End User License Agreement (EULA)
for mgm Atlassian Apps
This End User License Agreement (hereinafter referred to as: "the Agreement") is entered into by and between YOU, meaning your organization, represented by an authorized representative (hereinafter referred to as "User") and mgm technology partners GmbH, a private limited liability company with its registered office in Munich, Germany, registered in the Commercial Register at the local court of Munich under number HRB 161298 (hereinafter referred to as "mgm").
The mgm add-ons, plugins or any other mgm products (hereinafter collectively referred to as: "Artifacts") are made available online at +https://marketplace.atlassian.com/+ and certain third party websites, hereinafter referred to as the "Site".
mgm may amend this Agreement from time to time, subject to the terms and conditions set forth in this Agreement.
2. License Version
This license replaces all previous versions and is effective as of dated September 26st, 2023.
3. License Scope
mgm hereby grants the User a limited license to use the Artifacts. This license is non-exclusive and non-transferable. Only the authorized number of users according to the main Atlassian Software may actually use the Artifacts. Additional license keys may be purchased through the Site.
It is expressly prohibited to
- decompile the Artifacts or to reverse engineer the source code of the Artifacts, except to the extent permitted by mandatory law or applicable open source license,
- distribute copies of the Artifacts to third parties,
- sublicense the Artifacts or otherwise make the Artifacts available to third parties, including by rental, Software-as-a-Service models or otherwise,
- modify the Artifacts, except to the extent permitted by mandatory law,
- remove any reference to mgm as the copyright owner of the Artifacts or to remove or make illegible any part thereof.
You are solely responsible for the installation and use of the Artifacts. The documentation available online contains recommended hardware and software environment requirements.
You must not use the Artifacts for any purpose that violates German or any other applicable laws or regulations. In particular it is not permitted to use the Artifacts in a manner that harasses or interferes with other users.
If, in the discretion of mgm, the continued functioning of mgm’s or any third partys computer systems or network is threatened or jeopardized by, for example, excessive e-mail or other data transmissions, disclosure of personal data or virus activity, mgm may take any steps mgm deems reasonably necessary to stop or avert such damage or jeopardy.
mgm shall have the right at any time to seek criminal prosecution for any offenses committed through or by use of the Artifacts. In addition, mgm may disclose User's name, address, IP address and other identifying data to any third party who claims that User has violated its rights or these Terms and Conditions, provided that the validity of the claim is clear, no other means of obtaining such information exists and the third party has an obvious interest in obtaining such information.
5. Intellectual Property
All right, title and interest ind and to the Artifacts, the accompanying documentation and all modifications and enhancements thereto belong, rest and shall remain with mgm. The User has only those rights and permissions that are expressly granted to it by this Agreement or otherwise granted to it in writing. User may not use, copy, distribute or publish the Artifacts in any other way.
The Artifacts may contain open source software from third parties. The respective third party rights holders grant you the rights set forth in the applicable open source licenses. These licenses can be found in the documentation accompanying the Artifacts. This Agreement does not apply to such open source software, and nothing in this Agreement shall be construed as limiting any of the rights granted to you under an open source license.
Unless otherwise agreed upon in writing between the User and mgm, a license to the Artifacts may only be obtained through the Site. Prices and payment details are set forth on the Site. Certain Artifacts may be available free of charge for a limited period of time. After this period a full license is required for with a defined term of validity is required. This will be specified on the Site or in the Artifacts.
Prices are quoted in the currency indicated on the Website, and are exclusive of VAT, import duties and other government imposed taxes, duties and levies.
Shortly after payment, the User may download and install the Artifacts. Prior to this, verification of the User may be required in order to ensure that the User is an authorized User. The Artifacts and/or the Website will notify the User of any procedures and additional terms.
7. Personal Data
During the installation and/or payment process, mgm and/or third parties process certain of the personal data of the User. In addition to the data requested in the order form, the IP address from which the registration is made and information about the software used are recorded. These personal data are used only for the execution of the Agreement and for related purposes, such as the provision of related offers or notification of available updates. Further information can be found at https://www.mgm-tp.com/en/data-protection/ .
