This statement is applicable to all products provided by a company in the Alludo group of companies (hereinafter, “Alludo”, “We”, “Us”). In this Statement, any reference to “You” or “Your” means the customer utilizing the products or services provided by Alludo.
We are currently receiving many inquiries from customers who, as regulated financial entities active in the EU, must demonstrate compliance with the requirements of Regulation (EU) 2022/2554 on digital and operational resilience for the financial sector and amending regulations (EC) No 1060/2009, (EU) No 846/2012, (EU) No 600/214, (EU) No 909/2014 and (EU) 2016/1011 (“EU-Digital Operational Resilience Act”).
The EU-Digital Operational Resilience Act (“DORA”) seeks to enable a strong and effective information and communication technology (“ICT”) risk management framework by financial entities, including requirements for a thorough pre-contracting analysis of vendor ICT, the renegotiation of contractual agreements, and the application of due diligence by financial entities during selection and assessment of vendors.
In the following, We explain when and to what extent DORA applies to Our products and services, and how We support You in Your compliance efforts to meet Your legal obligations.
Notwithstanding Your assessment, it is Our understanding that DORA may or may not apply depending on the products, license models and services You use as a regulated financial services entity.
Offline versions and perpetual licenses without additional maintenance and support services: If You have a perpetual license or are using an offline version of Our software products, DORA does not apply to Our contractual agreements, since the use of Our products depends exclusively upon Your internal IT systems and/or external telecommunications and internet services. You are solely responsible for acquiring and maintaining the hardware and software required to access and use Our software products, including, without limitation, ensuring the digital and operational resilience of these third-party services as required under DORA. Alludo is not responsible for any loss or corruption of data, lost communications, or other loss or damage of any kind arising from Your internal IT systems, telecommunications, or internet services.
Subscription services and additional maintenance and support services to perpetual licenses as well as cloud services: If You use Our subscription services, cloud services, or have entered into supplemental agreements for software maintenance and support services with Us, then DORA applies to You only if and to the extent that You, as a financial entity within the meaning of DORA, use Our services in connection with the provision of financial services for internal or external purposes; provided that such use is not on an occasional basis and not for other purposes beyond Your activities as a financial entity.
In most cases, the services We offer are not essential to the activities of financial entities within the meaning of DORA. However, should You deem Our services to be essential to Your business as a financial services entity, We encourage You to contact Us.
In Our capacity as a provider of generic ICT services, We assist You in complying with contractual agreements with ICT service providers by providing You with an overview of DORA-relevant provisions.
If You, as a DORA addressee, deem it necessary on the basis of Your legal assessment, You also have the option of concluding a DORA addendum with Us. Our DORA Addendum is available here and is incorporated by reference into Our applicable licensing or service terms and conditions and does not require execution. If you would like to receive an executed version, please contact us at legal@alludo.com providing your full entity name and the name of the relevant product.
DORA requires financial entities to ensure that certain contractual terms are embedded in the relevant contractual agreements between the parties, including
5.1. SERVICE DESCRIPTION: Our software products, technical requirements, and the applicable provisions on updates and support services can be found in the Business User License Agreement or any other licensing or services agreement referred to in the order form or license certificate or other applicable software documentation and, where applicable, the MSA Services Terms and Conditions or the CorelSure Maintenance Program.
5.2. SECURITY AND INCIDENT MANAGEMENT: Our practices and obligations regarding personal data handling (hereunder subprocessor management), data incident management and response, deletion and retention of data, data transfers, audit rights, security measures, and other obligations are described in Our online DPA, available here: Data Protection Addendum | Alludo which forms part of Our licensing terms. You can use the Trust Center at any time to verify compliance with the contractual technical and organizational measures, and in particular to request documentation relating to certifications, as well as details regarding our privacy, governance, risk and compliance standards, third party and asset management, corporate, infrastructure and network security, data and application security, security monitoring, and security incident response and recovery.
5.3. LOCATION: The performance of the services and the processing of the data, including storage, is carried out by the provider and, if necessary, its subcontractors exclusively at the locations listed here: Sub-Processors | Alludo.
5.4. ACCESS TO YOUR DATA: Generally, we do not offer any data processing services and only store user account data, but no content data. You can access Your data at any time. If You exceptionally use additional cloud services, Your data may also be stored in Our cloud environments. As described above, further information can be found in Our Trust Centre. In the event of insolvency, liquidation, cessation of business activities, or termination of the contractual agreement, the provisions set out in Data Protection Addendum | Alludo shall apply.
5.5. TERMINATION: You can terminate the use of Our services in accordance with the existing contractual agreements. Refunds will only be given in the event of corresponding legal obligations.
Last Updated: April 2025