w18-126 Terms – Worxmate (Rev. B 2018-04-25)

Parties

Worxmate AB, Scheelevägen 15, 223 70 Lund, tel. +46-46-2863590, reg. No. 559016-6079, referred to as Worxmate. The customer, who registers and uses Worxmate services online, referred to as the Customer.

Background
Worxmate operating in the IKT sector and provides various mobile-based tracking and collaboration services. The Customer has ordered the service called Invoice Mobile and parties in relation thereto agreed as follows:

Commitments and rights
Worxmate commits to:

a) Give the Customer access to the service. The service includes access to the web service.

b) Protect Customer privacy. Do not pass on any identifiable customer data, or positioning to any third party without the client’s consent. User data obtained by the utilization of the service will be used for improving the service and statistics. For details see privacy policy.

c) Protecting the client user’s privacy by closing of the positioning function for the user if the user so require.

d) Provide customer support via email. Outside office hours, answering delay made at the next working day.

The Customer commits to:
a) Enter the correct user information and keep them updated.

b) Be responsible for user identity and password are not in the wrong hands. The customer must immediately report the loss of usernames and/or passwords to Worxmate. Customer is responsible for liability and all use of the service until the loss is notified.

c) Not to resell access to the service to third parties.

d) Not to use the service so that causes inconvenience for Worxmate or other users.

e) Keep Worxmate free from damages and/or for any claims made by a third party or customer users because of the use of the service.

f) Obtain consent from all users that are connected by the customer to the service that they are connected and that it is also in some cases mean that the position data will be collected.

Fees and terms of payment
Customer is responsible for use of the service and is required to pay fees for access to and the use thereof. For subscription services, payment is normally made by debiting the customer’s registered credit/debit card, or an invoice is sent to the user’s contact information electronically via email. Unless otherwise agreed, the Customer will be invoiced monthly fees three months in advance and additional costs incurred, such as additional invoices or eLetter, is calculated and billed on the next invoice. The customer is responsible for the card to be chargeable on the invoice is due date. If the invoice is sent out, it shall be paid in accordance with the instructions indicated on the invoice. If payment is not received before the due date, penalty interest rate is charged from the due date. The customer is obliged to pay compensation for written reminders and for collection fees according to law. Worxmate reserves the right to change prices with one months notification.

Disclaimer
The service is normally accessible around the clock, but not guaranteed without interruption. The customer understand that Worxmate is not responsible for the customer’s connection to the Internet. Worxmate is not responsible for data costs (eg SMS traffic) due to service utilization. Worxmate reserves the right to modify the service description and the technical system solution for the service. Modification work will be carried out with regard to customer needs and in such a way to limit any disruptions. Worxmate is not liable for damage or loss in the event of delays, interruptions, failed or incorrect delivery of data or similar circumstances.

Period and Termination
The agreement is valid for the period that has been agreed and subsequently with automatic renewal one month at a time. Customer and Worxmate has the right to terminate the contract at any time unless otherwise agreed. After termination the service will terminate when new billing period starts. Notice of termination shall be sent by email to support@invoicemobile.se.

Termination of the service
Worxmate have the right to immediately suspend the service if: Customer despite reminders, does not make payment within the prescribed period, the customer using or likely to use the service in a way that causes harm or inconvenience to Worxmate or third parties, such as To use the service without the user’s consent or in violation of any applicable law or regulatory order or in violation of these conditions.
The customer is required to pay fees until the service is turned off.

Force majeure
If a party is prevented from fulfilling its obligations under this agreement due to circumstances outside the party’s control, such as lightning strikes, labor disputes, fire, unchanged agency regulation, governmental interference, sabotage, insurrection or riot, export or import restrictions, and errors or delays in services from subcontractors shall party obtain reasonable period of time to fix this. A party is not obliged to pay compensation for loss or damage as the other party may suffer as a result of the fact.

Disputes
Disputes about the agreement dealt primarily between the customer and Worxmate. Disputes that can not be resolved shall be settled by arbitration in accordance with Swedish law.

