Betalende medlemmer har tilgang til å laste ned redigerbare dokumenter.
Prøv 14 dager gratis
Dette er et eksempel på generelle salgsbetingelsser for produkter med SaaS forretningsmodell
Standard terms of sale - example
B2B SaaS business model
SUBSCRIPTION FORM 4
SUBSCRIPTION PERIOD (INITIAL TERM): 5
SUBSCRIPTION RENEWAL PERIOD (RENEWAL TERM): 5
Products and Services Pricing: 5
Add-on subscriptions 7
Payment Information 7
Contact Information 7
User Customization 8
Terms of Service 8
COMPANY Subscription Terms 9
RIGHT TO ACCESS AND USE 9
PROVISION OF THE SERVICE 9
ADDITIONAL FEATURES AND SERVICES 10
MODIFICATIONS AND IMPROVEMENTS 10
SECURITY MEASURES 10
PROCESSING OF PERSONAL DATA 10
DATA EXPORT 10
ACCEPTABLE USE 11
Log-in details 11
Reverse engineering 11
Intentional service interference 11
API’s and integrations 11
Payment for unauthorized use 12
FEES, INVOICING AND PAYMENT TERMS 12
INTELLECTUAL PROPERTY RIGHTS 13
CUSTOMER DATA 13
Ownership of Customer Data 13
Rights to use Customer Data. 13
No sales of data 13
Non-use and Non-disclosure 13
Limitations on the duty of non-disclosure of Confidential Information 14
Disclosures required by Law 14
Survival and remedies 14
TERM AND TERMINATION 14
Initial Term 14
Renewal Term 14
Termination for convenience 14
Termination for breach 15
Refund policy 15
Effect upon Termination 15
REPRESENTATIONS AND WARRANTIES 15
LIMITATION ON LIABILITY. 16
EXCLUSION OF INDIRECT, CONSEQUENTIAL AND RELATED DAMAGES 16
LIMITATION OF TOTAL LIABILITY 16
TEMPORARY SUSPENSION OF SERVICES 16
By COMPANY 16
By Customer 17
COMPANY remedies 17
Sole remedies 17
MISCELLANEOUS PROVISIONS 17
Force Majeure 18
Entire Agreement 18
Survival of Certain Provisions 19
Governing Law and legal venue 19
SERVICE LEVEL AGREEMENT (SLA) 20
DATA PROCESSING AGREEMENT 22
THE PURPOSE OF THE DATA PROCESSING AGREEMENT 22
THE PROCESSING OF PERSONAL DATA 22
THE DATA PROCESSOR’S DUTIES 22
THE DATA PROCESSOR’S OPPORTUNITY TO USE SUB-PROCESSORS 23
TRANSFER OF PERSONAL DATA OUTSIDE THE EU / EEA 24
DOCUMENTATION AND SECURITY AUDITS 25
FULFILLING THE RIGHTS OF THE DATA SUBJECTS 25
THE DURATION OF THE DPA AND THE PROCESSING 25
RETURN, DELETION AND/OR DESTRUCTION OF DATA UPON TERMINATION OF THE DPA 26[a]
By and between
Reg.no.:[=Customer. Org number]
This Subscription Form together with the attached Subscription Terms compose the agreement between CUSTOMER and COMPANY for the services rendered by COMPANY.
The Initial Term for the agreement shall be [=years] year(s) starting on [=date]
The subscription will upon expiration of the Initial Term automatically renew for a period corresponding to the length of the Initial Term unless terminated in accordance with the timelines set out in the attached Subscription Terms.
Cloud Software Subscription
COMPANY Standard Subscription Plan
One (1) COMPANY cloud organization
COMPANY best practice templates
COMPANY product 1
COMPANY product 2
COMPANY product 3
COMPANY search engine
Unlimited data repository
Unlimited users (non-admin)
NOK [=unit price]
NOK [=line item price]
COMPANY dashboard creator COMPANY graph query creatorCOMPANY graph filter creatorCOMPANY calculator field creator
Limited Insights Generator
Public presentations Best practices pre-configured only:
COMPANY dashboard creator
Three (3) admin users
Copy data between organizations
NOK [=total product price]
Live in-app chat
Dedicated Customer Success Manager
COMPANY knowledge base
NOK [=subtotal amount]
Initial Term discount ( [=%] ) per year
NOK [=discount amount]
Initial Term total amount per year
NOK [=total amount]
The price does not include taxes. The price for the renewal term will be calculated based on the subtotal price, without the Initial Term discount.
