Integritet & avtal

Här kan du läsa om vilka bestämmelser som gäller för användande av våra tjänster och produkter, hur vi hanterar dina personuppgifter och fungerar som personuppgiftsombud för dig.

GENERAL TERMS AND CONDITIONS FOR LICENSE AND PROVISION OF SERVICE
(Version 1:2019)


Notice:

Please read before access or use of the Software-as-a-Service (SaaS) provided hereunder, or as applicable as a cloud based service, for asset management (the “Service”) that you are attempting to access or that otherwise accompanies or is provided with these General terms and Conditions for the Service and Warranty Statement (“General Terms“).

By actively agreeing to be bound by the General Terms, accessing or in any way using the Service, the entity or company that you represent (the ”User”) is unconditionally consenting to be bound by the General Terms constituting an “Agreement” with the Service Provider.

The User represents and warrants that it has the legal power and authority to accept the General Terms and to enter into the Agreement with the Service Provider.

If the User does not unconditionally agree to all terms of the General Terms or want to become a party to the Agreement, then, unless expressly approved otherwise by the Service Provider, any access or use of the Service is strictly prohibited.

The Agreement constitutes the Agreement between the Service Provider and the User with respect to license of the Service. The Agreement forms a legally binding contract between you as User (licensee) and the Service Provider (licensor) in relation to your access and use of the Service.

EXCEPT FOR THE LICENSE RIGHTS GRANTED HEREIN, NO INTELLECTUAL PROPERTY RIGHTS ARE TRANSFERRED.

Please contact info@comlink.se with any questions.

1.          DEFINITIONS

Affiliate” means any entity controlling or controlled by or under common control with a Party where control is ownership of more than 50 % of the equity or voting rights of such entity.

Agreement” means the agreement created by the User with the Service Provider by the User completing the required registration process for use of the Service and actively agreeing to be bound by the General Terms, or any such other contract document together with its appendices (annexes), and any amendments and supplements thereto, duly executed by the User and the Service Provider, that set forth additional and specific terms and conditions for  subscription/use, price and payment terms and other terms, conditions and documents.

Airtime” means wireless airtime and mobile network capacity.

API” means application programming interface enabling communication between the Service (the library/functions/variables etc.) and other User or third-party software applications, scrips, plug-ins or alike.

Availability” means when the User can access the Service Provider admin user interface and API for the Service. Availability of the Service is measured on a monthly basis over all days of the month (24h/day).

Bearer Services” means the provision of services by designated telecom operator (as amended from time to time), used for the Service and the User’s devises.

Confidential Information” shall have the meaning set forth in Section 12.

Description” means the description and specifications of the Service and usage requirements.

Documentation” means any specification, user guide, manual and other documentation that is provided by the Service Provider and that explain the installation (if applicable), use and functions of the Service, including but not limited to related system and service documentation, all comments, procedural language, materials useful for understanding and using the Service.

Effective Date” means the date when the User has completed the required registration process entitling the User to use the Service.

General Terms” means these General terms and Conditions for the Service.

Party” or “Parties” means the User and the Service Provider individually or jointly.

Renewable Term” means each renewed successive term pursuant to Section 14.

Service” means the Service Provider’s software-as-a-service and cloud model services (as applicable) used by the User, and any subsequent updates, upgrades, bug fixes, work around, or other services and/or products delivered or made accessible to the User by or on behalf of the Service Provider to the User in connection with the Service.

Service Provider” means Comlink AB, co. org. no. 556514-0190, Energigatan 10B, SE-434 37 Kungsbacka, Sweden, its Affiliates or other companies and entities (such as enterprise customers, resellers, channel partners, distributors) authorized to provide the Service.

Service Provider Content” means by the Service Provider supplied texts, audio, video, graphics and other information and data available by means of the Service and/or the Service Provider’s web site.

Term” means the permitted length of each use of Service, as further governed by these General Terms.

Third Party Materials” means any third-party content and materials.

Third Party Services” means any services, products, gateways, links or other functionality that may be included in or linked to the Service and that allows the User to access third party services, for example connectivity- and mobile network services.

User” means the entity or person that uses the Service.

User Data” means all data owned and, as applicable, submitted and stored on the Service Provider system by the User to the Service Provider using the Service.

2.          GENERAL

2.1       The General Terms apply between the Service Provider and the User regarding the provision and use of the Service.

2.2       The Agreement incorporates the General Terms. Subject to the Users complete registration process, and, as applicable, in consideration for subscription fee payable by the User, the Service Provider shall provide the Service.

3.          THE SERVICE

3.1       Subject to complete registration process the Service Provider grants to the User a

–     non-exclusive, non-transferable, non-sub-licensable, worldwide, license

–     to access, display and use the Service and Documentation

–     for the User’s internal use in accordance with the General Terms.

3.2       The User acknowledges and agrees that the Service is licensed and subscribed on a Software-as-a-service and/or Cloud basis (as applicable) and, unless explicitly approved by the Service Provider in writing, not sold to the User.

3.3       Unless explicitly permitted herein or by the Service Provider’s written approval, the User may not sell, resell, rent, assign, share, outsource, included in network, or in SaaS-services or in external cloud computing environments or lend the Service. The Service Provider reserves all rights to the Service not expressly granted to the User herein.

3.4       Without granting any additional licenses hereunder, the User may authorize its contractors and outsourcers to use or operate the Service solely on the User’s behalf and provided that the User obtains such third parties’ binding consent in advance to abide by the terms of these General Terms and provided the User shall be responsible for such parties’ use and compliance. Such parties are not, and shall not be deemed to be, third party beneficiaries hereunder or for any other reason.

3.5       The Service Provide reserves the right to from time to time make changes and updates to the functionality of the Service provided to the User, and associated Description and Documentation, provided that such changes do not have a material adverse effect on the functionality of the Service.

3.6       The User is only permitted to use the Service unchanged ‘as supplied by the Service Provider’s and may not decompile, reverse engineer, disassemble or otherwise attempt to derive and/or gain access to source code from any software made available to the User as part of the Service. The User shall neither use nor permit others to use or access the Service to, (a) build a competitive product or service, (b) make or have made a product using similar ideas, features, functions or graphics of the Service, (c) make derivative works based upon the Service or the Documentation, or (d) copy any features, functions or graphics of the Service or the Documentation.

3.7       The User shall neither use nor permit others to use the Service for any unlawful, invasive, infringing, defamatory, fraudulent, or obscene purpose.

3.8       Unless explicitly undertaken by the Service Provider in the course of providing the Service, the Service Provider is not responsible for the User’s use of the Service, testing procedures or for determining or evaluating the ability of the designated websites to withstand for use of high traffic delivering the Service.

3.9       The User is responsible for all activities that occur during the User’s use of the Service. The User agrees to immediately notify the Service Provider of any unauthorized use of the Service or any other known or suspected breach of security.

3.10     Unless explicitly undertaken by the Service Provider in the course of providing the Service, access to and use of the Service requires appropriate connections to the Internet. The User is solely responsible, at the User’s expense, for acquiring, installing, maintaining, and updating all hardware, computer software, and communications capability necessary for the use of the Service.

3.11     The User acknowledges and agrees that the provision of Airtime is subject Third Party Service to the geographic extent of Airtime coverage and local geography, topography and/or atmospheric conditions and/or other physical or electromagnetic interference that may from time to time adversely affect the provision of the Airtime in terms of line clarity and call interference. For the avoidance of doubt the Service Provider does not warrant any Airtime. It is the User’s responsibility to ensure Airtime on sites where User intends to use the Bearer Service.

4.          OWNERSHIP

4.1       The Service Provider and if applicable, its licensors, retain all rights, title and interest in and to the Service and Documentation (including but not limited to any images, photographs, animations, video, audio, music, text, applets incorporated into the Service, ‘apps’ API:s and any copies of the Service and Documentation that the User is explicitly permitted to make).

4.2       The Agreement grants no ownership rights in the Service and Documentation and the Service Provider Content to the User.

4.3       The User shall own and shall continue to own all User Data.

5.          ACCESS TO SERVICES AND PASSWORDS

5.1       The Service is provided and produced on the Service Provider’s premises, via the Service Provider’s system.

5.2       The User shall access the Service via the Service Provider designated platform and/or instructions. Access to and use of the Service requires appropriate connections to the Internet or other relevant public electronic network.

5.3       To be able to use the Service the User need and will be provided login username and password from the Service Provider.

5.4       The use/subscription term commences on the Effective Date. User is solely responsible, at User’s expense, for acquiring, installing, maintaining, and updating all hardware, computer software, and communications capability necessary for connecting to the Internet and for the use of the Service.

5.5       The User’s designated login username(-s) and password(-s) are strictly confidential and may only to be used by the User. The User is responsible for all activities that occur during the User’s use of the Service. The User agrees to immediately notify the Service Provider of any unauthorized use of the Service, usernames or passwords or account or any other known or suspected breach of security.

6.          SUPPORT

Support services for the Service and other matters relating to use of the Service shall be provided in or via the Service.

7.          THE USER’S DATA AND SECURITY

7.1       The User will have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness of and copyright permissions for all such User Data.

7.2       The User is not permitted and undertakes to not enter any data into the Service that constitute Confidential Information, to the effect that the Service Provider shall be justified to treat all data entered into the Service by the User as non-confidential information.

7.3       The User undertakes to ensure to make sure that data entered into the Service Provider’s system is in the agreed format and virus-free. And not in any way capable of damaging or negatively affecting the Service Provider’s system of the Service.

7.4       The User grants to the Service Provider and its Affiliates a non-exclusive license to use, copy, store, transmit and display technical information, and User Data to the extent reasonably necessary to provide and maintain the Service, and for internal statistics, product development purposes. The Service Provider may aggregate anonymous statistical data regarding use and functioning of its system by its various users, including the User. Such aggregated statistical data will be the sole property of the Service Provider. The Service Provider will use commercially reasonable security measures to protect the User’s data against unauthorized disclosure or use. The Service Provider’s security (privacy) policies in effect from time to time are located at https://www.comlink.se/integritet-avtal/.

8.          LINKS TO THIRD PARTY SITES

The User may link to third party sites using the Service. The third-party sites are not under the control of the Service Provider, and the Service Provider is not responsible for the contents of any third-party sites, any links contained in third party sites, or any changes or updates to third-party sites.

