1. General
1.1 These general terms and conditions (the "Terms") apply to all agreements regarding Upsales' software service, or part thereof, provided as a cloud based software, including AI functionality, and the related Upsales' mobile applications, including Additional Orders (the "Service"). The Service is provided by Upsales Nordic AB, with Swedish company reg. no. 556641-2507, ("Upsales") to the Customer, in accordance with the Agreement.
1.2 These Terms shall also apply to any other service provided by Upsales to the Customer from time to time, such as consultancy services, unless otherwise specifically stated in connection with the provision of such service.
1.3 The Agreement consists of (i) the Main Agreement (including any future adjustments made in the Subscription Portal), (ii) these Terms, (iii) Appendix 1 - Data Processor Agreement ("DPA"), and (iv) any appendices mentioned in the Main Agreement or in these Terms (collectively referred to as the "Agreement"). In case of conflict, the Main Agreement prevails over any appendices. In case of conflict between appendices, unless the circumstances clearly indicate otherwise, these Terms will prevail, except regarding processing of personal data, in which case, the DPA will prevail.
2. Definitions
"Additional Orders" means the additional User Licenses, Tiers and Additional Services that the Customer may add to increase the number of users of the Service or to add additional features to the Service. All Additional Orders placed by the Customer are integrated into the Service.
"Additional Services" means any services, applications or features that the Customer may add in the Subscription Portal or by entering into a separate agreement with Upsales.
"Customer" means the legal entity defined as Customer in the Main Agreement.
"Customer Data" means any data or information, including personal data and technical information relating to the Customer, or its customers, employees or equipment, provided to Upsales by, or on behalf of, the Customer, by use of the Service.
"Documentation" means any manual, instruction or other documentation related to the Service (including Security White Paper), provided at Upsales' website www.upsales.com, in the Subscription Portal, or otherwise disclosed by Upsales to the Customer, including updates of such documents that Upsales duly notifies the Customer about.
"Main Agreement" means the agreement between Upsales and the Customer that includes prices, the term of the Agreement and other terms regarding the Service in accordance with the parties' agreed upon Main Agreement, including any future adjustments made in the Subscription Portal.
"Regular User Support" means standard support regarding the Service that Upsales provides to the Customer at the Customer's request as prescribed in the Main Agreement or in a "support level agreement" ("SLA") agreed upon between the parties. For the avoidance of doubt, Regular User Support shall not include further services, such as configurations, integrations, adaptions of the Service or other consultancy services, that Upsales may offer in connection with the Customer's support requests.
"Security White Paper" means the document named Security White Paper provided to the Customer at Upsales' website www.upsales.com.
"Subscription Portal" means the digital tool provided by Upsales to the Customer, where the Customer can access information relating to e.g. prices, number of User Licenses, current Tiers and active Additional Services, as well as terminate and reactivate the Service. The information in the Subscription Portal shall reflect what the parties have agreed on at any given time.
"Tier" means a specific level of the Service or Additional Service regarding a) a certain volume, e.g. the number of units that can use the Service or Additional Service (such as for e-mail and events), or certain volume based on usage (such as number of active agents or generated reports/scrapes) and/or b) the number of User Licenses.
"Third Party Applications" means any web or other software services or applications that are used in connection with, integrated with or otherwise interact with the Service, including all software, content, services, technology, data and other digital materials included or made available therein, created, offered, supported and/or maintained by third parties.
"User License" means a license for a specific user to be able to use the Service.
3. The Service and Upsales' obligations
3.1 Upsales gives the Customer a non-exclusive, time limited and non-transferrable license and right to use the Service for the Customer's own business during the term. The Customer is entitled to the number of User Licenses agreed upon in the Main Agreement and as specified in the Subscription Portal.
3.2 Upsales shall provide the Customer with accounts and User Licenses to the Service as specified in the Main Agreement or as later chosen by the Customer in the Subscription Portal. Upsales shall be considered to have delivered the Service at the time when Upsales gives the Customer access to the Service via the internet and activates the Customer's account and User Licenses.
3.3 Upsales shall provide the Service in accordance with the Agreement and the methods and standards that Upsales normally uses for the Service. The Service shall be provided in a professional manner and in compliance with applicable rules and principles which constitute good practice in the industry.
3.4 Upsales is constantly working to improve the Service and the Customer's user experience. Upsales shall (and has the right to) make updates to the Service (including the Agreement) in order to, for example, provide a competitive and customer-friendly Service. Upsales shall inform the Customer in writing in good time before any update or change (including any enhancement or addition) to the Service that results in the Service being significantly altered. The Customer is to be considered informed of such significant changes of the Service when Upsales, by e-mail or communication in the Service, sends a message to an administrator of the Customer.
3.5 Upsales will provide the Customer with access to the Subscription Portal where the Customer can choose to expand the Service by adding Additional Services, User Licenses and adjust Tiers, or regarding Additional Services, by entering into a separate additional agreement with Upsales. All Additional Orders are integrated into the Service when the Customer makes such adjustments in the Subscription Portal.
3.6 The Customer appoints, in connection to the Subscription Portal, its administrators that are entitled to make terminations and changes according to the Agreement in the Subscription Portal, reactivate the Service as well as receive messages on behalf of the Customer. All actions, such as changes and activations, made by an administrator in the Subscription Portal are binding for the Customer. The Customer is responsible for the actions of their administrators in and in connection with the Subscription Portal. Upsales therefore recommends the Customer to carefully review and control which administrators are appointed.
