End User License Agreement (EULA)
for mgm Atlassian Add-Ins
2. License Version
3. License Scope
5. Intellectual Property
7. Personal Data
8. Update Versions
10. Guarantees and Liability
13. Term of the Agreement
14. Changes to Agreement
15. Miscellaneous Terms
16. Data Processing Regulations
Data Processing Addendum
This End User License Agreement (hereinafter referred to as: "the Agreement") is between YOU, meaning your organization, represented by an authorized representative (hereinafter referred to as "User") and mgm technology partners GmbH, a private limited liability company having its principle place of business in Munich, Germany, registered with the Munich Commerce Register Court under number HRB 161298 (hereinafter referred to as "mgm").
The mgm add-ons, plugins or any other mgm products (hereinafter collectively referred to as: "Artifacts") are made available online on +https://marketplace.atlassian.com/+ and certain third party websites, hereinafter referred to as "Website".
mgm may modify this Agreement from time to time, subject to the terms set out in this Agreement.
2. License Version
This license is dated October 31st, 2018 and replaces all earlier versions.
3. License Scope
mgm hereby grants the User a limited right to use the Artifacts. This license is non-exclusive and non-transferable. Only the authorized number of users may actually use the Artifacts. Additional license keys may be purchased through the Website.
It is expressly forbidden to
- decompile the Artifacts or to reverse engineer the source code of the Artifacts, except to the extent permitted by mandatory law or applicable open source license,
- provide copies of the Artifacts to third parties,
- sublicense the Artifacts or otherwise make available the Artifacts to third parties, including by rental, Software-as-a-Service models or otherwise,
- modify the Artifacts, except to the extent permitted by mandatory law,
- remove any indication of mgm as copyright holder of the Artifacts or to remove or render illegible any part thereof.
You are solely responsible for installation and usage of the Artifacts. The online available documentation will provide recommended requirements for the hardware and software environment.
It is not permitted to use the Artifacts for any purpose that violates German or other applicable law or regulation. In particular it is not permitted to use the Artifacts in a manner that causes a nuisance or hindrance for other users.
If in the opinion of mgm the continued functioning of the computer systems or network of mgm or third parties is under threat of being damaged or jeopardized, for example through excessive transmission of e-mail or other data, leaks of personal data or virus activity, mgm may take all steps it finds reasonably necessary to end or avert such damage or jeopardy.
mgm is at all times entitled to file a criminal complaint for any offenses committed through or by using the Artifacts. In addition, mgm is entitled to supply User's name, address, IP-address and other identifying data to a third party alleging that User violates its rights or these terms and conditions, provided the validity of the complaint is clear, no other way of obtaining this information exists and the third party has an evident interest in obtaining this information.
5. Intellectual Property
All right, title and interest to the Artifacts, the accompanying documentation and all modifications and extensions thereto belong, rest and remain with mgm. The User only has the rights and permissions explicitly granted to him by this Agreement or granted in writing otherwise. User may not use, copy, distribute or publish the Artifacts in any other manner.
The Artifacts may be comprised of third-party open source software. The respective third-party right holders grant you the rights indicated in the applicable open source licenses. These licenses can be found in the documentation accompanying the Artifacts. This Agreement does not apply to this open source software, and nothing in this Agreement shall be construed as a limitation of any right granted to you under an open source license.
Unless agreed upon differently through a written contract between the User and mgm, a license for the Artifacts can only be obtained through the Website. Prices and payment details are specified on the Website. Certain Artifacts are available for a limited period at no charge. After this period a full license with a well-defined period of validity is due. This will be indicated on the Website or in the Artifacts.
Prices are shown in the currency mentioned on the Website, and are shown exclusive of VAT, import duties and other government imposed taxes, duties and levies.
Shortly after payment, the User may download and install the Artifacts. Prior to this, verification of the User may be required in order to ensure User is an authorized User. The Artifacts and/or the Website will inform the User of any procedures and additional conditions.
