CEFTA

TRACES · MEDICAL · INTERCEPTIONS · PHYTO REQUIREMENTS

Terms and Conditions of Use

CEFTA TRACES NT

 

TRAde Control and Expert System New Technology

 

Terms and Conditions of Use

 

 

CEFTA provides a web-based application and services for the sanitary and phytosanitary certification and the related border clearance process supporting the trade between CEFTA Parties of animals and products, food and feed of non-animal origin, and plants, plant products and other objects, as well as the sanitary certification of movements between CEFTA Parties of animals and certain products, and the sanitary and phytosanitary certification of exports from the CEFTA Parties of animals and certain products, and plants, plant products and other objects (hereinafter referred to as “CEFTA TRACES NT”), at the disposal of third parties, (hereinafter referred to as “Users”), whether public or private, as appropriate, without payment, subject to the terms and conditions of use and operating instructions, (hereinafter referred to as “Terms”).

 

CEFTA TRACES NT is managed by the CEFTA Secretariat and administered by the SEED+ team.

 

Table of Contents

 

Part 1: General Terms and Conditions of Use

1. Scope

2. Amendments

3. Use

4. Access Management

5. Password Policy

6. Ownership and Liability

7. Provision and use of data

8. Data processing, data storage, and data retention

9. Default Segregation of Duties Policy

10. Default Authorisation Policy

11. Session Policy

12. Personal Data

13. Liability for Content and Limitations

Part 2: Terms and Conditions of Services

14. Services

15. Service Usage Terms

16. Incidents Affecting Services

17. Service Lifecycle

Part 3: Non-disclosure

18. Confidential Information

19. Non-disclosure and Non-use of Confidential Information

20. No Warranty

21. Return of Confidential Information

22. Publicity

23. Equitable Relief

24. Duration

 


Part 1: General Terms and Conditions of Use

 

1.       Scope

 

  1.     These Terms and conditions of use are applied to the use of SEED+ / CEFTA TRACES NT and all services on it, unless otherwise provided.
  2.     These Terms are without prejudice to laws and regulations binding on the CEFTA Secretariat and the CEFTA Parties.
  3.     By accepting these Terms or by using CEFTA TRACES NT, Users agree to all of these Terms and consent to the processing, including transmission and transfer, of certain personal data, and undertake to comply with them. If you do not accept and comply with these Terms and the record of processing activities, you may not use CEFTA TRACES NT.

 

2.       Amendments

 

The CEFTA Secretariat reserves the right to amend these Terms at any time. Amendments to the Terms are published and the Terms enter into force immediately after publication. By continuing the use of CEFTA TRACES NT, you accept the amendments to the Terms.

 

3.       Use

 

  1.     The availability of services on CEFTA TRACES NT requires registration as a User and authorisation by a User with administrative rights.
  2.     All use is free-of-charge.
  3.     If false information is declared, the CEFTA Secretariat may block the User.
  4.     All Users of TRACES NT use services in their capacity as employees of an organisation and not in a personal capacity.
  5.     Upon registration as a User, a personal account is created for the User and a password is needed to login to the account. User credentials shall not be disclosed to third parties.
  6.     The CEFTA TRACES NT account is personal, and the associated right of use may not be sold, leased, or otherwise transferred to a third party under any circumstances. If the User account is transferred to a third party, the CEFTA Secretariat may block the account and initiate legal proceedings.
  7.     Users and his or her employing entity shall be liable for losses incurred by the CEFTA Secretariat or any other User due to misuse of CEFTA TRACES NT and for any breach of these Terms.
  8.     Any unauthorised use or breach of security must be notified without undue delay to TRACES.support@cefta.int as soon as a User becomes aware of the unauthorised use or breach of security. Users are responsible for maintaining the security of their personal User account credentials and for any logins carried out with their account.

 

4.       Access Management

 

  1.     Users with administrative rights must manage the access rights of Users of entities (authorities, operators, control bodies, etc.) under their responsibility: to keep the accounts and roles up-to-date; and, to remove roles from any Users who have not logged in for longer than one-hundred days.
  2.     In order to assure that only authorized Users have access to CEFTA TRACES NT data, the Users with administrative rights must review the list of Users linked to entities under their responsibility (authorities, operators, control bodies, etc.) at least twice per year.
  3.     Users with administrative rights must send their feedback to TRACES.support@cefta.int after the review only in case they discover an irregular access that may have been used, for example, for fraud.
  4.     All Users must respect basic rules of conduct by using CEFTA TRACES NT for the sole purpose of fulfilling their obligations under the relevant regulations, and are responsible for the information provided in CEFTA TRACES NT.
  5.     In no event, will the CEFTA Secretariat be liable for any incidental, consequential, direct or indirect damages, including, but not limited to, the loss of data, breach of security or other damage arising from the unauthorised use of User accounts.
  6.     CEFTA TRACES NT supports a timing constraint in which the User access of the specific owner of the account is either allowed or forbidden. This is unrelated to password expiration or state.
  7.     Annex 1 defines the default rules controlling the access to CEFTA TRACES NT.

