Upsales General Terms and conditions

1. General 

1.1 These general terms and conditions (the “Terms”) apply to the Customer’s Subscription regarding the use of the Upsales software service or part thereof, provided as a cloud based software, and the related Upsales mobile application (the “Service”). The Service is provided by Upsales Nordic AB, with Swedish company reg. no. 556641-2507, (“Upsales”) to the Customer, in accordance with the Agreement.

1.2 These Terms shall also apply to any other or additional service provided by Upsales to the Customer, such as consultancy services, and such services shall then be deemed included in the “Service” for the purpose of these Terms, unless separate terms are provided.

1.3 The Agreement consists of (i) the Subscription, (ii) these Terms, and (iii) any appendices mentioned in the Subscription or in these Terms (collectively referred to as the “Agreement”). 


1.4 You, who subscribes to the Service and thereby accept the terms as set out in the Agreement on behalf of the Customer, certify and guarantee that you are authorized to enter into an agreement on behalf of the Customer.

2. Definitions 

(“Billing Date”) the date on which a payment are due in accordance with the Subscription. For the avoidance of doubt, the first Billing Date is the same date on which the customer subscribes to the Service.

“Customer”: The company that have subscribed to the Service in accordance with the terms of the Agreement ..

“Customer Data”: Any data or information, including personal data and technical information relating to the Customer, or its customers, employees or equipment, provided to Upsales by, or on behalf of, the Customer, by use of the Service.

“Documentation”: Any manual, instruction or other documentation related to the Service, provided through Upsales’ website www.upsales.com or otherwise disclosed by Upsales to the Customer, as changed from time to time.

“Regular User Support”: General information and guidance that Upsales provides to the Customer in response to support requests by the Customer in relation to the Service - which are provided by email or telephone on weekdays between 8 am and 5 pm (CET), unless otherwise agreed - or any agreed upon support level agreement. For the avoidance of doubt, Regular User Support shall not include further services provided by Upsales in connection with the Customer’s support requests, such as specific configurations, integrations or adaptions of the Service or other consultancy services. 

“Subscription”: The terms and information displayed under “Subscriptions” found at the Customer’s logged in mode on to the Upsales’ website, which constitutes the contract between Upsales and the Customer that includes prices, when the subscription started billing statement, numbers of licenses and other terms in regard of the Service.

“Subscription Period”: The period between a Billing Date until the next Billing Date as specified for the specific Subscription.

3. The Service

3.1 Subject to the terms in the Agreement and the Customer’s fulfillment of its payment obligations, Upsales gives the Customer a non-exclusive, time limited and non-transferrable license and right to use the Service for the Customer’s own business only, with a maximum number of user licenses as specified in the Subscription. Upsales shall be considered to have delivered the Service at the time when Upsales connects the Service to the internet and activates the Customer’s account and user licenses. 

3.2 Upsales shall provide the Service in accordance with the methods and standards that Upsales normally uses for the Service. Upsales may make updates to the Service as it deems fit, with one week’s written notice. Changes in layout or graphics as well as other updates that are not expected by Upsales to materially restrict the Customer’s use of the Service may, however, be made without notice.

3.3 Upsales may provide additional services as agreed upon, e.g. analytical tools, database services, consultancy services or specific customisations, subject to separate terms and prices. Upsales may decide on how to integrate such additional services at its own discretion.

4. Use of the Service

4.1 The Customer shall comply with and always use the Service in accordance with the Documentation and relevant laws and regulations, and bears sole responsibility for such compliance. The Customer is entirely responsible for all Costumer Data and activities that occur under its account and user licenses. 

4.2 Upsales’ “Fair Usage Policy”, as updated from time to time and made available at Upsales’ website www.upsales.com, contains principles for certain Service functions, such as the number of e-mails that can be sent by use of the Service, and will at all times apply to the Customer’s use of the Service.

