LICENSE AGREEMENT — General terms and conditions
This license agreement (hereinafter referred to as the "Agreement"), has been entered into by and between
- BoardClic AB, org. no. 559152-7063, Grev Turegatan 18, 114 46 Stockholm (hereinafter referred to as the "Licensor") and
- The licensee registered at the Licensor’s self-service site (hereinafter referred to as the "Licensee").
The Licensor and the Licensee is jointly referred to as the "Parties" and separately as a "Party".
- The Licensor provides services to analyze and evaluate board of directors and key management (hereinafter referred to as the "Service"). The Service consists of a SaaS (Software as a Service). This means that the Licensor provides the Service online. The Service is further described at the bottom of this document. The description forms a part of this Agreement.
- The Service is provided at the request of an entity, the Licensee, through the Licensor’s self-service site, where the Licensee may purchase a license to use the Service. The Licensee may at the self-service site decide the number of users of the license. The fee for the license may depend on the number of users of the license. The Licensee may also, after this Agreement has been entered into, increase the number of users and/or increase the services to be provided by the Licensor.
- This Agreement shall apply to the provisioning of the Service by the Licensor and the Licensee’s usage of the Service.
Right of use
The Licensee obtains a non-exclusive, non-transferable and revocable right to use the Service in accordance with this Agreement, as from time to time amended.
Availability of the service and operating environment
- The Service shall become available to the Licensee not later than 14 days after this Agreement has been entered into.
- The Licensor tries to continuously improve the Service and the Licensor has the right, at its own discretion, to make reasonable changes to the Service during the term of the Agreement. The Licensor shall inform the Licensee of any substantial change in the Service before the change becomes effective.
- The Licensor shall ensure that the Service is available to the Licensee 24 a day during the term of the Agreement. The Licensor does not guarantee that the Licensee’s usage of the Service is without interruptions or errors.
- The following disruptions in the uptime do not amount to the Licensor’s failure to provide the Service.
– for instance preventive maintenance, updates, or any other planned disruption in the Service.
– that is caused due to, for instance, unforeseen disruption in the Service, software failure, viruses, attack on security, emergency, or any other circumstance that demands the Licensor’s immediate maintenance.
– that is caused due to circumstance beyond the Licensor’s reasonable control, such as communication errors on internet or other private or public networks that is used to access the Service, disruptions as a result of failure in the Licensees equipment or software, error in an application or adjacent system or errors in other products or services or products from a third party or failure from the Licensee to fulfill an undertaking according to the Agreement.
- The Licensor shall create backups of data provided by the Licensee at reasonable intervals.
- If the Licensor fails to provide the Service as agreed, the Licensor’s sole responsibility shall be to, at the Licensor’s own cost, take reasonable measures to promptly remedy the provision of the Service. However, should the Licensee not be able to use the Service for a period longer than one week, the Licensee has the right to receive a reduction of the fee corresponding to the time during the term of the Agreement that the Licensee has not been able to use the Service. The Licensee shall not have the right to damages or any other claim towards the Licensor due to failure to provide the Service.
- The Licensor is not responsible for usage of the Service in a way that is in conflict with the Licensor’s instructions.
- The Licensor may use subcontractors to provide the Service and other commitments according to the Agreement. The Licensor is responsible for the work provided by the subcontractors as if the work had been provided by the Licensor.
The Licensor shall provide technical support on weekdays (that is not a public holiday in Sweden) from 09:00 – 17:00. Support means support by telephone or e-mail regarding technical or operational issues in order to try to remedy disrupting errors and failures in the Service.
- When using the Service, the Licensee, or a person authorized by the Licensee, provides data to the Licensor as part of the Service (hereinafter referred to as "Licensee Data"). The Licensee Data is, together with other information, used as a base to provide the Licensee with reports as part of the Service.
- The Licensee Data may be freely used by the Licensor on an anonymized basis. The Licensee Data is used to improve the Service and similar services provided by group companies of the Licensor.
Processing of personal data
- The Licensee Data may include personal data.
- When personal data is processed in relation to the Service, the Licensee is the controller of the personal data and therefore responsible for that processing of the personal data is in compliance with applicable data protection regulation.
- The Licensor is the processor of the personal data and shall only process personal data to provide the Service according to this Agreement, any specified instruction from the Licensee and to comply with applicable data protection regulation.
