Terms of Service

Last updated June 26, 2024 

Thanks for choosing Softera.Bankfeed (hereinafter referred to as “Bankfeed” or “App”) – a Microsoft Dynamics 365 Business Central add-on application that saves your time by automating the process of financial statement import and incoming payment recognition and reconciliation.  

These Terms of Service constitute a subscription-based legal agreement between Softera Baltic, a limited liability company registered in Lithuania, with its registered office at K. Donelaičio st. 62/ V. Putvinskio st. 53, LT-44248 Kaunas, Lithuania (hereinafter referred to as “Softera”, “Supplier” or “we”) and you as a user of Bankfeed (hereinafter referred to as “Customer”, “you”). We ask you to read these Terms of Service (hereinafter referred to as “Terms”) carefully because by downloading and using Bankfeed, you acknowledge that you have read, understood, and agree to be bound by these Terms.  

In accordance with the Terms of this agreement, Softera shall grant you a limited right to use Bankfeed. 

Administrator – Bankfeed user granted the right to administrate other users and settings of the Company Account on behalf of a customer. 

App / Application – Bankfeed application. 

Bankfeed – Microsoft Dynamics 365 Business Central add-on (App) application intended for automatic financial statement import from banks and/or financial institutions, payment recognition, and reconciliation with posted invoices in Microsoft Dynamics 365 Business Central. 

Banks – Banks and payment institutions (platforms) that are supported by Bankfeed. A full list of supported banks and payment institutions can be found at https://bankfeed.com/banks/. 

Billing Period – the interval of time between billing statements for Bankfeed services. The calendar month shall be the standard period for all charges and payments under these Terms, or a special period – a year -can be agreed upon between Softera and Customer, i.e., 12 months from the start of the paid subscription of Bankfeed. 

Company Account –the account created in the name of the legal entity or natural person acting in economic and professional activities, together and separately referred to as a legal entity, on whose behalf you subscribe for Bankfeed. 

Confidential information – non-public information that is designated confidential or that a reasonable person should understand is confidential, including, but not limited to, Personal Data, Support Data, these Terms, and account authentication credentials, etc., except information that is or becomes publicly available, without a breach of confidentiality obligation. 

Customer – a legal entity whose representative has accepted these Terms when signed up for Bankfeed. This shall also include legal entities who are not subscribing to Bankfeed but are using the Free Trial version of Bankfeed. 

Data Protection Laws – the laws applicable to data processing of personal data of natural persons and security in the relevant jurisdiction, including, but not limited to Regulation (EU about the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania. 

Free Trial – temporary free of charge access to full Bankfeed functionality for 30 days after the App installation. 

Intellectual Property – all intellectual property that belongs to Softera and is recognised by legislation and/or by any convention or treaty. This includes products, ideas, design concepts, product designs (whether registered or not), trademarks, copyright and rights in copyright, patents, and any rights under license or agreement relating to any of the foregoing. 

Microsoft Azure – is a cloud computing service that allows users to create, modify, test, deploy, and maintain applications. 

Microsoft Dynamics 365 Business Central / Business Central – is an ERP solution for businesses looking to automate and streamline business processes. 

Subscription – arrangement with monthly or yearly payments by which Customer access is granted to Bankfeed. 

Subscription fees – fees for using Bankfeed according to the chosen Subscription Plan. The fee is calculated per Business Central production environment and can be found at  https://bankfeed.com/pricing/. 

Subscription Plan – the Bankfeed plan chosen by the Customer at the end of the Free Trial period according to the Customer’s needs. The subscription plans can be found at https://bankfeed.com/pricing/. 

User – a natural person granted the right to access and use the Bankfeed Account on behalf of a customer. 

BC Partner – a third-party service provider, a Microsoft Dynamics 365 Business Central partner that provides support to Customers.  

Personal data – any information relating to an identified or identifiable natural person. 

Privacy Policy – terms and conditions of the processing of Personal Data by Softera and its processors (sub-processors), which can be found at https://bankfeed.com/privacy-policy/. 

Software – The integrated cloud computing solution Bankfeed for providing services, including software, hardware, databases, interfaces, documentation, updates, new releases and other components or materials provided therewith. 

Website – https://bankfeed.com/. 

License – Softera grants the Customer the right to use Bankfeed, i.e. the Customer is granted a worldwide, revocable, non-exclusive, non-sublicensable, non-transferable license to use Bankfeed and provide access to use the Software to Customer’s employees and contractors for internal business use, for a limited term according to the Subscription Plan. 

Eligibility – to use Bankfeed the Customer must be using Microsoft Dynamics 365 Business Central (on-premises or SaaS version). 

Installation – Bankfeed is installed in Customer’s Microsoft Dynamics 365 Business Central environment, the Software can be installed as a SaaS mode or on-premises mode: 

• SaaS mode is installed from Microsoft AppSource: https://bankfeed.com/appsource  
• On-premises installation is performed by the Customer’s BC Partner or Softera by sending the installation package of the Software to the Customer. 

Before installing Bankfeed we suggest to consult your BC Partner or us at support@bankfeed.com. 

Free Trial – with any installation of Bankfeed a customer gets 30 days to use the full functionality free of charge. 