4.3 The Service may not be used (i) for any unlawful or other purpose for which it is not intended, including to transmit, upload or post any computer viruses or other harmful files or codes; (ii) in any way so that the functionality of the Service is impaired, or in a way that is damaging or disruptive to other users or their use of the Service or equipment; (iii) in a manner that could be perceived as defamatory or offensive in any way; or (iv) in any other way that could reasonably be expected to affect Upsales or the Service adversely or reflect negatively on the goodwill, name or reputation of Upsales or the Service.

4.4 The Customer shall not copy, modify, create derivative work, reverse engineer or otherwise attempt to discover any source code of, or assign, sub-license or transfer any right in, the Service or part thereof.

4.5 The Customer shall indemnify Upsales from and against any costs or claims, resulting from the Customer’s use of the Service in violation of the Agreement, including this section 4.

5. Information and Security etc.

5.1 The Customer shall provide Upsales with all information reasonably requested in order to set up and provide the Service, and promptly notify Upsales of any change in such information. 

5.2 The Customer is responsible for (i) keeping all passwords and account details confidential; (ii) immediately notifying Upsales if suspected or unauthorised access to the Service occurs, or any other breach of security; and (iii) maintaining all equipment, software, applications, communication services and routines, including the security of the Customer’s IT environment’s, required in order to use the Service or otherwise instructed by Upsales from time to time. For the avoidance of doubt, Upsales is not liable for the Customer’s hardware or software, including uploaded files or data, or unauthorised use of the user accounts or of the Service.

6. Availability and Support

6.1 Upsales strives to ensure that the Service operates in accordance with its specifications twenty-four (24) hours a day. Unless otherwise agreed, Upsales shall make the Service available no less than 99.8 % of the time in any given  Subscription Period.

6.2 The Service shall be considered available if the login to the cloud based software is operational. Insignificant inconveniences shall not result in the Service being unavailable. In particular, the Service shall not be deemed unavailable when (i) Upsales performs scheduled service or maintenance on the Service, of which the Customer has been informed no less then forty-eight (48) hours in advance; (ii) the downtime is caused by emergency shutdowns, necessary to protect the Service from viruses, DDoS or other hacker attacks, etc.; or (iii) the Service is down due to circumstances beyond Upsales’ control, including, but not limited to, loss of electricity, network or communication. Scheduled service or maintenance, pursuant to item (i) above, shall, to the extent possible, occur outside of usual business hours and not more often than once a month, unless otherwise agreed. 

6.3 If the availability of the Service, according to the above, is below 99.8 % during a Subscription Period, the Customer shall be entitled to claim compensation in accordance with the below, where the Fee shall correspond to the total amount payable by the Customer  for every Subscription Period, as set out in the Subscription:

 

Down-level

Availability (%)

Compensation

1 Below 99.8 %, above 99.0 %

10 % of the Fee

2 Below 99.0 %, above 98.0 %

20 % of the Fee

3 Below 98.0 %, above 97.0 %

30 % of the Fee

4 Below 97.0 %, above 96.0 %

40 % of the Fee

5 Below 96.0 %, above 95.0 %

50 % of the Fee

 

An availability below 95 % during a Subscription Period shall be considered a material breach and entitle the Customer to terminate the Agreement with immediate effect in accordance with section 8.3.

6.4 Availability under section 6.3 above shall be measured in accordance with the following formula:
A = (M - D) * 100/M , where

A = Availability indicated in percentages,

M = Minutes during a Subscription Period,

D = Downtime during the period “M”, indicated in minutes (excluding scheduled service or maintenance, etc.). Downtime means a material failure leading to the unavailability of the Service for the Customer, subject to what is set out in section 6.2 above. The Customer shall report any downtime to Upsales.

6.5 Upsales performs Regular User Support in and, if applicable, any agreed upon support level agreement. 

6.6 The Customer shall request support by Regular User Support or as prescribed in any applicable support level agreement. 