3.7 Upsales shall assist the Customer with connection to the Service and provide the Customer with customer support as prescribed in section 6.
3.8 Upsales may provide additional services as agreed upon, e.g. consultancy services or specific customizations. Such services may be subject to separate terms and prices. Unless otherwise agreed, consultancy services shall be performed on a time and materials basis in accordance with Upsales' price list applicable at the time. The Customer shall ensure that Upsales has access to the necessary internal resources and information regarding the Customer's business required for Upsales to perform the consultancy services.
4. Use of the Service and the Customer's obligations
4.1 The Customer shall comply with and use the Service in accordance with the Documentation, applicable third-party terms and applicable laws and regulations at any given time. The Service may not be used in violation of the purpose of the Service, which is to serve as a platform for managing contact information, commercial relationships and/or business processes within B2B sales, marketing, customer care and/or related revenue-generating activities, as well as proper register maintenance. The Customer is solely responsible for all Customer Data and activities that occur in and in connection with the Subscription Portal as well as under its account and User Licenses.
4.2 The Service may not be used in any way (i) to attempt to obtain unauthorized access to the Service or any information included in the Service; (ii) that is unlawful or for which the Service is not intended, including to transmit or upload any computer viruses or other harmful files or codes; (iii) that may impair the functionality of the Service, or in any way that is damaging or disruptive to other users or their use of the Service or equipment; (iv) that could be perceived as defamatory or offensive in any way; (v) that could otherwise reasonably be expected to affect Upsales or the Service adversely or reflect negatively on the goodwill, name or reputation of Upsales or the Service; or (vi) that aims at or may result in the underlying functionality or algorithms of the Service being modified, manipulated or otherwise affected beyond what follows from normal use in accordance with the Documentation.
4.3 The Customer shall not copy, modify, create derivative work, reverse engineer or otherwise attempt to discover any source code of, or assign, sub-license or transfer any right in, the Service or part thereof. Further, the Customer shall not copy, disturb or in any unauthorized way use certificates or other equipment belonging to a third party.
4.4 If the Customer uses the Service in violation of the Agreement, including this section 4, the Customer shall immediately, upon Upsales' request or when the Customer discovers or reasonably should have discovered the unauthorized use, cease such use. The Customer shall indemnify and hold Upsales harmless from and against any costs and claims arising from such unauthorized use.
4.5 If the Customer during a term, by its use of the Service or Additional Services, exceeds a Tier, the next applicable Tier and prices for such Tier shall apply automatically.
4.6 The Customer is responsible for all Customer Data and other content uploaded by the Customer to the Service. The Customer shall ensure that the Customer has the right to use all such data and that no sensitive personal data is uploaded to the Service.
5. Information and Security etc.
5.1 The security and reliability of the Service are of utmost importance to Upsales. Upsales shall ensure sufficient security for the Service and comply with requirements under applicable laws, such as the Cyber Security Act and the GDPR, by taking the measures prescribed in the Security White Paper or otherwise set out in the Documentation. Upsales has the right to make amendments to the Security White Paper on an ongoing basis in accordance with section 15.1, for example to address changes in the external environment. Such amendments shall not, however, reduce the security requirements of the Service and shall never conflict with applicable laws.
5.2 The Customer shall provide Upsales with all information reasonably requested in order to set up and provide the Service, and promptly notify Upsales of any change in such information.
5.3 The Customer is responsible for (i) keeping all passwords and account details confidential; (ii) immediately notifying Upsales if the Customer suspects or has been notified that unauthorized access to the Service has occurred, or any other breach of security; and (iii) maintaining all equipment, software, applications, communication services and routines, including the security of the Customer's IT environments, required in order to use the Service or otherwise reasonably instructed by Upsales from time to time. Upsales is not liable for the Customer's hardware or software, including uploaded files or data, or unauthorized use of the user accounts or of the Service.
6. Availability and Support
6.1 Upsales strives to ensure that the Service is available in accordance with the Agreement twenty-four (24) hours a day. Unless otherwise agreed in writing, Upsales shall make the Service available no less than 99.8 % measured per each quarter of a calendar year.
6.2 The Service shall be considered available if the login to the cloud based software is operational and the Service can be used in accordance with the Agreement. Insignificant inconveniences shall not result in the Service being unavailable.
6.3 Furthermore, the Service shall not be deemed unavailable when (i) Upsales performs scheduled service or maintenance of the Service, of which the Customer has been informed no less than forty-eight (48) hours in advance; (ii) the downtime is caused by emergency shutdowns that Upsales deems necessary to protect the Service from viruses, DDoS or other intrusions or hacker attacks, etc.; or (iii) the Service is down due to circumstances beyond Upsales' control, including, but not limited to, loss of electricity, network or other communication. Scheduled service or maintenance pursuant to item (i) above shall, to the extent possible, occur outside of regular business hours and not more often than once a month, unless otherwise agreed.