Add-ons to the service are sold separately. To receive a price list or order add-ons, email [=company contact mail].
An upfront invoice will be sent according to the payment schedule, payment terms, and customer info below:
[=Customer billing address]
Email for invoicing
[=customer email for invoice]
PO number (if applicable)
[=Firstname, last name of company representative]
[= email address of company representative]
[=Firstname, last name of customer representative]
[=email of customer representative]
Data center location
By signing this agreement, the CUSTOMER accepts the terms and conditions of this Subscription Form and the attached Subscription Terms.
AGREED TO AND ACCEPTED:
These subscription terms with appendices, together with any subscription order form(s) (“Subscription Form”) entered into between the parties, set out terms and conditions under which the customer identified in the Subscription Form (“Customer”) purchase services from the COMPANY entity identified in the Subscription Form (“COMPANY”).
Capitalized terms shall have the meaning designated to them in the paragraph in which it is written in bold between quotation marks.
Reference to the term “Agreement” means this document, any Subscription Form(s) and the following appendices:
Appendix 1: Solution Description
Appendix 2: Service Level Agreement
Appendix 3: Data Processing Agreement
Appendix 4: COMPANY Information Security
In the event of any conflict or inconsistency between this document and any Subscription Form(s), the Subscription Form(s) shall take precedence. In the event of any conflict or inconsistency between this document and the appendices, this document shall take precedence. In the event of any conflict or inconsistency between the appendices, they shall take precedence in the order they are listed above.
COMPANY grants to Customer, during the term of the Agreement, a right to remotely access and use the COMPANY SaaS services listed in the relevant Subscription Form (“Service”) in accordance with this Agreement. The services offered by COMPANY in general are described in Appendix 1 and Customer will have access to those features that are agreed in the Subscription Form.
The Service will be provided by qualified personnel, suitably skilled and trained in the performance of the Service and performed in a diligent and professional manner.
COMPANY shall provide the Service materially in accordance with this Agreement and the applicable service level agreement attached as Appendix 2 (“Service Level Agreement”).
COMPANY will provide support as described in the Subscription Form. The Customer will provide access to the necessary resources for COMPANY to be able to support the Customer in a timely manner.
The parties may from time to time agree to include additional features and services (“Add-On Service”). The Agreement will apply for such Add-On Services. Specific terms may apply for the individual Add-On Service. COMPANY will provide the Customer with such specific terms prior to the Add-On Services is agreed upon.
COMPANY seeks to constantly improve the Service. COMPANY may from time to time make improvements, add, modify, or remove functionality, or correct any errors or defects in the Service as further described in the Service Level Agreement. The Customer will get access to modifications and improvements that are made generally available to all customers who have purchased the same features. Additional features and services introduced from time to time may be purchased as an Add-On Service.
COMPANY has implemented and shall during the term of the Agreement maintain appropriate technical and organizational measures, internal controls, and information security routines. The routines applicable at the time of entering into the Agreement are described in Appendix 4. COMPANY may during the term of the Agreement change and/or update the measures as desired, provided that such changes shall not materially decrease the overall security of the service compared with the measures described in Appendix 4.
COMPANY shall process Customer personal data only as permitted under this Agreement. The data processing agreement set out in Appendix 3 (“Data Processing Agreement”) reflects the parties’ agreement with respect to COMPANY’s processing of personal data on behalf of the Customer.
COMPANY provides a standardized format to export the Customer’s data via the built-in export function in the Service. This function may be used by Customer during the term of the Agreement.
The Service shall be available for use by Customer employees and contractors acting on behalf of the Customer (“Users”). Affiliates may use the Service only if agreed in writing in the Subscription Form.