6.7 This section 6 shall constitute the entire obligation of Upsales towards the Customer in respect of Upsales’ performance and liability in regard of the service level and Regular User Support of the Service, unless otherwise agreed.

7. Prices and Payment

7.1 Applicable prices for the Service are set out in the Subscription. All prices are exclusive of VAT and similar taxes. As regards any services for which no specific price has been agreed in writing, Upsales’ standard fees, applicable at the time of delivery, shall apply. 

7.2 Unless otherwise agreed in writing, Upsales’ standard fees, as applicable from time to time, shall apply to any additional services and work for which prices are not specified in the Subscription. Except for Regular User Support, services provided by Upsales in connection with support requests by the Customer are not included in the prices for the Service set out in the Subscription.

7.3 Any overdue payment shall carry interest in accordance with the Swedish Interest Act (SFS 1975:635). In addition to other available remedies, Upsales may immediately suspend the Service, and/or terminate the Agreement with immediate effect and without prior notice if full payment is not received when due. 

7.4 Upsales may monthly (with effect from the Customer’s next Subscription Period) adjust the prices set out in the Subscription.

8. Term and Termination

8.1 The Agreement shall enter into force upon receipt of payment on the first Billing Date and shall remain in force until the Customer un-subscribes from the Service and the remaining days thereafter until the next Billing date. For the avoidance of doubt, the Customer needs to un-subscribe at the latest the day before the next Subscription Periods starts in order for the Agreement not to be prolonged for an additional Subscription Period. Upsales may terminate the Agreement at any given time by giving the Customer a three (3) months’ written notice. 

8.2 The Service is provided for the Term of the Agreement.

8.3 Besides as provided for in section 8.1 , either party shall be entitled to terminate the Agreement with immediate effect by written notice to the other party, if:
a. the other party has committed a material breach of the Agreement and does not, where possible, fully rectify such breach within thirty (30) days of the other party giving written notice thereof; or
b. the other party is declared insolvent, is subject to an application or order of bankruptcy or company reorganisation, suspends its payments or otherwise can be presumed to be insolvent.

8.4 Upsales is also entitled to terminate the Agreement with immediate effect if the Customer’s use of the Service violates the Agreement, including sections 4-5, or if full payment in accordance with the Agreement is not received by Upsales when due.

8.5 The following sections shall survive termination of the Agreement: this section 8, section 9, section 10, section 11, section 12, section 13 and section 15.

8.6 Upon termination, the Customer shall not be entitled to recover any excess amount of payments made in advance, unless the Customer terminates the Agreement with immediate effect in accordance with section 8.2 a. above.

8.7 Upon termination, the Customer shall immediately cease its use of the Service and return or delete confidential information or Documentation received from Upsales.

8.8 The Customer shall be entitled to retrieve any Customer Data on the medium chosen by Upsales, provided that the Customer requests this from Upsales in writing within thirty (30) days from termination of the Agreement and pays Upsales for any work associated with this.

9. Customer Data

9.1 When either party processes Personal Data within the scope of the Service, the Customer or a company on the Customer’s side is data controller and Upsales is data processor. The parties have for that matter entered into a data processing agreement in accordance with Appendix 1(A-B). Upsales may use Customer Data in aggregated or anonymous form, for uses in statistics and product development purposes.

10. Confidentiality and Non-solicitation 

10.1 Neither party may disclose to a third party any information received from the other party which is confidential, or can reasonably be assumed to be confidential, including, without limitation, any technical information, information on business secrets, source codes, login information or security methods for access to the Service, and the terms of the Agreement. This does not apply to information that (i) is or becomes publicly known without the breach of the Agreement; (ii) was known to the receiving party prior to receipt from the disclosing party or disclosed by a third party without any obligation of confidentiality; or (iii) the disclosure is required by law, regulatory body or an agreement with a stock exchange where the party is listed, or similar. Each party is responsible for ensuring that their sub-contractors, consultants and employees respect corresponding confidentiality obligations. 

