Upsales General Terms and conditions
1.1 These general terms and conditions (the “Terms”) apply to the Customer’s Subscription regarding the use of the Upsales software service or part thereof, provided as a cloud based software, and the related Upsales mobile application (the “Service”). The Service is provided by Upsales Nordic AB, with Swedish company reg. no. 556641-2507, (“Upsales”) to the Customer, in accordance with the Agreement.
1.2 These Terms shall also apply to any other or additional service provided by Upsales to the Customer, such as consultancy services, and such services shall then be deemed included in the “Service” for the purpose of these Terms, unless separate terms are provided.
1.3 The Agreement consists of (i) the Subscription, (ii) these Terms, and (iii) any appendices mentioned in the Subscription or in these Terms (collectively referred to as the “Agreement”).
1.4 You, who subscribes to the Service and thereby accept the terms as set out in the Agreement on behalf of the Customer, certify and guarantee that you are authorized to enter into an agreement on behalf of the Customer.
(“Billing Date”) the date on which a payment are due in accordance with the Subscription. For the avoidance of doubt, the first Billing Date is the same date on which the customer subscribes to the Service.
“Customer”: The company that have subscribed to the Service in accordance with the terms of the Agreement.
“Customer Data”: Any data or information, including personal data and technical information relating to the Customer, or its customers, employees or equipment, provided to Upsales by, or on behalf of, the Customer, by use of the Service.
“Documentation”: Any manual, instruction or other documentation related to the Service (including Security White Paper), provided at Upsales’ website www.upsales.com or otherwise disclosed by Upsales to the Customer, including updates of such documents that Upsales duly notifies the Customer about.
“Regular User Support”: General information and guidance that Upsales provides to the Customer in response to support requests by the Customer in relation to the Service - which are provided by email or telephone on weekdays between 8 am and 5 pm (CET), unless otherwise agreed - or any agreed upon support level agreement. For the avoidance of doubt, Regular User Support shall not include further services provided by Upsales in connection with the Customer’s support requests, such as specific configurations, integrations or adaptions of the Service or other consultancy services.
“Third Party Applications”: Any web or other software services or applications that utilize or interact with the Service, including all software, content, services, technology, data and other digital materials included or made available therein, created, offered, supported and maintained by third parties.
“Security White Paper”: The document named Security White Paper provided to the Customer at Upsales’ website www.upsales.com.
“Subscription”: The terms and information displayed under “Subscriptions” found at the Customer’s logged in mode on to the Upsales’ website, which constitutes the contract between Upsales and the Customer that includes prices, when the subscription started billing statement, numbers of licenses and other terms in regard of the Service.
“Subscription Period”: The period between a Billing Date until the next Billing Date as specified for the specific Subscription.
3. The Service and Upsales’ obligations
3.1 Subject to the terms in the Agreement and the Customer’s fulfillment of its payment obligations, Upsales gives the Customer a non-exclusive, time limited and non-transferrable license and right to use the Service for the Customer’s own business only, with a maximum number of user licenses as specified in the Subscription.
3.2 Upsales shall provide the Customer with accounts and user licenses to the Service as specified in the Agreement. Upsales shall be considered to have delivered the Service at the time when Upsales connects the Service to the internet and activates the Customer’s account and user licenses. A detailed description of the latest version of the Service is provided at Upsales’ website www.upsales.com (the “Service Description”).
3.3 Upsales shall provide the Service in accordance with the methods and standards that Upsales normally uses for the Service (as set out in the Service Description) and in compliance with applicable rules and principles which constitutes good practice in the area that Upsales operates.
3.4 Upsales is constantly working to improve the Service and the Customer’s user experience. Upsales shall make updates to the Service (including the Service Description) as it deems fit and inform the Customer with one week’s written notice prior to such update being released. Changes in layout or graphics as well as other updates that are not expected by Upsales to materially restrict the Customer’s use of the Service may, however, be made without notice.
3.5 Upsales shall assist the Customer with connecting to the Service and provide with customer support as prescribed in section 6.
3.6 Upsales may provide additional services as agreed upon, e.g. analytical tools, database services, consultancy services or specific customizations, subject to separate terms and prices. Upsales may decide on how to integrate such additional services at its own discretion.
4. Use of the Service
4.1 The Customer shall comply with and always use the Service in accordance with the Documentation and relevant laws and regulations, and bears sole responsibility for such compliance. The Customer is entirely responsible for all Customer Data and activities that occur under its account and user licenses.
