Description
This is the Main Agreement between you, the Customer and us, Digital Brain Nordic, organizational number 556684-3610 located in Gothenburg, Sweden (Brain) in regard to our service Strategic Audience Map (SAM). This Main Agreement is supplemented by our “General Terms & Conditions” (T&C) and any appendixes in this agreement or in other appendixes mentioned in these agreements.
The Service
Strategic Audience Map is a Software as a Service (SaaS) type of product where the services are delivered through an online application and web interface to our customers. The service Is multifaceted and is developed over time to add additional value, features and services to our customers. The latest version and description of the service is always available to you through our web interface.
Main features, but not limited to:
1st Party Data
SAM offers a wide array of ways for you to leverage your 1st party data into easily understandable insights that you can act upon in both online and offline marketing. As an online service these ways are constantly refined and updated, and new ways made available continuously. Our latest updated matching services will always be available in our systems web interface, that you have access to through your subscription.
Online Integration
Your subscription gives you access to our online integration service that allows you to leverage your 1st party browser data into enriched data and insights. This integration leverages data such as IP-address, site behavior and browser identifiers into geographical data. This integration also allows for you to push your 1st party user generated and declared data into the system, such as zip codes, address, logins or other personal identifiers.
Customer or CRM data
Your subscription also gives you access to the matching and analysis of customer files. This makes it possible for you to compare your customers with your traffic and campaigns. This feature is provided to you at a per upload price and is not a part of the subscription fee, unless specified and agreed upon otherwise. The current price for this feature is always specified in the web interface.
Campaign data
Another part of our service is validation of your campaigns and online marketing, this is done through script integrations into your ads and online campaigns. This lets you leverage your 1st party campaign data into insights. This is offered at a per campaign cost basis, unless specified otherwise. The current price is always specified in the web interface.
3rd Party Data
Mosaic™ Lifestyles
Mosaic™ Lifestyles is a consumer classification that is trademarked and provided in SAM by InsightOne Nordic (ION) in the Nordic countries. Mosaic™ Lifestyles consists of consumer groups and consumer sub-types and is the result of 20 years’ experience of handling consumer data and combining hundreds of different data sources into geographically coded classifications. In the SAM the Mosaic™ Lifestyles are matched to your visitors, users, customers and web traffic through geographical Mosaic™ lookup provided by ION (this may be by means of full address, part of address or other personal identifiers of your customers that you input through the SAM-service integrations or is generated by the SAM-service). The quality and the relevance of the Mosaic™ Lifestyles classifications are controlled and maintained by ION.
As a customer of InsightOne you are able to visualize your customers based on the Mosaic™ Lifestyles you have added to your CRM, through a simple file upload. Making the job of explaining, visualizing and sharing your CRM-insights so much easier. And making it possible to compare your CRM-segmentations with your online traffic and campaigns.
Mosaic™ Licenses
Brain is an official re-seller to ION of Mosaic™ Lifestyles data in the Nordics, this without making any claims to the Mosaic trademark or data, with clearly defined limitations in the rights of usage of the Mosaic™ Lifestyles data. These rights are limited to the visualization of your Mosaic™ enriched 1st party data in the SAM-service.
The Mosaic™ Lifestyles license for the SAM-service subscription is included in the subscription fee that you pay for the SAM-service. Some additional services may require that you as a customer acquire a Mosaic™ license through an agreement directly with ION, should this be needed we will inform you of this prior to any such purchase and provide you with the necessary agreement(s).
Visualization and Insights
An important part of the service is the visualization of your 1st and enriched 3rd party data. This allows for simplification in the generation and sharing of your customer Insights. If you can see it, you can understand it. SAM and Mosaic™ Lifestyles makes the customers part of your everyday work, creating business power from your 1st party data, the power that comes from controlling your marketing data.
Marketing
The insights generated in SAM are insights that you can act on! We provide certain marketing service on a per service base, please contact us if you want to activate your Insights into targeted marketing efforts. We may provide certain marketing services within the SAM-service, that you can manage yourself, this will be priced on a per campaign basis.
Pricing
SAM is a SaaS-service, this is the modern way of providing software to customers. We provide this service on a subscription base with additional purchases available inside our service. You can choose a monthly subscription or longer period subscriptions, always with the option to cancel the subscription within the current subscription period. The current price is always available in our web interface and/or on our website(s). This pricelist is valid unless we have agreed otherwise in writing.