9.          WARRANTY AND WARRANTY DISCLAIMERS

9.1       The Service Provider warrants that; (a) the Service provided to the User is and will be completed in a professional, workmanlike manner, with the degree of skill and care that is required by good, and sound professional procedures, and shall be completed in accordance with the Agreement and Service Description; (b) the Service do not, to the best of the Service Provider’s knowledge, misappropriate, violate or infringe any copyright, trademark, mask work, trade secret, patent or other intellectual property or proprietary right of others; and (c) the Service Provider has full power to grant the rights granted to the User under the Agreement.

9.2       The Service may include Third Party Service and Third Party Materials. The Service Provider does not supply and is not responsible for any Third Party Service or Third Party Materials, which may be subject to their own licenses, end-user agreements, privacy and security policies, and/or terms of use. The Service Provider makes no warranty to and has no liability for Third Party Service and Third Party Material.

9.3       For any defective or non-conforming portion of the Service covered by the foregoing warranty, the Service Provider shall promptly upon the User’s notice of any non-conformity, at the Service Provider’s option perform one of the following measures (provided that (a) and (b) shall only be performed by the Service Provider to the extent they are commercially practicable): (a) re-perform the Service; and (b) correct or replace the non- conforming portion. Any notice of any nonconformity by the User to the Service Provider must be in writing and within 30 days after the User first encounter any such nonconformity.

9.4       The warranties expressly stated in this Agreement are the sole and exclusive warranties offered by the Service Provider. There are no other warranties of any kind, express or implied, the Service Provider expressly disclaims any and all warranties of title, merchantability, fitness for a particular purpose, accuracy or quit enjoyment.

9.5       Except as stated herein, the Service and documentation are provided to the User on an “as is” and “as available” basis. User assumes all responsibility for determining whether the services or the information generated thereby is accurate or sufficient for User’s purposes.

9.6       The Service Provider does not warrant that use of the services will be error-free or uninterrupted. The Service Provider is not responsible for software installed or used by the User or other users or for the operation or performance of the internet.

10.       INDEMNIFICATION

10.1     The Service Provider will, at its expense and at the User’s request, defend, indemnify and hold harmless the User and its officers, directors, employees from and against any and all claims, actions, demands, liabilities, settlements, costs, damages and fees arising, in whole or in part, in connection with (a) any allegation that any portion of the Service or Documentation misappropriates, violates or infringes any third party’s patent, copyright, trademark, trade secret, or other intellectual property or proprietary right; (b) any bodily injury, personal injury, death or property damage caused by the Service Provider or the Service Provider’s employees; (c) any gross negligence and willful misconduct of the Service Provider or the Service Provider’s employees; or (d) the Service Provider’s breach of the warranties set forth herein.

10.2     The User will, at its expense and at the Service Provider’s request, defend, indemnify and hold harmless the Service Provider and its Affiliates, officers, directors, employees from and against any and all claims, actions, demands, liabilities, settlements, costs, damages and fees (including attorneys’ and other professionals’ fees and costs) arising, in whole or in part, in connection with a claim, suit, action, or proceeding by a third party; (a) alleging that the User’s Data or information supplied by the User infringes the intellectual property rights or other rights of a third party or has caused harm to a third party, (b) arising from any third party subpoena or compulsory legal order or process that seeks User Data and/or other User-related information or data, including, without limitation, prompt payment to the Service Provider of all costs (including attorneys’ fees) incurred by the Service Provider as a result, or (c) arising out of the User’s breach of contract. In case of such subpoena or compulsory legal order or process, User also agrees to pay the Service Provider for its staff time in responding to such third party subpoena or compulsory legal order or process at the Service Provider’s then applicable hourly rates.

10.3     In case of any claim that is subject to indemnification as set forth herein, the Party that is indemnified (Indemnitee) will provide the indemnifying Party (Indemnitor) reasonably prompt notice of the relevant claim. Indemnitor will defend and/or settle, at its own expense, any demand, action, or suit on any claim subject to indemnification as set forth herein. Each Party will cooperate in good faith with the other to facilitate the defence of any such claim and will tender the defence and settlement of any action or proceeding covered by this Section to the Indemnitor upon request. Claims may be settled without the consent of the Indemnitee, unless the settlement includes an admission of wrongdoing, fault or liability.

10.4     Each Party shall, in order not to lose its right to claim damages, put forward such claim no later than 30 days from the time when the Party noticed or should have noticed the ground for the claim, however no later than six months from 90 days from date of termination/expiry of Term of the applicable Oder Form, whichever is the earliest.

11.       LIMITATION OF LIABILITY

11.1     The Service Provider shall not be liable to the User for any loss of profit, loss of use, loss of production, lost revenues, lost business or for any financial or economic loss or for any indirect or consequential damages whatsoever

11.2     The Service Provider’s sole, exclusive and maximum liability to the other under the order and these general terms shall on aggregate be limited to the fees paid to the Service Provider under applicable Agreement during the twelve months preceding the claim.

11.3     Nothing in this contract shall limit or exclude the Service Provider’s liability for: (A) death or personal injury caused by its negligence; (B) fraud or fraudulent misrepresentation; and/or (C) any other liability that cannot be excluded by law.

11.4     The Service Provider does not accept liability for Third Party Services and Third Party Material Including acts and omissions).

11.5     The Service Provider does not accept liability for any effects upon User’s devises, equipment or any effects of the User’s devises equipment, or upon any electronic or radio systems in equipment, vehicles or aircraft in the vicinity of such users, of any emissions or transmissions to, from, by or through the network and/or the User’s devises and equipment.

12.       CONFIDENTIALITY

12.1     “Confidential Information” means any information that is disclosed by one Party (the Discloser) to the other (the Recipient), which, at the time it is disclosed, in any form, is identified or designated by Discloser as “confidential or proprietary” or reasonably should be known by Recipient to be proprietary or confidential information of Discloser.

12.2     The Recipient shall not use or disclose the Discloser’s Confidential Information without the prior written consent of the Discloser, except; (a) as specifically permitted by the Discloser; or (b) for the purpose of performing its obligations or enforcing its rights under the Agreement, provided that such disclosures are made only to those employees, consultants, contractors, professional advisors or third party service providers with a direct business need to know and who have agreed in writing to confidentiality provisions that provide the Discloser with at least as much protection as those contained herein.

12.3     Confidential Information will exclude information that; (a) the Recipient can demonstrate to have had rightfully in its possession prior to disclosure to the Recipient by the Discloser; (b) is now or subsequently becomes available to the public through no wrongful act of the Recipient; (c) has been rightfully received by the Recipient from a third party who has the right to transfer or disclose it to the Recipient without restriction on disclosure; (d) has been independently developed by the Recipient without the use of any Confidential Information as evidenced by appropriate documentation; or (e) has been approved for release by written authorization executed by an authorized officer of the Discloser. Notwithstanding the foregoing, if the Recipient is required to disclose Confidential Information pursuant to a court order or other requirement of applicable law, the Recipient shall provide the Discloser with prompt written notice of any such requirement sufficient to permit the Discloser to seek and obtain appropriate protective orders prior to such disclosure by the Recipient. All Confidential Information remains the property of the Discloser and no license or other rights in the Confidential Information is granted hereby.

12.4     All information provided hereunder is provided ‘as is’ and without any warranty, express, implied, or otherwise, regarding its accuracy or performance. At any time at the request and choice of the Discloser, the Recipient will either return to the Discloser or destroy all the Discloser’s Confidential Information, in whatever form, which is in its custody or control.

13.       SUSPENSION OF SERVICES BY COMLINK

13.1     The Service Provider may, in its sole discretion, suspend a User’s username and password, account, or use of the Service if the User materially violates/breaches any right and/or obligation under the Agreement, and such violation/breach has not been cured promptly within 10 days of notice of such breach, or the User is in delay of any payment due to the Service Provider, or violates/breaches any of its duties and obligations in Section 3, the Service Provider may suspend the Service immediately without notification.

13.2     The Service Provider may, in its sole discretion, suspend a User’s username and password, account, and right to use of the Service if the Service has not been actively used by the User for a period of 90 consecutive days. A User subject to such a suspension who wants to use the Service, will have to contact the Service Provider for a reinstatement of the same account, or will have to apply for a new account/license.

13.3     Should there be a Service suspension; the Service Provider reserves the right to charge a fee to reinstate the Service.

14.       TERM AND TERMINATION

14.1     The Service license period takes effect and commences on the Effective Date and shall, unless the Parties agree otherwise or for specific subscription terms, continue to apply with a mutual notice period of 15 days. Termination by the User shall be made in writing to the Service Provider, and termination by the Service Provider shall be by way of notice procedures in the Service and to the Service Provider’s last known email-address to the User.

14.2     The Service Provider may terminate the Service license immediately upon notice;

(1)    if the User materially breaches any of its obligations under and pursuant to these General terms and/or the Agreement,

(2)    if the User uses the Service in violation with the these General terms and/or the Agreement, or otherwise infringes the Service Provider’s intellectual property rights, or challenges the Service Provider’s ownership to or the validity of any intellectual property rights relating to the Service, or

(3)    if the User should enter into liquidation either voluntary or compulsory or become insolvent or enter into composition or corporate reorganisation proceedings or if execution be levied on any goods and effects of the User or the User should enter into receivership.

15.       EFFECT OF TERMINATION

At the User’s request, within 30 days of the termination of the Service for any reason, the Service Provider shall make available one backup of all data and information generated and/or held by the Service Provider as a result of the User’s use of the Service. The backup shall be stored in the Service Provider’s standard format. User agrees and acknowledges that the Service Provider has no obligation to retain any User Data, and the Service Provider may delete User Data that remains in the Service Provider’s possession or control more than 60 days after termination.

16.       FORCE MAJEURE

16.1     Neither Party will be deemed in default, to the extent that performance of its obligations or attempts to cure any breach are delayed or prevented by reason of any event beyond the reasonable control of such Party, including without limitation, any act of God, fire, earthquake, natural disaster, accident or act of government (in any case to the extent that such event is not due to, nor arises out of, the negligence of the Party whose performance is delayed), and provided that the Party seeking to be excused gives the other Party

16.2     written notice thereof promptly and, in any event, within 15 days of discovery thereof and uses its reasonable efforts to continue to so perform or cure. In the event of such a force majeure event, the time for performance or cure will be extended for a period equal to the duration of the force majeure event. If the period of delay or non-performance continues for in excess of 30 days, the party not affected may terminate the Service by giving written notice to the affected party.

17.       PUBLICITY

Unless stated in the Agreement, neither Party may use, without the other Party’s prior written consent in each instance, the names, characters, artwork, designs, trade names, trademarks or service marks of the other Party.

