General Terms and Conditions
- 1. General
- 2. The Service
- 3. Term of the Agreement for the Service, etc.
- 4. Fees for the Service
- 5. Assignment of the Service, etc.
- 6. Websupport’s liability
- 7. The Customer’s liability
- 8. Amendment of the Agreement
- 9. Miscellaneous
- Appendix A – Data Processing Agreement
- A1. Introduction
- A2. Definitions
- A3. Scope
- A4. Websupport’s Liabilities
- A5. Customer Obligations
- A6. Use of Sub-processors and Transfer of Data
- A7. Security
- A8. Audit Rights
- A9. Term and Termination
- A10. Liability
- A11. Applicable Law and Jurisdiction
- A12. Categories of Personal Data and Data Subjects
- A13. Overview of Current Sub-Processors
Summary of terms and conditions
1. General
1.1 These terms and conditions govern the relationship between the Customer and Loopia AB, reg. no. 5566339304 (hereinafter ”Websupport”), in respect of the service which the Customer has selected (hereinafter the ”Service”). Depending on the Customer’s order, the Service may include web hosting, domain name, Extra Services and Third party products or such other service Websupport at any time offers.
2. The Service
2.1 The content of the Service is specified in a separate order confirmation/invoice.
2.2 Websupport reserves the right to change the scope and content of the Service, or to terminate all or part of the Service where necessary due to technical reasons, or due to any law or other regulations issued by public authorities. The Customer shall always be entitled to terminate the Agreement in the event of any such change.
2.3 During the subscription period, Websupport shall provide support for the Service via either telephone or email, and through information on Websupport’s website. The processing time may be affected as, in certain cases, Websupport depends on third parties and may refer to a third party’s channels.
2.4 Customer data and customer information may be provided to third parties where necessary in order for the service to function.
2.5 Domain names are registered in the Customer’s name and are owned by the Customer. However, Websupport reserves the right to serve as administrative, technical, and/or invoicing contact for any domain name to the extent Websupport deems necessary.
2.6 Websupport shall be entitled to sign all domain names which are registered by Websupport on behalf of the Customer using the security extension DNSSEC. If the Customer does not wish to use this extension, the Customer may deactivate it in Websupport’s control panel.
2.7 The Customer must be at least 18 years of age to order the Service.
3. Term of the Agreement for the Service, etc.
3.1 The Service shall be provided for the period (maximum 24 months) which the Customer selects in conjunction with ordering, commencing on the date on which Websupport issues confirmation. After the agreed period has expired, the Customer has the right to terminate the Agreement with one (1) month's notice. If the Service consists of domain names, the Service ends automatically when the period expires, unless the Customer renews the domain name. However, if the Agreement has been entered into at a distance, e.g. over the Internet, the Customer shall be entitled to withdraw from the Agreement by notifying Websupport within 30 days of the date stated on the order confirmation.
3.2 Notwithstanding section 3.1, the right of withdrawal does not apply to the Service domain name and other third-party products if the Customer requests that Websupport shall fulfill the Agreement during the withdrawal period or if the Customer starts using the Service, for example, by paying the advance invoice or by logging in to the Websupport’s control panel.
3.3 The Agreement terminates either through notice of termination or through failure to pay for the coming period. The recommended way of giving notice of termination is by logging in to the Websupport control panel.
3.4 Any request by the Customer to change a subscription period must be received by Websupport not later than on the date on which the current subscription period ends. Any outstanding invoices must also be paid. Any change of the subscription period shall enter into force when Websupport sends an invoice with confirmation that the change of the subscription period has been made.
3.5 Either party shall be entitled to give written notice of termination of the Agreement, by email or post, with immediate effect if: (1) the other party commits a material breach of contract and, to the extent rectification is possible, fails to rectify the breach within 14 days after a written demand to do so with reference to this section; or (2) a party is placed into bankruptcy or liquidation, is the subject of composition proceedings, or is otherwise clearly insolvent. Moreover, Websupport shall be entitled to terminate the Agreement with immediate effect if it can reasonably be believed that continued dissemination of information in the Service is in violation of the law or any regulation issued by a public authority, if Websupport is caused operational disruptions which can reasonably be believed to be the result of defects or technical disruptions attributable to the Customer, or if the Customer abuses Websupport’s support.