Appendix A: Data Processing Agreement

between
Data Controller: “Customer”
and
Data Processor: Worxmate AB
Reg. No: 559016-6079
Country of establishment: Sweden In this data processing agreement “Data Processor” refers to Worxmate AB for the Services stipulated in Worxmate’s General Terms and Conditions, §1 General. “Data Controller” refers to the Customer.
Worxmate’s contact person for general questions regarding the agreement and Worxmate’s processing of personal data can be found at http://www.worxmate.se/dataprotection/.

1 Introduction

1.1 Both parties confirm that the undersigned are authorised to enter into this data processing agreement (“DPA”) which is an integrated part of the service agreement(s) which the parties have entered into (the “General Terms and Conditions Service”). This DPA governs the Processing of Personal Data in connection with the at every time applicable Service Agreement.
1.2 Worxmate complies with Worxmate’s Privacy Statement, which is available at http://www.worxmate.se/data-protection/.

2 Definitions

2.1 The definition of Personal Data, Special Categories of Personal Data (Sensitive Information), Processing of Personal Data, Data Subject, Data Controller and Data Processor are the same as in applicable privacy legislation including the General Data Protection Regulation (GDPR), applicable in the DPA and in Europe from May 25, 2018 and the at every time complementary applicable national legislation, together Applicable Privacy Law.
2.2 In this appendix, Data Controller is referred to as “Customer” or “Party”, the Data Processor is referred to as “Worxmate” or “Party”, and together the parties are referred to as “Parties”.

3 Scope

3.1 This DPA governs Worxmate’s Processing of Personal Data on behalf of the Customer, and stipulates how Worxmate shall ensure data security, through technical and organisational measures according to Applicable Privacy Law.
3.2 The purpose of Worxmate’s Processing of Personal Data on behalf of the Customer is to fulfil Worxmate’s obligations according to the Service Agreement.
3.3 This DPA takes precedence over any contradictory stipulations of Processing of Personal Data in the Service Agreement or other agreements entered into by the Parties.

4 Worxmate’s Liabilities

4.1 Worxmate may only Process Personal Data on behalf of, and in accordance with the Customer’s documented instructions. By entering into this DPA, the Customer instructs Worxmate to Process Personal Data as follows:
i) solely in accordance with applicable law,
ii) to fulfil all obligations according to the Service Agreement,
iii) as is further specified through the Customer’s normal use of Worxmate’s services and
iv) as stated in this DPA.
4.2 Worxmate has no reason to believe there is any legislation that prevents Worxmate from fulfilling the instructions stated above. Worxmate shall inform the Customer, upon knowledge, in the event the Customer’s instructions or Processing, in Worxmate’s opinion, infringes Applicable Data Privacy Law.
4.3 The Categories of Data Subjects and Personal Data which are the subject of Processing according to this DPA is stated in this document.
4.4 Worxmate shall ensure the confidentiality, integrity and availability of Personal Data in accordance with Applicable Privacy Law. Worxmate shall implement systematic, organisational and technical measures to ensure an appropriate level of security, taking into consideration the state of the art and the cost of implementation in relation to the risk of the Processing, and the type of Personal Data.
4.5 Worxmate shall, taking into account the nature of the processing, assist the Controller with appropriate technical and organisational measures, insofar as this is possible and considering the information available to Worxmate, for the fulfilment of the Data Controller’s obligations to respond to requests from the Data Subject and general data protection according to Article 32-36 in the GDPR.
4.6 If the Customer requires information regarding security measures, documentation or other information regarding how Worxmate Processes Personal Data, and such requests involve more information than the standard information provided by Worxmate in order to comply with applicable Privacy Laws as Data Processor, and this in turn means that the amount of work on Worxmate’s part increases, Worxmate may charge Customer for such additional services.
4.7 Worxmate and its personnel shall ensure the confidentiality of Personal Data Processed under this DPA. This condition also applies after the DPA has expired.
4.8 Worxmate shall promptly and without unnecessary delay, notify the Customer to enable the Customer to comply with the legal requirements of information to the relevant supervisory authorities and Data Subjects regarding a Personal Data breach.
4.9 Furthermore, as far as is practically possible and lawful, Worxmate shall notify the Customer in the event of:
i) requests regarding disclosures of Personal Data from a Data Subject,
ii) requests from public authorities, such as the Police Authority, regarding disclosure of Personal Data.
4.10 Worxmate may not respond directly to requests from Data Subjects without the Customer’s consent. Worxmate may not disclose content relating to the General Terms and Conditions to authorities such as the Police Authority, including Personal Data, with the exception of statutory provisions, such as court decisions or similar decisions.
4.11 Worxmate does not control whether or how the Customer chooses to make use of any third-party integration through Worxmate’s API, through direct database connection or the like. The Customer is solely responsible for such integrations with third parties. Worxmate is not responsible as Data Processor for any Processing of Personal Data in such thirdparty integrations.

