PLATFORM TERMS OF USE

1. Introductory Provisions

1.1 Identification of the provider

The provider of the Siesta AI service (hereinafter referred to as "Platform" or "Service") is SIESTA SOLUTION s.r.o., with registered office at Bruselská 266/14, Vinohrady (Prague 2), 120 00 Prague, ID No.: 05203503 (hereinafter referred to as "Provider").

1.2 Customer identification

The Customer is a business entity using the Siesta AI service on the basis of a concluded order or registration on the Platform (hereinafter referred to as the "Customer").

1.3 Subject of the Terms and Conditions

These Terms and Conditions (hereinafter referred to as "T&C") govern the rights and obligations of the Provider and the Customer in the provision and use of the Platform, including related services, and form an integral part of the contractual relationship between the Provider and the Customer. By concluding a contract according to these T&C, the Customer confirms that he/she has read, understands and agrees with the T&C.

1.4 Acceptance of the Terms and Conditions

By concluding the contract through the order form, by registering, by clicking on the button "I agree to the terms and conditions", or in any other equivalent way, the Customer expresses his/her consent to these T&C.

1.5 Effective date

These Terms and Conditions shall come into effect upon completion of the User's registration on the Siesta AI platform. The Provider reserves the right to amend these Terms and Conditions to the extent set out in these T&Cs.

2. Description of the service

Siesta AI is a Software as a Service - SaaS platform that enables organizations to securely and efficiently deploy and manage artificial intelligence in their own business environment.

The main functionalities of the Siesta AI platform include:

Creation, configuration and management of AI assistants with the possibility to choose the language model according to the customer's needs (the platform is model agnostic),
integration and synchronization of data from a wide range of internal enterprise sources (e.g. SharePoint, Google Drive, Confluence, relational databases, etc.),
access rights management, role-based management of users and organizational structures, and SSO (Single Sign-On) support,
audit trails, reporting on platform usage and analytical tools,
the possibility of connecting to external tools and services,
evaluation of user feedback and continuous improvement of assistants,
secure and controlled public access to selected AI assistants.

3. Licensing and user rights

The Provider grants the Customer a non-exclusive, non-transferable, non-sublicensable and time-limited right to use the Siesta AI platform (hereinafter referred to as the "Platform") for the duration of the contractual relationship, exclusively for the internal needs of its organisation.

Customer shall not assign, transfer, sublicense, lease, rent, share, make available or otherwise make available the use of the Platform to any third party outside of its organizational structure. Customer shall not provide the Platform to other entities through white-label, outsourcing, reselling or other similar means.

The Platform, all of its components (including templates, preset assistants, instructions, data structures, APIs and user interface) and the logic of its operation remain the exclusive intellectual property of the Provider. The Customer does not acquire any ownership, proprietary or similar rights to the source code of the Platform or its individual components.

The Customer is not entitled to reverse engineer, decompile, disassemble, modify, create derivative works from, analyze or otherwise interfere with the Platform or its components. It is also prohibited to circumvent or interfere with any technical or security mechanisms of the Platform.

User permissions within the Platform are set by a system of roles as chosen by the Customer. The Customer is responsible for ensuring that accesses are used in accordance with the assigned roles and only by persons authorized by the Customer.

The Customer may only use the available APIs within the operation of the Platform for the purpose for which they are intended. It is not permitted to use the Platform APIs separately outside the Platform environment or to create custom integration applications that would make Platform functionality available to third parties without the Provider's written consent.

If the Customer uses the public outputs of the Platform (e.g. embed chat, public plugin), he/she is fully responsible for the compliance of these outputs with the law (in particular GDPR, protection of trade secrets or copyrights) and for their content. The Provider is not responsible for the use of these outputs by third parties.

The Customer's rights to use the Platform shall cease at the moment of termination of the contractual relationship, for whatever reason. The contract does not transfer to the Customer any other right, authorization or license beyond that expressly agreed.

Violation of this section of the Terms and Conditions constitutes a material breach of the Contract and may result in immediate restriction or termination of the Service and corresponding legal claims.

4. Customer Obligations

The Customer undertakes to use the Platform solely in accordance with these Terms and Conditions, applicable law and the Provider's instructions.

The Customer is responsible for the correctness, timeliness and legality of the data that it uploads, synchronises or links to the Platform, including third party data. He shall ensure that such data does not cause damage, violate the law, the rights of third parties or the Customer's contractual obligations towards other entities.