The Customer shall only permit authorized Users to use the Service. Customer shall remain the contracting party and remain responsible for all Users compliance under this Agreement, also if the Customer extends the rights, benefits and protections provided under the agreement to affiliate and contractor Users.
The Customer shall only use the Service for internal business purposes and not resell, distribute, sublicense, or otherwise transfer any right in and to the Service to others, including allowing user rights to third parties not specifically granted rights under this Agreement.
Users will need to accept COMPANY’s end user terms before use of the Service. In the event of any inconsistency or conflict, the terms of this Agreement take precedence over any similar terms in the end user terms of service. Nothing in the end user terms of service is intended to limit Customer’s options or rights as set forth in this Agreement.
Customer and each of its Users shall maintain the confidentiality of any credentials, passwords and other log-in details used to access or use the Service. Such log-in details are personal and shall not be shared between Users or used by more than one User. The Customer will notify COMPANY immediately of any unauthorized use of a User’s account or any other breach of security.
The Customer shall not modify, translate, reverse engineer, decompile or disassemble any of the Service or otherwise attempt to derive source code or create derivative works from the Service.
The Customer shall not intentionally use the Service in a manner that impacts the availability, performance, reliability, or stability of the Service.
The Service may, depending on Customer’s subscription plan, contain features designed to integrate with third party applications. COMPANY is dependent on third parties for such integrations to work and can therefore not guarantee the continued availability of such features.
The COMPANY may make available its own API’s as part of the Service. Customer’s right to access and use any COMPANY API is subject to restrictions and policies implemented by COMPANY from time to time. COMPANY will monitor the API’s and reserves the right to take necessary measures to prevent misuse.
COMPANY may investigate access logs to verify that Customer complies with the acceptable use requirements above. The Customer shall upon request from COMPANY reasonably cooperate to clarify compliance. COMPANY reserves the right to charge Customer appropriate usage fees in line with the price for the feature in question in case of repeated or intentional breach of the acceptable use requirements.
The Service fees are set forth in the Subscription Form(s) agreed between the parties.
COMPANY will issue invoice for subscription fees no more than 60 days before the relevant billing period. Other fees will be invoiced at any time during the term when fees are payable. The Customer shall, unless otherwise stated in the Subscription Form, pay all invoices within 30 days of the invoice date.
COMPANY may claim late payment interest of 2% monthly if an invoice is more than 30 (thirty) days overdue. Interest shall be calculated from the due date until payment is made.
The fees do not include any taxes, levies, duties, value added tax or other tax applicable to the sale of the Service. Such taxes, when applicable, shall be paid by Customer unless Customer provides proof of tax exemption.
COMPANY may use subcontractors in the provision of the Service. COMPANY shall be liable for the acts and omissions of its subcontractors and any other affiliates contributing to the performance of its obligations under this Agreement as for its own actions or omission.
This Agreement does not constitute any transfer of ownership of any intellectual property rights. COMPANY owns and shall always retain all right, title, and interest in and to the Service and all intellectual property rights associated therewith.
Customer Data is and shall remain the exclusive property of Customer and Customer has sole responsibility for the content of and the right to use Customer Data. “Customer Data” means for the purpose of this Agreement any data included by Customer in- or generated by Customer’s use of the Service.
Customer hereby grants to COMPANY, during the term of this Agreement, a limited right to access and use such Customer Data that are necessary for COMPANY to provide the Service. COMPANY will use Customer Data only as necessary to provide the Service to the Customer.
COMPANY will not sell, rent, or lease Customer Data to any third party or otherwise receive any value in exchange for Customer Data.
Neither party shall use or disclose any Confidential Information of the other party for any purpose except in relation to its performance under this Agreement. The receiving party shall take reasonable measures to avoid disclosure and/or unauthorized use of the Confidential Information of the disclosing party.
For the purpose of this Agreement, “Confidential Information” means all information disclosed by the disclosing party to the receiving party that is designated as confidential, or that reasonably should be understood to be confidential given the nature of the information and the circumstances of the disclosure. The terms of this Agreement, Customer Data and any other information exchanged pursuant to this Agreement, will be considered Confidential Information.