7. Personal Data
During the installation and/or payment procedure, mgm and/or any third party processes certain of the personal data of the User. In addition to the data requested in the order form, the IP-address from which the registration is undertaken is recorded, as well as information regarding the used software. These personal data are only used for the execution of the Agreement and related purposes such as the making of related offers or notifications of available updates. For further information see the https://www.mgm-tp.com/en/data-protection/ .
Other terms and conditions regarding processing of Personal Data while using the Artifacts are put forward in Appendix A: the Data Processing Addendum.
8. Update Versions
mgm may periodically release updates to or newer versions of the Artifacts that may address bugs or improve the functioning of the Artifacts. To learn about the latest versions, consult the Website regularly. No liability is accepted for any damage caused by bugs addressed in an update not installed by the User.
mgm shall provide the User with a reasonable level of support through the Website and e-mail or other communication channels announced to the User. mgm does not guarantee that all requests for support or bug reports are taken into consideration.
10. Guarantees and Liability
mgm guarantees that the Artifacts substantially operate as described in the documentation; that the Artifacts contain no viruses, backdoors or malicious routines. mgm will use its best efforts to investigate any reported bugs as soon as is practical and to repair such bug or create a workaround (but may delay repairing bugs with limited impact until the next planned version), mgm grants no additional guarantees and/or warranties. In particular, mgm makes no representation or warranties, either expressed or implied, that any services rendered or any design or process which is the result of a particular use of the Artifacts, will not infringe any patent, copyright, or proprietary right of any kind of any third party, and mgm will have no liability whatsoever for any claim or suit against the User by any other party for such infringement.
Except in case of intentional misconduct or gross negligence, the liability of mgm for damages in connection with the Artifacts or the violation of a warranty granted above is limited to an amount equal paid by User under the Agreement in the 6 (six) months prior to the damage-causing incident occurred. mgm in no event is liable for indirect damages, consequential damages, lost profits, missed savings or damages through business interruption. The total compensation for damages will in no case exceed the amount of EUR 500 (five hundred Euros).
The obligation for mgm to pay compensation will only arise if the User sends written notice to mgm of this damage within fourteen (14) days after the damage occurring.
User hereby authorizes mgm to identify User as a customer of mgm within its promotional materials. Should User wish to object to such use, it may do so at any time by submitting an e-mail to firstname.lastname@example.org. Please note that it may take up to 30 days to process this request.
Both parties shall refrain from disclosing or using for any other purpose than within the scope of this Agreement, any trade secrets and other information of the other party that has been designated as confidential or the confidential nature of which is known or can reasonably be deemed to be known by the other party.
Both parties accept the duty to observe strict secrecy towards third parties with respect to all matters which have been arranged in this Agreement. In addition, the parties accept the duty to observe strict secrecy with respect to all information regarding the business, activities and organization of the other party, except in as far as such information was already part of the public domain without any involvement of the other Party.
13. Term of the Agreement
This Agreement is entered into for the (subscription) period stated on the Website or as stated elsewhere (hereinafter: "the Contract Period"). If the Contract Period is not stipulated, it shall be deemed to have been entered into for a Contract Period of 12 (twelve) months. Unless agreed to the contrary, this Agreement, in the absence of termination in writing reaching mgm at least 2 (two) months before the end of the Contract Period, shall always be tacitly extended by the same Contract Period. mgm and/or third party will usually send User a notice for the extension of licenses and payments that may be due in that regard.
This Agreement terminates automatically and immediately in case the User enters into bankruptcy, or the User applies for suspension of payments, or the assets of the User are seized, or in case the User enters into liquidation, legal dissolution or winding-up.
After termination of the Agreement, regardless of the reason, User must cease all use of the Artifacts. In addition User must remove all copies (including backup copies) of the Artifacts from all computer systems under control of User.
14. Changes to Agreement
mgm may update or modify this Agreement from time to time, including any referenced policies and other documents. If a revision meaningfully reduces User's rights, mgm will use reasonable efforts to notify User (by, for example, sending an e-mail to the billing or technical contact you designate in the applicable order, posting on our blog, through your Atlassian account, or in the Product itself).
