Terms of service

These Terms of Service concern DevSecLab. We have done our best to make these Terms as reader-friendly as possible and paid particular attention to the length, wording and structure of these Terms. These Terms will inform you about your rights and obligations as a user or subscriber to DevSecLab. After you have finished reading, you can accept these Terms and start using the service.

What is the “Short version”?

To make these Terms more simple, understandable and user-friendly, you can find a summary of each section in the "Short version". These Terms are designed for you, so that both of us understand the substance of them and you know what you are committing to. Short version sections are for ease of reading and don’t affect interpretation of these Terms.

Service

Short version
These Terms tell what is expected from us and how we should act when using DevSecLab. You must accept them if you want to use DevSecLab. All content of DevSecLab belongs to Fraktal. During installation or maintenance, DevSecLab might be temporarily unavailable.

Your agreement to these terms

  • To use DevSecLab, you need to read and accept these Terms of Service.

Parties

  • You = the company that purchases a licence to DevSecLab.
  • User = the person who is using DevSecLab with your purchased licence.
  • Fraktal = the supplier of DevSecLab.
    • Fraktal’s contact information:
    Fraktal Oy (2999723-8)
    Kalevankatu 34 A 6-8, 00180 HELSINKI
    help@devseclab.fi
  • We = you and Fraktal together.

DevSecLab as a service

  • These Terms dictate the use of DevSecLab and are in force until they are terminated (see Validity).
  • DevSecLab is an online cyber security platform for software developers.
    • DevSecLab works best with Mozilla Firefox and Chrome browsers. Safari browser isn’t currently supported.
    • DevSecLab can be accessed through this link.
  • All content of DevSecLab belongs to Fraktal.
    • These Terms won’t give you or the user any Fraktal’s existing intellectual property rights.
    • Neither you nor the user can resell or in any other way distribute DevSecLab or its material to third parties without the written consent of Fraktal.
  • The user can access to DevSecLab after you have purchased the licences and Fraktal has created the user profile based on the contact information given by you.
    • The user receives an email when the access is granted.
  • DevSecLab is provided on “as-is” basis.
    • Fraktal won’t give you any warranty or guarantee, expressed or implied, for DevSecLab.

Maintenance and suspension of DevSecLab

  • Fraktal has the right to temporary suspend the user’s access to DevSecLab for reasonable duration.
    • The suspension is allowed if it is necessary for installation, change or maintenance purposes and if the work can’t be performed at a reasonable cost without such suspension.
    • Fraktal will strive to minimise any inconvenience resulting from the suspension.
  • Fraktal backups DevSecLab and users’ progression.

Responsibilities

Short version
These Terms give us responsibilities to uphold. We will provide you with the necessary support and information and defend you in case of infringement of intellectual property rights. In turn, you will have to keep your information up-to-date and keep the user credentials secure. Each of us will take care of data security and confidentiality. If we face any kind of damages, there are specific rules on the limitation of the liability.

General responsibilities

  • Fraktal’s responsibilities are:
    • to perform its responsibilities with due care and professionality;
    • to ensure that instructions for DevSecLab and requirements for operating environment are available to you.
    • to provide users with support services for minor user problems by email or other support method pointed out by Fraktal. More extensive support services and user training must be agreed separately.
  • Your responsibilities are:
    • to ensure that your users have sufficient equipment and connections to use DevSecLab;
    • to give Fraktal your contact information and inform of any changes.

    User credentials

    • Fraktal creates the user credentials after you have provided Fraktal with accurate contact information of the users.
    • User credentials are personal and can’t be disclosed to others. Every user must keep their user credentials secure.
      • Fraktal encourages users to use strong passwords.
      • You must notify Fraktal immediately if the user credentials have been disclosed or if there’s a reason to suspect that the user credentials are being misused.
        • You are responsible for all use of DevSecLab with the user credentials until Fraktal receives your notification of misuse.
    • Fraktal has the right to reset the user credentials at any time:
      • if Fraktal has a reason to believe that the user credentials have been disclosed or they are misused;
      • if there’s a data security risk;
      • for any other technical reason.
    • If the user credentials are reset, Fraktal will inform the user without undue delay.

