any such occurrence affecting one of the parties, the affected Party must, as soon as reasonably practicable, notify the other, who shall have the option of suspending or terminating the operation of the Service Agreement on notice taking effect immediately on delivery.

129. Terms and conditions of these General Terms of Service and the Service Agreement are governed by the laws of Hungary. Any dispute regarding these General Terms of Service and/or the Service Agreement shall be decided by a competent ordinary court of law of Hungary.

130. The governing language of these General Terms of Service and the specific Service Agreements is English.

131. If any provision of the Service Agreement or these General Terms of Service is declared to be invalid, illegal, or unenforceable by a Court of competent jurisdiction, said provision shall be severed from the Service Agreement or these General Terms of Service, while all other provisions shall remain in full force and effect.

132. Provider expressly reserves the right to modify these General Terms of Services, including the Data Processing Addendum (Chapter XIX), as well as the End-User Licensing Agreement and the Privacy Policy, at any time at its own discretion. Provider will make commercially reasonable efforts to notify the Customer about any substantial amendment of the terms by posting the new terms on the Provider’s webpage or sending Customer an e-mail regarding such changes to the e-mail address that is registered under the Customer’s account in accordance with the provisions detailed in section 10. Such amendments will take effect 15 days after the notice was provided on any of the aforementioned methods, and Customer’s continued use of any Service after that date will constitute acceptance of, and agreement to be bound by, those amendments. Should the Customer consider that the amendment has a material adverse effect on them, they can notify the Provider about their objection within 7 days from receipt of the above notice, specifying the reasons of their objection. Upon consideration of that objection, the Provider may, at its full discretion, either (i) allow that the amendment shall not apply to that specific Customer until the expiration of the Customer’s then-current subscription or SMA period, or (ii) may terminate the Customer’s Service Agreement in which case the Customer is entitled to a prorated refund of the subscription or SMA fee paid in respect of their then-current subscription or SMA period. The Provider’s absence of reply to well-founded objections until the end of the 15-day notice period shall be interpreted as allowance for the nonapplication of the objected amendment to that specific Customer until the expiration of the Customer’s then-current subscription or SMA period. In the event that the terms should be amended to comply with any legal requirements, such amendments may take effect immediately and without prior notice, as may be required by law. The Customer shall not be entitled to object to amendments that directly follow from mandatory legal requirements.

This Data Processing Addendum is part of the General Terms of Service provided by memoQ Translation Technologies Ltd., acting as the Data Processor under the scope of this Data Processing Addendum.

133. Data Processor Details:

memoQ Translation Technologies Ltd. registered seat Rákóczi út 70-72. II. emelet, Budapest, 1074 Hungary EU VAT ID: HU25429356 data protection contact address: data.protection@memoq.com website address: https://www.memoq.com

134. This Data Processing Addendum shall apply to Customer as well as to the Service Agreement between Customer and Provider if

a) Customer uses the memoQ cloud service, Language Terminal, or the memoQ TMS hosting service provided by Provider (see Chapters V, VI, and ХVIII), or

b) Customer sends project data to Provider’s Helpdesk, where the project data includes protected personal data, and Customer notifies Provider of the fact, or

c) Customer resides, is operated or processes personal data in the European Union (EU); or collects or processes personal data of EU citizens or individuals who are in the EU,

d) or personal data are otherwise processed by the Provider in accordance with instructions from Customer under a separate Agreement between the Provider and the Customer

135. Purpose and scope of this Addendum: This addendum applies to personal data collected and controlled by Customer and eventually processed by Provider. This addendum does not apply to the personal data of Customer or representatives of Customer, collected by Provider.

136. Processor and Controller: In this Data Processing Addendum, Provider shall be called the Processor, whereas Customer shall be called the Controller.

137. Definitions: The terms used in this Addendum shall have the meanings set forth in this Addendum. Terms not otherwise defined herein shall have the meanings given to them in the General Terms of Service. Except as modified below, the terms of General Terms of Service shall remain in full force and effect. In this Addendum, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

a) Authorized Sub-processor: (a) The Sub-processors set out in the Sub-processing section; and (b) any additional Sub-processors consented to in writing by Controller in accordance with the Sub-processing section.

b) Sub-processor: Any Data Processor (including any third party) appointed by the Processor to process Controller Personal Data on behalf of the Controller.