5 Customer Obligations

5.1 By entering into this DPA, the Customer acknowledges that the Customer:

        • when using the services provided by Worxmate according to the Service Agreement, Processes Personal Data in compliance with Applicable Privacy Law.
        • has legal grounds to Process and disclose the relevant Personal Data to Worxmate (including any sub-processors used by Worxmate).
        • is solely responsible for the validity, integrity, content and lawfulness of the Personal Information transferred to Worxmate.
        • has fulfilled any mandatory requirements and obligations to notify, or obtain permissions from, applicable public authorities for the Processing of Personal Data.
        • has fulfilled its obligations to provide relevant information to Data Subjects regarding Processing of Personal Data in compliance with Applicable Privacy Law.
        • agrees that Worxmate has provided guarantees regarding the implementation of technical and organisational security measures that are sufficient to protect the Data Subject’s integrity and Personal Data.
        • when using the services provided by Worxmate under the Service Agreement, does not transmit any Sensitive Personal Data, or data relating to criminal convictions and offences to Worxmate. In the event of such a transfer, Worxmate can not be held liable for the improper processing of such Personal Data.
        • maintain an updated record of the types and categories of Personal Data that the Customer Processes.

6 Use of Sub-processors and Transfer of Data

6.1 As part of the delivery of Services to the Customer according to the Service Agreement and this DPA, Worxmate may engage subcontractors who may act as sub-processors.
Such sub-processors may be affiliates of Worxmate, or external subcontractors (third parties) within or outside the EU/EES. Worxmate shall ensure that the same data protection obligations as set out in this DPA are imposed on the sub-processors by way of an agreement.
6.2 Sub-contractors with access to Personal Data who are currently engaged by Worxmate, are published on Worxmate’s Privacy web page, http://www.
worxmate.com/data-protection/ and shall, by means of this DPA, be accepted by the Customer as subprocessors.
6.3 The Customer may at any time request a full overview and additional detailed information relating to the sub-processors involved in the service delivery, regulated by the Service Agreement.
6.4 If sub-processors are outside the EU/EES, Worxmate shall ensure that transfer is made in accordance with Applicable Privacy Law. The Customer hereby grants Worxmate the power and authority to ensure appropriate legal grounds for the transfer of personal data outside the EU on behalf of the Customer, for example, by signing EU Standard Contract Clauses or transferring Personal Data in accordance with the EU/US Privacy Shield.
6.5 The Customer shall be notified prior to changes to sub-contractors who process Personal Data. If a new sub-contractor evidently fails to comply with Applicable Privacy Law and the sub-contractor continues to fail to comply with Applicable Privacy Law, after Worxmate has had reasonable time to ensure that the sub-contractor complies with the regulations, the Customer may terminate the DPA. Such termination may include the right to terminate the Service Agreement, in whole or in part, in accordance with the termination clauses contained in the respective Service Agreement. An important part of such assessments should be to what extent the sub-contractor’s Processing of Personal Data is an essential part of the services provided under the Service Agreement. A change of sub-contractor shall not in itself be regarded as a breach of the Service Agreement.
6.6 By signing this Agreement, the Customer agrees to Worxmate using sub-contractors as described above.