10.2 The Customer undertakes during the term of the Agreement, and for twelve (12) months thereafter, not to solicit the employment or other engagement of any person who is or has been directly involved with the performance of the Service. In addition to other available remedies, Upsales shall be entitled to a fixed penalty fee from the Customer corresponding to five (5) price base amounts (Sw: prisbasbelopp), as provided for in the Swedish Social Insurance Code (SFS 2010:110), for each and every breach of this section 10.2.

11. Intellectual Property Rights

11.1 Upsales and/or its licensors hold all intellectual property rights to the Service and Upsales’ website, including any updates, files or data being uploaded to or performed on the Service by Upsales, as well as to the software and source code included in the Service. This includes, without limitation, any patents, copyrights, design rights and trademark rights related thereto. Nothing in this Agreement shall be interpreted as a transfer of such rights, or part thereof. 

11.2 If a third party makes an intellectual property claim against the Customer based on the Customer’s use of the Service, the Customer shall (i)  immediately notify Upsales in writing of the claim and relevant circumstances; (ii) allow Upsales at its sole discretion and expense, to control the defense of the claim and decide on conciliation in the Customer’s name; and (iii) act in accordance with Upsales’ instructions, assist and cooperate with Upsales to the extent reasonably requested by Upsales, and issue any and all documents (including powers of attorney) needed, without any cost to Upsales. 

11.3 If a competent court finally determines that the Customer’s use of the Service in accordance with the Agreement constitutes an intellectual property infringement, Upsales shall compensate the Customer, subject to section 12, for direct costs and damages that the Customer is found liable to pay, provided that the Customer has adhered to its obligations under section 11.2 above. Upsales may further, at its own discretion ensure the Customer’s right to continued use of the Service or corresponding non-infringing service, or cancel the Service and repay the Customer any fees paid for the remaining term of the Agreement, without interest and with deduction of any reasonable benefit the Customer has had from the Service. This section 11.3 constitutes Upsales’ entire obligation towards the Customer with respect to any infringement in a third party’s intellectual property rights.

11.4 The Customer will defend Upsales, at its own expense, against any claim regarding infringement of intellectual property rights caused by the Customer’s use of the Service or Customer Data. The Customer will indemnify and hold Upsales harmless against any costs or damages that Upsales may become liable to pay in relation to such infringement claim.

12. Limitations of Liability and Warranties

12.1 No party shall be liable to the other party for failure to perform its obligation under this Agreement if such performance is prevented by circumstances beyond the control of the party, including, but not limited to, acts of authorities, strikes or other difficulties on the labour markets, general shortage of supplies, fire or loss of electricity, communications or data.

12.2 Upsales is not in any event liable for any cost, damage or loss of any kinds caused by or related to (i) any third parties, third party services or applications; (ii) modifications or changes to the Service made by anyone other than Upsales or made according to the Customer’s or its suppliers’ instructions, or (iii) the Customer’s loss of customers, business, profit, revenue, savings, or goodwill, loss due to operational, power or network interruptions, loss of data or information, the Customer’s potential liability towards a third party or other indirect or consequential damage of any kind.

12.3 Upsales’ total and aggregated liability under the Agreement is limited to the amount paid by the Customer for the Service or for any other service that the claim relates to, during the twelve (12) month period prior to the time the damage occurred. 

12.4 Upsales shall not in any event be liable to pay damages if the Customer does not notify Upsales in writing thereof within thirty (30) days after the Customer noticed, or should have noticed, the actual damage or loss, however in no event later than three (3) months from when the damage occurred. 

12.5 Except for what is expressly set out in the Agreement, the Service is provided on an “as is” basis and Upsales makes no warranties or representations, whether express or implied, in relation to the Service, including to the completeness, accuracy, reliability, satisfactory quality,  and/or fitness for a particular purpose of the Service.