The Customer is responsible for the proper setup and management of its user accounts on the Platform, including assigning roles, setting access rights and securing access data. It shall ensure that only authorized persons have access to the Platform within the scope of their assigned roles.

The Customer shall immediately notify the Provider of any account misuse, security breach, unauthorised access or other similar incident without undue delay after becoming aware of such fact.

The Customer undertakes not to store, process or otherwise use sensitive or special categories of personal data (e.g. pursuant to Article 9 GDPR) in the Platform unless it has been expressly agreed with the Provider that the Platform securely supports such functionality.

The Customer is obliged to take reasonable technical and organisational measures to protect its data and access, in particular to protect access passwords, to use multi-factor authentication (if available) and to ensure that user data is kept up to date.

The Customer shall not misuse the Platform for activities that are contrary to law, good morals or that threaten the security, performance or integrity of the Platform (such as hacking attempts, overwhelming, penetration or other forms of attacks).

The Customer shall be responsible for any acts or omissions of its users, as well as persons to whom it grants access to the Platform.

In cases where the Customer makes use of the public functions of the Platform (such as embed chat), the Customer is fully responsible for the content and legality of the information published, as well as for ensuring that such use does not lead to a violation of the rights of third parties or applicable laws (in particular GDPR, protection of trade secrets, copyright).

The customer is obliged to pay the agreed service price without undue delay and to comply with the agreed payment terms.

The Platform Provider is not responsible for whether the use of the Platform by the Client is in compliance with all legal regulations, in particular whether the use of the Platform or the applications operated on it does not fall within high-risk systems or other categories of artificial intelligence systems according to Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules for artificial intelligence (AI Act) or other generally binding legal regulations. The Client shall independently assess whether the manner and extent of its use of the Platform complies with all requirements set out in the relevant legislation, including Regulation (EU) 2024/1689, and shall be fully responsible for any consequences resulting from any improper, prohibited or otherwise legally unauthorised use of the Platform or its output.

5. Security and protection of personal data

In operating the Platform, the Provider complies with the obligations set out in Regulation (EU) 2016/679 (GDPR) and other applicable data protection legislation.

To the extent that the Customer stores, processes or otherwise uses personal data through the Platform, the Customer acts as a data controller and the Provider acts as a processor pursuant to Article 28 of the GDPR.

The Provider processes personal data solely on the basis of the Customer's instructions (i.e. through the setup and use of the Platform) and may never use it for its own purposes or disclose it to third parties without the Customer's express consent, except for legal obligations.

The Provider is entitled to use other processors (sub-processors) when processing the Customer's personal data. The Provider shall be responsible for ensuring that the sub-processors are bound by obligations corresponding to this Agreement and the applicable data protection legislation

The Provider shall implement and maintain appropriate technical and organisational measures to protect the Customer's personal data from unauthorised or unlawful processing, loss, destruction or damage.

The Customer shall ensure that its own processing of personal data through the Platform complies with the GDPR and other applicable laws. The Customer is responsible for the lawfulness, content and accuracy of all personal data entered or made available through the Platform.

The Provider shall inform the Customer without undue delay of any potential personal data breach and shall provide assistance in complying with its legal obligations (including reporting the incident to a supervisory authority or data subjects).

Upon termination of the Customer's use of the Platform, the Provider shall destroy or anonymize the Personal Data in accordance with applicable law and based on the Customer's instructions, unless there is a legal obligation to retain it for a longer period of time.

In case the Customer requires supplementation or special modification of the processing regime (e.g. cross-border data transfers, specific security certifications), the Customer shall contact the Provider for individual arrangements.

6. Data processing agreement

This provision constitutes a personal data processing agreement within the meaning of Article 28 of Regulation (EU) 2016/679 ("GDPR"), which forms an integral part of these Terms and Conditions. In the event of conflict with other provisions relating to the protection of personal data, this provision shall prevail.

The Customer acts as a data controller in relation to personal data processed through the Platform, while the Provider acts as a processor. The Provider shall only process personal data in accordance with the documented instructions of the Customer and solely for the purpose of providing, administering and developing the Service.

The subject of processing is all personal data entered or made available by the Customer through the Platform, for the purpose of providing the Service, its maintenance, security and optimization. The Provider is not authorised to process personal data for its own purposes.

The data processed includes the identification and contact details of Users, traffic logs, metadata and the content of communications within the Platform. The data subjects are in particular employees, customers, partners and other persons whose data is processed by the Customer via the Platform.

