General Terms & Conditions Infobric Ease
2018-11-23: Infobric publishes updated Terms and Conditions (see below) effective from November 23, 2018
These general terms and conditions (”General Terms and Conditions”) refer to the services of Infobric Ease.
The following definitions have the following meanings in the Agreement:
“App” refers to the Infobric Ease CheckIn mobile application that Infobric provides as part of the Service and other mobile applications that Infobric may provide as part of the Service.
“Agreement” refers to the agreement that the Customer has entered into in order to gain access to the Service, including these General Terms and Conditions.
“Access point” refers to the point where the Service is connected to a public electronic network.
“Documentation” refers to documentation that Infobric provides with respect to the Service. The documentation may be in printed form, in the form of a help section in the Software or it may be available via the Internet or otherwise, as indicated by Infobric.
“Intellectual Property Rights” refer to all forms of intellectual and industrial property rights such as copyright, database rights, source code, patents and patentable inventions, registered and unregistered trademarks, know-how (whether this in itself may constitute a patentable invention or not), registered and unregistered designs.
“Licence” refers to the right that Infobric grants to the Customer in accordance with the Agreement to use the Service and the Software.
“Local Application” refers to locally installed software provided by Infobric that forms part of the Service.
“Software” refers to the Software, the Local Application and the App.
“Personnel” refers to persons working on a working site under the Customer’s supervision and who are invited to use the Service by the Customer or their employer or the contracting authority.
“Software’ refers to the Software that Infobric provides as a service over the Internet and which constitutes the main component of the Service.
“Service” refers to the service of Infobric Ease as described in the Service Description and which is provided mainly by means of the Software.
“Service Description” refers to the description of the Service as given in these General Terms and Conditions, alternatively, from time to time, published on Infobric’s website.
3. Access Rights
3.1. Under the Agreement, the Customer is granted a non-exclusive, non-transferable and non-sub-licensable licence that cannot be licensed to others except as expressly set out in these General Terms and Conditions, and, for the term of the Agreement only, a valid licence to, against payment of the contractual fees (I), use the Software as a service over the Internet (ii) use the Local Application locally installed for its internal use in the manner described in the Agreement, and (iii) give Personnel the right to use the App in accordance with the specific terms and conditions that apply to the App and that must be approved by the Personnel before the Personnel are given access to the App.
3.2. The Customer is only given access to use the Software as a service over the Internet and thus has no right to carry out a private installation of the Software (whether itself or through third parties), or otherwise dispose of copies of the Software.
3.3. The Customer’s right to use the Software is limited to what is expressly stated in the Agreement.
3.4. The Customer shall notify Infobric which persons own to act for the Customer in different matters. No other system administrators than those named by the Customer to Infobric are authorised to administer the Customer’s use of the Service. Only the authorised representative of the Customer or the system user designated by the Customer, as notified to Infobric, have the right to request that a certain person be assigned authorisations to the Software by Infobric. Customer can give Infobric an equivalent authority.
3.5. The Customer does not have the right to:
i. use the Service for purposes other than those for which it is intended under this Agreement;
ii. provide the Service for use by third parties, for example, for so-called “time sharing”, as a service, as a service bureau arrangement or otherwise;
iii. decompile or otherwise attempt to ascertain the Software’s function;
iv. “hack” the Software, introduce viruses, Trojan horses or other malicious or unwanted code (so-called “malware”) into the Software or, through a disproportionate number of requests to the servers on which the Software is provided, to obstruct or limit the use of the Software for third parties.
4. Support and Maintenance
Infobric develops and updates the Service on a regular basis. For the Local Application Infobric provides updates for downloading or as otherwise communicated to the Customer, as necessary.
5. Intellectual Property Rights
5.1. All Intellectual Property Rights and all other rights in or with respect to the Service and the Software belong to Infobric or, where applicable, Infobric’s licensors.
5.2. Nothing in this Agreement shall constitute an assignment or transfer of any Intellectual Property Rights or other rights in the Service, or the Software.