13. Audit

13.1 Upsales shall have the right, during the term of the Agreement and for a period of twelve (12) months thereafter, to have an independent audit firm, selected by Upsales, to perform an audit, to verify that the Customer uses the Service and/or any Documentation in compliance with the Agreement. Such audits may occur up to four (4) times a year (a maximum of once per quarter), and shall be conducted during normal business hours and at Upsales’ own expense, unless the audit reveals a breach by the Customer. The Customer shall cooperate if Upsales performs any audit pursuant to this section 13.

14. Miscellaneous

14.1 The Agreement constitutes the entire agreement between the parties, with respect of the subject matter thereof. It supersedes all prior or contemporaneous Agreements or understandings.

14.2 The parties may not assign any of their rights or obligations under the Agreement to a third party without the other party’s prior written approval. However, Upsales may assign its right to receive payment to any third party, without the Customer’s approval. 

14.3 Upsales may make amendments to these Terms by giving the Customer four (4) moths’ written notice. Amendments will be effective as from the next yearly payment period.

15. Governing Law and Disputes

15.1 This Agreement shall be governed by and construed in accordance with Swedish law. Any dispute, controversy or claim arising out of, or in connection with, in connection with the Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Rules of the Arbitration Institute of the Stockholm Chamber of Commerce. The arbitral tribunal shall be composed of a sole arbitrator. The place of arbitration shall be Stockholm, Sweden, and the language used shall be English, unless otherwise agreed. All such proceedings, information disclosed and decisions made in such proceedings shall be kept strictly confidential. Notwithstanding the foregoing, Upsales may take any legal action necessary at any competent court for collection of delayed payments.

 

APPENDIX 1A
DATA PROCESSING AGREEMENT

This Data Processing Agreement (“DPA”) is entered into between Upsales the Company automatically when the Company subscribes to the Service.

1. Background

1.1 Upon performance of the Agreement, Upsales will be Processing Personal Data on behalf of the Customer as the Customer’s data processor. The Customer is the data controller of the Processing of the Personal Data.

1.2 For the purpose of ensuring compliance with the Data Protection Rules, the Parties have entered into the DPA, which forms an integral part of the Agreement.

2. Definitions 

Data Protection Rules” means all general laws and regulations, as applicable from time to time, in respect of Processing Personal Data, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or “GDPR”) as well as supplementary local adaptions.

Data Subject” means the identified or identifiable natural person, whom the Personal Data relates to.

Personal Data” means any information, which directly or indirectly relates to a Data Subject and which Upsales Processes on behalf of the Customer under the DPA.

Processing” means any operation or set of operations which is performed on Personal Data, or on sets of Personal Data, whether or not by automated means.

Sub-Processor” means any third party that Upsales engages to Process Personal Data on behalf of the Customer (including, but not limited to, Upsales’ partners and sub-contractors)

Supervisory Authority” means the independent public supervisory authority/ies, authorised to conduct supervision of the Processing of Personal Data in accordance with the Data Protection Rules.

2.1 Unless otherwise stated, any other capitalized term or concept used in the DPA (except merely as part of a heading) shall have the meaning and conception ascribed to it in the Data Protection Rules or otherwise in the Agreement, unless the circumstances obviously require another interpretation.   

3. Responsibility and Instruction

3.1 The Personal Data Processed by Upsales on behalf of the Customer consists of data included in the Upsales software service related to the Customer’s customers, as further specified in Appendix 1B (Data Processing Instructions).

3.2 The Customer is the data controller of all Personal Data Processed by Upsales on behalf of the Customer under the DPA. Consequently, the Customer is responsible for ensuring compliance with the Data Protection Rules. The Customer undertakes to inform Upsales about the content of the relevant parts of the Data Protection Rules for Upsales’ performance of the Processing. Upsales accepts to comply with those applicable obligations, according to the Data Protection Rules, which the Customer has informed Upsales about and given Upsales instructions to follow.