4.2 Upsales’ “Fair Usage Policy”, as updated from time to time and made available at Upsales’ website www.upsales.com, contains principles for certain Service functions, such as the number of e-mails that can be sent by use of the Service, and will at all times apply to the Customer’s use of the Service.
4.3 The Customer shall not in any way attempt to obtain unauthorized access to the Service or any information included in the Service.
4.4 The Service may not be used (i) for any unlawful or other purpose for which it is not intended, including to transmit, upload or post any computer viruses or other harmful files or codes; (ii) in any way so that the functionality of the Service is impaired, or in a way that is damaging or disruptive to other users or their use of the Service or equipment; (iii) in a manner that could be perceived as defamatory or offensive in any way; or (iv) in any other way that could reasonably be expected to affect Upsales or the Service adversely or reflect negatively on the goodwill, name or reputation of Upsales or the Service.
4.5 The Customer shall not copy, modify, create derivative work, reverse engineer or otherwise attempt to discover any source code of, or assign, sub-license or transfer any right in, the Service or part thereof. Further, the Customer shall not copy, disturb or in any unauthorized way use certificates or other equipment belonging to a third party.
4.6 The Customer shall indemnify Upsales from and against any costs or claims, resulting from the Customer’s use of the Service in violation of the Agreement, including this section 4.
5. Information and Security etc.
5.1 The Security and reliability of the Service are utmost important to Upsales. Upsales shall ensure sufficient security for the Service by taking the measures prescribed in the Security White Paper.
5.2 The Customer shall provide Upsales with all information reasonably requested in order to set up and provide the Service, and promptly notify Upsales of any change in such information.
5.3 Upsales is responsible for providing the Customer with valid passwords and account details and, in case such details are compromised, for ensuring that passwords and account details are inactivated and exchanged.
5.4 The Customer is responsible for (i) keeping all passwords and account details confidential; (ii) immediately notifying Upsales if suspected or unauthorised access to the Service occurs, or any other breach of security; and (iii) maintaining all equipment, software, applications, communication services and routines, including the security of the Customer’s IT environment’s, required in order to use the Service or otherwise reasonably instructed by Upsales from time to time. For the avoidance of doubt, Upsales is not liable for the Customer’s hardware or software, including uploaded files or data, or unauthorised use of the user accounts or of the Service.
6. Availability and Support
6.1 Upsales strives to ensure that the Service operates in accordance with its specifications twenty-four (24) hours a day. Unless otherwise agreed, Upsales shall make the Service available no less than 99.8 % of the time in any given Subscription Period.
6.2 TThe Service shall be considered available if the login to the cloud based software is operational. Insignificant inconveniences shall not result in the Service being unavailable. In particular, the Service shall not be deemed unavailable when (i) Upsales performs scheduled service or maintenance on the Service, of which the Customer has been informed no less then forty-eight (48) hours in advance; (ii) the downtime is caused by emergency shutdowns, necessary to protect the Service from viruses, DDoS or other hacker attacks, etc.; or (iii) the Service is down due to circumstances beyond Upsales’ control, including, but not limited to, loss of electricity, network or communication. Scheduled service or maintenance, pursuant to item (i) above, shall, to the extent possible, occur outside of usual business hours and not more often than twice a month, unless otherwise agreed.
6.3 If the availability of the Service, according to the above, is below 99.8 % during a Subscription Period, the Customer shall be entitled to claim compensation in accordance with the below, where the Fee shall correspond to the total amount payable by the Customer for every Subscription Period, as set out in the Subscription:
|1||Below 99.8 %, above 99.0 %||
10 % of the Fee
|2||Below 99.0 %, above 98.0 %||
20 % of the Fee
|3||Below 98.0 %, above 97.0 %||
30 % of the Fee
|4||Below 97.0 %, above 96.0 %||
40 % of the Fee
|5||Below 96.0 %, above 95.0 %||
50 % of the Fee
An availability below 95 % during a Subscription Period shall be considered a material breach and entitle the Customer to terminate the Agreement with immediate effect in accordance with section 8.3.
