CodeTwo Terms and Privacy
Terms and Conditions of Sales and Services
Published: February 16, 2022. See previous versions (https://www.codetwo.com/regulations/sales-and-services/#previous-versions)
General
- These Terms and Conditions of Sales and Services (“Terms”) describe how you can conclude a contract with us (CodeTwo sp. z o.o. sp.k.) and regulate how we provide our services to our customers (“Customer” or simply you). Anyone who is interested in using our services can become our Customer, as long as they agree to observe these Terms.
- CodeTwo sp. z o.o. sp. k. (“CodeTwo” or simply we or us) is a limited partnership established under the laws of the Republic of Poland. Our EU VAT ID number is PL6112622141. We are entered in the register of entrepreneurs under KRS number 438398, and our registration records are kept by the District Court for Wrocław- Fabryczna in Wrocław, Poland. You can find our full contact details here (https://www.codetwo.com/company/contact).
- We provide the following services (“Services”) based on these Terms:
- we grant free licenses for our software (“Freeware”);
- we grant commercial (paid) licenses for our software (“Software”);
- we provide technical support for Software if you decide to purchase a contract for these services (“Support Contract”).
- We provide Services through our websites which include: www.codetwo.com, www.codetwo.de and www.codetwo.pl, and all their subdomains (“Websites”).
- The detailed scope, period, conditions, the financial terms and the method in which we grant a license for our Freeware and Software are defined in End User License Agreement (“License Agreement”) and in our current price lists. You can view these documents on our Websites before you decide to use our Services.
Customers
- Our Services are designed mainly to support the business activities of our clients. If you want to purchase our Services in connection with your business or professional activities, you will be able to do so directly from us and using our Websites or through our resellers.
- If you want to purchase our Services as a consumer (including as a sole entrepreneur who has a status of a consumer) you can do so through our distributor – share-it! Digital River GmbH (“Digital River”) or through our resellers.
- We will not be a party to any purchase agreement which you conclude with Digital River or our resellers. In such case, points 16 – 22 and 43 – 53 of these Terms will not apply. Sales made through Digital River and our resellers are governed by separate rules which will be made available to you during the purchasing process on their websites.
- CodeTwo Email Signatures for Office 365 can only be purchased in connection with your business or professional activities.
General licensing conditions
- We do not sell our software. We only grant licenses to use it.
- We do not deliver physical mediums with a copy of our Freeware or Software, but we make it available for you on our Websites. Depending on the type of the Freeware or Software, in order to use it, you must either download installation files from our Websites or access it through our Websites. You may be asked to create an account on our Websites before you access our Freeware or Software.
- Freeware is computer software available in its fully functional version for free and without temporal restrictions on the use of the software.
- You can only use Freeware and Software after you accept these Terms, our Privacy Policy and confirm that you have read and understood our License Agreement. The license for Freeware and Software is granted (the License Agreement concluded) in accordance with the provisions of the License Agreement.
Updates and upgrades
- If you use Freeware and Software, you are entitled to use upgrades which we issue for specific Freeware and Software versions. Usually, you will have to download files containing updates from our Websites and install them on your own in accordance with the License Agreement. Freeware and Software which are accessed directly through our Websites may be updated automatically by us.
- Unless an upgrade of a specific version of the Software to a higher version is explicitly marked as free of charge, it will require payment in accordance with the price list of this Software.
Trial versions
- Some types of our Software are available in trial versions. If you have never purchased a license for a given type of Software, you can access or download trial versions of our Software from our Websites for free. You can then test the Software over a trial period in order to familiarize yourself with the Software and check its features. The trial period for each type of Software is specified in the price list on the Software’s website.
- During the Software testing phase (trial period), the use of individual features of the Software may be limited, including, in particular, the data volume and the number of workstations or users supported by the Software. The current terms of the trial period are specified in the price list on the Software’s website.
- Depending on the type of the Software, in order to use the trial version, you must either download installation files from our Websites or access it through our Websites. You may be asked to create an account on our Websites before you access our Software.
- You can only use trial versions of the Software after you accept these Terms, our Privacy Policy and confirm that you have read and understood our License Agreement.
- The license for the trial period is granted (the License Agreement concluded) in accordance with the provisions of the License Agreement. After the lapse of the trial period you will be required to enter a Product License Key, activate the Software on our Websites or use any other option which is currently available on our Website or in our Software to renew a license in accordance with the License Agreement and the price lists.
- Our Software will automatically notify you of the need to buy or extend the license or stop using the software before the expiry of the trial period. You must not use our Software if you decide not to purchase Software after the trial.
- In exceptional circumstances, if your organization requires a longer trial period, we may, at our own discretion, grant temporary Product License Keys for some of our Software.
Subscription
- Our Software is offered either with time unlimited or limited license term (“Subscription”). The type of the license and its term is specified in the price list or the Software’s website.
- After the lapse of the Subscription period you will be required to enter a Product License Key, activate Software on our Websites or use any other option which is currently available on our Website or in our Software to renew a license in accordance with the License Agreement and the price lists.