c) Process/Processing/Processed, Data Controller, Data Processor, Data Subject, Personal Data, Special Categories of Personal Data and any further definition not included under this Agreement or the General Terms of Service shall have the same meaning as in EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (GDPR).

d) Data Protection Laws: The EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (GDPR) as well as any local data protection laws.

e) Erasure: Removal or destruction of Personal Data such that it cannot be recovered or reconstructed.

f) EEA: The European Economic Area.

g) Third country: Any country outside the EU or the EEA, unless the country is the subject of a valid adequacy decision by the European Commission on the protection of Personal Data in Third Countries.

h) Controller Personal Data: Data described in the Details of processing of controller personal data section and any other Personal Data processed by Processor on behalf of the Controller, pursuant to or in connection with the General Terms of Service or other agreement between the Provider and Customer.

i) Personal Data Breach: An event leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Controller Personal Data transmitted, stored or otherwise processed.

j) Services: Services to be provided by Processor to Controller, pursuant to the General Terms of Service or other agreements between the Provider and Customer.

k) Products: means the products to be supplied by the Processor to the Controller pursuant to the General Terms of Service or other agreement between the Provider and Customer.

l) Standard Contractual Clauses: Standard contractual clauses for the transfer of personal data to Processors established in third countries, as approved by the European Commission Decision 2010/87/EU, or any set of clauses approved by the European Commission which amends, replaces or supersedes these.

138. Details of processing of controller personal data: This section includes certain details of the Processing of Controller Personal Data as required by Article 28(3) GDPR.

a) Subject matter and duration of the Processing of Controller Personal Data: The subject matter and duration of the Processing of the Controller Personal Data are set out in the General Terms of Service and this Addendum.

b) Nature and purpose of the Processing of Controller Personal Data: Providing storage and software functionality as a service for language translation services.

c) Types of Controller Personal Data to be Processed: Name, address, telephone number, e-mail address, other personal data in text to be translated.

d) Categories of the Data Subjects to whom the Controller Personal Data relates: Customers, clients, co-workers (server users), and data subjects referred to in the text to be translated.

139. Main purpose of service is not personal data processing: Controller acknowledges and accepts that the main purpose of the service provided by Processor is not the processing of personal data. Processor will store the personal data, and whenever they need processing, Processor will process them as text, not as personal data. Controller acknowledges and accepts that, following from the General Terms of Service, Processor may not have the means or the authority to access the Personal Data, and may not be able to identify the Data Subjects or the Controller Personal Data that need protecting.

140. Personal data in documents to translate:

a) If Controller receives such documents from their customer, Controller’s role shall be Processor, and Processor’s role shall be Sub-Processor. In this case, the data controller is the customer of Controller.

b) Controller acknowledges and accepts that Processor may not be aware of the presence of protected Controller Personal Data in the documents unless explicitly instructed by Controller. In this case, the responsibility of protecting such Controller Personal Data remains with Controller.

c) Controller agrees to remove protected Controller Personal Data from documents before importing them in Processor’s systems, whenever such removal (anonymization or pseudonymization) is possible and feasible.

141. Data Processing Terms: While providing the Services and/or Products to the Controller pursuant to the General Terms of Service or other agreements, Processor may process Controller personal data on behalf of Controller as per the terms of this Addendum. Processor may process data pursuant to the Controller’s instructions or the instructions of third parties based on the Controller’s decision. The Controller shall be fully responsible for the processing of data. Before providing Personal Data to the Processor or giving instructions to access and further process the Personal Data, the Controller shall ascertain that such Processing is legitimate. Processor agrees to comply with the following provisions with respect to any Controller personal data.

a) To the extent required by applicable Data Protection Laws, Processor shall obtain and maintain all necessary licenses, authorizations and permits necessary to process personal data.

b) Processor shall maintain all the technical and organizational measures to comply with the requirements set forth in the Addendum.

142. The Processing of Controller Personal Data: Processor shall not process Controller Personal Data for any purposes other than those set forth in the General Terms of Service or other agreement between the Provider and Customer; or otherwise required by applicable law. Processor shall not process, transfer, modify, amend or alter the Controller Personal Data, or disclose or permit the disclosure of Controller personal data to any third parties, unless instructed so by Controller’s documented instructions, or unless processing is required by EU or Member State law to which Processor is subject. Processor shall, to the extent permitted by law, inform Controller of that legal requirement before processing the Personal Data and comply with the Controller’s instructions to minimize, as much as possible, the scope of the disclosure.

