Last Modified: Jan 25, 2024
1. INTRODUCTION
1.1 These General Terms and Conditions (“T&Cs”) is a legal agreement between You – the Customer and Touch for Your use the Software Solution.
1.2 These T&Cs replace any and all previous terms and conditions that may have been applicable for the Software Solution.
1.3 The agreement between Touch and Customer ("the Agreement") consists of the following information and appendices which, in case of any contradictions, take precedence in following order:
1. The Purchase Order
2. Appendix 6: Financial Services, if applicable
3. These General Terms and Conditions
4. Appendix 1: Description of the Software Solution
5. Appendix 2: Payment terms
6. Appendix 3: Tentative delivery plan
7. Appendix 4: Service Level Agreements
8. Appendix 5: Data Processing Agreement
1.4 Definitions
“Affiliate” shall mean, in relation to a party, a legal entity that directly, or indirectly through one or more intermediaries, owns or controls, is owned or is controlled by, or is under common ownership or control with, such party.
“Agreement” shall mean these T&Cs, all Appendices hereto, and the Purchase Order.
“Charges” shall mean all fees and charges payable to Touch as set out in the Purchase Order, including the License Fees.
“Customer” or You” or shall mean the legal entity identified in the Purchase Order.
“Documentation” shall mean the product documentation relating to the operation and use of the Software Solution, such as technical program or interface documentation, user manuals, operating instructions and release notes, as updated from time to time by Touch.
“Effective Date” shall mean the date of the latest signature by a party on the Agreement, unless otherwise is specified in the Purchase Order.
“Touch” shall mean Touch Technology AS as identified in the Purchase Order.
“License Fees” shall mean the fees and charges payable to Touch for providing You with the Software Solution in accordance with the Purchase Order.
“Professional Services” means any service or support outside provision of the Software Solution in accordance with Appendix 1 and 4, such as training, integration services, implementation services, consulting services, data migration and/or other technical or professional services provided by Touch to You, as agreed between the parties.
"Purchase Order" means the purchase order signed by the parties, setting out the commercial terms governing Touch's provision of the Software Solution to You for such number of users as indicated therein and which (i.e.) stipulates the Charges to be paid by You, Your selected Touch plugins and service levels.
“Software Solution” shall mean Touch’s desktop and/or server software applications and/or cloud solution, and which may include associated documentation, and other components and software modules.
“Start Date” shall mean the planned date when the Software Solution shall be made available to you, as specified in the Purchase Order.
“Term” shall mean the length of time during which this Agreement is effective.
“User” shall mean any individual acting on behalf of the Customer (e.g. employees of the Customer) that are given access to the Software Solution.
2. LICENSE GRANT
2.1 In return for the agreed Charges, Touch grants You a limited, non-exclusive, non-transferable right to use such parts of the Software Solution as is specified in the Purchase Order and the Documentation, including any patches or upgrades Touch may deploy during the Term for Your internal business purposes (the “License Grant”). The License Grant assumes that You use the Software Solution in accordance with the Documentation and/or other reasonable instructions provided by Touch.
2.2 The License Grant includes any software updates and upgrades that Touch or any reseller authorized by Touch (“Authorized Reseller”) may provide to You or make available to You, to the extent that such items are not accompanied by a separate license agreement or terms of use.
2.3 The License Grant is limited to the number of Users indicated in the Purchase Order.
2.4 Touch will reasonably prioritize necessary changes in the Software Solution resulting from changes in regulatory requirements applicable to You as a financial institution in its roadmap, to the extent such changes relates to compliance management within the scope of the Software Solution.
3. CUSTOMER OBLIGATIONS
3.1 You are responsible for
a) compliance with laws applicable to You;
b) facilitating Touch’s performance of its obligations under these T&Cs;
c) having evaluated and selected the Software Solution as suited for Your needs and operation;
d) using and operating the Software Solution after delivery and ensuring that such use and operation is in compliance with the Documentation; and
e) ensuring that the Software Solution is only accessed by the number of Users to which You are entitled, and that any User complies with Your obligations under these T&Cs.
3.2 You shall not (and shall not permit others to) do the following: (i) use the Software Solution with external programs in a manner that intentionally circumvents contractual usage restrictions; (ii) license, sub-license, sell, re-sell, rent, lease, transfer, distribute or time share or otherwise make any of it available for access by third parties except as otherwise expressly provided in this Agreement; (iii) access it for the purpose of developing or operating products or services intended to be offered to third parties in competition with the Software Solution; (iv) disassemble, reverse engineer or decompile it; (v) copy, create derivative works based on or otherwise modify it except as permitted in this Agreement; (vi) remove or modify a copyright or other proprietary rights notice in it; (vii) use it to reproduce, distribute, display, transmit or use material protected by copyright or other intellectual property right (including the rights of publicity or privacy) without first obtaining the permission of the copyright owner or as otherwise permitted by law; or (viii) use it to create, use, send, store or run viruses or other harmful computer code, files, scripts, agents or other programs or otherwise engage in a malicious act or disrupt its security, integrity or operation. Before You exercise any of the foregoing actions that You believes You are entitled to, You shall provide Touch with thirty (30) days' prior written notice (or, if applicable law or the relevant court order does not allow for such notice, then the maximum amount of notice allowable), and provide reasonably requested information to allow Touch to assess Your claim and, at Touch’s sole discretion, provide alternatives that reduce adverse impacts on Licensor's intellectual property and other rights.
4. TOUCH’S OBLIGATIONS
4.1 General obligations
4.1.1 Touch shall ensure that
a) the Software Solution will not fail to execute its programming instructions due to defects in materials and workmanship when properly installed and used on infrastructure in accordance with Touch's recommended technical requirements; and
b) the Software Solution will substantially conform to its specifications.
4.1.2 If Touch receives written notice of substantial non-conformance to the specification of the Software Solution, Touch will at its own discretion either repair, upgrade or replace the affected Software. If Touch is unable to replace, correct or implement a work-around for a defect or non-conformance in the Software Solution within a reasonable time, You will be entitled to a refund of the remaining part of the Charges for the current license period upon return of the Software Solution.