3.6 In all cases in which Websupport is entitled to terminate the Service with immediate effect, Websupport shall also be entitled to discontinue the Service pending further investigation.
Websupport shall also be entitled to discontinue the Service as a result of any police report, investigation, dispute or similar in respect of the Service where Websupport determines that this is necessary in order to prevent any continued criminal activity or modifications which can impede such matter. Websupport shall also be entitled to discontinue the Service if the Customer’s installation is outdated or contains security vulnerabilities. Websupport shall also be entitled to update the Customer’s installation without giving notice thereof.
3.7 Websupport shall be entitled to give notice that the Service has been terminated on the Customer’s website or by email. The Customer shall be charged a startup fee in conjunction with reactivation of the Service.
4. Fees for the Service
4.1 Fees for the Service shall be paid in advance against invoice. Payment shall be made not later than 30 days after the invoice date and before the Service expires. The Customer shall ensure that the correct OCR number is given on the payment so that the matching of payment against correct invoice can be made.
4.2 Prior to each new contract period, if the Service can and will be renewed by Websupport, Websupport shall send at least one invoice for renewal of the Service. Websupport shall not be responsible for renewing the Service where the Customer fails to pay the invoice for renewal prior to expiry of the Service and/or the due date of the renewal invoice, or fails to make full payment. In the event Websupport cannot renew the Service, the Customer shall be responsible for any renewal.
4.3 Websupport shall be entitled to deactivate the Service if the Customer fails to pay in due time, or fails to pay in full, provided that at least one written reminder or warning has been sent to the Customer either by email or post. Websupport shall be entitled to give notice that the Service has been terminated on the Customer’s website or by email. The Customer shall be charged a startup fee in conjunction with reactivation of the Service.
4.4 The Customer shall notify Websupport without delay if he/she believes that an invoice is incorrect. Where the Customer has objected to the invoice in due time and has provided substantive grounds for the objection to the charge, Websupport shall grant a grace period for payment of the disputed amount. If the grace period is granted, penalty interest on arrears shall be payable on such part of the amount in dispute which the Customer is obligated to pay.
4.5 Penalty interest on arrears shall be paid in accordance with the Interest Rate Act (1975:635) as from the due date and until payment in full is made.
4.6 Any change of fees may only enter into force in conjunction with a new subscription period. In order for any increase in fees to be valid, the Customer must be given written notice at least one (1) month in advance by email, by post, or through information provided on Websupport’s website. Advance notice of fee reductions does not need to be given.
4.7 Temporary promotional prices shall not affect fees for ongoing services.
4.8 Fees for domain names cannot be refunded.
4.9 In the event Websupport terminates the Service prematurely due to the Customer’s breach of contract as set forth in section 3.5, no fees paid for any current or future period shall be refunded.
4.10 Any service which is not renewed due to a failure to pay and/or termination expires immediately, except domain name which becomes dormant and subject to a quarantine period of up to 90 days before being deregistered. During such time, the Customer may pay a fee to reactivate the Service.
4.11 Incorrect payments from the Customer, such as overpayments, payments on credited invoices, etc., can be refunded or used for payment of future invoices at the request of the Customer.
4.12 In the event the Customer orders services from Websupport’s partners, the Customer is solely responsible to pay the cost for such a service.
5. Assignment of the Service, etc.
5.1 The Customer may assign the Service following Websupport’s consent. Any assignment shall be implemented pursuant to the rules applicable from time to time. Information may be obtained from Websupport’s website, www.websupport.se/en. An assignment may enter into force commencing the date on which Websupport notifies the Customer that consent to the assignment has been given. The withdrawing party shall be liable to make payment on obligations that arose before the assignment was implemented. The acceding party shall be liable to make payment on obligations that arose after the assignment was implemented. The withdrawing party shall be obligated to pay any outstanding debts to Websupport before the acceding party can take over the Service.
