This page documents the terms of service applicable in a customer / miaa Guard relationship.

1. Definitions

When used in connection with the Master Services Agreement, the following terms shall have the indicated meaning:

Term Definition
Activation Date means the date when Company is notified that a component of the miaa Product Base or a miaa Deliverable is operationally made available to Company.
Agreement means the Master Services Agreement that refers to this Annex 1 Terms of Service.
Company means the organisation consuming the miaa Services and who has contracted with miaa Guard directly or through a third party.
Company’s Group means Company that has signed the Agreement, and its affiliated entities as defined by Article 11 and 12 of the Belgian Company Code.
Confidential Information means information that is disclosed by a party (“Discloser”) to the other party (“Recipient”), or which Recipient has access to in connection with this Agreement, that is identified by Discloser to be proprietary and confidential to Discloser or to a third party or is to be deemed confidential due to its nature.
Data Controller means the physical or legal person, who alone or jointly with others, determines the purposes and the means of the processing of Personal Data.
Data Processor means the physical or legal person who processes Personal Data on behalf of the Data Controller.
Eligible A Service Order is said to be ‘Eligible’ (i) if the order has been made subject to this Agreement, (ii) if the order is made between Company and miaa Guard directly, (iii) if the order has been made effective by Company in writing, (iv) if the execution of the corresponding services have not yet ended, and (v) if the corresponding invoices are not being contested by Company.

A Service Incident and a Service Request are said to be Eligible (i) if they are covered by an Eligible Service Order, and, (ii) if they have been reported through the miaa Service Desk.

An API of the miaa Product Base is said to be Eligible (i) if it is covered by an Eligible Service Order, and, (ii) if it has been put in production and has been made available to end users.

EU Data Protection Regulation means the Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the Regulation (EU) 2016/679/EC of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) entered into force on 25 May 2018.
Fees means the fees payable by Company pursuant to a Service Order.
miaa Deliverable means a deliverable made available by miaa Guard in connection with an Eligible Service Order, and that may have the form of:

·       design and architecture documents and training material developed for Company;

·       configurations of miaa Product Base and third-party products performed for Company;

·       customisations of the miaa Product Base performed for Company;

·       user-experience blueprints and coding examples, including any related code, scripts, tables and code generation mechanisms;

·       adapted versions of the user experience blueprint, reference implementations and documentation developed for Company;

·       support, expertise and assistance provided to Company and their agents and subcontractors;

·       documentation, including user manuals, tutorials, online materials, and specifications that describe the features, functionality, configuration or operation of the miaa Product Base.

miaa Product Base means the productised microservices, also known as cloud-based API’s, that are managed and operated as Software-as-a-Service by miaa Guard for its customer base and operated directly by miaa Guard for Company. The productised microservices that have been obtained as part of an OEM agreement with a third-party vendor are covered by that vendor and are explicitly excluded from this agreement and are not considered Eligible API’s.
miaa Services means the advisory, integration, operational and support services delivered by miaa Guard to Company and identified in a Service Order. miaa Services result in miaa Deliverables and may incorporate components of the miaa Product Base.
miaa Service Desk means the system with which Company should report Service Incidents and Service Requests to miaa Guard and which is the basis for measuring service levels.
Parties means Company and miaa Guard.
Public Authority means any representative of any regulatory agency or any private entity mandated by a regulatory agency, having jurisdiction over Company or its Affiliates in connection with the agency’s, authority’s, or entity’s regulatory functions, including bank examiners, tax authorities, securities regulators, privacy commissions and their examiners, and futures regulators and their examiners, and police investigators.
Quick fix means a method to address the symptoms of a Service Incident as initial response and to reach at least a level of minimum acceptable service performance. Note: A quick fix is not a permanent solution to fix the root cause of an incident. It can also be known as a work-around.
Reaction time means the time between the logging or notification of a Service Incident (e.g. an alert or a phone call by an impacted person) or the issuance of a Service Request (e.g. a ticket), and the moment miaa Guard acknowledges to Company.
Resolution time means the time between the logging or notification of a Service Incident or the issuance of Service Request, and the moment a definitive solution is implemented. Note: The implementation of a definitive solution may be dependent on processes of third parties or on Company’s processes and as such, target levels cannot be set.
Restoration time means the time between the logging or notification of a Service Incident or the issuance of a Service Request, and the moment miaa Guard provides a Quick Fix.
Service Incident means an unplanned interruption to a component of the miaa Services, or a reduction in the quality of a component of the miaa Services, or an event that can impact an end user of the miaa Services.
Service Order means the purchase order entered into between the Parties and into which this Agreement is incorporated and into which the scope of the miaa Services is clearly specified.
Service Request means a request for information, advice, investigation, access to a component of the miaa Services or a change within the scope of a Service Order. Note: A Service Request is usually unplanned or ad hoc.
Term An Eligible Service Order has a Term, which is the period starting from reception of the purchase order and ending with one of the Termination conditions defined in section 5. Term and Termination.
Target Service Level means the target levels of service performance specified in Annex 2 Service Level Agreement.