4.1.3 Touch’s obligations under this clause 4 does not apply to defects resulting from 1) unauthorized maintenance, corrections or modifications; 2) Customer or third party supplied products; 3) use or operation outside the specifications for the Software Solution; 4) failure by You to implement or install and use any replacement, up-date, correction or modification of the Software provided by Touch or 5) improper site preparation.
4.2 Service Levels, support and updates
4.2.1 Touch shall provide the Software Solution and related services in accordance with the requirements in Appendix 4, subject to the selected service levels in the Purchase Order.
4.3 Professional Services
4.3.1 Touch agrees to provide Professional Services to You in accordance with the Agreement, including implementation assistance as specified in Appendix 3 and in the Purchase Order.
4.3.2 Professional Services shall be provided professionally and in workmanlike manner, and Touch shall inform You without delay if there are issues in relation to the provision of its services.
4.3.3 Touch shall ensure that its personnel are suitably qualified and trained when undertaking activities associated with this Agreement.
4.4 Amendments to the Software Solution
4.4.1 The parties acknowledge the benefits of ongoing innovation and development in relation to the Software Solution. Accordingly, Touch may:
a) add or update functionality and features of the Software Solution from time to time;
b) remove functionality or features from the Software Solution that do not materially affect the use thereof to Your detriment,
but only if (i) Touch notifies Customer through of any such changes, and (ii) the Software Solution always include similar functionality as the described functionality in Appendix 1.
4.4.2 Touch may remove functionality from the Software Solution if and to the extent necessitated due to circumstances relating to subcontractors or third parties outside Touch’s reasonable control (such as termination by relevant subcontractors or acquisition of relevant subcontractors by competitors of Touch). As a condition for removing functionality under this clause 4.4.2, Touch shall reduce the applicable Charges with an amount proportional to Your decreased utility value of the Software Solution (and refund a pro-rata amount corresponding to such reduction for any prepaid Charges).
4.5 Subcontractors
4.5.1 You provide a general written authorization for Touch to utilize subcontractors in its provision of the Software Solution. Third parties engaged by Touch in the provision of the Software Solution is listed in Annex 3 of the Purchase Order.
4.5.2 Touch may at any time engage a new sub-contractor or change or replace an existing sub-contractor and will notify You in case of any such engagement, changes or replacements, indicating the name, country location, and subcontracted service of any proposed new subcontractor. Unless You object in writing within fifteen (15) days of being informed about Touch’s use of a new subcontractor, Touch may use the new subcontractor for the indicated activities. You may not unreasonably object to a new subcontractor. If You reasonably object within the given timeline, Touch will use reasonable efforts to change the Software Solution to avoid utilization of the “objected-to” new subcontractor. If Touch is unable to implement such changes within a reasonable period of time, which shall not exceed sixty (60) days from receipt of Your written objection, Your sole and exclusive remedy for such an objection shall be the right to terminate the Agreement.
4.5.3 Touch remain liable for the performance of any tasks by a subcontractor, in the same way as if Touch was performing the tasks itself.
5. CHARGES
5.1 You undertake to pay Touch the applicable Charges for use of the Software Solution and/or fees for other services ordered or consumed during the term of this Agreement.
5.2 The Charges shall be payable in accordance with the Purchase Order and may be adjusted according to Appendix 2. Except as otherwise agreed Charges are due 30 days net from the invoice date. Except for those parts of the Charges that are disputed by You in good faith, any payment not received from You by the due date shall accrue interest from the due date until the date payment is made pursuant to the Norwegian Act No. 100 of 17 December 1976 relating to Interest on Overdue Payments, etc. (Late Payment Interest Act). If Your account is 30 days or more overdue, in addition to any of its other rights or remedies, Touch reserves the right to suspend Your use of the Software Solution, without liability to Touch, until such amounts are paid in full, on the condition that Touch has notified You in writing prior to such suspension.
5.3 All prices are exclusive of, and You will pay, value-added tax and any other relevant taxes or public fees.
5.4 Touch reserves the right to: (a) review the Users’ access to the Software Solution and activity at any time; and (b) invoice You for any access to the Software Solution above the permitted Users in accordance with the Purchase Order.
5.5 Reseller orders
5.5.1 This clause 5.5 applies if You purchase the Software Solution or any Professional Services through an authorized partner or reseller of Touch (“Reseller”).
5.5.2 Instead of paying Touch, You will pay the applicable Charges to the Reseller, as agreed between you and the Reseller. Touch may suspend or terminate Your rights to use Software Solution if Touch does not receive the corresponding Charges from the Reseller.
5.5.3 Instead of entering into a Purchase Order with Touch, Your order details (e.g., Software Solution, number of Users, procured components) will be as stated in the order placed with Touch by the Reseller on Your behalf, and the Reseller is responsible for the accuracy of any such order as communicated to Touch.
5.5.4 If You are entitled to a compensation or a refund under these T&Cs, then unless otherwise specified by Touch, Touch will refund any applicable fees to the Reseller and the Reseller will be solely responsible for refunding the appropriate amounts to You.
5.5.5 Resellers are not authorized to modify these T&Cs or make any promises or commitments on Touch's behalf, and Touch is not bound by any obligations to You other than as set forth in these T&Cs.
5.5.6 The Charges paid or payable by the Reseller to Touch for Your use of the Software Solution under these T&Cs will be deemed the amount actually paid or payable by You to Touch under these T&Cs for purposes of calculating the liability cap in clause 10 (Limitations of Liability).
6. PRIVACY AND DATA PROTECTION
6.1 Touch shall implement and maintain appropriate administrative, physical and technical safeguards designed to protect personal data processed by Touch against loss, damage or disclosure.
6.2 Touch’s processing of personal data in its provision of the Software Solution as a data processor shall be governed by Appendix 5.
7. COPYRIGHT AND PROPRIETARY RIGHTS
7.1 The Software Solution is confidential and protected by copyright laws as well as other intellectual property laws. Title to the Software Solution, including for the avoidance of doubt all technology and methodologies, products, software tools, algorithms, templates, software (in source and object code formats), architecture, class libraries, objects and documentation of the Software Solution existing as of the Effective Date, or otherwise arising from updates, upgrades, improvements, extensions and/or further developments of the foregoing and related technical or end user documentation or manuals is retained by Touch and/or its licensors and the License Grant confers no title, ownership or any other rights in the Software Solution.