The Provider undertakes to:

to process data only as instructed by the Customer and in accordance with the law,
ensure that the persons authorised to process are contractually bound by confidentiality,
maintain technical and organisational measures in accordance with Article 32 GDPR, including encryption, pseudonymisation, access control, multi-factor authentication, continuous monitoring and audit logs,
keep records of processing activities and, at the Customer's request, demonstrate compliance with this provision.

The Provider may engage sub-processors provided that it delegates to them obligations equivalent to this Agreement and the GDPR.

Where personal data is transferred outside the EU/EEA, the Provider shall ensure that appropriate safeguards are in place, in particular EU standard contractual clauses or other mechanisms recognised by law. The Customer shall be informed of such transfers upon request.

If there is a personal data breach that may result in a risk to the rights and freedoms of natural persons, the Provider shall notify the Customer without undue delay, but at the latest within 48 hours of becoming aware of the incident. At the same time, the Provider shall provide assistance in fulfilling its legal obligations, including reporting to the Office for Personal Data Protection and data subjects.

The Provider shall provide assistance to the Customer in dealing with requests from Data Subjects and in complying with the Customer's obligations under the GDPR. The Provider shall not accept or process requests from Data Subjects independently, but solely as instructed by the Customer.

The Customer shall be entitled to audit the Provider's processing of personal data no more than once a year, with reasonable notice and in such a way as to avoid undue disruption to the Provider's operations. The Provider shall facilitate the audit to the extent necessary and provide the necessary documentation.

Upon termination of the contractual relationship, the Provider shall delete or anonymise all personal data without undue delay, but no later than 30 days, unless the law requires longer retention. At the Customer's request, it shall provide written confirmation of the deletion.

The Provider shall be liable to the Customer for damages caused by a breach of the obligations under this provision or the GDPR, to the extent that it could have influenced their occurrence. The Provider shall not be liable for breaches caused by the Customer's unlawful or improper conduct.

7. Payment and billing terms

7.1 Account activation and entitlement to payment

By entering into a contract through registration on the Platform and confirming these Terms and Conditions, the Customer is obliged to pay the price for the Service in accordance with these Terms and Conditions. Access to the Platform is only granted after payment of the first monthly subscription fee.

7.2 Charging method and fee structure

The Service is charged in two components:

(a) a monthly subscription fee for access to the Platform, which is payable in advance for the entire billing period in accordance with the current price list,

(b) an additional payment for tokens consumed, which is charged retroactively after the end of each billing period according to actual consumption.

The current price list is published on the Provider's website.

7.3 Payment method

Payments shall be made in cashless form via an online payment gateway supported by the Provider. Payment for the subscription is made upon registration and then automatically at the beginning of the next billing period.

7.4 Due Date of Payments

Payment for the subscription is due immediately upon registration and thereafter always at the beginning of the billing period. Payment for tokens is due automatically on the billing date, usually without further action by the customer. If the automatic payment fails, the customer is obliged to pay it within 7 days.

7.5 Billing and delivery

An invoice is issued based on the details provided by the Customer at registration or subsequent update and is delivered electronically to the Customer's contact email address. The customer is responsible for the accuracy of these data.

7.6 Unsuccessful payment and access to the service

In the event of failure to make an automatic payment, the customer will be notified by email and asked to make a correction. If the payment is not made within 7 days of the request, the Provider is entitled to restrict or suspend access to the Platform until the debt is settled. If the default exceeds 14 days, the account may be deactivated.

7.7 Non-refundability of payments

All payments received are non-refundable, unless otherwise stated in these Terms and Conditions or in an individually concluded contract.

7.8 Change of price list

The Provider is entitled to change the prices of the Services with effect from the next billing period. The Customer shall be informed of the change in the price list at least 30 days before the change takes effect via the Platform and/or registered email address.

7.9 Prices excluding VAT and fees

All prices are exclusive of VAT and any other statutory charges. Tax obligations are fulfilled in accordance with applicable legislation; any VAT and other charges will be charged separately to the Customer at the applicable rates.

8. Support and Updates (SLA)

8.1 Service availability

The Provider shall use reasonable efforts to ensure the continuous availability of the Platform 24 hours a day, 7 days a week, except for scheduled downtime, maintenance, upgrades, updates or emergencies. A minimum level of availability is not contractually guaranteed unless otherwise agreed.