18.       ADDITIONAL REMEDIES; EQUITABLE RELIEF

Any remedies at law or equity not specifically excluded by the Parties remain available to both Parties. The Parties expressly acknowledge and agree that a breach of any of the provisions of these General Terms and/or the Agreement may result in irreparable harm to the non-breaching Party, and in such case, the non-breaching Party shall have the right to seek to enforce any provision of these General Terms and/or the Agreement, and any of its provisions by injunction, specific performance or other equitable relief, in any event without prejudice to any other rights and remedies that such Party may have.

19.       EXPORT CONTROLS

The User shall comply with all export laws and restrictions and regulations and the User shall not export, or allow the export or re-export of, the Service in violation of any such restrictions, laws or regulations. The User is responsible for obtaining any and all licenses required to export, re-export, transfer or import the Service.

20.       DATA PRIVACY

20.1     The data protection obligations (in particular the EU General Data Protection Regulation 2016/679 (GDPR) and all other applicable data protection laws) shall be observed. The Service Provider processes personal data on behalf of the User as a Data Processor, and only if and to the extent necessary to fulfil the purpose of the contractual arrangement with the User. In doing so, the Service Provider also implement appropriate technical and organizational measures which meet the requirements of applicable data protection law, in particular the GDPR and these general terms and conditions.

20.2     As far as personal data will be processed by the Service Provider on behalf of the User and upon User’s instructions (under a controller-to-processor relationship) the Parties will conclude a relevant Controller-to-Processor Agreement pursuant to the User’s registration process for the Service.

20.3     In the absence of a relevant Controller-to-Processor Agreement and in so far as the Service Provider processes personal data on behalf of the User, the following shall apply.

20.4     The Service Provider must ensure that all reasonable precautionary measures are taken to guarantee the security of the personal data and to prevent any corruption, loss, damage, or destruction of the personal data. In the event of unauthorised access to the personal data of the User, or if the personal data have fallen into the hands of an unauthorised third party, the Service Provider shall immediately notify the User about the unauthorised access, and provide its cooperation to the User for the taking of all measures that are deemed necessary in order to minimise the risk of such a data breach or unauthorised access.

20.5     The Service Provider or the individuals who work under the direction of the Service Provider may only process such personal data in accordance with the instructions given by the User from time to time. Should the Service Provider not have the instructions that is required by law and that the Service Provider deems necessary to perform any services for the User, the Service Provider shall, without delay, inform the User thereof and await such instructions.

20.6     The Service Provider may, for the processing of personal data, use subcontractors (sub processors), where the Service Provider shall enter into data sub-processing agreements with the subcontractors on the User’s behalf with terms corresponding to the terms herein, whereby the subcontractor undertakes to adhere to what is set out in this Section 20, including the adherence to Swedish law in the sub-processing. To the extent personal data is transferred to a country outside EU/EEA, the Service Provider shall ensure that the subcontractor signs the EU model clauses for the transfer of personal data to a third country on the User’s behalf. The Service Provider shall on request inform the User of what the subcontractors that have been employed and where they conduct their business.

21.       GOVERNING LAW, DISPUTE RESOLUTION, JURISDICTION AND VENUE

21.1     These General Terms and/or the Service and/or the Agreement and the rights and obligations of the Parties pursuant thereto will be governed by the laws of Sweden, without regard to conflicts of law principles. The Parties irrevocably agree that, subject as provided below, the courts of Sweden shall have exclusive jurisdiction in relation to any claim, dispute or difference concerning these General terms and the Service and any matter arising therefrom and irrevocably waive any right that they may have to object to an action being brought in those courts, or to claim that the action has been brought in an inconvenient forum, or that those courts do not have jurisdiction.

21.2     Nothing in this Section shall limit the right of either Party, at any time to seek injunctive relief in the courts of any appropriate jurisdiction in the case of any breach or threatened breach by the other of any obligation of confidentiality or any infringement by other or its Affiliates of that Party intellectual property rights.

22.       NOTICES

Any notice required or permitted hereunder shall be in writing and shall be given to each Party’s registered address, or at such other address as the Party may hereafter specify in writing. Such notice shall be deemed given: upon personal delivery to the appropriate address; or 3 business days after the date of mailing if sent by certified or registered mail; or 1 business day after the date of deposit with a commercial courier service offering next business day service with confirmation of delivery.

23.       SURVIVAL OF TERMS

All terms and provisions of these General Terms and/or the Agreement, including any and all exhibits, addenda and amendments hereto, which by their nature are intended to survive any termination or expiration, shall so survive.

24.       RELATIONSHIP OF THE PARTIES

No employment relationship is created between the Parties. At all times during the term hereof, the Service Provider shall retain its independent status and use its own discretion in performing the Service subject to general direction by the User and to the specific requirements of these General Terms and/or the Agreement. Nothing in these General Terms and/or the Agreement will be construed as creating a partnership, franchise, employment, joint venture or agency relationship or fiduciary duty of any kind between the Parties.

25.       INDEPENDENT DEVELOPMENT

Provided there is no infringement of the other Party’s intellectual property rights or breach of a Party’s obligations of confidentiality, nothing in these General Terms and/or the Agreement will impair either Party’s right to develop, manufacture, purchase, use or market, directly or indirectly, alone or with others, products or services competitive with those offered by the other. The User is neither obligated to accept or purchase any product or service from the Service Provider at any time.

26.       MODIFICATION

Any waiver, modification or amendment of any provisions of this these General Terms, the Agreement shall be effective only if in writing and signed by the Parties.

27.       SEVERABILITY

If any provision of this Contract shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable, such invalidity or unenforceability shall not affect the other provisions of this Contract which shall remain in full force and effect.

28.       ENTIRE AGREEMENT

28.1     Each of the Parties acknowledges and agrees that in entering into these General Terms together with the Agreement, which together constitute the contract between the Parties (Contract), it does not rely on any statement, representation, warranty or understanding (whether negligently or innocently made) of any person (whether party to this agreement or not) other than as expressly set out in the Contract.

28.2     Each of the Parties acknowledges and agrees that the only remedy available to it for breach of this Contract shall be for breach of contract under the terms of the Contract. Nothing in the Contract shall, however, operate to limit or exclude any liability for fraud.

28.3     The Contract constitutes the entire agreement and understanding of the Parties and supersedes any previous agreement between the Parties relating to the subject matter of the Contract.

***

DATA PROCESSING AND DATA SECURITY AGREEMENT
(Version 1:2019)


Notice:

This Data Processing Agreement (“DPA”) creates the legal framework, between the data controller and the data processor, for processing of personal data in a manner compliant with EU General Data Protection Regulation 2016/679 (GDPR).

The data controller is using a subscribed (licensed) service (SaaS) and the data processor will, on behalf of the data controller, process Personal Data selected, collected and submitted by the data controller, and/or third parties designated by the data controller, and stored and used within the service. The terms of this DPA only apply to data controller with an active subscription to the service.

By agreeing to be bound by this DPA the data controller (you, the entity or company that you represent) is unconditionally consenting to be bound by and is becoming a party to this DPA with the data processor; Comlink AB, co. reg. no. 556514-0190, Energigatan 10B, SE-434 37 Kungsbacka, Sweden. If the data controller does not unconditionally agree to all terms of this DPA the use of the service is strictly prohibited, other than for internal validation and testing purposes.

Should European Parliament and/or the Council pass new regulations and/or issue any guidelines which contains terms that conflict with those used in this DPA, such terms in this DPA shall be changed or otherwise interpreted and applied strictly in accordance with any such new regulation and guideline.

Please contact info@comlink.se with any questions

1.          DEFINITIONS

All capitalized terms used in this DPA shall have the meanings given to them below:

Cloud Entity” means entities added to the Data Controller’s account to which Personal Data may be associated and/or processed.

Data Controller” has the meaning given in GDPR (and, for the purpose of this DPA, means the party licensing and using the Service).

Data Processor” has the meaning given in GDPR (and, for the purposes of this DPA, Comlink AB, co. reg. no. 556514-0190, Energigatan 10B, SE-434 37 Kungsbacka, Sweden).

Data Security Breach” has the meaning set forth in Section 4.2(3).

Data Subject” means an individual who is the subject of Personal Data.

Data Subject Request” has the meaning set forth in Section 4.2(6).

Data Transfer” means a transfer of Personal Data from the Data Controller to the Data Processor, or an onward transfer of Personal Data from the Data Processor to a Sub-Processor, or between two establishments of a Data Processor; in each case, where such transfer would be prohibited by EU Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of EU Data Protection Laws).

DPA” means this Data Processing and Data Security Agreement together with its annexes, as supplemented and amended from time to time.

EEA” means the European Economic Area.

EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each member state and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR.

GDPR” means EU General Data Protection Regulation 2016/679.

JDCA” means the joint data controller agreement set forth in Exhibit C, between a Data Controller and a third part data controller (whom is also bound by this DPA), creating the legal framework for the access delegation and shared use of Cloud Entities and the joint use and processing of (same) Personal Data. Access to and right to use each delegated Cloud Entity is conditioned upon the prior acceptance of the JDCA.

Joint Data Controller” has the meaning given in GDPR (and, for the purposes of this DPA, the Data Controller and such third party (each a joint data controller) that under a JDCA and by sharing the use of Cloud Entities are jointly determining the purposes and means of Processing of Personal Data in and for the Service).

Party” means either Data Controller or Data Processor.

Parties” means Data Controller and Data Processor.

Personal Data” means any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing” means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Service” mean the Data Processor’s proprietary Software-as-a-Service and (as applicable) Cloud Sourcing services that are ordered by Data Controller through a link or via an order form and made available online by Data Processor, via the applicable subscriber login link and other web pages designated by Data Processor or Data Processor’s reseller/channel partner.

Service Data” means electronic data, text, messages, communications or other materials submitted to and stored within the Service by Data Processor, its agents and end-users in connection with Data Controller’s access and use of the Service, including, without limitation, Personal Data.

Sub-Processor” means any third party data processor engaged by Data Processor who receives Personal Data from Data Processor or Data Controller for Processing on behalf of Data Controller.

Subscription Agreement” means the agreement and terms and conditions under which the Data Controller is subscribing and granted licensing rights to use the Service.

Supervisory Authority” means any Data Protection Supervisory Authority with competence over Data Controller, Joint Controllers, Data Processor and any Sub-Processor Processing of Personal Data.

Third Party Services” means any services, products, devices, equipment, gateways, links or other functionality and any third-party content and materials that may be included in or linked to the Service and that allows the user to access third party services, for example connectivity- and mobile network services.

