Terms of Service

General terms

Effective as of: 09.11.2023
See previous version here

1. Scope

1.1. These Terms of Service govern the use of Services provided by UpCloud Oy, a Finnish limited liability company with Business ID 2431560-5, having its registered address at Aleksanterinkatu 15 B, 7th floor, 00100 Helsinki, Finland (“UpCloud”, “we”).

1.2. The Service is intended for purchase and use by entities and organisations for their business and professional purposes. The Service is not fit or intended for use by, and UpCloud is not obliged to provide it for, consumers or private persons for their personal use.

2. Definitions

When used in these Terms of Service, the definitions below have the following meaning:

Affiliate” means any entity that either directly or indirectly (a) controls, or (b) is controlled by, or (c) is under common control with, the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

Control Panel” means the control panel through which you can manage your subscription and the features of the Service, available at: https://hub.upcloud.com/

Customer” and “you” means the person or entity that subscribes to the Service.

Customer Data” means all data and content that you or a User or another party acting on your behalf generates in or submits or uploads to the Service.

Credits” mean service credits that you use to pay for the Services.

End-Customer” means a client of the Customer to whom the Customer provides its own services by utilising UpCloud’s Service.

Governmental Authority” means any national, supranational, governmental, municipal or administrative authority or regulatory body (including courts, police force, intelligence agencies), whether foreign or domestic, who have authority and jurisdiction over a Party or its Affiliates.

Party” and “Parties” means the Customer and UpCloud either singly or jointly, as the context requires.

Service(s)” means all services, software and content provided by UpCloud, including UpCloud’s cloud infrastructure services (such as cloud servers, managed databases, storage, networking), support services, the Control Panel, and UpCloud website.

Service Descriptions” means the documents that describe the Service in detail, available at: https://upcloud.com/resources/docs

Order” means an order submitted by the Customer to UpCloud specifying the Service that the Customer orders. Orders can be submitted by the Customer or Users manually via the Control Panel or by contacting UpCloud’s customer support, or automatically through the Application Programming Interfaces (APIs) of the Service or by other automated means to manage the Service.

User” means any person or entity whose access to the Service is attributable to the Customer, including the Customer and its Affiliates (and their employees, consultants, contractors and agents) and possible End-Customers.

Third-Party Products” means any service, product, software, platform or other component (such as an operating system, application, firewall) that is offered, provided, licensed, developed or owned by the Customer or a third party and interoperates with the Service.

3. Agreement Documents

3.1. These Terms of Service consists of: (1) this main body of Terms of Service and the following supplements: (2) Data Processing Agreement (“DPA”), (3) Service Level Agreement (“SLA”), (4) Acceptable Use Policy (“AUP”) and (5) the Service Descriptions – (1–5 together “Terms”). All agreement documents are available on UpCloud’s website www.upcloud.com.

3.2. In case of a conflict or ambiguity between the agreement documents, the order of precedence shall be: (1.) DPA, (2.) the main body of Terms of Service, (3.) SLA, (4.) AUP, (5.) Service Descriptions.

3.3. You accept these Terms, and enter into an agreement with UpCloud (“Agreement”) by: (1) registering to use the Service through UpCloud’s website, (2) executing a contract or an order form with UpCloud that references these Terms, or (3) using the Service.

4. Service Account

4.1. To use the Service you have to register and create a service account (“Account”). You can create multiple sub-accounts under the Account. When registering to the Service, and at any time during the term of the Agreement, you must provide true, accurate and complete information as required by UpCloud, and keep your information up-to-date. If you provide inaccurate, incomplete or fraudulent information, we have the right to suspend and/or terminate your access to and use of the Service in accordance with Section 13 below.

4.2. After you have created the Account, you and the Users can submit Orders. You will be responsible for all Orders made under your Account, whether by you, the Users, or your systems automatically. You will be responsible for the payment of all service fees based on the Orders made under your Account. Orders will be valid only after being accepted by UpCloud. UpCloud will be deemed to have accepted the Order if UpCloud supplies the ordered Service. We reserve the right to limit or restrict your ability to place Orders.

4.3. You will be liable for all activities conducted in the Service under your Account, including any actions taken by the Users. You must comply, and you must ensure that the Users comply, with the AUP and all user instructions relating to the Service. You will be responsible for any violations of the AUP or the user instructions by the Users.

4.4. You must safeguard, and ensure that any Users safeguard, the usernames and passwords of your Account. You must promptly inform us if you suspect that an unauthorised third party is using, or may have an access to, the Service or your Account. We reserve the right to temporarily suspend your Account if we have reasonable grounds to believe that the Account has been compromised and is used by an unauthorised third party.

5. Right to Use the Service

5.1. Subject to due subscription to the Service and compliance with these Terms, we grant you a non-exclusive, non-transferable, revocable and limited right to access and use the Service, and to grant Users access rights to the Service, during the term of the Agreement.

5.2. You are allowed to utilise the Service in the provision of your own services to your End-Customers. However, you remain fully liable to us for any actions your End-Customers take in, and for the content they upload to, the Service. Under no circumstances will UpCloud have any liability to your End-Customers.

6. Provision of the Service, Service Levels, Warranties

6.1. We will perform the Service in accordance with these Terms with commercially reasonable care and skill and in all material respects as described in the Service Descriptions.

6.2. If you consider that the Service provided to you was not performed as described in the relevant Service Description, you must promptly provide us with a written notice that describes the deficiency in the Service.

6.3. We will strive to correct possible deficiencies in the Service, but if such correction is not commercially reasonable for UpCloud and the deficiency has a material effect on your use of the Service, you have the right to terminate the deficient Service.

6.4. You are entitled to compensation for unscheduled interruptions in the provision of the Service in accordance with the SLA. The SLA-compensations will be paid in the form of service credits and may not be exchanged for cash or other forms of payment.