6.4 If the availability of the Service, in accordance with the above, is below 99.8 % during a quarter of a calendar year, the Customer shall be entitled to request a deduction on the next invoice in accordance with the below. Such request shall be submitted by the Customer in writing to Upsales within three (3) months from the occurrence of such lack of availability. The Quarterly Fee shall correspond to a quarter of the total amount payable by the Customer per term, as set out in the Main Agreement:
| Down-level | Availability (%) | Deduction |
|---|---|---|
| 1 | Below 99.8 %, above 99.0 % | 10 % of the Quarterly Fee |
| 2 | Below 99.0 %, above 98.0 % | 20 % of the Quarterly Fee |
| 3 | Below 98.0 %, above 97.0 % | 30 % of the Quarterly Fee |
| 4 | Below 97.0 %, above 96.0 % | 40 % of the Quarterly Fee |
| 5 | Below 96.0 %, above 95.0 % | 50 % of the Quarterly Fee |
An availability below 95 % during a quarter of a calendar year shall be considered a material breach and entitle the Customer to terminate the Agreement with immediate effect in accordance with section 8.5.
6.5 Availability under section 6.4 above shall be measured in accordance with the following formula:
A = (M - D) * 100/M , where
A = Availability indicated in percentages,
M = Minutes during a quarter of a calendar year,
D = Downtime during the period "M", indicated in minutes (excluding scheduled service or maintenance, etc.). Downtime leads to the unavailability of the Service for the Customer, subject to what is set out in sections 6.2 and 6.3 above. The Customer shall report any downtime to Upsales.
6.6 Upsales performs Regular User Support in accordance with the Main Agreement and, if applicable, any agreed upon SLA.
6.7 The Customer shall request support in accordance with the Main Agreement and any applicable SLA.
6.8 This section 6 shall constitute the entire obligation of Upsales towards the Customer in respect of Upsales' performance and liability in regard of the support level and Regular User Support of the Service, unless otherwise agreed. If the Customer wants to claim compensation in accordance with this section 6, the Customer must notify Upsales within three (3) months from the occurrence of such lack of availability.
7. Prices and Payment
7.1 The Customer shall pay the prices for the Service and Additional Services set out in the Main Agreement and based on the Tier pursuant to section 4.5 above. The applicable Tier at any given time is set out in the Subscription Portal. All prices are exclusive of VAT. Regarding any services for which no specific price has been agreed upon in writing, payment shall be made in accordance with Upsales' standard fees applicable according to the Subscription Portal at any given time. Unless otherwise provided for in section 7.2 below, the Customer's obligation to pay is not conditional upon actual use having occurred.
7.2 For such parts of the Service or Additional Services that are priced based on actual usage pursuant to the Main Agreement or the Subscription Portal, invoicing shall be made in arrears based on the Customer's actual use of the Service or Additional Service during the preceding month, unless a different invoicing period is specified in the Main Agreement or the Subscription Portal.
7.3 For Additional Orders, payment shall be made in accordance with Upsales' price list applicable at the time of delivery as set out in the Subscription Portal, unless otherwise agreed in writing. Except for Regular User Support, support services provided by Upsales upon request by the Customer shall not be deemed included in the prices for the Service set out in the Main Agreement.
7.4 Upsales is entitled to annually adjust the prices set out in the Main Agreement (including the Subscription Portal) in accordance with changes in the SCB Labour Cost Index for non-manual workers (LCI non-manual workers) preliminary index, SNI 2007 code J (Information and Communication business). Such changes will be effective as of the Customer's next annual payment period. The base period shall be the first quarter of the year when the Agreement was entered into.
7.5 Upsales is, in addition to the above, further entitled to change the prices in the Main Agreement and the pricing model for the Service (including parts thereof) or Additional Services before each new term. Upsales shall inform the Customer of such changes at least four (4) months before such changes take effect.
7.6 The Customer is to be considered notified of price adjustments under this section 7 when Upsales has sent a message to an administrator of the Customer by e-mail or communication in the Service.
7.7 Fees for the Service and Additional Orders are invoiced annually, unless otherwise set out in the Main Agreement, and in advance. Payment of invoices shall be made within twenty (20) days from the invoice date. If payment is late or incomplete, Upsales shall be entitled to late payment interest in accordance with the Swedish Interest Act (SFS 1975:635) and a reminder fee and/or collection fee in accordance with applicable laws. If payment is not received by Upsales by the due date and the Customer has not made correction despite a reminder from Upsales, Upsales shall, in addition to other available remedies under the Agreement, have the right to (i) immediately suspend the Service and/or (ii) terminate the Agreement with immediate effect pursuant to section 8, provided that such obligation to pay is not disputed on objective and reasonable grounds as well as due to Upsales' breach of the Agreement.
8. Term and Termination
8.1 The Agreement shall enter into force on the start date specified in the Main Agreement. The Agreement shall remain in force for the period specified in the Main Agreement. If no such period is specified, the Agreement shall remain in force for an initial period of twelve (12) months.
8.2 If neither Upsales nor the Customer terminates the Agreement by notifying the other party three (3) months prior to the end of the term, the Agreement shall automatically be prolonged with one (1) year at a time, with corresponding Terms, until terminated. Such termination shall be made in the Subscription Portal three (3) months prior to the new term. The Agreement is automatically prolonged with the corresponding terms and Additional Orders as were in effect at the end of the preceding term.
8.3 Termination of Additional Orders or adjustment to a lower Tier may be made before a new term at the latest three (3) months prior to the end of the current term. In the event of a new term, Upsales' regular prices as set out in the Subscription Portal at the time shall apply, regardless of the prices having been previously agreed to by the parties.
8.4 Termination or alteration of the Agreement, a certain Tier, User Licenses or Additional Services shall be made by the Customer in the Subscription Portal. If the Customer, after termination of the Service, makes any Additional Orders in the Subscription Portal, the Customer shall be considered to have reactivated the Service and the corresponding terms in effect prior to such termination shall apply for the new term.