Going to subscription – at the end of the Free Trial period the Customer can cancel use of Bankfeed and uninstall the App or go to a Subscription mode by choosing a Subscription Plan. If a Customer prefers a Subscription, he must provide the following information to Softera at support@bankfeed.com: 

• Client info (Company Name, Reg.No., VAT No., Invoicing email, Address) for the invoice. 
• System type: SaaS/OnPrem. 
• System version: e.g. BC22.1  
• Product Subscription Plan: Small business/Standard business/Enterprise 
• Billing Period: Monthly/Yearly 
• Banks which will be connected through Bankfeed: e.g. Barclays, Revolut, etc. 
• Bank Account Quantity: e.g. 6 bank accounts 
• Azure Active Directory ID /Tenant ID (SaaS): you can find it on the Licensing Information (SLE) page 

Once this information is provided, Softera shall generate a Subscription license and issue an invoice. 

Changing Subscription Plans – Customer has a right to change the Subscription Plan at any time by selecting a new Subscription Plan from the Subscription Plans determined by Softera. The new Subscription plan shall take effect from the next Billing period. 

Customers shall pay the fees for the use of Bankfeed based on the Subscription Plan and Billing Period. The Customer can choose the Billing period and shall pay: 

• When the Billing period is a calendar month – monthly, i.e. the invoice is issued on the last day of the calendar month for the forthcoming month and must be paid within 15 calendar days. 
• When the Billing period is a year – on a yearly basis, i.e. the first invoice is issued at the Subscription for the 12-month period and must be paid within 15 calendar days. The next invoice for the next 12 months shall be issued on the last day of the yearly Subscription unless the Customer cancels the subscription at least 30 calendar days before the end of the Subscription period. 

The Fees vary depending on the Subscription Plan and Billing Period to which the Customer is subscribed. Fees may vary from time to time in accordance with these Terms. The Subscription plans and fees are described at https://bankfeed.com/pricing/.  

Softera has the right to change the Subscription fees (increase or decrease) on its sole decision with the best effort to inform the Customer prior to such increase or decrease of prices. Every change of the Subscription fees shall be communicated to the Customer at least 30 days prior to such change by posting information on the Website and/or sending a message within the Software under the section “What’s new” (if possible) or by email to the Customer’s responsible person. The new fees shall take effect at the end of this 30-day period. Before the new Subscription Fees take effect, the Customer can cancel their Subscription without any consequences by informing us at support@bankfeed.com. If the Customer does not cancel his Subscription, it is considered that the new Subscription fees were accepted. 

The Customer will be issued an electronic invoice for payment of the Fees for the ongoing period based on the chosen Billing period. The Invoice shall be issued by Softera (if the Customer requested Bankfeed directly from Softera) or by BC Partner (if Bankfeed license was sold by the BC Partner). Unless otherwise expressly stated or agreed between the Customer and Softera in writing, all Fees are exclusive of value-added tax and shall not include payment/bank fees, which depend on the payment method, bank used to make the payment and other relevant factors which depend directly on the choices of the Customer.  

All Fees paid for Bankfeed are non-refundable and non-transferable except as expressly provided in these Terms. 

All Fees and applicable taxes, if any, are payable in euros or another currency agreed by both parties (e.g., US Dollars, British Pounds). In case currency exchange is applicable, Softera shall not bear the risk in relation to any currency fluctuations, as such risk shall be borne by the Customer. 

Paid Subscription begins after the expiration of the Free Trial period. If the Subscription starts at the beginning of a calendar month (within 1-20 days of the month) the Invoice shall be issued for the whole ongoing month. If the Subscription starts on the second half of the calendar month (from the 21st day of the month), the Billing Period starts from the following month. 

Softera retains all title, ownership, and intellectual property rights of Bankfeed and/or related products that are not expressly granted in these Terms, including but not limited to all supporting documentation, files, marketing material, images, multimedia, and applets. Nothing in these Terms is intended to transfer any intellectual property rights from Softera to the Customer.  

By accepting these Terms, the Customer agrees not to: 

• copy, reproduce, modify, adapt, translate, or create any derivative works of the Software or documentation, including customization, any modifications or enhancements, translation, or localization without Softera’s express written consent. 
• reverse engineer, decompile, disassemble, make, or otherwise attempt to derive the source code of the Software, or the underlying ideas or algorithms of the Software. 
• use Bankfeed in any way that infringes another person’s Intellectual Property Rights or violates these Terms or any law; or authorize or assist any third party to do any of the things described in this section. 
• use Bankfeed to submit, post, email, or otherwise transmit worms, viruses, or any other computer file, code, or program designed to disrupt, interrupt, limit, or disable any of the functionality of Bankfeed, or any hardware, or telecommunications equipment. 
• access (or try to access) and use any part of Bankfeed through any interfaces not provided by Softera or by any automated means, including, but not limited to, scripts, robots, or web crawlers. 
• remove or alter any trademark, logo, copyright or other proprietary notices or symbols in the Software. 
• provide false information when registering to Bankfeed. 
• digitally transmit or make available the Software or its content through local networks, intranets, extranets, FTP, online discussion boards, forums, list-serve, peer-to-peer networks or technologies, newsgroups, bulletin boards, or any other mode of shared communication system, or place the Software onto a server so that it is accessible via a public network such as the Internet. 
•  use the Software in any way that violates these Terms or any applicable law.  
• authorize or assist any third party to do any of the things described in this section. 