5.3. Data that the Customer processes and that is created by the Software as a result of the Customer’s use shall be the property of the Customer. Infobric has the right to use the Customer’s data to the extent that is necessary to perform its obligations under this Agreement. Infobric also has the right to use, without limitation, information about the functions, performance and capacity of the processes and other statistics or similar information based on the Service’s processing of the Customer’s data. Infobric also has the right to offer companies whose staff attendance times are registered in the Service access to location data in respect of their employees, with the restriction, however, that they may only view attendance times and information about their own employees.
6. Infringement of Rights
6.1. If the Customer receives a claim from a third party alleging that the Service or the Software infringes such third party’s Intellectual Property Rights, Infobric undertakes to indemnify the Customer against such third party’s claim in respect thereof, provided that (i) the Customer immediately notifies Infobric that the claim has been received, (ii) that the Customer gives Infobric full control and authority regarding a defence or negotiation of the claim, (iii) that the Customer has not given any consent, come to any settlement or otherwise affected Infobric’s opportunity to defend or negotiate a settlement of the claim, and (iv) that the Customer contributes to a reasonable extent to Infobric’s defence or negotiation of the claim. It is also a prerequisite of Infobric’s obligation to indemnify the Customer under this paragraph that the Customer has installed all updates that Infobric has made available to the Customer and that the Customer has only used the Service for its intended purpose, unless damage has otherwise been incurred.
6.2. If Infobric has received a claim as described in Paragraph 6.1, or if Infobric believes that a risk of such claims exists, Infobric has the right to take any of the following actions:
i. ensure that the Customer is given the right to continue to use the Service,
ii. implement changes so that the Service or the Software can no longer be considered to be infringing or,
iii. if neither (i) or (ii) can be achieved on conditions that Infobric considers reasonable, terminate this Agreement with immediate effect and discontinue the Customer’s ability to use the Service or the Software.
6.3. The Customer is not entitled to compensation if Infobric takes action under (i) – (iii) above, with the exception, however, that the Customer, in the event of termination under (iii) above, has the right to receive a portion of the fee paid in return, at the amount corresponding to the period of the current agreement period for which the Service or the Software cannot be used in relation to the period for which compensation has been paid, however, up to a maximum of fifty (50) per cent of the fee paid.
6.4. If Infobric receives a claim from a third party alleging that the Service or the Software infringes such third party’s Intellectual Property Rights, the Customer undertakes to indemnify Infobric against such third party’s claim, provided that (i) Infobric immediately notifies the Customer that the claim has been received, (ii) that Infobric gives the Customer full control and authority regarding a defence or negotiation of the claim, (iii) that Infobric has not given any consent, come to any settlement or otherwise affected the Customer’s opportunity to defend or negotiate a settlement of the claim, and (iv) that Infobric contributes to a reasonable extent to the Customer’s defence or negotiation of the claim.
7. Preparation, Start-up and Provision
Infobric shall provide instructions to the Customer about the actions the Customer must take in order to be able to connect to the Service and commence usage of the Service from the agreed day.
8. The Responsibility of the Customer
8.1. The Customer shall provide information for Infobric’s work at the start-up of the Service, review the documents and communicate the decision, and also continuously provide the information that is necessary for Infobric to be able to implement its commitments under the Agreement.
8.2. The Customer is responsible for communication between the Customer’s hardware and the Access Point and for providing the equipment and software required for the use of the Service in accordance with the instructions provided by Infobric.
8.3. The Customer shall ensure (i) that the Customer’s data is free from viruses, Trojans, worms or other malicious software or code, (ii) that the Customer’s data is in the agreed format, and (iii) that the Customer’s data may not otherwise harm or adversely affect the Software or Service.
8.4. The Customer is responsible for ensuring that the login information, security methods and other information that Infobric provides for access to the Service are handled in confidence. The Customer shall notify Infobric immediately in the event that any unauthorised person has knowledge of such information.