    Data security

    • Each of us must ensure that the environments, such as equipment, communications network and business premises, are protected against data security threats with adequate procedures.
    • Each of us must notify of any data security risks and breaches without undue delay.
    • Each of us must take immediate action to eliminate or reduce the effect of any data security breach and contribute to the investigation of such breach.

    Infringement of intellectual property rights

    • Fraktal will defend you at its own expense against claims that DevSecLab infringes a third party’s intellectual property right in Finland. In such a case, you will have to:
      1. promptly notify Fraktal in writing of the presented claims;
      2. permit Fraktal to defend or settle the claims on behalf of you;
      3. give Fraktal, at Fraktal’s request and expense, all necessary information and assistance available as well as the necessary authorisations.
    • If you have fulfilled these requirements, Fraktal will pay all damages and attorney fees awarded in a trial or agreed to be paid to a third party.
    • The above-mentioned defence and indemnification obligations don’t apply:
      • when a claim arises from content, or an application not related to Fraktal or by your breach of these Terms;
      • when the claim is asserted by your affiliated company.
    • If Fraktal receives information about an infringement or misappropriation claim related to DevSecLab, Fraktal can at its own expense:
      1. modify DevSecLab so that it no longer infringes and the modified DevSecLab still complies with these Terms;
      2. terminate these Terms and DevSecLab with 40 days’ written notice.
    • Fraktal’s liability for any infringement of intellectual property rights in DevSecLab are limited to this section.

    Liability for damages and limitation of liability

    • The maximum liability for damages must not in total exceed the calculatory annual invoicing (12 months) price (VAT excluded) for DevSecLab when these Terms were breached.
    • Neither of us is liable for any indirect or consequential damage.
    • The limitations of liability do not apply to liability regarding:
      • damages related to Confidentiality;
      • damages related to Infringement of intellectual property rights;
      • damages caused by the transfer, copying or use of DevSecLab contrary to law or these Terms;
      • wilful conduct or gross negligence.

    Confidentiality

    • Each of us must keep confidential all material or information that we have received from each other while these Terms are in force and that should be understood to be confidential.
    • Such material or information must not be used for any other purposes than using or providing DevSecLab.
    • The confidentiality doesn’t concern information that:
      1. is generally available or otherwise public;
      2. the receiving party has received from a third party without any obligation of confidentiality;
      3. was in the possession of the receiving party before it received the information from the other party;
      4. has no obligation of confidentiality related thereto;
      5. which the receiving party has independently developed without using material or information received from the other party;
      6. which the receiving party is required to provide due to law or regulation by the authorities.
    • Each of us must stop using the confidential material when these Terms are terminated or when the confidential material is no longer needed for using or providing DevSecLab.
      • Upon request, the material and all copies, must be returned or destroyed.
    • Each of has, however, the right to retain material:
      • as required by law or regulation by the authorities;
      • contained in regular back-up copies of comprehensive datasets from which it isn’t possible to delete specific material without significant efforts or costs.
    • The rights and responsibilities regarding confidentiality will survive the termination of these Terms for five years (see Validity).

    Payments

    Short version
    You need to buy 30-day licences for your employees so that they can use DevSecLab. Ordered licences can’t be refunded.

    Licence

    • Every user needs an individual licence to use DevSecLab. We agree separately on purchasing these licences.
      • After you have bought a licence, please provide Fraktal with the user’s email address, name and language preference so that Fraktal can activate the licence.
    • A licence grants the user 30 days of access to DevSecLab. This usage starts when the user receives a notification on account activation.

    No refunds

    • You aren’t entitled to partial or proportionate refunds for the purchased licences.
      • The same also applies when these Terms are immediately terminated (see Immediate termination).

    Licence fees

    • Pricing policies for the licences are described on Fraktal’s website.
    • Fraktal is entitled to adjust the licence fees by notifying you of the change in writing at least 90 days before the change takes place.
      • In such a case, you have the right to terminate these Terms (see Termination).

    Payment terms

    • You must provide valid form of payment, which Fraktal will charge monthly in advance.
    • All payable fees are exclusive of any value added tax, which will be added to the payment.
    • Interest on delayed payments accrues in accordance with the Interest Act (1982/633) or subsequent regulation replacing it.