2.          PURPOSE

2.1       The Data Controller has entered into a Subscription Agreement pursuant to which Data Controller is granted a license to access and use the Service, and the Data Processor will, on behalf of the Data Controller, Process Personal Data selected, collected and submitted by the Data Controller, and/or third parties designated by the Data Controller with whom Data Controller transacts using the Service, and such Personal Data is stored and used within the Service. For the avoidance of doubt, the terms of this DPA shall only apply to the Data Controller with an active subscription to the Service.

2.2       The Parties are entering into this DPA to ensure that the Processing by the Data Processor of Personal Data, within the Service, is done in a manner compliant with GDPR and its requirements regarding the collection, use and retention of Personal Data.

2.3       To the extent that any terms of the Subscription Agreement conflict with the substantive terms of this DPA (as they relate to the protection of Personal Data and the Parties’ respective obligations and liabilities), the terms of this DPA shall take precedence.

3.          OWNERSHIP OF THE SERVICE DATA

As between the Parties, all Service Data Processed under the terms of this DPA and the Subscription Agreement shall remain the property of the Data Processor. Under no circumstances will the Data Processor act, or be deemed to act, as a data controller (or equivalent concept such as joint data controller) of the Service Data Processed within the Service under GDPR.

4.          OBLIGATIONS OF DATA PROCESSOR

4.1       The Parties agree that the subject-matter and duration of Processing performed by the Data Processor under this DPA and the Subscription Agreement, including the nature and purpose of Processing, the type of Personal Data, and categories of Data Subjects, shall be as described in Exhibit A of this DPA.

4.2       As part of the Data Processor providing the Service to the Data Controller under the Subscription Agreement, Data Processor shall comply with the obligations imposed upon it under GDPR Articles 28 – 32 and agrees and declares as follows:

(1)    The Data Processor shall process Personal Data in accordance with the instructions set forth in this DPA;

(2)    the Data Processor shall ensure that all staff and management of the Data Processor are fully aware of their responsibilities to protect Personal Data in accordance with this DPA and have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in accordance with GDPR Article 28(3)(b);

(3)    the Data Processor shall implement and maintain appropriate technical and organizational measures to protect Personal Data in accordance with GDPR Article 32 against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access (a “Data Security Breach”), provided that such measures shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, so as to ensure a level of security appropriate to the risks represented by the Processing and the nature of the Personal Data to be protected, including data security consistent with the Security Standards described in Exhibit B;

(4)   the Data Processor shall notify the Data Controller in accordance with GDPR Article 33(2), without undue delay but in any event within 48 hours, in the event of a confirmed Data Security Breach affecting the Data Controller’s Service Data and to cooperate with the Data Controller as necessary to mitigate or remediate the Data Security Breach. Further, the Data Processor shall cooperate with the Data Controller and take such commercially reasonable steps as are directed by the Data Controller to assist in the investigation, mitigation and remediation of any such Data Security Breach under GDPR;

(5)    the Data Processor shall comply with the requirements of Section 5 when engaging a Sub-Processor;

(6)    taking into account the nature of the Processing, the Data Processor shall assist the Data Controller (including by appropriate technical and organizational measures), insofar as it is commercially reasonable, to fulfil Data Controller’s obligation to respond to requests from Data Subjects to exercise their rights under GDPR (a “Data Subject Request”). In the event the Data Processor receives a Data Subject Request directly from a Data Subject, it shall (unless prohibited by law) direct the Data Subject to the Data Controller. However, in the event the Data Controller is unable to address the Data Subject Request, taking into account the nature of the Processing and the information available to the Data Controller, the Data Processor, shall, on the Data Controller’s written request and the Data Controller’s instruction to the Data Processor, and at the Data Processor’s reasonable expense (scoped prior to the Data Processor’s response to the Data Subject Request), address the Data Subject Request, as required under GDPR;

(7)    upon request, the Data Processor shall provide the Data Controller with commercially reasonable information and assistance, taking into account the nature of the Processing and the information available to the Data Processor, to help the Data Controller to conduct any data protection impact assessment or Supervisory Authority consultation it is required to conduct under GDPR;

(8)    upon termination of the Data Controller’s access to and use of the Service, the Data Processor shall comply with the requirements of Section 10;

(9)    the Data Processor shall comply with the requirements of Section 6 in order to make available to the Data Controller information that demonstrates the Data Processor’s compliance with this DPA; and

(10) the Data Processor shall appoint a security officer who will act as a point of contact for the Data Controller, and coordinate and control compliance with this DPA.

4.3       The Data Processor shall immediately inform the Data Controller if, in its opinion, the Data Controller’s processing instructions infringe any law or regulation. In such event, the Data Processor is entitled to refuse Processing of Personal Data that it believes to be in violation of any law or regulation.

5.          USE OF SUB-PROCESSORS

5.1       The Data Controller hereby confirms its general written authorisation for the Data Processor’s use of the Sub-Processor(-s) listed in accordance with GDPR Article 28, to assist it in providing the Service and Processing Personal Data provided that such Sub-Processor(-s),

(1)    agree to act only on the Data Processor’s instructions when Processing the Personal Data (which instructions shall be consistent with the Data Controller’s Processing instructions to the Data Processor), and

(2)    agree to protect the Personal Data to a standard consistent with the requirements of this DPA, including by implementing and maintaining appropriate technical and organizational measures to protect the Personal Data they Process consistent with the Security Standards set forth in Exhibit B.

5.2       The Data Processor agrees and warrants to remain liable to the Data Controller for the Processing services of any of its Sub-Processor(-s) under this DPA. The Data Processor shall maintain an up-to-date list of the names and locations of all Sub-Processor(-s) used for the Processing of Personal Data under this DPA at www.comlink.se. The Data Processor shall update the list on its website of any Sub-Processor to be appointed at least 30 days prior to the date on which the Sub-Processor shall commence processing Personal Data. The Data Processor may sign up to receive email notification of any such changes. (The details of the sign-up process are as detailed in the aforementioned URL.)

5.3       In the event that the Data Controller objects to the Processing of its Personal Data by any newly appointed Sub-Processor, as described in this Section 5, the Data Controller shall inform the Data Processor within 30 days following the update of its online policy above. In such event, the Data Processor will instruct the Sub-Processor to cease any further processing of the Data Controller’s Personal Data and this DPA shall continue unaffected.

5.4       In addition, and as stated in the Subscription Agreement, the Service requires integrations and combinations with Third Party Services. If the Data Controller elects to enable, access or use such Third Party Services, its access and use of such Third Party Services is governed solely by the terms and conditions and privacy policies of such Third Party Services, and the Data Processor does not endorse, is not responsible or liable for, and makes no representations as to any aspect of such Third Party Services, including, without limitation, their content or the manner in which they handle Service Data (including Personal Data) or any interaction between the Data Controller and the provider of such Third Party Services. The Data Processor is not liable for any damage or loss caused or alleged to be caused by or in connection with the Data Controller’s enablement, access or use of any such Third Party Services, or the Data Controller’s reliance on the privacy practices, data security processes or other policies of such Third Party Services. A provider of a Third Party Service shall not be deemed a Sub-Processor for any purpose under this DPA.

6.          AUDIT

6.1       Subject to this Section 6, the Data Processor shall make available to the Data Controller on request all information necessary to demonstrate compliance with this DPA, and shall allow for and contribute to audits, including inspections, by the Data Controller or an auditor mandated by the Data Controller in relation to the Processing of Personal Data by the Data Processor and any Sub-Processor.

6.2       Information and audit rights of the Data Controller only arise under Section 6.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of GDPR.

7.          INTERNATIONAL DATA TRANFERS

7.1       The Data Controller acknowledges that Services Data Processor and its Sub-Processors may maintain Processing operations in countries that are outside of the EEA. As such, both Data Processor and its Sub-processors may Process Personal Data in non-EEA countries. This will apply even where Data Controller has agreed with Data Processor to host Personal Data in the EEA, if such non-EEA countries Data Transfer and Processing is necessary to host, provide and develop the Service, and access and support-related or other services requested by Data Controller.

7.2       If Personal Data processed in the Service and under this DPA is transferred from a country within the EEA to a country outside the EEA, the Data Processor shall ensure that the Personal Data are adequately protected. To achieve this, the Data Processor shall, unless agreed otherwise, rely on EU approved standard contractual clauses for the transfer of Personal Data.

8.          OBLIGATIONS OF DATA CONTROLLER

As part of the Data Controller receiving the Service under the Subscription Agreement, the Data Controller agrees to abide by its obligations under GDPR and declares and warrants as follows.

(1)    That the Data Controller is solely responsible for the means by which Personal Data is acquired and used by the Data Controller, including instructing Processing by the Data Controller in accordance with the provisions of the Subscription Agreement and this DPA, is and shall continue to be in accordance with all the relevant provisions of GDPR, particularly with respect to the security, protection and disclosure of Personal Data,

(2)    that if collection by Data Processor involves any ‘special’ or ‘sensitive’ categories of Personal Data (as defined in GDPR), the Data Controller is acquiring and transferring such Personal Data in accordance with GDPR,

(3)    that that Data Controller will inform its Data Subjects (if applicable);

(a)     about its general use of data processors to Process their Personal Data, including the Data Processor, and

(b)     that their Personal Data may be Processed outside of the EEA,

(4)    that, upon instructions from the Data Processor, it shall respond in reasonable time and to the extent reasonably practicable to enquiries by Data Subjects regarding the Processing of their Personal Data by the Data Processor, and to give appropriate instructions to the Data Processor in a timely manner,

(5)    that, upon instructions from the Data Processor, it shall respond in a reasonable time to enquiries from a Supervisory Authority regarding the Processing of relevant Personal Data by Data Processor, and

(6)    that the Data Controller is solely responsible for any arrangement in the event of the Data Controller becomes a Joint Data Controller as further specified in Section 9.

9.          JOINT CONTROLLERS

9.1       Subject to the Subscription Agreement, the Data Controller may appoint and delegate access to and share use of Cloud Entities with (another) third party data controller whom is also bound by this DPA. The Data Controller and the third party data controller are then, as Joint Data Controllers, subject to GDPR Article 26, jointly determining the purposes and means of processing of (same) Personal Data related to the (same) Cloud Entity.

9.2       By registration and by becoming a Data Controller under the Service, and in all events before granting access to and right to use any delegated Cloud Entities, the delegating Data Controller and the third party data controller, being delegated to, accepts to be bound by the JDCA in Exhibit C, to ensure that the Joint Data Controllers comply with the requirements relating to Joint Data Controllers pursuant to GDPR Article 26. The JDCA determines the Joint Data Controllers’ respective responsibilities for compliance with the obligations under the GDPR, in particular as regards the exercising of the rights of the Data Subject and their respective duties to provide the information as set forth in GDPR. I.e. the delegating Data Controller and the third party data controller (being delegated to) accepts the DPA and the JDCA when accepting the terms and conditions for the Service (during registration) and are then automatically becoming Joint Data Controllers by delegation, upon which the JDCA shall come into full effect between the Joint Data Controllers.