5.2 The Customer shall not be entitled to pledge any or all of its rights and/or obligations under the Agreement to any third party without Websupport’s consent.
5.3 Websupport may assign the Service to another company that may reasonably be expected to fulfill Websupport’s rights and obligations to the Customer.
6. Websupport’s liability
6.1 Websupport and/or any retained subcontractor shall be entitled to take measures which affect the availability of the Service where necessary for technical, maintenance, operational, or security reasons or due to any law, decision by a public authority, or decision taken by an accredited registrar for the relevant toplevel domain name or such registrar appointed by an accredited organisation. No compensation shall be paid for unavailability during maintenance.
6.2 Websupport shall be liable for defects in the Service only to the extent it fails to meet the agreed specifications. Insignificant deviations as well as any limitations on availability which Websupport is entitled to make pursuant to these general terms and conditions shall not be regarded as a defect.
6.3 If, as a result of a defect caused by Websupport, the Customer has not been able to use the Service, the Customer shall be entitled to a reduction of the applicable fee which corresponds to the scope of the defect. Such reduction shall be made taking into consideration the time during which the defect existed in relation to the fee applicable to the Service. Any claim for a reduction must be made in writing not later than one (1) month after the defect has been rectified.
6.4 Websupport shall be liable only for losses caused through Websupport’s negligence and, except in case of intentional acts or gross negligence, any liability in damages shall be limited to direct loss in an aggregate amount corresponding to fees for the applicable subscription period. Websupport shall not be liable for indirect losses such as loss of profit, lost sales, loss of information, or corruption of information due to, for example, a third party’s unauthorised hacking of Websupport’s computer resources.
6.5 The amount limit set forth in section 6.4 shall not apply with respect to a Customer who is deemed to be a consumer according to the Distance and OffPremises Contracts Act (SFS 2005:59).
6.6 In order to be valid, any claim for damages must be made in writing within a reasonable time after the Customer discovered or should have discovered the grounds for the claim, however, no later than three (3) years after the time of the incident.
6.7 Websupport shall not delete customer information while the Service is active unless the Customer has requested, in writing, that the information is deleted and has confirmed its identity. However, Websupport reserves the right, for system technical reasons, to move the information to another media. However, product-specific information shall be deleted upon downgrading or assignment of the Service. Information belonging to a specific domain name is deleted when erasing a domain name of the Service.
6.8 Irrespective of whether Websupport provides backups, there is no guarantee that backup copies will work correctly and that content will be fully restored or formatted correctly.
The Customer shall be solely liable for ensuring a separate backup of all data which the Customer considers important to the Customer.
6.9 From time to time, Websupport may stop supporting aspects of the Service (known as ”End of Life”). When components of the Service reach an End of Life, Websupport shall replace them with comparable components if possible. An End of Life is not a breach of the Agreement.
6.10 Websupport treats all customer information as confidential and in accordance with applicable privacy legislation. Information regarding how Websupport processes personal information can be found on Websupport’s web page for privacy, https://www.websupport.se/en/about-websupport/data-protection/, and is also regulated in the Data Processing Agreement, Appendix A.
6.11 Websupport is entitled to take part of all information processed in the Service in order to fulfill Websupport’s rights and obligations in accordance with the parties’ agreements.
6.12 In the event a defect or damage arises for the Customer, or for Websupport’s other customers or Websupport’s system, or if such a defect or damage may arise, Websupport is entitled to take action in order to avoid such damage. In such cases, Websupport is allowed to remedy security defects in the Customer’s code.
6.13 Furthermore, Websupport may without restrictions hand over such code and software that Websupport reasonably considers to be malicious to Websupport and/or Websupport’s customers, or to Websupport’s system, to a third party for analysis. Such third parties shall be bound by confidentiality. In the event an analysis shows that the code is malicious, Websupport may remove the code from the Service.
6.14 Websupport may continuously perform security checks of the Customer’s services in order to decrease the risk for dissemination of malicious code and software, disruption in the operation, or the like.