3.3 Upsales, and anyone working under Upsales’ supervision, shall Process Personal Data in accordance with the Customer’s documented instructions only and not for any other purposes than those, which the Customer has hired Upsales for, under the Agreement. The instructions that apply on the date of signature of the DPA are specified in Appendix 1B. In addition, the Agreement constitutes the Customer’s instructions. Processing may also be performed by Upsales or Sub-Processor where required by EU law or applicable law in an EU member state that Upsales or Sub-Processor is subject to. 

3.4 The Customer shall immediately inform Upsales of changes that affect Upsales’ obligations according to the DPA. 

3.5 The Customer shall regularly inform Upsales of measures taken by third parties in relation to the Processing, hereunder by the Supervisory Authority and by Data Subjects.

3.6 The Customer shall inform Upsales if anyone else, either alone or jointly with the Customer, is data controller of the Personal Data.

4. Security

4.1 Upsales shall implement technical and organizational measures, as required by the Data Protection Rules, in order to ensure a level of security that is appropriate to the risk and to protect Personal Data that Upsales Processes from accidental or unlawful destruction, loss or alteration, or unauthorised disclosure of, or access to, the Personal Data being Processed. Upsales shall assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of GDPR, taking into account the nature of the Processing and the information available to Upsales.

4.2 Upsales shall notify the Customer without undue delay after becoming aware of a personal data breach pursuant to Article 33 of GDPR. If the Customer, in violation of the Data Protection Rules, does not inform Upsales of a personal data breach and the Supervisory Authority instructs Upsales to correct the personal data breach, the Customer shall compensate Upsales for all related costs and expenditures.


5. Disclosure of Personal Data and Information etc.

5.1 Upsales shall forward any request to the Customer from a Data Subject, the Supervisory Authority or any other third party, who is requesting receipt of information regarding Personal Data that Upsales Processes on behalf of the Customer. Upsales, or anyone working under Upsales’ supervision, shall not disclose Personal Data, or information about the Processing of Personal Data, without the Customer’s express instruction or as laid down in the DPA, unless required by the Data Protection Rules.

5.2 By technical and organizational measures, which are appropriate taking into account the nature of the Processing, Upsales shall assist the Customer, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests from the Data Subject, when the Data Subject exercises its rights in accordance with the Data Protection Rules.

5.3 Upsales shall inform the Customer of any contacts from the Supervisory Authority that concern the Processing of Personal Data on behalf of the Customer. Upsales is not entitled to represent the Customer or act on the Customer’s behalf towards the Supervisory Authority.

6. Sub-Processors

6.1 The Customer hereby gives Upsales prior, general authorisation to engage Sub-Processors in the Processing of Personal Data, provided that Upsales enters into a data processor agreement with each Sub-Processor in which data protection obligations corresponding to what is set out in the DPA are imposed on the Sub-Processor. If the Sub-Processor fails to fulfil its data protection obligations, Upsales shall remain responsible towards the Customer for the performance of the Sub-Processor’s data protection oblige-tions.

6.2 In particular, Upsales is responsible for ensuring (i) the compliance with Articles 28.2 and 28.4 of GDPR when engaging Sub-Processors; and (ii) that Sub-Processors provide sufficient guarantees to implement appropriate technical and organizational measures, in such a manner that the Processing meets the requirements of GDPR.

6.3 Upon the Customer’s request, Upsales shall provide such specified information regarding such Processing by Sub-Processors, which the Customer reasonably may request according to the Data Protection Rules, and shall inform the Customer of any intended changes concerning the addition or replacement of Sub-Processors. The Customer is entitled to object to such changes, based on objective grounds relating to the security of the Processing under the DPA. If the Customer makes such legitimate objection and Upsales does not accept to replace the Sub-Processor or refrains from using a Sub-Processor, Upsales shall be entitled to compensation from the Customer for all Upsales’ costs and expenditures that result from Upsales not being able to use the Sub-Processor in question. In addition, Upsales shall be entitled to terminate the Agreement and/or the DPA, partially or wholly, including in relation to specific additional services, by giving the Customer thirty (30) days’ notice.