9.3       The JDCA includes a confirmation that the appointed third party joint controller (i) has accepted and agreed to be bound by terms and conditions of this DPA, (ii) and has accepted the appointment of the Data Processor under the DPA for Processing of relevant Personal Data for each of the Joint Data Controllers.

9.4       Each Joint Data Controller is responsible for its own Personal Data Transfers, including for ensuring that a legal basis for joint data controlling exists and that GDPR Article 26 has been fully observed and adhered to.

9.5       The Data Controller delegating access to and right to share the use of Cloud Entities is legally solely responsible and liable for ascertaining the creation of a JDCA and the Data Controller acknowledges that the Data Processor’s only responsibility in this respect is to adhere to this DPA and to inform the Data Controller of the legal requirements under GDPR pertaining to joint data controlling and that the JDCA is provided by the Data Processor solely as a service.

10.       RETURN AND DESTRUCTION OF PERSONAL DATA

Upon the termination of the Data Controller’s access to and use of the Service, the Data Processor will up to 30 days following such termination at the choice of the Data Controller either (a) permit the Data Controller to export its Service Data, at its expense; or (b) delete all Service Data in accordance with the capabilities of the Service in accordance with GDPR Article 28(3)(g). Following such period, the Data Processor shall delete or anonymize all Service Data stored or Processed by the Data Processor on behalf of the Data Controller in accordance with the Data Processor’s deletion policies and procedures. The Data Controller expressly consents to such action.

11.       DURATION

This DPA will remain in force for as long as the Data Processor Processes Personal Data on behalf of the Data Controller under the Subscription Agreement and for the Service.

12.       LIMITATION ON LIABILITY

12.1     As between the Data Controller and the Data Processor this DPA shall be subject to the limitations of liability set forth in this Section below, and in applicable Subscription Agreement for the Service subscribed by the Data Controller.

12.2     The Data Processor does not accept any liability under this DPA or GDPR for any Third Party Services, including acts and omissions.

12.3     The Data Processor does not accept any liability under this DPA or GDPR due to the Data Controller’s breach of its obligations to create a Joint Data Controller arrangement as set forth in Section 9.

12.4     The limitation of liability set forth in this Section 12 shall not be construed as limiting the liability of either Party with respect to claims by Data Subjects.

13.       MISCELLANEOUS

13.1     This DPA may not be amended or modified except by a writing signed by both Parties hereto. This DPA may be executed in counterparts, provided however that the Data Processor shall be entitled to from time to time make non-material functional changes and updates to the DPA (not changing the Parties’ respective rights and responsibilities in this DPA) by giving the Data Controller 30 days’ notice. Also, should European Parliament and/or the Council pass new regulations and/or issue any guidelines which contains terms that conflict with those used in this DPA, the Parties hereby agree that such terms in this DPA shall primarily be changed or secondarily be interpreted and applied strictly in accordance with any such new regulation and guideline.

13.2     The terms and conditions of this DPA are confidential and each party agrees and represents, on behalf of itself, its employees and agents to whom it is permitted to disclose such information that it will not disclose such information to any third party; provided, however, that each party shall have the right to disclose such information to its officers, directors, employees, auditors, attorneys and third party contractors who are under an obligation to maintain the confidentiality thereof and further may disclose such information as necessary to comply with an order or subpoena of any administrative agency or a court of competent jurisdiction or as reasonably necessary to comply with any applicable law or regulation.

13.3     Subject to the foregoing restrictions, this DPA will be fully binding upon, inure to the benefit of and be enforceable by the Parties and their respective successors and assigns.

13.4     This DPA and the Subscription Agreement constitute the entire understanding between the Parties with respect to the subject matter herein, and shall supersede any other arrangements, negotiations or discussions between the Parties relating to that subject-matter.

14.       GOVERNING LAW AND JURISDICTION

This DPA and the rights and obligations of the Parties pursuant thereto will be governed by the laws of Sweden, without regard to conflicts of law principles. The Parties irrevocably agree that, subject as provided below, the courts of Sweden shall have exclusive jurisdiction in relation to any claim, dispute or difference concerning this DPA (including the right to possible appeal), and any matter arising therefrom and irrevocably waive any right that they may have to object to an action being brought in those courts, or to claim that the action has been brought in an inconvenient forum, or that those courts do not have jurisdiction.

***

Exhibit A to DPA

PROCESSING, PERSONAL DATA AND DATA SUBJECTS

(Data Controller’s instructions)


Terms defined in the DPA shall have the same meaning in this Exhibit.

1.          DATA PROCESSOR (WHERE APPLICABLE)

The Data Processor (where applicable) operates a Software-as-a-Service and (as applicable) Cloud Sourcing services for asset management and the operation and administration of attached equipment including the identification of users e.g. for entry into doors and gates via mobile phones.

Further information can be found online at www.comlink.se.

2.          DATA CONTROLLER

The Data Controller is the subscriber and user of the Service and will collect and process Personal Data for registering persons and users for access-controlling attached equipment.

3.          DURATION OF PROCESSING

The processing of Personal Data shall endure for the duration of the subscription term in the relevant Subscription Agreement for the Service.

4.          DATA SUBJECTS

The Data Controller may, at its sole discretion, collect and submit Personal Data to the Service, which may include, but is not limited to, the following categories of Data Subjects (all of whom are natural persons) of the Data Controller and any natural person(s) authorized by the Data Controller to use the Service:

1.   Employees
2.   Relatives of employees
3.   Customers
4.   Prospective customers
5.   Service providers
6.   Business partners
7.   Vendors
8.   Advisors
9.   Subscribers of the Service
10. Users of Data Controller provided services

5.          CATEGORIES OF PERSONAL DATA

The Data Controller may, at its sole discretion, submit Personal Data to the Service which may include, but is not limited to, the following categories of data:

1.   First name
2.   Last name
3.   Title
4.   Email address
5.   Telephone number
6.   Address
7.   Other contact details
8.   Contractual relations/matters
9.   Support communications
10. Customer service information
11. Customer history
12. Restrictions or grants
13. Information provided to third parties (e.g. credit reference agencies, public directories
14. Cloud Entity usage

6.          SPECIAL CATEGORIES OF PERSONAL DATA

Not applicable.

7.          PROCESSING OPERATIONS AND COOKIES

The subject matter of the Processing of the Personal Data:

The Data Processor (where applicable) will host and process Personal Data obtained by the Data Controller using or third party using the Service, in the course of and as a technical prerequisite for the Data Processor to provide the Service, the Software-as-a-Service and (as applicable Cloud sourcing services, including;

1.     Collection of Personal Data
2.     Storage of Personal Data
3.     Compilation of Personal Data
4.     Administration of Personal Data
5.     Organisation of Personal Data
6.     Disclosure by forwarding Personal Data
7.     Utilisation of Personal Data
8.     Communication with users regarding the Service.
9.     Cookies, as further detailed in this Section below.

The Data Processor uses cookies. Anyone user who visits the Data Processor’s website or the Service shall receive information that the website and/or Service contains cookies and the purpose of using the cookies. The Data Processor uses two types of cookies on its website and in the Service; so called durable cookies, which are a text file stored on a visiting computer and so called temporary cookies or session cookies, which are only stored temporarily on a visiting computer and disappear when the user shuts down the browser on the visiting computer. The Data processor uses these two types of cookies partly to optimize the data Processor’s website and the function of Service, and partly to analyse statistics so that the Data processor in its contacts with users of the Service should be able to provide the best possible level of Service and Service-offers. The user will be given the opportunity to consent to or decline that cookies be stored on the user’s computer, however in order to be granted access to the Service, the user must approve the Data Processor’s cookies. By using the Service, the user agrees that the Data Processor uses cookies to offer the user the best possible experience of the Service.

Service Data and Personal Data which relates to Data Subjects and constitutes personal data in accordance with GDPR, collected for or on behalf of the Data Controller and its users via cookies, shall be treated as Personal Data under this DPA.

8.          RESTRICTIONS

Processing shall take place exclusively within the European Union or in another contracting state of the agreement of the EEA.

Any transfer of Personal Data outside of the EEA requires the prior approval of the Data Controller and shall be in accordance with the DPA and relevant parts of the GDPR.

9.          CONTACT DETAILS

For Personal Data queries arising from or in connection with this Processing and this DPA, the Controller and Data Subjects shall contact the following:

DATA PROCESSOR:

COMLINK AB (Co. reg. no. 556514-0190)
Adress: Energigatan 10B, SE-434 37 Kungsbacka, Sweden
Web: www.comlink.se
Email: info@comlink.se
Tel: +46 (0)31-208600
Appointed Contact person Peder Kierkemann
Email: peder@comlink.se
Tel: +46 31-208600

***

Exhibit B to DPA

DATA SECURITY STANDARDS


As of the Effective Date of the DPA, the Data Processor, when Processing Personal Data on behalf of the Data Controller in connection with the Service, the Data Processor shall implement and maintain the following technical and organizational security measures for the Processing of such Personal Data (“Security Standards”).

Terms defined in the DPA shall have the same meaning in this Exhibit.

1.          PHYSICAL ACCESS CONTROLS

The Data Processor shall take reasonable measures to;

(a)     prevent physical access, such as security personnel and secured buildings, and

(b)     prevent unauthorized persons from gaining access to Personal Data or ensure third parties operating data centres on its behalf are adhering to such controls.

2.          SYSTEM ACCESS CONTROLS

The Data Processor shall take reasonable measures to prevent Personal Data from being used without authorization. These measures shall vary based on the nature of the Processing undertaken and may include, among other;

(a)     controls,

(b)     authentication via passwords and/or two-factor authentication,

(c)     documented authorization processes,

(d)     documented change management processes, and/or,

(e)     logging of access on several levels.

3.          DATA ACCESS CONTROLS

The Data Processor shall take reasonable measures to provide that;

(a)     Personal Data is accessible and manageable only by properly authorized staff,

(b)     direct database query access is restricted, and application access rights are established and enforced to ensure that persons entitled to use a data processing system only have access to the Personal Data to which they have privilege of access, and

(c)     Personal Data cannot be read, copied, modified or removed without authorization in the course of Processing.