7.2 You retain all its rights, title, and interest in and to all intellectual property rights in Your data and any software, methodologies, templates, business processes, documentation or other material authored, invented or otherwise created or licensed (other than by or from Touch) by You for use with the Software Solution and/or made available to Touch in connection with this Agreement (“Customer IPR”).
7.3 You hereby grant Touch a royalty-free, fully-paid, non-exclusive, non-transferable, sub-licensable right to use Customer IPR solely for the purpose of providing the Software Solution and related services to You during the term of this Agreement.
7.4 You have no obligation to give Touch any suggestions, comments or other feedback ("Feedback") relating to the Software Solution. However, Touch may use and include any Feedback that You voluntarily provide to improve the Software Solution or related technology.
8. INFRINGEMENT
8.1 Touch shall defend or settle any claim made against You in which it is alleged that the Software Solution infringes third party's rights, provided that You (i) promptly notify Touch in writing of such claim; (ii) grants Touch sole conduct of the defense of any such claim; and (iii) acts in accordance with the reasonable instructions of Touch and gives Touch such assistance and authorizations as it shall reasonably require to defend or settle such claim.
8.2 Touch shall consult with You prior to any settlement of a claim. Without limiting its obligations, Touch shall also: (i) keep You reasonably informed regarding the conduct of any proceedings; (ii) not settle any claim or make any admission of fault or liability in Your name without Your prior written consent: and (iii) pay any costs and damages finally awarded against You by a competent court or in an out-of-court settlement approved by Touch.
8.3 Touch shall, however, not be liable towards You if the claim: (a) results from Your alternation or unauthorized use of the Software Solution and/or service or from compliance with Your instructions or information; (b) results solely from Your use of the Software Solution or service in combination with any material or service not supplied by Touch; (c) derives from any third party material or service; or (d) could have been avoided by the use of the latest supported release of the Software Solution.
8.4 Touch’s liability for paying any costs and damages finally awarded against You under clause 8.2 above shall be limited to NOK 50,000,000.
8.5 You acknowledge that Touch has no knowledge of, or control over, Your use of the Software Solution. You agree to defend, indemnify, and hold Touch harmless with respect to any suit, claim or proceeding brought against Touch alleging that use by, or under Your authority, of the Software Products or third-party components used in conjunction with the Software Solution caused personal injury, property damage or economic loss.
9. WARRANTIES
9.1 Touch warrants that it has the full legal right to license the Software Solution and Documentation in accordance with this Agreement and holds legal and beneficial title in the Software Solution and Documentation free and clear of any encumbrances that might affect the license(s) granted hereunder and Your ability to use the Software Solution and Documentation.
9.2 Each party represents and warrants that it has the right, power, and authority to enter into this Agreement, to become a party hereto and to perform its obligations hereunder.
9.3 Except as specifically provided in this Agreement, the parties disclaim all warranties, express or implied, including but not limited to the implied warranties of merchantability and fitness for a particular purpose.
10. LIMITATIONS OF LIABILITY
10.1 Each party’s maximum aggregate liability for all claims arising out of or relating to this Agreement, whether for breach of contract, breach of warranty or in tort (including negligence) or otherwise, is limited to 50 % of the aggregate of License Fees paid by You under this Agreement during the 12-month period preceding the event for which damages are claimed up to a maximum amount of NOK 200,000.
10.2 Each party's liability is limited to direct loss only and does not include any loss of profits, loss of business, loss of savings, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or any special, indirect or consequential loss, costs, damages, charges or expenses, including liability to pay compensation to third parties and/or costs incurred for the retention of another provider or other consequential loss.
10.3 The limitation of liability in this clause 10 does not apply in the event of a party’s gross negligence or willful misconduct, not with respect to a party’s obligation to indemnify the other under Clause 8.
11. CONFIDENTIALITY
11.1 Information that the Parties become aware of in connection with this Agreement and the execution thereof shall be treated confidentially and shall be kept confidential and shall not be disclosed to any third party without consent from the other party, unless
a) it is clear and obvious that there are no legitimate interests that dictate that the information should be kept secret;
b) the information is or becomes publicly known (except as a result of a breach of the confidentiality obligations set out herein); or
c) is rightfully received from a third party without restrictions and without breach of any confidentiality obligation.
11.2 Third party refers to anyone that does not have an actual need for access to the information in order to perform their duties under this Agreement. The duty of confidentiality shall apply to the parties’ employees, subcontractors and other parties contributing to or acting on behalf of the parties in connection with the execution of these T&Cs.
11.3 The Software Solution contains Touch’s business and trade secrets and shall be treated as confidential information. You undertake not to make the Software Solution available to any third party without Touch’s prior written approval. You are responsible for informing and instructing any relevant personnel of their obligation to comply with these T&Cs.
12. TERM
12.1 The term of this Agreement shall commence on the Effective Date and shall continue for 36 months following the Start Date in accordance with the Purchase Order (the initial term). If You have chosen a staged implementation approach in accordance with the Purchase Order, the 36 month-period shall commence from the latest Start Date. The Agreement shall automatically renew for successive one-year periods following the initial term, unless either party gives at least sixty (60) days prior written notice of intent to cancel to the other party before the expiration of the then current term in effect (including the initial term or any renewal term).
12.2 Touch may with effect from the beginning of each renewal term in accordance with clause 12.1 and by giving you 60 days’ prior notice:
a) adjust the Charges in accordance with Appendix 2; and/or
b) make reasonable amendments to these T&Cs.
If You do not accept the amended Charges and/or amended T&Cs, You shall be entitled to terminate the Agreement effective from expiration of the term in force. If You do not exercise such rights within 15 business days following Touch’s notice, You shall be deemed to have accepted Touch’s adjustment of the Charges and/or amended T&Cs.
12.3 Either party may terminate this Agreement upon 30 days' notice, if the other commits a material breach of this Agreement, that is not capable of remedy.
12.4 Either party may terminate the Agreement immediately if the other is declared bankrupt, or becomes insolvent, or makes any arrangement or composition with or assignment for the benefit of its creditors, or goes into either voluntary, or compulsory liquidation or a receiver or administrator is appointed over their assets.