General Terms and conditions
-
General
- These general terms and conditions (the “T&C”) apply to all agreements regarding the use of the Service. The Service is provided by Digital Brain Nordic AB, with Swedish company reg. no. 556684-3610, (“Brain”) to the Customer, in accordance with the Agreement.
- These T&C shall also apply to any other or additional service provided by Brain to the Customer, such as consultancy services, unless separate T&C are explicitly agreed between the parties.
- The Agreement consists of (i) the Main Agreement, (ii) these T&C, (iii) the DPA in Appendix 1A (iv) any other appendices mentioned in the Main Agreement or these T&C, and (v) any applicable service/product descriptions referred to within the aforesaid documents (collectively referred to as the “Agreement”).
-
Definitions
-
“Connection Point” means the point or points where Brain connects the Service to a public electronic communications network, unless otherwise agreed.
-
“Customer” means the company defined as Customer in the Main Agreement.
-
“Customer Data” means any data or information, including personal data and technical information relating to the Customer, or its customers, employees or equipment, provided to Brain by, or on behalf of, the Customer, by use of the Service.
-
“Documentation” means any manual, instruction orother documentation related to the Service the Brain website(s) https://brainnordic.com/ , https://strategicaudiencemap.com or otherwise disclosed by Brain to the Customer, including updates of such documents that Brain duly notifies the Customer about.
-
“User Support” means general information and guidance that Brain provides to the Customer in response to support requests by the Customer in relation to the Service as prescribed in the Agreement or any agreed upon support level agreement. For the avoidance of doubt, User Support shall not include further services provided by Brain in connection with the Customer’s support requests, such as specific configurations, integrations or adaptions of the Service or other consultancy services.
-
“Main Agreement” means the contract between the Customer and Brain that includes Customer details and specific terms in regard of the Service, which is constituted by either a document signed by the Customer or, an offer provided by Brain and accepted by the Customer by acceptance or payment, or a web form at Brain’s website where the Customer have provided its credentials and signed up for the Service.
-
“Third Party Services” means any web or other software services or applications that utilize or interact with the Service, including all software, content, services, purchase of media, technology, data and other digital materials included or made available therein, created, offered, supported and maintained by third parties.
-
“Trackers” means cookies and pixels or similar technologies including applicable scripts for such technology. Read about how to communicate the use of cookies for the Service in Appendix 2A.
-
“Service” means the service (that may several services, sold separately) or part thereof, provided at the Connection Point as a cloud-based software (SaaS) by Brain to the Customer under this Agreement. Brain provides different versions of the Service. The Customer’s set up of the Service is detailed in the Main Agreement.
-
The Service and Brain’s obligations
-
Brain shall provide the Customer with accounts and user rights to the Service as specified in the Agreement. Brain shall be considered to have delivered the Service at the time when Brain make the Service available at the Connection Point and activated the Customer’s account and user rights. A detailed description of the latest version of the Service is provided at the Brain website(s)https://brainnordic.com/ , https://strategicaudiencemap.com (the “Service Description”). For the avoidance of doubt, the Service shall be considered delivered in accordance with this section 3.2 irrespective of the Customer starting to use the Service or have completed any applicable installation or set up.
-
Brain shall provide the Service in accordance with the methods and standards that Brain normally uses for the Service (as set out in the Service Description) and in compliance with applicable rules and principles which constitutes good practice in the area that Brain operates.
-
Brain is constantly working to improve the Service and the Customer’s user experience. Brain shall make updates to the Service (including the Service Description) as it deems fit and inform the Customer with one week’s written notice prior to such update being released. Changes in layout or graphics as well as other updates that are not expected by Brain to materially restrict the Customer’s use of the Service may, however, be made without notice.
-
Brain may assist the Customer with connecting to the Service and will provide instructions to the Customer of how to set up applicable Trackers on the Customers website in order for the Service to work effectively. However, in accordance with section 4.4 the Customer is responsible for the customers use of the Trackers, including the legality of such use, as well for its work with implementation and installation. The Customer is responsible for providing the required information to the visitors of its website or any other individuals whose personal data is processed as a result of the use of such Trackers.
-
The parties may agree that Brain shall set up the relevant Trackers on behalf of the Customer in which case the provisions regarding responsibility in section 3.5 shall apply.
-
The parties may agree that Brain shall provide additional services, e.g. analytical tools, database services, consultancy services or specific customizations. If not otherwise agreed by the parties Brain’s at the time current pricelists shall apply for such additional services. Brain may decide on how to provide and, if applicable, how to integrate such additional services at its own discretion.
-
Brain shall provide customer support as prescribed in section 6.