4.          TRANSMISSION CONTROLS

The Data Processor shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of Personal Data by means of data transmission facilities is envisaged so Service Data cannot be read, copied, modified or removed without authorization during electronic transmission or transport.

5.          INPUT CONTROLS

5.1       The Data Processor shall take use commercial best efforts to provide that it is possible to check and establish whether and by whom Service Data has been entered into data processing systems, modified or removed.

5.2       The Data Processor shall take reasonable measures to ensure that;

(a)     the Personal Data source is under the control of the Data Controller; and

(b)     Personal Data integrated into the Service is managed by secured transmission from the Data Controller for interactions with Data Processor’s User Interface (“UI”) or Application Programming Interface (“API”).

6.          DATA BACKUP

Back-ups of the databases in the Service are taken on a regular basis, are secured, and encrypted to ensure that Personal Data is protected against accidental destruction or loss.

7.          LOGICAL SEPARATION

Personal (Service) Data from different data controller’s and their respective users is logically segregated on systems managed by the Data Processor to ensure that Personal Data that is collected by different data controllers is segregated from one another.

***

 

Exhibit C to DPA

 

JOINT DATA CONTROLLER AGREEMENT
(Version 1:2019)


Notice:

This Joint Data Controller Agreement (“JDCA”) shall apply to each data controller (each delegating data controller) who is using a subscribed (licensed) service (SaaS) and who also to another data controller delegates access and shared use of cloud entities within the service, or part thereof, being joint data controllers jointly determining the purposes and means of processing of (same) personal data, pursuant to Article 26 of the EU General Data Protection Regulation 2016/679 (GDPR). In the event there is no such joint data control this JDCA shall not apply.

This JDCA defines the relationship between two joint data controllers and creates the legal framework for the joint data controllers in a manner compliant with GDPR. This JDCA determines the joint data controllers’ respective responsibilities for compliance with the obligations under the GDPR, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information.

By accepting this JDCA the Joint Data Controllers (the delegating joint data controller and the data controller being delegated to) are unconditionally consenting to be bound by and is becoming parties to this JDCA. If both joint data controllers do not unconditionally agree to all terms of this JDCA there will be no access to and right to use any delegated rights to the licensed service.

By delegation of a Cloud Entity the delegating Data Controller and the third party data controller being delegated to (receiver) are automatically becoming Joint Data Controllers under GDPR regarding the Personal Data related to the shared Cloud Entity, and also the JDCA accepted by the Joint Data Controllers shall come into full effect and shall apply between the Joint Data Controllers. The JDCA can be terminated at any time; by the delegating Data Controller by retracting the delegation, or by the receiving data controller by deleting the Cloud Entity from the receiving account.

In connection with an audit or a complaint or part of a complaint by a data subject, the joint data controllers must notify the essence of or provide access to this JDCA as in effect between the joint data controllers.

Should European Parliament and/or the Council pass new regulations and/or issue any guidelines which contains terms that conflict with those used in this JDCA, such terms in this JDCA shall be changed or otherwise interpreted and applied strictly in accordance with any such new regulation and guideline.

DEFINITIONS

All capitalized terms used in this JDCA shall have the meanings given to them below:

Cloud Entity” means entities added to the Data Controller’s account to which Personal Data may be associated and/or processed.

Data Controller” has the meaning given in GDPR (and, for the purpose of this DPA, means the party licensing and using the Service).

Data Processor” has the meaning given in GDPR (and, for the purposes of this JDCA, Comlink AB, co. reg. no. 556514-0190, Energigatan 10B, SE-434 37 Kungsbacka, Sweden).

Data Security Breach” means accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access of Personal Data.

Data Subject” means an individual who is the subject of Personal Data.

DPA” means the Data Processing and Data Security Agreement together with its annexes, as supplemented and amended from time to time, as in effect between each of the Joint Data Controllers and the Data Processor.

EEA” means the European Economic Area.

EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each member state and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR.

GDPR” means EU General Data Protection Regulation 2016/679.

JDCA” means this joint data controller agreement between the Data Controller and each third part data controller (whom is also bound by the DPA), creating the legal framework between such Joint Data Controllers for delegated access to and shared use of Cloud Entities and the joint use and processing of (same) Personal Data.

Joint Data Controller” has the meaning given in GDPR (and, for the purposes of this JDCA, the Data Controller and such third party (each a joint data controller) that under an arrangement are jointly determining the purposes and means of Processing of Personal Data in and for the Service).

Personal Data” means any information relating to an identified or identifiable natural person, where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing” means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Service” mean the Data Processor’s proprietary Software-as-a-Service and (as applicable) Cloud Sourcing services that are ordered by Data Controller through a link or via an order form and made available online by Data Processor, via the applicable subscriber login link and other web pages designated by Data Processor or Data Processor’s reseller/channel partner.

Subscription Agreement” means the agreement and terms and conditions under which the Data Controller is subscribing and granted licensing rights to use the Service.

Supervisory Authority” means any Data Protection Supervisory Authority with competence over Data Controller, Joint Controllers, Data Processor and any sub-processor Processing of Personal Data.

1.          GENERAL TERMS AND CONDITIONS

1.1       Subject to GDPR Article 26, where two or more Data Controllers jointly determine the purposes and means of Processing, they shall be Joint Data Controllers.

1.2       Joint Data Controllers shall determine their respective responsibilities for compliance with the obligations under GDPR, in particular as regards the exercising of the rights of the Data Subject and their respective duties to provide the information referred to in GDPR Articles 13 and 14, by means of an arrangement between the Joint Data Controllers unless, and in so far as, the respective responsibilities of the controllers are determined by Union or member state law to which the controllers are subject.

1.3       The arrangement referred to in Section 1.2 shall duly reflect the respective roles and relationships of the joint controllers vis-à-vis the data subjects. The essence of the arrangement shall be made available to the data subject.

1.4       Irrespective of the terms of the arrangement between the Joint Data Controllers, the data subject may exercise his or her rights under GDPR in respect of and against each of the Joint controllers.

1.5       The ‘internal’ distribution of responsibilities in the Joint Data Controller arrangement does not prevent the supervisory authority from exercising its powers vis-à-vis each of the Joint Data Controllers.

2.         GENERAL DISTRIBUTION OF RESPONSIBILITIES AND LIABILITIES

2.1       The Joint Data Controllers agree that in connection with the use of the Service and Personal Data, they are Joint Data Controllers. The assessment shall take into account:

(a)     All relevant Data Subjects that the Joint Data Controllers have access to and use for the Service and Personal Data

(b)     In connection with the Joint Data Controllers’ access to the Service and Personal Data, they have access to Personal Data of all relevant Data Subjects.

2.2       The Joint Data Controllers agree on the following joint rules and guidelines for the Joint Data Controllers’ use of the Personal Data, including, as applicable, access restrictions for certain types of Personal Data.

2.3       The Joint Data Controllers acknowledge that they are bound by the DPA and that they have accepted the Data Processor (Comlink AB) for Processing of the Joint Data Controllers Service Data and Personal Data.

2.4       The Joint Data Controllers shall each have one designated contact point for Data Subjects, always provided that Data Subjects can exercise their rights under the GDPR vis-à-vis each individual Joint Data Controller.

2.5       The Joint Data Controllers are each responsible for the Data Subjects with whom the individual Joint Data Controller collects Personal Data, including the responsibility to inform the Data Subject of the Processing and the rights of the Data Subject;

(a)     to ensure that the necessary authority exists for the Processing of the registered Personal Data, including the obtaining of consent, and

(b)     that Personal Data is erased when they are no longer necessary.

2.6       Each Joint Data Controller who obtains specific data from sources other than the Data Subject is responsible for informing the Data Subject accordingly.

3.          PRINCIPLES AND AUTHORITY TO PROCESS DATA

3.1       Each Joint Data Controller who obtains specific or sensitive data is responsible for ensuring that there is a valid legal ground for Processing and for documenting this to both Supervisory Authority and the Data Subject.

3.2       Each Joint Data Controller is responsible for compliance with the principles for the Processing, insofar as the rules apply to the individual Joint Data Controller’s areas of responsibilities.

4.          RIGHTS OF THE DATA SUBJECTS

4.1       Each Joint Data Controller is responsible for ensuring the rights of the Data Subjects in accordance with the provisions of the GDPR, this JDCA and the DPA, including but not limited to;

(a)     duty of disclosure when collecting Personal Data from the Data Subject,

(b)     duty of disclosure if Personal Data are not collected from the Data Subject,

(c)     right of access by the Data Subject,

(d)     right to rectification,

(e)     right to erasure (the right to be forgotten),

(f)      right to restriction of Processing,

(g)     notification obligation regarding rectification or erasure of Personal Data or restriction of Processing,

(h)     right to data portability (but not for public authorities), and

(i)      right to object to Processing.

4.2       If one of the Joint Data Controllers receives a request or inquiry from a Data Subject regarding matters covered by another Joint Data Controller’s responsibilities, see above, the request is forwarded to such Joint Data Controller without undue delay.

4.3       Each Joint Data Controller is responsible for assisting each other to the extent this is relevant and necessary in order for both parties to comply with their obligations to the Data Subjects.

5.          SECURITY OF PROCESSING AND PROOF OF COMPLIANCE WITH THE GDPR

5.1       Taking into account the nature, scope, context and purposes of Processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, each Joint Data Controller must implement appropriate technical and organisational measures and appropriate data protection policies to ensure and to be able to demonstrate that Processing is performed in accordance with the GDPR, DPA and the JDCA. Those measures must be reviewed and updated where necessary (GDPR Article 24). Each Joint Data Controller shall must have appropriate procedures for the handling of security breaches, requests for access and compliance with the duty of disclosure, in accordance with the GDPR, DPA and the JDCA.

5.2       The Joint Data Controllers are jointly responsible for compliance with the provision on data protection by design and by default in GDPR Article 25.

5.3       Each Data Controller is responsible for compliance with the requirement for security of Processing in GDPR Article 32. This involves that, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Joint Data Controllers must implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. Consequently, each Joint Data Controller must make (and be able to document) a risk assessment, and subsequently implement measures to mitigate the risks identified.

6.          USE OF DATA PROCESSORS AND SUB-PROCESSORS

The Data Controllers shall not be entitled to use other data processors and/or sub-processors than the Data Processor in connection with the use of the Service.

7.          RECORD

7.1       Each Joint Data Controller is responsible for compliance with the requirement for records of Processing activities in GDPR Article 30. Each Joint Data Controller shall prepare records of the Processing activities, for which the parties are Joint Data Controllers.