8.5 Besides as otherwise provided for in the Agreement, either party shall be entitled to terminate the Agreement with immediate effect by written notice to the other party, if:
- a. the other party has committed a material breach of the Agreement and does not, where possible, fully rectify such breach within thirty (30) days of the other party giving written notice thereof; or
- b. the other party is declared bankrupt, enters into liquidation, suspends its payments or otherwise can reasonably be presumed to be insolvent.
8.6 Upsales is also entitled to terminate the Agreement with immediate effect if the Customer's use of the Service violates the Agreement, including sections 4 or 5.
8.7 The following sections shall survive termination of the Agreement: this section 8, section 9, section 10, section 11, section 13 and section 17.
8.8 The Customer shall be entitled to recover advance payments made if the Customer has terminated the Agreement in accordance with section 8.5 a. above. The Customer shall not be entitled to recover advance payments upon termination of the Agreement in other cases, and termination shall not relieve the Customer of any payment obligation for orders placed. The Customer shall thus remain fully liable for payment for the remaining period of the current term.
8.9 Upon termination, the Customer shall immediately cease its use of the Service and both parties shall, subject to section 8.10, return or delete confidential information or Documentation received from the other party.
8.10 The Customer shall be entitled to retrieve any Customer Data in a format reasonably accepted by the Customer and chosen by Upsales, provided that the Customer requests this from Upsales in writing within thirty (30) days from termination of the Agreement and reimburses Upsales for any reasonable costs associated therewith. The parties' respective rights and obligations under the Data Act shall be set out in Upsales' switching and exit appendix applicable at the time.
9. Customer Data
9.1 When the parties process personal data within the scope of the Service, the Customer or any party on the Customer's side is the controller for processing of personal data and Upsales is the processor for such processing. The parties have for this purpose entered into a data processing agreement.
9.2 Upsales may use Customer Data in aggregated or anonymous form, for uses in statistics and product development purposes, for example to develop and improve the Service.
10. Confidentiality and Solicitation
10.1 Each party undertakes not to publish or otherwise disclose to a third party, without the other party's prior written consent, any information regarding the other party's business which is or can reasonably be assumed to be confidential, including, without limitation, any technical information, business secrets, source codes, login information and security methods for access to the Service, and the terms of the Agreement.
10.2 Section 10.1 above shall not apply to information that (i) is or becomes publicly known without the receiving party having breached this Agreement; (ii) was known to the receiving party prior to receipt from the disclosing party without any obligation of confidentiality; (iii) was received from a third party without any obligation of confidentiality and is publicly known to the receiving party; or (iv) where disclosure or use of information is required by law, regulation, stock exchange rules or by a supervisory authority or similar. In the event of such disclosure, the disclosing party shall, if possible, notify the other party before such disclosure takes place.
10.3 Each party is responsible for ensuring that their respective sub-contractors, consultants and employees comply with this confidentiality clause.
10.4 If the Customer during the term of the Agreement, and for twelve (12) months thereafter, solicits the employment or other engagement of any person who is or has been directly involved with the performance of the Service, Upsales shall be entitled to compensation from the Customer. Such compensation shall correspond to five (5) price base amounts (Sw: prisbasbelopp) as provided for in the Swedish Social Insurance Code (SFS 2010:110) and shall be payable for each and every breach of this section 10.4. For the avoidance of doubt, this section shall not apply if a person at Upsales who is or has been involved in the performance of the Service independently applies for an advertised position and is subsequently employed by the Customer.
11. Intellectual Property Rights
11.1 The Customer has (owns) all rights to the data, information and files, including Customer Data, uploaded by the Customer to the Service. Nothing in this Agreement shall be interpreted as a transfer of such rights, or part thereof, to Upsales. Upsales shall, however, have the right to use Customer Data in accordance with section 9.
11.2 Upsales and/or its licensors hold all intellectual property rights to the Service, Additional Services and Upsales' website, including any updates, files or data being uploaded to or performed on the Service by Upsales, as well as to the software and source code included in the Service. This includes, without limitation, any patents, copyrights, design rights and trademark rights related thereto. Nothing in the Agreement shall be interpreted as a transfer of such rights, or part thereof, to the Customer.
11.3 If a third party makes an intellectual property claim against the Customer based on the Customer's use of the Service, the Customer shall immediately notify Upsales in writing of the claim and relevant circumstances. Thereafter the Customer shall either (i) offer Upsales at its sole discretion and expense, to control the defense of the claim and decide on conciliation in the Customer's name, including issuing any and all documents (such as powers of attorney) needed without any cost for Upsales; or (ii) at its own sole discretion and expense, control the defense of the claim and decide on conciliation in its own name.
11.4 If a competent court determines that the Customer's use of the Service in accordance with the Agreement constitutes an infringement of a third party's intellectual property rights, Upsales shall compensate the Customer, subject to section 13, for direct costs and damages that the Customer is found liable to pay, provided that the Customer has adhered to its obligations under section 11.3 above and has not chosen to control the defense of the claim in accordance with item (ii) in section 11.3. Upsales may choose to either ensure the Customer's right to continued use of the Service or corresponding non-infringing service, or terminate the Service and repay the Customer any fees paid for the remaining term of the Agreement, without interest and with deduction of any reasonable benefits the Customer has had from the Service. This section 11.4 constitutes Upsales' entire liability towards the Customer with respect to any infringement in a third party's intellectual property rights.
