The rules and agreements managing your access to SENTINEL structure and algorithms.
"Agreement" means this Cloud Service Agreement, including any Order Form.
"Authorised Users" means employees or contractors of Customer who are permitted to access the Service under this Agreement.
"Confidential Information" means any non-public information disclosed by one party to the other that is designated as confidential or that reasonably should be treated as confidential given its nature.
"Customer" means the legal entity that has executed an Order Form or accepted this Agreement.
"Customer Data" means all data submitted to or processed by the Service on behalf of Customer, including compliance records, regulatory filings, and entity information.
"Documentation" means the technical and functional documentation for the Service made available by Provider.
"Order Form" means a written or electronic order that references this Agreement and sets out subscription tier, fees, and term.
"Personal Data" has the meaning given in Regulation (EU) 2016/679 (GDPR).
"Provider" means Michael Hansen, operating micaready.eu ("SENTINEL").
"Service" means the cloud-based MiCA compliance monitoring platform described in the Documentation, including CNMV registry tracking, DAC8 reporting alerts, AML monitoring notifications, and regulatory update feeds.
"Service Level" means the uptime commitment set out in Section 6.
"Subscription Term" means the period specified in the Order Form, or if none, one calendar month.
2.1 Access. Subject to the terms of this Agreement and payment of fees, Provider grants Customer a non-exclusive, non-transferable right to access and use the Service during the Subscription Term solely for Customer's internal compliance purposes.
2.2 Authorised Users. Customer may permit Authorised Users to access the Service. Customer is responsible for all use of the Service by its Authorised Users. Each subscription is licensed to a single legal entity; group or multi-entity use requires a separate Order Form.
2.3 Restrictions. Customer shall not: (a) sublicense, resell, or make the Service available to third parties; (b) reverse engineer or attempt to extract the source code of the Service; (c) use the Service to build a competing product; (d) use the Service in violation of applicable law; (e) circumvent any usage limits.
2.4 Acceptable Use. Customer shall use the Service only for lawful purposes and in accordance with this Agreement and any acceptable use policy published by Provider.
3.1 Fees. Customer shall pay the fees set out in the Order Form. If no Order Form exists, fees are those published on the Provider's website at the time of subscription.
3.2 Billing. Subscriptions are billed monthly in advance by credit or debit card via Stripe. All fees are stated and charged in EUR.
3.3 Taxes. Fees are exclusive of VAT and other applicable taxes. Where Provider is required to collect VAT, it will be added to invoices at the applicable rate. Customer is responsible for all other taxes applicable to its purchase.
3.4 Late Payment. If any undisputed amount is more than fourteen (14) days overdue, Provider may suspend access to the Service after written notice.
3.5 Price Changes. Provider may change fees at any time with thirty (30) days' written notice. Continued use of the Service after the effective date constitutes acceptance. If Customer does not accept the new fees, Customer may terminate this Agreement before the effective date.
3.6 No Refunds. Except as required by applicable law, all fees are non-refundable. Upon cancellation, access continues until the end of the then-current billing period.
4.1 Ownership. As between the parties, Customer retains all ownership of Customer Data. Provider acquires no rights in Customer Data except as necessary to perform its obligations under this Agreement.
4.2 Processing. Provider will process Customer Data solely to provide the Service and as otherwise instructed by Customer in writing. Provider shall not process Customer Data for its own commercial purposes.
4.3 Data Processing Agreement. To the extent Provider processes Personal Data on behalf of Customer as a data processor under GDPR, the Data Processing Agreement at Schedule 1 forms part of this Agreement and governs such processing.
4.4 Security. Provider will implement and maintain reasonable technical and organisational security measures appropriate to the risk, designed to protect Customer Data against unauthorised access, disclosure, alteration, or destruction.
4.5 Deletion. Upon termination of this Agreement, Provider will delete or return Customer Data within thirty (30) days of written request, unless retention is required by applicable law.
5.1 Obligations. Each party agrees to: (a) hold the other party's Confidential Information in confidence using at least the same degree of care it uses for its own confidential information, but no less than reasonable care; (b) not disclose Confidential Information to third parties without prior written consent; (c) use Confidential Information only as necessary to exercise rights or perform obligations under this Agreement.