2. Services

Scope

This Agreement shall govern all miaa Services that have been purchased by Company from miaa Guard or that have been purchased by Company through a third-party subcontracting miaa Services to miaa Guard on behalf of Company. Future purchases for additional services shall be made by issuance of additional Service Orders.

Goal

Subject to the terms and conditions of this Agreement miaa Guard will provide the miaa Services to Company pursuant to the applicable Service Orders.

3. Responsibilities

Collaboration

Parties undertake to answer any questions asked by the other Party to assist the latter Party to execute its undertakings under this Agreement. In general, Parties undertake to collaborate in an efficient, professional and constructive manner and to collaborate in the performance by miaa Guard of the miaa Services.

Company Responsibility

Company understands and agrees that the miaa Services may include advice and recommendations to Company, but all decisions in connection with the implementation of such advice and recommendations by Company shall remain the sole responsibility of Company.

In connection with the miaa Services, miaa Guard shall be entitled to rely on all decisions, specifications and approvals provided by, or on behalf of Company. Company accepts and acknowledges that miaa Guard shall not be held liable to the extent that such liability arises due to unauthorised access in case of inaccuracies in the specification of the Service Order. Company shall be responsible for the performance of its personnel and agents and for the accuracy and completeness of all data and information provided to miaa Guard for purposes of the performance by miaa Guard of the miaa Services.

miaa Guard Responsibility

As part of the miaa Services, miaa Guard will provide Company with the Service Level commitments specified in section 8. Warranty and Service Levels and will provide support as described in and in accordance with Annex 2. Service Level Agreement.

Without prejudice to Company’s responsibility for the implementation of any advice and/or recommendation made by miaa Guard, as set forth in the preceding paragraph, miaa Guard is responsible for applying professional standards when providing advice and recommendations to Company and guarantees its expertise. It being understood however that any advice and/or recommendation given by miaa Guard to Company shall always be based on information, content and requests provided by Company to miaa Guard and for which miaa Guard cannot be held liable. Further, miaa Guard will not be liable for any changes of circumstances or assumptions of any nature (operational, economical, legal, regulatory and others) following the date on which the advice and/or recommendation was given by miaa Guard to Company.

Licences

Subject to the terms and conditions of this Agreement, miaa Guard grants to Company, during the Term, a non-exclusive and non-transferable right (i) to access and use the miaa Product Base, and any associated documentation, as made available to Company by miaa Guard for its own internal business purposes, and (ii) to install, access, use and operate the miaa Product Base, solely for uses identified in the applicable Service Order, and in strict accordance with the associated documentation and the terms and conditions of this Agreement for its own internal business purposes.

No component of the miaa Product Base may be made available to third parties, unless prior approval by miaa Guard in writing.

Sublicensing within the Group

The license set forth herein is can be sub-licensed within Company’s Group exclusively. Company shall notify miaa Guard within a period of thirty (30) calendar days of (i) its intent to proceed with the sublicensing of the miaa Product Base within Company’s Group, (ii) the number of additional licensees and (iii) any other operational or other implications resulting from such sublicensing.

Parties agree that any form of sublicensing of the miaa Product Base within Company’s Group can be made conditional to the agreement on new commercial terms relating to the sublicensing of such miaa Product Base which will need to be agreed upon between Parties through a separate agreement in writing.

In any event, the restrictions on the use of the miaa Product Base, and any associated documentation should be complied with by each and every Affiliate of Company’s Group in the event of sublicensing of the miaa Product Base.

