Support for SaaS

1. PURPOSE

This document aims to explain the terms of support and maintenance service for our customers who are getting software as a service on Sestek cloud environments.
The Support and Maintenance Agreement parties would agree to the following terms and conditions regarding the maintenance, support, and operations of Sestek SaaS environment.

2. SCOPE

The document provides information on support plans, service times, and support levels within the scope of support and maintenance of Sestek products and services.

3. REFERENCE DOCUMENTS

SaaS Service Agreement

4. RESPONSIBILITIES

The Application Support Team is responsible for preparing and updating the document.

5. DEFINITIONS

In this document, except to the extent expressly provided otherwise:

"Access Credentials" means the usernames, passwords and other credentials enabling access to the Hosted Services, including both access credentials for the User Interface and access credentials for the API;

"API" means the application programming interface for the Hosted Services defined by Sestek and made available by Sestek to the Customer;

“Agreement” means a fully executed agreement with terms and conditions governing the license and provision of support services of the Platform by Sestek.

"Business Day" means any weekday other than a bank or public holiday in Customer’s country

"Business Hours" means the hours of 09:00 to 18:00 in Customer’s timezone;
"Customer Confidential Information" means:
(a) any information disclosed by or on behalf of the Customer to Sestek during the Term (whether disclosed in writing, orally or otherwise) that at the time of disclosure:
(i) was marked or described as "confidential"; or
(ii) should have been reasonably understood by Sestek to be confidential; and
(b) the Customer Data;

"Customer Data" means all data, works and materials: uploaded to or stored on the Platform by the Customer; transmitted by the Platform at the instigation of the Customer; supplied by the Customer to Sestek for uploading to, transmission by or storage on the Platform; or generated by the Platform as a result of the use of the Hosted Services by the Customer (but excluding analytics data relating to the use of the Platform and server log files);

"Customer Personal Data" means any Personal Data that is processed by Sestek on behalf of the Customer in relation to support activities, but excluding personal data with respect to which Sestek is a data controller;

"Data Protection Laws" means the EU GDPR, UK GDPR, KVKK and all other applicable laws relating to the processing of Personal Data;

"Documentation" means the documentation for the Hosted Services produced by Sestek and delivered or made available Sestek to the Customer;

"EU GDPR" means the General Data Protection Regulation (Regulation (EU) 2016/679) and all other EU laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time;

"UK GDPR" means the EU GDPR as transposed into UK law (including by the Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) and all other UK laws regulating the processing of Personal Data, as such laws may be updated, amended and superseded from time to time;

"Force Majeure Event" means an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, epidemics, pandemics, explosions, fires, floods, riots, terrorist attacks and wars);

"Hosted Services" means, as specified in the Hosted Services Specification, which will be made available by Sestek to the Customer as a service via the internet in accordance with this agreement;

"Hosted Services Defect" means a defect, error or bug in the Platform having an adverse effect or a material adverse effect on the appearance, operation, functionality or performance of the Hosted Services, but excluding any defect, error or bug caused by or arising as a result of:
(a) any act or omission of the Customer or any person authorised by the Customer to use the Platform or Hosted Services;
(b) any use of the Platform or Hosted Services contrary to the Documentation, whether by the Customer or by any person authorised by the Customer;
(c) a failure of the Customer to perform or observe any of its obligations in this document; and/or
(d) an incompatibility between the Platform or Hosted Services and any other system, network, application, program, hardware or software not specified as compatible in the Hosted Services Specification;
“Error” means any failure of Sestek’s software that a Sestek Support Engineer can replicate or that a customer can duplicate
“Fix” means the repair or replacement of software components to remedy a problem.
“Problem” means a problem in functionality, not defined as a defect, that is due to the Customer’s configuration or use of Sestek Products.

