Precisely

Terms of Service

Introduction


 

Please read these Terms of Service (the “Terms”) carefully before using the services provided through the website precisely.se, operated by Precisely AB (”Precisely, “we”, “us” or “our”), a company incorporated under the laws of Sweden. Your access to and use of our contract management platform (the “Platform”) is conditioned on your acceptance of and compliance with these Terms and its appendices. These Terms apply to all visitors, users and others who access or use our Platform.

By accessing or using our Platform you agree to be bound by these Terms.

Please direct questions related to these Terms to legal@precisely.se.

1. Definitions and Interpretations


 

“Account” means, in these Terms, a personal password protected account used to identify specific Users during use of the Service.

“Content” means, in these Terms, all documents and all other information provided by a User to the Platform.

“Platform” means, in these Terms, the contract automation platform provided by us at app.precisely.se, or when applicable, at your designated domain.

“Site” means, in these Terms, the website precisely.se

“Service” means, in these Terms, access to and use of the Platform and/or the Site

”Precisely”, “we”, “us” or “our” refers to, in these Terms, Precisely AB, company registration no 556963-5286, a company registered under the laws of Sweden, with its registered office at Slussplatsen 1, 411 06 Göteborg, Sweden.

“User” means, in these Terms, your users of the Service.

“You” or “your” means, in these Terms, the legal entity executing these Terms.

“Third Party Applications” means, in these Terms, online, web-based applications and offline software products or services that are (a) provided by third parties, (b) interoperate with us, and (c) may be either separate or conjoined with us and whether or not such are indicated by us as being third-party applications.

The definitions above shall apply in these terms regardless if they are capitalized or not.

2. The Platform


 

The Platform is a contract automation platform to manage the complete contract lifecycle, allowing Users to, inter alia, i) author contracts and set up automated contract templates to be shared and used by your entire organization ii) collaborate with internal and external parties in relation to contracts, and to review, edit and comment on contracts iii) sign contracts electronically iv) upload and store contracts in a digital archive, and v) analyze and monitor contracts.

3. Payment


 

The fees applicable for the using the Platform (“Fees”) are available on the Site and/or in our then current published price list. The price stated for the Service excludes all taxes and charges, unless stated otherwise. You are responsible for any taxes and for all other charges (for example, data charges and currency exchange settlements). All prices are exclusive of taxes (sales or otherwise), which may or may not be added to the price, depending on your legal residence.

Payment shall always be made in advance for the entire term of Service, i.e. monthly or yearly, unless specifically agreed otherwise. You will pay the Fees in the currency we quoted for your Account. We reserve the right to change the quoted currency at any time.

We are entitled to adjust the prices for the Service from time to time. Adjusted prices shall take effect upon any subsequent term of Service. Payment shall be made by bank transfer to our bank account or via online payment at the Platform as stipulated in the invoice, as noted on the Platform or as otherwise instructed by us from time to time. We may do invoicing to the e-mail address given by the User.

We will of course notify you in advance, either through the Service or to the email address you have most recently provided to us, if we change the price of the Service. If there’s a specific length and price for your Service offer, that price will remain in force for that time. After the offer period ends, your use of the Service will be charged at the new price. If your Service is on a period basis (for example, monthly) with no specific length, we will notify you of any price change at least 30 days in advance. If you don’t agree to these changes, you must cancel and stop using the Service via filling out a form no later than fourteen (14) days prior to the conclusion of your current payment term, whether monthly, yearly, or otherwise.

In addition to any Fees, you may still incur charges incidental to using the Service, for example, charges for Internet access, data roaming, and other data transmission charges.

You must be authorized to use the payment method that you enter when you create a billing account. You authorize us to charge you for the Service using your payment method and for any paid feature of the Service that you choose to sign up for or use while these Terms are in force.

You must keep all information in your billing account current. You can access and modify your billing account information in your Account.

