Terms & Service Conditions

1. Introduction

We would like to inform you about what you may expect from us when using our AI-as-a-Service. These conditions have been drafted in clear language to ensure transparency. Should any aspects be unclear, we welcome your questions.

2. Validity of Conditions

These Conditions form part of our agreement and apply for the duration thereof, including any extensions.

3. Amendment of Conditions

The most recent version of the Conditions shall always apply. Amendments will be communicated in a timely manner and clients have the right to decline them, with a notice period of two months under the previous conditions.

4. Term of AI-as-a-Service

The agreement is for an indefinite period, unless otherwise agreed. The notice period for clients is two months before the new annual period, whilst we maintain a notice period of six months for proportionality. With our AI-as-a-Service you receive a licence to use our software and entitlement to additional services. For this licence and services we charge the agreed tariff and you will receive a monthly invoice.

5. Licence and additional services

The AI-as-a-Service includes the product components you subscribe to on the basis of the tariff basis (number of policies). Additionally, you pay a fixed monthly amount for Hosting & Computing Power. The components are detailed on your invoice. You may only use the licence for your own organisation or its subsidiaries.

In addition to the licence to use our software, the AI-as-a-Service also provides entitlement to the following additional services:

• resolving disruptions and providing support during the first three months, provided the number of 100 support hours is not exceeded;
• continuous monitoring of the software and implementation of new releases;
• at least once per year a periodic report including a review meeting with the Client's management team;
• consultancy insofar as specifically stated.

Should you require additional services not mentioned here, we are happy to assist. In that case, we will inform you of any applicable costs.

6. Delivery timescales

We consider it important to honour our commitments. However, unforeseen circumstances may arise or we may depend on third parties. Therefore, all timescales we provide are intended as indicative; a mere exceedance of a stated timescale shall not constitute a default on our part. In all cases where a timescale is at risk of being exceeded or is not met, we shall consult with each other as soon as possible and determine a reasonable timescale to fulfil all obligations properly.

7. Maintenance and disruption

We may take the AI-as-a-Service wholly or partially out of service for maintenance. We shall not take our service out of operation for longer than necessary and shall, where possible, schedule this outside office hours. Disruptions will naturally be resolved as quickly as possible. For response times, please refer to the Service Levels in our Service Conditions.

8. Limitation of warranty

AI predictions are based on statistical models and are provided on a best-effort basis. Onesurance accepts no liability for predictions not materialising or for decisions that the Client takes on the basis of these predictions.

9. Tariff basis

The licence tariff is based on the number of policies in your portfolio, for which we provide a forecast. A fixed amount per policy per year applies per product component. The tariff basis is the number of policies rounded down to the nearest ten thousand. Once per year the tariff basis is redetermined and we increase or decrease the tariff based on the numbers.

We index prices annually, taking into account the Consumer Price Index (CPI) figure of the previous year, the annual change as of July of the current year. The indexation takes effect from the first invoice in the following calendar year. We shall inform you of each indexation.

10. Invoicing

Tariffs are indexed annually in accordance with the CPI figure from CBS (year-on-year July). If the number of policies increases, Onesurance may adjust the tariff proportionally. We invoice the licence monthly in advance. You will receive all our invoices by email in PDF format. The payment term is thirty days.

11. Amendment of agreement

Product components may be added at any time. Product components may only be removed one year after full invoicing or after the expiry of the initial period if one has been agreed. Please note that you must submit a change and/or termination request one month before the new invoicing period and that you cannot increase and decrease within the same quarter.

12. Termination of agreement

You may terminate the licence one year after full invoicing. Please note that you must notify us in writing or by email two months before the expiry of the new annual period. You may terminate the licence early within ten working days after the end of the initial three-month period.

Na beëindiging van de overeenkomst heeft u geen toegang meer tot de software en bijbehorende data. Uw data zal binnen veertien dagen verwijderd worden. Onze opzegtermijn is twaalf maanden. Wij kunnen de overeenkomst per direct beëindigen als u afspraken niet nakomt en wij u daarvoor in gebreke hebben gesteld, facturen structureel te laat betaalt of een factuur waarover geen discussie bestaat na 60 dagen nog niet hebt betaald. Dit recht hebben wij ook als u surseance van betaling of een faillissement hebt aangevraagd. Na beëindiging van de overeenkomst blijft data gedurende 30 dagen beschikbaar voor export door Opdrachtgever, tenzij schriftelijk anders overeengekomen.