6.4 Availability under section 6.3 above shall be measured in accordance with the following formula:
A = (M - D) * 100/M , where
A = Availability indicated in percentages,
M = Minutes during a Subscription Period,
D = Downtime during the period “M”, indicated in minutes (excluding scheduled service or maintenance, etc.). Downtime means a material failure leading to the unavailability of the Service for the Customer, subject to what is set out in section 6.2 above. The Customer shall report any downtime to Upsales.
6.5 Upsales performs Regular User Support in and, if applicable, any agreed upon support level agreement.
6.6 The Customer shall request support by Regular User Support or as prescribed in any applicable support level agreement.
6.7 This section 6 shall constitute the entire obligation of Upsales towards the Customer in respect of Upsales’ performance and liability in regard of the service level and Regular User Support of the Service, unless otherwise agreed.
7. Prices and Payment
7.1 Applicable prices for the Service are set out in the Subscription. All prices are exclusive of VAT and similar taxes. As regards any services for which no specific price has been agreed in writing, Upsales’ standard fees, applicable at the time of delivery, shall apply.
7.2 Unless otherwise agreed in writing, Upsales’ standard fees, as applicable from time to time, shall apply to any additional services and work for which prices are not specified in the Subscription. Except for Regular User Support, services provided by Upsales in connection with support requests by the Customer are not included in the prices for the Service set out in the Subscription.
7.3 Any overdue payment shall carry interest in accordance with the Swedish Interest Act (SFS 1975:635) and Upsales shall have the right to collect a reminder fee and/or collection fee in accordance with applicable laws. In addition to other available remedies, Upsales may immediately suspend the Service, and/or terminate the Agreement with immediate effect and without prior notice if full payment is not received when due.
7.4 Upsales may monthly (with effect from the Customer’s next Subscription Period) adjust the prices set out in the Subscription.
8. Term and Termination
8.1 The Agreement shall enter into force upon receipt of payment on the first Billing Date and shall remain in force until the Customer un-subscribes from the Service and the remaining days thereafter until the next Billing date. For the avoidance of doubt, the Customer needs to un-subscribe at the latest the day before the next Subscription Periods starts in order for the Agreement not to be prolonged for an additional Subscription Period. Upsales may terminate the Agreement at any given time by giving the Customer a three (3) months’ written notice.
8.2 The Service is provided for the Term of the Agreement.
8.3 Besides as provided for in section 8.1, either party shall be entitled to terminate the Agreement with immediate effect by written notice to the other party, if:
a. the other party has committed a material breach of the Agreement and does not, where possible, fully rectify such breach within thirty (30) days of the other party giving written notice thereof; or
b. the other party is declared insolvent, is subject to an application or order of bankruptcy or company reorganisation, suspends its payments or otherwise can be presumed to be insolvent.
8.4 Upsales is also entitled to terminate the Agreement with immediate effect if the Customer’s use of the Service violates the Agreement, including sections 4-5, or if full payment in accordance with the Agreement is not received by Upsales when due.
8.5 The following sections shall survive termination of the Agreement: this section 8, section 8.8, section 10, section 10.2, section 11.5, section 14 and section 16.
8.6 Upon termination, the Customer shall not be entitled to recover any excess amount of payments made in advance, unless the Customer terminates the Agreement with immediate effect in accordance with section 8.3 a. above.
8.7 Upon termination, the Customer shall immediately cease its use of the Service and both parties shall, subject to section 8.8, return or delete confidential information or Documentation received from the other party.
8.8 TThe Customer shall be entitled to retrieve any Customer Data on the medium chosen by Upsales and reasonably accepted by the Customer, provided that the Customer requests this from Upsales in writing within thirty (30) days from termination of the Agreement and pays Upsales for any reasonable work associated with this.
9. Customer Data
9.1 Within the scope of fulfilling the obligations under this Agreement, Upsales will process personal data on behalf of the Customer. Within the scope of such processing, the Customer is the controller for processing of personal data and Upsales is the processor. The parties have for that matter entered into a data processing agreement as set out in Appendix 1. Upsales may use Customer Data in aggregated or anonymous form, for uses in statistics and product development purposes, for example to develop and improve the Service.
10. Confidentiality and Solicitation
10.1 Neither party may disclose to a third party any information received from the other party which is confidential, or can reasonably be assumed to be confidential, including, without limitation, any technical information, information on business secrets, source codes, login information or security methods for access to the Service, and the terms of the Agreement. This does not apply to information that (i) is or becomes publicly known without the breach of the Agreement; (ii) was known to the receiving party prior to receipt from the disclosing party or disclosed by a third party without any obligation of confidentiality; or (iii) the disclosure is required by law, regulatory body or an agreement with a stock exchange where the party is listed, or similar. Each party is responsible for ensuring that their subcontractors, consultants and employees respect corresponding confidentiality obligations.
