The Application is intended to be used to administrate personal data (meaning information relating to an identified or identifiable natural person or to any other personal data referred to in the Swedish data protection legislation) including extraction and deletion of such data and documents as well as configuring and maintaining consents given by members or other relevant stakeholders.
The Application and its related services are provided to you "AS IS" and on an "AS Available" basis. We retain the right to update and further develop the Application without any advance notification to You, included technology, features and functionalities and have no duty to maintain any prior versions of the Application or provide any availability for the Application.
You may use the Application as you have a valid license to use the Application and the respective payments are duly made.
Your installation or use of the Application does not mean any additional duties on Our part to make back-ups of the data exported, deleted or updated from the Application.
All intellectual property rights to the Application belong to Innofactor Group or to third parties. No intellectual property rights to the Application shall be transferred to You upon purchase of the right to use the Application.
As a user of the Application you agree to notify Us of all problems and ideas for enhancements in the Application which come to Your attention during your usage. In addition, You hereby assign us all right, title and interest to such enhancements and all property rights and all property rights therein including without limitation all patent, copyright, mask work, trademark, moral right or other intellectual property rights.
The materials and information contained on the Application, including, but not limited to, the text, graphics, photographs, artwork, icons, images, logos, audio, video, downloads, data and compilations, belong to Us or the original creator and is protected by applicable law, including, but not limited to, EU and international copyright law and regulations. For the sake of clarity the foregoing does not regard the materials brought to the Application by You when using the Application which shall remain Your or third party property, as the case may be.
We make no express or implied warranties, any statements or representations about the Application and its functionality. We especially disclaim any warranty for defect liability or any fitness for a particular purpose of the Application. In case of non-functionality of the Application attributable to Us Our liability is limited reduction of the payment for the period during with the Application has not functioned. You understand that usage of the Application may be interfered with or adversely affected by numerous factors or circumstances outside of Our control.
We shall not, in any event, be liable for any loss of data, loss of profit or production, interruption of operations, damage to property, loss of interest, computer viruses, sanctions laid by data protection authorities or for any indirect and consequential damages related to Your usage of the Application. Our overall liability is always limited to SEK 50,000 under this Agreement.
Based on this Agreement, we are not in any manner liable for the compliance of your organization or Your software systems with the GDPR (meaning General Data Protection Regulation (679/2016 of the European Union) and other applicable data protection legislation. Installing the Application will provide tools for managing Your personal data but it will not by itself make Your organization or Your software system GDPR compliant.
We shall have the right to ask You to terminate or suspend the use of the Application in any of the following cases:
Both You and Us shall comply with applicable laws and regulations governing personal data and its protection. The data processing activities of Us as data processor and the respective terms and conditions are agreed in Annex 1 to this Agreement (Innofactor Data Procession Conditions for Innofactor® GDPR Solution) to which You also agree by using the Application.
111 21 Stockholm, Sweden
These Innofactor Data Processing Conditions for Innofactor® GDPR Solution (“DPC”) are an integral part of the Agreement referring to these conditions. This DPC defines the terms and conditions for the Processing of Customer Personal Data, to which Innofactor shall engage with regard to the Innofactor® GDPR Solution, in a binding manner superseding any other possible conditions on the same.
Capitalized terms in this DPC shall have the following meaning:
“Applicable Laws” shall mean as of its effectivity EU General Data Protection Regulation 2016/679 (GDPR) as incorporated in to the territory where the Services are being rendered as well as other applicable mandatory legislation regulating data privacy, data protection and confidentiality of company data.
“Customer” shall mean the other party than Innofactor to the Agreement. “Customer Personal Data” shall mean any Personal Data Processed by Innofactor on behalf of the Customer pursuant to or in connection with the Services.
“Innofactor” shall mean the Innofactor Affiliate /Affiliates being a party to the Agreement. “Innofactor Affiliates” shall mean legal entities that owned whether directly or indirectly by Innofactor Plc. “Own” means having more than 50 % ownership or right to direct the management of the entity.
“Innofactor® GDPR Solution” shall mean the application created by Innofactor and intended to be used to administrate personal data including extraction and deletion of such data and documents as well as configuring and maintaining consents given by members or other relevant stakeholders for the Customer’s use.
“Personal Data” shall mean any information relating to an identified or identifiable natural person (”Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Personal Data Breach” shall mean security breach caused by Innofactor leading to an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data transmitted, stored or otherwise Processed.
“Process / Processing“ shall mean any operation or set of operations which is performed on Customer Personal Data or on sets of Customer Personal Data under the Agreement, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Record of Processing Activities” shall mean the record to be compiled of all categories of data processing activities by the data processor under Section 30.2 of the GDPR.
