Order Agreement for Cloud Products
Effective starting: July 15, 2022
This Order Agreement has been entered into between
55 Degrees AB, with Swedish company reg. no. 559201-6843, hereinafter referred to as the ”Supplier”, and
the company stated when starting the subscription, hereinafter referred to as the ”Subscriber”.
1. Background and General Terms
1.1. The Supplier and the Subscriber hereby agree that the Supplier will provide the Service to the Subscriber.
1.2. Words starting with capital letters are defined in this Order Agreement and at the end of the Terms, in the appendix “definitions”.
1.3. The Agreement consist of this Order Agreement and the following appendices:
1.4. In the event of conflict between this Order Agreement and the appendices, the terms set out in the Order Agreement shall apply, except for what is stated regarding the processing of personal data, where the DPA shall take precedence.
2. Pricing and Payment
2.1. The Subscriber shall pay the prices that are stated on the point-of-sale when the Subscriber starts the Subscription
2.2. The prices agreed on in this Order Agreement apply at the time when the Order Agreement is concluded. Any prices are stated excluding value added tax.
3. Term and Termination
This Order Agreement becomes effective when the Subscriber has signed up to using the Service at (i) a third party platform such as Atlassian or (ii) at the Supplier’s website, and this has been confirmed by the Supplier. The Order Agreement remains valid until terminated by either party according to the Terms.
The Supplier's General Terms and Conditions - Cloud Products
1.1. These general terms and conditions (the “Terms”) describes the legal terms and conditions that apply when the Subscriber subscribes to the Supplier's Service.
1.2. The Subscriber is a company or organisation and the individual representing the Subscriber warrants that he or she has authority to enter into a Subscription with the Supplier.
1.3. When starting the Subscription, the Subscriber confirms that it is not listed on any official terrorist-list or is not associated with any country or organization sanctioned by Sweden, European Union, or the United States.
1.4. Words with capital letters are defined at the end of these Terms, see appendix “definitions”.
2. The Service
2.1. The Supplier provides the Service to the Subscriber in accordance with the Subscription.
2.2. If the Subscriber purchased the Service at a third party platform such as Atlassian, separate, additional terms may apply to the Subscriber’s use of such third party’s platform. The Terms in this document apply only to the Subscriber's use of the Service.
2.3. When the Subscriber purchases the Service, the Subscriber agrees to these Terms and is given a right to use the Service for the number of End-Users, that has been agreed on in the Order Agreement and for the period for which the Subscription applies. The Subscriber can add more End-Users by placing additional orders. The right is non-exclusive, time-limited and non-transferable and applies to the Subscriber's own business, unless otherwise agreed in the Order Agreement. The right applies provided that the Subscriber fulfils its payment obligations and other obligations under the Subscription.
2.4. The Supplier is always trying to improve the Service and may from time to time make developments, additions and changes to the Service.
3. The Supplier's Obligations
3.1. The Supplier shall make the Service available as a SaaS service.
3.2. The Supplier provides the Service according to the security practices stated on the website of the Supplier.
3.3. The Service is provided “as is”. The Service does not include any integrations to other systems or applications that the Subscriber may want to use the Service together with, if such integrations have not been explicitly agreed on in the Order Agreement. When integrations are included, the Supplier does not take responsibility for the continued functionality of such integrations if a third party provider changes its service.
3.4. The Service shall be considered to have been made available when the Supplier has made it accessible to the Subscriber through the internet, e.g. by making it accessible for implementation.
4. Availability and Support
4.1. The Supplier’s intention is that the Service shall be fully available.
4.2. The Supplier may provide the Subscriber with online support services related to the Service at its discretion and for the sole purpose of addressing technical issues relating to the use of the Service. Any support is governed by the Supplier’s policies and programs described in any user manual, online documentation, and/or other materials provided by the Supplier.
4.3. Insignificant inconveniences shall not result in the Service being considered unavailable. In particular, the Service shall not be deemed unavailable when:
a). the Supplier performs scheduled upgrades that affect the availability of the Service, of which the Subscriber has been informed no less then forty-eight (48) hours in advance; or
b). the Service is down due to circumstances beyond the Supplier’s control, including, but not limited to, loss of network or communication.
4.4. The Subscriber shall rectify unavailability as soon as possible after becoming aware of such unavailability. The Supplier’s obligation to remedy the unavailability does not apply if the remedy would cause inconvenience and costs to the Subscriber that are unreasonably large in relation to the significance of the unavailability for the Subscriber.
4.5. In the event the Service is unavailable or has an error which the Supplier deems critical for the functionality of the Service, the Subscriber’s sole and exclusive remedy shall be either a refund of the monthly fee for using the Service or a discount towards the cost of future purchases, at the choice of the Supplier. Such remedy shall be calculated based on the month in which the error manifested itself and shall be in proportion to the effect for the Subscriber. The maximum remedy for a month shall be 50 % of the price the Subscriber should have paid for the relevant time period.