- The Licensor shall, as soon as processing of personal data no longer is required to provide the Service, anonymize the data in such a way that the data subject is no longer identifiable. The personal data shall be anonymized not later than five (5) years after the Licensee has ceased to license the Service.
- The Licensor shall take technical and organizational measures to ensure that personal data is protected in relation to the present risks and according to applicable data protection regulation. Personal data shall be kept confidential.
- Licensor shall only process personal data in the European Union and US.
- The Licensor shall assist the Licensee in fulfilling its obligations according to applicable data protection regulation and promptly notify the Licensee in cases of data breach.
- The Licensor shall comply with inspections and audits from official agencies according to applicable data protection regulation. If any registered or other third party demands access to the personal data processed by the Licensor, the Licensor shall refer such person to the Licensee.
The licensees undertakings
- The Licensee is responsible for keeping passwords and any other information provided by the Licensor for accessing the Service confidential. The Licensee shall immediately inform the Licensor if an unauthorized person has gained access to information according to this clause 7.1.
- The Licensee is responsible for having the required equipment and software to use the Service.
- The Licensee is responsible for the correctness of Licensee Data. The Licensee Data will have an impact on the reports that the Licensor will provide as part of the Service.
- The Licensee undertakes to only use the Service in accordance with this Agreement and instructions provided by the Licensor. In particular, the Licensee may not use the Service in a way that damages the Service, the Licensor or other licensees of the Service.
Intellectual property rights
- All intellectual property rights and other rights related to the Service are the Licensor’s property and no ownership of intellectual property rights is transferred in this agreement.
- Nothing in this Agreement shall constitute a transfer of any intellectual property rights or other similar rights to the Licensee, other than to use the Service as expressly stated in this Agreement.
- Reports and similar outputs generated as part of the Service and made available to the Licensee may be freely used by the Licensee.
Fee and payment terms
- The fee for the Service is the fee stated on the Licensor’s public website at the time this Agreement was entered into.
- The Licensee can, after entering in to the Agreement, increase the number of users and order additional services from the Licensor within the scope of the Service. The fee for additional users and/or services follows from the Licensor’s public website at the time of the increase or order.
- The Licensor will invoice the Licensee by electronic invoice. Payment is due thirty (30) days from the date of the invoice. The Licensor will invoice the Licensee when the Agreement has been concluded or when the Licensee increases the number of user and/or services.
- If the Licensee fails to pay, the Licensor shall be entitled to interest at the rate set forth in the applicable law.
Both Parties commit to not without consent from the other Party, during the term of the Agreement and five (5) years thereafter, disclose information about the other Party’s business that can reasonably be considered a business or trade secret. Information that a Party has labeled as confidential shall always be considered a business or trade secret. This confidentiality obligation does not include information that a Party can prove has become known to that Party in any other way than through the assignment or that is publicly known. The confidentiality obligation shall not be applicable when a Party is obliged by law to disclose the information.
Limitation of liability
- The Licensor shall only be held liable for direct damages relating to a breach of the Agreement in cases of intentional breach of the Agreement or breach by gross negligence.
- The Licensor shall under no circumstances be held liable for indirect or consequential damages.
- If a claim is directed towards the Licensor from a third party as a result of the Licensee’s use of the Service, the Licensee shall indemnify the Licensor for all damages suffered by the Licensor.
Term and termination
- The Licensee’s registration on the Licensor’s self-service site and the Licensee’s approval of this Agreement is an offer to the Licensor and this Agreement shall enter into force when the Licensor has approved the Licensee’s registration, activated the license and sent a confirmation to the Licensee.
- The term of the Agreement shall follow the Licensee’s request, if agreed by the Licensor.
- Both Parties have the right to terminate the Agreement with immediate effect
- if the other Party commits a material breach of any of its obligations under the Agreement or
- if the other Party becomes bankrupt, enters composition negotiations, reorganization or otherwise becomes insolvent.
- The Licensor has the right to terminate the Agreement with immediate effect if the Licensee use the Service in contradiction with this Agreement or in a way that can result in damages to the Service, the Licensor or other licensees of the Service.
- Notifications according to this Agreement shall be sent by e-mail and shall be considered delivered when the e-mail has been sent.
- Notifications to the Licensor shall be sent to the following e-mail address: firstname.lastname@example.org.