13. Liability

We make every effort to ensure that our software meets the specifications we provide. If errors do occur, we shall rectify them as quickly as possible. Nevertheless, things may go wrong. If you suffer damage as a result, we shall work together to find an appropriate solution. If you have a complaint or claim, it is important that you report it to us as soon as possible.

Onze totale aansprakelijkheid wegens een toerekenbare tekortkoming in de nakoming van de overeenkomst of op welke rechtsgrond dan ook is beperkt tot vergoeding van directe schade tot maximaal het bedrag van de voor die overeenkomst bedongen prijs (excl. BTW). Indien de overeenkomst hoofdzakelijk een duurovereenkomst is met een looptijd van meer dan één jaar, wordt de voor die overeenkomst bedongen prijs gesteld op het totaal van de vergoedingen (excl. BTW) bedongen voor één jaar. In beide situaties is onze maximale cumulatieve aansprakelijkheid beperkt tot EUR 1.000.000,-.

Wij kunnen uitsluitend aansprakelijk worden gehouden tot vergoeding van directe schade en niet voor enige vorm van gevolgschade. Onder gevolgschade worden in ieder geval begrepen gederfde omzet, gederfde winst, verlies van gegevens en gemiste kansen. Wij zijn beide niet aansprakelijk ten opzichte van elkaar bij overmacht in de zin van de wet.

14. Intellectual property rights

The intellectual property rights in the software belong and shall continue to belong to us. For the duration of the agreement, you receive a non-exclusive, non-transferable, non-pledgeable and non-sublicensable right of use of our software, including the use of our algorithms. It is not permitted without prior written consent to reproduce, publish, reverse-engineer, decompile or provide to third parties the software and/or algorithms and/or our documents and materials in whole or in part.

Data provided by the Client shall remain the property of the Client. The Client grants Onesurance a right of use for the duration of the agreement to process this data for the purpose of service delivery, quality improvement and benchmarking, provided it is anonymised.

15. Privacy & confidentiality

We shall comply with all applicable requirements of the General Data Protection Regulation (GDPR). We mutually guarantee that all information which we should reasonably understand to be confidential or commercially sensitive, received from each other before and after entering into the agreement, shall remain confidential. We shall take all reasonable measures to protect this information.

We would like to be able to mention in advertising or marketing activities that you are one of our valued clients. We shall carefully remove all information about the results and/or work carried out for you that could be traced back to you.

16. Legal matters

All disputes arising from or in connection with our agreement shall be submitted exclusively to the competent court in Breda. Our agreement, as well as all disputes connected with or arising from our agreement, shall be governed exclusively by the laws of the Netherlands. The United Nations Convention on Contracts for the International Sale of Goods (Vienna Convention) shall not apply.

Notices that we give to each other under this agreement shall be in writing. Writing shall be understood to mean by post and/or by email, if addressed to the email addresses of the signatories to the agreement. Any oral undertakings and arrangements shall have no effect unless confirmed in writing by both parties.

17. Partner strategy and Training

Implementation partners may be certified through a training programme. Paid onboarding and training modules are available to increase efficiency and adoption.

1. Introduction

The Parties wish to manage each other's expectations and obligations with regard to the execution of the services, as described in the Agreement, qualitatively. The success of any collaboration depends on proper and timely mutual cooperation. It is important, among other things, that the Parties communicate clearly with each other, whereby (important) information is shared in a timely manner.

This SLA sets out the arrangements for the execution of the Service.

Agreement - The Parties have entered into an Agreement for the use of Onesurance's AI-as-a-Service (hereinafter: "Agreement"). This Service Level Agreement (hereinafter the "SLA") forms part of this Agreement.

Applicability - This SLA applies to the production environment of Onesurance's AI-as-a-Service provision and associated portals and integrations. In addition, if agreed, an acceptance environment is available; conditions for this are stated separately.

Purpose of SLA - The SLA sets out arrangements regarding the quality parameters of the service delivery with the purpose of monitoring and reporting on the quality and execution of the service delivery of both the product and the support.