If mgm modifies the Agreement during license term and/or subscription term, the modified version will be effective upon your next renewal of a license term, support or maintenance term, and/or subscription term, whichever applies. In this case, if User objects to the updated Agreement, as your exclusive remedy, you may choose not to renew, including cancelling any terms set to auto-renew.
With respect to Artifacts available for free, accepting the updated Agreement is required for you to continue using those Artifacts. You may be required to click through the updated Agreement to show your acceptance. If you do not agree to the updated Agreement after it becomes effective, you will no longer have a right to such Artifacts. For the avoidance of doubt, any order is subject to the version of the Agreement in effect at the time of the order.
15. Miscellaneous Terms
German law applies to this Agreement exclusively. Unless dictated otherwise by mandatory law, all disputes arising in connection with this Agreement shall be brought before the competent German court for the principal place of business of mgm which is in Munich.
A finding that any particular provision of this Agreement is legally void or unenforceable shall not affect the validity of the entire Agreement. In such a case the parties shall determine a replacement provision that is legally valid and approximates the intent of the relevant provision as much as possible.
mgm may assign its rights and obligations under this Agreement to a third party that acquires the relevant business or the copyrights to the Artifacts from her.
16. Data Processing Regulations
It is possible that by using the Artifacts, the End User processes personal data and therefore, that mgm processes that personal data on behalf of the End User, especially in cases of analyzing problems via log files or alike.
Data Processing Addendum
Introduction and definitions
- The word "End User" as applied in this Data processing addendum means your organization, represented by an authorized representative. The word "End Users" as applied in this data processing addendum means any individual in or represented by your organization that uses the Artifacts, either as an administrator or a user.
- Definitions that are used in this data processing addendum derive their meaning from their definitions as meant in the EU General Data Protection Regulation (GDPR).
- This Data Processing Addendum qualifies as a data processing agreement as described in Article 28 GDPR.
- If the End User processes personal data by using the Artifacts, mgm processes such personal data on behalf of the End User. Consequently, the End User and mgm agree that the End User is regarded as the data controller and mgm is regarded as the data processor. Alternatively, if the End User is processing personal data on behalf of a third party, the End User is regarded as the data processor and mgm is regarded as the data sub-processor.
Description of Data Processing
- mgm has no saying in the purpose and means of the processing of the personal data. Additionally, mgm has no saying in the nature of the personal data that is processed. All personal data processed in connection with the Artifacts shall deemed to have been processed at the instructions of the End User.
- mgm will not make independent decisions about the data gathering and use of the personal data, the provision to third parties, the duration and the storage of the personal data.
- The personal data are related to the following data subject categories:
- People who use the Artifacts (the End Users); and/or
- People whose personal data is captured or processed in the Artifacts by End Users; and/or
- People whose data is transmitted via the Artifacts by End Users; and/or
- Other possible data subject categories whose personal data is processed using the Artifacts.
Non-disclosure and Confidentiality
- mgm is bound to non-disclosure against third parties for all personal data that mgm processes on behalf of the End User, following from this Data Processing Addendum. mgm will not use this data for any other purpose than for which mgm received the data from the End User, except if the data is altered (encrypted or a anonymized) in such a way that it is no longer traceable to an individual data subject.
- The non-disclosure as meant in DP-3 section 1 is not applicable:
- to the extent that the End User has provided mgm the permission to provide the data to third parties; or
- when the provision of the data to third parties is logically necessary for the use or proper functioning of the Artifacts or the execution of this data processing addendum; or
- if a legal requirement or court order exists to provide the data to third parties; or
- in regard of third parties to which personal data are provided in their role as sub-processor, taking into account the conditions defined in DP-5.
Security and Technical and Organizational Measures
- With regard to the processing of personal data, mgm will strive to take adequate technical and organizational measures, in particular to safeguard against the destruction, loss, mutation or unauthorized provision or unauthorized access to transferred, stored or otherwise processed personal data.
- The technical and organizational measures that mgm takes follow from the most recent version of their information security policy can be provided by mgm upon justifiable request.
- In case, in mgm's opinion, this is necessary to offer a continued adequate level of security, mgm is allowed to make changes to the security measures.