5. The Subscriber's Obligations
5.1. Unless otherwise agreed, the Subscriber is responsible for the following:
a) any act of its employees, consultants or other persons appointed by the Subscriber to use the Service, the Subscriber shall in particular make sure that the Subscriber's End-Users not share account access to individuals without authority to use the Service;
b) not using the Service for competitive analysis or similar purposes;
c) only use the Service for the number of End-Users or similar limitations that have been set out when the Subscriber was given the right to use the Service that has been agreed on when concluding the Order Agreement;
d) to maintain the equipment and software required to use the Service, maintain the security of its IT-environment and to always use the Service in accordance with the Supplier’s Documentation;
e) to provide the Supplier with information about the Subscriber and its use of the Service reasonably required by the Supplier to be able to provide the Service and make improvements, additions and changes to the Service, the Subscriber can be required to provide information about connection details and information about authorized users;
f) notify the Supplier immediately at the Supplier's support portal if the Service is unavailable; and
g) to use the Service in accordance with all applicable laws, regulations and guidelines issued by a competent authority.
5.2. The Subscriber shall not use, copy, modify or give access to the Service to a greater extent than has been agreed on or is considered within the intended use of the Service.
5.3. The Supplier is not responsible for changes in the Service that occur because of the Subscriber’s actions.
5.4. If the Subscriber does not comply with the terms of the Subscription and does not rectify within ten (10) days of the Supplier notifying the Subscriber of the non-compliance, the Supplier is entitled to suspend the Service until rectification is made. The Supplier has the right to suspend the Subscriber immediately if the Subscribers actions is having an impact on how the Service works. The Subscriber shall indemnify the Supplier for any costs or claims by a third party based on the Subscriber's use of the Service in violation of the terms of the Subscription.
6. Prices and Payment
6.1. The Subscriber shall pay the prices that the parties specifically have agreed on in the Order Agreement.
6.2. Unless otherwise agreed, the Supplier has the right to adjust prices at any time, such adjustments will take effect on the coming Subscription Terms, i.e. when the Subscription is renewed. In addition, the Supplier may at any time adjust prices due to changes in regulations, taxes, fees or similar circumstances beyond the Supplier’s control.
6.3. All fixed fees shall be paid in advance. The first notification of payment is received together with the conclusion of the Order Agreement, if the Subscriber uses a Trial Period, the first notification of payment is received when the Trial Period ends and the first Subscription Period starts.
6.4. Payment shall be made within thirty (30) days from the notification of payment was issued, unless otherwise agreed in writing.
6.5. If payment is late or incomplete, the Supplier is entitled to interest on overdue payment in accordance with the Swedish applicable interest act and a late payment charge and/or a debt collection fee according to applicable laws.
6.6. If full payment is not received by the Supplier and the Subscriber has not on reasonable grounds disputed the claim of payment, the Supplier has the right to (i) immediately suspend the use of the Service, and/or (ii) terminate the Subscription in accordance with section 8.3.
7. Trial Period and Early Access
7.1. If the Subscriber registers to use the Service for a free Trial Period only the relevant parts of the Terms apply to such use. Sections that by their nature are not applicable during the Trial Period are e.g. 4.1, 6, 8, 13.3, 13.4, 13.5 and 13.7.
7.2. When the Supplier offers a Trial Period or Early Access, the Supplier's obligation is limited to providing the Subscriber with access to use the Service. Thus, the Supplier has no responsibility for the Service functioning in a certain way, or responsibility for providing the Subscriber with support or remedying any unavailability. However, the Supplier will usually make sure that the Service works as intended. The Supplier is neither liable for any direct or indirect damages due to the Subscriber's use of the Service.
7.3. The term of the Subscription for the Subscriber's Trial Period is stated when starting to use the Trial Period. When the term of the Trial Period has expired, the Subscriber may choose to continue using the Service and then pay for it in accordance with what is stated in the Terms. When the Trial Period has ended, the Subscriber will no longer have access to the Subscriber Data in the Service.
7.4. The Subscriber does not have the right to use more than one free Trial Period unless explicitly allowed by the licensing platform or the Supplier. The Subscriber shall reimburse the Supplier for any unallowed continued use of the Service during an additional Trial Period. Such reimbursement shall be coherent with the Supplier’s at the time highest paid prices for using the service.
7.5. The Parties may at any time choose to end the Trial Period and the Subscriber will in that case no longer have access to the Service. The Parties may as well at any time choose to end the Early Access and the Subscriber shall in such case have access to the Service without the Early Access features.
8. Term and Termination
8.1. The Subscription is provided for the Subscription Term.
8.2. If the parties have not agreed otherwise, the Subscription shall enter into force when the Order Agreement has been concluded (for example when the Subscriber has signed up to using the Service at the Supplier’s website and this has been confirmed by the Supplier). The Subscription is automatically renewed for an additional Subscription Term, unless otherwise agreed upon.
8.3. Either party can terminate the Subscription at any time. Such termination shall take effect immediately if termination is made by the Subscriber and shall take effect thirty (30) days after the termination if the termination is made by the Supplier.
8.4. The Supplier has the right to terminate the Subscription with immediate effect if:
a) the Subscriber has committed a material breach of the Subscription and does not take full correction of such breach within thirty (30) days of the other party giving written notice thereof; or
b) the Subscriber is declared bankrupt, enters into liquidation, is the subject of corporate reorganisation, cancels its payments or can otherwise reasonably be assumed to have become insolvent.
