End User License Agreement for the use of Penneo digital signature platform
Between the Parties
Penneo A/S
Company reg. no.: 35633766
Enghavevej 40, 4th floor
DK-1674 København V
(Hereinafter referred as «Penneo»)
End User
(Penneo and the End User hereinafter individually referred to as “Party” and collectively as the “Parties”)
1. Background, definitions, application, and scope
1.1. The Penneo Digital Signature Platform (the “Platform”) is LICENSED, NOT SOLD, only in accordance with the terms of this Agreement. The license is a non-exclusive, non-transferable right for the End User to sign documents using the Platform, and afterward log into the Penneo archive to view documents signed by the End User if an archive is created for the End User at the time of signing, depending on the identification methods used.
1.2. The purpose of the Agreement is to lay down the conditions for the End User’s use of the Platform.
2. The platform
2.1. The Platform enables the End User to sign documents through the Signing service and get access to the signed document.
2.2. Depending on the identification method used for the signing of the documents, the End User may be provided with an Archive in the Platform to store the signed documents.
3. Processing of personal data and documents
3.1. In order for the Platform to function in accordance with clause 2 of the Agreement the following personal data of the End User will be processed each time the End User signs a document:
- Name,
- IP-address,
- E-mail address,
- Electronic ID information, and
- Social security number or phone number, if this is requested for access control by the Penneo Customer.
3.2. The documents signed by the End User may contain other personal data of the End User. This depends on the nature of the relationship between the End User and the Penneo Customer requesting the End User’s signature. In relation to the signing of documents, the Penneo Customer is the agreement counterpart of the End User and Penneo is merely a facilitator of the signature process and therefore has no access to the content of the documents being signed.
3.3. Penneo collects and stores the personal data specified in clause 3.1.
- in order to pursue the legitimate interest, cf. GDPR art. 6.1. (f) of fulfilling its contractual obligations with the Penneo Customer that has requested the End User’s signature. The collected data is needed in order to either validate the End User’s identity when signing a document with the Penneo Customer or get access to the document.
- processing is necessary for the performance of a contract (providing an archive, when applicable) to which the data subject is party. cf. GDPR art. 6.1.(b) (which is entered by signing a document using the Platform.
3.4. In relation to any personal data in the documents being signed by the end User, the Penneo Customer is the Data Controller and Penneo is a Data Processor. The End User is encouraged to contact the Data Controller in case of any questions regarding the Data Controller’s processing of the End User’s personal data.
3.5. In relation to the archive, Penneo is the Data Controller. Penneo provides the End User a space to store and access documents signed by Penneo when applicable, based on the identification method used for signing.
3.6. The End User retains ownership of the End User’s data and documents and the results of the processing of the data.
3.7. If the End User signs documents on behalf of a company, the signed documents belong to said company and not the End User, who signed it. It is the responsibility of the End User to transfer all documents signed on behalf of a company to the company.
4. Information and access to personal data
4.1. For information regarding the personal data collected by Penneo as part of the signature process, cf. clause above, the End User may contact Penneo directly, at the following points of contact:
4.2. Address:
Penneo A/S
Enghavevej 40, 4. sal
1674 København V
Denmark
Company Registration No.:
35633766
E-mail:
support@penneo.com
Data Protection Officer:
Christel Høst
Email: compliance@penneo.com
4.2. Penneo exclusively collects and stores the personal data specified in clause 3.1. upon the End User’s consent, cf. GDPR art. 6.1. (a) (which is given by signing a document using the Platform), and in order to pursue the legitimate interest, cf. GDPR art. 6.1. (f) of fulfilling its contractual obligations with the Penneo Customer that has requested the End User’s signature. The collected data is needed in order to validate the End User’s identity when signing a document with the Penneo Customer.
5. Term and termination of the agreement
5.1. The Agreement takes effect when the End User signs the first document using the Platform (Time of Commencement).
5.2. This Agreement ends either
- If an archive was not created: when the End User receives a copy of the signed document or a link to the signed document by Penneo or Penneo’s Customer.
- If an archive was created: when the End User requests Penneo to delete the archive.
5.3. When the documents are stored within the Platform, the End User may, at any time during the term of this Agreement, transfer or delete the signed documents in full or in part from its archive in the Platform. The End User’s signed documents and personal data are supplied in the formats that are used in the system(s) of Penneo or its sub-suppliers and thus no processing nor conversion of data is performed.
6. Intellectual property ownership
6.1. The End User is advised that the Platform is protected by copyright and the End User only acquires a non-exclusive and conditional right to use the Platform. The right of use is conditional upon the acceptance and observance of this Agreement and it has been expressly pointed out to the End User that the right of use is limited in time so that it will automatically lapse on termination of the Agreement irrespective of the cause of termination. The right of use is non-transferable.
6.2. The End User agrees and warrants that it will respect the copyrights.
7. Operational reliability and support
7.1. Penneo secures stable operation but is not liable for irregularities in operations caused by factors that are outside Penneo’s control. Penneo will restore normal operations as soon as possible.
Penneo ensures uptime of 99.9 %. The uptime is measured and calculated per calendar month based on Platform time 24/7. In the calculation of uptime, downtime of which notice has lawfully been given, or which has otherwise expressly been accepted by the End User, is not included.
8. Security regulations
8.1. All documents are stored in encrypted form and all communication to and from Penneo’s server(s) is encrypted and firewalls have been established to secure the Platform. However, Penneo cannot provide any guarantee against hacker attacks which cause system failure and/or loss of data.
9. Storage and backup
9.1. The End User’s data and backup media are placed with Penneo’s sub-supplier (Amazon Web Services, Inc. («AWS»)). All data is stored within the EU in Dublin Region, Ireland and Frankfurt Region, Germany, respectively.