12.5 Touch may at any time terminate the Agreement or suspend your access to the Software Solution:
a) By giving You 90 days’ notice in the event that any change in applicable law, regulation, third party price increases or any other change materially increases Touch’s costs in providing You with the Software Solution, provided that Touch shall refund you an amount corresponding to what You have already prepaid for the remaining part of the term of this Agreement; or
b) immediately if You in Touch’s sole discretion breach the applicable license terms of the Software Solution in a non-insignificant manner or engage in illegal practices.
12.6 Upon termination of this Agreement for any reason, the rights granted under this Agreement will be immediately revoked and Touch may immediately deactivate Your access to the Software Solution, whereby You shall immediately cease use of the Software Solution and Documentation and erase any copy from computer systems and confirm completion of the aforesaid in writing to Touch. Irrespective of this, Touch shall grant You a reasonable time limit for extracting Customer Data and Customer may always procure Termination Assistance in accordance with clause 15 below.
12.7 Termination of this Agreement shall neither release You or Touch from any obligations undertaken under clauses 7, 10, 11, and 16.4 of this Agreement.
13. FINANCIAL SERVICES
13.1 If You are an institution subject to supervision by a financial supervisory authority and obliged to comply with regulation (EU) 2015/35, the EBA Guidelines on Outsourcing Arrangements (EBA/GL/2019/02) and/or the EIOPA Guidelines on outsourcing to cloud service providers, it is agreed that the regulations included in Appendix 6 (Financial Services) shall apply between the parties.
14. AUDITS
14.1 Touch shall have the right to verify, through technical means, that the use of the Software Solution follows this Agreement.
15. TERMINATION ASSISTANCE
15.1 Touch shall, within reasonable time after, after receiving a specific request from You, prepare a detailed plan for the termination phase, called Termination Plan. You have the right to involve a new supplier to assist with or supplement the Termination Plan on Your behalf.
15.2 Unless otherwise agreed, the Termination Plan shall as a minimum contain the following points:
a) Preparations in connection with termination of the Agreement;
b) Touch’s assistance in connection with You entering into a new agreement.
c) Transfer of data to a possible new supplier or to You;
d) Any requirements for transfer of Documentation etc. (e.g., source code for integrations or specially developed modules) to a possible new supplier or to the Customer; and
e) Any subsequent assistance from Touch.
15.3 The Termination Plan shall detail specific activities needed to be performed by Touch and applicable time frames. The Termination Plan shall also describe requirements for Your participation as well as requirements for necessary cooperation between Touch and You in connection with the termination.
15.4 You shall pay for the services mentioned above. Unless otherwise agreed in the Termination Plan, such services shall be paid for in accordance with Touch’s hourly rates as specified in the Purchase Order.
16. MISCELLANEOUS
16.1 Entire Agreement and Modifications
16.1.1 This Agreement sets forth the entire agreement and understanding of the parties relating to the subject matter hereof and supersedes any and all prior oral and written agreements, understandings and quotations relating thereto. No waiver, alteration, modification, or cancellation of any of the provisions of this Agreement shall be binding unless made in writing and duly signed by authorised representatives of the parties.
16.2 Force Majeure
16.2.1 In no event shall a party be liable or responsible to the other, or be deemed to have defaulted under or breached the Agreement, for any failure or delay in fulfilling or performing any term of the Agreement, when and to the extent such failure or delay is caused by any circumstances beyond the party's reasonable control, including flood, fire, earthquake or explosion, war, terrorism, invasion, riot or other civil unrest, embargoes or blockades in effect on or after the date of the Agreement, national or regional emergency, strikes, labour stoppages or slowdowns or other industrial disturbances, imposition of any trade restrictions, embargos, export or import restriction or other restriction or prohibition or any complete or partial government shutdown, or national or regional shortage of adequate power or telecommunications or transportation.
16.3 Assignment
16.3.1 A party is not entitled to assign its rights and/or obligations under the Agreement without the prior written consent of the other party.
16.3.2 Notwithstanding the above, Touch may assign the Agreement to an Affiliate without Your consent, provided that the Affiliate assumes all of the applicable obligations of Touch under this Agreement.
16.4 Governing law and legal venue
16.4.1 This Agreement shall be governed by and construed in accordance with Norwegian law with Oslo District Court (Oslo tingrett) as legal venue in the first instance.
APPENDIX 1: DESCRIPTION OF THE SOFTWARE SOLUTION
1. SOLUTION
1.1 GuardREC® Compliance
The Software Solution, GuardREC® Compliance, is a centralized compliance solution for financial institutions. The solution includes state-of-the-art functionality for compliance management throughout all the customer dialogue. GuardREC® Compliance offers interchangeable plugins for capturing audio, text, screens and video with a set of GuardREC® Capture plugins.
1.2 GuardREC® Capture
GuardREC® Capture is a framework for communication sources and is tailor-made for each interface to normalize the data to GuardREC® format. The GuardREC® Capture plugins communicate with GuardREC® Compliance over an API and are technically separated from GuardREC® Compliance. GuardREC® Capture plugins can be installed in the cloud or on-premises, depending on the communication source interface.
Further overview and description of the available GuardREC® Capture plugins can be found here: https://www.guardrec.com/en/compliance/integrations.
1.3 Legacy recordings
Legacy recordings can be converted into GuardREC® Compliance to get a complete overview of all recorded communications in one solution. Conversion of legacy recordings into GuardREC® Compliance is done free of charge. If the Customer needs assistance extracting legacy data to a readable format, Touch can assist for an hourly fee. If an advanced import is desired, i.e., import with additional metadata such as comments, tags, audit trail etc., Touch can assist for an hourly fee specified in the Purchase Order.
1.4 New versions
GuardREC® Compliance is developed continuously and new versions are made available regularly. We encourage all our customers to provide input for changes and new features.