You may change your payment method at any time. If you tell us to stop using your payment method and we no longer receive payment from you for the paid Service, we may cancel that Service. Your notice to us will not affect charges we submit to your billing account before we reasonably could act on your request.

If you cancel, your Service ends at the end of your current Service period or, if we bill your account on a period basis, at the end of the period in which you canceled. If you fail to cancel as required, we will automatically renew the Service for the same term and will charge your payment information on file with us commencing on the first day of the renewal term. If we do not receive payment on the due date, your Account will be frozen, inaccessible, and all shared links will be turned off until all outstanding payments have been processed by us.

Unless we notify you otherwise, if you’re participating in any trial period offer, you must cancel the Service by the end of the trial period to avoid incurring new charges. If you do not cancel your Service and we have told you the Service will convert to a paid subscription at the end of the trial period, you authorize us to charge your payment method for the Service.

Except as prohibited by law, we may assess a late charge if you do not pay on time. You must pay these late charges when we bill you for them. The late charge will be the lesser of 1 percent of the unpaid amount each month or the maximum rate permitted by law. We may use a third party to collect past due amounts. You must pay for all reasonable costs we incur to collect any past due amounts, including reasonable attorneys’ fees and other legal fees and costs. We may suspend or cancel your Service if you fail to pay in full on time.

4. Amendments


 

We may update and change any part or all of these Terms at any time and for any reason, including the fees and charges associated with the use of the Service (but, your fees and charges won’t change during the term of your subscription except as we explain in the ‘Payment’ section above.) If we update or change these Terms, the updated Terms will be posted at http://www.precisely.se/terms and we will let you know via email or in-app notification. The updated Terms will become effective and binding on the next business day after it is posted.

All new functionality and features introduced to the Platform will be subject to what is stipulated in these Terms.

5. Changes to the Platform


 

We reserve the right to modify, suspend, and/or discontinue properties of the Platform at any time including, but not limited to, (i) functionality, (ii) features, and (iii) services, with or without notice.

All new functionality, features or services introduced to the Platform will be subject to what is stipulated in these Terms.

We will take reasonable efforts to keep the Platform operational and fully functional during changes described above.

6. Code of Conduct


 

You may use the Platform for lawful purposes only. You agree that when using the Platform or communicating via the Platform you may not use the Platform to post, transmit or otherwise distribute illegal material.

You further agree to the following:

  • You shall not defame, abuse, harass, threaten or otherwise violate the legal rights of others or of any third party, including us,
  • You shall not in any manner publish, post or – in any other way express – any material or information that is inappropriate, defamatory, infringing, obscene, pornographic, racist, terrorist, politically slanted, indecent or unlawful,
  • You shall not contribute to destructive activities such as dissemination of viruses, spam or any other activity that might harm the Platform, its Users or us in any way,

If we find that you are violating these Terms or any other provisions set up by us or our affiliates, we reserve the right to suspend or revoke your access to the Platform.

We advise you to use the Platform carefully and to keep in mind that legal documents distributed by you or other users might be subject to non-disclosure provisions and/or contain trade secrets or other sensitive information.

7. Content


 

The Platform includes functions for uploading, posting, linking and communicating and otherwise making Content available to others. You are at all times responsible for all distribution or other actions under your designated Account(s).

By uploading Content to the Platform you warrant that you are either the owner of the uploaded Content or that you hold a valid license to such Content from the appropriate rights holder and that the Content or your use of the Content is in no way a violation of any national or international legislation. We will not supervise whether any Content is lawfully uploaded or distributed through the Platform. If you have any complaints or other questions related to any Content, please contact legal@precisely.se.

By posting Content to the Platform you are aware that, depending on the settings of your Account(s), such Content might be shared with others.

We do not take any responsibilities for lost Content and we advise you to always keep your own backup of your Content.

We do not take any responsibility with regards to the validity of Content provided by you or any other user.