-
The Security and reliability of the Service are utmost important to Brain. Brain shall ensure sufficient security for the Service by taking the necessary measures as described onBrain’s website https://brainnordic.com/ and https://strategicaudiencemap.com.
-
Use of the Service
-
The Customer shall comply with and always use the Service in accordance with the Documentation and relevant laws and regulations and bears sole responsibility for such compliance. The Customer is entirely responsible for all Customer Data and activities that occur under its account and user rights.
-
The Customer is able to grant its personnel access to the Service and distribute credentials to its users. The Customer shall ensure that only such personnel that needs to use the Service in order to perform its duties get access to the Service. All credentials to the Service are personal and may not be shared by multiple individuals. The Customer shall ensure that any access right will be removed without undue delay when a user no longer needs it, for example if the person stops working for the Customer.
-
The Customer shall provide Brain with all information reasonably requested in order to set up and provide the Service, and promptly notify Brain of any change in such information.
-
The Customer is responsible for the correct implementation and or installation on Customer’s website of any and all scripts, codes or similar provided by Brain.
-
The Service may not be used (i) for any unlawful or other purpose for which it is not intended, including to transmit, upload or post any computer viruses or other harmful files or codes; (ii) in any way so that the functionality of the Service is impaired, or in a way that is damaging or disruptive to other users or their use of the Service or equipment; (iii) in a manner that could be perceived as defamatory or offensive in any way; or (iv) in any other way that could reasonably be expected to affect Brain or the Service adversely or reflect negatively on the goodwill, name or reputation of Brain or the Service.
-
The Customer shall not copy, modify, create derivative work, reverse engineer or otherwise attempt to discover any source code of, or assign, sub-license or transfer any right in, the Service or part thereof.
-
The Customer shall indemnify Brain from and against any costs or claims, resulting from the Customer’s use of the Service in violation of the Agreement, including this section 4.
-
The Customer is responsible for (i) keeping all passwords and account details confidential; (ii) immediately notifying Brain if suspected or unauthorized access to the Service occurs, or any other breach of security; and (iii) maintaining all equipment, software, applications, communication services and routines, including the security of the Customer’s IT environment’s, required in order to use the Service or otherwise reasonably instructed by Brain from time to time. For the avoidance of doubt, Brain is not liable for the Customer’s hardware or software, including uploaded files or data, or unauthorized use of the user accounts or of the Service.
-
Prices and Payment
-
Applicable prices for the Service are set out in the Main Agreement. All prices are exclusive of VAT and similar taxes. As regards any services for which no specific price has been agreed in writing, Brain’s standard fees, applicable at the time of delivery, shall apply.
-
Unless otherwise agreed in writing, Brain’s standard fees, as applicable from time to time, shall apply to any additional services and work for which prices are not specified in the Agreement. Except for User Support, services provided by Brain in connection with support requests by the Customer are not included in the prices for the Service set out in the Agreement.
-
Any overdue payment shall carry interest in accordance with the Swedish Interest Act (SFS 1975:635). In addition to other available remedies, Brain may, if full payment is not received when due and the Customer have not made correction despite Brain’s reminder, suspend the Service, and/or terminate the Agreement with immediate effect pursuant to section 7, provided that such obligation to pay is not disputed on objective and reasonable grounds due to Brain’s breach of the Agreement.
-
Brain may from time to time (with effect from the Customer’s next payment period) adjust the prices set out in the Agreement by giving the Customer notice at latest fourteen (14) days prior to such changes takes effect. If the Customer does not accept the price changes it is entitled to terminate the Agreement by giving Brain notice at the latest seven (7) days before the date on which the changes takes effect. The Customer is not entitled to terminate the Agreement if Brain decides not to change the price after such notice from the Customer.
-
Availability and Support
Down-level
|
Availability (%)
|
Compensation
|
1
|
Below 99.0%, above 98.0%
|
10 % of the Monthly Fee
|
2
|
Below 98.0%, above 97.0%
|
20 % of the Monthly Fee
|
3
|
Below 97.0%, above 96.0%
|
30 % of the Monthly Fee
|
4
|
Below 96.0%, above 95.0%
|
40 % of the Monthly Fee
|
5
|
Below 95.0%, above 94.0%
|
50 % of the Monthly Fee
|
-
Brain strives to ensure that the Service operates in accordance with its specifications twenty-four (24) hours a day. Unless otherwise agreed, Brain shall make the Service available no less than 99.0 % of the time in each calendar year.