Confidential Information does not include any information or material that (i) is or becomes publicly known other than through violation of this Agreement by the receiving party, (ii) was already in the receiving party's possession or was available to the receiving party on a non-confidential basis before disclosure, (iii) is obtained by the receiving party from a third party that is not bound to separate confidentiality obligations to the other party, (iv) was later communicated by a third party to the receiving party without any confidentiality obligation, or (v) is independently developed by the receiving party without use of or reference to the discloser's Confidential Information.
The recipient may disclose Confidential Information to the extent required by law, provided that the receiving party gives the disclosing party prompt written notice of such requirement prior to such disclosure and assistance in obtaining an order protecting the information from public disclosure.
The obligations of each receiving party under this section shall survive for five (5) years after the termination of the Agreement. Each party agrees that any violation or threatened violation of this section may cause irreparable injury to the disclosing party, entitling the disclosing party to seek injunctive relief in addition to all legal remedies.
The initial term of this Agreement shall commence on the date stipulated in the Subscription Form or at the date of signature if no such date is specified, and shall continue for the period set forth in the applicable Subscription Form or for one year if no such period is specified (“Initial Term”).
The Agreement will upon expiration of the Initial Term automatically renew for a subscription term equivalent in the length to the then expiring subscription term, unless otherwise set out in the Subscription Form (“Renewal Term”). The charges for the Renewal Term will be the standard fees listed in the Subscription form with a price adjustment of 5%.
Either party may terminate this Agreement for convenience with effect from the end of the Initial Term or subsequent Renewal Term by giving the other party written notice no less than sixty (60) calendar days prior to the expiration of the then-current term. If Customer provides notice of non-renewal within the time limits set out in this section, COMPANY will not invoice Customer for a Renewal Term.
Either party may terminate this Agreement for breach by giving the other party thirty (30) calendar days prior written notice if the other party has materially breached its obligations hereunder and have failed to cure such breach within thirty (30) calendar days’ after being notified in writing of the details of such breach.
Either party may terminate this Agreement with immediate effect if the other party takes or suffers any action for insolvency in any jurisdiction.
COMPANY will refund prepaid fees covering the remainder of the applicable subscription term calculated from the effective date of termination if this Agreement is terminated by Customer in accordance with section 16.4.
Except as set out above, all fees paid by The Customer are non-refundable. Customer will not be entitled to any refunds if Customer terminates the Agreement prior to the end of the then current subscription term.
Upon expiration or termination of this Agreement for any reason (i) all access rights will cease, (ii) either party shall delete or destroy all Confidential Information of the other party (Confidential Information included in backup copies will first be deleted upon expiration of such encrypted backup copies), and (iii) any and all invoiced and non-invoiced undisputed fees owed by Customer to COMPANY under this Agreement shall become immediately due and payable to COMPANY.
Each party represents and warrants that the representing party has full power and authority to execute, deliver and perform this Agreement, that this Agreement has been duly and validly executed and delivered by the representing party and that it constitutes the legal, valid, and binding obligation of the representing party, enforceable against it in accordance with its terms.
THE SERVICE IS PROVIDED “AS IS”. COMPANY DOES NOT WARRANT THAT CUSTOMER’S USE OF THE SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE. CUSTOMER ASSUMES THE RISK OF THE USE, QUALITY, PERFORMANCE, ACCURACY AND COMPLETENESS OF ANY DATA PRODUCED BY THE SERVICE. COMPANY WILL ONLY BE LIABLE FOR A SECURITY INCIDENT UNDER THE AGREEMENT IF COMPANY NEGLIGENTLY BREACHES THE SECURITY MEASURES DESCRIBED IN SECTION 7.
EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT, EITHER PARTY DISCLAIMS ANY AND ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, RELATING IN ANY WAY TO THE SERVICE INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL OR SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES OF ANY KIND, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY THEREOF.
IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EITHER PARTY RELATED TO THIS AGREEMENT (INCLUDING THE SERVICE LEVEL AGREEMENT AND THE DATA PROCESSING AGREEMENT) EXCEED THE AMOUNT OF FEES RECEIVED BY COMPANY DURING THE TWELVE (12) CALENDAR MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE LIABILITY. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY.