8. Registration and Accounts


 

Only legal entities are allowed to register Accounts for the use of the Platform. By registering an Account on behalf of a legal entity the user warrant that such user have the legal capacity to enter into these Terms on the behalf of you and use the Platform as an Admin.

There are two different kinds of Accounts, the Admin Account and the User Account.

An Admin, who holds an Admin Account, is, inter alia, able to:

  • use all the functions of the Platform, including upload, draft, comment, revise, send and sign Content,
  • create, designate and revoke others’ User Accounts,
  • create and designate Admin Accounts to others

A user with a User Account is able to:

  • use the functions of the Platform to the extent authorized by an Admin Account, e.g. upload, draft, comment, revise, send and sign Content

When you register yourself on the Platform you shall provide current, true and complete information requested in the registration form. You are responsible for keeping such information updated and complete.

You agree that you will be entirely responsible for any and all access or your use of the Platform under your Account(s) and that you are liable for all actions and activities conducted under your designated Account.

You are responsible for your users’ personal passwords and warrant to treat them as sensitive and confidential information. We further advice you to use personal passwords with sufficient password strength and to change the personal passwords at regular intervals to prevent unauthorized access.

We reserve the right to terminate any Account(s) if activities occur which constitutes or may constitute a violation of these Terms or of any applicable local or international laws, rules or regulations.

9. Intellectual Property


 

The Platform and its original content, features, functionality, and design elements are and will remain the exclusive property of Precisely and its licensors. Our intellectual property may not be used in connection with any product or Platform without the prior written consent of Precisely.

10. Limitation of Liability


 

We are, with the limitations set out below, liable towards you for damages caused by our negligence, regardless of what legal ground you use for such claim.

Unless set out in the Agreement, we are not liable for damage caused by modifications or changes to the Service made according your instructions or performed by anyone other than us (including but not limited to changes made by you or on your behalf).

We are not, under any circumstances, liable for your loss of profit, revenue, savings, or goodwill, loss due to operational, power or network interruptions, loss of data, your potential liability towards a third party or indirect or consequential damages of any kind.

Our total and aggregate liability under these Terms is, for each calendar year and regardless of the number of damages, limited to the fees paid by you during the 12 months period prior to the time when the damage(s) occurred. If you use the Service under a trial or otherwise free subscription, our aggregate liability, regardless of the number of damages, is limited to EUR 100. Our liability for Third Party Applications will never exceed such amount as we are entitled to reclaim from the provider(s) of such Third-Party Application.

We are not liable for damages unless you notify us in writing thereof no later than 90 days after you noticed or should have noticed, the actual damage or loss, however no later than six (6) months from when the damage occurred.

For the avoidance of doubt, you acknowledge and agree that any and all agreements between you and any other party is made on your own risk and that we are not responsible for any of your loss or damage in relation to such agreements. Neither the templates provided by us, nor any Content, are intended as legal advice and we recommend third party supervision before using the documents for any purpose. We undertake no responsibility with concern to the legal outcome when using the Platform or Content.

11. Third Party Applications


 

You acknowledge that we may allow providers of Third Party Applications to access Content as required for the interoperation of those Third Party Applications with the Service, without prejudice to Appendix 1, Data Processing Agreement.

12. Personal Data


You acknowledge that you are the data controller for any personal data processed by us on behalf of you in relation to the Service and that we are considered to be your data processor. We and you have therefore agreed to enter into the Data Processing Agreement (Appendix 1), which shall remain effective independently of the Terms otherwise for as long as we processe personal data on behalf of you.

13. Indemnification


 

You shall indemnify us with respect to all direct liability, losses, damages, costs or expenses howsoever caused, arising out of, or in connection with any breach of these Terms.

14. Confidentiality


 

We are not liable for any confidential information shared through the Platforms, provided that we have not been acting with gross negligence or intent. Please also see the confidentiality section in Appendix 1.