- Our Software will automatically notify you of the need to buy or extend the license or stop using the software before the expiry of the license term. You must not use our Software after license term expires.
Support Contracts
General
- Support Contracts are available exclusively for Software and only during the license validity term (i.e. when you have an active Product License Key, active Subscription, or when Software is activated on your account on our Websites).
- Support Contracts are available only for selected products, clearly marked on our Websites. Support Contracts are either paid separately or included in the price of the Software.
- Services are provided under Support Contracts only when you have a valid Support Contract.
- We provide services under Support Contracts to:
- anyone who uses Software in his/her own name, or
- anyone who uses the Software in the name or on behalf of the Customer’s organization, or
- anyone who has been authorized by or who acts in the name or on behalf of the Customer’s organization, even if such a person does not use such Software himself/herself.
- We will refuse to provide our services under Support Contracts in case you are not able to positively identify yourself as authorized to use these services (e.g. by providing a valid Product License Key number or other credential confirming that you are authorized to act on behalf of the Customer’s organization).
- If you want to purchase a Support Contract you must place an order and conclude an agreement with us. Such an agreement is concluded based on these Terms and in line with price lists available on our Websites. The price for the Support Contract is calculated for the specific version of Software. Upon purchase of the Support Contract for a more recent version of the Software different prices may apply.
- We are entitled to suspend the provision of our services under the Support Contract in case the full amount for the Software license or for the Support Contract was not paid and until this amount is paid in full.
Provision of services under Support Contracts
This section describes how we provide our services under Support Contracts. This section will apply only if you purchase a Support Contract along with a license for the Software or if a Support Contract is included in your license. We also provide Services under Support Contracts to all Customers who use trial versions and to Customers who use temporary license keys for our Software if such temporary licenses include the Support Contract.
- Support Contracts have a limited character and relate only to maintenance and use of our Software. If you have a valid Support Contract or use a trial version of our Software, we will answer your questions relating to features of our Software and help you resolve other technical problems that you report to us and which occur when you use our Software.
- Your Support Contract always relates to only one, specific type of our Software that you bought it for. We will not provide our services under Support Contracts for Software which falls outside of the scope of your Support Contract.
- Although we do our best to resolve the issues that you report to us, we do not guarantee that we will be able to help you in each and every case. Particularly, we do not guarantee that services provided under a Support Contract will always satisfy your requirements or expectations or that in result of our services our Software will be free of operational errors and irregularities, or that our services will lead to the elimination of all such errors and irregularities.
- We provide our services under Support Contracts through email (“Email Support”) and through means of real-time communications such as telephone or an online session (“Live Support”). To make use of Email Support, you should contact us using this contact form (https://www.codetwo.com/company/contact). To make use of Live Support, please refer to our website to see what forms of contact are currently available. In principle, Live Support is available round-the-clock on business days.
- In order to use our services under Support Contracts, you will have to use either your phone or email. These services are provided by external network operators. Standard rates as set by network operators will apply to all phone calls made to our contact numbers.
- We reserve the exclusive right to choose the tools and methods of providing our services under Support Contracts to you. We will choose these tools and methods based on the type of the issue that you report to us. You cannot demand that we implement other methods or tools to provide our services under Support Contract to you.
- Once you decide to contact us with your issue, we will register your question or problem and open a ticket (“Ticket”). We do not impose any limits on the number of tickets allocated to you, therefore if you contact us with another issue, usually, a new ticket will be created.
- We will only close your ticket after we give you a final answer to your question, after we solve your problem or once we determine that your problem cannot be solved and explain it to you. We may reopen your ticket in the future if it becomes necessary to undertake further actions relating to your question or problem.
- If you decide to share your system or software logs with us or conduct a Live Support session, it is your duty to remove or mask all personal data which may be included in such logs or may be visible to us during a Live Support session. In case it is impossible to do so, you should make sure that people whose personal data might be contained in these logs or may be visible during a Life Support session are properly informed about the disclosure of their data. You can find more information about how we use logs and how we conduct Live Sessions in our Privacy Policy (https://www.codetwo.com/regulations/privacy).
- We will make every effort (but we do not guarantee) to contact you on the next business day following the day on which you reported your issue to us at the latest. This does not mean that we will be able to resolve your issue within that time.
Purchasing Software and Support Contracts
- You can place orders for Software and Support Contracts online on our Websites. You can only place an order in another way (e.g. via a phone) if we mutually agree that this is possible.
- If you place an order for Software online on our Websites, your order may exclusively apply to one type of Software that you select. You can place any number of orders for licenses for any number of our Software. If you place an order through our Website you may only order a type of license which was defined in the price list of a given Software. If you want to place an order of a broader scope than this defined in the price list you must contact us (https://www.codetwo.com/company/contact) first.
- You can place any number of orders for Support Contracts for any number of our Software. If you place an order through our Website one order may refer to Support Contract solely for one selected type of Software, for one specific version of that Software which was defined in the price list of a given Software.