11.5 If a third party makes an intellectual property claim, including claims attributable to Customer Data, against Upsales based on the Customer's use of the Service, the Customer shall act in order for such claim being transferred to the Customer or, if such transfer is not possible, defend Upsales, at the Customer's own expense, against any such claim. Upsales shall immediately notify the Customer of an intellectual property claim under this section 11.5 including the relevant circumstances in connection thereto. The Customer shall indemnify and hold Upsales harmless against any costs or damages that Upsales may become liable to pay in relation to such infringement claim.
12. Third Party Applications
12.1 Through the Service and/or Upsales' website www.upsales.com, the Customer may be able to access Third Party Applications for use within the Service. The Customer is aware that it is voluntary for the Customer to use Third Party Applications within the Service and that the Customer's administrators decide whether the Customer wishes to install and use such Third Party Applications within the Service. The Customer is further aware that such Third Party Applications are provided and licensed to the Customer by the applicable third party and that Upsales has not developed or hosts such Third Party Applications. Such third party is not in any way affiliated with Upsales.
12.2 The Customer acknowledges that (i) the Customer must use its own discretion when accessing, installing and using any Third Party Applications; and (ii) the Customer's use of any Third Party Application will be governed by terms and conditions of an agreement between the Customer and the applicable third party (which may include fees and costs), to which Upsales is not a party. The Customer shall always use any Third Party Applications in accordance with the agreements between the Customer and the applicable third parties as well as all relevant laws and regulations, and bears sole responsibility for such compliance. The Customer shall indemnify Upsales from and against any costs or claims, arising out of the Customer's use of any Third Party Applications.
12.3 Furthermore, the Customer agrees and acknowledges that any Third Party Applications, and applicable third parties, may obtain access to Customer Data, and to store, process and transmit Customer Data outside the Service, as well as data pertaining to the Customer's use and/or configuration of the Service. Upsales is not responsible for any collection, transmission, disclosure, use or deletion of Customer Data by or through any Third Party Applications or such third parties. Any processing of personal data by third parties in connection with Third Party Applications will be subject to processing agreements to be entered into between the Customer and such third parties.
12.4 Upsales does not own or control any of the Third Party Applications, and the Customer shall not hold Upsales responsible for any Third Party Applications under any circumstances. Upsales does not in any way warrant the functionality, quality, reliability, security, completeness, usefulness or non-infringement of a Third Party Application. Consequently, the Customer bears all risk associated with accessing, installing and using any Third Party Applications. Any support and maintenance of Third Party Applications is to be provided by the applicable third parties, only, in accordance with the agreement between the Customer and such third party. Failure of applicable third parties to provide support, maintenance or other services shall not entitle the Customer to any refunds or other compensation by Upsales.
12.5 Any Additional Services provided by Upsales to the Customer in relation to Third Party Applications, including without limitation integration and similar consultancy services, shall be governed by separate service agreement(s) to be entered into between the Parties.
13. Liability
13.1 Upsales is not in any event liable for any cost, damage or loss of any kind caused by or related to (i) any third parties, third party products or services for which Upsales is not responsible according to the Agreement (including, but not limited to, Third Party Applications); (ii) modifications or changes to the Service, or any other services not included in the Service, made according to the Customer's or its suppliers' instructions or made by anyone other than Upsales; or (iii) the Customer's loss of customers, profit, revenue, savings, goodwill, loss due to network disruptions or other indirect damages.
13.2 Upsales' total and aggregated liability under the Agreement, provided that gross negligence or willful misconduct is not at hand, is limited to the amount paid by the Customer to Upsales for the Service or for any other service that the claim relates to, during the twelve (12) month period prior to the time the damage occurred.
13.3 A party shall not in any event be liable to pay damages if the other party does not notify the party at default in writing thereof within three (3) months after the party noticed, or should have noticed, the actual damage or loss, however in no event later than six (6) months from when the damage occurred.
13.4 Except for what is expressly set out in this Agreement, the Service is provided on an "as is" basis and Upsales makes no warranties or representations, whether express or implied, in relation to the Service or results generated by the Service, including to the completeness, accuracy, reliability, full quality, and/or fitness for a particular purpose of the Service. The Customer is solely responsible for verifying and assessing all results generated by the Service before using them as a basis for decisions or actions.
14. Force Majeure
Each party shall be relieved from liability for failure to perform its obligations under this Agreement to the extent that such performance is prevented by circumstances beyond the party's control, including, but not limited to, acts of authorities, labour disputes, general shortage of supplies, fire or loss of electricity, loss of communications or data, pandemic as well as mobilization or military conscription of larger scale.
15. Changes
15.1 Upsales has the right to make amendments to the Documentation on an ongoing basis.
15.2 Upsales has, in addition to the above or as otherwise set out in the Agreement, the right to make amendments to the Agreement, including these Terms, by giving the Customer four (4) months' written notice before such amendment is implemented. Amendments will be effective as from the Customer's next annual payment period. Upsales shall further always have the right to make amendments to the Agreement as a result of changes in law, regulation or governmental recommendations. Such amendments shall take effect at the time specified by Upsales.
16. Miscellaneous
16.1 The Agreement constitutes the entire agreement between the parties with respect to the subject matter thereof. All written or oral undertakings and representations preceding the Agreement are superseded by the contents of the Agreement.