15. Duration And Termination


 

These Terms are considered to be in effect from the day you accept them, i.e. when you first access or use the Platform and cease to be in effect when you terminate your Account(s). Upon termination, your right to use the Platform will immediately cease.

16. Severability


 

If any provision of these Terms between us and you is held to be invalid or unenforceable, such provision shall be limited, modified or severed to the minimum extent necessary to eliminate its invalidation or unenforceability so that these Terms otherwise remain in full force, effect and enforceable.

17. Governing Law


 

These Terms shall be construed in accordance with and governed by the laws of Sweden.

18. Disputes


 

Any dispute, controversy or claim arising out of or in connection with these Terms, or the breach, termination or invalidity thereof, shall be settled under the exclusive jurisdiction of The District Court of Stockholm, Sweden.

Appendix 1 – Data Processing Addendum


 

Welcome to Precisely’s Data Processing Addendum (which we’ll refer to below as the or this “DPA”) – an appendix to our general terms of service.

As we’ve already defined some expressions in the Terms, we’ll use the same definitions in this DPA. Your access to and use of the Platform is conditioned on your acceptance of and compliance with the Terms, including this DPA. This means that you, by accessing or using our Platform, agree to be bound by the Terms and this DPA.

We’ll process personal data for which you are the data controller under applicable data protection law. Since you determine the purposes and means of the processing of personal data within and through the Platform, we’ll refer to you as the “Controller” in this DPA. Furthermore, Precisely and the Controller will individually be referred to as a “Party” and jointly the “Parties”.

Introduction

A. This DPA provides for the Controller and our respective obligations in relation to Personal Data processing. This DPA applies to all activities where we get in contact with Personal Data of the Controller including, but not limited to the Personal Data regarding the Controller’s Users and other affected natural persons, in connection with the Platform, or other services provided to the Controller by us.

B. We are only allowed to process Personal Data in accordance with the Controller’s documented instructions and in the Controller’s interest.

C. Any reference made to “da­­­ta protection laws” or similar in this DPA shall be understood to include, but not be limited to, the EU General Data Protection Regulation (2016/679) (the “GDPR”).

D. If we’re also providing services and/or products under this DPA to the Controller’s Affiliates, or otherwise gain access to the Affiliate’s data relating to identified or identifiable natural person(s) for the purposes of fulfilling the Main Agreement, such data shall be regarded as Personal Data and this DPA shall be applicable to our processing of such Personal Data. Such Affiliates have the same rights and obligations as the Controller under this DPA.

E. This DPA is an integral part of the Terms and/or any similar agreement executed between us and the Controller (“Main Agreement”). In the event of any conflict between the terms of the Main Agreement and the terms of this DPA, this DPA shall prevail with respect to the subject matter of this DPA.

 

1. Definitions

1.1 Affiliate

Affiliate shall mean, in this DPA, companies:

(a) directly or indirectly owning or controlling the Controller;

(b) under the same direct or indirect ownership or control as the Controller; or

(c) directly or indirectly controlled by the Controller.

Control or ownership shall be understood to exist through direct or indirect ownership of fifty percent (50%) or more of the nominal value of the issued equity share capital or of fifty percent (50%) or more of the shares entitling the holders to vote for the election of the members of the board of directors or persons performing similar functions or the minimum share entitling to control prescribed in applicable legislations in such jurisdictions where the ownership of fifty percent (50%) or more would not be possible.

1.2 Commissioned Processing of Personal Data

Commissioned Processing of Personal Data is the access to Personal Data by us as well as collection, modification, transfer, blocking, deletion, storing, hosting or any other type of processing of Personal Data by us on behalf of the Controller in connection with the Main Agreement and as further specified under this DPA.

1.3 Data Subject

A Data Subject is a natural person whose Personal Data is being processed by us on behalf of the Controller under this DPA and the Main Agreement.