10.2 If The Customer during the term of the Agreement, and for twelve (12) months thereafter, solicits the employment or other engagement of any person who is or has been directly involved with the performance of the Service, Upsales shall be entitled to compensation. Such compensation shall be constituted by a fixed fee from the Customer corresponding to five (5) price base amounts (Sw: prisbasbelopp), as provided for in the Swedish Social Insurance Code (SFS 2010:110), for each and every breach of this section 10.2.
11. Intellectual Property Rights
11.1 The Customer retains the ownership of all intellectual property rights to the data, information and files, including Customer Data, uploaded by the Customer to the Service. Nothing in this Agreement shall be interpreted as a transfer of such rights, or part thereof, with the exception of Upsales’ right to use Customer Data in accordance with section 9.1.
11.2 Upsales and/or its licensors hold all intellectual property rights to the Service and Upsales’ website, including any updates, files or data being uploaded to or performed on the Service by Upsales, as well as to the software and source code included in the Service. This includes, without limitation, any patents, copyrights, design rights and trademark rights related thereto. Nothing in this Agreement shall be interpreted as a transfer of such rights, or part thereof.
11.3 If a third party makes an intellectual property claim against the Customer based on the Customer’s use of the Service, the Customer shall immediately notify Upsales in writing of the claim and relevant circumstances. Thereafter the Customer shall either (i) offer Upsales at its sole discretion and expense, to control the defense of the claim and decide on conciliation in the Customer’s name, including issuing any and all documents (such as powers of attorney) needed without any cost for Upsales; or (ii) at its own sole discretion and expense, control the defense of the claim and decide on conciliation in its own name.
11.4 If a competent court finally determines that the Customer’s use of the Service in accordance with the Agreement constitutes an intellectual property infringement, Upsales shall compensate the Customer, subject to section 11.5, for direct costs and damages that the Customer is found liable to pay, provided that the Customer has adhered to its obligations under section 11.3 above and have not at its own sole discretion chosen to control the defense of the claim in accordance with item (ii) in section 11.3. For the avoidance of doubt, under no circumstances shall Upsales be liable for compensating the Customer in accordance with this section 11.4 if the Customer decides to control the defense of a claim arisen in accordance with section 11.3. Upsales may further, at its own discretion ensure the Customer’s right to continued use of the Service or corresponding non-infringing service, or cancel the Service and repay the Customer any fees paid for the remaining term of the Agreement, without interest and with deduction of any reasonable benefit the Customer has had from the Service. This section 11.3 constitutes Upsales’ entire obligation towards the Customer with respect to any infringement in a third party’s intellectual
11.5 If a third party makes an intellectual property claim, including claims attributable to Customer Data, against Upsales based on the Customer´s use of the Service, the Customer shall act in order for such claim being transferred to the Customer or, if such transfer is not possible, defend Upsales, at the Customer´s own expense, against any such claim. Upsales shall immediately notify the Customer of an intellectual property claim under this section 11.5 including the relevant circumstances in connection thereto. The Customer will indemnify and hold Upsales harmless against any costs or damages that Upsales may become liable to pay in relation to such infringement claim.
12. Third Party Applications
12. 1 Through the Service and/or Upsales’ website www.upsales.com, the Customer may be able to access and install Third Party Applications for use within the Service. The Customer is aware that such Third Party Applications are provided and licensed to the Customer by the applicable third parties, which are unaffiliated with Upsales.
12.2 The Customer acknowledges that (i) the Customer must use its own discretion when accessing, installing and using any Third Party Applications; and (ii) the Customer’s use of any Third Party Application will be governed by terms and conditions of an agreement between the Customer and the applicable third party (which may include fees and costs), to which Upsales is not a party. The Customer shall always use any Third Party Applications in accordance with the agreements between the Customer and the applicable third parties as well as all relevant laws and regulations, and bears sole responsibility for such compliance. The Customer shall indemnify Upsales from and against any costs or claims, arising out of the Customer’s use of any Third Party Applications.