-
The Service shall be considered available if the login to the cloud-based software is operational and the Service can be used in accordance with the Agreement. Insignificant inconveniences shall not result in the Service being unavailable. In particular, the Service shall not be deemed unavailable when (i) Brain performs scheduled service or maintenance on the Service, of which the Customer has been informed no less then forty-eight (48) hours in advance; (ii) the downtime is caused by emergency shutdowns, necessary to protect the Service from viruses, DDoS or other hacker attacks, etc; or (iii) the Service is down due to circumstances beyond Brain’s control, including, but not limited to, loss of electricity, network or communication. Scheduled service or maintenance, pursuant to item (i) above, shall, to the extent possible, occur outside of usual business hours and not more often than once a month, unless otherwise agreed.
-
If the availability of the Service, according to the above, is below 99.0 % during a month, the Customer shall be entitled to claim compensation in accordance with the below, where the Fee shall correspond to the total amount payable by the Customer per contract period of one (1) month, as set out in the Agreement:
-
An availability below 94 % during a month shall be considered a material breach and entitle the Customer to terminate the Agreement with immediate effect in accordance with section 7.3.
-
Availability under section 6.3 above shall be measured in accordance with the following formula:
A = (M - D) * 100/Mwhere
A = Availability indicated in percentages,
M = Minutes during a month,
D = Downtime during the period “M”, indicated in minutes (excluding scheduled service or maintenance, etc.). Downtime means a material failure leading to the unavailability of the Service for the Customer, subject to what is set out in section 6.2 above. The Customer shall report any downtime to Brain.
-
Brain performs User Support in accordance with the Agreement and, if applicable, any agreed upon support level agreement.
-
The Customer shall request support as prescribed in the Agreement and any applicable support level agreement.
-
This section 6 shall constitute the entire obligation of Brain towards the Customer in respect of Brain’s performance and liability in regard of the service level and User Support of the Service, unless otherwise agreed.
-
Term and Termination
-
If not otherwise agreed in the Main Agreement, the Agreement shall enter into force when Brain has approved the Customer after the Customer either (i) has signed up for the Service at Brain’s website, or (ii) provide Brain with a signed copy of the Main Agreement and shall remain in force until terminated by either party in writing with one (1) month notice period. After the termination the Agreement shall remain in force until the end of the calendar month occurring one (1) month after the termination was received by the other party.
-
The Service is provided for the Term of the Agreement.
-
Besides as provided for in the Agreement, either party shall be entitled to terminate the Agreement with immediate effect by written notice to the other party, if:
-
the other party has committed a material breach of the Agreement and does not, where possible, fully rectify such breach within thirty (30) days of the other party giving written notice thereof; or
-
the other party is declared insolvent, is subject to an application or order of bankruptcy or company reorganization, suspends its payments or otherwise can be presumed to be insolvent.
-
Brain is also entitled to terminate the Agreement with immediate effect if the Customer’s use of the Service violates the Agreement, including section 4.
-
The following sections shall survive termination of the Agreement: this section 7, section 8, section 9, section 10, section 12, section 13 and section 15.
-
Upon termination, the Customer shall not be entitled to recover any excess amount of payments made in advance, unless the Customer terminates the Agreement with immediate effect in accordance with section 7.3 7.3.1 above.
-
Upon termination, the Customer shall immediately cease its use of the Service and both parties shall, subject to section 7.7, return or delete confidential information or Documentation received from the other party.
-
The Customer shall be entitled to retrieve any Customer Data on the medium chosen by Brain and reasonably accepted by the Customer, provided that the Customer requests this from Brain in writing within thirty (30) days from termination of the Agreement and pays Brain for any reasonable work associated with this.
-
Customer Data
-
The Customer or a company on the Customer’s side is data controller and Brain is data processor for any personal data processed within the Service. The parties have for that matter entered into a data processing agreement in accordance with Annex 1. Brain may use Customer Data in aggregated or anonymous form, for uses in statistics and for product development purposes, for example to develop and improve the Service.
-
Confidentiality
-
Neither party may disclose to a third party any information received from the other party which is confidential, or can reasonably be assumed to be confidential, including, without limitation, any technical information, information on business secrets, source codes, login information or security methods for access to the Service, and the T&C of the Agreement. This does not apply to information that (i) is or becomes publicly known without the breach of the Agreement; (ii) was known to the receiving party prior to receipt from the disclosing party or disclosed by a third party without any obligation of confidentiality; or (iii) the disclosure is required by law, regulatory body or an agreement with a stock exchange where the party is listed, or similar. Each party is responsible for ensuring that their sub-contractors, consultants and employees respect corresponding confidentiality obligations.