1.4 Instruction

We shall process Personal Data in accordance with the Controller’s written instructions. The initial instructions are set forth in Sub-Appendix A to this DPA. Subject to the terms of this DPA, the Controller can change, amend or replace these initial instructions by single instructions in writing (of course, including in electronic form) at any time.

1.5 Personal Data

Personal Data is any data relating to an identified or identifiable natural person(s) as defined in the applicable data protection laws, and that is subject to Commissioned Processing of Personal Data.

1.6 Personal Data Breach

Personal Data Breach is an accidental, unlawful or unauthorized destruction, loss, alteration, disclosure of or access to the Personal Data as well as any events endangering the security, confidentiality or integrity of the Personal Data.

2. Scope of the Commissioned Processing

2.1 We shall process or otherwise use Personal Data solely on behalf of the Controller and according to the Controller’s Instructions as set out in this Section 2 and Sub-Appendix A (Instructions on processing Personal Data) and the requirements of the applicable data protection laws.

2.2 In addition to the Instructions set forth in Sub-Appendix A to this DPA, the Main Agreement and our performance thereof shall be the Controller’s documented Instructions to us in respect of processing of Personal Data. The Parties may modify or supplement Sub-Appendix A during the term of the Main Agreement and this DPA by concluding an amendment to Sub-Appendix A, which shall be made in writing and which shall incorporate all of the substantive terms as set forth in Sub-Appendix A in an unchanged form. The Controller shall pay us reasonable compensation for all work and costs for us to accommodate such documented instructions by the Controller that in our opinion would not be commercially reasonable to accommodate (for instance. instructions that would require the Platform – or the technology setup required to uphold the Controller’s instructions – to be specially adapted for the Controller).

We may suggest new or amended instructions as reasonably required in the opinion of us (for instance, due to changes in the Platform or the Terms) and while it is the Controller’s right to approve or reject such instructions, in case the Controller should not approve the instructions as suggested by us, section 11.4 shall apply.

3. Our obligations

3.1 As stated in section 2 above, we shall only collect, process or utilize Personal Data in accordance with the Instructions of the Controller and applicable laws and not for other own purposes or purposes of third parties. The Controller shall confirm any oral instructions in writing or via email. Where we believe that compliance with any Instructions by the Controller would result in a violation of applicable law on data protection, we shall immediately notify the Controller thereof.

3.2 Taking into account the costs of implementation, the state of the art, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall ensure, within our area of responsibility, the implementation and compliance with the agreed and appropriate technical and organizational measures. In particular, we shall take such technical and organizational measures to protect the Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, disclosure and access as well as against other events that endanger the security, confidentiality or integrity of the Personal Data, including inter alia as appropriate:

(a) the pseudonymisation and encryption of Personal Data;

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

For the avoidance of doubt, we may take other or additional measures as required due to new or amended legislation, or as a result of decisions by public authorities.

3.3 We shall upon the Controller’s request, provide to the Controller the information necessary to fulfill its obligation to register the outsourced personal data processing, such as persons being instructed with data processing, statutory periods for the deletion of data and purposes for the data processing.

3.4 We shall inform the Controller in the event of (i) substantial disruptions of the Service, (ii) possible infringements of applicable data protection laws or of this DPA by us, our employees or third parties, and (iii) any other irregularity in relation to the processing of Personal Data.

3.5 We shall inform the Controller if the Personal Data will be at risk on the site of us by distrainment, seizures, insolvency or bankruptcy measures or by any other activities or measures of third parties. We shall inform all people responsible in this context that the Personal Data is in sovereignty of the Controller.

3.6 All data storage medias, if any, and all copies or reproductions thereof shall remain the property of the Controller. We shall at any time give information to the Controller relating to its Personal Data and materials. According to the Controller’s individual orders, we shall be responsible for the erasure of test or excess data and materials in compliance with data protection requirements, except in certain cases, to be defined by the Controller, where storage and/or disclosure of the test or excess data shall be performed.