7.2       The Joint Data Controllers shall inform each other about the contents of the above records.

7.3       On the basis of the contents of each other’s records, each Joint Data Controller shall prepare their own records of the Processing activities covered by this JDCA and the DPA.

8.          NOTIFICATION OF A PERSONAL DATA BREACH TO THE SUPERVISORY AUTHORITY

8.1       Each Joint Data Controller is responsible for compliance with GDPR Article 33 on notification of a Personal Data breach to the Supervisory Authority.

8.2       The Joint Data Controller with whom a Personal Data Breach was committed or from whom the reason for the breach originates is responsible for notifying the Personal Data Breach to the Supervisory Authority.

8.3       Immediately after having become aware of a Data Security Breach, the Joint Data Controller must inform the other Joint Data Controller of the breach. The other Joint Data Controller must be kept informed of the process after the discovery of the Personal Data breach and will receive a copy of the notification to the Supervisory Authority.

8.4       If the reason for the breach is not immediately attributable to one of the Joint Data Controllers, the (delegating) Data Controller is responsible for notifying the Data Security Breach to the Supervisory Authority.

9.          COMMUNICATION OF A PERSONAL DATA BREACH TO THE DATA SUBJECT

9.1       Each Joint Data Controller is responsible for compliance with GDPR Article 34 on communication of a Personal Data breach to the Data Subject.

9.2       If a Personal Data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Joint Data Controller with whom the Personal Data Breach was committed, or from whom the reason for the breach originates is responsible for communicating the Personal Data Breach to the Data Subjects affected.

9.3       If the reason for a Personal Data Breach is not directly attributable to one of the Joint Data Controllers, and the breach is likely to result in a high risk to the rights and freedoms of natural persons, (original) Data Controller (being party to the DPA) is responsible for communicating the Personal Data Breach to Data Subjects affected.

10.       DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

10.1     Each Joint Data Controller is responsible for compliance with the requirement in GDPR Article 35 on data protection impact assessment. Where a type of Processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the Processing, is likely to result in a high risk to the rights and freedoms of natural persons, the Joint Data Controllers must, prior to the Processing, carry out an assessment of the impact of the envisaged Processing operations on the protection of Personal Data.

10.2     Likewise, the Joint Data Controllers are obliged to comply with the requirement in GDPR Article 36 on prior consultation of the Supervisory Authority when this is relevant.

11.       TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

11.1     The Joint Data Controllers may decide that Personal Data can be transferred to third countries or international organisations.

11.2     Each Joint Data Controllers are responsible for compliance with the requirements in GDPR Chapter V if Personal Data are transferred to third countries or international organisations.

11.3     Each Joint Data Controller is responsible for its own Personal Data transfers to third countries, including for ensuring that a legal basis for transfer exists and that GDPR Chapter V has been observed.

12.       COMPLAINTS

12.1     Each Data Controller is responsible for the handling of any complaints from Data Subjects if the complaints relate to the infringement of provisions in the GDPR, for which the Data Controller is responsible as given by this JDCA.

12.2     If one of the Joint Data Controllers receives a complaint which should rightfully be handled by the other Joint Data Controller, the complaint is forwarded to such Joint Data Controller without undue delay.

12.3     If one of the Joint Data Controllers receives a complaint, part of which should rightfully be handled by the other Joint Data Controller, such part is forwarded for reply by the Joint Data Controller without undue delay.

12.4     In connection with the forwarding of a complaint or part of a complaint to the other Joint Data Controller, the Data Subject must be notified about the essence of this JDCA between the Joint Data Controllers.

12.5     Generally, the Joint Data Controllers inform each other about all complaints received.

13.       INFORMATION OF THE OTHER PARTIES

The Joint Data Controllers shall inform each other about matters of the essence to the joint Processing, this JDCA and the DPA.

14.       COMMENCEMENT AND TERMINATION

14.1     The JDCA (agreement) shall enter into force at the time of both Joint Data Controllers’ acceptance by means acceptable to the parties.

14.2     The JDCA shall be in force as long as relevant Personal Data for the Cloud Entity is being jointly processed, or until the arrangement is replaced by a new arrangement determining the distribution of responsibilities in connection with Processing.

14.3     The JDCA is terminated either by the delegating Data Controller by retracting the delegation or recipient by deleting the Cloud Entity from their account.

15.       GOVERNING LAW AND JURISDICTION

15.1     This JDCA (agreement) shall be governed by the laws of the country within the EEA where the delegating Data Controller is registered or incorporated, and in the absence of such a country the substantive laws of Sweden shall apply, and the parties irrevocably submit to the exclusive jurisdiction of the courts of such jurisdiction and any court of appeal therefrom.

15.2     For the avoidance of doubt, this Section shall not be construed or interpreted as limiting Data Subjects rights to enforce their rights under the GDPR, such as to bring actions in other jurisdictions.

***

PERSONUPPGIFTS­POLICY

2018-04-01

Comlink AB (“Bolaget”) åtar sig att hantera personuppgifter i enlighet med svensk lagstiftning.
Du (“Användaren”) ansvarar för att de uppgifter som lämnas vid registrering eller vid avtalets ingående är korrekta. I samband med Användarens registrering kan Användarens namn,
adress, telefonnummer och e-postadress komma att lagras i syfte att kommunicera direkt med Användaren samt för att säkerställa att Tjänsten kan användas på ett ändamålsenligt sätt.

Bolaget samlar in och lagrar registrerade personuppgifter i syfte att tillhandahålla företagets tjänster till Användaren.
Personuppgifterna kan komma att användas för att i framtiden kommunicera med Användaren kring företagets verksamhet gällande nya Produkter och/eller Tjänster.
Användaren godkänner att Bolaget har rätt att kommunicera med Användaren via fysisk post, telefon eller e-post för att upplysa om förändringar, erbjudanden eller annat som kan vara
kopplat till tjänsten och/eller avtalet. Om Användaren inte önskar att få erbjudanden från Bolaget under avtalsperioden eller efter det att avtalet upphört kan Användaren tacka nej till detta genom att kontakta Bolaget direkt.

Bolaget förbehåller sig rätten att lämna ut personuppgifter till tredje part för att exempelvis fullgöra företagets tjänster eller att kommunicera med Användaren kring våra produkter.
Bolaget förbehåller sig även rätten att behålla kunduppgifterna efter det att avtalet har upphört för att undvika upprepat utnyttjande av introduktions-, kampanj- och premieerbjudanden.
Användaren ansvarar själv för att hålla sina uppgifter på kontot och på Hemsidan uppdaterade. Detta i syfte att Bolaget eller Bolagets återförsäljare ska kunna fullfölja sina åtaganden.

Bolaget ansvarar inte för fel i Tjänsten och eventuella konsekvenser av dessa fel om felen härstammar från inaktuella kunduppgifter.
Användaren har närsomhelst rätt att begära information om de uppgifter Bolaget har lagrat om Användaren. Användaren kan välja att, oberoende av om uppgifterna är felaktiga, ofullständiga eller irrelevanta,
få uppgifterna raderade i enlighet med svensk lagstiftning. Detta kan dock komma att påverka företagets möjlighet att tillhandahålla Tjänsten.

Bolaget använder sig av cookies på sin Hemsida och Tjänst.
Enligt lagen om elektronisk kommunikation ska alla som besöker en webbplats med cookies få tillgång till information om att webbplatsen innehåller cookies och vad ändamålet med dessa är.
Användaren ska också ges möjlighet att samtycka till om cookies ska få lagras på datorn.

Bolaget använder två typer av cookies. Varaktiga cookies, som är en textfil som lagras på din dator samt tillfälliga cookie, s k sessions-cookies, som endast lagras temporärt och försvinner när Användaren stänger ner webbläsaren.
Bolaget använder dessa två typer av cookies dels för att optimera Hemsidans och Tjänstens funktion, och dels för att kunna analysera statistik så Bolaget i sina kontakter med Användaren ska kunna ge bästa möjliga service och erbjudanden.
För att ges tillgång till Tjänsten krävs att Användaren godkänner Bolagets cookies.

Genom att använda Tjänsten samtycker Användaren till att Bolaget använder sig av cookies för att kunna erbjuda Användaren Tjänsten och bästa möjliga upplevelse.

ALLMÄNNA VILLKOR RÖRANDE PRODUKT

2018-04-01

1. ALLMÄNT

1.1. Dessa allmänna villkor (“Avtalet”) är tillämpliga vid köp av Comlink AB:s (“Bolaget”) produkter som levereras till kund (”Användaren”). Avtalet avser produkt som tillverkats och framställts av Bolaget (”Produkten”). Avtalet består av detta dokument och tillhörande Personuppgiftspolicy.

1.2. Bolagets kunder och därmed användare bekräftar genom godkännande av detta Avtal att deras slutanvändare av Bolagets Produkt samtycker i enlighet med Avtalet.

1.3. Mot bakgrund av detta Avtal, och så länge Avtalet är giltigt, ger Bolaget rätten att för Användaren använda produkten och tillhörande varumärken.

1.4. Användaren bekräftar att den har läst och förstått Avtalet, accepterar Avtalet och samtycker till att vara bunden av det.

1.5. Bolaget och Användaren benämns även i Avtalet gemensamt ”Parterna” eller var för sig ”Part”.

2. KONTAKTUPPGIFTER

2.1. Om Användaren eller tredje part skulle ha några frågor angående Produkten, Avtalet eller nedanstående villkor används följande kontaktinformation för att kontakta Bolaget.
Comlink AB Energigatan 10b 434 37 Kungsbacka
info@comlink.se 031–208600

3. HANTERING AV PERSONUPPGIFTER

3.1. Se till dessa Allmänna villkor Bilaga 1 ”Personuppgiftspolicy”.

3.2. Bolaget ska säkerställa att hantering av personuppgifter sker över en krypterad http- anslutning och att informationen säkerhetskopieras på ett säkert sätt.

4. ÅTAGANDEN

4.1. Användaren garanterar genom ingående av detta Avtal att den är behörig att sluta Avtalet.

4.2. Med behörig avses dels att Användaren har fyllt sexton (16) år samt att Användaren enligt svensk lagstiftning har rättshandlingsförmåga.

4.3. Respektive Part svarar för sina kostnader som kan uppkomma i samband med genomförandet av detta Avtal om inte Parterna särskilt kommer överens om annat.

4.4. Användaren som ska sälja och distribuera Produkten ska följa de instruktioner som följer av produktbeskrivningar och som anges för marknadsföring och återförsäljning.

4.5. Användare ska förse Bolaget med tillräcklig information och medverka till köpet på så sätt som krävs för fullgörande av villkoren enligt detta Avtal.