- mgm does not guarantee that their security is effective under all conditions. mgm will strive to maintain a reasonable level of security, taking into account the state of technology, implementation costs of the security measures, the nature, extent and context of the processing of personal data, the purposes and the intended use of the Artifacts, the data processing risks and the risks for the rights and freedoms of data subject, which they may have expected considering the intended use of the Artifacts and which are divergent for their probability and impact.
- The End User asserts that the security measures as meant or referred to in DP-4, considering the factors as described herein, provide an adequate level of security that is in accordance with the risks of the processing of personal data processed by or provided by the End User.
- The End User will only provide personal data for processing to mgm if the End User has ensured themselves that the required security measures are taken. The responsibility for the compliance of the measures as agreed between the End User and mgm resides with the End User.
- The End User provides mgm the general permission to work with third parties (sub-processors) for the processing of personal data. mgm always work with their associated companies in the European Union and in countries outside of the European Union, while taking into account relevant laws and regulations.
- Upon request by the End User and within a reasonable time frame, mgm will inform the End User about the relevant third parties that mgm works with, regarding the processing of the personal data as meant in this data Processing Addendum.
- mgm has the right to add or replace third parties (changes). If mgm intends to add or replace a third party, mgm will inform the End User accordingly, allowing the End User to object. If the End User wishes to object, the End User must submit their objection in written form, within two weeks and supported by sound argumentation. If the End User does not object within these conditions, the End User is regarded to accept the intended change.
- If the End User objects within the conditions as stated above in DP-5 section 2, mgm and the End User will consult each other and strive to achieve a reasonable solution. If both parties cannot achieve a satisfactory agreement about the intended change as meant above in DP-5 section 2, mgm is entitled to work with the respective added or replaced third party. Respectively, the End User is entitled to terminate their subscription to the Artifacts per the date that the new sub-processor is activated.
- At all times, mgm ensures that the third parties as meant in this article will take on the same obligations as agreed between the End User and mgm in writing and ensures the compliance by these third parties of these obligations.
Transfer of Personal Data
- mgm processes personal data in countries of the European Union. Additionally, the End User permits mgm to process personal data in countries outside of the European Union, while taking into account relevant laws and regulations.
- Upon request and within a reasonable time frame, mgm will inform the End User in which countries mgm processes the personal data.
Data Subject Rights and Requests
- If a data subject submits a request about their personal data to mgm in order to exercise their data subject rights, mgm will forward the request to the End User and inform the data subject accordingly. The responsibility for processing the request and performing data subject rights lies with the End User, who will process the request and perform the data subject rights independently from mgm.
- mgm will provide assistance to the End User for processing a request by a data subject and performing their data subject rights, should this occur to be necessary. mgm may charge the End User for reasonable expenses that are made or to be made while providing such assistance, which will be reimbursed by the End User.
Obligations and Support
- mgm will commit to compliance with the conditions that, based on the GDPR, are bound to the processing of personal data by mgm in their specific role, regarding the processing of personal data as meant in DP-2 of this data processing addendum.
- mgm will process personal data and other forms of data that are made available to mgm by the End User based on written instructions by the End User.
- Upon request and within a reasonable time frame, mgm will inform the End User about the (technical and organizational) measures taken by mgm to comply with their obligations as meant under this data processing addendum.
- The obligations as meant in this data processing addendum are also applicable to parties that process personal data under mgm's authority.
- If, in mgm's opinion, an instruction given by the End User is conflicting with relevant laws and regulations, mgm will inform the End User.
- At the request of the End User, mgm will, within a reasonable time frame, provide the End User with the necessary cooperation to meet their compliance with the obligations that follow from the GDPR. This includes, among others, their obligations with regard to data security, reporting personal data breaches and performing data protection impact assessments. mgm will charge the End User for reasonable expenses that are made or to be made while providing such cooperation, which will be reimbursed by the End User.
Personal Data Breaches
- A personal data breach is defined as a violation of security that accidentally or unlawfully leads to the destruction, loss, mutation or the unauthorized provision or unauthorized access to transmitted, stored or otherwise processed personal data.