The Customer acknowledges that Bankfeed is provided on an “AS IS” and “AS AVAILABLE” basis. Although the Software is compounded with great care, Softera cannot guarantee the Software works flawlessly and/or are respectively without any omissions. Softera makes no representations, warranties, or conditions of any kind, express or implied, with respect to Bankfeed, including, without limitation, any warranty that Software: 

• will be error-free or operate timely, uninterrupted, or in combination with any other hardware, software, system, or data. 
• will meet Customer’s requirements or expectations or are fit for the purpose and/or use. 

Softera cannot promise the services will be available and in working condition all the time and shall not be responsible for any possible damage or inconvenience if Software will not be available due to regular or unplanned Software maintenance or infrastructure issues, or Bankfeed cannot access Client’s bank or financial institution (through API or other link). 

To the fullest extent permitted by applicable law, Softera expressly disclaims all implied warranties or conditions including, without limitation, warranties and conditions of satisfactory quality, fitness for purpose and non-infringement. 

The Customer acknowledges and agrees that Softera shall not be liable for any losses or claims whatsoever relating to: 

• any permanent or temporary restrictions or cessations of the Software. 
• any deletion of, corruption of, or failure to store any information or data or other content used in or maintained by the Software. 
• Customer’s failure to provide correct, accurate, and up to date information. 
• Customer’s failure to keep password and other log-in information and/or tools secure. 

Nothing in these Terms limits or excludes Softera’s liability for: 

• death or personal injury caused by its negligence. 
• fraud or fraudulent misrepresentation. 
• any other act, omission, or liability which may not be limited or excluded by applicable law. 

Subject to the above, Softera’s total liability under or in connection with these Terms, whether in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising shall be limited, in respect of all claims (connected or unconnected) to the lower of total Fees paid or payable by the Customer in the previous six-month period. 

The Customer shall indemnify Softera from and against all claims, costs, damage, and loss arising from the Customer’s breach of these Terms. This indemnity covers any costs, including legal fees, relating to the recovery of any Fees that the Customer failed to pay in accordance with these Terms. 

Softera shall not bear any liability/responsibility for any full or partial failure or delay to fulfill its respective obligations under these Terms if such failure was caused by circumstances beyond its control and that Softera could not control, reasonably foresee or reasonably be expected to have taken these circumstances or could reasonably prevent the occurrence of such circumstances or consequences thereof (force majeure), including but not limited to any governmental action, fire, flood, insurrection, earthquake, power failure, riot, act of terrorism or cyber-terrorism or cyber-attack fully or partially affecting operation of Bankfeed, war, explosion, embargo, strike, labor or material shortage, transportation interruption of any kind, work slowdown or any other event or condition beyond its control. 

Softera also shall not have any liability in connection to internet access, server reliability and other factors related to Bankfeed, but not under control of Softera. 

Softera reserves the right to modify Bankfeed and/or release an updated version of the Software from time to time at its sole discretion. 

Any new releases of Bankfeed and/or any new functions, modifications, or improvements will be communicated by email to the Customer’s responsible person and within Software under the section “What’s new” at least 30 days after the release. 

All updates and/or new releases will be available to the Customer according to their Subscription plan. 

The functionalities of Bankfeed can be extended according to the possibilities and Customer‘s preferences. For any extensions of Bankfeed functionalities, the Customer must contact us and/or its BC Partner. 

Bankfeed uses third-party providers to connect Customer’s bank accounts with Bankfeed and share the financial data more easily and safely with the open banking API-led connectivity to access account information from open banking APIs or through the bank’s direct APIs (Gateway – this option usually requires additional banking fees and implementation fees that will be charged to the Customer). 

Third-party API providers that are used for the integration of Customer’s bank account data: 

• Plaid – for connecting to the USA and Canadian banks and/or other financial institutions. 
• GoCardless – for connecting to banks and/or other financial institutions in the UK and the countries of the European Economic Area (EEA) that are subject to PSD2 regulation. 

API connectivity services are provided, and all data is processed under the terms of the respective third-party provider, please read those terms before you start using Bankfeed: 

• Plaid – https://plaid.com/legal/#consumers   
• GoCardless – Terms and Conditions GoCardless Bank Account Data | GoCardless, Privacy Policy https://gocardless.com/privacy/  

Bankfeed uses artificial intelligence, machine learning, algorithms, or similar technologies (“AI technology”) developed and managed by Softera and made available within the app’s AI-enabled feature. 

The use of AI technology is based on a machine learning technique, which is performed by transferring Customer data outside your Business Central infrastructure to the Softera’s tenant at the Microsoft Azure cloud: 

• Every time the bank statement/transactions of the Customer’s account are uploaded to Bankfeed, the transactions and all previous historical data of the respective Customer are transferred to Microsoft Azure, where all data is processed.  
• Bankfeed automatically and accurately reconciles payments with issued invoices. AI Technology is used to evaluate Customer’s historical data and compare past transactions to find matches and to provide outputs. The use of AI technology, specifically machine learning, enables Softera to achieve better payment recognition, which allows continuous improvement and maintenance of recognition and reconciliation rules. 
• Data is stored at Microsoft Azure for 20 calendar days and then is irretrievably deleted at the end of the storage period. 
• The process of data transfer, payment recognition, and reconciliation with issued invoices is repeated every time a new bank statement/transaction is downloaded to Bankfeed. 

Softera does not guarantee the accuracy of any output generated by the AI feature. Given the probabilistic nature of machine learning and AI, using the Bankfeed AI feature may, in some situations, result in incorrect output that does not accurately reflect the action generated. The Customer is still in full control and makes any manual adjustments, if necessary, before posting the journal lines. The Customer must evaluate the accuracy of any output and shall decide independently whether to accept the outputs. 