8.5. The Customer’s responsibility under this Agreement shall also apply, in the appropriate parts, to any use of the App. The Customer is also responsible for actions taken by Personnel through use of the App.
9. Specific Terms and Conditions of the Service
9.1. The following applies in particular to the provision of the Service, in addition to what may be specified elsewhere in the Agreement:
9.2. The user information and passwords used to gain access to the Service are regarded as a valuable document and, if they are recorded, should be stored securely so that unauthorised persons are unable to gain access to the Service.
9.3. Infobric is only responsible for the Service up to the Access Point.
9.4. Infobric has the right to regard all use of the Service with the Customer’s user details as authorised use by the Customer, irrespective of whether the Customer incurs expenses in such use, unless and until the Customer notifies Infobric’s support or Customer service that the Customer suspects that an unauthorised person has gained access to the Service or the Customer’s password. It is the responsibility of the Customer to notify Infobric’s support or customer service immediately if the Customer suspects that this may be the case, and to ensure that the Customer’s user details are blocked or changed.
10. Interruptions and Defects
10.1. Infobric shall work to ensure that the Service is available for Customer’s use 24 hours a day, every day of the year. Infobric has the right, however, to suspend the Customer’s access to the Service at any time and without prior notice for maintenance, in order to protect the Service from unauthorised attacks or similar, or to take such other action as is required for technical, operational or security reasons. Infobric shall, however, inform the Customer as far as possible when such interruptions may occur.
10.2. A defect exists when the Service does not conform to the Service Description.
10.3. Infobric updates and rectifies defects with respect to the Service on an ongoing basis.
10.4. If the Customer wishes to complain about a defect in the Service, the Customer shall notify Infobric in writing as soon as possible, but no later than 15 days after the defect is discovered, or should have been discovered, and provide a detailed description of what constitutes the defect. Infobric’s responsibility for defects is limited to taking reasonable steps within a reasonable time frame, remedying the defect to ensure that the Service once again conforms with the Service Description.
10.5. The Customer is not entitled to a reduction of the fee or other remuneration or compensation in the event of a lack of access to the Service, a defect or other interruption to the Service.
11. Limitation of the Service, Changes
11.1. In the event that the provision of the Service results in harm or the risk of harm to Infobric or another party, Infobric has the right to disable or restrict access to the Service. In so doing, Infobric may not take measures that are more stringent than what is justifiable in the circumstances. The Customer shall be informed of the restriction of access to the Service as soon as possible.
11.2. Infobric has the right to restrict or disable access to the Service for the Customer if the Customer breaches the terms and conditions of this Agreement.
11.3. Infobric has the right to implement changes to the Service by giving 30 days’ notice thereof. The Customer may be required to acquire new software, hardware or other equipment as a result of such changes in order to continue using the Service. The Customer shall bear the costs of such new software, hardware or other equipment itself, as well as other expenses as a result of the change. If the Customer incurs costs occasioned by the change, or if the Customer otherwise suffers obvious disadvantage as a result of the change, the Customer has the right to give notice to terminate the Contract by the date on which the change is to enter into force. The Customer shall give Infobric such notice no later than 15 days before the change is to enter into force. Otherwise the Contract continues, and the change is valid between the Parties.
12. Infobric Ease CheckIn
12.1. Infobric provides the App as an addition to the Service. The use of the App is optional and not necessary for the Customer to be able to use the Service.
12.2. When Personnel use the App, data is stored in the App and forwarded to the Service.
13.1. The Customer shall pay fees for its use of the Service and the Software in accordance with the agreed payment terms. Infobric has the right to change the fees in accordance with the agreed payment terms.
13.2. In the event of late payments, a late payment penalty interest amount, as specified in the law on interest (1975:635), is payable on the outstanding amount until full payment is made. In addition, Infobric has the right, in case of payment default, to suspend the Customer from use of the Service, without prior notice, until full payment is made.