- To place an order online, you have to fill in and submit the order form which is available on our Website. You can select the Software that you are interested in and the scope of the ordered license within the order form. You are solely responsible for completeness and accuracy of data that you provide in the order form.
- Before you submit your order, you must accept these Terms and the price of the license and/or Support Contract displayed on the order form as well as confirm that you have read the License Agreement.
- You will receive an order confirmation immediately after placing an order online. It will be sent to the email address indicated in the order and will include the order number, details required for making the payment for the placed order (if the payment was not made electronically while placing the order) and any other necessary information. You must comply with all withholding tax requirements under applicable federal, state and local laws while making your payment. If you request us to do so, we will provide you with: (i) such forms or certificates as are necessary to establish an exemption from withholding tax with respect to all Software and Support Contracts that you purchase from us; and (ii) any representations and forms as shall reasonably be requested by you to assist in determining the extent of, and in fulfilling, your withholding tax obligations. You must file required forms with applicable jurisdictions. In case you cannot properly establish an exemption from withholding tax, all of your payments to us in respect of which such withholding is required shall be increased to the extent necessary to ensure that we receive our remuneration net of any withholding or deduction, equal to our remuneration which we would have received had no such withholding been made or required to be made.
- We will make our Software or services under a Support Contract available to you within 2 business days following the date of crediting our bank account with the full payment for your order. In order to make our Services available to you, we will either send you a Product License Key to the email address indicated in your order or activate the software online specifically for your user account.
- If a price list of a given Software clearly states that the license for our Software or Support Contract can also be purchased using a purchase order (PO) with deferred payment (or by using another method agreed with you individually) our Software or services under Support Contract will be available to you before you make the payment for the order. We have the right to immediately suspend the provision of our Services to you in case the full amount for the Software or Support Contract has not been paid on time and until this amount is fully paid.
- If you did not pay for your previous order we can suspend execution of any subsequent order (e.g. suspend our Services) that you make with us, until our bank account is credited with the amount due for this order.
- Some of our Software offered with Subscription has an automatic license renewal mechanism. This means that you will only be asked to give the payment details and accept these Terms once when purchasing the Software for the first time. No additional action or consents will be required in order for Subscription to renew. The Subscription will renew automatically by charging your credit card unless you edit or cancel the subscription prior to its renewal.
- A legally binding agreement involving payment obligation is concluded when you complete and approve the order form on our Websites.
Return of a license – the right to rescind an agreement
- You can return a license (rescind an agreement) for some of our Software without the need to provide reasons therefor within 30 days from its purchase. This right applies only to Software which is clearly marked as covered by such right. Support Contracts are not covered by the right to rescind unless they form a part of an order for a license for our Software which is covered by the right to rescind an agreement.
- In order to return a license, you must fill in and submit an online return form which is available on our Websites. Use the same identification details as those given in the order and specify either the number of the order that you want to return or the number of VAT invoice which documents that order. We may not be able to process your return in case you give us different identification details.
- If you want to exercise your right to rescind an agreement, you must complete the return form on the 30th day after purchase at the latest. If you fill it out later, withdrawal from the contract will not be effective.
- If your Software is covered by the right to rescind an agreement and if you filled in the return form correctly and in a due time you will receive a confirmation from us. We will return your payment to the account from which the payment has been made within 30 days after you receive the confirmation.
CodeTwo’s liability
- These Terms exclude our liability under an implied warranty for defects.
- These Terms exclude our contractual liability, to the full extent, for any damage resulting from failure to perform the agreement or improper performance thereof, except for liability for any damage caused intentionally.
- Under no circumstances should we be liable for any interruption, delay or failure to perform our obligations under these Terms caused by malfunction of your IT infrastructure, failure to provide correct payment or billing information and other technical reasons which are beyond our reasonable control.
- Under no circumstances should we be liable for any interruption, delay or failure in performance of our obligations arising out of these Terms due to causes beyond our reasonable control (“Force Majeure Causes”). Force Majeure Causes should include but not be limited to:
- fire, chemical contamination or contamination by radioactive, electromagnetic or ionizing radiation;
- earthquakes, lightning, cyclones, hurricanes, floods, droughts or such other extreme weather or environmental conditions which due to their excessive character or atypical geographical occurrence were impossible to predict or prepare for;
- pressure waves from devices traveling at supersonic speeds or damage caused by any aircraft or similar device;
- war, invasion, terrorism (including cyberterrorism), blockade, embargo, riot, public disorder, violent demonstrations, insurrection, rebellion, civil commotion, and sabotage;
- to the extent that they are politically motivated: strikes, lockouts, work stoppage, labor disputes, and such other industrial action by workers;
- acts or omissions of civil or military authorities as well as regulatory or governmental bodies (including the passage of laws or regulations or other acts of government that impact the delivery of the Services);
- fuel or energy shortage, network failures, interruptions and disruptions in the proper functioning of external telecommunication connections and equipment, acts or omissions of Internet traffic carriers, as well as inability to obtain equipment, supplies or utilities necessary to provide the Services from primary and backup sources;
- the activity of hackers, viruses, and malware causing network disruptions at the local, national or global level.