3.7 We may transfer Personal Data to countries outside the EEA, subject to applicable legal requirements in respect of protection of Personal Data in relation to such transfers being observed. In other words, will only make such transfers in a compliant and lawful manner, in accordance with applicable data protection law.

3.8 Finally, if a Data Subject, public authority or third party requests information from the us relating to the processing of Personal Data, we shall refer such request to the Controller and await the Controller’s instructions.

4. Notification obligation

4.1 In case of a Personal Data Breach, we shall, without undue delay and, if possible, no later than 48 hours after having become aware of the Personal Data Breach, notify the Controller of the Personal Data Breach in writing. The notification shall, to the extent such information is available to us, contain all necessary information required for the Controller to be able to fulfill its reporting and disclosure obligations to the relevant public authority and Data Subjects.

4.2 We shall, without undue delay after becoming aware of any further details surrounding the Personal Data Breach, supplement the notification described above in Section 4.1 as well as provide the Controller with and any other information relating to the respective Data Breach as reasonably requested by the Controller and available to us.

4.3 We will document any Personal Data Breaches, comprising the facts surrounding the breach, its effects and the remedial actions taken. This documentation must enable the supervisory authority to verify compliance with this Section 4. The documentation will only include information necessary for such purpose.

5. Confidentiality

5.1 Each Party shall keep confidential all material and information, including but not limited to Personal Data, marked as confidential or that should be understood to be confidential, regardless of whether personal, technical, financial or commercial and received in whatever form from the other Party (‘Confidential Information’). A Party shall have the right to:

(i) use Confidential Information only for the purposes of this DPA and the Main Agreement;

(i) copy Confidential Information only to the extent necessary for the purposes of this DPA and the Main Agreement; and

(ii) disclose Confidential Information only to those of its employees, subcontractors or advisors that need the Confidential Information for the purposes of this DPA and the Main Agreement. The disclosing Party is responsible for ensuring that the parties that receive Confidential Information comply with the terms relating to confidentiality agreed in this DPA.

5.2 The confidentiality obligation set out in this section 5 shall not, however, be applied to any material or information

(i) that was in the possession of the receiving Party prior to receipt of the same from the other Party without any obligation of confidentiality related thereto;
(ii) that is generally available or otherwise public, other than if it is public through a breach of this DPA or the Main Agreement on the part of the receiving Party;

(iii) that a Party has received from a third party without any obligation of confidentiality;

(iv) that a Party has independently developed without using any material or information received from the other Party;

(v) that a Party is obliged to disclose pursuant to Law or other order issued by a supervisory authority.

5.3 Each Party shall cease using Confidential Information received from the other Party promptly upon the termination of this DPA or the Main Agreement or when the respective Party no longer needs the Confidential Information in question for the purposes of this DPA and/or the Main Agreement and shall return or destroy the material in question (including all copies thereof). Each Party shall, however, be entitled to retain copies as and to the extent required by the applicable law.

5.4 Each Party guarantees the observance and proper performance of this DPA by its personnel and advisors to whom Confidential Information may be disclosed pursuant to this Clause 5.

5.5 Each Party shall cease using Confidential Information received from the other Party promptly upon the termination of this DPA or the Main Agreement.

5.6 The confidentiality obligations set out in this section 5 shall survive any termination or cancellation of this DPA or the Main Agreement.

6. Obligations of the Controller

6.1 The Controller warrants that all data used in the Service are collected, processed and utilized fairly and lawfully with respect to one or several of the legal grounds stipulated in the GDPR and other applicable law. Such requirements include, but are not limited to, the provision of information about processing of Personal Data to Data Subjects concerned.

6.2 Furthermore, the Controller shall inform us of the content and significance of applicable data protection law to the extent relevant for the processing of Personal Data carried out under this DPA as well as supervisory authorities’ actions and decisions in respect of such processing of Personal Data. For the avoidance of doubt, and without prejudice to your right to instruct us on how to process Personal Data, we are not obligated to comply or take any measures due to such information as referred to in this section unless required by applicable data protection law.