Restrictions

Company agrees that it will not, and will not permit any of its employees or other party:

  1. to reverse engineer, decompile, disassemble or otherwise derive or determine or attempt to derive or determine the source code (or the underlying ideas, algorithms, structure or organization) of any miaa Product Base, nor,
  2. to modify, adapt, alter, copy or make derivative works based on the miaa Product Base or any part of the miaa Product Base, nor,
  3. to otherwise use the miaa Product Base in any manner that exceeds the scope of use permitted hereunder, nor,
  4. to use the miaa Product Base to conduct or promote any illegal activities, nor,
  5. to alter, remove or obscure any copyright notice, digital watermarks, proprietary legends or other notice included in the miaa Product Base and associated documentation.

Company will use the miaa Product Base in compliance with the associated documentation. Company may not provide any parts of the miaa Product Base to any third party.

4. Financials

Company shall pay miaa Guard the Fees set forth in the applicable Service Order. miaa Guard shall invoice Company for all Fees due and, unless otherwise specified in a Service Order, Company shall pay the invoiced amount within thirty (30) calendar days after date of the invoice. Sums stated to be payable under this Agreement do not include any applicable value added tax or other taxes, which shall be additionally charged to Company. All Fees payable to miaa Guard under this Agreement shall be paid without the right to set off or counterclaim and free and clear of all deductions or withholdings whatsoever unless the same are required by law, in which case Company undertakes to pay miaa Guard such additional amounts as are necessary in order that the net amounts received by miaa Guard after all deductions and withholdings shall not be less than such payments would have been in the absence of such deductions or withholding.

In the event miaa Guard’s employees or agents are required to travel to any of Company’s facilities or agencies in connection with the performance of miaa Services, Company will reimburse miaa Guard for all reasonable, preapproved, travel and travel related expenses incurred in connection with the performance of the miaa Services.

Company shall be responsible for the payment of all taxes in connection with any Service Order that are legally required to be paid by Company, and not for any taxes based on miaa Guard’s income or taxes that are not legally required to be paid by Company. If Company is required to withhold taxes from any payments due to miaa Guard, then Company will state that requirement.

All Fees shall be paid in Euros.

Disputes

If Company disputes any portion of an invoice, Company shall notify miaa within thirty (30) calendar days from the invoice date of the nature of any such dispute, the basis for Company’s dispute and the amount involved, together with any appropriate information supporting Company’s and Company’s position, failure of which shall result in the invoice being deemed accepted by Company. The undisputed portion of the invoice shall be paid as set forth herein.

miaa Guard may charge interest for all outstanding balances at a rate equal to the lesser of two percent (2%) per month or the maximum rate permitted by applicable law, from the due date until paid.

As a matter of last resort, miaa Guard reserves the right (in addition to any other rights or remedies miaa Guard may have), and at its sole discretion, to suspend Company’s access to the miaa Services and miaa Product Base if any Fees owed to miaa Guard are more than ninety (90) calendar days overdue until such amounts are paid in full provided the payment of such Fees is not contested by Company. To the extent any payment of Fees would be unreasonably contested by Company, miaa Guard will be entitled to invoice without any undue delay a lumpsum fixed indemnity amounting to 50% of the outstanding and unpaid Fees by Company.

5. Term and Termination

Term of the Agreement

The term of this Agreement shall commence on the effective starting date of the governing Service Order. This Agreement shall expire upon the termination of all outstanding Service Orders.

Either Party may terminate the Agreement if the other Party breaches any material provision of the Agreement and does not cure such breach within thirty (30) calendar days after receiving written notice thereof.

Either Party may terminate this Agreement by written notice to the other Party, effective as of the date of receipt of such notice, if the other Party becomes the subject of a voluntary or involuntary bankruptcy, insolvency or similar proceeding or otherwise liquidates or ceases to do business.

Upon termination or expiration of this Agreement for any reason:

  1. any amounts owed to miaa Guard under this Agreement will be immediately due and payable, and,
  2. all rights (including for the avoidance of doubt any licenses on the miaa Product Base) granted to Company in this Agreement will immediately cease to exist, and,
  3. Company must promptly discontinue all use of the miaa Product Base, and,
  4. Recipient will return to Discloser or destroy all copies of Discloser’s Confidential Information in Recipient’s possession or control (all terms defined hereafter), and,
  5. miaa Guard has the right to suspend Company’s access to the miaa Services and the miaa Product Base.

The sections related to restrictions, confidentiality, ownership and liability together with any accrued payment obligations, will survive expiration or termination of the Agreement for any reason.