Complaints
- You can file complaints regarding our services by completing and approving the refund/return form online which is available here (https://www.codetwo.com/support/form/).
- We will consider your complaint within 14 days of its receipt. We will notify you of how the complaint was handled by sending an email to the address indicated in the complaint.
- If you purchased and paid for our Software or Support Contract and did not receive an email containing a Product License Key or other information necessary to start using our Services or an invoice within the time provided in the Terms we will immediately send the relevant correspondence again once you notify us.
Personal data processing
If you want to know more about how we process your personal data, what data we collect, what we use it for, and how you can exercise your rights please refer to our Privacy Policy (https://www.codetwo.com/regulations/privacy).
This section applies only if you decide to purchase a license for CodeTwo Email Signatures for Office 365 – a centrally managed, server-side email signatures management software consisting of a web-based admin panel and associated services, such as CodeTwo Email Azure Service, hosted on Microsoft Azure in a region of your choice.
This section does not apply to any other types of Software.
General
- You, as the data controller, acknowledge and understand that:
- making use of CodeTwo Email Signatures for Office 365 requires that some Azure Active Directory user attributes and group memberships of people who have accounts in your Microsoft 365 tenant (“Customer Data”) are associated with CodeTwo Email Signatures for Office 365;
- making use of CodeTwo Email Signatures for Office 365 requires that emails sent from your Microsoft 365 tenant (“Customer Emails”) are relayed through CodeTwo Email Signatures for Office 365;
- by confirming that you have read and understood these Terms you will enter into a Data Processing Agreement with us. You will receive a pre-signed copy of these Terms along with your order confirmation to the email address that you have provided to us in the order form.
- You, as the data controller, confirm that:
- these Terms along with your use and configuration of CodeTwo Email Signatures for Office 365 are your complete and final instructions to us for the processing of Customer Data. We will immediately inform you, if in our opinion your instructions may infringe the GDPR or other data protection laws;
- Customer Data was and will be obtained in accordance with applicable laws, including the GDPR and that all required consents (if necessary) from people whose personal data are processed using CodeTwo Email Signatures for Office 365 were collected and all information duties fulfilled.
- We, as a data processor, undertake:
- to only process Customer Data and Customer Emails to make it possible for you to make use of CodeTwo Email Signatures for Office 365, solely on the basis and under the conditions specified in these Terms and applicable provisions of law;
- not to record, register, store, back up, or physically access the content of Customer Emails, except in circumstances and to the extent described in Appendix 3 to these Terms.
Scope of personal data and categories of data subjects
- Customer Data encompasses the following categories of personal data: names, email addresses, company contact details and job titles of people who have accounts in your Microsoft 365 tenant, as well as any other attributes of those people defined in your domain’s Azure Active Directory. These people are those who will be concerned by the processing.
Subprocessing
- We use Microsoft Azure to provide services in connection with CodeTwo Email Signatures for Office 365 to you. This means that Customer Data will be processed in Microsoft Azure datacenters in a region of your choice. You can find a list of currently available regions here (https://www.codetwo.com/email-signatures/how-it-works).
- Microsoft Azure datacenters are managed by Microsoft Corporation and its affiliates. Microsoft Corporation uses subcontractors to provide its Microsoft Azure services. You can find the list of subcontractors in Microsoft Online Services Terms which are available here (https://www.codetwo.com/regulations/dpa/ms-subcontractors).
- You can find detailed terms and conditions of services provided by Microsoft Corporation and its affiliates in Microsoft Online Services Terms and Service Level Agreements for Microsoft Online Services which are available here (https://www.codetwo.com/regulations/dpa/ms-terms-and-conditions). These documents describe Microsoft’s obligations regarding the security of data and measures that were implemented in Microsoft datacenters to protect the confidentiality of Customer Data. You can also find information about Microsoft’s Azure security in Azure Trust Centre, here (https://www.codetwo.com/regulations/dpa/ms-azure-security).
- We confirm that we have entered into an agreement based on EU Standard Contractual Clauses with Microsoft Corporation. The aim of this agreement is to ensure that a level of protection of personal data similar to this ensured by us is maintained when Customer Data is transferred to Microsoft Azure datacenters, including those located outside of the European Economic Area (EEA).
- You acknowledge and agree that we may use Microsoft Corporation, its affiliates and subcontractors, as described above, as subprocessors to provide services associated with CodeTwo Email Signatures for Office 365 to you. These entities may be engaged only within the limits and for the purpose of providing services associated with CodeTwo Email Signatures for Office 365 to you. The standard of personal data protection applicable to these subprocessors is at least equal to the protection standard provided by us.
Copies of data and confidentiality of information
- We will not create copies or duplicates of any data without your knowledge, except for backup copies concerning the following types of data:
- CodeTwo Email Signatures for Office 365 settings and configuration details;
- Customer Data (i.e. some Azure Active Directory user attributes and group memberships of people who have accounts in your Microsoft 365 tenant, as described in point 65 (a) above).