6.5. In all other respects the Service is provided on “as-is” and “as-available” basis, and UpCloud will not give the Customer any warranty or guarantee, express or implied, for the Service, its merchantability, fitness for any particular purpose, performance, or non-infringement. The Service is not designed to be error-free or uninterrupted and therefore it is neither intended nor fit for purposes that require fail-safe performance. The remedies set forth in this Section 6 will be your sole and exclusive remedies for any defects, deficiencies or interruptions in the Service.

7. Support

We will provide technical support for your dedicated administrative Users, as described in the Support Service Description, which includes the Support Team’s contact details and service hours.

8. Third-Party Products

8.1. If you use Third-Party Products  in connection with the Service, you must comply with the contract and licence terms of the Third-Party Products. We are responsible only for the provision of the Service. Any Third-Party Products are provided by the relevant third parties and covered by their terms of service or licence agreements. We do not assume any liability with regard to Third-Party Products or their use, whether or not they are linked to the Service.

8.2. Certain Third-Party Products, such as Microsoft Windows Server operating systems, cannot be used in the Service unless licensed from UpCloud. We will provide additional information regarding such Third-Party Products upon request.

9. Changes to the Service

9.1. UpCloud is entitled to develop its services and business offerings. UpCloud may, without notice and at UpCloud’s sole discretion, implement changes and updates to the Service and to the Service Descriptions, provided that the changes do not have a material adverse effect on the functionalities of the Service.

9.2. If we consider implementing a change in the Service that will have a material adverse effect in your use of the Service, we will notify you at least 30 (thirty) days before the change will be effected and reserve you a possibility to terminate the Agreement.

10. Prices

10.1. The rates applicable to the Service are available on UpCloud’s website at https://upcloud.com/pricing and shown in the Control Panel when ordering the Service. The actual service fee will be determined based on your use of the Service. Unless otherwise agreed, we will charge the Service on an hourly basis, meaning you will pay a service fee in advance for each 60-minute period that you use the Service.

10.2. Applicable value added tax (VAT) and other applicable duties and taxes will be added to the prices, unless the prices are specified “VAT inclusive”.

10.3. UpCloud has the right to increase the prices at any time by providing at least 30 (thirty) days’ advance notice to the Customer.

11. Payment Terms and Service Credits

11.1. Unless otherwise agreed in writing, we will charge the Service by debiting prepaid Credits from your Account. The Credits are non-refundable and non-transferable unless otherwise decided by UpCloud at its sole discretion. Through your Account, you can download invoices for the Credits you have purchased.

11.2. To use the Service, you must have a positive Credit balance on your Account. It is your responsibility to ensure that you have sufficient amount of Credits deposited on your Account at all times to cover the service fees associated with the Service you have subscribed for. If your Credit balance runs out (zero or negative balance), we have the right to suspend your use of the Service. If you do not remedy the negative or zero balance and deposit Credits to your Account within a reasonable time determined by UpCloud (at a minimum fourteen (14) days), we will consider the Agreement terminated and will close your Account and delete all the Customer Data thereunder. You are obliged to pay applicable service fees (e.g. for storage and IP addresses) even during the suspension until the Agreement is terminated.

12. Free Trials

12.1. We may from time to time offer trials of the Service for a specified period without payment obligation by offering you free-of-charge Credits or by way of a money-back guarantee (“Free Trial”). The features of the Service may be limited during the Free Trial. We reserve the right, in our sole discretion, to determine the Customer’s eligibility for a Free Trial, and, subject to applicable laws, to withdraw or modify a Free Trial at any time without prior notice and with no liability, to the greatest extent permitted under the law.

12.2. We may require you to provide payment details to start the Free Trial. After the expiry of the Free Trial, we have the right to start charging for the Service the applicable service fees in accordance with Section 11 above and according to the currently valid public price list.

12.3. If you do not wish to continue using the Service subject to the applicable service fees, you must terminate the subscription to the Service through your Account’s subscription page before the expiry of the Free Trial.

13. Suspensions

You must at all times comply with these Terms and your local laws and regulations when using the Service. If we have reasonable grounds to believe that you or any of the Users have violated any provision of these Terms, we have the right to temporarily suspend your use of or deny your access to the Service. If we determine the violation to be material or if the violations are recurring, we have the right to terminate the Agreement with immediate effect. You are obliged to provide us reasonable assistance with regard to possible investigations on suspected breaches of the Agreement. UpCloud shall have no liability to the Customer or any third party for any suspension or termination pursuant to this Section 13.

14. Use Restrictions

14.1. You are not permitted and not entitled to permit the Users or any other parties to use the Service for any illegal, harmful, fraudulent, infringing or offensive purposes or to transmit, distribute, store or display any information or content that is illegal, harmful, fraudulent, infringing or offensive, as determined by UpCloud in its sole discretion. The list below contains examples of prohibited actions and content (the list is not exhaustive):

(i) copy, redistribute, reproduce, record, transfer, perform or display to the public, broadcast, or make available to the public any part of the Service, or otherwise make any use of the Service which is not expressly permitted under the Agreement or applicable law or which infringes the intellectual property rights (such as copyright) in the Service or any part of it or any other intellectual property rights of third parties;

(ii) use the Service in any manner that could damage, disable, overburden or impair the Service;

(iii) use any data mining, robots, scraping, or similar data gathering or extraction methods;

(iv) create an Account on behalf of someone else without their authorisation;

(v) use, sell, rent, transfer, license or otherwise provide anybody with the Service, except as provided herein;

(vi) interfere with other Customers’ use and enjoyment of the Service;

(vii) circumvent or try to circumvent any usage control, anti-copy functionalities, geographical restrictions or other similar limitations of the Service;

(viii) reverse engineer or decompile the Service or access the source code thereof, except as permitted by law;

(ix) use the Service for transmitting any unauthorised advertising, promotional materials, junk mail, spam, chain letters, contests, pyramid schemes, or any other form of solicitation or mass messaging;

(x) use the Service in violation of the laws applicable to you;

(xi) use the Service in ways that violate intellectual property rights, business secrets or privacy of third parties;

(xii) use the Service to transmit any material that contains adware, malware, spyware, software viruses, worms or any other computer code designed to interrupt, destroy, or limit the functionality of computer software or equipment.