7. Obligation to Assist

7.1 If the Controller, on the basis of applicable data protection laws, is obliged to answer to inquiries from Data Subjects on the collection, processing or utilization of Personal Data relating to such Data Subject, upon request of the Controller, we shall support the Controller in order to provide such information. We shall pass on such inquiries of affected Data Subjects to the Controller for answering these inquiries. We shall adequately support the Controller in this respect. Unless otherwise agreed in writing, the Controller shall adequately reimburse us for any reasonable incurring costs in connection with the fulfillment of the duties of this Section 7.

7.2 If the Controller, on the basis of applicable data protection laws, is obliged to erase or rectify Personal Data, we shall erase or rectify that Personal Data also from our data registers, upon the request of the Controller. Unless otherwise agreed in writing, the Controller shall adequately reimburse us for any reasonable incurring costs in connection with the fulfillment of the duties of this Section 7.

7.3 We shall assist the Controller also in the fulfillment of the Controller’s other obligations under the applicable data protection laws.

8. Audits

8.1 The Controller may itself – or, if required by us, by a third party being subject to statutory professional confidentiality obligations – upon reasonable notice carry out an audit at our office(s), during our usual business hours and without disturbing our business processes, to convince itself of our compliance with the technical and organizational measures, this DPA and data protection laws. We shall tolerate such audit and shall support the Controller in such audit. Furthermore, we shall provide to the Controller, upon written request, within a reasonable period all information, which is necessary to carry out a comprehensive review of the Commissioned Processing of Personal Data and release those persons from their confidentiality obligations vis-à-vis the Controller for the purpose of the audit. However, we are not under any circumstances obliged to disclose business and trade secrets, operational know-how and other data being protected by law, such as data of other controllers, within such an audit. Controls and audits shall be announced at least thirty (30) days in advance and shall be coordinated with us. Any costs of such controls and audits, including possible costs of us in relation to the audit, shall be fully borne by the Controller.

8.2 In the event an audit or an information request from a regulatory authority supervising the Controller’s business, we shall assist the Controller in answering the request and organizing the audit. We shall always allow any such regulatory authority to conduct audits of our operations. Each Party shall bear its own costs in connection with audits initiated by such regulatory authority.

9. Subcontractors

9.1 Controller agrees that we may use subcontractors to fulfill our contractual obligations under this DPA and to provide certain services on our behalf. Upon Controller’s request, we shall inform Controller of the names of the subcontractors that are used and what kind of service the subcontractor performs, as well as the geographical location where their processing activities in respect of the Personal Data are performed. We will restrict the subcontractors’ access to Personal Data only to what is necessary to maintain the Service (or other products/services provided by Precisely to the Controller) and we will prohibit the subcontractor from accessing Personal Data for any other purpose.

9.2 We are liable for each subcontractor’s obligations regarding the processing of Personal Data.

9.3 We shall inform the Controller of any intended changes concerning the addition or replacement of other subcontractors that process Personal Data. Accordingly, we are giving the Controller the opportunity to object to such changes if there are objectively valid reasons for such objection and the Controller informs us of the objection within a reasonable time after being informed about the new subcontractor. We shall remain fully liable to the Controller for the performance of that other processor’s obligations if a subcontractor fails to fulfill its data protection obligations.

10. Liability

10.1 The Parties agree that the general principle of division of responsibility between the Parties under this DPA relating to fines and/or damages to the Data Subjects imposed by any relevant supervisory authority and/or competent court authorized to impose such fines or damages is based on the respective Party’s need to fulfill its obligations under the applicable data protection laws and that any fines and/or damages to the Data Subjects imposed by a supervisory authority and/or competent court shall be paid by the Party that has failed in its performance of its legal obligations under the applicable data protection laws.