-
Intellectual Property Rights
-
The Customer retains the ownership of all intellectual property rights to the data, information and files, including Customer Data, uploaded by the Customer to the Service. Nothing in this Agreement shall be interpreted as a transfer of such rights, or part thereof, with the exception of Brain’s right to use Customer Data in accordance with section 8.1.
-
Brain and/or its licensors hold all intellectual property rights to the Service and Brain’s website, including any updates, files or data being uploaded to or performed on the Service by Brain, as well as to the software and source code included in the Service. This includes, without limitation, any patents, copyrights, design rights and trademark rights related thereto. Nothing in this Agreement shall be interpreted as a transfer of such rights, or part thereof.
-
If a third party makes an intellectual property claim against the Customer based on the Customer’s use of the Service, the Customer shall immediately notify Brain in writing of the claim and relevant circumstances and either (i) offer Brain at its sole discretion and expense, to control the defense of the claim and decide on conciliation in the Customer’s name including issuing any and all documents (such as powers of attorney) needed, without any cost for Brain; or (ii) at its own sole discretion and expense, control the defense of the claim and decide on conciliation in its own name.
-
If a competent court finally determines that the Customer’s use of the Service in accordance with the Agreement constitutes an intellectual property infringement, Brain shall compensate the Customer, subject to section 12, for direct costs and damages that the Customer is found liable to pay, provided that the Customer has adhered to its obligations under section 10.3 above and have not at its own sole discretion chosen to control the defense of the claim in accordance with item (ii) in section 10.3. For the avoidance of doubt, under no circumstances shall Brain be liable for compensating the Customer in accordance with this section 10.4 if the Customer decides to control the defense of a claim arisen in accordance with section 10.3. Brain may further, at its own discretion ensure the Customer’s right to continued use of the Service or corresponding non-infringing service, or cancel the Service and repay the Customer any fees paid for the remaining term of the Agreement, without interest and with deduction of any reasonable benefit the Customer has had from the Service. This section 10.4 constitutes Brain’s entire obligation towards the Customer with respect to any infringement in a third party’s intellectual property rights.
-
If a third party makes an intellectual property claim, including claims attributable to Customer Data, against Brain based on the Customer´s use of the Service, the Customer shall act in order for such claim being transferred to the Customer or, if such transfer is not possible, defend Brain, at its own expense, against any such claim. Brain shall immediately notify the Customer of an intellectual property claim under this section 10.5 including the relevant circumstances in connection thereto. The Customer will indemnify and hold Brain harmless against any costs or damages that Brain may become liable to pay in relation to such infringement claim.
-
Third Party Services and statistics
Certain functions within the Service are provided or supported by third parties and constitutes Third Party Services. Such Third Party Services are listed at the Brain website(s) https://brainnordic.com/gdpr/privacy-policy, https://strategicaudiencemap.com.
-
-
Brain does not own nor control any of the Third Party Services, and the Customer shall not hold Brain responsible for any Third Party Services under any circumstances. Brain does not in any way warrant the functionality, quality, reliability, security, completeness, usefulness or non-infringement of a Third Party Service.
-
Any support and maintenance of Third Party Services is to be provided by the applicable third party. Failure of applicable third parties to provide support, maintenance or other services shall not entitle the Customer to any refunds or other compensation by Brain.
-
The Customer agrees and acknowledges that any Third Party Services, and applicable third parties, may obtain access to Customer Data, and to store, process and transmit Customer Data outside the Service, as well as data pertaining to the Customer’s use and/or configuration of the Service. Brain is not responsible for any collection, transmission, disclosure, use or deletion of Customer Data by or through any Third Party Services or such third parties. Any processing of personal data by third parties in connection with Third Party Services will be subject to processing agreements to be entered into between the Customer and such third parties.
-
The Customer acknowledge that the data, information and statistics displayed in the Service or that constitutes the basis for modules in the Service may be general, non-customer specific, statistic data. Brain makes no guarantees regarding the data included in the Service and the Customer use the information at its own risk.
-
Limitations of Liability and Warranties
-
No party shall be liable to the other party for failure to perform its obligation under this Agreement if such performance is prevented by circumstances beyond the control of the party, including, but not limited to, acts of authorities, strikes or other difficulties on the labour markets, general shortage of supplies, fire or loss of electricity, communications or data.