143. Reliability and Non–Disclosure: Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to Controller personal data, ensuring in each case that access is strictly limited to those individuals who require access to the relevant Controller Personal Data. Processor must ensure that all individuals that have a duty to process controller personal data:

a) are informed of the confidential nature of the Controller Personal Data and are aware of Processor's obligations under this Addendum and the General Terms of Service (or other agreement between the parties) in relation to the Controller Personal Data;

b) have undertaken appropriate training/certifications in relation to the Data Protection Laws or any other training/certifications requested by Controller;

c) are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; and

d) are subject to user authentication and logon processes when accessing the Controller Personal Data in accordance with this Agreement, the General Terms of Service (or other agreement between the parties) and the applicable Data Protection Laws.

144. Personal Data Security: Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organizational measures to ensure a level of Controller Personal Data security appropriate to the risk, including but not limited to:

a) operating an audited ISO 27001 Information Security Management System (ISMS);

b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

c) the ability to restore the availability and access to Controller Personal Data in a timely manner in the event of a physical or technical incident; and

d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing. In assessing the appropriate level of security, Processor shall take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Personal Data transmitted, stored or otherwise processed.

In assessing the appropriate level of security, Processor shall take into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Personal Data transmitted, stored or otherwise processed.

145. Access control by Controller: Controller acknowledges and accepts that the service provided by Processor allows Controller to grant access to third parties without Processor’s prior knowledge or consent. Following from the General Terms of Service or other agreement herein, this is Controller’s right. However, Controller agrees that this manner of granting access shall not constitute a data processing instruction towards Processor, and it shall be entirely Controller’s responsibility to ascertain that granting such access do not violate applicable laws and regulations.

146. Sub-Processing: As of the Addendum Effective Date, Controller hereby authorizes Processor to engage among others the following Sub-Processors:

No. Subprocessor name Processing activity Location of service center(s)
1 Microsoft (Azure Cloud) server hosting Any MS Azure location, depending on Controller’s choice
2 Microsoft (Office 365) server hosting Hungary
3 Hetzner server hosting Germany
4 Server4You server hosting USA
5 Invitech hosting of MT engines Hungary
6 Google Cloud hosting of MT engines Google Cloud locations
7 Mirango software development Hungary
8 TnDTech software testing Hungary
9 Atlassian Jira and Confluence Issue management EU
10 Postmark (AC PM LLC) email service used in memoQ TMS cloud environments for sending notifications USA and Amazon AWS locations
11 ZenDesk support ticketing Amazon AWS locations, Germany or USA West

Provider represents and warrants that it has entered into sufficient non-disclosure agreements with all regular subcontractors. Provider may also share the data with its Affiliates. Processor shall not engage any Data Subprocessors to Process Controller Personal Data other than the Sub-processors listed above and without the prior written consent of Controller, which Controller may refuse with absolute discretion. Processor shall not engage any Data Sub-Processors to Process Controller Personal Data other than the Subprocessors listed above and without the prior written consent of Controller, which Controller may refuse with absolute discretion. With respect to each Sub-processor, Processor shall:

a) Provide Controller with full details of the Processing to be undertaken by each Sub-processor.

b) Carry out adequate due diligence on each Sub- Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organizational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the General Terms of Service and the applicable Data Protection Laws.

c) Include terms in the contract between Processor and each Sub-processor which are the same as those set out in this Addendum. Upon request, Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review.

d) Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses or such other mechanism as directed by the Controller into the contract between Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data.

e) Remain fully liable to Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data.

147. Data Subject Rights: Taking into account the nature of the Processing, Processor shall assist Controller by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Controller's obligation to respond to requests for exercising Data Subject rights as laid down in EU GDPR. Processor shall promptly notify Controller if it receives a request from a Data Subject, the Supervisory Authority and/or other competent authority under any applicable Data Protection Laws with respect to Controller Personal Data. Processor shall cooperate as requested by Controller to enable Controller to comply with any exercise of rights by a Data Subject under any Data Protection Laws with respect to Controller Personal Data and comply with any assessment, enquiry, notice or investigation under any Data Protection Laws with respect to Controller Personal Data or this Agreement, which shall include:

a) the provision of all data requested by Controller within any reasonable timescale specified by Controller in each case, including full details and copies of the complaint, communication or request and any Controller Personal Data it holds in relation to a Data Subject;

b) where applicable, providing such assistance as is reasonably requested by Controller to enable Controller to comply with the relevant request within the timescales prescribed by the Data Protection Laws;

c) implementing any additional technical and organizational measures as may be reasonably required by Controller to allow Controller to respond effectively to relevant complaints, communications or requests.