10.2 The Controller shall defend, indemnify and hold us harmless against all cost and damages, including but not limited to such damages incurred as a result of claims by Data Subjects or administrative fines, resulting from the Controller’s breach of this DPA, the Controller’s act or omission to act in accordance with applicable data protection regulation, any other circumstance attributable to the Controller’s side or our violation of applicable laws and regulations, including data protection law, due to vague, unlawful or absence of instructions or information from the Controller.

10.3 Our liability for damages under this Data Processing Agreement or otherwise in relation to processing of Personal Data is limited as set forth in section 10 of the Terms.

11. Term and Termination

11.1 This DPA shall be concluded for an indefinite period of time, and shall automatically be terminated in case of termination of the Main Agreement for any reason. Either Party’s right to terminate this DPA for cause shall remain unaffected.

11.2 If we materially breach our obligations under this DPA and fail to remedy such breach within thirty (30) days from the Controller’s written notification of the breach to us, the Controller shall have the right to terminate the Main Agreement with immediate effect.

11.3 Upon termination of this Agreement for whatsoever reason, we shall give the Controller access to all data storage media and copies thereof as well as all Personal Data being in its possession to the Controller (by e.g. enabling the Controller to download documents including Personal Data) and shall thereafter delete any Personal Data stored with us. Upon request of the Controller, we shall confirm compliance with such obligations in writing within four (4) weeks from such request.

11.4 If the Controller objects to our appointment of a subcontractor, or to our changes to the Service, and such objection prevents or significantly obstructs our ability to provide the Service, we have the right to terminate the Main Agreement with immediate effect. This also applies if the Controller’s objection would entail costs to us that are unreasonably high in light of the compensation that the Controller will pay us under the Main Agreement. In case of termination under this clause 11.4, the Controller shall not be entitled to any refund of fees paid for the Service and we are relieved of any and all liability for any damages caused by our termination.

12. General Provisions

12.1 Amendments and additions to this DPA must be in writing. This also applies to a waiver of the requirement for this DPA.

12.2 Should one or more clauses of this DPA and or the Main Agreement be or become invalid and/or unenforceable, the validity of the other clauses of this DPA and the Main Agreement shall remain unaffected thereby. In such case, the Parties shall amend this agreement and amicably replace the invalid clauses.

12.3 Swedish law shall govern this DPA.

12.4 Any dispute, controversy or claim arising out of or in connection with this DPA, or the breach, termination or invalidity thereof, shall be settled under the exclusive jurisdiction of The District Court of Stockholm, Sweden.

 

Sub-Appendix A – Instructions on Processing Personal Data

In addition to what is set forth in the DPA and the Main Agreement, the Controller instructs us to process Personal Data in accordance with the instructions below:

Purposes of the processing   Precisely provides a contract automation platform to manage the complete contract lifecycle, allowing Users to, inter alia, i) author contracts and set up automated contract templates to be shared and used by your entire organization ii) collaborate with internal and external parties in relation to contracts, and to review, edit and comment on contracts iii) sign contracts electronically iv) upload and store contracts in a digital archive, and v) analyze and monitor contracts.

Personal Data relates to Users, your contract counterparties and/or advisers, and is processed in order to a) manage, simplify and streamline their contract process, b) to maintain your relationship with us, c) to manage your subscription to the Platform and/or other services provided to you by us and to d) ensure that your Users have proper instructions on how to use the Platform.

Types of personal data            Name, title, work place, email address, phone number, and personal identity number relating to your Users and your contract counterparties.

As to contracts stored in the Platform, Personal Data included therein (and thereby processed by us) may vary depending on which type of document you upload.

Categories of data subjects Your employees, advisors and consultants, your counterparties and their representatives that are mentioned in relation your contracts, and other persons you mention in your contracts, which are processed through the Platform.
Duration of the processing.   Personal Data that we process on your behalf will be processed until deleted through the Platform, or as per your instructions.

Effective date: May 25th 2018

We already use Precisely