14. Processing of Personal Data
14.1. The terms and conditions that shall apply in respect of Infobric’s processing of personal data in the capacity of personal data processor on behalf of the Customer are stated in Annex 1 to these General Terms and Conditions.
14.2. Infobric shall have the right to process personal data concerning the Customer’s contact persons and system users that Infobric may acquire in connection with the Agreement, including names and contact details. The purpose of Infobric’s processing is to enable the implementation of the Parties’ respective obligations and cooperation under the Agreement, such as the administration of the contractual relationship, the provision of information and other communication regarding the Service. The processing of personal data by Infobric will be supported by a balance of interests in order to meet Infobric’s legitimate needs in managing the contractual relationship with the Customer. The Customer is obliged to ensure that the Customer’s employees whose personal data are processed by Infobric have received information on Infobric’s processing of personal data in accordance with this paragraph.
14.3. Infobric is the personal data controller for its own processing of the personal data of the Customer’s employees. In principle, Infobric only saves the personal data that Infobric processes for the duration of the contractual relationship. Infobric may, however, save the personal data for the additional time that is necessary should Infobric be required by law or agreement to save the data, or for Infobric to be able to establish, defend or exercise a legal claim. When the personal data are no longer necessary for these purposes, Infobric will anonymise or delete the data securely. A data subject has the right to request that inaccurate or incomplete personal data concerning him or her are corrected. Furthermore, a data subject has the right to request to receive information if Infobric processes any personal data concerning the data subject and, if such is the case, access to the personal data relating to him or her. The data subject has the right to submit a complaint about Infobric’s processing of personal data to the Data Inspection Authority. The data subject has, in addition to the above rights and where provided for by applicable data protection legislation, the right to request a limitation of the processing, the right to deletion, the right to object to certain processing of personal data, and the right to data portability. If the data subject wishes to exercise any of his or her rights as stated above, or has any questions about Infobric’s processing of personal data in accordance with this provision, the data subject may contact Infobric by sending an e-mail to firstname.lastname@example.org.
15. Statistics and Anonymised Data
15.1. Infobric has the right to anonymise all data in the Service. Anonymisation should be carried out in such a way that it is not possible to convert the data back to personal data.
15.2. Infobric owns all property rights to the anonymised data and has the right to use and store data without limitation in time.
15.3. Infobric also has the right to use all other data within the Service for statistical purposes.
16. Limitation of Liability
16.1. A party’s liability shall be limited to direct damages in a total amount of twenty (20) per cent of the fee for the Service or the Software per calendar year, however a maximum of a price base amount as stipulated by the Social Insurance Code (2010:110) and in force at the time of the occurrence. A party shall not be liable for the counter-party’s own indirect losses, such as loss of profit. In the event that the damage has arisen as a result of gross negligence or intent, no limitation of liability shall apply. Nor shall any limitation of liability apply to breaches of the licensing conditions stated in Paragraph 5 for the party’s obligation to compensate the counter-party for infringement of third-party rights in accordance with Paragraph 5, or to breaches of the duty of confidentiality referred to in Paragraph17.
16.2. Infobric is not liable for loss of data except for the loss of data caused by Infobric’s negligence in carrying out backups or storage in accordance with the Service Description. In the event of such liability, Infobric shall restore the lost data to the best of its ability and to the extent that this is possible. The above constitutes Infobric’s full liability for any loss of data.
16.3. In order not to lose its right to compensation for damages, the Customer shall present a claim for damages to Infobric in writing within six (6) months of the date of the incident.
17.1. Each party undertakes not to disclose information about the other party’s business activities that may be considered business or trade secrets to a third party without the consent of the other party for the term of the Agreement or for a period of three years thereafter. Information that the party identifies as confidential shall always be regarded as business or trade secrets. The duty of confidentiality does not apply to information that a party can show to have become aware of other than through the assignment or that is commonly known. The duty of confidentiality does not apply if a Party is required to disclose information by law.