14.2. If you wish to use the Service for sending bulk e-mail or other mass communications, you must seek UpCloud’s prior approval for such activities. UpCloud has the right to approve or reject your request at its sole discretion.

15. Indemnifications

15.1. UpCloud will at its own expense defend the Customer against any claim brought against the Customer alleging that the Service infringes the intellectual property rights of a third party, and will pay any damages finally settled or awarded by a competent court of law in a trial to the third party with respect to such claim, provided that the Customer:

(i) immediately notifies UpCloud in writing about the claim, and in any case no later than within 30 (thirty) days after receiving the claim;

(ii) gives UpCloud the sole control of the defence and all related settlement negotiations in relation to the claim; and

(iii) provides UpCloud with reasonable assistance and all information necessary in the defence of the claim, as well as necessary authorisations by the Customer to allow UpCloud to defend or settle the claim on behalf of the Customer.

15.2. At any time, if UpCloud reasonably deems that any part of the Service infringes the intellectual property rights of a third party, UpCloud has the right, at its own expense and sole discretion, to:

(i) modify the Service or any part of it to eliminate the infringement in such a manner that the modified Service complies with the Agreement; or

(ii) procure to the Customer the needed licence to allow for continued use of the Service.

If neither of the aforementioned alternatives are reasonably possible, UpCloud has the right to terminate the Agreement and UpCloud will refund the service fees paid for the Service by the Customer less the proportion of the service fees corresponding to the time the Customer has been able to use the Service in accordance with the Agreement.

15.3. UpCloud shall not, however, be liable for any infringement of third-party intellectual property rights or claim thereof if the claim:

(i) is made by an Affiliate of the Customer;

(ii) results from a modification of or an addition to the Service done by the Customer, a User, or any third-party at the Customer’s request;

(iii) results  from the use of the Service in combination with any product or service not provided or approved by UpCloud;

(iv) could have been avoided by using the latest available version of the Service provided by UpCloud; or

(v) is not related to the Service, or is related to a part of the Service for which UpCloud is not responsible for pursuant to the Agreement.

15.4. If the third-party claimant is adjudged liable or agrees in a settlement to pay a compensation to the Customer, then the Customer shall remit such compensation to UpCloud immediately after receiving it from the third-party claimant.

15.5. The Clauses 15.1–15.4 above contain UpCloud’s entire liability and the Customer’s sole and exclusive remedy in case the Service infringes on third-party intellectual property rights.

15.6. The Customer shall, at its own expense, defend UpCloud against any third-party claims brought against UpCloud as a result of any breach of the Agreement by the Customer and/or User, and indemnify UpCloud against: (i) any damages awarded by a court of law to the third-party claimant; (ii) any liabilities imposed on UpCloud as a result of the claim; (iii) any settlement costs and fees approved by the Customer and paid by UpCloud to the third-party claimant; and (iv) any costs and expenses (including reasonable attorneys’ fees) suffered or incurred by UpCloud as a result of the claim.

16. Customer Data

16.1. As between UpCloud and the Customer, the Customer retains all title and intellectual property rights in and to the Customer Data. You grant UpCloud the right to host, use, process, display and transmit Customer Data to provide the Service in accordance with the Agreement. You have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of Customer Data, and for obtaining necessary rights and consents related to Customer Data to allow UpCloud to perform the Service. If you do not have necessary rights or consents related to the Customer Data, you are not allowed to upload or store such Customer Data in the Service. Upon termination of the Agreement or your Account, UpCloud will deactivate the Account and, within reasonable time, delete all Customer Data thereunder.

16.2. If the Customer Data contains personal data, the provisions of the DPA shall govern the processing of that personal data by UpCloud.  With the exception of obligations relating to the personal data set forth in the DPA, we do not assume any liability with respect to the Customer Data, nor do we endorse any opinion contained in the Customer Data.

16.3. You must ensure that the Customer Data does not infringe any third-party intellectual property rights or violate any applicable laws or regulations. You shall not upload any illegal, infringing, offensive, threatening, libellous, defamatory, or otherwise inappropriate data or content to the Service.

16.4. You are responsible for making necessary and appropriate backup copies of the Customer Data stored in the Service. Such backup copies must be stored outside the Service.

17. Confidentiality

17.1. The Parties may exchange Confidential Information during the performance of the Agreement. “Confidential Information” means any non-public information which is marked as confidential or which should be understood as confidential, irrespective of its form of storage or disclosure, including in particular Customer Data. Any information of or relating to a Party or that Party’s Affiliates, personnel, suppliers, contractors, customers or end-users, which information is obtained or detected by the other Party or processed or generated in the course of providing or receiving the Service shall be deemed Confidential Information of that Party.

17.2. All Confidential Information shall remain the property of the disclosing Party, and the receiving Party shall keep it confidential and refrain from using it otherwise than for the purposes of the Agreement. The Parties shall limit access to the Confidential Information within their organisations to only those Affiliates, employees, directors, officers, agents, and advisors (including attorneys, accountants, and consultants) (collectively, “Associates”) who need to access the Confidential Information for the purposes of the Agreement. The receiving Party shall ensure that its Associates are bound by confidentiality obligations at least as protective as those set forth herein before disclosing any Confidential Information.

17.3. The confidentiality obligations herein shall not apply to Confidential Information which:

(i) is or becomes known publicly through no wrongful act or omission of the receiving Party;

(ii) was known to the receiving Party prior to the disclosure hereunder, and has not been obtained directly or indirectly from the disclosing Party;

(iii) is lawfully disclosed to the receiving Party in good faith by a third party having rights therein without restriction on disclosure;

(iv) has been approved for release by the disclosing Party; or

(v) has been independently developed by the receiving Party without the use of and prior to receiving the Confidential Information from the disclosing Party.

17.4. Notwithstanding the above, the receiving Party may disclose Confidential Information to third parties where compelled to do so by law or an order of Governmental Authority. Unless prohibited by law or an order of Governmental Authority, the receiving Party shall take reasonable steps to notify the disclosing Party of such disclosure request or order.