7. The Customer’s liability
7.1 The Customer shall be liable, visĂ vis Websupport, to ensure that information which is handled within the Service does not constitute an infringement of any third party rights or otherwise violate applicable Swedish legislation.
7.2 The Customer undertakes not to use resources or seek unauthorised access to any such system of Websupport or its retained subcontractors which are not intended for the Customer, not to otherwise act in violation of applicable legislation in conjunction with its use and/or registration of the Service, and not to distribute computer viruses or any other form of malicious code.
7.3 The Customer undertakes to use the Service in a manner which maintains security for Websupport’s services and network, e.g. by uploading software which is proven to be safe, installing patches, and not sharing passwords.
7.4 Where a thirdparty user provides information on websites which are covered by the Service, the Customer shall monitor the information and ensure that continued dissemination is prevented as per the requirements of applicable legislation.
7.5 The Customer shall ensure that sexually explicit information does not appear on webpages which are covered by the Service. Domain names which are included in, and administered by the Service may also not point to, forward to, or otherwise be related to sexually explicit material.
7.6 The Customer shall ensure that the domain names which are added to and administered under the Service belong to the Customer.
7.7 The Customer shall always have correct, updated information on file with Websupport which can identify the Customer. The websites shall clearly identify the physical person or legal entity which is responsible for publication of the pages.
7.8 The Customer is obligated to always have a valid email address for the Customer’s authorised contact person on file with Websupport. This email address will be used by Websupport to convey important messages related to the Service.
7.9 The Customer confirms the obligations which ICANN or any other toplevel registrar may impose on Websupport as agent for registration of domain names. The Customer further confirms that the toplevel domain name registrar shall be held harmless against all claims which are attributable to domain names which are registered under such toplevel domain name. Websupport shall bear no liability whatsoever for transfer, closure, or any other matter which may affect the domain service and which is required under the conditions stipulated by ICANN or any other toplevel domain registrar.
7.10 The Customer may delegate operation of web design, updates, and so forth to another physical person or legal entity. However, this shall not constitute a limitation of the Customer’s liability under the Agreement.
7.11 The Customer accepts Appendix A as a Data Processing Agreement for all the Services which are used by the Customer.
7.12 The Customer is responsible for the possible integration of interfaces that Websupport has provided for management of data, such as FTP, email systems, database access, API or the like. Websupport is not responsible for any defects in the integration related to maintenance, interruption of service or other occurrences that affect the Customer’s integration.
8. Amendment of the Agreement
8.1 Websupport shall be entitled to make any amendment or additions of these general terms and conditions, which shall enter into force one (1) month after the new general terms and conditions have been notified to the customer If The Customer does not approve changes or additions that are detrimental to the Customer, the Customer has the right, no later than three (3) months after such notification in writing terminate the Agreement with effect from the day on which the amendment would have entered into force. Websupport has the right to make changes and additions that are not to the Customer's disadvantage or where such disadvantage is of minor importance to the Customer. Such changes enter into force one (1) month after such change is published. Furthermore, Websupport has the right to immediately make changes in accordance with ch. 7. Section 12 par. 3 LEK if the change is (1) to the customer's advantage or (2) of a purely administrative nature without negative consequences for the customer. The same applies if a change is necessary for the contractual terms to be compatible with national or Union law.
9. Miscellaneous
9.1 Any dispute regarding the interpretation or application of the Agreement shall be resolved by a Swedish court applying Swedish law.
9.2 Any dispute between the Customer and a third party as a result of a registered domain name shall be handled in accordance with the policy, applicable from time to time, established by the relevant registry. Websupport applies ICANN’s Uniform Domain Name Dispute Resolution Policy (”UDRP”) applicable from time to time. Websupport does not offer administrative services or assistance beyond the requirements imposed upon Websupport by the relevant registry agreement and/or agent agreement.
9.3 In the event a party is prevented from fulfilling its undertakings under the Agreement due to circumstances over which the party had no control, such as lightning strikes, pandemics, labour market conflict,
general scarcity of transport, goods, or energy, fire, confiscation, public authority provisions, or defects or delays in service from subcontractors due to a circumstance stated herein, this shall constitute a force majeure event which results in postponement of the time for performance. In the event performance of the Agreement has been impeded to a material extent for a period in excess of one month due to a circumstance stated above, either party shall be entitled to withdraw from the Agreement and shall incur no compensation liability.