Term of a Service Order

miaa Services provided in connection to a Service Order shall start after reception of the corresponding purchase order and continues for the term specified in that Service Order (“Initial Term”) unless terminated by non-renewal, or, explicitly by any of the Parties, or, termination of this Agreement.

Upon expiration of the Initial Term of a Service Order, the term of such Service Order shall automatically renew for an indefinite period of time (a “Renewal Term”) unless any of the Parties terminates the Service Order with a notice period of thirty (30) calendar days.

6. Ownership

IP related to miaa Product Base

The miaa Product Base, including all copies, improvements, enhancements, modifications and derivative works thereof, and all worldwide intellectual property rights and other proprietary rights relating thereto or embodied therein, are and remain the exclusive property of miaa Guard and its licensors.

miaa Guard has additionally created, acquired or otherwise has rights in connection with the performance of its services and may employ, provide, modify, create, acquire or otherwise obtain rights in, various concepts, ideas, methods, methodologies, procedures, processes, know-how, and techniques including, without limitation, function, process, system and data models; templates; the generalised features of the structure, sequence and organisation of software, user interfaces and screen designs; general purpose consulting and software tools, utilities and routines; and logic, coherence and methods of operation of systems.

Company acknowledges and agrees that (i) miaa Guard shall own all right, title, and interest, including, without limitation, all rights under all copyright, patent and other intellectual property laws, in and to the miaa Product Base and (ii) miaa Guard may employ, modify, disclose, and otherwise exploit the miaa Product Base including, without limitation, providing services or creating programming or materials for other Companies.

IP related to miaa Deliverables

Except as provided above, upon full and final payment to miaa Guard of the associated Fees, the tangible items specified as miaa Deliverables for Company shall become the property of Company.

To the extent that any ‘IP related to miaa Product Base’ is contained in any of the miaa Deliverables for Company, miaa Guard hereby grants Company, upon full and final payment to miaa Guard of the associated Fees, a royalty-free, fully paid-up, perpetual, non-exclusive license to use and adapt such IP solely in connection with the miaa Deliverables and Company’s own operations. This ‘right to use’ and ‘right to adapt’ shall never be interpreted and translated into the ‘right to sell’, ‘right to rent out ‘, ‘right to transfer’ to a third party or otherwise extend the right to use.

miaa Guard does not agree to any terms that may be construed as precluding or limiting in any way its right to (i) provide solutions, consulting or other services of any kind or nature whatsoever to any person or entity as miaa Guard in its sole discretion deems appropriate or (ii) develop for itself, or for others, materials that are competitive with those produced as a result of executing miaa Services for Company, irrespective of their similarity to miaa Deliverables.

7. Confidentiality

Protection

Information may be disclosed in written or other tangible form or by oral, visual or other means. Confidential Information of miaa Guard includes, without limitation, all information concerning the miaa Services and the miaa Product Base disclosed hereunder that is not within any of the exceptions set forth in the section “Exceptions” below. Recipient will not use any Confidential Information of Discloser for any purpose not expressly permitted by the Agreement and will disclose the Confidential Information of Discloser only to the employees, contractors or advisors of Recipient who have a need to know such information for purposes of the Agreement and who are under a duty of confidentiality no less restrictive than Recipient’s duty hereunder. Recipient will protect Discloser’s Confidential Information from unauthorized use, access, or disclosure in the same manner as Recipient protects its own confidential or proprietary information of a similar nature and with no less than reasonable care. Except as provided herein, Company shall not allow any access to miaa Guard Confidential Information to any third party. The Parties agree that any actual or threatened breach of this section will constitute immediate, irreparable harm to the non-breaching Party for which monetary damages would be an inadequate remedy, and that injunctive relief is an appropriate remedy for such breach.

Exceptions

Recipient’s obligations under the previous section with respect to any Confidential Information of Discloser will terminate if such information:

  1. was already known to Recipient at the time of disclosure by Discloser, or,
  2. was disclosed to Recipient by a third party who had the right to make such disclosure without any confidentiality restrictions, or,
  3. is, or through no fault of Recipient has become, generally available to the public, or,
  4. was independently developed by Recipient without access to, or use of, Discloser’s Confidential Information.

Additionally, Recipient will be allowed to disclose Confidential Information of Discloser to the extent that such disclosure is (i) approved in writing by Discloser, or (ii) required by law or by the order of a court or of a similar judicial or administrative body, provided that Recipient notifies Discloser of such required disclosure promptly and in writing and cooperates with Discloser, at Discloser’s request and expense, in any lawful action to contest or limit the scope of such required disclosure.