16.2 The Agreement may not be assigned to a third party without the other party's prior written consent. However, Upsales shall have the right to assign its right to receive payment to a third party without the Customer's prior consent.
17. Governing Law and Disputes
This Agreement shall be governed by and construed in accordance with Swedish law. Any dispute, controversy or claim arising out of, or in connection with, the Agreement shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (SCC). The Rules for Expedited Arbitrations shall apply unless the SCC, taking into account the complexity of the case, the amount in dispute and other circumstances, determines that the Arbitration Rules shall apply. In the latter case, the SCC shall also determine whether the arbitral tribunal shall be composed of one or three arbitrators. The place of arbitration shall be Stockholm. The language of the proceedings shall be Swedish and Swedish law shall apply, unless otherwise agreed. The parties undertake, without limitation in time, not to disclose the existence of or the contents of any arbitral award in connection with this Agreement or information regarding negotiations, arbitration proceedings or mediation in connection therewith. Notwithstanding the foregoing, Upsales shall always have the right to refer matters to the Swedish Enforcement Authority or court of law.
Appendix 1 – Data Processor Agreement
1. Background and Interpretation
1.1 In order to fulfil the Agreement between the Customer and Upsales, Upsales will as a processor process personal data on behalf of the Customer which is controller, except when the Customer acts as a processor on behalf of a third-party controller, in which case Upsales is a sub-processor to the Customer. When a third party is controller of personal data processed by Upsales under this DPA, the obligations that Upsales has towards the Customer under this DPA shall apply towards such third-party controller, insofar as is necessary in order to comply with existing data protection laws, including the General Data Protection Regulation (EU) 2016/679 (the "GDPR").
1.2 This Data Processor Agreement ("DPA") forms an integral part of the Agreement. The purpose of this DPA is to ensure a secure, correct and legal processing of personal data and to comply with applicable requirements for data processor agreements as well as to ensure adequate protection for the personal data processed within the scope of the Agreement.
1.3 Any terms used in this DPA, e.g. processing, personal data, data subjects, supervisory authority, etc., shall primarily have the meaning as stated in the GDPR and otherwise in accordance with the Agreement, unless otherwise is clearly indicated by the circumstances.
2. Instructions and Responsibilities
2.1 The subject-matter and the duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, are described in the instructions on processing of personal data in Appendix 1A or the written instructions that the Customer provides from time to time.
2.2 The Customer is responsible for complying with the GDPR. The Customer shall in particular:
- a. be contact person towards data subjects and respond to their inquiries regarding the processing of personal data;
- b. ensure the lawfulness of the processing of personal data, provide information to data subjects pursuant to Articles 12-14 in the GDPR and maintain a record of processing activities under its responsibility;
- c. provide Upsales with documented instructions for Upsales' processing of personal data, including instructions regarding the subject-matter, duration, nature and purpose of the processing as well as the type of personal data and categories of data subjects;
- d. immediately inform Upsales of changes that affect Upsales' obligations under this DPA;
- e. immediately inform Upsales if a third party takes action or lodges a claim against the Customer as a result of Upsales' processing under this DPA; and
- f. immediately inform Upsales if anyone is joint controller with the Customer of the relevant personal data.
2.3 When processing personal data on behalf of Customer, Upsales shall:
- a. only process personal data in accordance with the Customer's documented instructions, which at the time of the Parties' entering into this DPA are set out in Appendix 1A, unless required to do so by EU law or applicable national law of an EU Member State to which Upsales is subject; in such a case, Upsales shall inform the Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
- b. ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- c. take all measures required pursuant to Article 32 of the GDPR as further set out in section 4 below;
- d. respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor;
- e. taking into account the nature of the processing, assist the Customer by appropriate technical and organizational measures, insofar as it is possible, for the fulfilment of the Customer's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
- f. assist the Customer in ensuring compliance with the obligations pursuant to Articles 32-36 of the GDPR, taking into account the nature of the processing and the information available to Upsales;
- g. at the choice of the Customer, delete or return all the personal data to the Customer after the end of the Agreement, and delete existing copies, unless EU law or applicable national law of an EU Member State requires storage of the personal data; and
- h. make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 in the GDPR and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor agreed upon by the Parties. Such audits may occur up to four (4) times a year (a maximum of one time per quarter of a year) and shall be conducted during normal business hours and at the Customer's expense. Upsales may use external auditors to verify and demonstrate compliance with its obligations following from the GDPR. Upsales will then, upon the Customer's request, make available a confidential summary report to the Customer of such audits.
2.4 Upsales shall notify the Customer without undue delay, if, in Upsales' opinion, an instruction infringes the GDPR. In addition, Upsales is to immediately inform the Customer of any changes affecting Upsales' obligations pursuant to this DPA.
3. Disclosure of Personal Data etc.
3.1 Upsales shall without undue delay forward any request to the Customer from a data subject, supervisory authority or any other third party, who is requesting receipt of information regarding personal data that Upsales processes on behalf of the Customer. Upsales, or anyone working under Upsales' supervision, shall not disclose personal data, or other information about the processing of personal data, without explicit documented instruction from the Customer to that effect, unless such obligation exists under EU law or applicable national law of an EU Member State.
3.2 Upsales shall without undue delay inform the Customer of any contacts from supervisory authority that concern the processing of personal data on behalf of the Customer. Upsales is not entitled to represent the Customer or act on the Customer's behalf towards the supervisory authority.