By accepting these Terms, you consent to using AI technology within Bankfeed. If you do not agree to the use of AI technology, please contact us at support@bankfeed.com for manual configuration of Bankfeed within your infrastructure. 

These Terms will continue for the period covered by the Fees paid for your Subscription. At the end of each Billing Period, these Terms will automatically renew for another period and the invoice for the following Billing period will be issued unless either party terminates these Terms before the end of the relevant Billing Period. 

Customer can cancel Subscription and terminate these Terms at any time by giving Softera a written notification: 

• If the Billing period is a calendar month – at least 30 calendar days before. 
•  If the Billing period is a year – at least 30 calendar days before the end of the yearly Billing period. 

No refund will be given of any Fees the Customer has already paid prior to the expiry of the Billing Period. If these Terms are terminated for any reason and any Fees that were payable prior to such termination are unpaid, the Customer will be liable to pay all outstanding Fees to Softera. 

Without prejudice to its other rights and remedies, Softera may, upon written notice, unilaterally terminate these Terms with immediate effect if the Customer: 

• commits a material breach of these Terms and, and fails to remedy that breach within 10 days, if the breach can be remedied and if Softera agrees to accept the Customer’s remedy or 
• The Customer becomes insolvent, bankrupt, or makes any arrangement with creditors, or becomes subject to any similar insolvency event in any jurisdiction or starts a liquidation process. 

Failure to pay any Fees due more than 30 calendar days after the payment term shall constitute a material breach of these Terms. 

Without prejudice to its other rights and remedies, Softera may terminate these Terms and close the Customer’s account at the end of any Billing Period by giving the Customer a 30-days written notice. 

Each party will take reasonable steps to protect the other’s Confidential information and will use the other party’s Confidential information only for purposes of the parties’ business relationship. Neither party will disclose Confidential information to third parties, except to its representatives, and then only on a need-to-know basis under nondisclosure obligations at least as protective as these terms. Each party remains responsible for the use of Confidential information by its representatives and, in the event of discovery of any unauthorised use or disclosure, must promptly notify the other party. A party may disclose the other’s Confidential information if required by law, but only after it notifies the other party (if legally permissible) to enable the other party to seek a protective order.  

Obligation of confidentiality shall apply:  

• for personal data – indefinitely or until it is deleted by the Customer. 
• for all other Confidential Information – for a period of 10 years after a party receives the Confidential information. 

Each party acknowledges and agrees that it will comply with all Data Protection Laws applicable to each party in carrying out its obligations under these Terms. For the purposes of this clause, data controller, data processor, data subject, personal data, personal data breach, processing, sub-processor, supervisory authority, special categories of personal data and appropriate technical and organizational measures, shall have the meanings ascribed to them under the relevant Data Protection Law. 

The parties acknowledge and agree that the Customer as the user of Bankfeed is the data controller in respect of any personal data Softera may process in providing the Software and related services (except business contact data of the Customer processed by Softera to allow it to manage Customer’s account). More about personal data processing can be found at https://bankfeed.com/privacy-policy/ and Data Processing Addendum (Annex 1).  

These Terms shall be governed by and construed in accordance with laws of the Republic of Lithuania, without reference to its conflict of law’s provisions.  

The Parties undertake to use their best efforts to resolve any dispute, controversy or claim arising out of or relating to these Terms or any breach, termination, or invalidity thereof in relation to Bankfeed through amicable negotiations. 

In relation to any legal action or proceedings to enforce these Terms or arising out of or in connection with these Terms (including, without limitation, any dispute or controversy relating to the existence, validity, breach, or termination of these Terms), the Parties irrevocably agrees to the exclusive jurisdiction of Lithuanian Courts and settle such unresolved dispute in the competent court of Lithuania. 

Any questions about these Terms or Bankfeed, including its operation, can be submitted at  support@bankfeed.com. 

Annex 1 – DATA PROCESSING ADDENDUM

Effective from June 26, 2024 

This Data Processing Addendum (including its Annexes) (the “Addendum”) is incorporated by reference into the Terms of Service (Terms) of the Bankfeed add-on between Softera Baltic, a limited liability company registered in Lithuania, with its registered office at K. Donelaičio st. 62/ V. Putvinskio st. 53, LT-44248 Kaunas, Lithuania (“Softera”, “Supplier” or “we”) and the Customer (“You”) who accepted the Terms and is using Bankfeed. The Addendum describes how and what personal data is being collected and processed within Bankfeed, the parties’ obligations with respect to the processing of Customers’ personal data. 

We respect the privacy of our customers and potential customers of Bankfeed and are committed to ensuring the security of Customers’ personal data. We encourage you to thoroughly read through the Addendum and get acquainted with it and the terms and conditions of processing Your personal data and information about Your privacy rights. If You provide personal data on behalf of someone else, You are required to inform them about the processing of their data and to refer them to this Addendum and/or Bankfeed’s Privacy Policy. 

This Addendum will become effective on the Effective Date and replace any previously agreed-upon terms, agreements, policies, or notices regarding the processing and security of Personal Data. 

Unless otherwise expressly defined in this Addendum, the capitalized terms shall have the following meanings: 

Clients – Persons with whom the Customer has a commercial relationship and/or provides goods and/or services. 