17.5. Each Party shall promptly upon termination of the Agreement cease using Confidential Information of the other Party and use reasonable means to destroy such Confidential Information. Each Party shall, however, be entitled to retain the copies of Confidential Information which: (i) the Party is required to retain by applicable laws; and (ii) are generated pursuant to the receiving Party’s electronic backup system if destroying such copies would be unreasonable taking into account the costs and effort required to do so.

18. Intellectual Property Rights

All title and intellectual property rights pertaining to and in the Service (including all modifications, extensions, customisations, scripts or other derivative works of the Service provided or developed by UpCloud) are exclusive property of UpCloud or its licensors. Any rights in the Service or UpCloud’s intellectual property not expressly granted herein by UpCloud are reserved by UpCloud. The Customer grants UpCloud a royalty free, worldwide, perpetual, irrevocable, transferable right to use, modify, distribute and incorporate into the Service (without attribution of any kind) any suggestions, enhancement request, recommendations, proposals, correction or other feedback or information provided by the Customer or any User relating to the operation or functionality of the Service.

19. Limited Liability

19.1. Neither Party shall be liable for any indirect or consequential damages, such as loss of profit, loss of sales or business, loss of anticipated savings, loss of use or corruption of software, data or information, or loss of goodwill.

19.2. UpCloud’s maximum liability under or in connection with the Agreement shall be limited to an amount equal to the aggregate service fees paid by the Customer to UpCloud during the last six (6) months immediately preceding the occurrence of the event giving rise to the liability (“Liability Cap”). Notwithstanding the above, UpCloud’s maximum liability for damage caused by a breach of the DPA shall be limited to two (2) times the Liability Cap.

19.3. The above limitations of liability shall not apply to damage caused intentionally or by gross negligence, or to liability which, under the applicable law, cannot be excluded.

19.4. In order to be valid and enforceable, the Customer must present any claims for damages within six (6) months after the occurrence of the event giving rise to the claim.

20. Force Majeure

20.1. Force Majeure is an event that prevents, or makes unduly difficult, the performance of the Service or the fulfilment of the provisions of the Agreement, such as war, rebellion, natural catastrophe, general interruption in energy distribution or telecommunications, fire, strike, embargoes or sanctions, or another equally significant and unforeseen event independent of a Party. Each Party shall be entitled to suspend its duties without liability thereof in case of Force Majeure affecting the Party either directly or indirectly through its subcontractor.

20.2. If a Party is prevented from fulfilling its duties due to Force Majeure for more than 60 (sixty) days, the other Party has the right to terminate the Agreement with immediate effect.

21. Export Control and Sanctions

21.1. The Service may be subject to export control and sanctions laws and regulations of the European Union (EU), United States (US) and any other relevant jurisdictions (“Sanctions Regulations”), and the Parties agree to comply with such Sanctions Regulations.

21.2. You represent and warrant that you (or any of your owners, directors or officers) or the Users are not designated under or targeted by any Sanctions Regulations, and that you are not acting on behalf of any such individual or person.

21.3. You are not allowed to use, distribute, transfer or transmit the Service or related technical information (even if incorporated into other services or products) in violation of the Sanction Regulations, and in particular you will not permit any User to access or use the Service in a country or region subject to Sanction Regulations (such as Cuba, Iran, North Korea, Syria or the Crimea Region).

22. References

22.1. Subject to the Customer’s prior written approval, the Customer grants UpCloud a right to use the Customer’s business name and logo as a public reference on UpCloud’s website and in sales and marketing materials.

22.2. UpCloud may ask the Customer to participate in a case study about the Customer’s use of the Service. UpCloud is not allowed to publish the case study without the Customer’s prior approval. Provided that the Customer approves the case study, UpCloud shall have a royalty-free, perpetual, worldwide right and licence to reproduce, publish, distribute, and translate the case study, whether in written or recorded form. The case study may be used on UpCloud’s website, UpCloud’s social media channels (such as YouTube, and LinkedIn), and other sales and marketing presentations and materials.

23. Termination for Convenience

Unless the Parties agree on a separate fixed-term committed contract referencing these Terms, you have the right to terminate the Agreement for any reason by issuing at least five (5) days written notice to us, and we have the right to terminate the Agreement for any reason by issuing at least 30 (thirty) days written notice to you.

24. Termination for Cause

Either Party may terminate the Agreement with immediate effect if the other Party:-

(i) has materially breached the Agreement and has not remedied the breach within 10 (ten) business days from the receipt of a written notice thereof from the other Party; or

(ii) files for bankruptcy or debt rescheduling program, is put into liquidation, or is made subject to any other similar procedures, ceases its payments, or fails to pay its invoices when due.

25. Entire Agreement and Amendments

25.1. The Agreement (including all webpages and documents referred to or linked herein) constitutes the entire agreement and supersedes all previous commitments between the Parties in respect of the provision of the Service.

25.2. All amendments to the Agreement must be made in writing. We have the right to modify these Terms by posting a revised version of the Terms on UpCloud’s website. If we consider the revision to be material, we will notify you in writing at least 30 (thirty) days before the revision will be effected and reserve you a possibility to terminate the Agreement. If you continue using the Service, you will be deemed to have accepted the revised Terms.

26. Non-Waiver

A failure by either Party to enforce any provision of the Agreement will not be deemed to constitute a present or future waiver of such provision. All waivers must be made in writing.

27. Assignment and Third-Party Beneficiaries

27.1. Neither Party may transfer the Agreement without the other Party’s prior written consent (which may not be unreasonably withheld). However, such consent shall not be required if: (i) UpCloud transfers the Agreement, in whole or in part, to any of UpCloud’s Affiliates; (ii) UpCloud (or its future assignee) transfers the right to receive payments and related rights due by the Customer under the Agreement; or (iii) UpCloud transfers the Agreement to a third party in connection with the purchase of all or substantially all of UpCloud’s business or assets or any deemed transfer by UpCloud by reason of merger, consolidation, change-in-control or corporate reorganisation. UpCloud has the right to use its Affiliates and other qualified subcontractors to provide the Service to the Customer, provided that UpCloud remains responsible to the Customer for the performance of the subcontractors.