5.2 Exceptions. Confidentiality obligations do not apply to information that: (a) is or becomes publicly known through no breach of this Agreement; (b) was rightfully known before disclosure; (c) is independently developed without reference to Confidential Information; (d) is required to be disclosed by law or court order, provided the receiving party gives prompt written notice where permitted.
5.3 Survival. Confidentiality obligations survive termination of this Agreement for three (3) years.
6.1 Availability. Provider will use commercially reasonable efforts to make the Service available 99% of the time in any calendar month, excluding scheduled maintenance.
6.2 Scheduled Maintenance. Provider will give at least twenty-four (24) hours' advance notice of scheduled maintenance that is expected to cause Service unavailability.
6.3 Support. Provider will respond to support requests submitted to contact@micaready.eu within two (2) business days.
6.4 No SLA Credits. Provider does not offer service credits for downtime under this version of the Agreement. This section may be updated in future versions.
7.1 Provider IP. Provider retains all intellectual property rights in the Service, Documentation, and any improvements, modifications, or derivative works thereof. No rights are transferred to Customer except the limited access right in Section 2.1.
7.2 Feedback. If Customer provides suggestions or feedback about the Service, Provider may use such feedback without restriction or obligation to Customer.
7.3 Aggregated Data. Provider may collect and use anonymised and aggregated data derived from Customer's use of the Service for product improvement, analytics, and benchmarking, provided such data cannot reasonably be used to identify Customer or any individual.
8.1 Provider Warranties. Provider warrants that: (a) it has the right to grant the access rights in this Agreement; (b) the Service will perform materially in accordance with the Documentation under normal use; (c) Provider will comply with applicable laws in performing its obligations.
8.2 Customer Warranties. Customer warrants that: (a) it has authority to enter into this Agreement; (b) its use of the Service will comply with applicable law; (c) Customer Data does not infringe third-party rights.
8.3 Disclaimer. THE SERVICE IS PROVIDED AS A MONITORING AND ALERTING TOOL. PROVIDER DOES NOT PROVIDE LEGAL, REGULATORY, FINANCIAL, OR COMPLIANCE ADVICE. NOTHING IN THE SERVICE CONSTITUTES ADVICE ON WHICH CUSTOMER SHOULD RELY. CUSTOMER REMAINS SOLELY RESPONSIBLE FOR ITS OWN REGULATORY COMPLIANCE OBLIGATIONS, INCLUDING OBTAINING APPROPRIATE LEGAL COUNSEL. PROVIDER DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR-FREE, THAT ALL REGULATORY CHANGES WILL BE CAPTURED, OR THAT USE OF THE SERVICE WILL ENSURE CUSTOMER'S COMPLIANCE WITH MICA OR ANY OTHER REGULATION.
8.4 No Other Warranties. EXCEPT AS EXPRESSLY SET OUT IN SECTION 8.1, PROVIDER MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
9.1 Exclusion of Consequential Loss. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.2 Cap on Liability. PROVIDER'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER IN THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.
9.3 Exceptions. The limitations in this Section 9 do not apply to: (a) either party's indemnification obligations; (b) liability arising from fraud or wilful misconduct; (c) liability that cannot be excluded or limited under applicable law.
10.1 By Provider. Provider shall defend, indemnify, and hold Customer harmless from third-party claims alleging that the Service, as provided by Provider, infringes a third party's intellectual property rights, subject to Customer: (a) promptly notifying Provider of the claim; (b) giving Provider sole control of the defence; (c) providing reasonable cooperation.
10.2 By Customer. Customer shall defend, indemnify, and hold Provider harmless from third-party claims arising from: (a) Customer's use of the Service in breach of this Agreement or applicable law; (b) Customer Data infringing third-party rights.
11.1 Term. This Agreement begins on the date Customer first accepts it and continues until all Order Forms have expired or been terminated.
11.2 Termination for Convenience. Either party may terminate this Agreement by providing written notice. Termination takes effect at the end of the then-current Subscription Term.