12.3 Furthermore, the Customer agrees and acknowledges that any Third Party Applications, and applicable third parties, may obtain access to Customer Data, and to store, process and transmit Customer Data outside the Service, as well as data pertaining to the Customer’s use and/or configuration of the Service. Upsales is not responsible for any collection, transmission, disclosure, use or deletion of Customer Data by or through any Third Party Applications or such third parties. Any processing of personal data by third parties in connection with Third Party Applications will be subject to processing agreements to be entered into between the Customer and such third parties.
12.4 Upsales does not own or control any of the Third Party Applications, and the Customer shall not hold Upsales responsible for any Third Party Applications under any circumstances. Upsales does not in any way warrant the functionality, quality, reliability, security, completeness, usefulness or noninfringement of a Third Party Application. Consequently, the Customer bears all risk associated with accessing, installing and using any Third Party Applications. Any support and maintenance of Third Party Applications is to be provided by the applicable third parties, only, in accordance with the agreement between the Customer and such third party. Failure of applicable third parties to provide support, maintenance or other services shall not entitle the Customer to any refunds or other compensation by Upsales.
12.5 Any additional services provided by Upsales to the Customer in relation to Third Party Applications, including without limitation integration and similar consultancy services, shall be governed by separate service agreement(s) to be entered into between the Parties.
13 Limitations of Liability and Warranties
13.1 No party shall be liable to the other party for failure to perform its obligation under this Agreement if such performance is prevented by circumstances beyond the control of the party, including, but not limited to, acts of authorities, strikes or other difficulties on the labour markets, general shortage of supplies, fire or loss of electricity, communications or data.
13.2 Upsales is not in any event liable for any cost, damage or loss of any kinds caused by or related to (i) any third parties, third party products or services for which Upsales is not responsible for according to the Agreement (including but not limited to Third Party Applications); (ii) modifications or changes to the Service made by anyone other than Upsales or made according to the Customer’s or its suppliers’ instructions, or (iii) the Customer’s loss of customers, business, profit, revenue, savings, or goodwill, loss due to operational, power or network interruptions, loss of data or information, the Customer’s potential liability towards a third party or other indirect or consequential damage of any kind.
13.3 Upsales’ total and aggregated liability under the Agreement is limited to the amount paid by the Customer for the Service or for any other service that the claim relates to, during the twelve (12) month period prior to the time the damage occurred.
13.4 Upsales shall not in any event be liable to pay damages if the Customer does not notify Upsales in writing thereof within thirty (30) days after the Customer noticed, or should have noticed, the actual damage or loss, however in no event later than three (3) months from when the damage occurred.
13.5 Except for what is expressly set out in the Agreement, the Service is provided on an “as is” basis and Upsales makes no warranties or representations, whether express or implied, in relation to the Service, including to the completeness, accuracy, reliability, satisfactory quality, and/or fitness for a particular purpose of the Service.
14.1 Upsales shall have the right, during the term of the Agreement and for a period of six (6) months thereafter, to have an independent audit firm, selected by Upsales, to perform an audit, to verify that the Customer uses the Service and/or any Documentation in compliance with the Agreement. Such audits may occur up to two (2) times a year (a maximum of once per half year), and shall be conducted during normal business hours and at Upsales’ own expense, unless the audit reveals a breach by the Customer. The Customer shall reasonably cooperate if Upsales performs any audit pursuant to this section 14.
15.1 The Agreement constitutes the entire agreement between the parties, with respect of the subject matter thereof. It supersedes all prior or contemporaneous Agreements or understandings.
15.2 The parties may not assign any of their rights or obligations under the Agreement to a third party without the other party’s prior written approval. However, Upsales may assign its right to receive payment to any third party, without the Customer’s approval.
15.3 Upsales may make amendments to these Terms by giving the Customer four (4) months’ written notice. Amendments will be effective as from the next yearly payment period.
16. Governing Law and Disputes
16.1 This Agreement shall be governed by and construed in accordance with Swedish law. Any dispute, controversy or claim arising out of, or in connection with, in connection with the Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Rules of the Arbitration Institute of the Stockholm Chamber of Commerce. The arbitral tribunal shall be composed of a sole arbitrator. The place of arbitration shall be Stockholm, Sweden, and the language used shall be English, unless otherwise agreed. All such proceedings, information disclosed and decisions made in such proceedings shall be kept strictly confidential. Notwithstanding the foregoing, Upsales may take any legal action necessary at any competent court for collection of delayed payments
APPENDIX 1 - DATA PROCESSING AGREEMENT
1.1 Upon performance of the Agreement, Upsales will be Processing Personal Data on behalf of the Customer as the Customer’s data processor. The Customer is the data controller of the Processing of the Personal Data.