"Intellectual Property Rights" means all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these "intellectual property rights" include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs);

"Personal Data" means personal data under any of the Data Protection Laws;

"Platform" means the platform managed by Sestek and used by Sestek to provide the Hosted Services, including the application and database software for the Hosted Services, the system and server software used to provide the Hosted Services, and the computer hardware on which that application, database, system and server software is installed;

"Services" means any services that Sestek provides to the Customer, or has an obligation to provide to the Customer, under this document;

"Support Services" means support in relation to the use of, and the identification and resolution of errors in, the Hosted Services, but shall not include the provision of training services;

"Supported Web Browser" means the current release from time to time of Microsoft Edge, Mozilla Firefox, Google Chrome or Apple Safari, or any other web browser that Sestek agrees in writing shall be supported;

"User Interface" means the interface for the Hosted Services designed to allow individual human users to access and use the Hosted Services.

6. HOSTED SERVICES

6.1 Sestek shall provide, or shall ensure that the Platform will provide, to the Customer upon the Effective Date the Access Credentials necessary to enable the Customer to access and use the Hosted Services.
6.2 Sestek hereby grants to the Customer a worldwide, non-exclusive licence to use the Hosted Services by means of the User Interface and the API for the internal business purposes of the Customer in accordance with the documentation during the Term.
6.3 The licence granted by Sestek to the Customer under Clause 6.2 is subject to the following limitations:
(a) the User Interface may only be used through a Supported Web Browser
(b) the User Interface may only be used by the officers, employees and agents of the Customer;
(c) the API may only be used by an application or applications approved by Sestek in writing and controlled by the Customer.
6.4 Except to the extent expressly permitted in this document or required by law on a non-excludable basis, the licence granted by Sestek to the Customer is subject to the following prohibitions:
(a) the Customer must not sub-license its right to access and use the Hosted Services;
(b) the Customer must not permit any unauthorised person or application to access or use the Hosted Services;
(c) the Customer must not use the Hosted Services to provide services to third parties;
(d) the Customer must not make any alteration to the Platform, except as permitted by the Documentation;
(f) the Customer must not conduct or request that any other person conduct any load testing or penetration testing on the Platform or Hosted Services without the prior written consent of Sestek
6.5 The Customer shall implement and maintain reasonable security measures relating to the Access Credentials to ensure that no unauthorised person or application may gain access to the Hosted Services by means of the Access Credentials.
6.6 Sestek shall use all reasonable endeavours to maintain the availability of the Hosted Services to the Customer at the gateway between the public internet and the network of the hosting services provider for the Hosted Services. Sestek guarantees %99.9 high availability.
6.7 For the avoidance of doubt, downtime caused directly or indirectly by any of the following shall not be considered a breach of this Agreement:
(a) a Force Majeure Event;
(b) a fault or failure of the internet or any public telecommunications network;
(c) a fault or failure of the Customer's computer systems or networks;
(d) any breach by the Customer of this Agreement; or
(e) scheduled maintenance carried out in accordance with this Agreement.
6.8 The Customer must not use the Hosted Services in any way that causes, or may cause, damage to the Hosted Services or Platform or impairment of the availability or accessibility of the Hosted Services.
6.9 The Customer must not use the Hosted Services in any way that uses excessive Platform resources and as a result is liable to cause a material degradation in the services provided by Sestek to its other customers using the Platform; and the Customer acknowledges that Sestek may use reasonable technical measures to limit the use of Platform resources by the Customer for the purpose of assuring services to its customers generally.
6.10 The Customer must not use the Hosted Services:
(a) in any way that is unlawful, illegal, fraudulent or harmful; or
(b) in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.
6.11 For the avoidance of doubt, the Customer has no right to access the software code (including object code, intermediate code and source code) of the Platform, either during or after the Term.