27.2. The Customer’s obligations towards UpCloud and the provisions regarding UpCloud’s limitations of liability are in place also for the benefit of UpCloud’s Affiliates, subcontractors, personnel and owners. Otherwise the Agreement does not create any third-party beneficiary rights in any third party.

28. Severability

If any provision of the Agreement is ruled unenforceable by a court of competent jurisdiction, the remaining provisions of the Agreement will remain in full force and effect to the fullest extent permitted by law. The Parties shall attempt through negotiation in good faith to replace the unenforceable provision with such provisions that correspond as closely as possible to the original intention of the Parties.

29. Governing Law and Arbitration

29.1. The Agreement will be governed by the substantive laws of Finland, with the exception of any conflict of law principles. Any dispute, controversy or claim arising out of or relating to the Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The seat of arbitration shall be Helsinki, Finland, and the language of the arbitration shall be English.

29.2. Notwithstanding the above, UpCloud may file any debt collection action against the Customer for any outstanding amounts payable by the Customer under the Agreement in any court of competent jurisdiction in the Customer’s domicile.

Data Processing Agreement

1. Scope

1.1. This Data Processing Agreement (“DPA”) is an integral part of the Agreement between UpCloud and the Customer.

1.2. If the Customer Data contains personal data, the provisions of this DPA shall govern the processing of that personal data by UpCloud.

2. Definitions

Unless otherwise defined, the capitalised terms defined in the Terms of Service shall have the same meaning when used herein. In this DPA the following terms shall have the meanings set out below:

End-Customer” means an end-customer of the Customer, who has engaged the Customer to process personal data regarding which the End-Customer is data controller, in which case the Customer acts a data processor towards the End-Customer and UpCloud acts as a subprocessor of the Customer:

Data Breach” means a breach of security attributable to the acts or omissions of UpCloud leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Relevant Personal Data;

Data Protection Laws” means the data protection and privacy laws and regulations applicable to the processing of Relevant Personal Data under this DPA, including EU Regulation 2016/679 of the European Parliament and of the Council (“GDPR”);

personal data”, “processing”, “data controller”, “data processor”, and “data subject” have the same meaning as in the Data Protection Laws;

Relevant Personal Data” means the personal data controlled by the Customer, or, as the case may be, an End-Customer, and processed by UpCloud on behalf of the Customer pursuant to the Agreement;

Supervisory Authority” means (i) an independent public authority which is established by an EU/EEA member state pursuant to Article 51 of GDPR; and (ii) any similar regulatory authority responsible for the enforcement of Data Protection Laws.

3. Processing of Personal Data

3.1. Details of Processing:

a) Subject matter: Processing of Relevant Personal Data in order to provide the Service pursuant to the Agreement.

b) Duration: For as long as the Customer uses the Service in a manner that entails the processing of Relevant Personal Data by UpCloud.

c) Purpose: The provision of the Service ordered by the Customer.

d) Nature of the processing: Compute, storage and/or other Service described in the Agreement that the Customer may order under the Agreement.

e) Type of personal data: The Customer controls which types of personal data the Customer enters into the Service.

f) Categories of data subjects: The categories of data subjects may include the Customer’s, or, if applicable, End-Customers’ employees, job applicants, directors, agents, contractors, suppliers, customers, clients, and/or end-users.

3.2. UpCloud processes certain personal data also as data controller. Such personal data may include, inter alia, data of the Customer’s contact persons, users of the Services, credit card information, and other personal data of the Customer’s personnel which UpCloud processes in order to provide the Services, collect payments, and maintain and develop the customer relationship. Processing of this type of personal data is outside the scope of this DPA. For more information on how UpCloud processes personal data as data controller, please see UpCloud’s Privacy Policy available on UpCloud’s website at https://upcloud.com/.

4. General Obligations of the Customer

4.1. The Customer shall comply with the Data Protection Laws and warrants that the Customer is, and for the duration of this DPA remains, in compliance with all responsibilities set for data controllers or data processors (as applicable) under Data Protection Laws towards data subjects, UpCloud, and, where applicable, the End-Customers.

4.2. If the Customer acts as data controller of the Relevant Personal Data, the Customer shall be responsible for the lawful collection, processing and use, and for the accuracy of the Relevant Personal Data, as well as for preserving the rights of the data subjects concerned, and the Customer shall be responsible for informing the data subjects about the processing of their personal data by UpCloud, and shall obtain the needed consents from the data subject, if necessary.

4.3. The Customer shall ensure that the Customer is entitled to process the Relevant Personal Data and to disclose, transfer or otherwise make it available to UpCloud for lawful processing hereunder. The Customer acknowledges that due to the nature of the Service, UpCloud cannot control and has no obligation to verify what types of personal data the Customer transfers to UpCloud for processing in connection with the Service.

5. General Obligations of UpCloud

5.1. UpCloud shall process the Relevant Personal Data in accordance with (i) the Data Protection Laws, (ii) this DPA, (iii) the Agreement, and (iv) the Customer’s documented processing instructions set out in this DPA or given otherwise, provided that any processing instructions issued by the Customer outside this DPA solely pertain to: (a) changes in the Data Protection Laws and/or guidance of the Supervisory Authority, European Data Protection Board or other similar competent authority, or (b) decision or court order issued by a competent court. Without prejudice to the above, further processing instructions may also be issued otherwise as mutually agreed in writing by the Parties.

5.2. Without prejudice to Article 28(3) of GDPR, UpCloud shall not be obliged to verify whether any processing instructions issued by the Customer are compliant with the Data Protection Laws, as the Customer is responsible for such compliance verification of its processing instructions. Nonetheless, if UpCloud detects that any processing instructions issued by the Customer are non-compliant with the Data Protection Laws, UpCloud shall inform the Customer thereof.