1.2 For the purpose of ensuring compliance with the Data Protection Rules, the Parties have entered into this Data Processing Agreement (“DPA”), which forms an integral part of the Agreement.
”Data Protection Rules” means all general laws and regulations, as applicable from time to time, in respect of Processing Personal Data, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or “GDPR”) as well as supplementary local adaptions.
”Data Subject” means the identified or identifiable natural person, whom the Personal Data relates to.
”Personal Data” means any information, which directly or indirectly relates to a Data Subject and which Upsales Processes on behalf of the Customer under the DPA.
”Processing” means any operation or set of operations which is performed on Personal Data, or on sets of Personal Data, whether or not by automated means.
”Sub-Processor” means any third party that Upsales engages to Process Personal Data on behalf of the Customer (including, but not limited to, Upsales’ partners and sub-contractors)
”Supervisory Authority” means the independent public supervisory authority/ies, authorized to conduct supervision of the Processing of Personal Data in accordance with the Data Protection Rules.
2.1 Unless otherwise stated, any other capitalized term or concept used in the DPA (except merely as part of a heading) shall have the meaning and conception ascribed to it in the Data Protection Rules or otherwise in the Agreement, unless the circumstances obviously require another interpretation.
3. Responsibility and Instruction
3.1 The Personal Data Processed by Upsales on behalf of the Customer consists of data included in the Upsales software service related to the Customer’s customers, as further specified in Appendix 1A (Data Processing Instructions).
3.2 The Customer is the data controller of all Personal Data Processed by Upsales on behalf of the Customer under the DPA.
3.3 Upsales, and anyone working under Upsales’ supervision, shall Process Personal Data in accordance with the Customer’s documented instructions only and not for any other purposes than those, which the Customer has hired Upsales for, under the Agreement. The instructions that apply on the date of signature of the DPA are specified in Appendix 1A. In addition, the Agreement constitutes the Customer’s instructions. Processing may also be performed by Upsales or Sub-Processor where required by EU law or applicable law in an EU member state that Upsales or Sub-Processor is subject to.
3.4 The Customer shall immediately inform Upsales of changes that affect Upsales’ obligations according to the DPA.
3.5 The Customer shall regularly inform Upsales of measures taken by third parties, such as the Supervisory Authority or by Data Subjects, in relation to the Processing, hereunder so that Upsales is reasonably able to act or comply with such measures.
3.6 The Customer shall inform Upsales if anyone else, either alone or jointly with the Customer, is data controller of the Personal Data.
4.1 Upsales shall implement technical and organizational measures, as required by the Data Protection Rules, in order to ensure a level of security that is appropriate to the risk and to protect Personal Data that Upsales Processes from accidental or unlawful destruction, loss or alteration, or unauthorized disclosure of, or access to, the Personal Data being Processed. Upsales shall assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of GDPR, taking into account the nature of the Processing and the information available to Upsales.
4.2 Upsales shall notify the Customer without undue delay after becoming aware of a personal data breach pursuant to Article 33 of GDPR.
5. Disclosure of Personal Data and Information etc.
5.1 Upsales shall without undue delay forward any request to the Customer from a Data Subject, the Supervisory Authority or any other third party, who is requesting receipt of information regarding Personal Data that Upsales Processes on behalf of the Customer. Upsales, or anyone working under Upsales’ supervision, shall not disclose Personal Data, or information about the Processing of Personal Data, without the Customer’s express instruction or as laid down in the DPA, unless required by the Data Protection Rules.
5.2 By technical and organizational measures, which are appropriate taking into account the nature of the Processing, Upsales shall assist the Customer, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests from the Data Subject, when the Data Subject exercises its rights in accordance with the Data Protection Rules.
5.3 Upsales shall without undue delay inform the Customer of any contacts from the Supervisory Authority that concern the Processing of Personal Data on behalf of the Customer. Upsales is not entitled to represent the Customer or act on the Customer’s behalf towards the Supervisory Authority.