Other terms and conditions regarding the processing of Personal Data during the use of the Artifacts are set forth in Appendix A: the Data Processing Addendum.
8. Update Versions
mgm may periodically release updates to or newer versions of the Artifacts that may correct bugs or improve the functionality of the Artifacts. Please check the Site regularly for the latest versions. No liability will be accepted for any damage caused by bugs addressed in an update that hast not been installed by the User.
mgm shall provide the User with a reasonable level of support through the Website and by e-mail or other communication channels announced to the User. mgm does not guarantee that all support requests or bug reports will be adressed.
10. Warranty and Liability
mgm warrants that the Artifacts will substantially perform as described in the documentation and that the Artifacts do not contain viruses, backdoors or malicious routines. mgm will use its reasonable efforts to investigate and correct any reported defects as soon as practicable or to provide a workaround (but may postpone correction of defects with limited impact until the next scheduled release). mgm makes no other guarantees and/or warranties. In particular, mgm makes no representation or warranty, express or implied, that any services provided or any design or process resulting from any particular use of the Artifacts will not infringe any patent, copyright, or proprietary right of any kind of any third party, and mgm shall have no liability for any claim or action brought by any other party against the User for such infringement. Furthermore, mgm, give no contractual guarantee in relation to the licensed software.
(ii) Limitation of Liability
In case of intentional conduct, gross negligence, claims based on the German Product Liability Act, as well as, in case of death or personal or physical injury, mgm is liable according to the statutory law. Subject to the preceding sentence, mgm will only be liable for slight negligence if mgm is in breach of such material contractual obligations, the fulfillment of which facilitate the due performance of this agreement, the breach of which would endanger the purpose of this agreement and the compliance with which a party may constantly trust in (so‐ called "cardinal obligations") but limited in amount to the damage which is foreseeable and typical for the type of business in question here and to a maximum of the respective subscription fee per contractual year, whichever amount is the lower. In other cases of slight negligence, mgm will not be liable for slight negligence.
Unless otherwise provided by mandatory law, mgm’s obligation to pay any compensation shall only arise if the User notifies mgm of such damages in writing within three (3) months of the occurrence of the damage.
User hereby authorizes mgm to identify User as a customer of mgm in its promotional materials. If User wishes to object to such use, User may do so at any time by sending an e-mail to firstname.lastname@example.org. Please note that it may take up to 30 days to process this request.
Each party shall not disclose or use for any other purpose other than the purposes of this Agreement any trade secrets or other information of the other party which has been designated as confidential or the confidential nature of which is known or can reasonably should be known by the other party.
Both parties accept the obligation to maintain strict confidentiality towards third parties with regard to all matters agreed upon in this Agreement. In addition, the parties accept the obligation to maintain strict confidentiality with respect to all information concerning the business, activities and organization of the other party, unless such information is already in the public domain without any involvement of the other Party.
13. Term and Termination
This Agreement is entered into for the (subscription) period indicated on the Site or as otherwise specified (hereinafter: "the Contract Period"). If the Contract Period is not specified, it shall be deemed to have been concluded for period of 12 (twelve) months. Unless otherwise agreed, this Agreement shall be automatically renewed for the same term unless notice of termination is received by mgm in writing at least 2 (two) months prior to the end of the respective term. mgm and/or third parties will usually send User a notice of renewal of licenses and any payments due thereunder.
This Agreement shall end automatically and immediately in the event of the User’s bankruptcy, suspension of payments, seizure of the User’ assets, liquidation, legal dissolution or winding up.
Upon termination of the Agreement, for any reason, User must cease all use of the Artifacts. In addition User must remove all copies (including backup copies) of the Artifacts from all computer systems under User’s control.
14. Changes to Agreement
mgm may update or modify this Agreement, including any referenced policies and other documents, from time to time. If a revision materially limits User's rights, mgm will use reasonable efforts to notify User (for example, by sending an e-mail to the billing or technical contact you designate in the applicable order, by posting on mgm’s blog, through User’s Atlassian account, or within the product itself).
