Contracting parties
These Terms apply to the Vuuli service provided by Sates Oy ("Vuuli", "we", "us"). Sates Oy is a company registered in Finland (Business ID 3375221-7, VAT ID FI33752217) at Kuivastie 21 as 47, 90500 Oulu, Finland.
When a person or organization starts using the Service ("Customer", "you"), a contract is formed between the Customer and Vuuli. If you use the Service for an organization, you represent that you have authority to bind it to these Terms. The Service is intended for users who are at least 18 years old.
1. Service and user accounts
Vuuli is a software service for company search, prospecting, customer relationship management, communications, tasks, and sales pipelines. Available features depend on the selected subscription.
The Customer is responsible for its users, keeping access rights current, and protecting login credentials. The Customer must notify us promptly of suspected account misuse or compromised credentials.
We grant the Customer a limited, non-exclusive, non-transferable right to use the Service for its internal business purposes during the subscription term and in accordance with these Terms.
2. Subscriptions, payments, and cancellation
Subscriptions renew for the selected billing period unless cancelled before the next renewal. Prices are stated in euros and applicable taxes are added. The Customer is responsible for maintaining accurate billing and contact information.
A subscription can be cancelled through the account settings. Cancellation takes effect at the end of the current paid subscription period. Fees already paid are non-refundable unless mandatory law requires otherwise. Any free trial ends at the stated time unless the Customer upgrades to a paid subscription.
3. Customer Data, ownership, and confidentiality
"Customer Data" means CRM records, notes, contacts, communications, files, and other material entered into or imported to the Service by the Customer or its users.
The Customer retains all rights in Customer Data. These Terms do not transfer ownership of Customer Data or related intellectual property rights to Vuuli. The Customer grants Vuuli only the rights required to process Customer Data to provide the Service and perform these Terms.
Customer Data is the Customer's confidential information. Vuuli protects it with at least the same degree of care it uses for its own similar confidential information and uses it only to:
- provide, maintain, secure, and support the Service;
- carry out the Customer's documented instructions;
- investigate misuse or security threats; or
- comply with a legal obligation.
Vuuli does not sell Customer Data or use identifiable Customer Data for advertising, marketing, demonstrations, general product research, or training artificial intelligence models. We may improve the Service using only aggregated or anonymized information that cannot reasonably identify the Customer or a data subject.
Vuuli does not routinely inspect Customer Data. Authorized personnel may access it only when necessary to provide requested support, maintain or secure the Service, investigate misuse, or comply with a legal obligation. Access is limited according to work duties, and personnel with access are bound by confidentiality obligations.
4. Processing personal data for the Customer
When Customer Data contains personal data for which the Customer determines the purposes and means of processing, the Customer is the controller and Vuuli is the processor. This section constitutes a data processing agreement under Article 28 of Regulation (EU) 2016/679 (GDPR).
Vuuli will:
- process personal data only under the Customer's documented instructions and these Terms, including with regard to transfers of personal data;
- promptly inform the Customer if, in Vuuli's reasoned opinion, an instruction infringes applicable data protection law;
- ensure that persons processing personal data are subject to confidentiality;
- implement technical and organizational measures appropriate to the risk;
- reasonably assist the Customer through appropriate technical and organizational measures with requests to exercise data-subject rights;
- assist the Customer, based on available information, with obligations concerning security, personal-data breaches, impact assessments, and prior consultations;
- make information reasonably required to demonstrate compliance with this section available to the Customer; and
- return or delete personal data in accordance with section 9 unless applicable law requires retention.
If Vuuli receives a data-subject request directly concerning personal data processed for the Customer, Vuuli will direct the request to the Customer and will not respond on the Customer's behalf without its instructions or a legal obligation.
5. Description of processing
The subject matter is the provision of the Vuuli service to the Customer. Processing continues for the contract term and the deletion period described in section 9.
The nature and purpose of processing may include receiving, recording, organizing, retrieving, displaying, transmitting to recipients selected by the Customer, backing up, securing, supporting, and deleting Customer Data.
Categories of data subjects may include the Customer's users, employees, customers, prospective customers, contacts, suppliers, and other persons whose data the Customer chooses to process in the Service.
Types of personal data may include names, work roles, organization details, contact details, communication and meeting history, sales-pipeline information, tasks, notes, custom-field data, and technical usage and log data. The Customer determines what it stores and is responsible for lawfulness, data minimization, notices to data subjects, and required legal bases.
6. Security
Vuuli maintains technical and organizational measures appropriate to the risk to protect the confidentiality, integrity, and availability of data. As applicable, these measures include role-based access restrictions, authentication and access management, protection of data in transit, backups, vulnerability and update management, and security-incident handling.
The Customer is responsible for managing its users' access, using strong and individual credentials, securing its devices, and avoiding unnecessary personal data in the Service.
7. Subprocessors and international transfers
The Customer gives Vuuli general written authorization to use subprocessors to provide the Service. Vuuli selects subprocessors with due care, enters into a written agreement imposing materially equivalent data-protection duties, and remains responsible to the Customer for their performance as required by law.
A current list of material subprocessors is available by request from help@vuuli.com. We will give at least 14 days' notice before appointing a material new subprocessor where the change affects Customer Data. The Customer may object on reasonable data-protection grounds. If the parties cannot resolve the objection, the Customer may terminate the affected part of the Service.