148. Personal Data Breach: Processor shall notify Controller without undue delay after becoming aware of, or reasonably suspecting a Personal Data Breach. Processor will provide Controller with sufficient information to allow Controller to meet any obligations to report a Personal Data Breach under the Data Protection Laws. Such notification shall as a minimum:

a) describe the nature of the Personal Data Breach, the categories and numbers of Data Subjects concerned, and the categories and numbers of Personal Data records concerned;

b) communicate the name and contact details of Processor's Data Protection Officer, Privacy Officer or other relevant contact from whom more information may be obtained;

c) describe the estimated risk and the likely consequences of the Personal Data Breach; and

d) describe the measures taken or proposed to be taken to address the Personal Data Breach.

Processor shall co-operate with Controller and take such reasonable commercial steps as are directed by Controller to assist in the investigation, mitigation and remediation of each Personal Data Breach. In the event of a Personal Data Breach, Processor shall not inform any third parties without first obtaining Controller’s prior written consent, unless notification is required by EU or Member State law to which Processor is subject, in which case Processor shall, to the extent permitted by such law, inform Controller of that legal requirement, provide a copy of the proposed notification and consider any comments made by Controller before notifying the Personal Data Breach.

149. Data Protection Impact Assessment and Prior Consultation: Processor shall provide reasonable assistance to Controller with any data protection impact assessments which are required under Article 35 of GDPR and with any prior consultations to any supervisory authority of Controller which are required under Article 36 of GDPR, in each case solely in relation to Processing of Controller Personal Data by Processor on behalf of Controller and considering the nature of the processing and information available to the Processor.

150. Erasure or return of Controller Personal Data: Processor shall promptly and, in any event, within 90 (ninety) calendar days of the earlier of: (i) cessation of Processing of Controller Personal Data by Processor; or (ii) termination of the General Terms of Service, at the choice of Controller (such choice to be notified to Processor in writing) either:

a) return a complete copy of all Controller Personal Data to Controller by secure file transfer in such format as notified by Controller to Processor, and securely erase all other copies of Controller Personal Data Processed by Processor or any Authorized Sub-processor; or

b) securely wipe all copies of Controller Personal Data Processed by Processor or any Authorized Sub- processor, and in each case, provide a written certification to Controller that it has complied fully with the requirements of section Erasure or Return of Controller Personal Data.

c) Processor may retain Controller Personal Data to the extent required by Union or Member State law, and only to the extent and for such period as required by Union or Member State law, and always provided that Processor shall ensure the confidentiality of all such Controller Personal Data and shall ensure that such Controller Personal Data is only Processed as necessary for the purpose(s) specified in the Union or Member State law requiring its storage and for no other purpose. The Controller acknowledges that the Processor may keep data retained for back-up purposes which the Processor may keep pursuant to its document retention and business continuity policies.

151. Audit rights: Processor shall make available to Controller, upon request, all information necessary to demonstrate compliance with this Addendum and allow for, and contribute to audits, including inspections by Controller or another auditor mandated by Controller. Processor shall provide full cooperation to Controller with respect to any such audit and shall, at the request of Controller, provide Controller with evidence of compliance with its obligations under this Addendum. Processor shall immediately inform the Controller if, in its opinion, an instruction pursuant to this section Audit (Audit Rights) infringes the GDPR or other EU or Member State data protection provisions. Audit rights must be exercised in a manner so as not to infringe or violate the rights of other Controllers and customers that have a similar contract with Processor.

152. International Transfers of Controller Personal Data: Processor shall not process Controller Personal Data nor permit any Authorized Sub-processor to process the Controller Personal Data in a Third Country other than those recipients in Third Countries (if any) listed in Sub-processing section, unless authorized in writing by Controller in advance. Controller, using the capabilities of the service provided by Processor, may grant access to another Processor or Sub- Processor without Processor’s prior knowledge or agreement. Such a manner of granting access shall constitute a transfer performed or permitted by Controller, and not by Processor. In this case, Controller shall take the entire responsibility for ascertaining for the transfer not to violate applicable data protection laws. When requested by Controller, Processor shall promptly enter into (or procure that any relevant Sub-processor of Processor enters into) an agreement with Controller including Standard Contractual Clauses and/or such variation as Data Protection Laws might require, in respect of any processing of Controller Personal Data in a Third Country, which terms shall take precedence over those in this Addendum.