17.2. The Parties shall ensure that confidentiality is observed in accordance with the above by having confidentiality agreements with personnel or other appropriate measures. The Parties are responsible for ensuring that subcontractors and their employees affected by the assignment sign a confidentiality agreement with similar content for the benefit of the other party.
18. Advance Notice of Termination
18.1. Each Party has the right to terminate the Agreement with immediate effect if:
18.2. the other Party commits a material breach of the Agreement and such breach is not fully rectified within thirty (30) days of receipt by the breaching Party of a written notice from the other Party with a request for rectification;
18.3. the Parties do not reach an amicable solution in accordance with Paragraph 6.2 of Annex 1 within thirty (30) days, or such later time as the Parties agree in writing, of the date such discussions are initiated in writing; or
18.4. the other Party suspends its payments, enters into voluntary or involuntary liquidation, applies for company reorganisation or bankruptcy (or if another party applies for bankruptcy of the Party) or if a Party may otherwise be deemed to be insolvent.
18.5. If Infobric resolves to cease the offer and provision of the Service to the market, Infobric has the right to terminate the Agreement, with due observance of a notice period of at least three months.
18.6. If the Agreement is terminated, the Customer shall cease all use of the Service and the Software immediately, unless otherwise stipulated in the main agreement document.
18.7. Upon termination of the Agreement, Infobric shall, at the Customer’s request, store a backup of the Customer’s data, where applicable, for a period of ninety (90) days from the date of termination of the Agreement, and provide assistance to the Customer with a view to transferring such data in accordance with the Customer’s instructions. Such services are provided by Infobric in accordance with the terms of Infobric’s currently applicable agreement for services, and on condition that the Customer pays Infobric the currently applicable fees. Request for back up storage shall be made by the Customer no later than thirteen ((13) days after this Agreement has expired.
19. Force Majeure Circumstances
19.1. A Party is exempt from the requirement for penalty for the failure to perform obligations under this Agreement if the failure is due to circumstances beyond the party’s control and which the Party could not reasonably foresee or avoid, such as war, act of a public authority, new or amended legislation, conflict on the labour market, trade or currency restrictions, embargo, fire, flood or similar circumstance, and also defects in or delay of deliveries from subcontractors.
19.2. It is the responsibility of the Party wishing to invoke force majeure circumstances under this clause 19 to notify the other Party without delay of the occurrence thereof, as well as its termination.
19.3. Regardless of what is stated regarding the exemption from penalties19 in this paragraph, a Party has the right to terminate the Agreement with immediate effect, without incurring a penalty, by giving written notice to the other Party, if the fulfilment of a material obligation under this Agreement is delayed by more than three months.
20.1. Neither of the Parties has the right to assign or pledge its rights and/or obligations, wholly or partly, under this Agreement without the other party’s written approval. Infobric has the right, however, to assign its receivables from the Customer to a third party.
20.2. Notices in connection with this Agreement shall be given in writing.
20.3. Amendments and additions to this Agreement shall be valid only if made in writing and signed by both Parties. This can also be done by electronic signature. Furthermore, the Customer’s use of new or modified Services and Products constitutes an acceptance of any potential supplementary terms and conditions in relation thereto.
20.4. Infobric has the right, however, to amend this Agreement by reason of any changes in mandatory legislation, by giving twenty (20) days’ notice thereof.
21. Disputes and Applicable Legislation
21.1. This Agreement shall be governed by Swedish law.
21.2. Any disputes arising out of this Agreement shall be settled conclusively by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (”the Institute”). The institute’s Rules for Simplified Arbitration Proceedings shall apply unless the Institute decides, in taking the complexity of the case, the amount in dispute and other circumstances into consideration, that the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce shall be used in the proceedings. In the latter case, the Institute shall also decide whether the arbitration panel should consist of one or three arbitrators.
21.3. Notwithstanding Paragraph 21.2, Infobric shall, however, always have the right to recover the payment of overdue claims at a court of general jurisdiction.