Appendix A – Data Processing Agreement
between
Data Controller: ”Customer”
and
Data Processor: Loopia AB (hereinafter ”Websupport”)
Reg. No: 556633-9304
Country of establishment: Sweden
In this data processing agreement ”Data Processor” refers to Websupport for the Services stipulated in Websupport’s General Terms and Conditions. ”Data Controller” refers to the Customer. Websupport’s contact person for general questions regarding the agreement and Websupport’s processing of personal data can be found at https://www.websupport.se/en/about-websupport/data-protection/
A1. Introduction
A1.1 Both parties confirm that the undersigned are authorized to enter into this data processing agreement (”DPA”) which is an integrated part of the service agreement(s) which the parties have entered into (the ”General Terms and Conditions Service”). This DPA governs the Processing of Personal Data in connection with the at every time applicable Service Agreement.
A1.2 Websupport complies with Websupport’s Privacy Statement, which is available at https://www.websupport.se/en/about-websupport/data-protection/.
A2. Definitions
A2.1 The definition of Personal Data, Special Categories of Personal Data (Sensitive Information), Processing of Personal Data, Data Subject, Data Controller and Data Processor are the same as in applicable privacy legislation including the General Data Protection Regulation (GDPR), applicable in the DPA and in Europe from May 25, 2018 and the at every time complementary applicable national legislation, together Applicable Privacy Law.
A2.2 In this appendix, Data Controller is referred to as ”Customer” or “Party”, the Data Processor is referred to as “Websupport” or “Party”, and together the parties are referred to as “Parties”.
A3. Scope
A3.1 This DPA governs Websupport’s Processing of Personal Data on behalf of the Customer, and stipulates how Websupport shall ensure data security, through technical and organizational measures according to Applicable Privacy Law.
A3.2 The purpose of Websupport’s Processing of Personal Data on behalf of the Customer is to fulfill Websupport’s obligations according to the Service Agreement.
A3.3 This DPA takes precedence over any contradictory stipulations of Processing of Personal Data in the Service Agreement or other agreements entered into by the Parties.
A4. Websupport’s Liabilities
A4.1 Websupport may only Process Personal Data on behalf of, and in accordance with the Customer’s documented instructions. By entering into this DPA, the Customer instructs Websupport to Process Personal Data as follows:
i) solely in accordance with applicable law,
ii) to fulfil all obligations according to the Service Agreement,
iii) as is further specified through the Customer’s normal use of Websupport’s services and
iv) as stated in this DPA.
What is stated above shall also be applicable upon transfer of personal data to third countries.
A4.2 Websupport has no reason to believe there is any legislation that prevents Websupport from fulfilling the instructions stated above. Websupport shall inform the Customer, upon knowledge, in the event the Customer’s instructions or Processing, in Websupport’s opinion, infringes Applicable Data Privacy Law.
A4.3 The Categories of Data Subjects and Personal Data which are the subject of Processing according to this DPA is stated in this document.
A4.4 Websupport shall ensure the confidentiality, integrity and availability of Personal Data in accordance with Applicable Privacy Law. Websupport shall implement systematic, organisational and technical measures to ensure an appropriate level of security, taking into consideration the state of the art and the cost of implementation in relation to the risk of the Processing, and the type of Personal Data.
A4.5 Websupport shall, taking into account the nature of the processing, assist the Controller with appropriate technical and organisational measures, insofar as this is possible and considering the information available to Websupport, for the fulfilment of the Data Controller’s obligations to respond to requests from the Data Subject and general data protection according to Article 32-36 in the GDPR.
A4.6 If the Customer requires information regarding security measures, documentation or other information regarding how Websupport Processes Personal Data, and such requests involve more information than the standard information provided by Websupport in order to comply with applicable Privacy Laws as Data Processor, and this in turn means that the amount of work on Websupport’s part increases, Websupport may charge Customer for such additional services.