Customer – A legal entity or a person who accepted Bankfeed Terms of Service and is using Bankfeed for commercial purposes. 

Data Controller – the person who, alone or jointly with others, determines the purposes and means of the processing of Personal Data. 

Data Privacy Legislation – national or international data protection laws as applicable to the Data Controller and/or Data Processor (i) the GDPR; and/or (ii) the Law on the Legal Protection of Personal Data of the Republic of Lithuania; and/or (iii) any other relevant and applicable law, statute, declaration, order, ordinance, rule or other binding instrument which implements any of the above or which otherwise relates to privacy or personal data protection. 

Data Processor – the person who, alone or jointly with others, processes personal data on behalf of the Controller in accordance with its instructions. 

EEA – European Economic Area. 

Effective Day – the date when the Terms of Service comes into effect in conjunction with this Addendum. 

EU – the European Union. 

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). 

Terms of Service (Terms or ToS) – The Terms for provision of Bankfeed services between Softera and the Customer.

Personal Data – any information relating to a Person who is identified or can be identified directly or indirectly by one or more identifiers based on one or more characteristics of that Person’s physical, physiological, genetic, mental, economic, cultural, or social identity. 

Personal Data Breach – an incident that has resulted in a compromise of the security, confidentiality, availability or integrity of Customer Personal Data resulting in the unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data. 

Privacy Policy – terms and conditions of the processing of Personal Data by Softera and its processors (sub-processors), which can be found at https://bankfeed.com/privacy-policy/ 

Processing – any operation involving Personal Data or sets of Personal Data, whether by automated means or non-automated, such as collection, recording, organization, structuring, storage, adaptation or modification, search, consultation, use, disclosure by transmission, dissemination and access, combination, restriction, erasure or destruction. 

Software – Bankfeed app, a Microsoft Dynamics 365 Business Central add-on application. 

Sub-processor – third-parties engaged by data controller and authorized under this Addendum to have access to and process Customers Personal Data (to carry on certain data processing operations to provide parts of the Services and any related technical support). 

Supervisory Authority – State Data Protection Inspectorate of the Republic of Lithuania. 

Website – https://bankfeed.com/

Other terms and definitions shall be understood as they are defined in the Data Privacy Legislation and/or Terms. 

Any phrase introduced by the terms “including”, “include”, or any similar expression shall be construed as illustrative and will not limit the sense of the words preceding those terms.  

The parties agree that this Addendum shall apply to all Processing of Customer Personal Data including Personal Data undertaken by Softera on behalf of the Customer and shall be supplemental to the Terms of Service. In the event of a conflict between the Terms of Service and this Addendum, the terms of the Addendum shall prevail. 

The term of this Addendum coincides with the term of the Terms of Service and terminates upon expiration or earlier termination of the Terms of Service (or, if later, the date on which Softera ceases all Processing of Customer Personal Data). 

Softera shall process the Customer Personal Data solely as required for the provision of the Services and as set out in the Terms, this Addendum and/or Privacy Policy. Softera shall not:  

• sell the Customer’s Personal Data; 
• retain, use, or disclose Customer Personal Data for a commercial purpose other than providing Services; 
• retain, use, or disclose or provide access to any the Customer Personal Data outside of the Terms except: 
  • as described in this Addendum; 
  • as required by applicable legislation. 

This Addendum governs the relationship between Softera and the Customer with respect to any processing of Customer Personal Data by Softera. Within the processing of personal data, the roles of the parties depend on purposes of processing and categories of personal data and data subjects: 

• Customer Personal Data – Softera shall process Customer Personal Data as a Data Controller for the purposes specified in the Privacy Policy 
• Clients’ personal data – Softera shall process Clients personal Data as Customer’s Data Processor in accordance with Customer’s instructions as outlined in Appendix A of this Addendum. 

When Softera acts as the processor of Personal Data, it will process Personal Data only on documented instructions from the Customer. Customer agrees that Terms of Service (Customer’s agreement) including this Addendum and any applicable updates, along with the Bankfeed documentation (if such is provided), are Customer’s complete documented instructions to Softera for the processing of Personal Data. Any additional or alternate instructions must be agreed to according to the process for amending the Customer’s agreement. 

Details regarding the Processing of Personal Data by Softera, including nature and purpose of processing, lawful basis, categories of Personal Data and Data Subjects, engaged Sub-Processors, processing operations, are specified in Appendix A. 

For clarity, the Parties confirm that Appendix A does not apply to processing personal data when Softera acts as an independent data controller. The processing of those personal data is governed by Bankfeed’s Privacy Policy. 

The Customer is responsible and undertakes to ensure that Clients’ Personal Data which is transferred to Bankfeed and is processed by Softera: 

• is carried out in accordance with the Data Privacy Legislation, other applicable laws and the requirements of this Addendum, including that the Customer has the right and/or the obligation to determine purposes and means of the processing of Personal Data; 
• Processing of Clients’ Personal Data is lawful, and Clients are informed about the processing of their Personal Data for the purpose of reconciliation of payments with issued invoices; 
• The list of categories of Client’s Personal Data specified in Appendix A is complete and correct and undertakes to notify Softera of any changes or alterations of Clients’ Personal Data. 