7. Transfers of Personal Data outside the EU/EEA and Data Portability

7.1 If Upsales or a Sub-Processor transfers Personal Data to a location outside of the EU or the EEA, Upsales shall ensure that Upsales or the Sub-Processor transfers the Personal Data in compliance with applicable Data Protection Rules.

7.2 Upsales shall assist the Customer in fulfilling potential duties to enable data portability regarding Personal Data, which Upsales Processes under the DPA.

8. Audits etc.

8.1 Upsales may use external auditors to verify and demonstrate compliance with its obligations following from the Data Protection Rules. Upsales will then, upon the Customer’s request, make available a confidential summary report to the Customer of such audits. 

8.2 Furthermore, Upsales shall make available, upon the Customer’s request and within reasonable time, all information necessary to demonstrate Upsales’ compliance with its obligations following from the Data Protection Rules, including when requested as part of audits or inspections carried out by the Customer or an independent auditor mandated by the Customer and accepted by Upsales. Such audits may occur up to four (4) times a year (a maximum of once per quarter), and shall be conducted during normal business hours and at the Customer’s expense. 

9. Confidentiality  

9.1 Upsales shall ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Such commitment does not apply to information that Upsales is required to disclose to an authority, or in order to comply with the Data Protection Rules or other statutory rules. This confidentiality obligation shall remain in force after termination of the DPA.

10. Compensation 

10.1 Upsales is entitled to reasonable compensation for all work, costs and expenditures stemming from Upsales’ performance of sections 4.2, 5.2, 7.2, 8, 12.2 and 13.1 as well as for all work, costs and expenditures stemming from Upsales following the Customer’s Processing instructions, which are not clearly documented in the Agreement, when this results in work that goes beyond functions and the level of security following from the services that Upsales normally provides to its customers.

11. Liability

11.1 If Upsales, anyone working under Upsales’ supervision, or Sub-Processors, Processes Personal Data in violation of the DPA or contrary to lawful instructions of the Customer, Upsales shall pay damages to the Customer for the direct damage suffered due to the incorrect Processing, in accordance with the limitation of liability that follows in the Agreement.

11.2 During the term of the DPA and thereafter, the Customer shall indemnify and hold Upsales harmless from any direct or indirect damage, e.g. requirements from the Data Subject and other data controllers of the Personal Data than the Customer, when Upsales has suffered such damage due to unclear, inadequate or unpermitted instructions from the Customer, or otherwise, depending on the circumstances on the Customer’s side.

11.3 Upsales’ obligation to pay damages, laid down in section 11.1 above, only applies if i) the Customer without undue delay informs Upsales in writing of any claims against the Customer; and ii) the Customer allows Upsales to control the defence of the claim and make independent decisions regarding conciliation.

12. Term and Termination

12.1 The DPA enters into force when duly signed by both Parties and remains in force as long as Upsales Processes Personal Data on behalf of the Customer. 

12.2 Upon termination of the Agreement or the DPA (depending on which is first terminated), Upsales shall delete the Personal Data that the Customer has transferred to Upsales and any existing copies, where appropriate, unless storage of the Personal Data is required by EU law or applicable EU member state law. Upsales shall ensure that each Sub-Processor does the same.

13. Changes and Additions

13.1 If the Data Protection Rules are changed during the term of the DPA, or if the Supervisory Authority issues guidelines, decisions or regulations concerning the application of the Data Protection Rules that result in the DPA no longer meeting the requirements for a data processing agreement, the Parties shall make the necessary changes to the DPA, in order to meet such new or additional requirements. Such changes shall enter into force no later than thirty (30) days after a Party sends a notice of any necessary changes to the other Party, or otherwise no later than prescribed by the Data Protection Rules, guidelines, decisions or regulations of the Supervisory Authority. 