8. Warranty and Service Levels

Warranty and limitation of liability

miaa Guard warrants that it shall perform services pursuant to the Service Orders in good faith and according to professional standards.

As of the Activation Date (see section 1. Definitions) of an Eligible component of the miaa Product Base and during the Term of the corresponding Service Order (“warranty period”), miaa Guard warrants that the component performs the functions as described in the associated documentation in all material respects when operated in the environment as required by the associated documentation. Components of miaa Product Base are made available “as is” and miaa Guard, on behalf of itself and its suppliers, hereby expressly disclaims all warranties, whether express, implied, statutory or otherwise, including, without limitation, any implied warranties of merchantability and fitness for a particular purpose.

As of the Activation Date (see section 1. Definitions) of a component of a miaa Deliverable and for a period of 180 days (“warranty period”), miaa Guard warrants that the component shall substantially perform the functions as described in the associated documentation in all material respects when operated in the environment specified in or implied by the corresponding Service Order. Company acknowledges and accepts that miaa Guard can only provide warranties relative to a miaa Deliverable if and only if Company does not apply any changes to a miaa Deliverable or changes to its documented operating environment.

Provided that Company notifies miaa Guard any breach of the foregoing warranty during the respective warranty period as a Service Incident reported through the miaa Service Desk, miaa Guard shall correct any reproducible defects that cause the breach of the warranty, or, if miaa Guard is unable to make the component operate as warranted, provide Company with alternative remediation options.

In no event will miaa Guard be held liable for any consequential, indirect, exemplary, punitive, special or incidental damages, including reputational damages, any lost data or lost profits, arising from or relating to the miaa Services, miaa Product Base or this Agreement. miaa Guard’s total cumulative liability in connection with this Agreement, the miaa Services and the miaa Product Base, whether in contract or tort or otherwise, will not exceed the Fees actually paid by Company under the relevant Service Order during the twelve (12) month period preceding the events giving rise to such liability.

Target Service Levels

miaa Guard shall use reasonable commercial efforts to meet the Target Reaction Times and Target Restoration Times specified in Service Level Agreement – Support Service Levels for ninety percent (90%) of the Eligible Service Requests and Eligible Service Incidents (see section 1. Definitions).

miaa Guard shall use reasonable commercial efforts to meet the Target Availability and Target Performance specified in  Service Level Agreement – Operational Service Levels for the Eligible components of the miaa Product Base (see section 1. Definitions).

If miaa Guard does not meet its aforementioned Target Service Levels, miaa Guard’s total cumulative liability will not exceed the Fees actually paid by Company under the relevant Service Order during the twelve (12) month period preceding the events giving rise to such liability.

Company acknowledges that miaa Guard cannot be held responsible and liable for meeting the Target Service Levels in Service Level Agreement for Service Requests and Service Incidents and components of the miaa Product Base that are not Eligible.

Company acknowledges that miaa Guard’s ability to meet the Target Service Levels for the miaa Services is dependent on miaa Guard (i) having the information necessary to replicate the reported problem / to understand the request, and, (ii) having real-time access to Company personnel who are sufficiently knowledgeable about the associated miaa Services.

9. Indemnity

Indemnification by miaa Guard

miaa Guard will defend at its own expense any claim or action brought by a third party against Company to the extent the claim or action is based upon an allegation that the miaa Services or miaa Product Base infringe any patents or any copyrights or misappropriate any trade secrets of a third party, and miaa Guard will pay those costs and damages finally awarded against Company in any such action that are specifically attributable to such action or those costs and damages agreed to in a monetary settlement of such action. Notwithstanding the foregoing, miaa Guard will have no obligation under this section or otherwise with respect to any infringement claim that is based upon (i) any use of the miaa Services or miaa Product Base not in accordance with this Agreement; (ii) any use of the miaa Services or miaa Product Base in combination with products, equipment, software or data not supplied by miaa Guard other than the miaa Product Base; (iii) any use of any release of the miaa Product Base other than the most current release made available to Company; or (iv) any modification of the miaa Product Base by any person other than miaa Guard or its authorised agents or subcontractors. This section states miaa Guard’s entire liability and Company’s exclusive remedy for any claims of infringement.