- These backup copies are necessary to ensure smooth functioning of services associated with CodeTwo Email Signatures for Office 365. All backup copies are automatically created by Microsoft Azure and stored on Microsoft Azure in a region that you chose when associating your Microsoft 365 tenant with the CodeTwo Email Signatures for Office 365. We will not use these backup copies outside of Microsoft Azure environment or for any other purposes than those specified above.
- We will not create backup copies of any other types of data than those specified in point 74 above. We will not create backup copies of Customer Emails.
- We acknowledge and agree that Customer Emails in some cases may contain information that should reasonably be understood to be a proprietary or confidential information of the Customer. We will undertake all reasonable organizational, technical and administrative steps to prevent Customer Emails from being disclosed to any unauthorized person. We will not disclose Customer Emails to any third parties and will always refuse all requests to disclose Customer Emails to law enforcement.
- We acknowledge and agree that Customer Data in some cases may contain information that should reasonably be understood to be a proprietary or confidential information of the Customer. We will undertake all reasonable organizational, technical and administrative steps to prevent Customer Data from being disclosed to any unauthorized person. We will not disclose Customer Data to law enforcement unless required by law. If law enforcement contacts us with a request for Customer Data, we will attempt to redirect the law enforcement agency directly to you. If compelled to disclose Customer Data to law enforcement, we will promptly notify you and provide a copy of the demand unless we are legally prohibited from doing so.
Assistance in fulfillment of the rights of data subjects and performance of other data controller’s obligations
- We will help you fulfill your duty to respond to the requests of data subjects, particularly in relation to the right to be forgotten, the right to data portability, the right to restriction of data processing or the right to object to data processing provided that you inform us immediately of any requests from data subjects that require our assistance. In any event, you should inform us of any requests that you received no later than 3 (three) business days from its receipt. You can do it using this form (https://www.codetwo.com/form/data-protection/).
- We have the right to refuse your request if it is forwarded to us later than 3 (three) business days from its receipt by you and if the request is too difficult or impossible to fulfill. A request may be difficult or impossible to fulfill especially when it is too complex, evidently unjustified, excessive or impossible to fulfill because of technical limitations.
- We will confirm the receipt of your request within 3 (three) business days from its receipt. Within the next 3 (three) business days we will let you know if we are able to assist you and we will inform you of the expected deadline to fulfill your request. In any event, the deadline may not be shorter than 2 (two) weeks.
- If we receive a request from your data subject to exercise one or more of its rights under the GDPR, we will redirect the data subject to make its request directly to you.
- Taking into account available information and the nature of processing, as described in points 65 – 67 of these Terms, we will provide you with information necessary for you to perform obligations arising out of article 32 – 36 of the GDPR, including Data Protection Impact Assessments (“DPIA”). If you require our assistance in relation to these matters you can contact our Data Protection Officer and Data Security Team at any time using this form (https://www.codetwo.com/form/data-protection/).
Security
- Considering the risk of violation of the rights and freedoms of individuals and the state of technical knowledge, implementation costs, scope, nature, context and purposes of processing personal data, we declare that in accordance with art. 32 of the GDPR, we have implemented appropriate technical and organizational measures to secure the processing of Customer Data. These measures are described in Appendix 1 to these Terms. You can also use information contained in Appendix 1 to perform DPIA.
- We undertake to protect Customer Data from unauthorized access, unauthorized removal, damage or destruction and we will take all necessary steps to keep personal data confidential and to protect it in accordance with the provisions of the GDPR.
- We declare that all our employees who are authorized to process personal data are bound by confidentiality and undergo regular training regarding data protection provisions relevant to their work.
- We regularly monitor all internal processes and the technical and organizational measures to ensure that processing is in accordance with the requirements of applicable data protection laws and the protection of the rights of the data subject.
- We are entitled to implement alternative, suitable measures than those described in this section above and in Appendix 1 to these Terms, especially due to technical advances and developments. Such measures must not fall below the security level of those described above. We will provide you with an up-to-date version of Appendix 1 anytime you request us to do so during the term of your license for CodeTwo Email Signatures for Office 365.
Data breaches
- We will notify you without undue delay after becoming aware of a personal data breach. Such notice will, at a minimum:
- describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal records concerned;
- communicate the name and contact where more information can be obtained;
- describe the likely consequences of the personal data breach; and
- describe the measures taken or proposed to be taken by you to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Period of processing and return of data
- You acknowledge and understand that we will start the processing of Customer Data after your Microsoft 365 tenant is associated with CodeTwo Email Signatures for Office 365.
- We will process personal data that you entrust to us for the duration of your license for CodeTwo Email Signatures for Office 365.
- If your license is terminated or expires, we will erase Customer Data from CodeTwo Email Signatures for Office 365 within 180 days after you cancel your subscription with us, unless the law requires that this data is processed for a longer period.