A4.7 Websupport and its personnel shall ensure the confidentiality of Personal Data Processed under this DPA. This condition also applies after the DPA has expired.
A4.8 Websupport shall promptly and without unnecessary delay, notify the Customer to enable the Customer to comply with the legal requirements of information to the relevant supervisory authorities and Data Subjects regarding a Personal Data breach.
A4.9 Furthermore, as far as is practically possible and lawful, Websupport shall notify the Customer in the event of: i) requests regarding disclosures of Personal Data from a Data Subject, ii) requests from public authorities, such as the Police Authority, regarding disclosure of Personal Data.
A4.10 Websupport may not respond directly to requests from Data Subjects without the Customer’s consent. Websupport may not disclose content relating to the General Terms and Conditions to authorities such as the Police Authority, including Personal Data, with the exception of statutory provisions, such as court decisions or similar decisions.
A4.11 Websupport does not control whether or how the Customer chooses to make use of any third-party integration through Websupport’s API, through direct database connection or the like. The Customer is solely responsible for such integrations with third parties. Websupport is not responsible as Data Processor for any Processing of Personal Data in such third party integrations.
A5. Customer Obligations
A5.1 By entering into this DPA, the Customer acknowledges that the Customer:
• when using the services provided by Websupport according to the Service Agreement, Processes Personal Data in compliance with Applicable Privacy Law,
• has legal grounds to Process and disclose the relevant Personal Data to Websupport (including any subprocessors used by Websupport),
• is solely responsible for the validity, integrity, content and lawfulness of the Personal Information transferred to Websupport,
• has fulfilled any mandatory requirements and obligations to notify, or obtain permissions from, applicable public authorities for the Processing of Personal Data,
• has fulfilled its obligations to provide relevant information to Data Subjects regarding Processing of Personal Data in compliance with Applicable Privacy Law,
• agrees that Websupport has provided guarantees regarding the implementation of technical and organisational security measures that are sufficient to protect the Data Subject's integrity and Personal Data,
• when using the services provided by Websupport under the Service Agreement, does not transmit any Sensitive Personal Data, or data relating to criminal convictions and offences to Websupport. In the event of such a transfer, Websupport can not be held liable for the improper processing of such Personal Data,
• maintain an updated record of the types and categories of Personal Data that the Customer Processes.
A6. Use of Sub-processors and Transfer of Data
A6.1 As part of the delivery of Services to the Customer according to the Service Agreement and this DPA, Websupport may engage subcontractors who may act as sub-processors. Such sub-processors may be affiliates of Websupport, or external subcontractors (third parties) within or outside the EU/EES. Websupport shall ensure that the same data protection obligations as set out in this DPA are imposed on the sub-processors by way of an agreement.
A6.2 Sub-contractors with access to Personal Data who are currently engaged by Websupport, are published on Websupport’s Privacy web page, https://www.websupport.se/en/about-websupport/data-protection/ and shall, by means of this DPA, be accepted by the Customer as subprocessors.
A6.3 The Customer may at any time request a full overview and additional detailed information relating to the sub-processors involved in the service delivery, regulated by the Service Agreement.
A6.4 If sub-processors are outside the EU/ EES, Websupport shall ensure that transfer is made in accordance with Applicable Privacy Law. The Customer hereby grants Websupport the power and authority to ensure appropriate legal grounds for the transfer of personal data outside the EU on behalf of the Customer, for example, by signing EU Standard Contract Clauses.
A6.5 The customer must be notified of changes to subcontractors who process personal data via https://www.websupport.se/en/about-websupport/data-protection/ If a new sub-contractor evidently fails to comply with Applicable Privacy Law and the sub-contractor continues to fail to comply with Applicable Privacy Law, after Websupport has had reasonable time to ensure that the sub-contractor complies with the regulations, the Customer may terminate the DPA. Such termination may include the right to terminate the Service Agreement, in whole or in part, in accordance with the termination clauses contained in the respective Service Agreement. An important part of such assessments should be to what extent the sub-contractor’s Processing of Personal Data is an essential part of the services provided under the Service Agreement. A change of sub-contractor shall not in itself be regarded as a breach of the Service Agreement.