When processing Clients’ Personal Data, Softera undertakes and warrants that: 

• process Clients’ Personal Data specified in Appendix A only to the extent necessary for the provision of Services under the Terms and this Addendum only in accordance with the Customer’s documented instructions; 
• immediately inform the Customer if, in its opinion, the Customer’s instructions violate this Addendum, Data Privacy Legislation, indicate possible consequences and recommend offsetting solutions; 
• Personal Data shall be processed only by those employees of Softera for whom it is necessary for the performance of their work functions, i.e. when it is needed to properly and timely perform the obligations specified in Terms and this Addendum; Softera shall ensure that any person, including its employees, whom Softera authorizes to process Customer Personal Data on its behalf is subject to confidentiality obligations in respect of that Customer Personal Data; 
• has implemented and will maintain appropriate technical and organizational measures designed to protect the security of Personal Data and protect against Personal Data Breaches; 
• ensure that only authorized personnel have access to Personal Data and that any persons whom Softera authorizes to have access to Personal Data. 
• in case of Personal Data Breach Softera shall inform the Customer immediately, but no later than within 24 hours after becoming aware of the Breach, and shall assist the Customer in managing the Breach and resolving its consequences.

Softera has implemented and shall maintain appropriate technical and organizational security measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Current technical and organizational measures are described in Appendix B of this. Customer acknowledges that the security measures are subject to technical progress and development and that Softera may update or modify the those implemented measures from time to time, provided that such updates and modifications do not objectively decrease the overall security of the Personal Data provided by previously applied measures during a Subscription period. 

Considering the nature of the Processing, Softera shall provide all reasonable assistance to the Customer and cooperate with it, insofar as possible: 

• considering the nature of the processing, Softera shall provide reasonable and timely assistance to the Customer to enable Customer to respond to requests for exercising a data subject’s rights (including rights of access to, rectification, erasure, restriction, objection, and data portability) in respect to Clients’ Personal Data. 
• upon Customer’s reasonable request, and taking into account the nature of the applicable processing, Softera shall provide reasonable assistance to Customer in fulfilling Customer’s obligations under applicable Data Privacy Legislation, including data protection impact assessment (DPIA) by providing with all technical details and other information available and, where necessary, consultations with relevant Supervisory Authorities, provided that Customer cannot reasonably fulfill such obligations independently. 
• upon Customer’s reasonable request, Softera shall provide information necessary to demonstrate the performance of Softera’s obligations under this Addendum; Softera without undue delay no later than within 10 (ten) business days, shall provide such information requested by the Customer and/or available documents that the Customer may provide to the Supervisory Authority. 
• Softera will promptly notify Customer of any valid, enforceable request, subpoena, warrant, or court order from law enforcement or public authorities compelling Softera to disclose Personal Data, unless such notification is prohibited by applicable law. In the event that Softera receives an inquiry or a request for information from any other third party, including data subject, concerning the processing of Personal Data, Softera shall forward such requests to the Customer, and will not provide any information without further instructions by the Customer. 

In respect of personal data breach Softera shall: 

• notify the Customer of a Personal Data Breach (Breach) without undue delay, but no later than 24 hours after becoming aware of the breach; Any such notification is not an acknowledgement of fault or responsibility. Where possible, such notice will include all details known to Softera and required under Data Privacy Legislation for the Customer to comply with its own notification obligations to Supervisory Authority or individuals affected by the breach, which may include, as applicable and if known: 
  • how the Breach occurred; 
  • the categories and approximate number of data subjects concerned; 
  • the categories and approximate number of Customer Personal Data records concerned; 
  • likely consequences of the Breach, and 
  • measures taken or proposed to be taken by Softera to address the Breach, including, where appropriate, measures designed to mitigate its possible adverse effects. 
• make reasonable efforts to investigate and identify the cause of such Breach and take steps as deems necessary and reasonable in order to remediate the cause of the breach to the extent that it is within Softera’s reasonable control; 
• provide reasonable information, assistance, and cooperation to the Customer in relation to any action to be taken in response to a breach under Data Privacy Legislation, including regarding any communication of the breach to Data Subjects and Supervisory Authority. 

Upon the Customer’s written request, Softera shall provide sufficient information to demonstrate compliance with the obligations laid down in this Addendum and Data Privacy Legislation. The information shall be provided to the extent that such information is within Softera’s control and Softera is not precluded from disclosing it by applicable law, a duty of confidentiality, or any other obligation owed to a third party or is subject to applicable legislation. 

If the information provided is not sufficient to confirm Softera’s compliance with this Addendum, Softera agrees and undertakes to allow for, assist and contribute to data processing audits, including inspection, carried out by the Customer or an independent third-party auditor making sure that: 

• an independent third-party auditor is not in direct competition with Softera, has sufficient experience and competence to carry out data processing audits; 
• notice of planned audit is provided to Softera no latter than 20 (twenty) business days before its commencement; 
• the Customer may request the audit regularly but not more often than once per calendar year. The audit, including inspections, shall be conducted during Softera’s regular business hours (must not disturb the normal operations of Softera or incur additional financial costs; 
• Softera shall reserve the right to charge the Customer for any additional work or other costs incurred in connection with such audits (e.g. Softera’s employees’ engagement in answering the questionnaires or auditor interviewing employees, providing copies of documents, etc.). 
• the auditor must be bound by obligation of confidentiality and non-disclosure, which includes an obligation not to disclose business information in its audit report, and the final report will also have to be provided to Softera. 