- After termination or expiration of your license, we will not perform any operations on Customer Data, except for storing it within CodeTwo Email Signatures for Office 365, unless we are required to do otherwise by law.
Auditing rights of the Customer
- If you need any additional information regarding how we process and protect Customer Data and fulfill obligations arising out of the GDPR you can contact our Data Protection Officer and Data Security Team at any time using this form (https://www.codetwo.com/form/data-protection/).
- You can also verify security measures implemented by Microsoft Corporation and its affiliates by referencing to their Online Services Terms.
- CodeTwo has implemented the Information Security Management System certified against international standards ISO/IEC 27001 and ISO/IEC 27018. To confirm the compliance with ISO/IEC 27001 and ISO/IEC 27018, we conduct the audit once a year, and every third year we undergo the re-certification process. Audits are conducted by the external and independent certifying entities. We will resolve any audit findings immediately in a way that is satisfactory for the certifying agencies in order to stay compliant with ISO/IEC 27001 and ISO/IEC 27018.
- On your demand, we will provide you with proof that CodeTwo holds the ISO/IEC 27001 or ISO/IEC 27018 certificates. If you need any additional information, we will share with you the results from the recent ISO/IEC 27001 or ISO/IEC 27018 audits carried out in CodeTwo to help you verify how we fulfill our obligations regarding the information security arising from these Terms. The report will be restricted by the distribution and confidentiality limitations imposed by the certifying entity. You might be asked to sign an additional Non-Disclosure Agreement before we share the report with you.
Control and audits
- You should inform us without undue delay of any control or audit performed by competent supervisory authorities if it relates to Customer Data.
- We will inform you immediately of any inspections and measures conducted by the supervisory authorities if they relate to CodeTwo Email Signatures for Office 365 or Customer Data.
Jurisdiction and feature specific data protection clauses
- If you are subject to any data protection laws of jurisdictions listed in Appendix 2, then the terms of Appendix 2 supplement the Personal data processing clauses of these Terms.
- If you make use of any of the features listed in Appendix 3, then the terms of Appendix 3 supplement the Personal data processing clauses of these Terms.
Miscellaneous
- Our Websites and all of their contents are copyright protected.
- You may share your comments, ideas or feature requests regarding our Websites, Software or Services with us. By doing so, you grant us permission to use and incorporate it without further compensation or approval.
- You must not use our Websites, Software or Services to provide unlawful content.
- You must not use or let any third parties use our Websites, Software or Services to send SPAM, phishing or any other type of correspondence that is illegal or not compliant with Microsoft 365 Terms and Conditions. You are solely responsible for the security of your login credentials or accounts used to access our Software or Services. You may not crack, hack, dismantle or reverse-engineer our Software. We reserve the right to suspend your mail flow or suspend or delete your license or account without the right to any refund if you breach any of these obligations.
- Unless you specify otherwise while purchasing our Software or Support Contract, by accepting these Terms you grant us the right to use your organization’s logotype on our website for marketing purposes free of charge. If you do not want us to use your organization’s logotype, you can always let our Data Protection Officer and Data Security Team know about it using this form (https://www.codetwo.com/form/data-protection/).
- We recommend that you use the latest Internet Explorer, Microsoft Edge, Firefox, Safari, Opera, or Google Chrome to view our Websites and to use our services. You may experience problems if you use different or older web browsers.
- We abide by the highest ethical standards while providing our services to you, in accordance with all applicable laws and standards relevant to the Services. We reject any criminal behavior and regard it as unacceptable. In particular, we take every reasonable effort to ensure that there is no human trafficking or modern slavery in CodeTwo and in the business of our suppliers and subcontractors. We also make sure that neither CodeTwo nor our suppliers and subcontractors are involved in other unethical business practices, i.e. bribery and other forms of corruption, fraud, money laundering or terrorist financing.
- These Terms contain all our rights and obligations in relation to the Services. These Terms may never be modified, supplemented or superseded without our consent. Our consent must be explicit and made in a separate document. Our consent cannot be alleged or inferred from any other document, correspondence or other type of statement and, in particular, from the fact that we accept any document (regardless of its form) that you send or deliver to us before, during or after the license purchase process.
- Any amendment to these Terms will carry the date of its entry into force. Entry into force of an amendment to the Terms can occur only after its publication on the CodeTwo’s Websites. Amendments to the Terms apply solely to orders placed following the date of their entry into force.
- These Terms should be interpreted and construed in accordance with the laws of the Republic of Poland (a member state of the European Union) without the regard for any conflict of rules laws. All disputes arising out of these Terms should be brought in front of the competent courts of the Republic of Poland.
- To the extent that these Terms may apply to purchases made by sole entrepreneurs having a status of consumer under applicable provisions of law, nothing in these Terms should be interpreted so as to limit, or exclude any rights granted to such persons. Should any provision of these Terms be found to have such an effect, these Terms should be applied and construed so that it may be ensured that such persons are able to make use of their rights.
