SaaS Agreements – Data Protection – Cyber Insurance

Currently most SaaS suppliers and SaaS customers do not take put specific cyber insurance and rely upon the provisions of a general insurance policy to cover liabilities in the event of a claim for a cyber incident or a data breach. This is partly due to the fact that few insurers offer adequate cyber insurance policies and SaaS customer and SaaS supplier’s failure to consider the need for a specialist policy of insurance, to ensure that they are covered in the event of a claim being denied under a general insurance policy.

Continue reading

SaaS Agreements – Terms and Conditions – Limitation Clauses

SaaS suppliers should always include limitation clauses in their SaaS terms and conditions to attempt to limit or exclude liability for certain types of losses and to cap their financial liability for breaches of contract. However, in order for limitation clauses to be valid, SaaS suppliers must ensure that the wording of the limitation clause is clear and unambiguous, otherwise the whole clause could be ruled void by a court and the SaaS supplier’s liability will then be unlimited.

Continue reading

SaaS Agreements – FAQs – Reseller Agreements

SaaS suppliers who decide to use a local partner to resell their SaaS software to customers outside of the countries in which they are based, will need to have a reseller/distributor agreement in place between themselves and each SaaS reseller/distributor. What is a SaaS Reseller/Distributor? A SaaS reseller is the same as a SaaS distributor. A reseller/distributor purchases the supplier’s SaaS software and services under the terms of a reseller/distribution agreement. The SaaS reseller/distributor then resells the SaaS software and services to its own local customers in its local territory

Continue reading

SaaS Agreements – Data Protection – General Data Protection Regulation (GDPR)

At the end of 2015 the European Commission published the test of the new Data Protection Regulation (“GDPR”) which will replace the existing EU Data Protection Directive and harmonise European data protection law. The GDPR is expected to be adopted in Spring 2016. Once adopted, the GDPR will come into force within 2 years and in the UK the GDPR will replace the Data Protection Act 1998. This will have a significant effect on both SaaS suppliers and SaaS customers.

Continue reading

SaaS Agreements – Data Protection – EU US Privacy Shield

A new privacy agreement called the Privacy Shield has been agreed by the US and EU to replace the safe harbour scheme. The Privacy Shield is based upon safe harbour but has additional protections, particularly with regard to public authority access to personal data. The Privacy Shield must now be reviewed by the European Commission before it can be relied upon and adopted by SaaS suppliers or customers. The European Commission is currently assessing whether or not the Privacy Shield provides adequate protection in accordance with EU data protection laws. This process is expected to take up to 3 months.

Continue reading

SaaS Agreements – Data Protection – Direct Marketing Rules

In September 2013 the Information Commissioner’s Office (ICO) published a lengthy guide to Direct Marketing. The guide covers compliance with the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR) in relation to the sending of unsolicited marketing. SaaS suppliers who are sending unsolicited marketing to SaaS customers and prospective customers should check their compliance with the guidance. Additionally, the Direct Marketing Association (DMA) has also published its own further supplemental guide which provides detailed guidance on how and when to obtain consent to marketing

Continue reading

SaaS Agreements – International Agreements – Valid Execution

Where an international SaaS agreement is entered into between a non-UK SaaS customer and a non-UK company of a SaaS supplier the parties should ensure that the SaaS agreement has been properly executed in accordance with the law of the country of incorporation of each company. Even where the SaaS agreement is governed by English law, failure to properly authorise or execute the SaaS agreement in accordance with the local law of each party could result in the SaaS agreement not being binding. Integral Petroleum SA v SCU – Finanz

Continue reading