Sub-annex 1A: PERSONAL DATA PROCESSOR AGREEMENT
1.1. The Customer is the personal data controller for all personal data processing that is carried out by means of the Service or the Software, unless otherwise specified in this Agreement. Infobric will, as part of the Service, process personal data on behalf of the Customer in the capacity of personal data processor. The object of the processing, the duration of the processing, its nature and purpose, the type of personal data and categories of data subjects affected by the processing are described in more detail in Sub-annex 1. The Customer is responsible for ensuring that all processing of personal data is carried out in accordance with the currently applicable privacy laws, including the Data Protection Regulation (EU 2016/679) (“Applicable Legislation”) on that date.
1.2. Paragraph 1.2 only applies if the Customer’s operations giving rise to the personal data processing are conducted in Sweden. When the Customer invites subcontractors to use Infobric’s equipment by providing Infobric’s equipment on a work site in order to fulfil its obligation to be registered in a personnel ledger, the subcontractor is responsible for its Personnel data in the Service. The Customer is the personal data processor for its subcontractor’s processing of personal data and a personal data agreement should therefore be concluded between the subcontractor and the Customer with content similar to that of the Personal Data Processor Agreement. In the event that the Customer provides equipment on behalf of a builder, the Customer is similarly the personal data processor for the builder’s personal data processing and must enter into a personal data agreement with the builder. Infobric has the role of the Customer’s sub-processor in relation to the subcontractor and the builder. The Customer is responsible for obtaining instructions from the subcontractor and the builder for Infobric’s processing of personal data, and for ensuring that the sub-processor and the Customer function in general as a point of contact in the fulfilment of Infobric’s obligations under the Applicable Legislation towards the subcontractor and the builder. The terms and conditions of the Agreement in respect of Infobric’s role as a processor of personal data shall also apply to the role of sub-processor of personal data.
2. Infobric’s General Obligations
2.1. Infobric shall only process personal data in its capacity as data processor in accordance with Customer’s written instructions pursuant to this Agreement, and the additional documented instructions provided by the Customer from time to time.
2.2. If Infobric is not given instructions that Infobric deems necessary to carry out its assignment, Infobric shall inform the Customer without delay and await further instructions. If Infobric finds that an instruction contravenes the Applicable Legislation, Infobric shall inform the Customer of this without undue delay.
2.3. Regardless of what is stated in Paragraph 2.1 above, Infobric has the right to process personal data to the extent that it is necessary for Infobric to be able to meet the obligations that Applicable Legislation imposes on Infobric from time to time, such as compliance with injuctions from authorities. Infobric must, however, inform the Customer of the legal obligation before such processing is carried out, unless mandatory legislation prevents Infobric from providing such information.
2.4. If anyone requests information from Infobric concerning the Customer’s processing of personal data, Infobric shall refer to the Customer. Infobric may not disclose personal or other information about the processing of personal data without a written instruction from the Customer. Infobric does not have the right to represent the Customer or act on behalf of the Customer vis-à-vis any third party, including the Swedish Data Inspection Authority.
3. Technical and Organisational Measures
3.1. Infobric shall take the technical and organisational measures required under the Applicable Legislation to protect the personal data processed in the Service.
3.2. Infobric shall, at the Customer’s request, provide the Customer with the necessary information that Infobric has available for the Customer to be able to fulfil its obligations, if applicable, to carry out an impact assessment and prior consultation with the relevant supervisory authorities regarding the processing that Infobric carries out on behalf of the Customer as part of the Service.
3.3. Infobric shall assist the Customer as far as possible by taking the appropriate technical and organisational measures to enable the Customer to meet its obligation to respond to a request from a data subject to exercise his or her right, of which the data subject is assured under the Applicable Legislation.
3.4. Infobric shall ensure that access to personal information is restricted only to the staff of Infobric who need access in order for Infobric to be able to meet its commitments vis-à-vis the Customer. Moreover, Infobric shall ensure that such authorised staff respect the duty of confidentiality as described in the Paragraph 8 below.