    Data Processing Agreement

    Short version
    There are rules on how we are going to handle Personal Data (such as your employees’ names and emails that are required for account creation) to comply with data protection regulation. You agree to provide the required Personal Data to Fraktal and Fraktal’s sub-processors and in turn Fraktal is responsible to process them carefully.

    Purpose and Personal Data

    • Fraktal needs your Personal Data to provide you with DevSecLab.
      • By accepting these Terms, you authorise Fraktal to process Personal Data
        • Personal Data means the users’ identifiable information that you transfer to Fraktal. Fraktal processes Personal Data relating to your employees who are using DevSecLab. These data include their name, email address, language preference and other information that is relevant to complete the course
      • You ensure that you are entitled to transfer Personal Data to Fraktal for processing
    • Personal Data is processed in accordance with General Data Protection Regulation (679/2016) of the European union (“GDPR”) and other applicable law

    General responsibilities of the processor

    • Fraktal commits to process Personal Data carefully and in accordance with applicable law, these Terms and documented instructions. Fraktal takes all measures required under Article 32 of the GDPR.
      • Fraktal will inform you if Fraktal considers that your instructions are in breach of applicable law.
    • If Fraktal is obligated to disclose Personal Data to a third party, Fraktal will inform you in advance, unless otherwise stated by the law.
    • Fraktal will reasonably assist you to respond to requests from individuals exercising their rights under the GDPR.
      • These requests include the controller’s data security, data protection impact assessment and prior consulting obligations.
    • At your request, Fraktal will provide you with all information reasonably necessary to ensure that Fraktal has complied with these Terms, security measures and applicable law.

    Sub-processors and data transfer

    • You authorise Fraktal to use sub-processors to provide the service and to process Personal Data in accordance with these Terms. Sub-processors may operate outside the EU/EEA.
      • The list of used sub-processors and their locations can be found here.
      • The obligations of Fraktal’s sub-processors are similar to Fraktal’s obligations stated in this data processing agreement.
    • Fraktal is responsible for the sub-processors’ obligations in relation to you.
    • You will be notified in good time in advance if Fraktal changes sub-processors or if Personal Data is transferred to a new country outside the EU/EEA.
      • If you don’t approve such change, you have the right to terminate these Terms (see Termination).
    • Personal Data may be transferred outside the EU/EEA.
      • Fraktal uses SCC or other appropriate safeguards to protect your Personal Data.

    Data protection and breaches

    • Fraktal takes the following actions to protect the Personal Data:
      • The personnel who process Personal Data is bound by a confidentiality obligation, and they only process Personal Data in connection with their duties for the agreed purpose.
      • The processing and storage of Personal Data is carried out in accordance with technical and organisational security measures that are appropriate and adequate for the nature of the data.
    • Following factors have been considered in the assessment of the adequate level of security:
      • Level of technology, the costs, the scope and nature of the Personal Data to be processed, the risks associated with the processing operations and similar factors.
    • If a Personal Data breach occurs, Fraktal will without undue delay after becoming aware of the breach notify you in writing. You will be provided with the details of the Personal Data breach.

    Audits

    • You or an auditor appointed by you have the right to conduct an audit if it is necessary to verify whether Fraktal and its sub-contractors:
      • meet the required protection level for Personal Data; and
      • comply with the obligations set by these Terms and applicable law.
    • Each party bears its own costs for audits.
    • You must ensure that all information obtained in audition is kept strictly confidential (except for disclosure required by applicable law).

    Deletion and return of Personal Data

    • Within a reasonable time after the termination of these Terms, Fraktal will delete all Personal Data and other material that Fraktal isn’t required to retain by law.
    • The obligation to delete Personal Data doesn’t apply to:
      • Personal Data contained in regular back-up copies of comprehensive datasets from which it isn’t possible to delete specific Personal Data without significant efforts or costs.
    • At your request, Fraktal confirms the deletion of Personal Data in writing.
    • The processing of Personal Data after the termination and before deletion is limited to just storing.