- Notifications to the Licensee shall be sent to the e-mail address that has been registered by the Licensee.
- Neither Party shall have the right to assign any of its rights or obligations under the Agreement without prior consent from the other Party.
- Notwithstanding the above, the Licensor shall have the right to assign its right to receive payment according to the Agreement without consent from the Licensee as well as assign its rights and obligations to a party within the same group of companies as Licensor.
The Licensor has the right to amend this Agreement at its sole discretion. The Licensor shall notify the Licensee about amendment at least thirty (30) days before the amendment comes into effect.
Neither Party shall be liable for any failure in performing its obligations under the Agreement to the extent that and for so long as the failure results from any cause or circumstance whatsoever beyond its reasonable control or that the Party not reasonably could have prevented, such as war, governmental actions, new or amended legislation, labor disputes or strikes, trade or currency restrictions, fire, flood or failure or delay to perform by a subcontractor.
Applicable law and dispute resolution
- This Agreement shall be exclusively governed by and construed in accordance with the substantive laws of Sweden, excluding its conflict of laws principles.
- Any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Rules for Expedited Arbitrations of the Arbitration Institute of the Stockholm Chamber of Commerce. The seat of arbitration shall be Stockholm. The language to be used in the arbitral proceedings shall be Swedish or, if the Licensee so requests, English.
- The Parties undertake and agree that all arbitral proceedings conducted with reference to this arbitration clause will be kept strictly confidential. This confidentiality undertaking shall cover all information disclosed in the course of such arbitral proceedings, as well as any decision or award that is made or declared during the proceedings. Information covered by this confidentiality undertaking may not, in any form, be disclosed to a third party without the written consent of the other Party. This notwithstanding, a Party shall not be prevented from disclosing such information in order to safeguard in the best possible way its rights vis-à-vis the other Party in connection with the dispute, the enforcement of an award or if such a right exists pursuant to statute, regulation, a decision by an authority, a stock exchange contract or similar.
BoardClic AB ( "BoardClic") is classed as data controller for the processing of your personal data.
Grev Turegatan 18
114 46 Stockholm
Telephone: +46 70 606 63 64
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
Personal data is all data that relates to an identified or identifiable physical person. This includes, for example, name, age, address, telephone numbers, IP-address and user behaviour. Data that cannot be related to you as a person does not constitute personal data.
The processing of personal data must always be based on a specific purpose and have legal support - a so called legal basis. A legal basis may, for example, be the treatment to fulfil an agreement, consent or legitimate interests pursued by the data controller. Personal data should only be processed during the time it is necessary to fulfil the purpose of the treatment.
OUR PROCESSING OF PERSONAL DATA
Visiting the website
When you visit our website, data is automatically collected from the call-off computer system. Temporary storage of this information is necessary for us to provide our website to you, and the legal basis of the processing is our legitimate interest in this. The data is deleted when the purpose of the treatment has been achieved. Information processed to make our website available to you is only stored during the time you visit the website.
Information that is being collected is: IP-address, internet operator, operating system, device type, date and time for access, location.
Registration as a licensee
Licensees may register and, in connection with the registration, submit personal data to us. The purpose of the processing is to be able to provide our services and enable the licensee to utilise our services. This information is processed based on the agreement we have with you made in connection with the registration. The information is processed during the time the licensee is registered and for a period of five years after de-registration takes place.
The information that is processed is: name, username, e-mail and company affiliation.
Usage of our services
By the usage of our services, we process personal data about board members or other executives of the company to which the service relates, as personal data assistants. Information and consent from board members or other executives is obtained by the user. Companies that are users of our services are data controllers for the processing of this data. We only process the information based on the instructions of the person who is data controller for personal data and in accordance with a personal data processing agreement.
Data that is being processed is: name, user name, e-mail address, roles, competencies, company affiliation and the responses stated on the form or survey by the registered subject.
Collected data may be supplemented by data that can be obtained through publicly available sources, for example via a search engine. When using our services, we do not request so-called special categories of personal data, however, please note that users may enter this personal data to us by choice as replies in a form.
Processing of personal data is the same for users to customers who only try our services, as for users to customers who are licensees.