4. Personal Data Incidents
4.1 In the event of a personal data incident (as defined in the Applicable Law), Infobric shall notify the Customer in writing as soon as possible after Infobric is made aware the incident. The notification shall contain information about the nature of the incident, the categories and number of data subjects and personal data items affected, the likely consequences of the incident, and a description of the measures Infobric has taken (if any) to limit any negative effects of the incident. If this is not possible, it is not necessary to notify all of the information at the same time, as Infobric will provide the Customer with the information as soon as it becomes available to Infobric.
4.2. If a personal data incident is likely to present a risk to the personal privacy of the data subjects, Infobric shall take appropriate remedial measures to prevent or limit any negative effects of the incident as far as possible immediately after Infobric is made aware of the incident.
5. Access to Information
5.1. Infobric documents on an ongoing basis the measures it has taken to fulfil its obligations under this Personal Data Processor Agreement. The Customer is entitled to view the latest version of such documentation, on request.
5.2. Moreover, Infobric shall enable and assist the Customer, or a third party appointed by the Customer, to carry out a review, including inspection, of the technical and organisational measures that Infobric takes in order to meet its obligations under this Personal Data Processor Agreement. Infobric shall be informed of such review in writing at least thirty (30) days in advance. All costs of the review shall be borne by the Customer, including any costs incurred by Infobric in its participation in the review. The Customer shall ensure that any third party who conducts the review on behalf of the Customer shall observe a duty of confidentiality that is no less restrictive than that described in Paragraph 8 below.
6. The Hiring of Sub-processors
6.1. The Customer hereby gives it consent that the subcontractors hired by Infobric, as indicated on the website specified by Infobric from time to time, may process personal data on behalf of the Customer in connection with the Service (“Sub-processors”). Infobric shall enter into a personal data processor agreement with the Sub-processor. Such personal data processor agreement shall contain provisions corresponding to what is stipulated in this Annex 1.
6.2. If Infobric intends to hire a new Sub-processor, Infobric shall inform the Customer of the identity of the Sub-processor (including full company name, company number and address), the location (geographical) where the Sub-processor will be processing the personal data, and the type of service the Sub-processor provides. The Customer has the right within two weeks to object to Infobric’s hiring of the Sub-processor for the processing of personal data on behalf of the Customer, in which case Infobric and the Customer shall jointly seek a consensus and otherwise this Agreement can be terminated in advance in accordance with the General Terms and Conditions.
7. The Transfer to and Processing of Personal Data outside the EU/EEA Area
7.1. The Customer hereby gives its consent for Infobric to transfer, where appropriate, the Customer’s personal data outside the EU/EEA-area. Such transfer may only occur, however, if (i) the country has an adequate level of protection for personal data, according to the decision announced by the EU Commission, which covers the processing of personal data, (ii) if Infobric ensures that there are appropriate safeguards in place, such as standardised data protection provisions, as adopted by the EU Commission, or (iii) if any other exception to the Applicable Legislation enables the transfer to be made.
8.1. Without prejudice to the duty of confidentiality referred to in Paragraph 17 of the Agreement, the following shall also apply.
8.2. Infobric shall keep the personal data processed on behalf of the Customer strictly confidential. Infobric shall not disclose any personal information to third parties, directly or indirectly, unless the Customer has approved this in writing, unless Infobric is required to disclose personal information by law, or if it is necessary to do so for the performance of the Agreement. Infobric agrees that this duty of confidentiality shall continue to apply even after termination of the Agreement.
8.3. The Customer undertakes to keep all information the Customer receives in respect of Infobric’s security measures, procedures, IT systems, or which is otherwise of a confidential nature, strictly confidential, and further undertakes not to disclose any confidential information derived from Infobric or its Sub-processor to any party this information does not concern. The Customer has the right, however, to disclose such information as the Customer is obliged to disclose in accordance with the law or the Agreement. The Customer agrees that this duty of confidentiality shall continue to apply even after termination of the Agreement.
