Contractual documents#

The organization is the legal entity entering into a contractual relationship with Skalio. This relationship is defined by several legal documents. Some of these documents can be fetched by the customer.

An organization is legally responsible for the actions of its members.

The acceptance of legal documents such as terms and conditions or a data processing contract by individual persons is not tracked. The functionality of Skalio services is not reduced in relation to acceptance of legal documents. Instead, from the point of view of the backend, signing up to the service implies that the terms and conditions are accepted. The data processing contract may be created and downloaded by an organizations administrator at a later stage.

A frontend should make the content of the terms and conditions visible to the user (relevant API endpoint) and should state that acceptance is a precondition of using the service. However, this is not backed by an API endpoint.

The backend tracks the timestamp of a person signing in. This can be used to later determine which version of legal documents were accepted at that time.

Organization profile#

Some contractual documents, depending on their type, are personalized to the details of the organization. This requires that an organization profile has been created. If none exist, the contractual document generation may fail, with an explicit exception explaining that fact.

If the organization has an active subscription, changes to the Stripe Customer entity may get imported into the profile of the organization. This occurs only once though, and only if no profile has been created for the organization first. Changes to the organization profile will not get distributed to Stripe, and subsequent changes to the Stripe Customer will not get synced to the profile.

A person with admin privileges on the organization can always update the organization profile via API.

Data processing agreement#

Skalio offers data processing agreements in accordance with article 28 GDPR to paying subscribers. The contract can be fetched via API by anyone with admin privileges on the organization.

Subscription only

The data processing agreement is not available to organizations without subscriptions. It is not allowed to use Skalio service to process sensitive or personal data without a data processing agreement.

Example:

Image

Constraints:

  • The contract is limited to a single Skalio product or service. The organization must have an active subscription for the product in order to be able to generate the contract.
  • The contract is available only in German locale. Timestamps are rendered in timezone Europe/Berlin.
  • The organization must have defined its profile. The organization name and address are inserted into the contract document.
  • The contract is rendered newly with each request. The timestamp of generation is inserted into the contract document. The rendered output is streamed to the client and not persisted on the backend.

The source of the rendered contract is an HTML document, containing a stylesheet for print media queries. The document uses Handlebars logic, variables and helpers to insert and present values. For each Skalio product or service, a separate document exists. It is stored as part of the source repository, example in src/main/resources/templates/spaces.