9.2. The End User’s data is stored at several separate physical locations. The End User’s documents are versioned in order to be able to roll back changes.
9.3. Penneo makes an incremental backup of system data on a daily basis. Backups are kept for at least 14 days. All data in Penneo’s production environment is stored in at least two separate physical locations.
9.4. The End User’s documents and data are stored in the Platform from the time of creation unless no archive was created for the End User in the Platform at the time of the signing, the documents are deleted by the End User, or this Agreement is terminated in the meantime. Penneo only guarantees the protection of the evidential value of the documents for the period during which they are stored in the Platform and is not liable for any loss resulting from the loss or transformation of the signed document outside of the Platform.
9.5. If a system failure – irrespective of the cause – results in loss of or damage to the End User’s personal data, Penneo will after the failure/damage has been ascertained either on its own initiative or after having been contacted by the End User start restoration of the End User’s data from the relevant backup location(s).
10. Maintenance
10.1. In order to provide the best possible Platform it is necessary periodically to extend/renew technical equipment and make software updates, etc. Therefore, Penneo carries out maintenance and updates the Platform from time to time.
10.2. In connection with maintenance, it may be necessary to suspend access to the Platform. Such suspensions will mainly be placed in the period from 21:00 – 06:00 CET.
11. Fault reporting
11.1. If the End User detects failure or irregularities, the End User can check whether the matter has been registered at https://status.penneo.com/.
11.2. If the matter has not already been recorded, the End User should contact Penneo.
12. Support
12.1. Software updates are included in the use of the Platform.
13. Liability and limitation of liability
13.1. Penneo disclaims liability for any direct and/or indirect loss or consequential loss, including, but not limited to, business interruption, loss of profits, loss of the End User’s data and goodwill with the End User.
13.2. Penneo is liable for liability in accordance with the general rules of damages of Danish law. However, Penneo’s liability for damages in each case is limited to the amount which is paid out in accordance with Penneo’s liability insurance in force at any time.
14. Force majeure
14.1. If Penneo cannot provide its Platform in accordance with the Agreement as a result of force majeure, Penneo cannot be held liable for losses on account.
14.2. Force majeure is, for example, war, mobilization, terrorist attack, pandemic, failure/breakdown of public electricity supply, strike, fire, flood, etc.
15. Confidentiality and duty of confidentiality
15.1. During the term of the Agreement and after termination of the Agreement, the Parties undertake not to disclose to any unauthorized person any information received from and about the other Party of which a Party learns in connection with the Agreement and provision of the Platform to the End User. The Parties may use such information only in accordance with the Agreement and must not disclose the information unless disclosure is required in accordance with legislation, a court order or an order from a public authority. The above does not apply to information that is generally known or publicly available and which is not, according to legislation, subject to such limitations.
15.2. When signing the first document using the Platform, the End User gives Penneo the right to send service announcements and other information which may contain newsletters and other marketing material concerning the Platform and Penneo’s other products and services at any given time by email.
15.3. The End User may at any time unsubscribe newsletters and other marketing.
16. Breach of contract
16.1. In the event of a material breach of the Agreement by the End User, Penneo may terminate the Agreement forthwith if the matter has not been remedied within 3 working days from the written notice has been given to the End User.
17. The rights of the end user under the European General Data Protection Regulation (GDPR)
17.1. The End User has the right to request Penneo to inform about the personal data being processed by Penneo. This information is fully available to the End User in the End User’s archive in the Platform.
17.2. The End User has the right to have inaccurate personal data rectified.
17.3. Provided that the conditions in GDPR art. 17 are fulfilled, the End User has the right to request Penneo to delete the End User’s personal data. Penneo will then delete the End User’s data in the End User’s archive. It must be noted that the End User’s agreement counterpart (The Penneo Customer) may have an identical copy of the documents containing the End User’s personal data. The End User must therefore contact the Penneo Customer directly in order to request their deletion of their copy of the signed documents containing the End User’s personal data.
17.4. Provided that the conditions in GDPR art. 18 are fulfilled, the End User has the right to request Penneo to restrict the data processing.
17.5. Provided that the conditions in GDPR art. 20 are fulfilled, the End User has the right to request Penneo to provide all personal data relating to the End User, whereafter the End User is free to transmit it to another data processor.
17.6. In case the End User wants to exercise the right to lodge a complaint regarding Penneo’s processing of the End User’s personal data, the complaint can be lodged to the Danish Data Authority at dt@datatilsynet.dk or at phone no. (+45) 33 19 32 00, or the relevant data authority.
18. Disputes
18.1. The Parties agree that the Agreement has been concluded in accordance with Danish law and that any dispute between the Parties must be settled in accordance with Danish law.
18.2. The Parties shall endeavor to settle disputes amicably through negotiation. If a dispute cannot be settled amicably, both Parties are entitled to bring the matter before the Copenhagen City Court in the first instance.
19. Other provisions
19.1. If a provision in the Agreement is declared illegal, invalid or unenforceable, the provision must in spite of this be enforced to the greatest extent possible in accordance with current legislation so that the Parties’ original intention is reflected. Such a provision does not affect the lawfulness or validity of other provisions.
19.2. Any provision in the Agreement which according to its nature extends beyond the time when the Agreement ends in full or in part shall continue to apply and be binding on the Parties.
20. A big thank you
20.1. A BIG THANK YOU for using Penneo. The savings in time, print, paper, ink and money are significant. By saving your documents digitally you have not only secured a faster and more safe signature process. The usage of printing paper, ink and power consumption have been reduced, so Mother Nature salutes you!
Version 1.6 / 2023-12-01