Appendix 1 – Summary of security measures implemented by CodeTwo
This document describes security measures that we have implemented to ensure that Customer Data is processed in accordance with the law and these Terms. This document is regularly updated to reflect changes made in our security and data privacy compliance program.
- General organizational measures
- Data Protection Officer and Compliance Program. We have appointed a Data Protection Officer who is responsible for coordinating, monitoring and improving our security and data privacy compliance program (“Compliance Program”). Compliance Program defines clear roles and responsibilities of our personnel. Data Protection Officer is responsible for coordinating, monitoring and improving the Compliance Program.
- Security Management System and External Audits. CodeTwo has implemented the Information Security Management System certified against international standards ISO/IEC 27001 and ISO/IEC 27018. To confirm the compliance with ISO/IEC 27001 and ISO/IEC 27018, we conduct the audit once a year, and every third year we undergo the re-certification process. Audits are conducted by the external and independent certifying entities.
- Confidentiality. Our entire personnel are subject to confidentiality obligations and may only access personal data subject to a prior, written authorization issued by CodeTwo.
- Training and awareness
- Personnel Training. We conduct regular training sessions for our personnel on data protection rules and personnel roles within our Compliance Program. We also inform our personnel about possible consequences of non-compliance. These training sessions are conducted using anonymized data.
- Physical and Environmental Security
- Physical Access to Datacenters. Customer Data is processed within Microsoft Azure datacenters. Access to these datacenters is restricted only to identified Microsoft staff members. Our personnel may not physically access these centers.
- Physical Access to our Facilities. Only identified and authorized members of our personnel may access our facilities. Unauthorized personnel may not access these facilities.
- Monitoring of Facilities. Our facilities are constantly monitored by us and external security service to prevent unauthorized access. Visitors may only access a designated space of our facilities where no data is processed.
- Protection from Disruptions. We use a variety of industry-accepted solutions to protect against loss of data due to power supply failure, fire, natural disaster or line interference.
- Component Disposal. We use industry accepted solutions to delete Customer Data when it is no longer needed.
- Access Control
- Access Authorization. We maintain a record of personnel authorized to access our facilities and information systems. We have implemented a system of controls to make sure that no one can stop working for our organization without having their authentication credentials deactivated and all access rights revoked. Additionally, we conduct regular (at least once every 6 months) audits to make sure that authentication credentials that have not been used are deactivated. De-activated or expired identifiers are not granted to other or new members of our personnel. We maintain industry standard procedures to deactivate passwords that have been corrupted or inadvertently disclosed.
- Limitation of Privileges. Only a small, selected group of personnel may grant, alter or cancel access privileges to our facilities and information systems. The scope of access rights granted to our personnel is limited strictly to assets necessary to perform their functions.
- Authentication of Users. We use industry accepted solutions, such as multifactor authentication, to identify and authenticate users who access our IT systems. Passwords are renewed regularly and must comply with minimum requirements imposed by our security policies. We use various best practices designed to maintain the confidentiality and integrity of passwords when they are assigned, distributed and stored.
- Monitoring. We monitor our information systems against all attempts of unauthorized access and use of expired or invalid credentials.
- Asset and Operations Management
- Endpoint Protection. All computing endpoints are encrypted and protected against malware.
- Backup Copies. We make regular copies of CodeTwo Email Signatures for Office 365 settings and configuration details and Customer Data (Azure Active Directory user attributes and group memberships of people who have accounts in your Microsoft 365 tenant, as described in point 65 (a) of these Terms. We do not create backup copies of Customer Emails.
- Access to Backups. All backups are automatically created by Microsoft Azure and stored on Azure in a region that you chose when associating your Microsoft 365 tenant with CodeTwo Email Signatures for Office 365. We have processes in place which ensure that access to backup copies is restricted to the necessary minimum, that backups may not be used outside of Microsoft Azure’s environment and that no data can be restored without the authorization of senior personnel members.
- Integrity and Confidentiality. Our personnel have to disable all sessions when leaving our facilities or leaving computers unattended. Only a small, selected group of our personnel who require remote access due to the character of their duties may carry mobile devices and use them outside of our premises. All mobile devices are password protected and have encrypted storage.
- Printing and Portable Data Carriers. We have procedures in place which guarantee that no data can be printed or copied to portable data carriers without our prior authorization. Members of our personnel are prohibited from using unauthorized portable data carriers within our premises.
- Network Controls. Only authorized devices may use our networks. We have controls in place which ensure that unauthorized devices may not be used within our network.
- Incident Management
- Malicious Software. We have anti-malware controls in place to help avoid malicious software gaining unauthorized access to Customer data and our information systems, including malicious software originating from public networks.
- Incident Record. We maintain a record of security incidents which include the date and time of the incident, the consequences of the breach and measures implemented to avoid similar situations in the future.
- Service Monitoring. We verify and monitor logs against irregularities and suspicious activity.
- Application Controls
- Documentation. We maintain documentation which describes the architecture and features of CodeTwo Email Signatures for Office 365.