- If a personal data breach occurs, mgm will inform the End User to the best of their abilities, abiding by applicable laws and regulations. The End User will then judge if they need to inform the supervisory authorities and/or data subjects. mgm strives to ensure that the information is complete, correct and accurate to the best of their abilities.
- mgm will cooperate with informing the relevant authorities and, if required, the data subjects, should this be required by any law or regulation. The responsibility for informing the relevant authorities and the data subjects resides with the End User.
- If a personal data breach has occurred, mgm will provide the following information to the End User:
- The fact that a personal data breach has occurred
- the (supposed) cause of the breach
- the (then known or expected) effects
- the (proposed) resolution
- the taken measures
- the contact details for the follow-up of the issue
- an overview of the informed parties (e.g.: the data subjects)
Destruction or Return of Personal Data
- After termination of this data processing addendum, mgm will destroy the personal data it has received from the End User without delay, except if mgm and the End User agree that mgm will return the personal data to the End User or retain the personal data for an agreed period, or if mgm is required by law to retain the personal data.
- mgm may charge the End User for reasonable expenses that are made or to be made for the destruction or the return of the personal data to the End User, which will be reimbursed by the End User.
- For the verification of compliance of all items from this data processing addendum, the End User has the right to issue audits by a competent and independent party.
- This competent and independent party is bound to non-disclosure.
- An audit will only be conducted after the End User has requested the available similar audit reports from mgm, has judged the reports and provides sound argumentation why an audit, initiated by the End User, is still justifiable. Such an audit will only be justifiable when the similar audit reports that are available from mgm provide no or insufficient proof about the compliance of this data processing addendum by mgm. If an audit, initiated by the End User, is justified, it will only be conducted at least 30 days after prior announcement by the End User, with a maximum of once per year.
- mgm will cooperate with the audit and will provide all information that is reasonably relevant for the audit, including supportive information such as system logs and access time to relevant employees, as timely as possible and within a reasonable time frame (within two weeks or sooner in case of an urgent interest).
- In mutual consultation, the End User and mgm will judge the findings that may result from the audit. As a result of this process, measures may be implemented by either mgm, the End User or both parties.
- Reasonable expenses made or to be made by mgm in this process will be reimbursed by the End User. The expenses for the hired competent and independent party are always the responsibility of the End User and will be met by them.
Distribution of Responsibilities
- mgm is only responsible for the processing of personal data as meant in this data processing addendum, abiding by the instructions of the End User and under the explicit (final) responsibility of the End User.
- mgm is not responsible for all other processing of personal data, including but not limited to the collection of personal data by the End User, processing of personal data for purposes that the End User failed to report to mgm, processing by third parties and processing for other purposes. For such processing of personal data, the End User has the exclusive responsibility. At all times, the End User guarantees the legality of their processing of personal data and the adequacy of the security of their systems and infrastructure.
- The responsibility for judging whether mgm offers adequate safeguards regarding the implementation of technical and organizational measures in order for the processing of personal data to be compliant with the demands from the GDPR and/or other applicable laws and regulations and whether the protection of the rights of the data subjects is adequately safeguarded, lies with the End User.
- At all times, the End User guarantees that the content, use and instructions for the processing of personal data as meant in this data processing addendum is not unlawful and does not infringe any rights of third parties.
- Notwithstanding other rights of mgm, the End User safeguards mgm from all legal claims by third parties, from any source, if the legal claim relates to the processing of personal data. Additionally, the End User safeguards mgm from potential damages and fines, imposed by competent supervisory authorities, for which the End User is accountable and/or if the End User violates this data processing addendum, the GDPR or any other applicable laws and regulations.
Duration and Termination
- The duration of this data processing addendum is identical to the duration as defined in the Agreement or contract that is agreed upon between mgm and the End User. If there is no duration defined in any of these documents, the duration of this data processing addendum is identical to the duration of the collaboration between the End User and mgm.
- This data processing addendum cannot be terminated intermediately.
- DP-3 (Non-disclosure and Confidentiality) will survive the termination of the data processing addendum.
- mgm and the End User may only change this data processing addendum with mutual consent.