9.1. In the event that Infobric incurs damage or has a claim brought against it as a result of Infobric’s processing of personal data in accordance with the Customer’s instructions, or as a consequence of a breach by the Customer of Paragraph 1.2, the Customer shall indemnify Infobric against all damages arising as a result thereof. Infobric is liable, however, for the fulfilment of the Sub-processor’s obligations to the Customer if the Sub-processor fails to meet its obligations. Any limitation of liability under this Agreement shall not apply in respect of the Customer’s liability under this Annex 1.
9.2. If the Customer’s additional documented instructions regarding the processing of personal data are not supported by the Service or otherwise included in Infobric’s commitments under the Agreement and which Infobric could not reasonably have expected, and Infobric incurs additional costs as a result of these requirements, Infobric has the right to choose either to terminate the Agreement with immediate effect or, alternatively, receive compensation from the Customer for these costs.
10. Termination of the Agreement
10.1. Upon termination of this Agreement, Infobric shall either return or delete all of the personal data that Infobric has processed on the Customer’s behalf, as the Customer chooses. If the Customer does not make such a request within fourteen (14) days of the cessation of the processing, Infobric shall delete the personal data. If the Customer has requested back up storage according to Paragraph 18.7 in the General Terms and Conditions Infobric shall store back ups during the time stated therein subject to conditions set forth in this Agreement. When the time limit set forth in Paragraph 18.7 in the General Terms and Conditions has expired, Infobic shall delete the back-ups unless otherwise agreed with the Customer.
Description of the Processing of Personal Data in the Service
This Sub-annex is deemed to form an integral part of the Personal Data Processor Agreement.
Categories of Data Subjects
The following categories of the personal data of data subjects are processed in the Service:
- The Customer’s employees and other personnel hired or otherwise engaged by the Customer
- The Customer’s subcontractors, employees, hired or otherwise engaged personnel
- Other persons who visit a work site where the Service is used
Categories of Personal Data
The following categories of personal data can be processed in the Service depending on what information registered by the Customer’s users. The list below refers to categories of personal data and must not be consistent with the entitlement of the field of the Service:
- Personal identity number
- Employee number
- Card number
- PIN code
- Mobile phone number
- Home phone number
- Work phone number
- Private e-mail address
- Work e-mail address
- Home address
- Temporary address
- Details of contact person in case of an accident (ICE)
- Company worked for (if different from the employer)
- Rights group
- Work sites (where the person is added)
- Card readings
- Check-in and check-out records on the work site
- GPS position for check-in and check-out via mobile app
- Employees (personal list in the mobile app)
- User name
- Finger print (if the Customer connects such equipment to the Service and activates the function)
Purposes of the Processing
The personal data are processed for the following purposes:
- In order to provide the Service and support of the Service; and
- To carry out any additional documented instructions issued by the Customer or the Customer’s subcontractors from time to time
Processing of Personal Data
Personal data are processed in the following manner in the Service:
- Collection through registration, involving the creation of a user profile and the use of cards, e.g. card reading and check-in/check-out, the transfer of personal data from a Registration Box, Control Box, Machine Controller or other hardware and also the App for the Software
- Access for the viewing and editing of personal data through the Software
- Sweden: Disclosure of personal information by reporting the personnel ledger to the Tax Agency
Locations where Personal Data will be Processed
Personal data are processed by Infobric UK Limited. For information on what Sub-processors Infobric has hired, and where they process the Customer’s personal data, see the webpage indicated by Infobric from time to time.
Storage of Personal Data
The Customer may decide how long personal data shall be stored in the Service. If the Customer not actively changes the settings, the instruction to Infobric is to store the personal data during three (3) years from the registration.
Sweden: Regarding registration in personnel ledgers, the instruction to Infobric is, if the Customer or any other personal data controller not actively changes the settings, to store the personal data until the end of the current calendar year and during a period of three (3) years thereafter.
If the main agreement with the Customer expires the personal data shall be stored until Infobric has returned or deleted the Customer’s personal data in compliance with the Personal Data Processor Agreement.