Primary production storage of Customer Data is located in the European Economic Area. If a subprocessor processes limited personal data outside the EEA, Vuuli uses an applicable transfer mechanism, such as a European Commission adequacy decision or Standard Contractual Clauses, and supplementary safeguards where required.
8. Personal-data breaches and audits
Vuuli will notify the Customer without undue delay after becoming aware of a personal-data breach affecting personal data processed for the Customer. The notice will include available information about the nature and likely effects of the breach and corrective measures taken or planned. Vuuli will reasonably cooperate with the investigation.
The Customer may audit compliance with this processing agreement no more than once in any 12-month period on reasonable notice. This limit does not apply where an additional audit is required due to a personal-data breach, a reasonably substantiated compliance concern, a regulatory requirement, or applicable law.
Audits are conducted using documents, questionnaire responses, and reasonable interviews provided by Vuuli. Vuuli does not provide the Customer or its appointed auditor with access to Vuuli premises, production systems, source code, or other customers' data. If the information provided is not reasonably sufficient, the parties will agree on another independent remote assessment or equivalent means of demonstrating compliance. This does not restrict the statutory inspection powers of a competent supervisory authority.
An audit must not compromise other customers' data or Vuuli's security. The Customer bears its audit costs unless the audit identifies a material breach by Vuuli.
9. Export, contract end, and deletion
The Customer may export Customer Data using the Service's export functions while the account remains active. The Customer must complete any required export before the subscription or account ends.
When an account is terminated, Vuuli deletes Customer Data from active production systems immediately unless applicable law requires retention. Backup copies expire through the normal rotation process within 90 days. Backups are not used for ordinary business processing and are used only for system recovery, security, and legal obligations.
10. Prohibited and sensitive material
The Service is not designed to store special-category data, health data, payment-card data, passwords, authentication secrets, criminal-conviction data, or similarly high-risk information. The Customer must not store such information in the Service without a separate written agreement with Vuuli.
The Customer must not use the Service unlawfully, infringe third-party rights, transmit harmful code, bypass security controls, attempt unauthorized access, disrupt the Service, send unlawful spam, or extract Service data through automated means without authorization.
11. Intellectual property and feedback
Vuuli and its licensors own the Service, software, interface, documentation, trademarks, and related intellectual property rights. No rights transfer to the Customer except the right to use the Service expressly granted in these Terms.
The Customer may provide feedback, suggestions, and ideas about the Service, which Vuuli may use without compensation. This feedback right does not apply to Customer Data, Customer Data visible in a support request, or other material that is marked confidential or is confidential by its nature.
12. Suspension and termination
Vuuli may suspend access immediately only where reasonably necessary due to a security threat, law or authority order, overdue payment, misuse of the Service, or a material breach of these Terms. Where possible, we will give advance notice of the suspension and its basis, or otherwise notify the Customer without undue delay.
If a breach can be remedied, we will provide a reasonable cure period before termination unless immediate termination is necessary to comply with law or protect security or other customers. Where reasonably possible, we will allow the Customer to export Customer Data before termination. Section 9 governs deletion.
13. Availability, backups, and Customer responsibility
Vuuli aims to keep the Service available and maintains commercially reasonable backup and restoration procedures. Interruptions may result from maintenance, security measures, or events beyond Vuuli's reasonable control.
Backups are intended for Service recovery and do not replace the Customer's own archiving. The Customer should export and retain business-critical information according to its continuity and retention needs. Vuuli will use reasonable efforts to restore data from backups if a failure within Vuuli's responsibility causes data loss or corruption.
14. Liability
Neither party is liable for indirect or consequential loss, including lost profit, unless mandatory law requires otherwise. Vuuli's aggregate liability for claims relating to these Terms is limited to the amount the Customer paid for the Service during the 12 months preceding the event giving rise to the claim.
The limitations do not apply to intentional misconduct, gross negligence, breach of confidentiality, infringement of intellectual property rights, or liability that cannot legally be limited.
15. Privacy notice
Our Privacy Notice explains how Vuuli processes personal data for its own purposes as a controller. Sections 3-9 of these Terms primarily govern personal data contained in Customer Data.
16. Governing law and disputes
These Terms are governed by Finnish law, excluding its choice-of-law rules. The parties will first seek to resolve disputes through negotiation. If no resolution is reached, disputes are subject to the District Court of Oulu, Finland. Consumers retain mandatory protections of their country of residence and may refer a matter to the applicable consumer-dispute body.
17. Changes to these Terms
We may change these Terms where required by changes in law, security, the Service, or our business model. We will provide reasonable advance notice of material changes that reduce Customer rights. If the Customer does not accept a material change, it may terminate the subscription before the change takes effect.
18. General terms and contact
If a provision is invalid, the remaining provisions remain effective. Failure to exercise a right is not a waiver. Vuuli may assign the contract as part of a business transfer provided that Customer data protection is not materially reduced. The Customer may not assign the contract without Vuuli's written consent.
Questions, privacy matters, and contractual notices:
- Sates Oy, Kuivastie 21 as 47, 90500 Oulu, Finland
- help@vuuli.com