8.2 Maintenance, upgrades and changes

The Provider is entitled to perform maintenance, upgrades or updates to the Platform in order to ensure the functionality, security, development and stability of the Service. The Customer shall be informed in advance of planned downtime or changes affecting the availability or use of the Platform via the Platform or by email, except for urgent and emergency interventions (e.g. for security reasons or operational incidents), where the intervention may be carried out without prior notice.

8.3 Support

Technical support is available to the Customer via email or helpdesk on working days between 9:00 and 17:00 CET. The Provider undertakes to endeavour to resolve requests in a timely manner, but does not guarantee a specific response time unless otherwise agreed.

8.4 Limitation of liability for unavailability

The Provider shall not be liable for any unavailability or limitation of the Service caused by: (a) deficiencies on the Customer's side (e.g. internet connection, equipment, faulty settings), (b) force majeure (e.g. natural disaster, cloud infrastructure failures, government intervention), (c) scheduled or necessary maintenance or upgrades of the Platform, (d) breach of the Customer's obligations under these Terms.

8.5 Right to Modify the Service

The Provider reserves the right to change, develop or modify the scope of functionalities, API, technical parameters or user interface of the Platform, provided that this does not substantially impair the purpose and basic nature of the service provided. Substantial changes will be notified to the Customer with reasonable notice.

9. Exclusion of warranties

The Provider provides the Platform on an "as is" basis and makes no express or implied warranties. In particular, it does not warrant that:

(a) the Platform will be available and functional without interruption, error, interruption or security incident;

(b) the responses generated by the AI Assistants will always be accurate, current, complete, error-free or fit for the Customer's particular purpose;

The Customer acknowledges and agrees that it uses the Platform at its own risk and responsibility, and that it is the Customer's sole responsibility to verify the accuracy and suitability of the deliverables and service settings for its purposes.

10. Limitation of Liability

Provider is not responsible for:

(a) lost profits, loss of data, interruption of service, any indirect, consequential or special damages;

(b) damages resulting from the use of or decision-making based on AI outputs, unless the Platform is intended for automated decision-making with legal effects;

The Provider's total liability for all claims by the Customer (regardless of their legal basis) is limited to an amount equal to the total consideration paid by the Customer in the three (3) months preceding the occurrence of the damaging event.

The aforementioned limitation or exclusion of liability shall not apply to the extent that it would be contrary to mandatory provisions of law, in particular in the event of willful or grossly negligent breach of the Provider's obligations.

11. Indemnification

The Customer undertakes to indemnify the Provider against any damages, costs, expenses or claims of third parties (including legal costs) arising as a result of:

(a) breach of these Terms and Conditions or applicable law by the Customer or its Users;

(b) the Customer's unauthorised or unlawful use of the Platform;

(c) infringement of the rights of third parties, in particular in relation to data, content or information entered or made available by the Customer through the Platform.

12. Termination of contract and interruption of service

12.1 Termination by the Customer

The Customer is entitled to terminate the contractual relationship with the Provider at any time through the Platform user interface or by sending a notice to the Provider's contact email. Termination of the contract does not entitle to a refund of subscription or other fees already paid, unless otherwise expressly provided for in these Terms and Conditions.

12.2 Termination or interruption by the Provider

The Provider shall be entitled to terminate or suspend the provision of the Service if: (a) the Customer seriously breaches these Terms and Conditions and fails to remedy the breach even within 30 days of receipt of a notice to remedy; (b) the Customer breaches the law or seriously jeopardises the security or stability of the Platform; (c) the Customer is in arrears with payments for more than 14 days after the due date; (d) the Customer provides false information when registering or using the Service; (e) the Customer is a direct competitor of the Provider).

The Provider further reserves the right to temporarily suspend the service in the event of non-payment, suspected misuse of the service, security incident or other suspicious behaviour on the part of the Customer, until the situation is clarified or the defective condition is rectified.

12.3 Consequences of termination

Termination of the contractual relationship shall immediately terminate the Customer's and its users' access to the Platform. All outstanding payments become immediately due and payable.

12.4 Deletion of account and data

Upon termination of the contractual relationship, the Customer has the option to export its data within a reasonable period of time, but no later than 30 days after termination, unless otherwise agreed. After the expiry of this period, the Provider is entitled to irreversibly delete all the Customer's data, always in accordance with the applicable legislation, in particular the GDPR.

12.5 Surviving provisions

Provisions relating to liability, confidentiality, data protection, data rights, indemnification and others, which by their nature are intended to survive the termination of the contractual relationship, shall remain in force after the termination of the contractual relationship.