THE FOREGOING LIMITATIONS OF LIABILITY SHALL NOT APPLY TO DAMAGES ATTRIBUTABLE TO GROSS NEGLIGENCE OR INTENTIONAL MISCONDUCT.
COMPANY may temporarily suspend the Service if Customer is in breach of the Agreement and such breach is not cured within thirty (30) calendar days after Customer’s receipt of written notice thereof. Suspension will last until the breach has been cured by Customer.
COMPANY shall defend, indemnify and hold harmless Customer and its officers, directors, employees, and agents, from and against any losses, costs, expenses (including reasonable outside attorneys’ fees and costs) and finally awarded damages against Customer resulting from a substantiated claim, demand, suit, action or proceeding brought against Customer by a third party alleging that the Service used in accordance with this Agreement infringes a valid intellectual property right of such third party in the US, EU and/or EEA.
Customer shall defend, indemnify and hold harmless COMPANY and its officers, directors, employees, and agents, from and against any losses, costs, expenses (including reasonable outside attorneys’ fees and costs) and finally awarded damages against COMPANY resulting from a substantiated claim, demand, suit, action or proceeding brought against COMPANY by a third party alleging that any Customer Data, or the use of the Service in combination with a non-COMPANY application provided by Customer, infringes a valid intellectual property right of such third party in the jurisdictions the Customer use or access the Service.
To receive the foregoing indemnifications the indemnified party must give the indemnifying party prompt written notice of the claim, give indemnifying party sole control of the defense and settlement of the claim (except that indemnifying party may not settle any claim unless it unconditionally releases indemnified party of all liability), and give indemnifying party all reasonable assistance at indemnifying party’s expense.
If COMPANY receives information about an infringement claim, COMPANY may at its sole discretion either (i) obtain a license for Customer’s continued use of the applicable part of the Service in accordance with this Agreement, or (ii) replace or modify the applicable part of the Service so that it is no longer claimed to infringe a third party right. If COMPANY reasonably determines that the foregoing options are not commercially available, COMPANY may terminate the Customers subscription for relevant part of the Service.
The rights granted under this Section shall be the indemnified party’s sole and exclusive remedy for any alleged infringement covered by this section.
COMPANY provides a standard service that can be accessed in any jurisdiction via a web interface. COMPANY shall provide the Service in accordance with those laws in the country COMPANY is registered that are applicable to COMPANY’s provision of its services in general without regard for Customer’s particular use of the Service. Customer is responsible for its own use of the Service, all activities that occur under User’s account, and that such use is compliant with legal requirements applicable for their business and any local laws that may impact its right to import, export or use the Service.
The Customer shall not be located in, and will not use any Service from, any country subject to U.S. EAR or OFAC restrictions.
This Agreement may not be assigned by either party without the prior written consent of the non-assigning party. Consent is not required in the context of merger, acquisition, or sale of all or substantially all the assigning party’s stock or assets, provided that the assigning party provides advance written notice thereof to the non-assigning party. Subject to the foregoing, the terms and conditions of this Agreement shall insure to the benefit of and be binding upon the parties’ respective permitted successors and assigns.
Neither party shall be liable for any failure or delay in its performance of its obligations under the Agreement resulting from an event caused by conditions beyond the reasonable control of a party, including governmental action, war, acts of public enemies, strikes or other labor disturbances, civil or military authority, fires, floods, or other natural calamities, acts of God, telecommunications failures, electrical outages, any service failure or disruption caused by third parties, service providers or systems, severe network outages in co-location site networks, error in the coding of electronic files or any causes of like or different kind beyond the reasonable control of such party.
A party experiencing a force majeure event shall provide the other party with prompt written notice of such force majeure event. In the event the force majeure event has lasted or is likely to last for more than three months, either Party may terminate this Agreement immediately without liability to the other party.
The Agreement constitutes the entire agreement between the parties and supersede all other agreements, proposals, or representations, whether electronic, written, or oral, between the parties concerning its subject matter.