1.5 Automatic transcription
GuardREC® Compliance supports automatic transcription to convert audio to text, enabling search for the content in audio. The Software Solution uses Microsoft Azure Cognitive services (Speech-to-text) and is a shared service for all Touch customers. Automatic transcription is permission-based, enabling specified users to transcribe audio. GuardREC® Compliance supports automatic transcription of 120+ languages such as English, Norwegian, Danish, Swedish, Finnish, German, Spanish, Mandarin, etc. The complete list of all supported languages can be found on Microsoft’s websites.
1.6 Flexible deployment
GuardREC® Compliance can be implemented as a cloud, on-premises, or hybrid solution. Touch offers a hosted Software Solution on Microsoft Azure infrastructure in customer-selected datacenter regions (Norway East by default).
2. ADDITIONAL SERVICES
2.1 Custom integrations
Touch can integrate with customer-specific communication sources or systems currently not supported for an hourly fee stated in the Purchase Order. A pre-project may be required to establish integration specifications and costs.
2.2 Training and certification
2x2 hours start-up training sessions for end-users are included in the License Fee. Touch offers additional online training, classroom training and certifications for fees stated in the Purchase Order.
APPENDIX 2: PAYMENT TERMS
1. LICENSE FEES
The License Fees for use of GuardREC® Compliance and the agreed GuardREC® Capture plugins for up to the stated quantity of users are in the Purchase Order. The License Fees do not include any recording costs by third-party operators.
2. TERMS OF PAYMENT AND INVOICING
2.1 General Terms
Annual invoicing of the License Fee is set to start on the Start Date as set out in the Purchase Order. For the avoidance of doubt, invoicing will occur successively following each one-year period from the Start Date. Touch’s right to invoice the License Fee shall apply regardless of any extensions of the Start Date due to circumstances for which Touch is not responsible.
2.1.1 Right to partially cancel
The Customer may by giving 30 days’ notice prior to expiration of the initial term or a renewal period, cancel one or more GuardREC® Capture plugins, whereby Touch shall reduce the applicable License Fees proportional to such cancellation.
2.2 Disbursements and travel costs, etc.
Documented travel and accommodation costs are charged according to the Norwegian Government Travel Allowance Scale applicable at any given time, unless otherwise agreed.
2.3 Payment in connection with the termination of the Software Solution
Unless otherwise agreed, Touch’s work in connection with the termination of GuardREC® Compliance or GuardREC® Capture plugins will be payable based on time spent in accordance with the agreed hourly rates.
3. PRICE CHANGES
3.1 Adjustments according to the consumer price index
The License Fee may be adjusted at the beginning of every calendar year by an amount equivalent to the increase in the consumer price index (the main index) of Statistics Norway, with the initial reference index value being the index value for the month when the Agreement was signed.
3.2 Adjustments in public dues
The License Fees may also be adjusted to the extent the rules or administrative decisions for public dues are amended in a way that affects the consideration or costs of Touch. Touch shall submit and document such claim in writing.
APPENDIX 3: TENTATIVE DELIVERY PLAN
1. THE CUSTOMER’S RESPONSIBILITY FOR FACILITATION
In general, the Customer is responsible to provide necessary access and documentation requested by the Touch to activate the GuardREC® Capture plugins agreed in the Purchase Order.
1.1 Import of Legacy data
The Customer is responsible to make any legacy recordings available for Touch in a readable format for conversion into GuardREC® Compliance.
1.2 GuardREC® Capture plugins
Prerequisites for activating the GuardREC® Capture plugins agreed upon in the Purchase Order will be provided during the system preparation project phase. The Customer is responsible for the execution of these prerequisites. Touch will assist in this process.
1.3 On-prem / private cloud deployments
This section applies only when GuardREC® Compliance is to be deployed on-prem or in the Customer's private cloud. The Customer is responsible for the facilitation and maintenance of private cloud infrastructure or in-house servers.
2. DELIVERY PROCESS
Upon entering into this Agreement, the parties have agreed on a High Level Delivery Plan set out in the Purchase Order.
Following the Effective Date, the Customer and Touch shall cooperate to plan in detail the facilitation and implementation of the Software Solution in a Detailed Delivery Plan within the framework of the High Level Delivery Plan.
The Detailed Delivery Plan shall describe the main activities and the correlations between them, including roles and responsibilities, as well as agreed delivery deadlines. If delivery shall take place gradually in several steps, the Detailed Delivery Plan shall describe how this shall be executed.
The Detailed Delivery Plan shall specify how any approval test (if applicable) shall be performed.
APPENDIX 4: SERVICE-LEVEL AGREEMENTS
1. GENERAL
GuardREC® Compliance can be either Touch-managed or Customer-managed, depending on how it is deployed. The Customer's selected deployment is specified in the Purchase Order.
a) GuardREC® Compliance is Touch-managed when hosted by Touch on Microsoft Azure infrastructure.
b) GuardREC® Compliance is Customer-managed when deployed on-prem or in the Customer’s private cloud.
The GuardREC® Capture plugins can be deployed in the cloud or on-prem, depending on the communication source interface. If a GuardREC® Capture plugin is deployed on-prem, the infrastructure on where the plugin is deployed is Customer-managed. Any on-premise GuardREC® Capture plugins managed by the customer are outlined in the Purchase Order.
Touch offers the following Service-level Agreements:
1. Application SLA
2. Infrastructure SLA
whereas the Infrastructure SLA only applies to the parts of the Solution which is Touch-managed.
2. APPLICATION SLA
We will deploy the Software Solution in cooperation with the customer and create maintenance routines and operation routines available. This includes hosting, maintenance, service, solution monitoring, and backup routines combined with technical training.
2.1 Shared monitoring and application governance
To comply with laws and regulations and avoid loss of data, the complete recording and record-keeping solution should be regarded as a shared responsibility between Touch and the Customer.
2.2 Monitoring
Operational monitoring and reporting of system health and status is provided through in-application dashboards, on-demand and scheduled reports.. The monitoring is configurable and has defined levels; critical alarms (potential loss of data) and warnings (potential er temporary loss of replay functionality).
2.3 Alarms
GuardREC® Compliance offers a series of built-in alarms and monitoring capabilities. When the system detects a fault situation, an alarm is raised. An example of a fault situation is when a recording source becomes unavailable. The alarm is visualized in the UI as a blinking alarm lamp. Navigating to the alarms page will give the user a detailed description of the fault situation and how to resolve it.