13.2 Other changes and additions to the DPA must be made in writing and duly signed by both Parties in order to be binding. 

14. Miscellaneous

14.1 The DPA supersedes and replaces all prior data processor agreements between the Parties and supersedes any deviating provisions of the Agreement concerning the subject matter of the DPA, notwithstanding anything to the contrary in the Agreement.

14.2 Swedish law applies in all aspects to Upsales’ Processing of Personal Data under the DPA. Any dispute arising out of or in connection with the DPA shall be settled in accordance with the dispute resolution provision in the Agreement.

APPENDIX 1B 

DATA PROCESSING INSTRUCTIONS

In these data processing instructions, all capitalized words shall have the same meaning as defined in the DPA or the Agreement, unless otherwise is expressly stated.

Purposes

Please specify all purposes for which the Personal Data will be processed by Upsales as the Customer’s data processor.

The Customer have subscribed tothe Service. In providing the Service, Upsales will engage, on behalf of the Customer, in Processing of Personal Data submitted and stored within the Service by the Customer or third parties with whom the Customer granted using the service.

Categories of data

Please specify the Personal Data that will be processed by Upsales as data processor


The Service has a number of standard fields to which the Customer can submit and store personal data; contact name, telephone number, title and e-mail. If the Customer choose to add custom fields in the Service, these should not be used to submit or store “special” or “sensitive” categories of Personal Data (as defined under Applicable Data Protection Law).  

Categories of data subjects

Please specify the categories of data subjects whose Personal Data will be Processed by Upsales as data processor


To provide the Service according to the Upsales General Terms and conditions Upsales needs to store the Customer’s employees access credentials which has a license to the Service. The Customer will be able to submit and store Contact information for their prospects and customers in the Service.

Processing operations

Please specify all processing activities to be conducted by Upsales as data processor

Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

Location of processing operations

Please specify all locations where the Personal Data will be processed by Upsales as data processor and - when applicable – by Sub-processor.

Upsales and its Sub-processors will maintain data processing operations in countries that are in EU/ESS region. 

 

Information security measures

Access control Physical

 

Access to the data center may only be attained by a limited number of authorized personnel passing through a series of electronic validation systems. Throughout the facility video cameras monitor all sections of the building and the surrounding grounds. Within this facility all Upsales equipment is kept in secured cabinets.

In addition to the above security measures, all Upsales site operations personnel have signed special non-disclosure agreements with respect to the handling of customer data. Failure to uphold this agreement carries severe legal penalties. For added security the site operations team is limited to just a few individuals having access to the site.

System Access control

 

Upsales shall take reasonable measures to prevent Personal Data from being used without authorization. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, IP-blocking and logging of access on several levels. 

Data Access Control

 

Upsales shall take reasonable measures to provide that Personal Data is accessible and manageable only by properly authorized staff, direct database query access is restricted and application access rights are established and enforced by the Customer when Upsales Personnel needs application access to fulfill Regular user Support described in the Agreement. 

Back-up

 

Back-ups of the databases in the service are taken on a regular basis, are secures, and encrypted to ensure that personal data is protected against accidental destruction or loss when hosted by data processor. Back-ups will be stored for a maximum of 6 weeks before destruction. 

Encryption of data communication (Transmission control)

 

Upsales shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of personal data by means of data transmission facilities is envisaged so Service Data cannot be read, copied, modified or removed without authorization during electronic transmission or transport from the Service to the end user.

Deletion 

 

After thirty (30) days after the termination of Customer’s access to and use of the Service, Upsales shall have the right to delete all Service Data stored or Processed by Upsales on behalf of the Customer in accordance with Upsales deletion policies and procedures. 

Logical Separation

 

Data from different Upsales subscriber environments is logically segregated on Upsales systems to ensure that Personal Data that is collected for different purposes may be Processed separately.