-
Brain is not in any event liable for any cost, damage or loss of any kinds caused by or related to (i) any third parties, third party products or services for which Brain is not responsible for according to the Agreement (including but not limited to Third Party Services); (ii) modifications or changes to the Service made by anyone other than Brain or made according to the Customer’s or its suppliers’ instructions, or (iii) the Customer’s loss of customers, business, profit, revenue, savings, or goodwill, loss due to operational, power or network interruptions, or other indirect or consequential damage of any kind.
-
Brain’s total and aggregated liability under the Agreement is limited to the amount paid by the Customer for the Service or for any other service that the claim relates to, during the twelve (12) month period prior to the time the damage occurred. For the avoidance of doubt, any fees or costs paid by the Customer for any Third Party Services are excluded when calculating the limitation of liability in this section 12.3.
-
A party shall not in any event be liable to pay damages if the other party does not notify the party at default in writing thereof within three (3) months after the party noticed, or should have noticed, the actual damage or loss, however in no event later than six (6) months from when the damage occurred.
-
Except for what is expressly set out in the Agreement, the Service is provided on an “as is” basis and Brain makes no warranties or representations, whether express or implied, in relation to the Service, including to the completeness, accuracy, reliability, satisfactory quality and/or fitness for a particular purpose of the Service.
-
Audit
-
Brain shall have the right, during the term of the Agreement and for a period of six (6) months thereafter, to have an independent audit firm, selected by Brain, to perform an audit, to verify that the Customer uses the Service and/or any Documentation in compliance with the Agreement. Such audits may occur up to two (2) times a year (a maximum of once per half year) and shall be conducted during normal business hours and at Brain’s own expense, unless the audit reveals a breach by the Customer. The Customer shall reasonable cooperate if Brain performs any audit pursuant to this section 13.
-
Miscellaneous
-
The Agreement constitutes the entire agreement between the parties, with respect of the subject matter thereof. It supersedes all prior or contemporaneous Agreements or understandings.
-
Brain may make amendments to these T&C by giving the Customer three (3) months written notice. Amendments will be effective as from the next yearly payment period.
-
The parties may not assign any of their rights or obligations under the Agreement to a third party without the other party’s prior written approval. However, Brain may assign its right to receive payment to any third party, without the Customer’s approval.
-
Governing Law and Disputes
-
This Agreement shall be governed by and construed in accordance with Swedish law.
-
Any dispute, controversy or claim arising out of, or in connection with the Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Rules of the Arbitration Institute of the Stockholm Chamber of Commerce.
-
The place of arbitration shall be Göteborg, Sweden, and the language used shall be English, unless otherwise agreed. All such proceedings, information disclosed, and decisions made in such proceedings shall be kept strictly confidential. Notwithstanding the foregoing, Brain may take any legal action necessary at any competent court for collection of delayed payments.
APPENDIX 1 - DATA PROCESSING AGREEMENT
-
Interpretation
-
This Data Processing Agreement (“DPA”) constitute an integrated part of the Agreement as set out in the T&C above.
-
Upon performance of the Agreement, Brain will be processing certain personal data on behalf of Customer in capacity of Customer’s processor. Customer is controller for the processing of such personal data.
-
The purpose of this DPA is to ensure a secure, correct and legal processing of personal data and to comply with applicable requirements for data processing agreements as well as to ensure adequate protection for the personal data processed within the scope of the Agreement.
-
Any defined terms set out in the T&C shall have the same meaning in this DPA unless the circumstance obviously require another order of interpretation. Concepts in this DPA, e.g. “controller”, “data subject”, “personal data”, “processing”, “processor”, “standard contractual clauses” and “supervisory authority”, shall have the meaning ascribed to them in Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) or otherwise in the Agreement, where applicable, unless the circumstances obviously require another order of interpretation.
-
Responsibility and Instruction
-
-
The type of personal data and the categories of data subjects processed by Brain under this DPA and the purpose, nature, duration and objects of this processing, are described in Appendix 1A (Instructions on Processing of Personal Data). Customer shall ensure that Brain on behalf of Customer does not process additional categories of personal data or data subjects than those specified in Appendix 1A.
-
Customer is responsible for complying with the GDPR. Customer shall in particular:
-
be contact person towards data subjects;
-
inform Brain, without undue delay, about any action or claim from a third party made in connection with Brain’s processing under this DPA; and
-
inform Brain if anyone else along with Customer is a controller for the personal data processed by Brain under this DPA.