“Services” shall mean provision of the Innofactor® GDPR Solution to Customer usage.
Both Parties undertake to follow the Applicable Laws as amended from time to time.
The Customer shall always act as the controller of the Customer Personal Data within the meaning of Applicable Laws as the Customer is the party defining the purpose and means for the Processing of the Customer Personal Data. Consequently, the Customer and shall make sure that all responsibilities of the controller as set forth in the Applicable Laws are met and that the lawfulness, including the needed consents from Data Subjects, of the Processing is maintained.
The role of Innofactor in the Processing of Customer Personal Data is that of the processor within the meaning of the Applicable Laws on behalf of and for the benefit of the Customer.
Types of Personal Data Processed under the Agreement include the following:
Special categories of Personal Data Processed under the Agreement include the following:
Categories of Data Subjects are as follows:
Innofactor shall only Process the Customer Personal Data to the extent and in a manner necessary to provide the Services and in accordance with the Customer’s documented and lawful instructions and shall not Process Customer Personal Data for any other purpose.
Innofactor shall immediately inform the Customer if, in its opinion, an instruction infringes Applicable Laws or other data protection provisions.
Innofactor shall implement appropriate physical, technical and organizational measures taking into account the nature, scope, context and purpose of the Processing of the Customer Personal Data to ensure a level of security appropriate to that risk. General description of such measures shall be maintained at the Record of Processing Activities.
Technical and organizational measures are always subject to technological progress and further development. Innofactor may always employ adequate alternative protection measures, as long as these alternative measures do not materially reduce the level of security.
Innofactor Group has appointed a Data Protection Officer.
Innofactor shall promptly notify the Customer in case it receives a request from a Data Subject under the Applicable Laws relating to the Customer Personal Data. Innofactor undertakes to assist the Customer in meeting its obligations related to such requests of Data Subjects provided that the Customer has instructed Innofactor in writing to give assistance and that it reimburses Innofactor for the costs arising from this assistance.
Innofactor’s employees that are authorized to access and Process the Customer Personal Data are subject to a statutory or contractual confidentiality obligations in respect of the Customer Personal Data.
Innofactor shall ensure that its personnel engaged in the Processing of Customer Personal Data are informed of the confidential nature of Customer Personal Data and make sure that access to the Customer Personal Data is limited to those persons having a need to access the data.
In the event of any Personal Data Breach caused by Innofactor, Innofactor shall notify the Customer of such breach without undue delay after becoming aware of the breach.
Innofactor agrees to reasonable co-operation with the investigation of the event, agrees to support the Customer in its respective notification obligations in a reasonable manner and agrees to initiate respectively needed reasonable remedy measures.
The Customer shall have the right to audit by appropriate means the Innofactor’s Processing of any Customer Personal Data connected with the provision of the Services. The audit right includes that Innofactor shall make available to the Customer all information necessary to demonstrate compliance with this DPC and shall allow for and contribute to audits, including inspections, by the Customer or by a neutral third party auditor during normal working hours mandated by the Customer to verify compliance with this DPC. In the course of the audit the Customer may not cause any damage, injury or disruption to the Innofactor premises, equipment, personnel and business while its personnel are on premises in the course of such an audit or inspection.
Innofactor shall be entitled to subcontract its obligations under this DPC to its Affiliates who may be retained as sub-processors of Customer Personal Data.
Notwithstanding the foregoing and where Innofactor’s Services include or are based on services provided by Microsoft Corporation, the usage of Microsoft entities as sub-processor is explicitly allowed. The same applies to subprocessors Microsoft has noted to it uses in the provision of its services.
Where Innofactor engages other sub-processors it shall inform the Customer of any intended changes concerning the replacement or addition of sub-processors. Such information may also be given through the service provided or by the already approved sub-processor.
Innofactor agrees to foresee that its subprocessors follow Applicable Laws and relevant provisions of this DPC.
Innofactor shall foresee that any transfer of Personal Data outside EU/EEA in the course of its Processing activities shall be based on the requirements of Applicable Laws and appropriate legal safeguards.
After the end of the provision of services relating to Processing, at the choice of the Customer, Innofactor will delete or return all possibly stored Personal Data to the Customer and delete existing copies unless the Applicable Laws require storage of such Personal Data.
Innofactor’s liability arising out of or related to this DPC, whether in contract, tort or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement.
For clarity, each party is individually responsible for any possible administrative fines imposed on the party regarding possible breaches of the Applicable Laws and not liable for the fines imposed on the other Party.