By entering Terms and this Addendum, Customer provides general authorization for Softera to engage Sub-processors to Process Clients’ Personal Data. By engaging Sub-processors, Softera shall: 

• enter into a written agreement with each Sub-processor imposing in substance, the same data protection obligations as the ones imposed on Softera in accordance with this Addendum; 
• remain liable to Customer if such Sub-processor fails to fulfill its data protection obligations with regard to the relevant processing activities under the Agreement between Softera and Sub-processor; 
• maintain an up-to-date list of its Sub-processors – a list of engaged Sub-processors is provided in Appendix A; 
• notify the Customer about the engagement or any intended changes concerning the addition or replacement of Sub-processors by email at least thirty (30) calendar days before allowing any new Sub-processor to process Clients’ Personal Data. 

The Customer may object to Softera’s appointment of a new or replacement of previous Sub-processor during the notice period by processor by email, providing reasonable grounds for objection: 

• If the Customer objects, Customer, as its sole and exclusive remedy, may terminate the agreement and cease using Bankfeed. 
• If the Customer does not object within the set notice period, Softera shall proceed with the engagement or replacement of Sub-processor. 

Taking into consideration that Microsoft Dynamics 365 Business Central services are provided as a Software as a Service (SaaS), when the infrastructure required to support those services is provided together with the software and the Microsoft Azure Cloud data center is used for the provision of services, the Customer understands and realizes the engagement of Microsoft Ireland Operations Limited (Microsoft), which ensures the license for Microsoft Dynamics 365 Business Central and provision of Microsoft Azure Cloud services. As far as the provision of services is concerned, Microsoft shall process Personal Data in line with the data processing and security terms defined in Microsoft Online Services Data Protection Addendum (DPA). 

Ensures that Personal Data will be processed and stored in data centers located in the countries of the European Union and/or the EEA. Any transfer of Personal Data to third countries or international organizations can only be carried out in accordance with the Standard Contractual Clauses or by applying other appropriate Personal Data transfer mechanisms coordinated with the Customer and adequate security of the transferred Personal data ensured. 

During the Bankfeed Subscription period, the Customer may access Bankfeed and retrieve or delete Personal Data. 

Following the expiration or termination of Bankfeed Subscription, or at any earlier point in time upon written request from the Customer, Softera shall delete all Customer Personal Data. Notwithstanding the foregoing, Softera may retain Personal Data: 

• as required by applicable Data Privacy Legislation; 
• in accordance with its standard backup or record retention policies, provided that, in either case, confidentiality of Personal Data shall be maintained and otherwise comply with the applicable provisions of this Addendum and not further process it except as required by applicable Data Privacy Legislation; 
• Personal Data is retained because processing of such Personal Data is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. 

If Sub-processors were engaged for carrying out specific processing activities, Softera must ensure that in the event of termination of the Subscription or the Customer’s request to delete or return Personal Data, the Sub-processors shall delete or return all Personal Data. 

In the event of non-compliance with any of the provisions of this Addendum on the part of Softera or Sub-Processor(s), Softera shall defend, indemnify, and hold harmless the Customer and its directors, officers, and personnel from and against any third-party claims, actions, applications, demands, complaints, damages, or liabilities (including reasonable legal fees) arising from such non-compliance. The aggregate liability of Softera shall, at all times, be limited to the amount of fees paid by the Customer to Softera for the related Services in a given calendar year. 

The Customer shall be solely liable for, and shall indemnify Softera in respect of any and all action, proceeding, liability, cost, claim, loss, expense (including reasonable legal fees and payments), or demand suffered or incurred by, awarded against, or agreed to be paid by, Softera and any Sub-Processor arising directly or in connection with any non-compliance by the Customer with the Data Privacy Legislation and/or any Personal Data Processing carried out by Softera or Sub-Processor in accordance with instructions given by the Customer that infringe the Data Privacy Legislation and/or any breach by the Customer of its obligations under this Addendum. 

This Addendum is governed by the law of the Republic of Lithuania and the Parties submit to the jurisdiction of the courts Lithuania without regard to provisions related to conflicts of law. The courts of Lithuania shall have exclusive jurisdiction to adjudicate any dispute, unless specifically agreed otherwise in writing by the Parties. 

All disputes, disagreements, and controversies, arising from the execution, alteration or termination of this Addendum shall be resolved through amicable negotiations. Any dispute, controversy or claim arising out of or relating to this Addendum, or any breach, termination or invalidity thereof shall be settled by the competent court of Lithuania.  

Softera reserves the right, at its discretion, to amend or modify this Addendum on written notice to the Customer at least thirty (30) calendar days, giving the Customer the right to submit its objections. Any amended or modified Addendum shall be published on the Website as well. If the Customer does not agree with the amendment or modification of the Addendum, the Customer can terminate the Subscription. 

If any provision, clause, or phrase of this Addendum becomes or is recognized as invalid or unenforceable in whole or in part, this does not affect the validity of other provisions of the Addendum – such invalidity or unenforceability shall affect only such provision, clause or phrase, and the rest of the Addendum shall remain in full force and effect.  

Appendix A

Purpose of Personal Data processing – provision of Bankfeed services – reconciliation of payments with issued invoices, providing support. 

Categories of data subjects whose Personal Data is processed – clients of the Customer.

Categories of Personal Data processed:

• First name, last name 
• Customer number 
• Personal code 
• Email 
• Bank account number (IBAN) 
• Purpose of payment (payment description) 
• Amount 
• Invoice number

Nature of processing (Personal Data Processing operations performed by Softera) – Softera shall process Personal Data to provide Bankfeed services, i.e. automatic transfer of Customers bank statements to Business Central and reconciliation of payments with issued invoices and related support services in accordance with the Terms, including this Addendum. Additional processing operations performed by Softera are collection, revision, structuring, data normalization, data recognition and reconciliation, data storage, transmission, deletion. 