If any provision of this Agreement is held to be ineffective, unenforceable, or illegal for any reason, such decision shall not affect the validity or enforceability of any of the remaining portions thereof.
Amendment or modification of the Agreement shall only be valid or binding upon the parties if made in writing and signed by an officer of each party. No terms, provisions, or conditions of any purchase order will have any effect on the obligations of the parties hereunder or otherwise modify this Agreement.
All notices and other communications required or permitted by this Agreement or by law shall be in writing by e-mail or mail and shall be considered delivered when received if delivered by mail or similar and at the opening of business on the next business day for the recipient if sent by electronic mail.
Expiration or termination of this Agreement will not relieve either party from its obligations arising hereunder prior to such expiration or termination. Rights and obligations which by their nature should survive will remain in effect after termination or expiration of this Agreement.
The governing law and legal venue depend on which COMPANY company Customer has entered into the agreement with. This Agreement and all matters arising hereunder or in connection herewith shall be governed by and construed in accordance with the governing law noted in the below chart and the parties irrevocably consent to the exclusive jurisdiction of- and venue in the locations noted the legal venue columns below.
COMPANY UK ltd
Laws of England and Wales
COMPANY Denmark Aps
The Service is provided "as is" as standardized service; the right to use is not conditional or tied to a specific version or functionality at a certain time, but allows access to and use of the Service as is at all times.
COMPANY reserves the right to make improvements, add, modify or remove functionality, or correct any errors or defects in the Service at its sole discretion, without any obligation or liability resulting from such act or defects. COMPANY will however not remove functionality which in COMPANY’s reasonable opinion must be considered as core functionalities for a service such as the Service.
COMPANY and the Customer agree that the Service will not always be completely free of errors and that the improvement of the Service is a continuous process. The Customer is also aware that successful use of the Service is dependent on equipment and factors (such as sufficient internet connection) that the Customer has the responsibility for. COMPANY is not liable for the discontinuance or disruption of the operation of the Service caused by the Internet or any third party service the Customer needs in order to access the Service, including operating systems etc.
COMPANY is available on the following browsers:
Third party software and operating system updates etc. may influence the usability of the Service, and COMPANY has no responsibility in this regard. COMPANY will however always use best efforts to accommodate and develop the Service for updates etc. on supported operating systems.
COMPANY is only responsible for the functioning of the Service as such, and undertakes the following obligations regarding error handling with regards to the Service:
- All or material parts of the Service are unavailable and critical business functions cannot be performed.
One (1) business day
- The Service is able to perform standard functions, but the Service performance or functionality is severely degraded or limited.
Three (3) business days
- Non-critical functions do not work and this has little or no business impact.
The repair time stated in the table above starts when the Customer has given COMPANY notice of the error and sufficient information to assess and understand what the error comprises. Notice shall be given by written e-mail to[= [email protected]] or via COMPANY’s online chat channel, available both within the Service and on[= https://www.COMPANY.com.]
If COMPANY has not succeeded in curing a category A or B error within the repair time stated, the Customer is entitled to a period of free extension of the service, and must claim such free extensions within 90 days after the error notification was sent to COMPANY. The free extension for failing to meet the repair time for category A errors shall be 14 days. For category B errors the free extension shall be 4 days. For category C errors no free extension is given. Total free extension periods per year is limited to 28 days. The above described free extensions shall be the only claim the Customer may be entitled to in case of failure to meet the repair times stated above.
A category A error lasting more than 10 days is considered a material breach. The same applies for a category B error lasting more than 20 days.
Planned downtime is not considered an error. Downtime may be necessary to perform updates or maintenance in hardware or software from time to time. COMPANY may have planned downtime up to 10 times each calendar year. Planned downtime shall always be notified at least five (5) business days in advance and shall be done outside of normal business hours (0900-1700 CET) if possible. For planned downtime of up to 24 hours, notification shall be given at least ten (10) days’ in advance. Planned downtime according to this clause is not considered as a breach of contract.