6.1 The Customer hereby gives Upsales prior, general authorization to engage Sub- Processors in the Processing of Personal Data, provided that Upsales enters into a data processor agreement with each Sub-Processor in which data protection obligations corresponding to what is set out in the DPA are imposed on the Sub-Processor. If the Sub-Processor fails to fulfil its data protection obligations, Upsales shall remain responsible towards the Customer for the performance of the Sub-Processor’s data protection obligations.
6.2 In particular, Upsales is responsible for ensuring (i) the compliance with Articles 28.2 and 28.4 of GDPR when engaging Sub-Processors; and (ii) that Sub-Processors provide sufficient guarantees to implement appropriate technical and organizational measures, in such a manner that the Processing meets the requirements of GDPR.
6.3 The Sub-Processors used from time to time are listed in Upsales Security White Paper, provided at Upsales website www.upsales.com. Upsales shall (at least 30 days in advance) inform the Customer of any intended changes concerning the addition or replacement of the listed Sub-Processors. Such information shall at least include full legal name, the type(s) of service(s) provided by the Sup-Processor and the location of where the Sub-Processor will process Personal Data on behalf of the Customer. The Customer is entitled to object to such changes, based on objective grounds relating to the security of the Processing under the DPA. If the Customer makes such legitimate objection and Upsales does not accept to replace the Sub-Processor or refrains from using a Sub-Processor the Customer shall be entitled to terminate the Agreement and/or the DPA, partially or wholly, including in relation to specific additional services, by giving the other Party thirty (30) days’ notice. If the Agreement is terminated the Customer shall be reimbursed for any in advance paid fees for the Service corresponding to the remaining term of the Agreement.
7. Transfers of Personal Data outside the EU/EEA and Data Portability
7.1 If Upsales or a Sub-Processor transfers Personal Data to a location outside of the EU or the EEA, Upsales shall inform the Customer at least 30 days prior to such transfer. The Customer is entitled to object to such transfer, based on objective grounds relating to the security of the Processing under the DPA. If the Customer makes such legitimate objection and Upsales cannot by reasonable means observe such objection both Parties shall be entitled to terminate the Agreement and/or the DPA, including in relation to specific additional services, by giving the other Party thirty (30) days’ notice. If the Agreement is terminated in accordance with this section 7.1 the Customer shall be reimbursed for any in advance paid fees for the Service corresponding to the remaining term of the Agreement.
7.2 Upsales shall ensure that Upsales or the Sub-Processor transfers the Personal Data in compliance with applicable Data Protection Rules.
7.3 Upsales shall assist the Customer in fulfilling potential duties to enable data portability regarding Personal Data, which Upsales Processes under the DPA.
8. Audits etc.
8.1 Upsales may use external auditors to verify and demonstrate compliance with its obligations following from the Data Protection Rules. Upsales will then, upon the Customer’s request, make available a confidential summary report to the Customer of such audits.
8.2 Furthermore, Upsales shall make available, upon the Customer’s request and within reasonable time, all information necessary to demonstrate Upsales’ compliance with its obligations following from the Data Protection Rules, including when requested as part of audits or inspections carried out by the Customer or an independent auditor mandated by the Customer and accepted by Upsales. Such audits may occur up to four (4) times a year (a maximum of once per quarter), and shall be conducted during normal business hours and at the Customer’s expense.
9.1 Upsales shall ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Such commitment does not apply to information that Upsales is required to disclose to an authority, or in order to comply with the Data Protection Rules or other statutory rules. This confidentiality obligation shall remain in force after termination of the DPA.
10.1 Upsales is entitled to reasonable compensation for all work, costs and expenditures stemming from Upsales’ performance of sections 4.2, 5.2, 7.3, 8, 12.2 and 13.1 as well as for all work, costs and expenditures stemming from Upsales following the Customer’s Processing instructions, which are not clearly documented in the Agreement, when this results in work that goes beyond functions and the level of security following from the services that Upsales normally provides to its Customers.
11.1 Each Party shall bear any administrative fines imposed on the party by competent data protection authority.
11.2 Subject to the limitation of liability that follows in the Agreement, either Party shall reimburse the other Party in accordance with art. 82 (5) of GDPR.
11.3 Either Party’s obligation to pay damages, laid down in section 11.2 above, only applies if the Party without undue delay informs the other Party in writing of any such claims.