DATA SECURITY AND BACK-UP
We use Heroku EU as the infrastructure for the product. It's a secure cloud services platform. Heroku’s physical infrastructure has been accredited under ISO 27001, 27017, 27018, SOC 2, PCI Level 1, HIPAA. On top of Heroku’s infrastructure, we have built extra layers to ensure the applications and data are protected and always accessible. Apart from security controls, we have also built data redundancy by running daily backups (retained up to 8 weeks).
We apply secure coding practices and ensure the app is at least being covered against the OWASP Top 10 (Most Critical Web Application Security Risks). The code undergoes frequent third-party security assessment tools to catch security bugs.
Only authorised employees/consultants have access to our production infrastructure. All the key authentication information is protected by two-factor authentication.
PROCESSING OF DATA OUTSIDE THE EU / EEA
If your personal data is processed outside of the EU / EEA, we ensure, for example through contract terms, that the processing meets a sufficient level of protection or to obtain your consent for the processing. Your personal data will be processed within the EU / EEA. Your data may come to be processed in the US, unless specifically requested by you.
AUTOMATED DECISIONS INCLUDING PROFILING
For the usage of our services, we may use automated decisions and profiling. In the case of automated decisions and profiling, we will obtain consent in connection with the collection of your personal data.
PERSONAL DATA ASSISTANTS
We use Mailchimp for the handling of newsletters to our customers.
You can read more about Mailchimp and their processes for handling personal data through the following link: https://mailchimp.com/about/security/.
We use Heroku as the production environment for hosting the Boardclic application.
You can read more about Heroku and their processes for handling personal data through the following link: https://www.heroku.com/policy/security
Amazon Web Services
We use Amazon Web Services EU for data storage and transactional email service.
You can read more about Amazon Web Services and their processes for handling personal data through the following link: https://aws.amazon.com/privacy/
We use Google Analytics for tracking and analyzing user behaviour.
You can read more about Google Analytics and their processes for handling personal data through the following link: https://www.google.com/analytics/terms/us.html
We use Google ReCaptcha for filtering spam and abuse on our web solution.
You can read more about Google ReCaptcha and their processes for handling personal data through the following link: https://policies.google.com/privacy?hl=en
We use Hotjar for tracking and analyzing user behaviour on our web application.
You can read more about Hotjar and their processes for handling personal data through the following link: https://www.hotjar.com/legal/policies/privacy
We use Mixpanel to track and analyze user behaviour on our web application.
You can read more about Mixpanel and their processes for handling personal data through the following link: https://mixpanel.com/legal/terms-of-use/
As a registered person you have following rights regarding the processing of your personal data.
- You have the right to request information about the processing of your personal data. The information may include the purposes of the processing, categories of personal data and anticipated period of time for which the data will be stored.
- You have the right to have incorrect information deleted or corrected.
- Under certain conditions you have the right to have your information deleted.
- Under certain conditions you have the right to limit the processing of your personal data.
- You have the right to obtain the personal data you have provided to BoardClic in a structured, generally used and machine-readable format.
- You have the right to have your personal data transferred to another data controller.
- You have the right to object to processing based on a legitimate interest.
If you are displeased with how we process your personal data, you are welcome to contact us at the following address:
Grev Turegatan 18
114 46 Stockholm
Telephone: +46 70 781 78 28
You also have the right to lodge complaints to a supervisory authority. The responsible supervisory authority in Sweden is:
104 20 Stockholm
Telephone: 08-657 61 00
Fax: 08-652 86 52
Cookies are small text files that are sent to your computer from a website. The text files store information about your use of the site. According to the Electronic Communications Act (2003:389), data can be retrieved from or stored in a user’s terminal only if the user gives consent to the processing and is given information about the purpose of the processing.
PURPOSE OF USE
Cookies are also used to collect statistics on how our visitors use the website. The statistics are used to improve the website and to develop our services.
FOR HOW LONG ARE COOKIES STORED
There are permanent cookies and session cookies. Session cookies are storied during the time that you have your browser open and disappear when you close said browser. Permanent cookies are stored on your computer and can be saved for a long time and allow the website to recognise you as a user.
BoardClic uses web-analytics cookies and so-called monitoring cookies.
Third-party cookies mean that the cookie comes from another party other than the one responsible for the website. Third-party cookies are normally used for statistics and advertising. BoardClic uses the following third-party cookies:
- Google Analytics
PERSONAL DATA PROCESSING