7. SCHEDULED MAINTENANCE

7.1 Sestek may from time to time suspend the Hosted Services for the purposes of scheduled maintenance to the Platform, providing that such scheduled maintenance must be carried out in accordance with this Clause 7.
7.2 Sestek shall where practicable give to the Customer at least 2 Business Days' prior written notice of scheduled maintenance that will, or is likely to, affect the availability of the Hosted Services or have a material negative impact upon the Hosted Services.
7.3 Sestek shall ensure that all scheduled maintenance is carried out outside Business Hours.
7.4 Sestek shall ensure that, during each calendar month, the aggregate period during which the Hosted Services are unavailable as a result of scheduled maintenance, or negatively affected by scheduled maintenance to a material degree, does not exceed 90 minutes in a month.

8. SUPPORT SERVICES

8.1 Sestek shall provide the Support Services to the Customer during the Term.
8.2 Support is provided through access to the Sestek Support via the portal (https://support.Sestek.com) and telephone (+90 850 737 2 737 Turkey, +1 609 256 6888 US ). Support is provided solely to the Customer’s properly trained and designated personnel according to the service agreement.
Sestek will provide support via support portal and telephone, according to the Error Remediation Process between 9:00 a.m. and 6:00 p.m (According to Customer Time Zone), Monday through Friday, exclusive of Sestek holidays (“Support Hours”). For concerns that are categorized as Severity 1 Production outages, which occur outside of the Support Hours, a twenty-four (24) hour, seven day a week hotline will be provided for the Customer to submit the Error to Sestek. Sestek will respond to such Error within two (2) hours.
8.3 Sestek shall provide the Support Services in accordance with the standards of skill and care reasonably expected from a leading service provider in Sestek's industry.
8.4 The Customer may use the helpdesk for the purposes of requesting and, where applicable, receiving the Support Services; and the Customer must not use the helpdesk for any other purpose.
8.5 Sestek shall respond promptly to all requests for Support Services made by the Customer through the helpdesk.
8.6 Sestek may suspend the provision of the Support Services if any amount due to be paid by the Customer to Sestek under this Agreement is overdue, and Sestek has given to the Customer at least 7 days' written notice, following the amount becoming overdue, of its intention to suspend the Support Services on this basis.
8.7 Additional Support. Any additional support-related assistance provided to the Customer by Sestek, beyond support portal and phone support, will be provided at Sestek then-current rates. This includes custom programming, data conversion and consulting.

9. DEFECT AND PROBLEM SEVERITY LEVEL CLASSIFICATION , SLA

Severity Level Definition

Severity 1 (S1) The hosted services or the platform is having a significant enough impact on the Customer’s business function to prevent that function from being executed. Most of the users can not use the system to do their routine work. At least %80 of users are affected.
Severity 2 (S2) The hosted services or the platform is moderately affected. There is no workaround currently available, or the workaround is cumbersome to use. There are some technical malfunctions in the system that affects %25 of the users at most.
Severity 3 (S3) The hosted services or the platform issue is not critical; no data has been lost, and the system has not failed. The issue has been identified and does not hinder normal operations, or the situation may be temporarily circumvented using an available workaround.
Severity 4 (S4) Non-critical issues, general questions, enhancement requests, or functionality not match documented specifications: a defect or problem with no business impact.

Service Level Aggreement

10. CUSTOMER DATA

10.1 The Customer hereby grants to Sestek a non-exclusive licence to copy, reproduce, store, distribute, publish, export, adapt, edit and translate the Customer Data to the extent reasonably required for the performance of Sestek's obligations and the exercise of the Sestek's rights under this agreement. The Customer also grants to Sestek the right to sub-license these rights to its hosting, connectivity and telecommunications service providers, subject to any express restrictions elsewhere in this agreement.
10.2 The Customer warrants to Sestek that the Customer Data or the Customer Data when used by Sestek in accordance with this agreement, will not infringe the Intellectual Property Rights or other legal rights of any person, and will not breach the provisions of any law, statute or regulation, in any jurisdiction and under any applicable law.
10.3 Sestek shall create a back-up copy of the Customer Data at least daily, shall ensure that each such copy is sufficient to enable Sestek to restore the Hosted Services to the state they were in at the time the back-up was taken, and shall retain and securely store each such copy for a minimum period of 30 days.
10.4 Within the period of 1 Business Day following receipt of a written request from the Customer, Sestek shall use all reasonable endeavours to restore to the Platform the Customer Data stored in any back-up copy created and stored by Sestek in accordance with Clause 10.3. The Customer acknowledges that this process will overwrite the Customer Data stored on the Platform prior to the restoration.