153. Codes of Conduct and Certification: At the request of Controller, Processor shall comply with any Code of Conduct approved pursuant to Article 40 of GDPR and obtain any certification approved by Article 42 of EU GDPR, to the extent that they relate to the processing of Controller Personal Data.

154. General Terms:

a) Subject to this section, Parties agree that this Agreement and the Standard Contractual Clauses shall terminate automatically upon termination of the General Terms of Service or expiry or termination of all service contracts entered into by Processor with Controller, pursuant to the General Terms of Service, whichever is later.

b) Any obligation imposed on Processor under this Addendum in relation to the Processing of Personal Data shall survive any termination or expiration of this Addendum.

c) This Addendum, excluding the Standard Contractual Clauses, shall be governed by the governing law of the General Terms of Service for so long as that governing law is the law of a Member State of the European Union.

d) Any breach of this Addendum shall constitute a material breach of the General Terms of Service or other agreement between the parties.

e) With regard to the subject matter of this Addendum, in the event of inconsistencies between the provisions of this Addendum and any other agreements between the parties, including but not limited to the General Terms of Service or other agreements between the parties, the provisions of this Addendum shall prevail with regard to the parties’ data protection obligations for Personal Data of a Data Subject from a Member State of the European Union.

f) Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

In certain cases (when services of memoQ TMS cloud or memoQ TMS private cloud are provided), memoQ Translation Technologies Ltd (memoQ) acts as provider of hosting service pursuant to the so-called Digital Services Act (DSA) (REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL on a Single Market For Digital Services (Digital Services Act) and amending Directive 2000/31/EC). As such memoQ is obligated to comply with certain requirements defined by DSA.

155. Stored information

a) Customer acknowledges and accepts that memoQ may not be aware of the content of information imported in Processor’s systems, hosted servers (hereinafter referred as “system").

b) memoQ may not be aware of, or have the means to ascertain the presence of illegal data in the Customer’s documents or information imported in system.

c) Customer agrees that Customer is not acting under the authority or the control of memoQ.

d) Customer agrees to not import illegal content in the system or remove it upon obtaining such knowledge or awareness. In the latter case, Customer agrees to notify memoQ about the illegal data. Furthermore, Customer agrees to not use system and services for purposes of illegal activities.

e) In this Chapter ‘illegal content’ or ’illegal information” or ‘illegal data’ means any information, which, in itself or by its reference to an activity, including the sale of products or provision of services is not in compliance with European Union (EU) law or the law of a Member State of the EU, irrespective of the precise subject matter or nature of that law;

156. memoQ’s liability is expressly and entirely waived and memoQ shall not be liable for the information stored in the frame of services on condition that memoQ

a) does not have actual knowledge of illegal activity or illegal content and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or illegal content is apparent;

b) upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the illegal content.

157. Submission of notices about illegal content

Customer can submit a notice about content that Customer considers illegal to the following email address: compliance@memoq.com. The notice should contain the following elements:

a) an explanation of the reasons why the information is considered illegal content;

b) an indication of the electronic location of that information, where it is possible the exact URL or URLs, and, where necessary, additional information enabling the identification of the illegal content;

c) the name and an email address of the individual or entity submitting the notice, except in the case of information considered to involve one of the offences referred to in Articles 3 to 7 of Directive 2011/93/EU;

d) a statement confirming the good faith belief of the individual or entity submitting the notice that the information and allegations contained therein are accurate and complete.

158. Moderation of content

a) Upon obtaining knowledge or awareness of content that may be illegal, memoQ and its compliance team (when it is necessary, by involving external lawyers) shall conduct assessment to decide if the content is considered illegal and whether it is in compliance with Union law or the law of a Member State of the EU, irrespective of the precise subject matter or nature of that law.

b) When the content, data or information is found to be illegal, memoQ may decide to remove or disable access to specific items of information provided by the Customer (’moderation’). memoQ shall inform the Customer, at the latest at the time of the removal or disabling of access, of the decision and provide a clear and specific statement of reasons for that decision. memoQ shall publish the decisions and the statements of reasons in a publicly accessible database managed by the respective body of the EU. That information shall not contain personal data.

c) The assessment (detailed in point a) of section 134) and moderation (detailed in point b) of section 134) shall be done on a case-by-case basis and upon human reviews without involving algorithmic decision-making.

Versions