12. Term and Termination
12.1 The DPA enters into force when duly signed by both Parties and shall remain in force as long as Upsales Processes Personal Data on behalf of the Customer.
12.2 Upon termination of the Agreement or the DPA (depending on which is first terminated), Upsales shall delete the Personal Data that the Customer has transferred to Upsales and any existing copies, where appropriate, unless storage of the Personal Data is required by EU law or applicable EU member state law. Upsales shall ensure that each Sub-Processor does the same.
12.3 The customer shall be entitled to retrieve Personal Data as set out in section 8.8 in the terms and conditions in the Agreement.
13. Changes and Additions
13.1 If the Data Protection Rules are changed during the term of the DPA, or if the Supervisory Authority issues guidelines, decisions or regulations concerning the application of the Data Protection Rules that result in the DPA no longer meeting the requirements for a data processing agreement, the Parties shall make the necessary changes to the DPA, in order to meet such new or additional requirements. Such changes shall enter into force no later than thirty (30) days after a Party sends a notice of any necessary changes to the other Party, or otherwise no later than prescribed by the Data Protection Rules, guidelines, decisions or regulations of the Supervisory Authority.
13.2 Other changes and additions to the DPA must be made in writing and duly signed by both Parties in order to be binding.
14.1 The DPA supersedes and replaces all prior data processor agreements between the Parties and supersedes any deviating provisions of the Agreement concerning the subject matter of the DPA, notwithstanding anything to the contrary in the Agreement.
14.2 Swedish law applies in all aspects to Upsales’ Processing of Personal Data under the DPA. Any dispute arising out of or in connection with the DPA shall be settled in accordance with the dispute resolution provision in the Agreement.
APPENDIX 1A - DATA PROCESSING INSTRUCTIONS
In these data processing instructions, all capitalized words shall have the same meaning as defined in the DPA or the Agreement, unless otherwise is expressly stated.
Please specify all purposes for which the Personal Data will be processed by Upsales as «Cl_Name» data processor.
Data Controller and Data Processor have entered the Upsales General Terms and conditions to which Data Controller is granted a license to access and use the Service. In providing the Service, Data Processor will engage, on behalf of Data Controller, in Processing of Personal Data submitted and stored within the Service by Data Controller or third parties with whom Data Controller granted using the service.
Categories of data
Please specify the Personal Data that will be processed by Upsales as data processor
Categories of data subjects
Please specify the categories of data subjects whose Personal Data will be Processed by Upsales as data processor
Please specify all processing activities to be conducted by Upsales as data processor
Processing means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Location of processing operations
Please specify all locations where the Personal Data will be processed by Upsales as data processor and - when applicable – by Sub-processor.
|Data Processor and its Sub-processors will maintain data processing operations in countries that are in EU/ESS region.|
Information security measures
Access control Physical
Access to the data center may only be attained by a limited number of authorized personnel passing through a series of electronic validation systems. Throughout the facility video cameras monitor all sections of the building and the surrounding grounds. Within this facility all Upsales equipment is kept in secured cabinets.
System Access control
Data Processor shall take reasonable measures to prevent Personal Data from being used without authorization. These controls shall vary based on the nature of the Processing undertaken and may include, among other controls, authentication via passwords and/or two-factor authentication, IP-blocking and logging of access on several levels.
Data Access Control
Data Processor shall take reasonable measures to provide that Personal Data is accessible and manageable only by properly authorized staff, direct database query access is restricted and application access rights are established and enforced by Data Controller when Upsales Personnel needs application access to fulfill Regular user Support described in the Upsales General Terms and conditions.
Back-ups of the databases in the service are taken on a regular basis, are secured, and encrypted to ensure that personal data is protected against accidental destruction or loss when hosted by data processor. Back-ups will be stored for a maximum of 6 weeks before destruction.
Encryption of data communication (Transmission control)
Data Processor shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of personal data by means of data transmission facilities is envisaged so Service Data cannot be read, copied, modified or removed without authorization during electronic transmission or transport from the Service to the end user.
After thirty (30) days after the termination of Data Controller´s access to and us of the Service, Data processor shall have the right to delete all Service Data stored or Processed by Data Processor on behalf of Data Controller in accordance with Data Processor´s deletion policies and procedures.
Data from different Data Processor´s subscriber environments is logically segregated on Data Processor’s systems to ensure that Personal Data that is collected for different purposes may be Processed separately.