The following legal issues should be included in any SaaS agreement, whether you are a SaaS supplier or a SaaS customer.
Access to the software should be limited to the term of the SaaS agreement. Once the SaaS agreement expires or terminates the software licence should automatically terminate.
If the SaaS customer is a global entity, specify which companies or entities may access the SaaS software, in which territories and the number of users. Identify the specific purposes for which the software may be accessed. Name any third parties who will be permitted access to the SaaS software i.e. outsourcing providers or clients of the SaaS customer.
Intellectual Property Rights – IPRs
The SaaS supplier should retain ownership of all IPR in the software and services it provides. The SaaS customer should retain ownership of all IPR in its systems and data. The SaaS agreement should specifically state that the source code remains owned by the SaaS supplier. The SaaS customer should grant the SaaS supplier the right to use its IPRs for the term of the SaaS agreement i.e. display its logos and copyrighted information.
Applicable Law, Jurisdiction & Language
State which law applies to the SaaS agreement and which courts will deal with any disputes arising from it. In international SaaS agreements make sure that you specify in which language the dispute will be dealt with, and if the SaaS agreement is in more than one language, which language prevails if there is a discrepancy between the two versions.
Return of Data
At the end of the SaaS agreement the SaaS customer’s data should be returned. The format in which the data is to be returned and payment for this service should be agreed in advance. Additionally the parties can agree that the Saas supplier will provide assistance in transferring SaaS customer data to a new supplier – in return for payment for this service.
Data Processing Agreement (DPA)
A data processing agreement (DPA) sets out the data processing obligations of SaaS supplier and the SaaS customer. The SaaS supplier is the data processor and the SaaS customer is the data controller. Under data protection law different rules apply to the data controller and the data processor. The General Data Protection Regulation (GDPR) specifies that the SaaS supplier is obliged to process personal data in accordance with the SaaS customer’s written instructions and should protect itself against claims from third parties that such processing is illegal. Likewise, the SaaS customer will also need to protect itself against claims from third parties caused by the SaaS supplier not processing data in accordance with its instructions or the terms of the SaaS agreement. The DPA will often need to include standard contractual clauses where international data transfers are made.
Service Level Agreement (SLA)
This sets out the hosting, support and maintenance services being provided to the SaaS customer by the SaaS supplier. The SLA should specify where the data centre is located, who is operating it, what security, backup and disaster recovery procedures are in place. Support hours and support services for dealing with hosting problems and software problems should be identified and documented and the procedure for dealing with with upgrades and maintenance to the software should be specified. The particular details will depend on the amount being paid for the hosting, support and maintenance and the purpose for which the software is being used.
IIrene Bodle is an IT lawyer specialising in SaaS agreements, GDPR and cloud computing with over 15 years experience in the IT sector. If you require assistance with any SaaS or cloud computing contracts, GDPR or any other IT legal issues please contact me:
To register for my newsletter click here
Other related articles:
- SaaS Agreements – Essential Elements – SLAs Explained
- SaaS Agreements – Data Protection – SaaS, Brexit and the GDPR
- SaaS Agreements – FAQs – What is SaaS?
- SaaS Agreements – FAQs – What is a SLA?
- SaaS Agreements – FAQs – Prism
- SaaS Agreements – FAQs – Security
- SaaS Agreements – FAQs – Software Licence
- SaaS Agreements – FAQs – Source Code
- SaaS Agreements – FAQs – Escrow
- SaaS Agreements – FAQs – IPR and Intellectual Property
- SaaS Agreements – FAQs – Confidential Information
- SaaS Agreements – FAQs – Data Protection
- SaaS Agreements – FAQs – Applicable Law and Jurisdiction
- SaaS Agreements – SaaS, Software on Demand, Confused?
- SaaS Agreements – Cloud Computing and the Legal Cloud
- SaaS Agreements – Cloud based Technology and Services
- SaaS Agreements – Terms and Conditions – Limitation of Liability
- SaaS Agreements – Terms and Conditions – Online Sales
- SaaS Agreements – Terms and Conditions – Exit Provisions
- SaaS Agreements – Terms and Conditions – Indemnities
- SaaS Agreements – Terms and Conditions – Subcontractors and Outsourcing
- SaaS Agreements – Terms and Conditions – Email Marketing Rules