11. SESTEK'S CONFIDENTIALITY OBLIGATIONS

11.1 Sestek must:
(a) keep the Customer Confidential Information strictly confidential;
(b) not disclose the Customer Confidential Information to any person without the Customer's prior written consent, and then only under conditions of confidentiality approved in writing by the Customer;
(c) use the same degree of care to protect the confidentiality of the Customer Confidential Information Sestek uses to protect Sestek's own confidential information of a similar nature, being at least a reasonable degree of care;
(d) act in good faith at all times in relation to the Customer Confidential Information;
11.2 This Clause 11 imposes no obligations upon Sestek with respect to Customer Confidential Information that:
(a) is known to Sestek before disclosure under this agreement and is not subject to any other obligation of confidentiality;
(b) is or becomes publicly known through no act or default of Sestek ; or
(c) is obtained by Sestek from a third party in circumstances where Sestek has no reason to believe that there has been a breach of an obligation of confidentiality.
11.3 The restrictions in this Clause 11 do not apply to the extent that any Customer Confidential Information is required to be disclosed by any law or regulation, by any judicial or governmental order or request.
11.4 The provisions of this Clause 11 shall continue in force indefinitely following the termination of this agreement

12. DATA PROTECTION

12.1 Each party shall comply with the Data Protection Laws with respect to the processing of the Customer Personal Data.
12.2 The Customer warrants to Sestek that it has the legal right to disclose all Personal Data that it does in fact disclose to Sestek under or in connection with this agreement.
12.3 Sestek shall promptly inform the Customer if, in the opinion of Sestek, an instruction of the Customer relating to the processing of the Customer Personal Data infringes the Data Protection Laws.
12.4 Notwithstanding any other provision of this agreement, Sestek may process the Customer Personal Data if and to the extent that Sestek is required to do so by applicable law. In such a case, Sestek shall inform the Customer of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
12.5 Sestek shall ensure that persons authorised to process the Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
12.6 Sestek must not engage any third party to process the Customer Personal Data without the prior specific or general written authorisation of the Customer. In the case of a general written authorisation, Sestek shall inform the Customer at least 7 days in advance of any intended changes concerning the addition or replacement of any third party processor, and if the Customer objects to any such changes before their implementation, then Sestek must not implement the changes. Sestek shall ensure that each third party processor is subject to equivalent legal obligations as those imposed on Sestek by this Clause 12.
12.7 Sestek shall, insofar as possible and taking into account the nature of the processing, take appropriate technical and organisational measures to assist the Customer with the fulfilment of the Customer's obligation to respond to requests exercising a data subject's rights under the Data Protection Laws.
12.8 Sestek shall assist the Customer in ensuring compliance with the obligations relating to the security of processing of personal data, the notification of personal data breaches to the supervisory authority, the communication of personal data breaches to the data subject, data protection impact assessments and prior consultation in relation to high-risk processing under the Data Protection Laws. Sestek may charge the Customer at its standard time-based charging rates for any work performed by Sestek at such requests of the Customer.
12.9 Sestek shall, at the choice of the Customer, delete or return all of the Customer Personal Data to the Customer after the provision of services relating to the processing, and shall delete existing copies save to the extent that applicable law requires storage of the relevant Personal Data.
12.10 Sestek shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer in respect of the compliance of the Sestek's processing of Customer Personal Data with the Data Protection Laws and this Clause 12. Sestek may charge the Customer at its standard time-based charging rates for any work performed at such requests.