In the event the miaa Services or miaa Product Base, in miaa Guard’s reasonable opinion, are likely to or become the subject of a third-party infringement claim (as per this Section), miaa Guard shall have the right, at its sole option and expense, to: (i) modify the ((allegedly) infringing part of the) miaa Services or miaa Product Base so that they become non-infringing while preserving equivalent functionality; (ii) obtain for Company a license to continue using the miaa Services or miaa Product Base in accordance with this Agreement; or (iii) terminate the relevant license and pay to Company an amount equal to a pro rata portion of the Fees paid to miaa Guard hereunder for that portion of the miaa Services or miaa Product Base which is the subject of such infringement.

Indemnification by Company

Company will defend at its own expense any claim or action brought by a third party against miaa Guard that uses on Company’s instruction the miaa Deliverables or miaa Product Base, to the extent the claim or action arises from or is related to Company’s use of the miaa Services or miaa Product Base, excluding any claim or action arising from a breach of the terms of this Agreement by miaa Guard, and Company will indemnify and hold miaa Guard harmless from and against any losses, damages, liabilities, costs and expenses (including reasonable attorneys’ fees) arising from or related to any such claim or action for a maximum amount that will not exceed the Fees actually paid by Company under the relevant Service Order during the twelve (12) month period preceding the events giving rise to such liability.

Indemnified Party Obligations

As a condition of the indemnifying Party’s obligations under this section, the indemnified Party must (i) notify the indemnifying party promptly in writing of such action or claim; (ii) give the indemnifying Party sole control of the defence thereof and any related settlement negotiations; and (iii) cooperate and, at the indemnifying Party’s request and expense, assist in such defence.

10. Privacy Governance

Data controller & processor

Company confirms and accepts to act according to the EU Data Protection Regulation (and its implementation in national legislation) and to assume the role of Data Controller relative to the miaa Services. miaa Guard shall assume the role of Data Processor relative to the miaa Deliverables and the miaa Product Base subscribed to by Company in a temporary matter. It being understood that miaa Deliverables and the miaa Product Base:

  1. do not persistently store and keep any personal data;
  2. only process personal data temporarily;
  3. transfer such personal data to the storage and processing facilities maintained and controlled by Company after its processing.

miaa Guard assures adequate protection against accidental or unlawful destruction, loss, alteration and disclosure.

Company shall indemnify miaa of any claim of privacy breach that is not due to a shortcoming of this protection.

Relative to their end users, Company shall act as the contact point for the applicable national data protection authority. In this respect, Company may liaise with miaa Guard’s security and privacy officer.

Company accepts full responsibility for:

  1. ensuring personal data is collected for explicit and legitimate purposes and used accordingly;
  2. ensuring that the collection of personal data is adequate, relevant and not excessive in relation to the purposes for which it is collected and/or further processed;
  3. ensuring that registered end users can rectify, remove or block incorrect data about themselves;
  4. ensuring that personal data of registered end users is not kept any longer than strictly necessary.

Company undertakes to inform registered end users of the extent and the purpose of collecting personal data and of the registered end user’s rights to opt out, to be forgotten and to rectify data.

Company undertakes to inform registered end users and other stakeholders in case of a data privacy breach as and when required by law, including the EU Data Protection Regulation.

Public authorities and subpoena’s

The following procedure shall apply for requests for information by Public Authorities.

If miaa Guard receives a request for information from a Public Authority, it shall inform Company promptly by e-mail. Company shall promptly confirm receipt of this notification by e-mail and shall state any precautions, restrictions or constraints that they wish to see applied.

If Company receives a request for information from a Public Authority, it shall promptly notify miaa Guard by e-mail as soon as it deems necessary for miaa Guard to provide assistance and shall state any precautions, restrictions or constraints to be applied.

In a request for information from a Public Authority, miaa Guard may assist Company and/or the Public Authority to collect information in relation to the miaa Services or miaa Product Base. Any extraordinary assistance due to Company shall be subject of a (chargeable) Service Order.

miaa Guard’s duties in relation to Public Authorities shall survive termination, expiry or cancellation of the miaa Services for any reason until the end of the next Company’s financial year or as prescribed by applicable legislation and/or regulation.

Protecting Personal Data

Company shall promptly notify miaa Guard of any critical suspected security breach. A critical suspected security breach represents an incident where the impact to Company’s business and/or reputation may be severe and represent a crisis to Company. Examples include possible or actual serious miaa Services disruption, leakage of private information about registered end users, compromise of Company confidential information and suspected breach of the security of a product or repository.