4. Security
4.1 Upsales shall implement technical and organizational security measures in order to protect the personal data against destruction, alteration, unauthorized disclosure and unauthorized access. The measures shall ensure a level of security that is appropriate considering the state of the art, the costs of implementation, the nature, scope, context and purpose of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. Upsales' security measures are described in the Upsales Security Whitepaper. Upsales may amend its technical and organizational security measures in accordance with the Terms regarding amendments to the Upsales Security Whitepaper.
4.2 Upsales shall notify the Customer of accidental or unauthorized access to personal data or any other personal data breach without undue delay after becoming aware of such data breach. Such notification shall not in any manner imply that Upsales has committed any wrongful act or omission, or that Upsales shall become liable for the personal data breach.
4.3 If the Customer during the term of this DPA requires that Upsales takes additional security measures, Upsales shall as far as possible meet such requirements provided that the Customer pays and takes responsibility for any and all costs associated with such additional measures.
5. Sub-processors and Transfers to Third Countries
5.1 The Customer hereby gives Upsales a general authorization to engage sub-processors listed at Upsales' website, www.upsales.com. Upsales shall enter into an agreement with each sub-processor, according to which, the same data protection obligations as set out in this DPA, are imposed upon the sub-processor. Upsales shall remain fully responsible to the Customer for the performance of the sub-processor's obligations in accordance with its contract with Upsales. The sub-processors used from time to time are listed at Upsales' website.
5.2 Upsales shall, by notification in the Subscription Portal or otherwise, inform the Customer of any intended changes concerning the addition or replacement of sub-processors, thereby giving the Customer the opportunity to object to such changes. The Customer is responsible for regularly checking the Subscription Portal for information on updates. Such information shall at least include the full legal name of the sub-processor, the type(s) of service(s) provided by the sub-processor and the geographical location of the sub-processor's processing of personal data on behalf of the Customer. In the event that the Customer wants to object to changes concerning sub-processors, the Customer shall make such objection in writing and within thirty (30) days after Upsales has informed the Customer about the intended changes. If Upsales receives such objection, Upsales shall use reasonable efforts to make available to the Customer a change in the Service or recommend a commercially reasonable change to the Customer's configuration or use of the Service to avoid processing of personal data by the sub-processor that the Customer has objected to. If Upsales is unable to make such change within a reasonable period of time, the Customer may terminate the applicable part of the Service which cannot be provided by Upsales without the use of the sub-processor that the Customer has objected to, by giving Upsales thirty (30) days' notice. If the Service is terminated, the Customer shall be reimbursed for any in advance paid fees for the applicable part of the Service corresponding to the remaining term of the Agreement.
5.3 Upsales processes personal data within the EU/EEA but certain of Upsales' sub-processors have connections to countries outside the EU/EEA, which means that personal data is transferred to countries outside the EU/EEA in certain cases. Transfer of personal data outside the EU/EEA is made on the basis of an adequacy decision from the European Commission (in relation to the adequacy decision for the USA, this is hereinafter referred to as the EU-US Data Privacy Framework). If an adequacy decision is lacking, a sub-processor does not participate in the EU-US Data Privacy Framework or if such adequacy decision/participation ceases to apply, any transfer shall be in accordance with the European Commission's standard contractual clauses for transfers of personal data to third countries, or provisions that replace these. In addition, supplementary security measures shall be implemented so that the transfer can take place in a way that meets the current requirements for data protection according to the GDPR. In the event that an adequacy decision is lacking for the relevant third country, Upsales shall keep the Customer informed of the legal bases for the transfer, for example by reference to the sub-processor's third-party terms where such basis for transfer is described.
5.4 Upsales shall inform the Customer at least thirty (30) days prior to such transfer. The Customer is entitled to object to such transfer, based on objective grounds relating to the security of the processing under this DPA. If the Customer makes such objection on objective grounds and Upsales cannot by reasonable means satisfy such objection, both Parties shall be entitled to terminate the Agreement and/or this DPA, including in relation to specific Additional Services, by giving the other Party thirty (30) days' notice. If the Agreement is terminated in accordance with this section 5.4, the Customer shall be reimbursed for any in advance paid fees for the Service corresponding to the remaining term of the Agreement.
6. Compensation and Limitation of Liability
6.1 Upsales is entitled to reasonable compensation for all work, costs and expenditures stemming from Upsales' performance of sections 2.3 e, 2.3 h, 4.2, 7 and 8 as well as for all work, costs and expenditures stemming from Upsales following the Customer's instructions for processing, which are not clearly documented in the Agreement, when this results in work that goes beyond functions and the level of security following from the services that Upsales normally provides to its Customers.
6.2 Subject to the limitation of liability that follows in the Agreement, each Party shall be responsible for and bear any damages and administrative fines imposed on it under articles 82 and/or 83 of the GDPR.
6.3 This section 6 shall remain in force after termination of this DPA.
7. Term and Termination
7.1 The DPA enters into force upon the effective date of the Main Agreement and shall remain in force as long as Upsales processes personal data on behalf of the Customer including deletion or returning of personal data according to section 7.2 below. This DPA shall thereafter cease to apply. Sections 6, 7.1 and 10.1 shall continue to apply even after this DPA has been terminated.