7 Security

7.1 Worxmate is obligated to provide a high level of security in its products and services. Worxmate provides security through organisational, technical and physical security measures, in accordance with the information security requirements described in Article 32 of the GDPR. Furthermore, the internal data protection framework which is implemented by Worxmate, aims to protect the confidentiality, integrity and availability of and access to Personal Data. The following measures are of particular importance in this regard:

        • classification of Personal Data to ensure the implementation of safety measures that correspond to the risk assessment.
        • evaluation of the use of encryption and pseudonymisation as risk-reducing factors.
        • limitation of access to Personal Data to those who need access to fulfil the obligations of this DPA or the Service Agreement.
        • use of systems that detect, restore, prevent and report personal data incidents.
        • implementation of security analyses to assess the quality of current technical and organisational measures to protect Personal Data, taking into account the requirements of Applicable Data Privacy Law.

8 Audit Rights

8.1 The Customer is entitled to carry out an annual audit of Worxmate’s compliance with the terms of this DPA. If required by law, the Customer may request audits more often. As Worxmate’s services are multitenant environments, the Customer grants Worxmate the authority, for security reasons, to determine that auditing is to be performed by a neutral third-party auditor that Worxmate selects.
8.2 If the requested audit area has been included in an ISAE, ISO or similar review report conducted by a qualified third-party auditor within the previous twelve months, and Worxmate confirms that there are no known significant changes in the actions audited, the Customer shall accept this audit report instead of requesting a new audit of actions already audited.
8.3 If Customer does not accept the neutral third-party auditor chosen by Worxmate, the Customer may, together with Worxmate, choose another neutral third-party auditor.
8.4 The Customer is responsible for any costs incurred in connection with the requested audits. Any assistance provided by Worxmate that exceeds the standard service provided by Worxmate and/or its sub-contractors in order to comply with Applicable Privacy Law will be charged.

9 Term and Termination

9.1 This DPA is applicable as long as Worxmate is Processing Personal Data on behalf of the Customer according to the applicable Service Agreements.
9.2 This DPA terminates automatically upon the expiration of the Service Agreement. When the DPA expires, Worxmate will delete or return the Personal Data processed by Worxmate on behalf of the Customer, in accordance with the applicable sections in the respective Service Agreement. Unless otherwise agreed in writing, the cost for such actions shall be based on:
i) hourly fee for time spent by Worxmate and
ii) the complexity of the requested process.
9.3 Worxmate may retain Personal Data after the expiry of the DPA, to the extent required by law, however observing the same technical and organisational measures as described in this DPA.

10 Liability

10.1 Liability for breach of the terms of this DPA shall be governed by liability clauses in the respective Service Agreement between the Parties. This also applies to any breaches by the sub-processor.

11 Applicable Law and Jurisdiction

11.1 This DPA shall be governed by the law applicable as stated in the respective Service Agreement between the Parties.

12 Categories of Personal Data and Data Subjects

12.1 As Worxmate’s services allow the Customer to arbitrarily process Personal Data, it is not possible to generally state the categories of Data Subjects or Personal Data which are governed by this DPA. The Customer is obligated to register this information.
12.2 The Customer may not transfer any Sensitive Data to Worxmate. In the event such transfers are made, Worxmate cannot be held responsible for any Processing that is not compliant with Applicable Privacy Law. Sensitive Data is defined in the Applicable Privacy Law, as follows:

        • racial or ethnic origin, political opinions, religious or philosophical beliefs,
        • data concerning health,
        • data concerning a natural person’s sex life or sexual orientation,
        • trade union membership,
        • genetic or biometric data for the purpose of uniquely identifying a natural person.

12.3 The Customer may not transfer any Personal Data concerning criminal convictions and offences.

13 Overview of Current Sub-Processors

13.1 The sub-processors that are engaged by Worxmate at every given time is stated herein: http://www.invoice-mobile.com/privacypolicy#personaldata_share