As part of the Reaction to a suspected security breach, miaa Guard may deem it necessary to suspend some or all of the miaa Product Base in use by Company. Depending on the nature, extent and root cause of a suspected security breach, any associated downtime may be excluded from the Monthly Uptime and Target Turn-Around Time calculations, except in case of a security breach caused by the miaa Product Base.

11. General

Compliance with Laws

Each Party agrees to comply with all laws, regulations, rules, ordinances and orders applicable to its rights and obligations under this Agreement. Company will strictly comply with all requirements of the laws and regulations with respect to the use of the miaa Services and the miaa Product Base.

Assignment

Neither miaa Guard or Company or Company’s Group shall  assign or transfer, by operation of law or otherwise, this Agreement or any of its rights under the Agreement (including the license rights granted to Company) to any third party without the other Party’s prior written consent; provided, however, that either Party may assign this Agreement, without consent, to any successor to all or substantially all its business or assets to which this Agreement relates, whether by merger, sale of assets, sale of stock, reorganisation or otherwise. Any attempted assignment or transfer in violation of the foregoing will be null and void.

Subcontracting

miaa Guard shall be entitled to subcontract delivery of the miaa Services to its affiliates and to individual consultants engaged by miaa Guard pursuant to a professional services agreement, without having to obtain Company’s prior consent, provided that miaa Guard shall remain the sole responsible towards Company in respect of all subcontracted obligations.

Independent Consultant

It is understood and agreed that miaa Guard is an independent consultant and that neither Party is, nor shall be considered to be, an agent, distributor or representative of the other. Neither Party shall act or represent itself, directly or by implication, as an agent of the other or in any manner assume or create any obligation on behalf of, or in the name of, the other.

Limitation on Actions

No action, regardless of form, arising under or relating to the miaa Services or miaa Product Base, may be brought by either Party more than one year after the cause of action has occurred, except that an action for non-payment may be brought by a Party not later than one year following the date of the last payment due to such Party hereunder.

Force Majeure

Except for any payment obligations, neither Party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder for any cause, which is beyond the reasonable control of such Party.

Notices

All notices, consents, and approvals under this Agreement must be delivered in writing by courier, by e-mail, or by registered mail to the other Party at the address set forth in this Agreement or on the applicable Service Order and will be effective upon receipt or when delivery would be refused (except for technical reasons or reasons beyond the other Party’s control) on the day following the sending of any notice either by courier, e-mail or registered mail. Either Party may change its address by giving notice of the new address to the other Party.

Governing Law and Venue

This Agreement will be governed by and interpreted in accordance with the laws of Belgium without reference to its choice of laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. Any action or proceeding arising from or relating to this Agreement shall be submitted to the exclusive jurisdiction of the courts of Belgium.

Waivers

All waivers must be in writing. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion.

Severability

If any provision of this Agreement is unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.

Construction

The headings of sections of this Agreement are for convenience and are not to be used in interpreting this Agreement. As used in this Agreement, the word “including” means “including but not limited to.”

Service Level Agreement

2.1 Service Plans

miaa Guard offers following Service Plans. The Service Plan determines the applicable Service Levels and the windows when Eligible Service Requests and Service Incidents are dealt with:

Service Plan Service Window Definition
Bronze Best Effort Service levels are pursued on a best effort basis and shall not be regarded as an obligation.
Silver Business Window Service levels are warranted between 9:00 – 18:00 CET, during Belgian business days
Gold Extended Window Service levels are warranted between 08:00 – 21:00 CET, 7 days a week
Platinum Emergency Window Service levels are warranted on a 24×7 basis, i.e. between 00:00 – 24:00 CET, 7 days a week

Company accepts that for Service Plans other than Bronze to apply, miaa Guard has the right to charge a retainer fee. The retainer fee enables miaa Guard to reserve staff capacity so as to ensure that the Target Service Levels can be supported at all times during the given Service Window.

Note that Operational Service Levels are not affected by any Service Plan; they are always supported 24×7.

2.2 Support Service Levels

miaa Guard defines following Target Service Levels to handle Eligible Service Incidents and Service Requests.