7.2 Upon termination of the Agreement or the DPA (depending on which is first terminated), Upsales shall, at the choice of the Customer, delete or return the personal data that the Customer has transferred to Upsales and any existing copies, where appropriate, unless storage of the personal data is required by EU law or applicable EU Member State law.
8. Changes
8.1 If competent authority issues decisions or guidelines, or if provisions of the GDPR change, or if a supervisory authority or the European Data Protection Board issues guidelines, recommendations or similar, with the result that this DPA, or part thereof does not meet the requirements in the GDPR, the Parties shall change this DPA to meet such requirements. Such changes shall enter into force no later than thirty (30) days after a Party sends a notice of any necessary changes to the other Party, or otherwise no later than prescribed by the GDPR, guidelines, decisions or regulations of the supervisory authority.
8.2 Changes to this DPA made by Upsales other than following from section 8.1, shall start to apply within thirty (30) days after Upsales notifying the Customer in writing, provided that the changes made are not of material effect.
8.3 Any other changes to this DPA than following from section 8.1 or section 8.2 above shall, to be binding, be made in writing and duly signed by the Parties' authorized representatives.
9. Miscellaneous
9.1 In the event of deviating provisions between the Agreement and this DPA, the provisions of this DPA shall prevail with regard to processing of personal data and nothing in the Agreement shall be deemed to restrict or modify obligations set out in this DPA, notwithstanding anything to the contrary in the Agreement.
9.2 This DPA supersedes and replaces all data processor agreements between the Parties potentially existing prior to this DPA.
10. Governing Law and Dispute Resolution
10.1 Swedish law applies in all aspects to Upsales' processing of personal data under the DPA. Any dispute arising out of or in connection with the DPA shall be settled in accordance with the dispute resolution provision in the Agreement.
* * * *
Appendix 1A – Instructions on Processing of Personal Data
| Purposes Please specify all purposes for which the personal data will be processed by Upsales as processor |
Upsales will process personal data on behalf of the Customer for the purpose of providing the Service to the Customer. |
|---|---|
| Types of personal data Please specify the personal data that will be processed by Upsales as processor |
The Service has a number of standard fields to which the Customer can submit and store personal data: contact name, telephone number, title and e-mail. Personal identity numbers are processed in cases where they simultaneously constitute organization numbers for sole proprietorships. In addition, the Customer may choose to submit other personal data in free text fields in the Service. Such text fields should not be used to submit or store "sensitive" categories of personal data (as defined under the GDPR). |
| Categories of data subjects Please specify the categories of data subjects whose personal data will be Processed by Upsales as processor |
|
| Retention time Please specify the retention time that applies for the personal data processed by Upsales |
Personal data are processed as long as necessary to provide the Services under the Agreement between the Parties and in accordance with the Customer's from time to time given instructions. The Customer can also at any time choose to delete the personal data from the Service. |
| Processing operations Please specify all processing activities to be conducted by Upsales as processor |
Upsales will process personal data on behalf of the Customer for the purpose of providing the Service to the Customer. Processing means storage, reading, restriction (e.g. encryption) and back-up, as well as any deletion, alteration, restoration, collection, sharing with Upsales' sub-processors for hosting and technical operation of the Service, and other measures performed in accordance with the Customer's instructions (pursuant to the terms of the Agreement). |
| Location of processing operations Please specify all locations where the personal data will be processed by Upsales as processor and – when applicable – by sub-processor |
Upsales and its sub-processors process personal data within the EU/EEA but also in certain cases transfer personal data to countries outside the EU/EEA, in accordance with section 5.3 of the DPA, Upsales' list of sub-processors at Upsales' website or in accordance with the Agreement. |
Information security measures
| Physical Access Control | Access to the data center may only be attained by a limited number of authorized personnel passing through a series of electronic validation systems. Throughout the facility, video cameras monitor all sections of the building and the surrounding grounds. Within this facility, all Upsales equipment is kept in secured cabinets. In addition to the above security measures, all Upsales site operations personnel have signed special non-disclosure agreements with respect to the handling of customer data. Failure to uphold this agreement carries severe legal penalties. For added security the site operations team is limited to just a few individuals having access to the site. |
|---|---|
| System Access Control | Upsales shall take reasonable measures to prevent personal data from being used without authorization. These controls shall vary based on the nature of the processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, IP-blocking and logging of access on several levels. |
| Data Access Control | Upsales shall take reasonable measures to ensure that personal data is accessible and manageable only by properly authorized staff, direct database query access is restricted and application access rights are established and enforced by the Customer when Upsales' personnel needs application access to fulfill Regular User Support described in the Upsales General Terms and Conditions. |
| Back-up | Back-ups of the databases in the Service are taken on a regular basis, are secured, and encrypted to ensure that personal data is protected against accidental destruction or loss when hosted by Upsales. Back-ups will be stored for a maximum of 6 weeks before destruction. |
| Encryption of data communication (Transmission control) | Upsales shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of personal data by means of data transmission facilities is envisaged so Service data cannot be read, copied, modified or removed without authorization during electronic transmission or transport from the Service to the end user. |
| Deletion | After thirty (30) days after the termination of the Customer's access to and use of the Service, Upsales shall have the right to delete all Service data stored or Processed by Upsales on behalf of the Customer in accordance with Upsales' deletion policies and procedures. |
| Logical Separation | Data from different Upsales' subscriber environments is logically segregated on Upsales' systems to ensure that personal data that is collected for different purposes may be processed separately. |