If mgm modifies the Agreement during the license term and/or subscription term, the modified version will become effective upon the next renewal of a license term, support or maintenance term, and/or subscription term, whichever is applicable. In this case, if User objects to the updated Agreement, User’s exclusive remedy is to not renew, including cancelling any terms that are set to automatic renewal.
With respect to Artifacts that are free of charge, acceptance of the updated Agreement will be required for User to continue to use such Artifacts. User may be required to click through the updated Agreement to indicate acceptance. If User does not accept the updated Agreement after it becomes effective, User will no longer has any rights to such Artifacts. For the avoidance of doubt, each order is subject to the version of the Agreement in effect at the time the order is placed.
15. Miscellaneous Terms
This Agreement shall be governed exclusively by German law. Unless otherwise required by mandatory law, all disputes arising in connection with this Agreement shall be submitted to the ordinary court in Munich, Germany.
The invalidity or unenforceability of any provision of this Agreement shall not affect the validity of the Agreement as a whole. In such event, the parties shall agree to a substitute provision that is legally valid and comes as close as possible to the intent of the provision in question.
mgm may assign its rights and obligations under this Agreement to a third party that acquires the relevant business or the copyrights in the Artifacts from mgm.
16. Data Processing Regulations
It is possible through the use of the Artifacts, the End User may process personal data and that mgm processes that may therefore process such personal data on behalf of the End User, in particular in the case of analysis of problems via log files or the like.
Data Processing Addendum
Introduction and definitions
- The word "End User" as applied in this Data processing addendum means your organization, represented by an authorized representative. The word "End Users" as applied in this data processing addendum means any individual in or represented by your organization that uses the Artifacts, either as an administrator or a user.
- Definitions that are used in this data processing addendum derive their meaning from their definitions as meant in the EU General Data Protection Regulation (GDPR).
- This Data Processing Addendum qualifies as a data processing agreement as described in Article 28 GDPR.
- If the End User processes personal data by using the Artifacts, mgm processes such personal data on behalf of the End User. Consequently, the End User and mgm agree that the End User is regarded as the data controller and mgm is regarded as the data processor. Alternatively, if the End User is processing personal data on behalf of a third party, the End User is regarded as the data processor and mgm is regarded as the data sub-processor.
Description of Data Processing
- mgm has no saying in the purpose and means of the processing of the personal data. Additionally, mgm has no saying in the nature of the personal data that is processed. All personal data processed in connection with the Artifacts shall deemed to have been processed at the instructions of the End User.
- mgm will not make independent decisions about the data gathering and use of the personal data, the provision to third parties, the duration and the storage of the personal data.
- The personal data are related to the following data subject categories:
- People who use the Artifacts (the End Users); and/or
- People whose personal data is captured or processed in the Artifacts by End Users; and/or
- People whose data is transmitted via the Artifacts by End Users; and/or
- Other possible data subject categories whose personal data is processed using the Artifacts.
Non-disclosure and Confidentiality
- mgm is bound to non-disclosure against third parties for all personal data that mgm processes on behalf of the End User, following from this Data Processing Addendum. mgm will not use this data for any other purpose than for which mgm received the data from the End User, except if the data is altered (encrypted or a anonymized) in such a way that it is no longer traceable to an individual data subject.
- The non-disclosure as meant in DP-3 section 1 is not applicable:
- to the extent that the End User has provided mgm the permission to provide the data to third parties; or
- when the provision of the data to third parties is logically necessary for the use or proper functioning of the Artifacts or the execution of this data processing addendum; or
- if a legal requirement or court order exists to provide the data to third parties; or
- in regard of third parties to which personal data are provided in their role as sub-processor, taking into account the conditions defined in DP-5.
Security and Technical and Organizational Measures
- With regard to the processing of personal data, mgm will strive to take adequate technical and organizational measures, in particular to safeguard against the destruction, loss, mutation or unauthorized provision or unauthorized access to transferred, stored or otherwise processed personal data.
- The technical and organizational measures that mgm takes follow from the most recent version of their information security policy can be provided by mgm upon justifiable request.
- In case, in mgm's opinion, this is necessary to offer a continued adequate level of security, mgm is allowed to make changes to the security measures.