- Guidelines and Policies. We maintain guidelines and policies for developers which ensure that personal data processing principles such as privacy by design and privacy by default principles are observed while developing our applications.
- Code Review and Patch Management. We regularly review application codes for errors and issue patches or fixes.
Appendix 2 – Jurisdiction specific data protection clauses
California
- This section sets forth specific terms and conditions concerning compliance with the California Consumer Privacy Act (“CCPA”). It only applies if you are a “business” under relevant provisions of the CCPA and you purchase a license for CodeTwo Email Signatures for Office 365. This section does not apply in all other cases.
- Where we process Customer Data and Customer Emails containing California consumers’ personal information we are a “service provider” who processes Customer Data and Customer Emails on your behalf and you are a “business” as defined in the CCPA.
- Unless explicitly stated otherwise, in points 65 – 99 of the Terms the term “data controller” should be read to include “business”, the term “data processor” should be read to include “service provider”, the term “data subject” should be read to include “consumer” and “Customer Data” and “Customer Emails” should be read to include “personal information”, each as defined under the CCPA.
- As a service provider, we undertake not to retain, use, disclose or otherwise process Customer Data and Customer Emails for any purpose other than making your use of CodeTwo Email Signatures for Office 365 possible or as otherwise may be permitted for “service providers” under the CCPA.
- Our obligations regarding data subject requests contained in points 79 – 83 of the Terms apply to consumer’s rights under the CCPA.
Appendix 3 – Feature specific data protection clauses
This section sets forth specific terms and conditions concerning personal data protection which only apply if you make use of at least one of the following features available in CodeTwo Email Signatures for Office 365 (further jointly as “Affected Features”):
- the Sent Items Update feature;
- the Autoresponder feature.
The provisions below apply if and only if you turn on at least one of the Affected Features for your CodeTwo Email Signatures for Office 365 account. If you do not turn on at least one of the Affected Features the provisions below DO NOT apply at all.
- Notwithstanding point 65 (b) and 68 of the Terms, if you turn on at least one of the Affected Features for your CodeTwo Email Signatures for Office 365 account:
- the term Customer Emails shall be read to include all emails (both received and sent) in all mailboxes created within your Microsoft 365 tenant;
- the scope of personal data affected by the processing shall be read to include Customer Data as well as all personal data contained in all emails in all mailboxes created within your Microsoft 365 tenant (“Email Data”);
- the categories of data subjects concerned by the processing shall be read to include people who have accounts in your Microsoft 365 tenant as well as people whose personal data is included in all emails in all mailboxes created within your Microsoft 365 tenant.
- You must explicitly grant CodeTwo Email Signatures for Office 365 additional access privileges to selected resources in your Microsoft 365 tenant to make use of any of the Affected Features. The scope of the required privileges will be visible to you when configuring the Affected Features in the CodeTwo Email Signatures for Office 365 admin panel. These privileges vary between each of the Affected Features and may include, but are not limited to, a permission to read all user profiles in your Microsoft 365 tenant without a signed-in user as well as a permission to read mail in all mailboxes without a signed-in user or as the signed-in user. These permissions are necessary to apply rules and perform actions that you configure while setting up the Affected Features.
- Notwithstanding point 67 (b) of the Terms, CodeTwo shall be entitled to access the content of Customer Emails, as defined in this Appendix 3, to make the use of the Affected Features possible to you.
- Point 3 does not apply to Customer Emails that are encrypted with Microsoft encryption technologies or otherwise. CodeTwo Email Signatures for Office 365 has no access to keys required to decrypt encrypted Customer Emails and, therefore, the use of the Affected Features in regard to encrypted Customer Emails may be limited or not possible at all.
- All access privileges that you grant in line with points 2 and 3 above are of technical and functional character. We will not use these privileges to create copies or duplicates of Customer Emails or Email Data. We will not use Customer Emails or Email Data for any other purpose than making the use of the Affected Features possible to you.
- The provisions of this Appendix 3 enter into force when you turn on at least one of the Affected Features for your CodeTwo Email Signatures for Office 365 account and continue in effect until you turn off the Affected Features or stop using CodeTwo Email Signatures for Office 365 completely (whichever occurs earlier).
Previous versions
- November 18, 2021 (https://www.codetwo.com/regulations/sales-and-services/archive-2021-11-18)
- January 12, 2021 (https://www.codetwo.com/regulations/sales-and-services/archive-2021-01-12)
- October 7, 2019 (https://www.codetwo.com/regulations/sales-and-services/archive-2019-10-07)
- June 6, 2019 (https://www.codetwo.com/regulations/sales-and-services/archive-2019-06-06)
- December 27, 2018 (https://www.codetwo.com/regulations/sales-and-services/archive-2018-12-27)
- October 24, 2018 (https://www.codetwo.com/regulations/sales-and-services/archive-2018-10-24)
- May 2, 2018 (https://www.codetwo.com/regulations/sales-and-services/archive-2018-05-02)
- April 18, 2017 (https://www.codetwo.com/regulations/sales-and-services/archive-2017-04-18)