13. Confidentiality

The Parties undertake to keep confidential all confidential information disclosed or otherwise made available to them in connection with the use of the Platform or the performance of these Terms and Conditions. Confidential Information means any non-public, commercial, technical, financial, operational or other information relating to the other party, their business partners or clients that is not generally available to the public.

The obligation of confidentiality does not apply to information:

(a) that is or becomes public knowledge other than through a breach of these Terms;

(b) which is required to be disclosed by law or by a decision of a public authority;

The Parties undertake to use confidential information only for the purpose of fulfilling their obligations under these Terms and Conditions and to refrain from disclosing it to third parties or making any unauthorised use of it.

The obligation of confidentiality shall survive the termination of the contractual relationship for a minimum period of 3 years or until the relevant information ceases to be confidential at the earliest.

14. Marketing and references

The Customer may give consent to the Provider to include its name, business name and/or logo as a client reference on the Provider's website or in its marketing materials (including case studies and presentations).

This consent is voluntary and may be withdrawn at any time by written notice to the Provider. Upon withdrawal of consent, the Provider shall cease using the Client's name, business name and/or logo in marketing materials within a reasonable period of time.

15. Legal requirements

Both the Customer and the Provider undertake to comply with applicable laws and regulations of the Czech Republic, the European Union and, where applicable, other territories that may be affected by the Service, including, but not limited to, data protection regulations, cyber security regulations, export restrictions, sanctions regimes or other mandatory regulations when using and providing the Platform.

The Customer declares that it will not use the Platform for any purpose that would be contrary to the law, in particular export restrictions, sanctions lists, anti-money laundering, anti-corruption or consumer protection, health, public safety or public order regulations. The Customer is also obliged to verify whether the use of the Platform is permitted in a particular sector or territory.

The Provider shall not provide any specific assurances of compliance of the Service with the requirements for specific regulated sectors (e.g. healthcare, banking, government, defence industry, etc.) unless specifically agreed to in a separate agreement.

The Parties acknowledge that changes in legislation, including new or amended regulation (e.g. AI Act, ePrivacy, technology export policies, etc.) may result in changes to obligations when using the Platform. Provider has the right to modify the terms and conditions/scope of service as necessary to meet new legal or regulatory requirements.

In the event that the provision or use of the Platform contravenes applicable law, the Provider shall be entitled to suspend or terminate the provision of the service without compensation.

16. General provisions

16.1 Precedence of documents

In the event of a conflict between these Terms and Conditions and an individually negotiated written agreement between the Provider and the Customer, the provisions of such individual agreement shall prevail.

16.2 Modification of the Terms and Conditions

The Provider is entitled to change or amend these Terms and Conditions at any time. The Provider shall notify the Customer of the change via the Platform and/or by sending it to the registered email address at least 30 days before the change takes effect. If the Customer does not agree to the change, the Customer has the right to cancel the account and terminate the contract before the change takes effect; otherwise, the Customer shall be deemed to have accepted the change.

16.3 Notification

All notices and communications related to these Terms shall be made electronically via the Platform or by email to the contact addresses provided in the User's account, unless otherwise agreed.

16.4 Transfer of rights and obligations

The Customer is not entitled to transfer its rights and obligations under these Terms and Conditions to a third party without the prior written consent of the Provider. The Provider is entitled to transfer its rights and obligations to another entity within its group or as part of a business transfer.

16.5 Governing law and jurisdiction

These terms and conditions and all contractual relations arising from them are governed by the law of the Czech Republic. All disputes shall be resolved by the competent courts of the Czech Republic according to the Provider's registered office.

16.6 Force majeure

Neither party shall be liable for any delay or failure to perform obligations caused by force majeure, i.e. events beyond their reasonable control (e.g. war, natural disasters, pandemics, infrastructure failures, government intervention).

16.7 Integrity of the contract

These terms and conditions constitute the entire agreement between the parties with respect to the subject matter they govern and supersede any prior agreements relating to the same relationship, unless expressly bound to an individual contract.

16.8 Severability of provisions

If any provision of these terms and conditions is found to be invalid or unenforceable, the other provisions shall remain in force. The parties undertake to replace the invalid provision with a valid one which best corresponds to the original meaning.

16.9 Survival

Provisions which by their nature are intended to remain in force after termination of the contractual relationship (in particular confidentiality, liability and data protection provisions) shall remain in force.

These Terms shall enter into force on 25 June 2024.