GuardREC® Compliance can be set up to send alarms via email (SMTP). Alarms can be set up to be sent to both the customer and Touch.
2.4 Updates
New application versions containing new features, bug fixes, security updates and other improvements will be made available regularly.
When the Software Solution is Touch-managed, the application will always be up to date on the latest version available.
When the Software Solution is Customer-managed, new versions are made available free of charge and updating can be performed with the built-in update feature. If the Customer needs assistance updating to new versions, Touch can assist for an hourly fee specified in the Purchase Order. We recommend always keeping the system up to date.
The Application SLA only applies as long as the application is up to date on the latest version available or 2 (two) versions back at the most.
2.5 Record keeping and data storage Retention Time
The retention time for recorded data is configurable as per client request but generally set to 5 years according to MiFID II. Recorded data older than the set retention will automatically be deleted.
2.6 Application support
2.6.1 Support tiers
Tier 0 support is always available online at https://help.guardrec.com.
| Tier 0 | Self-help and user-retrieved information |
| Tier 1 | Basic help desk resolution and service |
| Tier 2 | In-depth technical support |
| Tier 3 | Expert product and service support (Dev team) |
| Tier 4 | Outside support for problems not supported by the organization |
Tier 0 – 2 is included in User Fee, Tier 3 is priced per hour, Tier 4 is priced on request.
2.6.2 Support levels
Support requests can be raised by email to support@touchcallrecording.com or by phone to the Touch helpdesk. Our helpdesk will record the request in Touch’s ticket system.
| Standard support |
Standard support is included in the license fee and is available during normal business hours 08.00 – 16.00 CET. |
| Extended support |
Extended support availability 06-00 – 18.00 CET. Pricing will be given or request. |
| Premium Support |
Premium support availability 24/7/365. Pricing will be given or request. |
2.6.3 Support classification
All support requests will be classified upon receipt with the following levels:
| Critical – Priority 1 | The problem is critical with potential ongoing data loss. |
| Major – Priority 2 |
The problem causes substantial loss of service. A significant software function is experiencing a reproducible issue that causes a considerable inconvenience. |
| Low – Priority 3 |
The problem causes minor loss of service or is a minor error. The impact is an inconvenience that may require a workaround to restore functionality or is a minor error, incorrect behavior, or a documentation error that does not impede the operation of a system. |
2.6.4 Support response
Touch will use reasonable endeavors to achieve the following Response, Resolution, and update times with all Incidents being classified per the priority levels within regular business hours for standard support level.
| Response Time | Resolution Time (*) | Update Frequency | |
| Critical – Priority 1 | 1 hour | 4 hours | 4 hours |
| Major – Priority 2 | 4 hours | 8 hours | 8 hours |
| Low – Priority 3 | 8 hours | 5 days | 5 days |
(*) This is an estimation only. Resolution time will vary depending on the issue, and for some issues, the resolution time can be considerably longer.
3. INFRASTRUCTURE SLA
3.1 Service elements
The Infrastructure SLA only applies to the parts of the Solution which is Touch-managed.
3.1.1 Server patching
Servers will normally be hot-patched. If this is not possible, patching will be done as follows:3.1.2 Service Window
Solution updates, server patching etc. is mainly done during the service window. The service window is defined as the period between 16.00 to 20.00 every Thursday.
3.1.3 Solution monitoring
Touch monitors the application and virtual machines 24/7/365 using blinQ. This tool monitors each service in the cloud and sends notifications to our support team. Resources like network, memory, CPU and storage are constantly monitored. Performance data is stored and used to detect trends and potential issues, to enable pre-emptive measures. As a minimum the following is monitored, and threshold warnings and alarms are sent to technical support.
3.1.4 Server and network
3.1.5 Solution monitoring and alarms
3.2 Backup and recovery
3.2.1 Solution Backup
The solution is backed up daily using the built-in Azure instant back-up service. The Azure instant backup takes a complete snapshot of the complete VM, including storage. The Azure backup is set to geo-redundant storage (GRS), to protect against region-wide outages. The GRS replicates the backed-up data to two regions, Norway East and Norway West.
3.2.2 Solution Recovery
The Recovery Time Objective (RTO) is within 24 hours. The recovery point is last available, functional backup. Recovery Point (RPO). Once the restore has been conducted GuardREC® Compliance will check for any missing recordings between the Recovery point and the current time to prevent any data loss.
3.3 Technical support
3.3.1 Standard support level
Support requests can be raised by sending email to support@touchcallrecording.com or by phone to Touch helpdesk. Our helpdesk will record the request in Touch’s ticket system. Standard support is included in the quarterly license fee and are available during normal business hours 08.00 – 16.00 CET. Extended support (06-00 – 18.00 CET) or Premium support (24/7) are available, and pricing will be given or request.
3.3.2 Support classification
All support requests will be classified upon receipt with the following levels:
| Critical – Priority 1 | The problem is critical with potential ongoing data loss. |
| Major – Priority 2 |
The problem causes substantial loss of service. A significant software function is experiencing a reproducible issue that causes a considerable inconvenience. |
| Low – Priority 3 |
The problem causes minor loss of service or is a minor error. The impact is an inconvenience that may require a workaround to restore functionality or is a minor error, incorrect behavior, or a documentation error that does not impede the operation of a system. |
3.3.3 Support response
Touch will use reasonable endeavors to achieve the following Response, Resolution and update times with all Incidents being classified in accordance with the priority levels within normal business hours for standard support level.
| Response Time | Resolution Time (*) | Update Frequency | |
| Critical – Priority 1 | 1 hour | 4 hours | Every 4 hours |
| Major – Priority 2 | 4 hours | 8 hours | Every 8 hours |
| Low – Priority 3 | 8 hours | 5 days | 5 days |
(*) This is an estimation only. Resolution time will vary depending on issue, and for some issues the resolution time can be considerably longer.
APPENDIX 5: PERSONAL DATA PROCESSOR AGREEMENT
(A) This data processor agreement (“DPA”) sets out the terms and conditions for the processing of the personal data by Touch on behalf of the Customer under the Agreement.