5.3. UpCloud shall not use the Relevant Personal Data for any other purposes other than that of providing the Service, and shall not process, transfer, modify, amend, assert liens or other right over or alter the Relevant Personal Data. UpCloud shall not disclose or permit the disclosure of the Relevant Personal Data to any third party without the Customer’s prior written approval, unless such disclosure is required by applicable laws or an order of Governmental Authority, in which case UpCloud shall, to the extent legally permitted, inform the Customer of the disclosure.

6. UpCloud’s Assistance Obligations

6.1. UpCloud agrees to reasonably and insofar as practically possible assist the Customer in the fulfilment of the Customer’s, and where applicable, End-Customer’s, obligations (as a data controller in each case) under the Data Protection Laws to respond to requests for exercising data subject rights established under the Data Protection Laws by implementing appropriate technical and organisational measures to facilitate the fulfilment of such obligations and by providing the Customer with necessary information relating to UpCloud’s processing of the Relevant Personal Data. However, the Customer shall primarily use the corresponding control  functions of the Service in responding to such requests, such as the Control Panel.

6.2. UpCloud shall further provide the Customer with commercially reasonable assistance in enabling compliance with the Customer’s, and where applicable, End-Customer’s (as a data controller in each case), obligations to perform data protection impact assessments, breach notifications and prior consultations of the competent Supervisory Authority, as set out in the applicable Data Protection Laws, taking into account the nature of the processing and the information available to UpCloud.

6.3. If the Customer requires assistance from UpCloud, UpCloud shall be entitled to a reasonable remuneration for providing the assistance. The amount of remuneration will be agreed upon between the Parties in advance.

7. UpCloud’s Personnel

7.1. UpCloud shall ensure that its personnel (including its subprocessors’ personnel) who process the Relevant Personal Data:

(i) process the Relevant Personal Data in accordance with the Customer’s written instructions and only for the purposes allowed under this DPA;

(ii) are informed of the confidential nature of the Relevant Personal Data and are aware of UpCloud’s obligations under this DPA;

(iii) are under confidentiality undertakings or an appropriate statutory obligation of confidentiality; and

(iv) have undertaken appropriate training in relation to the processing of the Relevant Personal Data.

8. Security Measures

8.1. UpCloud and the Customer shall implement and maintain appropriate technical and organisational security measures to protect the Relevant Personal Data within their areas of responsibility, in order to safeguard the Relevant Personal Data against unauthorised or unlawful processing or access and against accidental loss, destruction or damage. Such measures include where necessary and appropriate, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons the following measures:

(i) access right controls to systems containing the Relevant Personal Data;

(ii) the pseudonymisation and encryption of the Relevant Personal Data;

(iii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(iv) the ability to restore the availability and access to the Relevant Personal Data in a timely manner in the event of a physical or technical incident; and

(v) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

9. Subprocessors

9.1. UpCloud is entitled to use subprocessors in the provision of the Service. The subprocessors approved by the Customer are listed in Appendix 1 hereto. The subprocessors actually used by UpCloud depend on the Services ordered by the Customer, as described in Appendix 1.

9.2. UpCloud ensures that the engaged subprocessors are properly qualified, are under a data processing agreement with UpCloud, and comply with data processing obligations similar to the ones which apply to UpCloud under this DPA. UpCloud shall be liable towards the Customer for the processing of Relevant Personal Data carried out by UpCloud’s subprocessors.

9.3. UpCloud is entitled to change its subprocessors. UpCloud shall inform the Customer regarding changes (additions or replacements) in the subprocessors by providing at least 30 (thirty) days’ advance notice, giving the Customer the opportunity to object to such change. The Customer may object to the change by providing a written notice thereof to UpCloud within thirty (30) days after being informed of the change. In such case, the Parties shall strive to find an alternative solution. If such a solution is not found, the Customer may terminate the Agreement without any liability to UpCloud.

10. Transfers of Personal Data

10.1. The Customer may choose in which UpCloud data centre(s) the Relevant Personal Data will be processed. Some of the data centres are located outside the European Economic Area (“EEA”). UpCloud shall not move the Relevant Personal Data from the selected data centre unless explicitly instructed to do so by the Customer.

10.2. The Customer authorises UpCloud to transfer the Relevant Personal Data outside the EEA to its subprocessors, if and only to the extent such transfers are necessary for the provision of the Service ordered by the Customer. If the Relevant Personal Data needs to be transferred outside the EEA in a country that is not recognised by the European Commission as providing adequate level of protection for personal data, then the Customer accepts that UpCloud performs the international transfer of the Relevant Personal Data in accordance with the Standard Contractual Clauses adopted by the European Commission (processor-to-processor module) entered into by UpCloud (as data exporter) and the relevant subprocessor (as data importer).

11. Audits

11.1. Upon written request of the Customer, UpCloud agrees to make available to the Customer and, where relevant, to the End-Customer, the information necessary to demonstrate compliance with this DPA, and allow for and contribute to audits by the Customer or an established third-party auditor approved by UpCloud (such approval not to be unreasonably withheld) and agreed by both Parties (“Mandated Auditor”), of UpCloud’s systems and premises where the processing of Relevant Personal Data takes place, in order to assess UpCloud’s compliance with this DPA. UpCloud shall permit the Customer, or, where relevant, a Mandated Auditor to inspect and audit UpCloud’s relevant records solely pertaining to the Relevant Personal Data, and to inspect and audit processes and systems related to the processing of the Relevant Personal Data. UpCloud agrees to co-operate in respect of such audits. All audits by the Customer, or, where relevant, by Mandated Auditor are subject to a thirty (30) days’ prior written notice.

11.2. Where an audit may lead to the disclosure of business or trade secrets of UpCloud (or its Affiliates or other customers) or otherwise pose a threat to intellectual property rights of UpCloud, the Customer shall employ a Mandated Auditor to carry out such audit. Whenever a Mandated Auditor is used, the Customer shall procure such Mandated Auditor’s acceptance to be bound to confidentiality to UpCloud’s benefit by way of such confidentiality undertaking as accepted by UpCloud.