 

5.       Password Policy

 

  1.     A password policy shall be applicable for each CEFTA TRACES NT identity
  2.     A specific policy can be defined per user type (e.g., administrator, normal user, and technical system account).
  3.     The Password Policy is provided in Annex 2 to these Terms.

 

6.       Ownership and Liability

 

  1.     The ownership of each data entry, file or any other document uploaded to CEFTA TRACES NT by Users shall continue to vest with the original owner.
  2.     Users have the right to use, for the purpose of performing official controls and other official activities, the information to which they have access in CEFTA TRACES NT and services.

 

7.       Provision and use of data

 

Data shall be provided to the CEFTA Secretariat and used by the CEFTA Secretariat in accordance with the Decision of the Joint Committee of the Central European Free Trade Agreement No. 2/2021 on the provision of data by the CEFTA Parties to the CEFTA Secretariat.

 

8.       Data processing, data storage, and data retention

 

  1.     Depending on the specific use, data may either only be exchanged through CEFTA TRACES NT or be stored on CEFTA TRACES NT.
  2.     Data storage shall follow the rules set out in Annex 3 to these Terms.
  3.     Data retention, namely the backup, archiving, purging, and retention policies, shall follow the rules set out in Annex 4 to these Terms.
  4.     Once the retention time period for a particular data set expires, it shall be moved as historical data to secondary or tertiary storage, partially deleted or completely deleted, depending on the requirements of the Users.

 

 

 

 

9.       Default Segregation of Duties Policy

 

The CEFTA Secretariat shall implement segregation of duty (SoD) policies to identify and resolve potential risks associated with access right conflicts. These policies shall take into account the Roles and Permissions when they are being assigned to a User.

 

10.   Default Authorisation Policy

 

  1.     The default authorization policy for any type of content is to block access unless specified otherwise by creating and applying a technically automated policy.
  2.     This implies that any access to any hosted or exposed resource is always forbidden (i.e., unauthorized) until otherwise overruled by a configured authorization policy, based on roles and permissions defined by the service provider.
  3.     The CEFTA Secretariat implements two specific rules to indicate that a user account of type U2S (User-to-Service) cannot be used for S2S (Service-to-Service) communication and vice-versa. This means that a user account of type S2S should not receive roles related to U2S activity and vice-versa.

 

11.   Session Policy

 

The Session Policy defines the rules controlling the requirements for a session and are provided in Annex 5.

 

12.   Personal Data

 

  1.     Personal data is treated pursuant to Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

 

13.   Liability for Content and Limitations

 

  1.     The CEFTA Secretariat may update CEFTA TRACES NT and services and create or remove functionalities at its discretion, while ensuring that the relevant regulations are respected.
  2.     The CEFTA Secretariat does not guarantee that information entered or uploaded is correct.
  3.     The CEFTA Secretariat is not liable for direct or indirect losses incurred by any Users of TRACES NT and services due to the use and application of its content.
  4.     The CEFTA Secretariat is not liable for the functioning of links in CEFTA TRACES NT to external sites, or the content of such sites and it exercises no control over the posting of such links.
  5.     The CEFTA Secretariat may use third parties for technical development of CEFTA TRACES NT.

 

 

Part 2: Terms and Conditions of Services

 

14.   Services

 

  1.     The CEFTA Secretariat provides CEFTA TRACES NT as a service for the CEFTA Parties.
  2.     The CEFTA Secretariat will provide support for Users of CEFTA TRACES NT via tickets raised with SEED+ Help Desk.
  3.     The CEFTA Secretariat is accountable for the delivery of CEFTA TRACES NT, including its design and implementation in the form of specifications, software, and services.
  4.     The CEFTA Secretariat must ensure that it respects these Terms.
  5.     The CEFTA Secretariat shall ensure that any data stored on the system is securely stored and backed up.
  6.     The CEFTA Secretariat shall prepare a Disaster Recovery Plan. A disaster refers to a serious disruption of the functioning of the service involving widespread material and/or data losses and impacts, which exceeds the ability of the Solution provider to cope using the usual resources.