(B) Touch act as a data processor (“Processor”) and the Customer act as a data controller, the concepts of which are further defined in the GDPR.
(C) “Data Protection Laws” shall mean the General Data Protection Regulation (2016/679/EU) including the instructions and binding orders of the data protection authorities (“GDPR”), as well as any applicable Norwegian data protection legislation, to the extent that said laws are applicable to the provision of the Software Solution or the location where personal data is processed.
IT IS AGREED as follows:
1. DEFINITIONS
Any terms defined under the GDPR shall have the meaning set forth therein.
2. SCOPE AND PURPOSE; CATEGORIES OF PERSONAL DATA AND DATA SUBJECTS
The purpose and subject matter of the processing of the personal data by the Processor is the provision of the Software Solution pursuant to the Agreement. The Customer instructs the Processor to process personal data concerning data subjects as further specified in ATTACHMENT 1. The duration of the processing shall be the term of the Agreement.
3. RIGHTS AND RESPONSIBILITIES OF THE CUSTOMER
The Customer shall process the personal data in compliance with Data Protection Laws and at all times retain title and other rights, howsoever arising, to the personal data, including by ensuring that a legal basis for the processing exists under GDPR Article 6 and/or 9. The Customer shall be responsible for informing the Processor if the information contained within ATTACHMENT 1 is inaccurate or requires updating.
4. RESPONSIBILITIES AND RIGHTS OF THE PROCESSOR
The Processor shall not use the personal data for any purposes other than those specified in the Agreement and this DPA.
The Processor shall: (i) process the personal data in accordance with prevailing information management industry standards and in compliance with Data Protection Laws; (ii) Process the personal data only in accordance with the documented instructions of the Customer and immediately inform the Customer if, in its opinion, a Customer instruction breaches Data Protection Laws; (iii) ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; (iv) to the extent feasible and subject to any applicable fees in the Agreement, assist the Customer in its response to rights exercised by data subjects or powers exercised by supervisory authorities under GDPR (v) provide the Customer with all information necessary to demonstrate compliance with the Customer’s obligations under applicable Data Protection Laws; (vi) allow for and contribute to audits conducted by the Customer as set forth (and subject to the limitations) in this DPA; (vii) Process the personal data only during the term of this DPA; (viii) provide reasonable assistance to the Customer with any data protection impact assessments and with any prior consultations to a supervisory authority, in each case where these are required by GDPR, and solely in relation to processing of personal data by the Processor on behalf of the Customer and taking into account the nature of the processing and information available to the Processor.
This DPA shall not prevent the Processor from disclosing or otherwise processing the personal data as required by law, regulation or by a competent court or supervisory authority.
The Customer shall compensate the Processor for all reasonable costs and expenses it incurs under this DPA, unless such costs are specified as being for the Processor’s account as part of the provision of the Software Solution.
5. DATA SECURITY
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing the Processor shall implement technical and organisational measures to ensure the confidentiality, integrity, availability of the personal data and to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure.
6. PERSONAL DATA BREACH NOTIFICATION
In the event of a personal data breach, the Processor shall without undue delay notify the Customer once it has a reasonable degree of certainty that a personal data breach has occurred. The personal data breach notification shall contain at least the following (to the extent the Processor is privy to such information): a description of the nature of the personal data breach including, the categories and approximate number of data subjects concerned and the categories and approximate number of data records concerned; a description of likely consequences of the personal data breach; and a description of the measures taken to address the personal data breach and to mitigate its possible adverse effects.
7. RETURNING OR DESTRUCTION OF PERSONAL DATA
Upon termination/expiry of the Agreement, based on the Customer’s specific instruction received prior to termination/expiry of the Agreement and subject to Processor’s fees payable by the Customer (if any), the Processor shall either delete/destroy or return to the Customer or to a third party designated by the Customer all personal data.
The Processor shall confirm on request to the Customer in writing that any deletion/destruction or return has taken place.
8. SUBPROCESSORS
The Provisions set forth in the T&Cs, clause 4.5 applies correspondingly to any subcontractors processing personal data on behalf of the Customer under the Agreement.
The Processor’s sub-processors at the Effective Date are listed in the Purchase Order.
The Processor is obliged to regularly monitor the performance of its sub-processors and it remains fully liable for the personal data processing activities of its sub-processors.
9. TRANSFER OF PERSONAL DATA
The Customer consents to Processor’s processing of personal data outside the European Economic Area (EEA) to the extent this is set out in the Purchase Order. Any other processing of personal data outside the EEA shall be subject to Customer’s consent. If such personal data is subject to GDPR or other EEA Data Protection Laws, any such transfers shall be under the terms of the EU Commission’s Standard Contractual Clauses or similar approved mechanisms, or the transfer shall be to a to a country which is approved by the European Commission as ensuring an adequate level of protection.
10. AUDITS
Always provided that the Processor shall not be required to provide or permit access to information concerning (i) other customers of the Processor; (ii) any Processor non-public external reports; and (iii) any internal reports prepared by the Processor's internal audit or compliance function, at any time during the term of this DPA, the Customer and/or a recognised, independent third party auditor appointed by the Customer shall have the right, on at least fourteen (14) business days' notice, to perform audits and inspections of the Processor’s facilities in accordance with the Agreement. However, any audit pursuant to this DPA shall be limited to assessing the Processor’s compliance with its obligations under this DPA. Except where a personal data breach has occurred, no more than one such audit shall be conducted in any twelve (12) month period. The Customer shall bear all costs associated with exercising the information, access and audit rights set out in this clause 10, including the Processor’s reasonable internal costs incurred from participating in the audit. Customer acknowledges that Processor is obliged to regularly monitor the performance of its sub-processors, and as such, Customer shall have no right under this DPA to audit or demand access to or information from any sub-processor.
11. LIABILITY
The parties' liability for damage suffered by a data subject or other natural persons which is due to a violation of Data Protection Laws or this DPA will follow the provisions of article 82 of the GDPR.
The parties are individually liable for administrative fees imposed pursuant to article 83 of the GDPR.
In no event shall the Processor’s liability exceed with respect to personal data breaches, the limits of liability as set out in the Agreement.
12. TERM AND TERMINATION
This DPA shall survive until any of the Customer’s personal data ceases to be processed by the Processor.