-
-
When processing personal data, Brain shall:
-
comply with the GDPR;
-
only process personal data in accordance with Customer’s documented instructions set out in the Agreement, where applicable, and this DPA, including Appendix 1A;
-
ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
-
implement all technical and organizational measures set out in Article 32 of the GDPR in the manner set out in section 3 below;
-
respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging a sub-processor;
-
take into account the nature of the processing, assist Customer by appropriate technical and organizational measures, insofar as it is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
-
assist Customer in ensuring compliance with the obligations pursuant to Articles 32-36 of the GDPR, taking into account the nature of the processing and the information available to Brain;
-
delete the personal data as instructed by Customer, insofar as it is possible and unless otherwise required by applicable law. Brain can, upon Customer’s prior written request, return the personal data to Customer instead of deleting it; and
-
make available to Customer all information necessary to demonstrate Brain’s compliance with its obligations under Article 28 of the GDPR, and enable and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer and accepted by Brain. Such information shall be provided by Brain without undue delay, subject to Customer, within reasonable time in advance, specifying the scope of information to be provided. When conducting the audits, Customer shall undertake confidentiality and follow Brain’s security regulations at the site or the technical space where the inspection is carried out, without risking restricting Brain’s business or the protection for information regarding Brain’s other customers.
-
-
Brain shall notify Customer within reasonable time if, in Brain’s opinion, an instruction infringes the GDPR. If Customer does not provide Brain, within reasonable time from notification, with further instructions, Brain may, at Customer’s costs, implement measures that Brain considers necessary in order to comply with the GDPR.
-
Regardless of what is stated in this section 2, processing may also be conducted if such processing is required by EU law or under the national law of an EU Member State, which Brain or its sub-processors are subject to. In such event, Brain or sub-processor shall inform Customer of the legal requirement before processing personal data, unless prohibited by law or on important grounds of public interest.
-
Security
-
Brain shall implement technical and organizational security measures in order to protect the personal data against destruction, alteration, unauthorized disclosure and unauthorized access. The measures shall ensure a level of security that is appropriate taking into account the state of the art, the costs of implementation, the nature, scope, context and purpose of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. Brain may amend its technical and organizational measures from time to time.
-
Brain shall notify Customer of accidental or unauthorized access to personal data or any other personal data breach without undue delay after becoming aware of such data breach. Such notification shall not in any manner imply that Brain has committed any wrongful act or omission, or that Brain shall become liable for the personal data breach.
-
If Customer during the term of this DPA requires that Brain takes additional security measures, Brain shall as far as possible meet such requirements provided that Customer pays and takes responsibility for any and all costs associated with such additional measures.
-
Sub-processors and Transfers to Third Countries
-
Customer hereby gives Brain prior, general authorization to engage sub-processors in the processing of Personal Data. Brain shall enter into a data processing agreement with each sub-processor, according to which, the same data protection obligations as set out in this DPA, are imposed upon the sub-processor.
-
Brain shall inform Customer of any intended changes concerning the addition or replacement of sub-processors, thereby giving Customer the opportunity to object to such changes. Such objection shall be made in writing and within thirty (30) calendar days after Brain has informed Customer about the intended changes. If Customer objects to Brain engaging a sub-processor, Brain has the right to terminate the Agreement in whole or in part with immediate effect.
-
In case Brain, or its sub-processors, transfer personal data to an area outside of the EU or the European Economic Area (“EEA”), Brain shall ensure that such transfer meets the applicable requirements of adequate protection under the GDPR. For this reason, Customer hereby authorizes Brain to enter into standard contractual clauses with sub-processors on behalf of Customer.
-
Compensation
-
Brain is not entitled to any compensation for performance of the obligations related to processing of personal data under this DPA, except for such work and costs that arise due to Customer’s instructions that entail additional obligations for Brain compared with what otherwise follows from the Agreement, for example, requiring Brain to change its working methods or make customized adaptions on behalf of Customer.
-
Limitation of Liability
-
Each party shall bear any administrative fines imposed on the party by competent data protection authority.
-
Subject to the limitation of liability that follows in the Agreement, either party shall reimburse the other party in accordance with art. 82 (5) of GDPR.
-
Either party’s obligation to pay damages, laid down in section 6.2 above, only applies if the party without undue delay informs the other party in writing of any such claims.
-
Term and Termination
-
This DPA enters into force the same day as the Agreement enters into force as set out in 7 in the T&C.
-
Upon termination of the Agreement without undue delay, Brain shall delete all personal data as instructed by Customer and ensure that each sub-processor does the same. If Customer so requests, Brain shall return personal data to Customer instead of deleting it. For the avoidance of doubt; Brain may continue to store and analyze or otherwise handle data on an aggregated level (not containing any personal data) after termination of the Agreement.