 

15.   Service Usage Terms

 

  1.     The CEFTA TRACES NT system shall be available to the Users at any time.
  2.     The CEFTA Secretariat shall ensure that support is available during working hours.
  3.     The CEFTA Secretariat shall inform the Users of any scheduled maintenance. All maintenance activities shall be planned and announced well in advance and at least 15 working days prior to the maintenance.

 

16.   Incidents Affecting Services

 

The CEFTA Secretariat shall ensure that incidents affecting the services are addressed without undue delay, including during non-working hours. A post-incident report shall be filed.

 

17.   Service Lifecycle

 

  1.     All technologies underpinning the delivery of CEFTA TRACES NT are subject to lifecycle management, both from the technology provider or maintainer (in case of open-source products) and from the Service Provider.
  2.     In the context of established Information Systems and Services, an important step in Product Lifecycle is the planned End of Life (EOL) or End Of Support date, which is the date when support for the product or service will be officially discontinued.
  3.     Under specific conditions, technology providers may offer Extended Support packages, to provide an additional and temporary support for products after EOL. Extended Support may be implemented via specific licensing conditions, may entail a reduced support level (compared to an officially supported product/service), and is very likely to have a financial impact on the User.

 

 

Part 3: Non-disclosure

 

18.   Confidential Information

 

  1.     The term “Confidential Information” shall refer to economic operators involved (consignor, consignee), approved establishments, places of loading, destination, etc. Also, personal data (e.g. inspectors involved) are considered as Confidential.
  2.     “Confidential Information” shall not include any information or matter that a User can document that:

 

  1.        was already known to the User prior to disclosure and such prior knowledge can be demonstrated by the User by dated, written records;
  2.       is independently developed by or for the User without reference to or use of Confidential Information which can be demonstrated by the User by dated written records;
  3.        which at the time of disclosure by the Disclosing Party is generally available to the public or thereafter becomes generally available to the public other than through a breach of any obligation under this Agreement caused by an act or omission on the part of User;
  4.       was lawfully received from a third party having no obligation of confidence to the Disclosing Party;
  5.        is approved in writing by the Disclosing Party for release by the User; or
  6.         is required or compelled by law to be disclosed, provided that the Recipient gives all reasonable prior notice to the Disclosing Party to allow it to seek protective or other court orders, and that the User only discloses the exact Confidential Information or portion thereof specifically requested by such law requirement.

 

19.   Non-disclosure and Non-use of Confidential Information

 

At any time after the date of each disclosure of Confidential Information, the User agrees that the User and its Representatives:

  1. shall treat all the Confidential Information disclosed to it as strictly confidential and shall not exploit or make use, directly or indirectly, other than for the Purpose, without the express written consent of the Disclosing Party, except to its Representatives who clearly must have access to such Confidential Information in furtherance of the Purpose, and provided that, prior to disclosing any Confidential Information to such Representatives, the Users have ensured that they are aware of and agree to the provisions of these Terms; and
  2. shall notify the Disclosing Party upon discovery of any unauthorized use or disclosure of the Confidential Information. The User shall assume full responsibility for enforcing these commitments with its Representatives and other persons acting on its behalf, and shall be liable for any breach by its Representatives.

The User shall protect Confidential Information of the Disclosing Party with at least the same degree of care as it normally exercises to protect its own confidential information of a similar nature, but no less than a reasonable degree of care.

 

20.   No Warranty

 

All confidential information is provided ‘as is’, without any warranty, whether express or implied, as to its accuracy, completeness, operability, use or fitness for a particular purpose, merchantability or against infringement.

 

21.   Return of Confidential Information

 

Upon request of the Disclosing Party, the User shall:

  1. return to the Disclosing Party any Confidential Information disclosed in any tangible form, and all copies thereof, unless such Confidential Information is stored in electronic form, in such an event it is to be immediately deleted; and
  2. provide a certification, in writing, executed by an officer of the User, that it has retained no copies, no media, and no notes or embodiments of the Confidential Information.

 

22.   Publicity

 

The User agrees that, without the prior written consent of the Disclosing Party, the User will not disclose to any other person that Confidential Information has been disclosed to the User.

 

23.   Equitable Relief

 

The User agrees that money damages will not be a sufficient remedy for any breach of this Agreement by the User or its Representatives, and the Disclosing Party shall be entitled, in addition to money damages, to specific performance and injunctive relief and any other appropriate equitable remedies for any such breach. Such remedies shall be in addition to all other remedies available under the relevant regulations or in equity.

 

24.   Duration

 

The obligations of confidentiality and non-disclosure with respect to all Confidential Information shall survive in perpetuity.

 

1