Amendments to existing SLA - This SLA is a living document that must be regularly reviewed and updated to continue meeting the needs of both Parties. All improvements are implemented unilaterally. If an amendment may have a negative impact on the Client, Onesurance shall do so in consultation and only implement it after the Client's approval.

Definitions - Terms capitalised herein shall have the following meaning or the meaning as defined elsewhere in this document:

Acceptance

the definitive and written approval by the Client of (components of) the Service(s).

Resolution time

the time measured and recorded by the Supplier (including Response time) between the time of reporting the Incident to the Supplier and the Supplier's notification to the Client that the Incident has been resolved.

Back-up

a copy of files and data stored on a data carrier to enable the restoration of this information in the event of a system crash, data loss or other calamities.

Availability

a period expressed as a percentage of the total time measured over a full calendar month, during which a Service is available under the correct conditions.

Data breach

a breach of the confidentiality and/or the integrity and/or the Availability of personal data whereby unauthorised persons have gained unintended or unlawful access to (client) personal data.

Downtime

the period during which the Service is unreachable or does not respond at all.

Incident

an interruption, deviation, disruption, reduced Availability or reduced speed of an agreed service, resource or product.

Supplier

Onesurance.

Client

the client of Onesurance.

RPO (Recovery Point Objective)

the maximum period during which data loss is acceptable in the event of a calamity.

RTO (Recovery Time Objective)

the maximum time between an Incident and the functionality becoming available again.

AI-as-a-Service

the application of Onesurance that is made available via the internet to authorised Users.

2. General AI-as-a-Service

The Supplier makes its AI-as-a-Service available via the internet and provides the technical maintenance and technical management of the delivered Services. The Supplier makes its products available from a data centre located within the EEA. To make use of this, the Client must ensure the following:

• A stable internet connection with a minimum speed of 5Mbps;
• Chrome browser, with the latest updates installed;
• A minimum resolution of 1600 x 900 combined with a scale of 100%.

3. Technical management by Onesurance

Technical maintenance and management is provided by the Supplier. This includes: Infrastructure management, Data management, Security management, Compliance & audits and Performance optimisations. The Supplier also provides the delivery of new functionalities in the application.

Infrastructure - Managing the hardware infrastructure, such as hosting, servers and storage, required to support the AI-as-a-Service application.

Data management - Managing the data stored and processed by the AI-as-a-Service application. This includes implementing, managing and verifying Back-up and recovery procedures, ensuring data integrity and meeting data protection compliance requirements.

Security management - Implementing and maintaining security measures to protect the AI-as-a-Service application against threats such as hackers, malware and Data breaches.

Compliance and audits - Meeting legal and industry compliance requirements such as the GDPR, and standards regarding information and cyber security. The Supplier cooperates with annual audits and penetration tests.

4. Application performance

Under optimal conditions, we aim for the following performance, excluding scheduled maintenance and Force Majeure, on a best-effort basis:

5. Production environment availability AI-as-a-Service

The Supplier commits to an Availability of at least 95% for its AI-as-a-Service, reduced by Planned Non-Availability. Availability is calculated per calendar month according to the formula:

6. Acceptance environment availability AI-as-a-Service

If desired by the Client, the Supplier provides the option to set up an acceptance environment. The Supplier commits to an Availability of the acceptance environment of at least 85% for its AI-as-a-Service, reduced by Planned Non-Availability. The Availability of the acceptance environment is lower than the production environment because test scenarios are regularly deployed for our Partners.

7. Measuring Availability

To measure Availability proactively, the Supplier uses server monitoring, monitoring of the AI-as-a-Service for activity and load, and the number of successful login checks on the AI-as-a-Service. Upon request, a report can be generated of non-sensitive information such as the Availability percentage.

8. Environment monitoring

Our AI-as-a-Service solutions and associated portals, as well as the infrastructure, are monitored 24×7. If disruptions occur in the underlying infrastructure or application, the Supplier receives an automated notification and attempts to resolve the disruption immediately.

Security updates are implemented in accordance with the following timescales:

9. Testing responsibilities after maintenance

The Supplier is responsible for the uptime of the application and the technology. After maintenance, the Supplier shall perform a check on the functioning of the functionalities. It is the Supplier's responsibility to perform a functional test after an update to verify that functionality still works as originally intended.