Method and frequency of Personal Data transfer – the data is received through the API from the financial institutions to Microsoft Dynamics 365 Business Central, the transfer is continuous. 

Duration of Processing – during the Subscription period. 

Geographic location of Personal Data Processing – the Data is processed in Lithuania (at the location of Softera) and Azure data centers in Amsterdam (Netherlands) and Dublin (Ireland) for the EU Customers for the USA and Canadian Customers. 

Engaged sub-processors – Docura OÜ (registered at Põhja pst 21/1, Tallinn 10143, Estonia) – engaged for processing activities: data normalization and transfer. 

More information concerning Personal Data processing can be received by contacting Softera – duomenuapsauga@softera.lt  

Appendix B

As from the Effective Date, Softera shall implement and maintain the following security measures: 

Softera ensures the management and organization of information security and Personal Data: 

• Softera shall have implemented a certified information security management system (hereinafter – ISMS) that meets the requirements of the international standard ISO/IEC 27001:2017 or equivalent. 
• internal documentation regulating information security and Personal Data, including, but not limited to the Information Security Policy, the Personal Data Processing Policy or rules and other documents that regulate the security and security level of information and Personal Data and stipulate security measures. 
• All employees of Softera who shall be involved in the Processing the Personal Data of the Customer are instructed about the contents of the documents governing the processing and security of information and Personal Data. 

Access control: 

• Access to Personal Data to the employees of Softera is granted in accordance with the approved procedure that allows access only to those who require it to perform their work functions or tasks by providing the minimum necessary information;  
• User access rights are limited and match the tasks performed in accordance with the Role Based Access Control (RBAC) model; 
• Unique (personal) user accounts are used for connecting to information resources and/or accessing Personal Data, secure methods that meet approved requirements are used for login authentication; 
• Privileged access to programs, data and infrastructure is limited and allowed only to those employees of Softera who need it for providing Services to the Customer and who are assigned/granted administrator rights by the Customer. Access to administration interfaces is protected using multi-factor authentication (MFA); 
• Access rights reviewed regularly, ensuring that an up-to-date register (list) of persons who are allowed access to Personal Data is maintained and constantly updated; 
• Upon termination of the employment relationship, all access rights for Softera’s employee to Personal Data are revoked immediately – Softera shall revoke the access rights no later than on the employee’s last working day or inform the Customer about the end of the employment relationship of Softera’s employee and the need to revoke the granted access rights. 

Microsoft Azure Cloud data center is used for Data Processing – the Customer’s Personal Data is stored and processed in Microsoft data centers located in European Union/European Economic Area countries. 

Personnel management: 

• Employees who have been granted access rights are familiar with the requirements and recommendations for Personal Data and information security by regular trainings, informed about the confidential nature of Personal Data, the requirements of legal acts regulating the protection of Personal Data, and are committed to protecting the confidentiality and secrecy of Personal Data, both during and after termination of their employment at Softera; 
• Employees are attending regularly trainings and informed about changes of security policies and procedures, legislation related to their work, regularly informed about new threats and their awareness is raised in other ways. 

Incident management: 

• All incidents related to Personal Data processed are registered, documented and managed according to the approved procedure; 
• Information about any security incidents and breaches related to the Services provided or Personal Data processed is reported to the Customer without undue delay but not later than within 24 hours after being aware of the incident and further managed according to the Customer’s instructions or requests. 

Softera protects its IT infrastructure by all necessary means to prevent unauthorized access to Personal Data, both physically and logically.  

• Physical security – the protection of the premises of Softera against the access of unauthorized personnel is ensured (entrance control, burglar alarms in place, the security of the premises outside the working hours is ensured by a security company); 
• IT network protection: 
  • In order to protect Softera’s IT infrastructure, used in the provision of Services, against cybercrimes and unauthorized access, firewalls are installed and enabled between the internal network and the Internet, e-mail system must be protected against spam and malware;  
  • Softera’s internal infrastructure/network is segmented in separate zones (information zone, application zone, DMZ and control zone); network traffic is routed through firewall; 
• Device security: 
  • control of all devices used in the provision of Services is ensured by proactively managing all devices on the network so that only authorized devices are granted access to Softera’s network, and unauthorized devices, that are not controlled by Softera, are detected and access is denied; 
  • Only licensed software is used. All installed software on workstations is constantly monitored; 
  • Workstations and/or other devices have anti-malware software installed and regularly updated; 
  • User access control is ensured using a strong password at least 8 characters long (for privileged account users – at least 12 characters long and reinforced by MFA solutions used additionally);  
  • Hard drives of the computer workstation are fully encrypted, it is prohibited to store Personal Data on computer workstations and/or devices that are not encrypted; 
  • software updates are installed automatically and regularly. 
• Security of servers: 
  • Up-to-date anti-malware protection is enabled and always maintained;  
  • Physical and logical access is allowed only to authorized employees;  
  • User actions with Personal Data is stored on logs that are stored and consolidated on a centralized log management tool;  
  • Recommended software updates are installed regularly. 

Registration of security events – access to network resources and to Personal Data is monitored; security events of all systems and infrastructure related to the Services provided are logged.