11.3. Unless otherwise agreed between the Parties, the Customer is allowed to conduct one (1) audit in every twelve (12) months. Any audit must be conducted during the normal business hours of UpCloud and in a way that does not cause substantial disturbance to UpCloud’s business operations. The Customer shall bear all costs and expenses relating to the audits conducted hereunder and pay a reasonable compensation to UpCloud for the work required to assist in the audits.

12. Data Breaches

12.1. UpCloud shall notify the Customer without undue delay after becoming aware of any Data Breach, providing the Customer with sufficient information which allows the Customer to meet its obligations to report a Data Breach under the Data Protection Laws. Such notification shall at a minimum:

(i) describe of the nature of the Data Breach, including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Relevant Personal Data records concerned;

(ii) communicate the name and contact details of UpCloud’s contact point where more information can be obtained; and

(iii) description of the measures taken by UpCloud to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

12.2. UpCloud shall cooperate with the Customer and, where relevant, the End-Customer, and take commercially reasonable steps to assist in the investigation, mitigation and remediation of the Data Breach.

13. Deletion and Return of Personal Data

13.1. Within a reasonable time after the termination or expiry of the Agreement, or after the Customer has permanently ceased to use the Services, UpCloud shall delete and procure deletion of all copies of the Relevant Personal Data processed by UpCloud or any subprocessor, except to the extent that UpCloud is obliged to retain copies of the Relevant Personal Data pursuant to applicable laws or orders of Governmental Authority.

13.2. Notwithstanding the Clause 13.1 above, the obligation to delete Relevant Personal Data shall not apply to copies of the Relevant Personal Data contained in UpCloud’s regular backup copies of comprehensive datasets from which the individual deletion of the Relevant Personal Data would not be possible without significant efforts or costs, provided that such backup copies are appropriately secured in accordance with this DPA and the Data Protection Laws and not used for any other purposes.

14. Liability

14.1. Each Party’s liability for: (i) damages incurred by a data subject and (ii) administrative fines imposed by a Supervisory Authority, in connection with the processing of the Relevant Personal Data under this DPA shall be defined in accordance with Articles 82 and 83, respectively, of the GDPR, or another corresponding and applicable provision of compulsory Data Protection Laws.

14.2. Otherwise the Parties’ liability for a breach of the DPA shall be subject to Section 19 of the main body of the Terms of Service.

15. Term

15.1. This DPA remains in force until UpCloud ceases to process the Relevant Personal Data pursuant to the Agreement, whereafter this DPA shall automatically expire.

APPENDIX 1 – UpCloud Subprocessors

UpCloud may utilise its Affiliates (some of which are located outside the EEA) in the provision of the Service, as may be necessary for the provision of the Services ordered by the Customer.

UpCloud’s Operations Team members may need to work with or handle resources containing Customer Data when maintaining UpCloud’s data centre infrastructure or resolving issues reported by the Customer (e.g. moving storages from one physical host machine to another physical host machine in the same data centre). As the Article 4 of the GDPR provides a very extensive definition for ‘processing‘, such actions can be deemed as processing under the GDPR. Therefore UpCloud considers its Affiliates as subprocessors. However, UpCloud personnel will never take actions to access the Customer Data, unless specifically requested by and agreed with the Customer.

The following tables describes in which cases UpCloud Affiliates will be utilised in the provision of the Services:

UpCloud data centres within the European Union (FI-HEL1, FI-HEL2, SE-STO1, NL-AMS1, DE-FRA1, PL-WAW1, ES-MAD1) are operated directly by UpCloud Oy, and no subprocessors will be utilised in connection with these data centres.
UpCloud Subprocessors
COMPANY NAMEDOMICILESERVICES
UpCloud Asia Pte. Ltd
(100% owned by UpCloud Oy)
Singapore
  • Carries out support and maintenance operations for data centres outside the European Union.
  • Will be used in the provision of the Cloud Infrastructure Services, if the Customer chooses to deploy server(s) in SG-SIN1 (Singapore) data centre.
UpCloud UK Ltd
(100% owned by UpCloud Oy)
United Kingdom
  • Carries out support and maintenance operations for data centres outside the European Union.
  • Will be used in the provision of the Cloud Infrastructure Services, if the Customer chooses to deploy server(s) in UK-LON1 (United Kingdom) data centre.
UpCloud USA Inc.
(100% owned by UpCloud Oy)
United States
  • Carries out support and maintenance operations for data centres outside the European Union.
  • Will be used in the provision of the Cloud Infrastructure Services, if the Customer chooses to deploy server(s) in US-NYC1, US-CHI1 or US-SJO1 (United States) data centres.
UpCloud Asia Pacific Pty Ltd
(100% owned by UpCloud Oy)
Australia
  • Will be used in the provision of the Cloud Infrastructure Services, if the Customer chooses to deploy server(s) in AU-SYD1 (Australia) data centre.

Service Level Agreement

1. Scope. This service level agreement (“SLA”) is an integral part of the Agreement between UpCloud and the Customer. This SLA does not apply to: (i) Free Trials; (ii) UpCloud website; (iii) APIs of the Service; and (iv) the Control Panel.

2. Service Guarantee. Subject to the exemptions set out in Sections 1 and 8 of this SLA, we will guarantee you the availability of the Services. For all unscheduled interruptions in the provision of the Service that last longer than five (5) minutes, you will be entitled to an SLA-compensation in accordance with this SLA. The availability guarantee is applied on a per Service-item basis and is not applicable to such Service-items that are not directly affected by the interruption. For example, if you have five virtual servers and one of them is unavailable, the SLA-compensation will be calculated based on that one server’s downtime and not based on your entire Service portfolio.

3. Scheduled Interruptions. We will notify you by e-mail or by publishing a notice on UpCloud’s website about scheduled interruptions in the provision of the Service at least 24 hours prior to the interruption, with the exception of important security updates and patches which we may deploy without prior notice.