Qualification* Definition Target Reaction Time Target Restoration Time Escalation to management
Severity-1
Incident
Emergency – failure in Production that stops your critical digital services or that compromises your end-user’s privacy. Note that when you are working with multiple vendors, such incidents may first have been escalated to another vendor before reaching miaa Guard. 30 minutes <4 hours Next morning
Severity-2
Incident
Urgent – defect in one or more of the functions in Production that makes the use of your digital services very difficult and inefficient ≤1 business day ≤1 business day Next business day
Severity-3
Incident
Any incident in Production not of Severity-1 or Severity-2 ≤2 business days (planned) Next Program Management meeting
Priority-1 Request Emergency – Delayed resolution in Production has immediate impact on your critical digital services or compromises your end-user’s privacy 30 minutes <4 hours Next morning
Priority-2
Request
Urgent – Delayed execution has immediate impact on your project schedule for more than 2 weeks (during integration or acceptance testing) or your marketing plans (in production) ≤1 business day ≤1 business day Next business day
Priority-3
Request
Any request not of Priority-1 or Priority-2 ≤2 business days (planned) Next Program Management meeting

Applicability: miaa Guard will use commercially reasonable efforts to meet the Target Reaction Time or Target Restoration Time for Eligible Service Orders (see section 1. Definitions) under the Silver, Gold or Platinum Service Plan only, and not under the Bronze Service Plan.

(*) To ensure a fair qualification of Service Incidents and Service Requests, their Qualification is determined using the criteria listed above. The final Qualification is thus not necessarily adopted from the ticket-priority set by your staff in the ticket. Non-eligible Service Incidents and Service Requests shall only be qualified with Severity-3 respectively Priority-3.

miaa Guard provides frequent updates on the progress of the Service Incident and Service Request resolution within the ticket. If miaa Guard fails to meet the Target Reaction Time or Target Restoration Time specified above, then the Service Incident and Service Request is escalated as follows:

  1. Engaging senior management of miaa Guard to oversee the resolution process.
  2. Engaging extra resources of miaa Guard.
  3. If necessary, bringing in external resources to solve problems in third party software, if applicable.

2.3 Operational Service Levels

To achieve optimal availability, response times and scalability of the microservices of the miaa Product Base, miaa Guard uses Amazon Web Services (“AWS”) thereby building on the AWS infrastructure-SLA’s. Furthermore, miaa Guard ensures continuous operations of the miaa Product Base thanks to its quality assurance processes, 24×7 monitoring and alerting. The monitoring includes uptime, connection-loss and capacity utilisation.

The Target Availability and Target Performance are specified in the table below.

Service component Target Availability Target Performance
PolicyGate 99.85% Monthly Uptime <5 seconds Turn-Around Time for 99% of the Requests and < 3 seconds for 95% of the Requests
ProfileConnect 99.85% Monthly Uptime <5 seconds Turn-Around Time for 99% of the Requests and < 3 seconds for 95% of the Requests
PrivateGroups 99.85% Monthly Uptime <10 seconds Turn-Around Time for 99% of the Requests and < 5 seconds for 95% of the Requests
ProfileSync 99.85% Monthly Uptime Zero loss in processing Updates

Applicability: miaa Guard shall use commercially reasonable efforts to meet the Target Service Levels for Eligible (see section 1. Definitions) components of the miaa Product Base (“Eligible APIs”) only.

The service levels of the Eligible APIs are measured over 1 monthly services period. No Target Service Levels are warranted for development, test and staging environments, nor for the production environment before the production date agreed upon with the Company in writing for the Eligible APIs.

The Turn-Around Time is the time between reception of an API-Request by Eligible APIs, and, the first API-Response produced by that component of the Eligible APIs.

Monthly Uptime is calculated monthly by subtracting from 100% the total percentage of 5-minute periods during the monthly services period for which the Eligible APIs are either not accessible or do not provide a Response within 15 seconds to more than 1% of the API-Requests.

The calculation of the Monthly Uptime and Target Turn-Around Time exclude failures:

  1. that are caused by factors outside of miaa Guard’s reasonable control, including any force majeure event or Internet access or related problems beyond the demarcation point of miaa Guard, or,
  2. that result from any unauthorised actions by Client or Client’s failure to comply with instructions from miaa Guard, or,
  3. that were caused by Client equipment, Client software, or Client third party services, or,
  4. that happen during periods of pre-announced, scheduled downtime necessary to implement updates or upgrades, or,
  5. that were due to suspension of the services due a reaction to a suspected security breach stipulated in Article 10. Privacy Governance, or,
  6. that are due the suspension of services as described in Article 8. Financials.