11.3 Termination for Cause. Either party may terminate this Agreement immediately upon written notice if the other party: (a) materially breaches this Agreement and fails to cure the breach within fourteen (14) days of notice; (b) becomes insolvent, makes a general assignment for the benefit of creditors, or has a receiver appointed; (c) ceases to conduct business in the ordinary course.
11.4 Effect of Termination. Upon termination: (a) all access rights immediately cease; (b) Customer shall promptly pay any outstanding fees; (c) each party shall return or destroy the other's Confidential Information on request; (d) Provider will make Customer Data available for export for thirty (30) days, after which it will be deleted.
11.5 Survival. Sections 3 (Fees), 4.4 (Security), 5 (Confidentiality), 7 (IP), 8.3–8.4 (Disclaimers), 9 (Limitation of Liability), 10 (Indemnification), 11.4–11.5 (Effect/Survival), and 12 (General) survive termination.
12.1 Governing Law. This Agreement is governed by the laws of Spain, without regard to conflict of law rules. The parties submit to the exclusive jurisdiction of the courts of Madrid, Spain, except that either party may seek interim injunctive relief in any court of competent jurisdiction.
12.2 EU Mandatory Law. Nothing in this Agreement limits rights that cannot be excluded under mandatory EU or Spanish consumer or business protection law where applicable.
12.3 Entire Agreement. This Agreement, together with any Order Form and schedules, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements, representations, and understandings.
12.4 Amendments. Provider may update this Agreement by posting a revised version at micaready.eu/terms with thirty (30) days' notice. Continued use after the effective date constitutes acceptance.
12.5 Assignment. Customer may not assign this Agreement without Provider's prior written consent. Provider may assign this Agreement in connection with a merger, acquisition, or sale of substantially all assets, with notice to Customer.
12.6 Force Majeure. Neither party is liable for failure to perform obligations due to causes beyond its reasonable control, including acts of God, government actions, or internet outages, provided it gives prompt notice and uses reasonable efforts to resume performance.
12.7 Severability. If any provision of this Agreement is found unenforceable, it shall be modified to the minimum extent necessary to make it enforceable; all remaining provisions continue in full force.
12.8 No Waiver. Failure to enforce any provision of this Agreement is not a waiver of the right to enforce it later.
12.9 Notices. Legal notices must be in writing and sent to contact@micaready.eu (for Provider) or the email address on the Order Form (for Customer).
12.10 Language. This Agreement is in English. Any translation is for convenience only; the English version controls.
DPA-1. Scope. This DPA applies where Provider processes Personal Data on Customer's behalf as a data processor under GDPR.
DPA-2. Subject matter and nature. Processing of Personal Data for the purpose of providing the Service described in this Agreement. Processing operations include storage, retrieval, disclosure to authorised staff, and deletion.
DPA-3. Duration. For the term of the Agreement plus any retention period required by law.
DPA-4. Type of data. Contact details of Authorised Users; any Personal Data included in Customer Data.
DPA-5. Categories of data subjects. Customer's Authorised Users; individuals whose Personal Data appears in Customer Data.
DPA-6. Instructions. Provider shall process Personal Data only on documented instructions from Customer, except where required by EU or Member State law.
DPA-7. Confidentiality. Provider shall ensure that persons authorised to process Personal Data are subject to confidentiality obligations.
DPA-8. Security. Provider shall implement measures required under GDPR Article 32 appropriate to the risk.
DPA-9. Sub-processors. Customer authorises Provider to engage the sub-processors listed in the Privacy Policy. Provider shall impose equivalent data protection obligations on all sub-processors and remain liable for their acts.
DPA-10. Data subject rights. Provider shall assist Customer in responding to data subject requests within reasonable timescales.
DPA-11. Security incidents. Provider shall notify Customer without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data breach affecting Customer Data.
DPA-12. Deletion. On termination, Provider shall delete or return all Personal Data and delete existing copies, unless retention is required by law.
DPA-13. Transfers. Provider shall not transfer Personal Data outside the EEA without Customer's prior written consent, except where appropriate safeguards (Standard Contractual Clauses or equivalent) are in place.
DPA-14. Audits. Provider shall allow Customer to conduct audits or inspections, or provide information necessary to demonstrate compliance with this DPA, on reasonable notice.