COMPANY may use sub-contractors to provide the Service including all support and maintenance. To the extent a subcontractor processes personal data for which the Customer is a data controller, the Data Processing Agreement sets out requirements in this regard.
COMPANY shall provide backup of the Customer’s data, to restore it after a data loss event.
For support purposes, COMPANY has internal administrators who can access Customers’ data. COMPANY will never access Customers’ data without prior approval from the Customer. Logs are kept of any access by COMPANY administrators.
This Data Processing Agreement (“DPA”) regulates the parties' rights and obligations in connection with COMPANY (“Data Processor”) processing personal data on behalf of the Customer (“Data Controller”). The purpose of the DPA is to comply with the requirements for data processor agreements according to the General Data Protection Regulation ((EU) 2016/679).
The Data Processor processes data on behalf of the Data Controller in connection with providing the Service to the Customer.
The Data Processor will process the following types of personal data on behalf of the Data Controller:
The personal data is connected to the following categories of data subjects:
The Data Processor shall only process personal data for the following purposes:
The processing involves processing activities necessary to offer the Service to the Customer, including using email-address and password to authenticate and authorize users, email users about product changes, updates, tips and tricks, support, upgrade potential, platform usage as required for payment, logging of usage and access to monitor breaches, showing a user’s Gravatar image (if applicable), and contacting users about potential support issues.
The Data Processor shall not process personal data in any other manner than what is agreed in this DPA which sets out the documented instructions from the Data Controller. This includes that the Data Processor is not allowed to process personal data for other purposes than as stated above or its own purposes or to disclose personal data to third parties.
When processing personal data on behalf of the Data Controller, the Data Processor shall follow the routines and instructions stipulated in this DPA.
Unless otherwise agreed or pursuant to statutory regulations, the Data Controller is entitled to access all personal data being processed on behalf of the Data Controller and the systems used for this purpose. Such access will be available for the Data Controller through the Service by logging in.
The Data Processor is subject to an obligation of confidentiality regarding documentation and personal data that the Data Processor gets access to under the DPA. This provision also applies after the termination of the DPA. The Data Processor is obliged to ensure that persons who process the data for the Data Processor, have committed themselves to confidentiality (including signing declarations of confidentiality), and shall upon request disclose such declarations to the Data Controller or the authorities.
The Data Processor shall not process personal data outside the EU/EEA, unless otherwise stated in this DPA. If the transferring of personal data to a country outside the EU/EEA or to an international organization outside the EU/EEA is required according to law in a EU/EEA member state which the Data Processor is subject to or EU/EEA law, the Data Processor shall inform the Data Controller of such requirement prior to the processing, unless the law prohibits such information from being given.
The Data Processor uses the following sub-processor(s). The applicable data location is the location chosen by the Customer in the Subscription Form.
Hosting of our platform and our services
Highly Encrypted offline backup storage
The following entity is a group parent company and provides services to its subsidiaries. Accordingly, the below company functions as a sub-processor in those cases it is not the contracting party to the Agreement.
COMPANY solution and customer support
Parent company and provider of certain services under the agreement
In addition, the Data Processor has the right to use other sub-processors, but is obliged to inform the Data Controller of any intended changes concerning the addition or replacement of other processors, so that the Data Controller has the opportunity to object to the changes. The information shall be given at least 60 days prior to the planned changes taking effect. If the Data Controller objects to the change, the Data Controller has the right to terminate the DPA with 30 days notice.
The Data Processor shall remain fully liable to the Data Controller for the performance of any sub-processors, and respects the conditions referred to in the General Data Protection Regulation article 28 paragraph 4 for engaging another processor. The Data Controller is aware that the Data Processor uses the sub-processors mentioned in section 4, and that the information security obligations related to the processing performed by these are governed specifically by COMPANY’s internal Information Security Management System.
The Data Processor shall remain fully liable to the Data Controller for the performance of any sub-processors.
The Data Processor uses the sub-processor outside the EU/EEA as documented in section 4.
Apart from this, the Data Processor may not process or use sub-processors that process personal data outside the EU/EEA. Processing outside EU/EEA is subject to prior written approval from the Data Controller. The Data Processor shall ensure that there is a legal basis for the processing of data outside the EU/EEA, or facilitate the establishment of such legal basis.