4. Error Notifications. If you detect an interruption in the Service, you have to notify us by sending an e-mail to [email protected]. The interruption in the Service is deemed to begin when the failure starts to affect your use of the Service, and to end when the failure has been corrected. We will maintain a system status page at https://status.upcloud.com/ where we will post information about identified interruptions and their resolution status.

5. Payment of Compensation. If you are eligible for an SLA-compensation under this SLA, you must claim the SLA-compensation within 15 (fifteen) days after the failure has been corrected by contacting our Support Team at [email protected] and requesting the SLA-compensation. The SLA-compensation will be deposited to your Account in the form of Credits and it may not be exchanged for cash or other forms of payment.

6. Amount of SLA-compensation. The amount of the SLA-compensation will be 50 (fifty) times UpCloud’s service fees charged for the interrupted Service-item allocated for the period of time when the use of that Service-item was interrupted. The maximum SLA-compensation for an individual interruption shall be limited to an amount equal to the service fees charged by UpCloud for the interrupted Service-item during 30 (thirty) calendar days immediately preceding the interruption. The total sum of aggregated SLA-compensations during any 12-month period shall be limited to an amount equal to the average monthly service fee charged by UpCloud for the interrupted Service during that 12-month period multiplied by 2,5.

7. Sole Remedy. The SLA-compensation set out above will be your sole remedy for any interruptions in the Service. In case of a disagreement over the amount of the SLA-compensation payable to the Customer, UpCloud’s decision on the issue will be binding on the Parties until and unless a competent court rules otherwise.

8. Exemptions from Service Guarantee. The following situations will be exempt from UpCloud’s service guarantee and thus not subject to SLA-compensation:

  1. Scheduled interruptions and deployment of important security updates and patches.
  2. Force Majeure events.
  3. Failures caused by errors in Third-Party Products utilised by the Customer within the Service.
  4. Failures in products or services which are not part of the Service or provided by UpCloud.
  5. Failures caused by the Customer’s actions contrary to user instructions or resulting from the Customer’s operating systems or application software used within the Service.
  6. Interruptions in the Service relating to the Customer’s violation of or failure to comply with these Terms or a User’s violations of the Acceptable Use Policy.
  7. Failures caused by hostile actions of third parties, such as denial-of-service attacks.
  8. Interruptions relating to actions UpCloud is obliged to take pursuant to applicable laws or Governmental Authority’s orders.
  9. Interruptions resulting from the Customer not having sufficient balance of Credits on the Account for the use of the Service at the time of the interruption.

Acceptable Use Policy

1. Scope. This acceptable use policy (“AUP”) is an integral part of the Agreement between UpCloud and the Customer. The Customer must ensure that all Users comply with this AUP.

2. User Instructions. The Customer and the Users must follow all user instructions concerning the use of the Service made available to them by UpCloud.

3. Customer’s Legal Compliance. You must comply with all laws and regulations applicable to you and your use of the Service. Moreover, you undertake to fulfil your contractual obligations towards third parties to the extent such obligations relate to your use of the Service (for example, you have to comply with the licence terms of any third-party software you use within the Service).

4. Illegal, Harmful, Offensive or Disruptive Use of Services. You are not allowed to use the Service for any illegal, harmful, offensive or disruptive purposes (which will be deemed by UpCloud in its sole discretion). If you are uncertain whether or not your intended use of the Service could be deemed illegal, offensive or disruptive, you can contact UpCloud in advance and request permission for your intended use.

Below are examples of actions and content which UpCloud considers to be illegal, harmful, offensive or disruptive (the list is not exhaustive):

A. Illegal, Harmful or Fraudulent Activities

    • Use of Service to engage in, promote or encourage any illegal or fraudulent conduct or activities.
    • Sale or promotion of illegal material, substances or products.
    • Unauthorised access to, or attempting to access, systems, networks or data.
    • Use of a third-party’s user account or computing power without the owner’s authorisation.
    • Collection of user information such as email addresses without the consent of the person identified (phishing).
    • Monitoring of network traffic or data without authorisation.
    • Content or technology that may damage, interfere with, intercept, or expropriate any system, program or data, including viruses, trojan horses, ransomware, spyware, malware, etc.

B. Infringing Content or Use

    • Use of Service in a manner that violates, infringes or misappropriates trade secrets, copyrights, trademarks, patents, or any other intellectual property rights, or contributes to the said violations, including storage or transfer of, or linking to, such infringing content or sale or promotion of such infringing products or materials.

C. Offensive Content

    • Storage or transfer of, or linking to, content that is harassing or excessively violent, threatening with violence, or inciting to hate, discrimination or violence.
    • Storage or transfer of, or linking to child pornography or content containing non-consensual sexual acts.

D. Disruptive Use of Services

    • You may use, investigate, and modify the operating environment of the Service only within the limits allowed by the user instructions.
    • You may not use the Service in any way that causes security risks to the Service or interferes with the operation of the Service, including
      • intentional or careless use of the Service in excess of a typically expected server load, such as continuously high CPU or I/O use rate,
      • intentional or careless configuration of servers that enables unauthorised third-party access or otherwise lacks adequate security requirements,
      • measures aimed to circumvent, or interfere with the limitations or restrictions in the Service, or monitoring, controlling or charging of the Service by UpCloud.
    • You are not permitted to mine any cryptocurrencies without obtaining prior written approval from UpCloud.

E. Mass Emailing or Spamming

    • Sending, distributing, publishing or facilitating the sending of unsolicited mass email or other messages.
    • If you wish to use the Service for sending of bulk e-mail or other mass communications, you may do so only after receiving UpCloud’s written approval for the planned activity.

5. Enforcement. We reserve the right to investigate any violations of this AUP and to take legal action to enforce our rights. We may report any suspected criminal activity to the law enforcement officials. If you, a User, or anyone else – with or without your authorisation – uses the Service in violation of this AUP, we have the right to suspend or terminate your Account in accordance with Section 13 of the main body of Terms of Service.

Back to top