- mgm does not guarantee that their security is effective under all conditions. mgm will strive to maintain a reasonable level of security, taking into account the state of technology, implementation costs of the security measures, the nature, extent and context of the processing of personal data, the purposes and the intended use of the Artifacts, the data processing risks and the risks for the rights and freedoms of data subject, which they may have expected considering the intended use of the Artifacts and which are divergent for their probability and impact.
- The End User asserts that the security measures as meant or referred to in DP-4, considering the factors as described herein, provide an adequate level of security that is in accordance with the risks of the processing of personal data processed by or provided by the End User.
- The End User will only provide personal data for processing to mgm if the End User has ensured themselves that the required security measures are taken. The responsibility for the compliance of the measures as agreed between the End User and mgm resides with the End User.
- The End User provides mgm the general permission to work with third parties (sub-processors) for the processing of personal data. mgm always work with their associated companies in the European Union and in countries outside of the European Union, while taking into account relevant laws and regulations.
- Upon request by the End User and within a reasonable time frame, mgm will inform the End User about the relevant third parties that mgm works with, regarding the processing of the personal data as meant in this data Processing Addendum.
- mgm has the right to add or replace third parties (changes). If mgm intends to add or replace a third party, mgm will inform the End User accordingly, allowing the End User to object. If the End User wishes to object, the End User must submit their objection in written form, within two weeks and supported by sound argumentation. If the End User does not object within these conditions, the End User is regarded to accept the intended change.
- If the End User objects within the conditions as stated above in DP-5 section 2, mgm and the End User will consult each other and strive to achieve a reasonable solution. If both parties cannot achieve a satisfactory agreement about the intended change as meant above in DP-5 section 2, mgm is entitled to work with the respective added or replaced third party. Respectively, the End User is entitled to terminate their subscription to the Artifacts per the date that the new sub-processor is activated.
- At all times, mgm ensures that the third parties as meant in this article will take on the same obligations as agreed between the End User and mgm in writing and ensures the compliance by these third parties of these obligations.
Transfer of Personal Data
- mgm processes personal data in countries of the European Union. Additionally, the End User permits mgm to process personal data in countries outside of the European Union, while taking into account relevant laws and regulations.
- Upon request and within a reasonable time frame, mgm will inform the End User in which countries mgm processes the personal data.
Data Subject Rights and Requests
- If a data subject submits a request about their personal data to mgm in order to exercise their data subject rights, mgm will forward the request to the End User and inform the data subject accordingly. The responsibility for processing the request and performing data subject rights lies with the End User, who will process the request and perform the data subject rights independently from mgm.
- mgm will provide assistance to the End User for processing a request by a data subject and performing their data subject rights, should this occur to be necessary. mgm may charge the End User for reasonable expenses that are made or to be made while providing such assistance, which will be reimbursed by the End User.
Obligations and Support
- mgm will commit to compliance with the conditions that, based on the GDPR, are bound to the processing of personal data by mgm in their specific role, regarding the processing of personal data as meant in DP-2 of this data processing addendum.
- mgm will process personal data and other forms of data that are made available to mgm by the End User based on written instructions by the End User.
- Upon request and within a reasonable time frame, mgm will inform the End User about the (technical and organizational) measures taken by mgm to comply with their obligations as meant under this data processing addendum.
- The obligations as meant in this data processing addendum are also applicable to parties that process personal data under mgm's authority.
- If, in mgm's opinion, an instruction given by the End User is conflicting with relevant laws and regulations, mgm will inform the End User.
- At the request of the End User, mgm will, within a reasonable time frame, provide the End User with the necessary cooperation to meet their compliance with the obligations that follow from the GDPR. This includes, among others, their obligations with regard to data security, reporting personal data breaches and performing data protection impact assessments. mgm will charge the End User for reasonable expenses that are made or to be made while providing such cooperation, which will be reimbursed by the End User.
Personal Data Breaches
- A personal data breach is defined as a violation of security that accidentally or unlawfully leads to the destruction, loss, mutation or the unauthorized provision or unauthorized access to transmitted, stored or otherwise processed personal data.