The Data Processor shall fulfil the requirements for security measures in the General Data Protection Regulation article 32 Security of processing. The Data Processor shall through planned and systematic measures implement appropriate technical and organisational measures to ensure a satisfactory level of security, e.g. in relation to confidentiality, integrity and availability.
The Data Processor shall document routines and other measures made to comply with these requirements regarding the information system and security measures. The documentation shall be available at request by the Data Controller and the authorities.
Any notification to the authorities regarding personal data breaches shall be given by the Data Controller, but the Data Processor shall notify any breach directly to the Data Controller. The Data Controller is responsible for reporting the breach to the Data Protection Authorities.
Notifications regarding personal data breaches according to the General Data Protection Regulation shall be notified by the Data Processor to the Data Controller, and the notification shall contain sufficient information so that the Data Controller may assess whether the breach must be notified to the authorities or to the data subjects.
The Data Processor’s obligations to assist the Data Controller in fulfilling the obligations of the General Data Protection Regulation article 32 to 36, is considered fulfilled by the Data Processor’s obligations according to this DPA. Considering the nature of the processing performed by the Data Processor and the information available for Data Processor, this assistance is considered sufficient. To the extent the Data Controller requires additional assistance from the Data Processor, the Data Processor may offer such assistance as a separately paid service. The Data Processor may also refuse, unless the Data Processor’s assistance is necessary in order to be able to fulfil the Data Controller’s obligations.
The Data Processor shall have documentation that proves that the Data Processor complies with its obligations under this DPA and the General Data Protection Regulation. The documentation shall be available for the Data Controller on request. The Data Processor shall regularly conduct security audits, and shall submit the results of the audit to the Data Controller. The Data Controller shall be entitled to conduct audits and inspections regularly, for systems etc. covered by this DPA, in accordance with the requirements of the General Data Protection Regulation. Audits may be carried out by the Data Controller or a third party mandated by the Data Controller in agreement with the Data Processor. To the extent the Data Controller requires additional assistance from the Data Processor, the Data Processor may offer such assistance as a separately paid service. The Data Processor may also refuse, unless the Data Processor’s assistance is necessary in order to be able to fulfil the Data Controller’s obligations.
The Data Processor’s processing on behalf of the Data Controller is not of a nature which makes it necessary or reasonable for the Data Processor to fulfil or assist in fulfilling the Data Controller’s obligations towards data subjects. To the extent the Data Controller requires assistance from the Data Processor, the Data Processor may offer such assistance as a separately paid service. The Data Processor may also refuse, unless the Data Processor’s assistance is necessary in order to be able to fulfil the Data Controller’s obligations.
The DPA applies as long as the Data Processor processes personal data on behalf of the Data Controller according to the subscription terms.
The DPA may be terminated in accordance with the termination clauses in the subscription terms. A termination of the subscription terms also constitutes a termination of the DPA.
COMPANY provides a standardized format to export the Customer’s data via the built-in export function in the Service. This function may be used by the Customer during the term of the Agreement.
The Data Processor will permanently erase all personal data and other data relating to the Customer and personal data for which the Customer is a Data Controller in accordance with the timelines set out in the subscription terms, unless the Data Processor is required by law to store the personal data.
Standard terms of sale - Example - B2B SaaS, Rev 1.0
[a]"Table of Content" er ikke en del av det originale eksempelet. Den er tatt med av pedagogiske hensyn.
Forslag til standard oppsett for tilbud
Letter of Intent (LoI)
Intensjonsavtale til bruk i forbindelse med partnerskap med kunder, leverandører eller partnere.
Memorandum of Understanding (MoU)
Et MoU utarbeider dere sammen med kunden. Den beskriver hva dere er enige om, og hvordan den kommende avtalen i grovt sett skal se ut.
Heidi Frost Eriksen - Selg som en startup
Heidi Frost Eriksen fra GrepS har mange års erfaring med salg i både store og små selskap. Hør hennes råd og tips for å hjelpe dere med å lukke deres første kunde.