4.6. Användaren ansvarar för att Produkten installeras och funktionstestas enligt Bolagets anvisningar. Skada som uppkommer till följd av felaktig installation ska ej belastas Bolaget.

5. BOLAGETS ANSVAR

5.1. Bolaget är skyldig att avhjälpa eventuella fabrikationsfel och reparera alternativt ersätta felaktig produkt med en ny. Ansvaret ska gälla inom garantitiden som följer av punkt 9 i Avtalet.

5.2. Användaren har rätt till Bolagets kontaktuppgifter och, om en tredje part har åtkomst till uppgifterna, även kontaktuppgifter till tredje part. Vid förekomst av automatiserat beslutsfattande ska Användaren meddelas.

6. BETALNING

6.1. Betalning sker mot erhållen faktura. Faktura ska betalas så att fakturabeloppet finns tillgängligt på Bolaget bankkonto senast 30 dagar från fakturadatum.

6.2. Felaktighet i en faktura måste reklameras senast på förfallodagen. Om reklamation inte har gjorts i tid kan inte Användaren göra felet gällande.

6.3. Vid försenad betalning erhåller Bolaget rätt att ta ut dröjsmålsränta enligt Räntelagen (1975:635).

6.4. Aktuella priser på Bolagets Produkter lämnas av Bolaget enligt överenskommelse med Användaren. Bolaget äger rätt att ändra priser utan föregående avisering.

7. LEVERANS

7.1. Bolaget förbinder sig att, enligt dessa allmänna villkor, leverera produkt som beställts av Användaren. Leveranstid anges i Bolagets orderbekräftelse.

7.2. Bolaget ansvar inte för leveransförsening oavsett om förseningen beror på försening hos transportör eller annat förhållande.

8. AVTALSTID

8.1. Genom att genomföra ett köp hos Bolaget accepterar Användaren dessa allmänna villkor. Avtalet träder ikraft när Användaren betalat den första fakturan och fakturabeloppet finns tillgängligt på Bolagets bankkonto. Avtalet gäller därefter tillsvidare.

8.2. Avtalet kan sägas upp av båda parter med en uppsägningstid om 12 månader. Under uppsägningstiden gäller villkoren i detta Avtal. Uppsägning ska ske skriftligt.

9. REKLAMATION OCH GARANTI

9.1. Användaren ska vid mottagandet kontrollera Produkten. Om Produkten är felaktig ska Användaren omedelbart meddela Bolaget. Reklamerar Användaren inte inom 30 dagar från det att han tagit del av Produkten, förlorar han rätten att åberopa felet.

9.2. Transportskada ska på ankomstdagen vid leverans anmälas till transportör samt till Bolaget.

9.3. Fabrikationsfel som visar sig inom garantitiden om 1 år, ska Bolaget ansvara för om det inte är uppenbart att felet uppkommit på grund av Användaren eller något på dennes sida.

10. IMMATERIELLA RÄTTIGHETER

10.1. Bolaget äger samtliga immateriella rättigheter till Produkten, inklusive, men inte begränsat till, design, konstverk, funktionalitet och dokumentation. Användaren får inte kopiera, modifiera, eller rekonstruera någon del av Produkten.

10.2. Användaren godkänner att Bolaget vid behov hämtar och använder statistik från bland annat tredje part i syfte att förbättra Produkten.

10.3. Bolaget och Användaren åtar sig att respektera tredje mans immateriella rättigheter och egendom. Om Användarens arbete har kopierats eller kränkts på ett sätt som utgör intrång i dennes immateriella rättigheter, bör Användaren informera Bolaget inom skälig tid.

11. SEKRETESS

11.1. Parterna förbinder sig att inte, varken under Avtalets giltighet eller därefter, för utomstående avslöja sådan information som Parterna erhållit från den andra Parten och som är av sådan art att den är att betrakta som Parts affärshemlighet. Part ska också vidta erforderliga åtgärder för att förhindra att sådana affärshemligheter avslöjas för utomstående. Med Parts affärshemlighet avses sådan information som Parten själv inte gjort allmänt känd eller gjorts allmänt känd av andra Parten genom brott mot detta Avtal.

11.2. I de fall Bolaget enligt lag är skyldig att lämna uppgifter anses Användaren ha samtyckt till att sådan uppgift lämnas. Sådana uppgifter kan avse, men är ej begränsat till, fakturerade belopp till Skattemyndigheten.

12. AVTALSBROTT OCH SKADESTÅND

12.1. Om någon av Parterna väsentligt bryter mot villkor i detta Avtal har den andre Parten rätt att säga upp avtalet med omedelbar verkan. Den skadelidande Parten ska av den andra Parten i detta Avtal erhålla skäligt skadestånd för sådant som uppstår på grund av avtalsbrottet.

12.2. Om Bolaget väljer att lägga ned sin verksamhet, hamnar i obestånd eller går i konkurs ska detta Avtal upphöra att gälla med omedelbar verkan. Skadestånd till följd av detta ska inte utgå till Användaren.

12.3. Vid avtalsbrott ska den skadegörande Parten ersätta direkt skada som åsamkats den skadelidande.

13. FORCE MAJEURE

13.1. Om Parts fullgörande av sina åtaganden enligt Avtalet väsentligen förhindras eller försvåras av en omständighet som ligger utanför Parts kontroll, såsom, men ej begränsat till, lagbud, personalavgång, arbetskonflikt, naturkatastrof, krig eller myndighetsbestämmelser och vars följder Part inte skäligen kunnat undvika eller förhindra, ska detta utgöra befrielsegrund för ansvar för dröjsmål, skadestånd och/eller annan påföljd.

14. ANSVARSBEGRÄNSNINGAR

14.1. Detta Avtal reglerar endast förhållandet mellan Bolaget och dess Användare.

14.2. Bolaget ansvarar inte under några omständigheter för Användarens uteblivna vinst, intäkt, besparing, goodwill eller annan förlust på grund av driftavbrott, förlust av data, Användarens eventuella ersättningsskyldighet gentemot tredje man eller indirekt skada eller följdskada.

14.3. Användaren ska ej hålla Bolaget ansvarig för skada som åsamkas tredje part, till följd av brister i Produkten som går att härledas till felinstallation, uteblivet funktionstest och/eller annan händelse som står utom Bolagets kontroll.

14.4. Bolagets sammanlagda och totala ansvar ska inte i något fall överstiga ett prisbasbelopp.

14.5. Bolaget utfärdar inga garantier för Produkten utöver vad som framgår av dessa Allmänna villkor.

15. ÖVERLÅTELSE TILL TREDJE MAN

15.1. Användarens rättigheter och skyldigheter enligt detta Avtal är personliga och får inte överlåtas till tredje man. Bolaget äger rätt att överlåta samtliga eller delar av sina rättigheter och skyldigheter enligt detta Avtal till tredje man. Bolaget äger vidare rätt att anlita underleverantörer, rådgivare och andra sakkunniga för att fullgöra sina skyldigheter enligt detta Avtal.

16. VILLKORS OGILTIGHET

16.1. Skulle något villkor i detta Avtal eller del därav befinnas ogiltigt, ska det inte medföra att Avtalet i dess helhet är ogiltigt. Parterna förbinder sig att så långt som möjligt söka jämkning i fråga om villkors ogiltighet. Är Part oense i fråga och jämkning av villkor inte kan nås gäller för vad som framgår enligt punkt 17.

17. TVIST OCH TOLKNING

17.1. Detta Avtal och eventuella särskilda villkor hänförliga till Produkten ska tolkas och regleras i enlighet med svensk rätt.

17.2. Tvist med anledning av detta Avtal eller eventuella särskilda villkor hänförliga till Produkten ska avgöras genom skiljedom enligt Skiljedomsregler för Stockholms Handelskammares Skiljedomsinstitut. Sätet för skiljeförfarandet ska vara Göteborg. Det språk som ska användas är svenska.

17.3. Skiljeförfarandet och all information som framkommer eller utväxlas under förfarandet, liksom varje beslut eller skiljedom som meddelas under förfarandet, ska behandlas konfidentiellt och får inte röjas för tredje man utan motpartens uttryckliga medgivande. En Part ska emellertid inte vara förhindrad att röja sådan information för att tillvarata sin rätt i förhållande till den andra Parten eller en försäkringsgivare eller om Parten är skyldig att röja informationen enligt tvingande lag, förordning eller börsregler.

18. FULLSTÄNDIG REGLERING

18.1. De allmänna villkoren i detta Avtal utgör hela Avtalet mellan Användaren och Bolaget och ersätter alla eventuella tidigare överenskommelser, skriftliga eller muntliga, mellan Användaren och Bolaget som rör Produkten.

CONFLICT MINERALS SOURCING POLICY
(Version 1:2019)


Conflict minerals are defined by the SEC as columbite-tantalite (coltan), cassiterite, gold, wolframite, or their derivatives, which are limited to tantalum, tin, gold and tungsten. Conflict minerals originating in the Democratic Republic of the Congo (“DRC”) or an adjoining country, collectively defined as the “Covered Countries” may sometimes be mined and sold, “under the control of armed groups”, to “finance conflict characterized by extreme levels of violence”. Some of these minerals can make their way into the supply chains of the products used around the world, including those in the electronics industry.

Comlink AB’s suppliers acquire and use conflict minerals from multiple sources worldwide. As part of Comlink AB’s commitment to corporate responsibility and respecting human rights in our own operations and in our global supply chain, it is Comlink AB’s goal to use tantalum, tin, tungsten and gold in our products that do not directly or indirectly finance or benefit armed groups in the Covered Countries while continuing to support responsible mineral sourcing in the region. Comlink AB expects our suppliers to have in place policies and due diligence measures that will enable us to reasonably assure that products and components supplied to us containing conflict minerals are DRC conflict free.

Comlink AB expects our suppliers to comply with the EICC Code of Conduct and conduct their business in alignment with Comlink AB’s supply chain responsibility expectations.

In support of this policy, Comlink AB will:

–  Exercise due diligence with relevant suppliers consistent with the OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas and encourage our suppliers to do likewise with their suppliers.

–  Provide, and expect our suppliers to cooperate in providing, due diligence information to confirm the tantalum, tin, tungsten and gold in our supply chain are conflict free.

–  Collaborate with our suppliers and others on industry-wide solutions to enable products that are DRC conflict free. Commit to transparency in the implementation of this policy by making available reports on our progress to relevant stakeholders and the public.

For questions and further information, please contact:

Comlink AB
Energigatan 10B
434 37 Kungsbacka
Sweden
+46 (0)31 208600