13. ACKNOWLEDGEMENTS AND WARRANTY LIMITATIONS

13.1 The Customer acknowledges that complex software is never wholly free from defects, errors and bugs; and subject to the other provisions of this agreement, Sestek gives no warranty or representation that the Hosted Services will be wholly free from defects, errors and bugs.
13.2 The Customer acknowledges that complex software is never entirely free from security vulnerabilities; and subject to the other provisions of this agreement, Sestek gives no warranty or representation that the Hosted Services will be entirely secure. However, Sestek undertakes that it will provide all the support it can in terms of providing secure software, but if there is a security gap, it will immediately declare it to the Customer and close the security gap as soon as possible according to the size of the risk.
13.3 The Customer acknowledges that the Hosted Services are designed to be compatible only with that software and those systems specified as compatible in the Hosted Services Specification; and Sestek does not warrant or represent that the Hosted Services will be compatible with any other software or systems.

14. FORCE MAJEURE EVENT

14.1 If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under this agreement (other than any obligation to make a payment), that obligation will be suspended for the duration of the Force Majeure Event.
14.2 A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under this agreement, must:
(a) promptly notify the other; and
(b) inform the other of the period for which it is estimated that such failure or delay will continue.
14.3 A party whose performance of its obligations under this agreement is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

15. SECURITY INCIDENT MANAGEMENT

15.1. Incident Response Program. Sestek maintain a written incident response program that addresses cybersecurity event preparation, detection, analysis, containment, eradication, and recovery. This program includes procedures that describe: (i) roles and responsibilities of the incident response team; (ii) communication requirements with internal and external partners; (iii) plans to detect, respond to, and contain common incident categories; (iv) methods to preserve evidence, maintain chain of custody, and perform forensic analysis; (v) coordination of recovery processes; (vi) follow-up processes; and (vii) reporting to ensure critical details of incidents are tracked and lessons learned are incorporated into ongoing response procedures, training, and testing. The incident response program includes coordinating incident handling activities involving supply chain events with other organizations involved in the supply chain. The incident response program is reviewed and updated at least annually.

15.2 Incident Handling. In the event that Sestek discovers or is notified of any security incident that impacts or may impact cloud systems, Sestek promptly: (i) investigate the Security Incident; (ii) remediate, mitigate, or remediate and mitigate, the risk to the Customer data or systems and other effects of the security incident; (iii) preserve all related records and other evidence; and (iv) implement a plan to prevent such a security incident from reoccurring.

15.3 Incident Notification. In the event that Sestek discovers or is notified of any security incident, Sestek immediately notify the Customer thereof in writing, but no later than seventy-two (72) hours from the time Customer becomes aware of a security incident, including disclosing: (i) the date, time, and cause of the incident if known; (ii) the Customer data and/or systems that were exposed or reasonably believed to have been exposed; and (iii) whether nonpublic personally identifiable information was accessed. In addition:
i. Sestek notify their primary point of contact at the Customer, as well as send an e-mail
ii. Sestek provide the Customer with a written report on the outcome of its investigation including any risk to the customer data and/or systems, the corrective action Sestek take, or has taken, to respond to the incident, and such other information as the Customer may reasonably request.

16. OpenAI-ChatGPT INTEGRATION AND SUPPORT

In Sestek products with OpenAI-ChatGPT integration, ChatGPT can be used if the Customer wishes. The Customer may request the use of the ChatGPT subscription purchased by the Customer or Sestek may purchase a ChatGPT subscription specific to the Customer's use upon request. The Customer may request different ChatGPT subscriptions for different Sestek products. ChatGPT subscriptions purchased for the Customer are only available for the Customer's use and Sestek is obliged to take the necessary security measures to ensure this. The subscription and any costs related to the subscription are invoiced to the Customer monthly. If the Customer requests, Sestek will provide a breakdown of usage details.

Sestek is responsible for ensuring the uninterrupted and efficient operation of the ChatGPT integration in its own product, but is not responsible for interruptions or slowdowns in OpenAI's ChatGPT service. These downtimes cannot be included in the SLA downtimes that Sestek has committed for its own product.