10. Support services

The Supplier provides support for its AI-as-a-Service via the Supplier's Support for answering and handling service requests (Calls). Service requests may only be submitted by the Client's project management.

* Excluding public holidays

11. Scope and types of Calls

The primary type of Call covered under the SLA is an Incident. This includes three categories: Incidents, Privacy and security Incidents and disruptions, and Correction requests.

Secondary Calls are not covered under the SLA conditions but are handled by the Supplier. These include: Restore requests, Questions, Consultancy, Request for Changes (RFCs) and other queries.

12. Complaints and communication matrix

If there are Complaints about the service delivery, these may be communicated to the assigned Customer Success Manager of the Supplier. Support registers the Complaint and assigns it to a handler. The Client is kept informed of the progress.

13. Incident management

The purpose of incident management is to ensure that the Acceptance Assistant is operational again as quickly as possible. Incidents are handled on the basis of Priority and lead time.

14. Response & Resolution time

* Prio 3 bugs are generally resolved more quickly, but when development work is required, this is planned for the next sprint and delivered.

15. Change management

Changes within the Acceptance Assistant environment are organised into 3 categories: (1) Changes to optimise the application on a functional and/or technical level initiated by the Supplier; (2) Calls classified as RFC at the request of the Client; (3) Standard Changes that have no impact on existing functionality.

16. Software release

The Supplier uses continuous integration, which enables changes with higher urgency to be deployed directly to the production environment. When delivering a release, the Supplier publishes release documentation within a maximum of 1 week after the release.

17. Legal requirements

The Supplier is bound by laws and regulations. We adapt our software to these in a timely manner, so that the Client can also comply in a timely manner. These legal Changes are delivered through a software release in the AI-as-a-Service.

18. Problem management

The purpose of problem management is to reduce the likelihood and impact of Incidents by identifying current and potential causes of Incidents, and managing workarounds and known errors. The Supplier periodically analyses the number of reports received and recognises trends that may indicate structural Problems.

19. Security and hosting

The Supplier makes every effort to keep its Services secure through security measures from infrastructure to application. In the event of a Security breach, the Supplier reserves the right to immediately disable the AI-as-a-Service to limit potential damage.

Data processing - The Supplier, as data processor, never processes data for purposes other than those agreed and for which a legal basis exists. The Supplier never stores data at locations outside the European Union. The Service is hosted on Microsoft's Azure Cloud services.

20. Redundancy and Back-up

For Back-ups, Onesurance uses the Back-up policy as provided by Microsoft Azure. Back-ups of the primary data centre are performed according to the following schedule:

21. Technical architecture

AI-as-a-Service environments are deployed using a combination of Azure DevOps, Azure Machine Learning, Azure App Service and Terraform. To test changes to the model and the API safely, there are two endpoints (URLs) for the API that can be used via the "deployment slots" functionality of Azure App Service.

22. Monitoring, detection

The Supplier has active monitoring and detection on both servers and software. This means that active surveillance is maintained for potential unauthorised login attempts by malicious actors. In case of irregularities, an automated warning is immediately sent to Support. These warnings are always treated as a Prio 1 Incident.

23. Information security

Information security is an important element within the Supplier. As sensitive information is stored and processed, a number of important processes are in place to safeguard data integrity.

24. Information security structure

The Supplier is actively engaged in information security and its oversight. The Data Protection Officer role is an executive and internal role. The Data Protection Officer ensures proper implementation of and supervision over applicable laws and regulations and, together with Onesurance management, drafts the information security policy.

25. Data incidents

When a Data breach is suspected, the Data Protection Officer is immediately involved. The Data Protection Officer investigates the reported Incident together with the Heads of Engineering and Machine Learning and reports back to the Client via Support, within 24 hours of the suspected Data breach, whether a Data breach has occurred.

26. Incident report

When a Data breach has occurred, an incident report is drawn up and shared with the reporter of the Incident and with all stakeholders involved in the Incident. An incident report consists of the documentation of the Problem, the cause, the impact and the resolution.

27. DTAP pipeline

If agreed with the Client, the Supplier shall use the DTAP methodology for software development. In this way, a clear distinction is made between the different environments. Separate environments and databases are used, so that no data Incident can occur through the mixing of data across the different environments.