SaaS Agreements – Essential Elements

The following legal issues should be included in any SaaS agreement, whether you are a SaaS supplier or a SaaS customer.

Software Licence

Access to the software should be limited to the term of the SaaS agreement. Once the SaaS agreement expires or terminates the software licence should automatically terminate.

If the SaaS customer is a global entity, specify which companies or entities may access the SaaS software, in which territories and the number of users. Identify the specific purposes for which the software may be accessed. Name any third parties who will be permitted access to the SaaS software i.e. outsourcing providers or clients of the SaaS customer.

Intellectual Property Rights – IPRs

The SaaS supplier should retain ownership of all IPR in the software and services it provides. The SaaS customer should retain ownership of all IPR in its systems and data. The SaaS agreement should specifically state that the source code remains owned by the SaaS supplier. The SaaS customer should grant the SaaS supplier the right to use its IPRs for the term of the SaaS agreement i.e. display its logos and copyrighted information.

Applicable Law, Jurisdiction & Language

State which law applies to the SaaS agreement and which courts will deal with any disputes arising from it. In international SaaS agreements make sure that you specify in which language the dispute will be dealt with, and if the SaaS agreement is in more than one language, which language prevails if there is a discrepancy between the two versions.

Return of Data

At the end of the SaaS agreement the SaaS customer’s data should be returned. The format in which the data is to be returned and payment for this service should be agreed in advance.  Additionally the parties can agree that the Saas supplier will provide assistance in transferring SaaS customer data to a new supplier – in return for payment for this service.

Data Processing Agreement (DPA)

A data processing agreement (DPA) sets out the data processing obligations of SaaS supplier and the SaaS customer. The SaaS supplier is the data processor and the SaaS customer is the data controller. Under data protection law different rules apply to the data controller and the data processor. The General Data Protection Regulation (GDPR) specifies that the SaaS supplier is obliged to process personal data in accordance with the SaaS customer’s written instructions and should protect itself against claims from third parties that such processing is illegal. Likewise, the SaaS customer will also need to protect itself against claims from third parties caused by the SaaS supplier not processing data in accordance with its instructions or the terms of the SaaS agreement. The DPA will often need to include standard contractual clauses where international data transfers are made.

Service Level Agreement (SLA)

This sets out the hosting, support and maintenance services being provided to the SaaS customer by the SaaS supplier. The SLA should specify where the data centre is located, who is operating it, what security, backup and disaster recovery procedures are in place. Support hours and support services for dealing with hosting problems and software problems should be identified and documented and the procedure for dealing with with upgrades and maintenance to the software should be specified. The particular details will depend on the amount being paid for the hosting, support and maintenance and the purpose for which the software is being used.

Help

IIrene Bodle is an IT lawyer specialising in SaaS agreements, GDPR and cloud computing with over 15 years experience in the IT sector. If you require assistance with any SaaS or cloud computing contracts, GDPR or any other IT legal issues please contact me:

irene.bodle@bodlelaw.com
www.bodlelaw.com

To register for my newsletter click here

______________________________________________________

Other related articles: