GENERAL TERMS AND CONDITIONS
As of 13-08-2018
LU-CIX ASBL a.s.b.l., established at 4, rue Graham Bell L-3235 Bettembourg under Luxembourg law and registered at the Luxembourg Trade Register under F9711, hereinafter “LU-CIX”
the beneficiary of services, being a member or a non-member, hereinafter the “BENEFICIARY”,
together the “PARTIES”
“CONTRACT”: any agreement formalised on paper or any other durable medium specifying the services ordered by the BENEFICIARY and accepted by both PARTIES. Such CONTRACT can include, but is not limited to: the LU-CIX Application Form, the LU-CIX Service Order Form for Public Peering, the Sponsorship Form signed with the BENEFICIARY.
“CONFIDENTIAL INFORMATION": any information disclosed, generated and/or rendered accessible by one of the PARTIES in connection with the CONTRACT, that is designated or marked as confidential, or which, given its nature or circumstances, ought reasonably to be considered confidential, including communications carried out via the infrastructure under a CONTRACT.
“MEMBERSHIP SERVICES”: any service supplied by LU-CIX to LU-CIX members only.
The PARTIES hereby convene:
Article 1: FIELD OF APPLICATION
1.1 The present terms and conditions relate to all services, herein “SERVICES”, as listed in the CONTRACT or any other document provided by LU-CIX to the BENEFICIARY and listing the SERVICES, requested by the BENEFICIARY and rendered by LU-CIX or its subcontractors.
1.2 The present terms and conditions are deemed accepted by the PARTIES prior to any service delivery, when signing the CONTRACT.
1.3 The present terms and conditions replace and annihilate any specific terms and conditions or Service Delivery Conditions of the BENEFICIARY.
1.4 The delivery of technical SERVICES is subject to technical prerequisites and constraints, which the BENEFICIARY has to acknowledge and fulfil. Such prerequisites and constraints are available at www.lu-cix.lu.
1.5 For some SERVICES particular conditions may apply. In case of conflict between the particular conditions and the present General Terms and Conditions, the particular conditions prevail.
Article 2: BENEFICIARY OBLIGATIONS
2.1 In order to benefit from the MEMBERSHIP SERVICES, including but not limited to the Internet exchanges SERVICES and as described in the CONTRACT, the BENEFICIARY needs to be a member of LU-CIX and the BENEFICIARY must have paid the related membership fees to LU-CIX.
2.2 The BENEFICIARY commits to follow the rules applicable to the provision of technical SERVICES, as referred to in Clause 1.4 above. In case the BENEFICIARY does not follow these rules, LU-CIX has the right to immediately suspend the technical SERVICES as set out under Clause 4.3 and following the conditions thereof.
Article 3: INVOICING AND PAYMENT
3.1 The BENEFICIARY has to pay the agreed fees for the SERVICES as detailed in the CONTRACT, on the LU-CIX website or in any other form or document provided to the Beneficiary.
3.2 Installation, one-time fees and recurring charges will be invoiced as soon as the installation is achieved. Invoicing will be done in euros (EUR) unless otherwise agreed.
3.3 Invoices are fully due and have to be paid according to the payment schedule mentioned on the invoice or the CONTRACT, but no later than 30 (thirty) days after the invoice date.
3.4 Invoices may be sent electronically.
3.5 Any objection to an invoice has to be notified by written no later than 15 (fifteen) days after the invoice date. In case no objection is received according to the above, the BENEFICIARY is deemed to have accepted the invoice in its entirety. In case of late objection, the amount of the invoice remains fully due.
3.6 In case an amount remains due after the due date, the amount will be incremented by an interest rate for late payment of 8%.
Further LU-CIX reserves its right to invoice an administrative fee of 75,00€ per unpaid invoice in order to cover the additional costs for debt recovery.
Article 4: TERM AND TERMINATION
4.1 Except otherwise agreed in the CONTRACT, the initial term of the SERVICES is 12 (twelve) months. Except otherwise agreed in the CONTRACT, the term starts at the first activation of the SERVICES.
4.2 Except otherwise agreed in the CONTRACT, upon the expiration of the initial term the SERVICES will automatically renew for subsequent one year periods unless the BENEFICIARY provides written notice to LU-CIX at least thirty (30) days prior to the expiration of the initial period or the then-current renewal period.
LU-CIX reserves its right to cease the SERVICES after the initial term, subject to a four (4) months’ notice. LU-CIX will endeavour to offer a suitable substitute solution, which the PARTIES will negotiate in good faith.
4.3 Except otherwise agreed in the CONTRACT, LU-CIX may terminate the CONTRACT, effective immediately, without recourse to the courts (de plein droit) without further notice after the cure period, in the event that the BENEFICIARY materially breaches the CONTRACT or those terms and conditions and does not remedy such breach within fifteen (15) calendar days of the date on which the BENEFICIARY received written notice of such breach sent by LU-CIX.
To be considered as material breach is among others one of the following: non-payment of the invoices due, any illicit or illegal use of the INTERNET or the LU-CIX Internet exchange infrastructure, non-respect of the LU-CIX technical constraints or obligations or rules published on www.lu-cix.lu, violation of common INTERNET practices, etc.
In such case, any fee already paid by the BENEFICIARY will not be reimbursed to the BENEFICIARY and/or any outstanding amount due by the BENFICIARY will remain due.
If the BENEFICIARY terminates a fixed-period CONTRACT before the end of its initial term, the BENEFICIARY undertakes to pay LU-CIX all the installation costs related to the concerned CONTRACT as well as all monthly fees falling due up to the expiry date of the end of the initial term of the CONTRACT.
4.4 Either PARTY may, but is under no obligation to, terminate the CONTRACT immediately and without recourse to the courts (de plein droit) by giving written notice to the other PARTY in the event that the other PARTY files a petition in bankruptcy (faillite) or is adjudicated bankrupt or insolvent, or makes an assignment for the benefit of creditors or an arrangement pursuant to any bankruptcy law, or if the other PARTY discontinues or dissolves its business or if a receiver is appointed for the other PARTY or for such PARTY’s business and such receiver is not discharged within sixty (60 days).
4.5 Except otherwise agreed, if a LU-CIX member cancel its membership (in accordance with the LU-CIX by-laws) the MEMBERSIP SERVICES are automatically cancelled at the membership termination date.
Article 5: SERVICE INTERRUPTION
5.1 In case of non-payment of the amounts due and written notification by LU-CIX, LU-CIX may suspend the SERVICES till payment of all amounts including interests is received in full.
LU-CIX will invoice the costs for re-establishing the SERVICES to the BENEFICIARY.
5.2 In case of non-payment LU-CIX has the right to request a bank guarantee before re-establishing the SERVICES.
Article 6: LIABILITY
6.1 LU-CIX will in any case, except in case of gross negligence or wilful misconduct, not be liable for any loss of use, profit or interruption of business, or any indirect, special, incidental, or consequential damages of any kind regardless of the form of action whether in contract, tort (including negligence), or otherwise, to the BENEFICIARY or any other party, even if LU-CIX has been advised of the possibility of such damages.
6.2 LU-CIX is especially not liable for any content or data which might pass or be cached within its technical platforms. Any dispute arising on illicit or illegal content, copyright infringement or any other issue related to content or data has to be dealt by the BENEFICIARY and the BENEFICIARY will, at its expense, defend LU-CIX and its officers, directors, employees, representatives, and agents (collectively, “LU-CIX Indemnitees”) from third party claims, and will pay or reimburse LU-CIX for all damages, costs and expenses payable by LU-CIX to such third party to the extent they are awarded in a final judgment or agreed to in a settlement, as a result of any third party claims against LU-CIX (i) resulting from the BENEFICIARY’s gross negligence, willful misconduct or fraud, or (ii) arising from any breach of applicable law, of the CONTRACT or the present terms and conditions, by the BENEFICIARY related to its use of the SERVICE.
Article 7: DATA PROTECTION
7.1 The BENEFICIARY herewith is informed that personal data of the BENEFICIARY itself or individuals related to it, such as its representatives, employees, contact persons, board members, signatories, shareholders, investors as well as directors of investors being entities, beneficial owners and any other related individuals (the “Data Subjects”), will be collected, stored and more generally processed by LU-CIX in order to render the LU-CIX SERVICES, as described below and in compliance with the applicable data protection laws (in particular, the European General Data Protection Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data the “GDPR”).
7.2 LU-CIX ASBL a.s.b.l. may either be considered as data controller or as data processor, within the meaning of the GDPR, depending on the SERVICE provided and the type of personal data processed.
7.3 LU-CIX as data controller: LU-CIX will process the Data Subjects’ personal data, which refers to any information allowing the direct or the indirect identification of an individual natural person (the “Personal Data”), as well as Personal Data in relation to other individuals where their Personal Data is obtained from the Data Subjects, including for example the following types of Personal Data: identification data (e.g. name, family name, date of birth, gender), contact data (e.g. professional postal address, professional e-mail address, phone number, country of residence, nationality, company and role within the company), government identification numbers (e.g. VAT number), types of services received or provided, financial and banking data (e.g. notably linked to bank account number) and other relevant Personal Data reasonably
related to the conduct of the Data Controller’s business. The Data Subjects are aware that not providing the Data Controller with some of the above Personal Data could prevent the Data Controller from providing the Data Subjects with its SERVICES or from interacting with them.
The BENEFICIARY warrants that any Personal Data provided by the BENEFICIARY to LU-CIX on a specific individual is done in accordance with the GDPR.
7.3.1 The Data Controller will process Personal Data for at least one of the following legal basis and purposes and not limited to, where it is necessary: for the performance of any contractual obligations towards the Data Subjects or for entering into the CONTRACT, for complying with the Data Controller’s legal and regulatory obligations (e.g. commercial or tax laws, regulatory obligations, requests and requirements from public authorities), for the purposes of the business legitimate interests pursued by the Data Controller or by a third party (e.g. providing the SERVICE, managing commercial relationship, preventing fraud, managing litigation and protecting the rights, property or safety of the Data Controller and its affiliates, as well as sending commercial communications unless otherwise required by applicable laws), and if the Data Subjects have given their prior consent to the processing and their consent has been obtained pursuant to applicable data protection laws.
7.3.2 To achieve the purposes described above, the Data Controller may disclose Data Subjects’ Personal Data to recipients such as the LU-CIX Management G.I.E., other entities affiliated to the Data Controller if any, contractors, subcontractors, external services providers, professional advisors, commercial partners and clients, purchasers or sellers of the employer’s assets (if any), and to public authorities and related bodies, to the extent required under applicable laws.
7.3.3 The Data Subjects are informed that certain recipients mentioned above may be located outside the territory of the European Union in countries that do not offer a level of protection equivalent to the one granted in the European Union. Any Personal Data transfer to such recipients will, depending on the nature of the transfer:
- be covered by appropriate safeguards such as standard contractual clauses approved by the European Commission, in which case the Data Subjects may obtain a copy of such safeguards by contacting the Data Controller; or
- be otherwise authorized under applicable data protection laws, as the case may be, as such transfer is necessary for the performance or execution of a contract concluded in the Data Subjects’ interest or for the establishment, exercise or defense of legal claims or for the performance of a contract between the Data Subjects and the Data Controller.
7.3.5 The Data Controller will store Personal Data only for as long as necessary for the relevant processing activity to be completed and/or for the retention period permitted under applicable laws.
7.3.6 The Data Controller has implemented administrative, technical and physical safeguards to protect Personal Data from loss, misuse, unauthorized access, disclosure, unauthorized alteration or unlawful destruction. Access to Personal Data is permitted to employees for the sole purpose of performing their professional duties, such employees being subject to trainings as well as to a confidential obligation.
7.3.7 The Data Subjects, including the BENEFICIARY as the case may be, have the following rights regarding the processing of their Personal Data by the Data Controller, subject to applicable exemptions:
- right to access their Personal Data held by the Data Controller and receive additional information about how it is processed;
- right to correct or complete any inaccurate or incomplete Personal Data;
- right to request erasure of their Personal Data from the Data Controller’s systems (e.g. where the Personal Data is no longer necessary in relation to the specified purposes);
- right to restrict the processing of their Personal Data in certain circumstances (e.g. where contesting its accuracy or object to its processing);
- right to receive their Personal Data in an interoperable format, or have it directly transmitted to another organization;
- right to withdraw their consent at any time in the context of the present terms and conditions (to the extent that the Data Subjects are not in an employment relationship with the Data Controller and that their consent justified the processing);
- right to object the processing of their Personal Data (in particular where the Data Controller rely on legitimate interests); and
- right to lodge a complaint with the competent European Union Data Protection Authority (which generally is located in your country of residence), and for Luxembourg, with the Commission Nationale de la Protection des Données (contact details and complaint form available via the following website: www.cnpd.lu).
No automated decisions will be made in relation to the Personal Data processed.
7.4 LU-CIX acting as data processor:
7.4.1 In relation to the Personal Data which LU-CIX processes on behalf of the BENEFICIARY, such as when LU-CIX provides Internet exchanges services or when Personal Data is processed through the technical platform provided by LU-CIX, LU-CIX will:
(i) follow the BENEFICIARY’s documented instructions in respect of these Personal Data unless these instructions are legally prohibited or require material changes to the services provided under the CONTRACT (in this last case, the Parties agree to renegotiate the terms of the CONTRACT in good faith);
(ii) ensure that the personnel authorized to process the Personal Data is under a duty of confidentiality;
(iii) be able to transfer Personal Data to all data recipients to which LU-CIX must transfer Personal Data to provide the services under the CONTRACT, including data recipients which are located outside of the European Economic Area in accordance with the GDPR and any other applicable laws.
(iv) implement appropriate technical and organizational measures to ensure a level of personal data security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of the Data Subjects;
(v) reasonably assist the BENEFICIARY for the fulfilment of the BENEFICIARY’s obligation to respond to requests for exercising the Data Subject’s rights;
(vi) reasonably assist the BENEFICIARY in ensuring compliance with its obligations under articles 32 to 36 of the GDPR, namely those in relation to the security of processing, notification of Personal Data breaches to the supervisory authority and/or the Data Subjects as well as data protection impact assessments and prior consultation of the supervisory authority;
(vii) without undue delay and no later than seventy-two (72) hours after becoming aware of the Personal Data breach, inform the BENEFICIARY as to such Personal Data Breach;
(viii) at the choice of the BENEFICIARY, delete or return all Personal Data to the BENEFICIARY after the end of the CONTRACT and delete existing copies thereof unless LU-CIX is required by Applicable Laws not to do so; and
(ix) make available to the BENEFICIARY all information necessary to demonstrate compliance with the obligations laid down in this Clause 7.4 and allow for and use all reasonable efforts to contribute to audits including inspections conducted by the BENEFICIARY or another auditor mandated by the BENEFICIARY, not more than once a year. Should the audit process requested by the BNEFICIARY require LU-CIX to provide resources and engage costs beyond what could be reasonably expected from LU-CIX, LU-CIX will be entitled to send an invoice to the BENEFICIARY for such costs, subject to prior notification from LU-CIX to the BENEFICIARY.
The BENEFICIARY agrees to provide reasonable assistance to LU-CIX as may be requested by the latter to comply with the data protection obligations described above. This includes answering to data protection queries without undue delay and collaborating in good faith with LU-CIX.
7.4.2 Subject to any other provision on delegation in the CONTRACT:
(i) the BENEFICIARY authorizes LU-CIX to subcontract the performance of Personal Data Processing in relation to which LU-CIX acts as data processor to subcontractors subject to first notifying the BENEFICIARY. These subcontractors will be selected by LU-CIX notably on the basis of their security, privacy and confidentiality practices.
(ii) All subcontractors performing Personal Data processing will have the same obligations as LU-CIX as data processor under the CONTRACT as detailed above. LU-CIX will remain responsible for the performance of its data processing obligations as data processor under the CONTRACT where such obligations are subcontracted.
Article 8: CONFIDENTIALITY
8.1 Without prejudice to Clause 7 above, CONFIDENTIAL INFORMATION may not be disclosed to sub-contractors and/or subsidiaries of the receiving PARTY unless they require such access for performance of the CONTRACT. In all other cases the prior written consent of the PARTY disclosing the CONFIDENTIAL INFORMATION is required, unless otherwise permitted under applicable laws.
8.2 The disclosure of CONFIDENTIAL INFORMATION to the receiving PARTY does not grant the latter any rights of any kind to such CONFIDENTIAL INFORMATION.
8.3. The receiving PARTY may be required to provide and/or grant access to the CONFIDENTIAL INFORMATION in order to comply with statutory provisions, court orders or the orders of a competent authority. In such cases it must immediately inform the other PARTY in writing within the limits provided for or authorized by law, and must limit such disclosure to only include the CONFIDENTIAL INFORMATION that it is strictly required to be disclosed by virtue of such title and must thereby indicate that such information is confidential.
Article 9: MISCELLANEOUS
9.1 Every modification of or deviation to the terms of the CONTRACT would need to be agreed to by both PARTIES in writing.
9.2 LU-CIX may amend the present terms and conditions at any time, notably in case it is required by a change in the legal or regulatory field or if LU-CIX is requested to by any authority.
In this case LU-CIX will notify the BENEFICIARY by direct notification, notably when such changes constitute significant changes to the SERVICES or to the present terms and conditions or by publishing on its website or any other means of publishing, at LU-CIX’s sole convenience. By continuing to use the SERVICE, the BENEFICIARY will be deemed to have accepted such changes.
9.3 If one or more contractual clauses of the present terms and conditions are declared invalid, this does not exempt the BENEFICIARY from its obligation to comply with all other clauses of the terms.
Article 10: APPLICABLE LAW AND JURISDICTION
10.1 The present terms and conditions and the relation between the BENEFICIARY and LU-CIX are exclusively governed by Luxembourg law. Except in the case of an express statement to the contrary issued by LU-CIX, the courts of the Grand Duchy of Luxembourg have sole jurisdiction to settle any dispute between the BENEFICIARY and LU-CIX.
10.2 Where difficulties arise regarding the interpretation or performance of the CONTRACT and subject to article 3.5 above, the BENEFICIARY can contact LU-CIX by registered mail at its registered address specified here above. The parties will then try to reach an amicable solution within a reasonable time period of 3 months. If the BENEFICIARY does not agree with the suggested solution he may call upon the “Institut Luxembourgeois de Régulation” (ILR) for mediation according to the mediation procedure rules applicable in matters of electronic communications services as
defined on https://web.ilr.lu