A6.6 By signing this Agreement, the Customer agrees to Websupport using sub-contractors as described above.
A7. Security
A7.1 Websupport is obligated to provide a high level of security in its products and services. Websupport provides security through organisational, technical and physical security measures, in accordance with the information security requirements described in Article 32 of the GDPR. Furthermore, the internal data protection framework which is implemented by Websupport, aims to protect the confidentiality, integrity and availability of and access to Personal Data.
The following measures are of particular importance in this regard:
• classification of Personal Data to ensure the implementation of safety measures that correspond to the risk assessment.
• evaluation of the use of encryption and pseudonymisation as risk-reducing factors.
• limitation of access to Personal Data to those who need access to fulfil the obligations of this DPA or the Service Agreement.
• use of systems that detect, restore, prevent and report personal data incidents.
• implementation of security analyses to assess the quality of current technical and organisational measures to protect Personal Data, taking into account the requirements of Applicable Data Privacy Law.
A8. Audit Rights
A8.1 The Customer is entitled to carry out an annual audit of Websupport’s compliance with the terms of this DPA. If required by law, the Customer may request audits more often. As Websupport’s services are multitenant environments, the Customer grants Websupport the authority, for security reasons, to determine that auditing is to be performed by a neutral third-party auditor that Websupport selects.
A8.2 If the requested audit area has been included in an ISAE, ISO or similar review report conducted by a qualified third-party auditor within the previous twelve months, and Websupport confirms that there are no known significant changes in the actions audited, the Customer shall accept this audit report instead of requesting a new audit of actions already audited.
A8.3 If Customer does not accept the neutral third-party auditor chosen by Websupport, the Customer may, together with Websupport, choose another neutral third-party auditor.
A8.4 The Customer is responsible for any costs incurred in connection with the requested audits. Any assistance provided by Websupport that exceeds the standard service provided by Websupport and/or its sub-contractors in order to comply with Applicable Privacy Law will be charged.
A9. Term and Termination
A9.1 This DPA is applicable as long as Websupport is Processing Personal Data on behalf of the Customer according to the applicable Service Agreements.
A9.2 This DPA terminates automatically upon the expiration of the Service Agreement. When the DPA expires, Websupport will delete or return the Personal Data processed by Websupport on behalf of the Customer, in accordance with the applicable sections in the respective Service Agreement. Unless otherwise agreed in writing, the cost for such actions shall be based on: i) hourly fee for time spent by Websupport and ii) the complexity of the requested process.
A9.3 Websupport may retain Personal Data after the expiry of the DPA, to the extent required by law, however observing the same technical and organisational measures as described in this DPA.
A10. Liability
A10.1 Liability for breach of the terms of this DPA shall be governed by liability clauses in the respective Service Agreement between the Parties. This also applies to any breaches by the sub-processor.
A11. Applicable Law and Jurisdiction
A11.1 This DPA shall be governed by the law applicable as stated in the respective Service Agreement between the Parties.
A12. Categories of Personal Data and Data Subjects
A12.1 As Websupport’s services allow the Customer to arbitrarily process Personal Data, it is not possible to generally state the categories of Data Subjects or Personal Data which are governed by this DPA. The Customer is obligated to register this information.
A12.2 The Customer may not transfer any Sensitive Data to Websupport. In the event such transfers are made, Websupport cannot be held responsible for any Processing that is not compliant with Applicable Privacy Law. Sensitive Data is defined in the Applicable Privacy Law, as follows:
• racial or ethnic origin, political opinions, religious or philosophical beliefs,
• data concerning health,
• data concerning a natural person’s sex life or sexual orientation,
• trade union membership,
• genetic or biometric data for the purpose of uniquely identifying a natural person.
A12.3 The Customer may not transfer any Personal Data concerning criminal convictions and offences.
A13. Overview of Current Sub-Processors
A13.1 The sub-processors that are engaged by Websupport at every given time is stated herein: https://www.websupport.se/en/about-websupport/data-protection/