- If a personal data breach occurs, mgm will inform the End User to the best of their abilities, abiding by applicable laws and regulations. The End User will then judge if they need to inform the supervisory authorities and/or data subjects. mgm strives to ensure that the information is complete, correct and accurate to the best of their abilities.
- mgm will cooperate with informing the relevant authorities and, if required, the data subjects, should this be required by any law or regulation. The responsibility for informing the relevant authorities and the data subjects resides with the End User.
- If a personal data breach has occurred, mgm will provide the following information to the End User:
- The fact that a personal data breach has occurred
- the (supposed) cause of the breach
- the (then known or expected) effects
- the (proposed) resolution
- the taken measures
- the contact details for the follow-up of the issue
- an overview of the informed parties (e.g.: the data subjects)
Destruction or Return of Personal Data
- After termination of this data processing addendum, mgm will destroy the personal data it has received from the End User without delay, except if mgm and the End User agree that mgm will return the personal data to the End User or retain the personal data for an agreed period, or if mgm is required by law to retain the personal data.
- mgm may charge the End User for reasonable expenses that are made or to be made for the destruction or the return of the personal data to the End User, which will be reimbursed by the End User.
- For the verification of compliance of all items from this data processing addendum, the End User has the right to issue audits by a competent and independent party.
- This competent and independent party is bound to non-disclosure.
- An audit will only be conducted after the End User has requested the available similar audit reports from mgm, has judged the reports and provides sound argumentation why an audit, initiated by the End User, is still justifiable. Such an audit will only be justifiable when the similar audit reports that are available from mgm provide no or insufficient proof about the compliance of this data processing addendum by mgm. If an audit, initiated by the End User, is justified, it will only be conducted at least 30 days after prior announcement by the End User, with a maximum of once per year.
- mgm will cooperate with the audit and will provide all information that is reasonably relevant for the audit, including supportive information such as system logs and access time to relevant employees, as timely as possible and within a reasonable time frame (within two weeks or sooner in case of an urgent interest).
- In mutual consultation, the End User and mgm will judge the findings that may result from the audit. As a result of this process, measures may be implemented by either mgm, the End User or both parties.
- Reasonable expenses made or to be made by mgm in this process will be reimbursed by the End User. The expenses for the hired competent and independent party are always the responsibility of the End User and will be met by them.
Distribution of Responsibilities
- mgm is only responsible for the processing of personal data as meant in this data processing addendum, abiding by the instructions of the End User and under the explicit (final) responsibility of the End User.
- mgm is not responsible for all other processing of personal data, including but not limited to the collection of personal data by the End User, processing of personal data for purposes that the End User failed to report to mgm, processing by third parties and processing for other purposes. For such processing of personal data, the End User has the exclusive responsibility. At all times, the End User guarantees the legality of their processing of personal data and the adequacy of the security of their systems and infrastructure.
- The responsibility for judging whether mgm offers adequate safeguards regarding the implementation of technical and organizational measures in order for the processing of personal data to be compliant with the demands from the GDPR and/or other applicable laws and regulations and whether the protection of the rights of the data subjects is adequately safeguarded, lies with the End User.
- At all times, the End User guarantees that the content, use and instructions for the processing of personal data as meant in this data processing addendum is not unlawful and does not infringe any rights of third parties.
- Notwithstanding other rights of mgm, the End User safeguards mgm from all legal claims by third parties, from any source, if the legal claim relates to the processing of personal data. Additionally, the End User safeguards mgm from potential damages and fines, imposed by competent supervisory authorities, for which the End User is accountable and/or if the End User violates this data processing addendum, the GDPR or any other applicable laws and regulations.
Duration and Termination
- The duration of this data processing addendum is identical to the duration as defined in the Agreement or contract that is agreed upon between mgm and the End User. If there is no duration defined in any of these documents, the duration of this data processing addendum is identical to the duration of the collaboration between the End User and mgm.
- This data processing addendum cannot be terminated intermediately.
- DP-3 (Non-disclosure and Confidentiality) will survive the termination of the data processing addendum.
- mgm and the End User may only change this data processing addendum with mutual consent.