    Validity

    Short version
    You can terminate these Terms at any time. If we don’t follow these Terms, the termination can be done immediately, or your access can be temporarily blocked. Fraktal reserves the right to change DevSecLab and these Terms. Unexpected events that are beyond our control (called force majeure) can occur. In such an event, neither of us is expected to fulfil our tasks and Fraktal isn’t liable to pay any compensation.

    Duration

    • These Terms will remain in force until either of us terminates them. Users can’t access DevSecLab after the termination.
      • For information on how Personal Data will be deleted, see Deletion and return of personal data.
    • Termination doesn’t affect the validity of Confidentiality (see Confidentiality) or dispute settlement clause (see Dispute Resolution).

    Termination

    • You can terminate these Terms by giving Fraktal a written notice or by using another technical method pointed out by Fraktal before the next billing date.
      • Please note that you won’t be refunded (see No refunds).
    • Fraktal can terminate these Terms by giving you 60 days’ written notice.
    • You’re responsible for downloading your material and data from DevSecLab after termination.

    Immediate termination

    • Each of us can terminate these Terms immediately if:
      • either of us breaches these Terms, and the breach is of substantial importance to the other party;
      • it becomes evident that one of us will commit a breach of these Terms that would justify immediate termination.
    • Immediate termination is only valid when it is given in writing.

    Changes to DevSecLab or these Terms

    • Fraktal continuously develops its services and business offerings. You will be notified of any changes in DevSecLab or these Terms in good time in advance.
    • If the change has a material effect on DevSecLab or these Terms, you will be notified in writing at least 90 days before the change takes place.
      • In that case, you have the right to terminate these Terms with 30 days’ written notice.

    Temporary suspension

    • Fraktal has the right to prevent the user from accessing DevSecLab if there’s a justified reason to suspect a breach of these Terms or if data protection reasons require it.
    • You will be informed of the reasons for such a prevention without undue delay.

    Force majeure

    • Neither of us is liable for any damage caused by a force majeure event that is beyond our control and that we couldn’t have reasonably considered and whose consequences couldn’t have reasonably been avoided or overcome.
    • Both of us are entitled to terminate these Terms immediately if it becomes evident that fulfilment will be delayed for more than 60 days due to a force majeure.
      • In that case, neither of us has the right to claim damages.
    • A written notice of the occurrence of a force majeure and of termination due to a force majeure must be provided without delay.

    Other terms

    Short version
    Lastly, there’s some basic agreement stuff that must be covered. Obligations and rights can’t be transferred to third parties, we will use arbitral tribunal to deal with disputes and if some term isn’t valid, we will try to negotiate on it and the rest of the terms will stay in force. We also agree to give notices by email.

    Governing law

    • These Terms and all matters arising out of them or relating to them are construed and governed exclusively in accordance with the laws of Finland without regard to its choice of law provisions.

    Notices

    • Your notices required by these Terms must be delivered by email to help@devseclab.fi.
    • Fraktal will deliver notices to your last known email address

    No waiver

    • If either of us fails or delays to exercise a right, it doesn’t constitute a waiver of such right.
    • No waiver of any provision of these Terms constitutes a permanent waiver by either of us.
      • Such waiver is binding only if it is made in writing.

    Assignment and sub-contractors

    • You may not transfer or assign these Terms or any rights and licences granted hereunder.
      • However, Fraktal can assign them without restriction.
    • Fraktal makes sure that Fraktal’s sub-contractors follow these Terms and is liable for their behalf.

    Entire agreement and severability

    • These Terms and the pricing list found on Fraktal’s website constitute the entire agreement, and it supersedes all previous commitments between you and Fraktal in respect of the provision of DevSecLab.
    • If any part of these Terms is held invalid or unenforceable, it wont’t affect the validity of the remaining provisions.
      • In such a situation, we undertake to negotiate in good faith an equivalent enforceable and valid provision to replace the unenforceable or invalid provision.

    Dispute resolution

    • Any dispute, controversy or claim arising out of or relating to this Agreement will be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce.
    • The number of arbitrators shall be one. The arbitration shall take place in Helsinki, Finland. The language of the proceedings shall be Finnish.