Last update: 2025-07-18
Version 1.0
Effective Date: 2025-07-18
These RoI Special Terms apply to the use of the DORA RoI Product (as defined below) and form a legally binding agreement between the Customer and CyberUpgrade (the “Provider”), in addition to the Provider’s General Terms and Conditions of Service (“General Terms”), which are accessible at https://cyberupgrade.net/special-terms-and-conditions/.
In the event of any conflict or inconsistency between these RoI Special Terms and the General Terms, these RoI Special Terms shall prevail in respect of the Product described herein.
1. Definitions
Unless otherwise defined herein, capitalised terms shall have the meaning ascribed to them in the General Terms.
2. Scope of Product
2.1 The Product is intended exclusively for professional use by Customers regulated under DORA for the purpose of compiling and maintaining ICT third-party risk information, including but not limited to:
2.2 The Product generates a structured export of 16 CSV-formatted tables intended for import into national competent authority (NCA) systems. The Customer is solely responsible for validating, submitting, and maintaining such exports in accordance with applicable regulatory requirements.
3. Regulatory Use Limitation
3.1 The Product is made available solely for lawful use in compliance with DORA and related ICT risk management obligations. The Customer shall not use the Product for general-purpose data storage, unrelated internal processes, or consumer-facing applications.
3.2 The Provider does not guarantee regulatory compliance or legal sufficiency of the information submitted via the Product and does not provide legal or supervisory advice in connection with RoI content or DORA obligations.
4. Data Input and Responsibility
4.1 The Customer remains fully responsible for the accuracy, completeness, and timeliness of all data entered into the Product.
4.2 The Provider will not be liable for any failure by the Customer to comply with RoI reporting deadlines or requirements, nor for any regulatory action taken against the Customer as a result of incorrect or incomplete data entry.
5. Data Access and Confidentiality
5.1 Subject to applicable law, all data submitted to the Product and all output files remain the sole property of the Customer.
5.2 The Provider shall process such data strictly in accordance with its role as service provider and in line with applicable data protection and confidentiality obligations.
5.3 The Provider shall not access, transmit, or disclose such data to third parties, unless authorised by the Customer or required by applicable law or supervisory authority.
6. Security and Availability
6.1 The Provider shall implement reasonable and proportionate technical and organisational measures to ensure availability, integrity, and resilience of the Product, consistent with its obligations under DORA and applicable security standards.
7. Termination and Data Retention
7.1 Upon termination of the Customer’s Subscription Plan or access to the Product, the Customer shall be provided with a thirty (30) day grace period to export all data and output files.
7.2 After expiry of the grace period, the Provider shall delete or anonymise all Customer Data associated with the Product, unless retention is required by law or the General Terms.
8. Jurisdiction and Applicability
8.1 These RoI Special Terms apply only to Customers who are obligated to maintain a Registry of Information under DORA and who subscribe to the DORA RoI Product.
8.2 These terms do not apply to the use of any other CyberUpgrade products or services.
9. General
9.1 All matters not expressly governed by these RoI Special Terms shall be subject to the General Terms.
9.2 The RoI Special Terms may be updated from time to time in accordance with the change procedure defined in the General Terms. Continued use of the Product constitutes acceptance of the revised terms.