13. CHANGES IN DATA PROTECTION LAWS
Each party may notify the other party in writing from time to time of any variations to this DPA which the party reasonably considers to be necessary to address the requirements of the Data Protection Laws or any decision of a supervisory authority or competent court. Any such variations shall take effect thirty (30) calendar days after the date such written notice is sent to the other party, unless the other party notifies the party sending the notice of any reasonable objections within this thirty (30) day period, in which case the parties shall co-operate in good faith to agree on the form of the variations.
ATTACHMENT 1
1. Processing purpose
The purpose of the processing is to provide the services according to the Main Agreement, including recording calls and other customer communication. Lawful processing includes collection, registration, storage, transfer, automatic transcription, disclosure, and deletion.
2. Processed data
The processed data on behalf of the Data Processor;
3. Categories of data subjects
Anyone that communicates with a recorded user in a recorded channel.
4. Storage period/erasure procedures
The processed data is automatically deleted when it is no longer lawfully required to be stored. Typically 30 days, five years, or seven years, depending on the processed data type. Upon termination of the provision of personal data processing services, the data processor shall either delete or return the personal data.
5. Processing location
The Processing location(s) are listed in the Purchase Order.
APPENDIX 6: FINANCIAL SERVICES
1. INTRODUCTION
1.1 This Appendix 6 will apply to any service delivered by Touch to the Customer pursuant to the Agreement that is subject to supervision by a financial supervisory authority and obliged to comply with regulation (EU) 2015/35, the EBA Guidelines on Outsourcing Arrangements (EBA/GL/2019/02) and/or the EIOPA Guidelines on outsourcing to cloud service providers.
1.2 In the context of this Appendix 6, a public authority shall mean any competent authority, resolution authority, agency or other body with regulatory jurisdiction over the Customer from time to time.
2. ENABLING CUSTOMER COMPLIANCE
2.1 Audits and access rights
2.1.1 Customer, itself or through a third party (not being a competitor of Touch), or any public authorities, shall have unrestricted access rights to, upon request, receive information from, inspect, control, monitor and audit Touch in order to verify whether it meets its obligations and responsibilities set forth in the Agreement, in particular the confidentiality obligations and obligations concerning the processing of personal data.
2.1.2 Touch shall fully cooperate in the audit and the audit preparations and shall make available and give access to all information required to conduct the audit.
2.1.3 The Customer shall notify the Supplier fourteen (14) business days in advance of an audit, unless this is not possible due to an emergency or crisis situation or would lead to a situation where the audit or information request would no longer be effective. Additionally, audits carried out by public authorities may be performed without notice and in accordance with the public authorities’ instructions. The Customer or a third party assigned by the Customer to carry out an audit shall enter into a non-disclosure agreement as reasonably requested by Touch.
2.1.4 The Customer may at any time request information on on-going reporting relating to the Agreement, in the format which is necessary to monitor any outsourced services or comply with regulatory requirements.
2.1.5 Any performance of access and information rights and/or audit rights shall not result in access to any data belonging to other clients of Touch. The Customer shall exercise its access and information rights and its audit rights in a proportionate matter which does not cause unnecessary disturbance to Touch. The Customer shall, unless otherwise is considered necessary to comply with its obligations under applicable law, exercise its rights of access, information and audit by:
a) relying on third party certifications and third party internal audit reports made available by Touch; or
b) making use of pooled audits organized jointly with other clients of Touch (if relevant).
2.1.6 The Customer shall bear all costs associated with exercising the information, access and audit rights set out in this clause 2.1, including Touch’s reasonable internal costs incurred from participating in the audit.
2.2 Notification
2.2.1 Touch will provide communications to Customer regarding (1) the nature, common causes, and resolutions of security incidents and other circumstances that can reasonably be expected to have a material service impact on Customer’s use of the Software Solution; (2) any Touch risk-threat evaluations; and (3) significant changes to Touch’s business resumption and contingency plans, or other circumstances, that might have a serious impact on Customer’s use of the Software Solution.
2.3 Investigatory powers of supervisory authorities
2.3.1 Touch is aware of and accepts the information gathering and investigatory powers of public authorities under Article 63(1)(a) of Directive 2014/59/EU and Article 65(3) of Directive 2013/36/EU.
2.4 Confidentiality
2.4.1 Touch shall comply with confidentiality provisions set out in sections 16-2, 9-6 and 9-7 of the Norwegian Financial Undertakings Act (Nw. Finansforetaksloven).
3. SPECIAL TERMINATION RIGHTS
3.1 The Customer may terminate this Agreement for convenience if it receives communication from a public authority which instructs the Customer to terminate, or if Touch fails to accommodate necessary amendments or other changes necessary to effectively safeguard the concerns communicated by a public authority.
3.2 Upon termination for convenience in accordance with clause 3.1 above, the Customer shall pay to Touch:
a) any invoiced but unpaid amount; and
b) ten percent (10 %) of the remaining unpaid License Fees under the current Term (which may be the initial term or a renewal term).
4. TERMINATION PLAN
4.1 Touch shall, within reasonable time after, after receiving a specific request from the Customer, prepare a detailed plan for the termination phase, called Termination Plan. The Customer has the right to involve a new supplier to assist with or supplement the Termination Plan on behalf of the Customer.
4.2 Unless otherwise agreed, the Termination Plan shall as a minimum contain the following points:
a) Preparations in connection with termination of the Agreement;
b) Touch’s assistance in connection with the Customer entering into a new agreement.
c) Transfer of data to a possible new supplier or to the Customer.
d) Any requirements for transfer of Documentation etc. (e.g., source code for integrations or specially developed modules) to a possible new supplier or to the Customer.
e) Any subsequent assistance from Touch.
4.3 The Termination Plan shall detail specific activities needed to be performed by Touch and applicable time frames. The Termination Plan shall also describe requirements for the Customer's participation as well as requirements for necessary cooperation between Touch and the Customer in connection with the Termination.
4.4 The Customer is obliged to pay for the services mentioned above. Unless otherwise agreed in the Termination Plan, such services shall be paid for in accordance with Touch’s hourly rates as specified in Purchase Order.