-
This DPA remains in force as long as Brain processes personal data on behalf of Customer, including by deletion or returning of personal data according to section 7.2 above. This DPA shall thereafter cease to apply. Sections 5, 7.3 and 9.4 shall continue to apply even after this DPA has been terminated.
-
Changes
-
If provisions of the GDPR change or if a supervisory authority issues guidelines, decisions or regulations regarding the application of the GDPR during the term of this DPA, with the result that this DPA no longer meets the requirements for a data processing agreement, the Parties shall make changes to this DPA to meet the requirements.
-
Any changes to Appendix 1A shall be documented by Customer and informed to Brain in writing no later than thirty (30) calendar days prior to the change coming into effect. If Brain within such time period informs Customer that Brain has reasonable objective reasons to oppose to such changes and Customer insists on the change, Brain has the right to terminate the Agreement in whole or in part with immediate effect.
-
Any other changes to this DPA than following from sections 8.1 or 8.2 above, shall be made in writing and signed by the Parties’ authorized representatives, to be binding.
-
Miscellaneous
-
In the event of deviating provisions between the other documents in the Agreement and this DPA, the provisions of this DPA shall prevail with regard to processing of personal data and nothing in the Agreement shall be deemed to restrict or modify obligations set out in this DPA, notwithstanding anything to the contrary in the Agreement.
-
This DPA supersedes and replaces all data processing agreements between the Parties potentially existing prior to this DPA.
-
If a Party assigns the Agreement (according to the terms of the Agreement), where applicable, this DPA shall also be deemed assigned to the assignee of the Agreement. However, this DPA may still apply between the original Parties. No Party shall assign this DPA separately from the Agreement.
-
Swedish law, except its choice-of-law rules and principles appointing the law of another forum, shall apply to this DPA in all regards. Any dispute arising out of or in connection with this DPA shall be settled in accordance with the dispute resolution provision of the Agreement, where applicable. Where the Parties have not specified any dispute resolution mechanisms in the Agreement, any potential disputes shall be finally settled by arbitration in accordance with the Rules of the Arbitration Institute of the Stockholm Chamber of Commerce. The place of arbitration shall be Stockholm, Sweden. The language used in the arbitration proceeding shall be English, unless the Parties agree otherwise.
Appendix 1A - instructions on processing of personal data
Purposes
Purposes, for which the personal data will be processed by the data processor:
|
Personal data may be only used for the purpose of providing the Service to the Customer. This includes the following purposes: maintaining user credentials and user access. Processing Customer Data concerning Data Subject in order to provide analytical-, consulting- and marketing- services.
|
Categories of data subjects
Categories of data subjects, whose personal data will be processed by the data processor:
|
The following categories of Data Subjects may be processed by Brain:
-
Users of the Service
-
Visitors to the Customers domain(s)
-
Users that identify themselves in the Customers domains
-
Individuals that the Customer has a commercial relation with (clients, customers, users, etc.)
|
Type of personal data
Personal data that will be processed by the data processor:
|
The following categories of data may be processed by Brain:
-
Browser data, i.e. data that is exposed on a page request in the browser or online application.
-
User data, i.e. data submitted by the data subject upon account creation, such as but not limited to: name, e-mail address, phone number, place of work, address, personal number, etc.
-
Client data, i.e. data about subjects that the Customer has a relation with. Such as but not limited to: name, date of birth, personal number, address, e-mail, phone number, etc.
|
Retention requirements
The retention time of personal data processed by the data processor:
|
The data will be held for as long as necessary for the different purposes that use the data:
-
User data: will be held for as long as necessary to maintain the user account. Should the account be deleted so will the user data.
-
Browser data: will be held for up to one (1) year.
-
PII in clear text concerning clients of the Customer will only be held for the duration of an online lookup, which normally transpires in less than a second, but never longer than 24 hours.
-
Pseudonymized information will be held in a one-way encrypted form for as long as the Customer uses the service or until the Customer requests the data to be deleted.
|
Practical processing operations
All processing activities to be conducted by the data processor:
|
The following processes will be done with the data:
|
Location of processing operations
All locations where personal data will be processed by the data processor and, if applicable, sub-processors:
|
The following locations may process personal data:
-
Amazon Web Services, Ireland
-
InsightOne web servers, Sweden
|
List of sub-processors
|
-
Amazon Web Services
-
InsightOne Nordic AB
|
Brain undertakes the technical and organizational security measures as described in Brain’s security policy as updated from time to time. The Security Policy is available to our customers upon request.