8.5. When the Subscription has been terminated, the Subscriber shall immediately cease to use the Service and both parties shall return or delete such information that is covered by confidentiality in accordance with section 11, including Documentation. Unless the Subscriber explicitly asks for the Subscriber Data to be deleted immediately, the Subscriber Data is stored for up to thirty (30) days after the Subscription has been terminated in case the Subscriber wants to activate the Subscription again. The Supplier's responsibility to delete Subscriber Data is limited to the Subscriber Data which the Supplier continues to have access to.
8.6. The Subscriber can in some cases be able to download the Subscriber Data prior to ending the Subscription. The Subscriber must reimburse the Supplier for the reasonable costs the Supplier has for aiding with the return.
The Supplier may change these Terms at any time by giving the Subscriber a three (3) month’s prior written notice. The Subscriber may terminate the Agreement if the Subscriber has a reasonable explanation for not accepting the new Terms by giving notice at latest one (1) month before the new Terms will come into force. In such case the Supplier shall pay back the amounts corresponding to the period the Subscriber has not been able to use the Service. The Subscriber may not terminate the Agreement if the grounds for a significant change to the Terms is due to changes in law, constitution, by authority decision or changes in other circumstances outside of the Supplier’s control. The Subscriber has the right to terminate the Subscription with immediate effect if such change entails a significant inconvenience for the Subscriber.
10. Personal Data
10.1. Within the scope of fulfilling the obligations under the Subscription, the Supplier will process personal data on behalf of the Subscriber. Within the scope of such processing, the Subscriber is the controller for personal data and the Supplier is the processor. For this purpose, the parties have entered into a DPA (Appendix 2).
10.2. The Supplier may gather and in other ways process personal data as data controller in order to improve the Service.
11.1. Both parties hereby agree not to, without the other party’s prior written approval, publish or otherwise disclose to third parties any information relating to the other party’s business which is or can be reasonably presumed to be confidential, with the exemption for:
a) information that is or becomes publicly known, except through a breach of this Subscription by the receiving party;
b) information from third party that is public to the receiving party without obligation of confidentiality;
c) information that was known to the receiving party prior to receipt from the disclosing party, without obligation of confidentiality; or
d) the disclosure or use of information is required by law, regulations or any other regulatory body. In the event of such disclosure, the disclosing party shall, if possible, notify the other party before such disclosure takes place.
11.2. Specifically, the Supplier shall keep any Subscriber Data secret and ensure that employees only have access to the Subscriber Data if it is necessary to perform the services, e.g. support- and maintenance (“need to know basis”).
11.3. Information that a party has stated as confidential shall always be regarded as confidential information.
11.4. Each party is responsible for compliance with this confidentiality undertaking by its respective subcontractors, consultants and employees. The confidentiality undertaking under this section applies during the term of the Subscription and for a period of three years after the Subscription has expired. The confidentiality undertaking for Subscriber Data applies for an indefinite period of time.
11.5. Specific non-disclosure Subscriptions shall, upon request from the Subscriber, be signed by the Supplier’s employees and suppliers and its employees, before any work is conducted.
12. Publicity and Marketing
The Supplier may publicly state that the Subscriber is a customer of the Supplier. The Subscriber grants the Supplier the right to include the Subscriber’s name, trademark, logo or similar identifying material in a listing of customers on the Supplier’s website and/or promotional material in relation to the Service. The Subscriber may at any time via the Supplier's support portal ask the Supplier to not include information about the Subscriber in any publicly available material and the Supplier shall in such case stop doing so within thirty (30) days and as far as possible delete any already publicised information about the Subscriber.
13. Intellectual Property Rights
13.1. The Supplier or its licensors hold all rights, including intellectual property rights, to the Service and the Documentation (including, without limitation to, such development or improvements specifically performed on behalf of the Subscriber) including software and source code. Nothing in the Subscription shall be construed as a transfer of such rights, or any part thereof, to the Subscriber.
13.2. The Subscriber has all rights, including intellectual property rights, to the Subscriber Data. During the term of the Subscription, the Supplier may use the Subscriber Data and data related to the Subscriber's use of the Service (personal data excluded) in order to provide the Service to the Subscribers successfully.
13.3. The Supplier shall compensate the Subscriber for damage suffered by the Subscriber as a result from claims from third parties regarding infringement of such third party's intellectual property rights. The limitation of liability as set out in this section 13 and in section 14 shall however apply, except for what is stated in section 14.5.
13.4. The Supplier's obligation to indemnify the Subscriber pursuant to section 13 applies only provided that the Subscriber:
a) without undue delay notifies the Supplier in writing of claims made against the Subscriber;
b) allows the Supplier to control the defence and make decisions alone in all related settlement negotiations; and
c) acts in accordance with the Supplier's Documentation and cooperates with and assists the Supplier to the extent that the Supplier reasonably request.
13.5. If it comes to the Supplier's knowledge or is finally settled that there is an infringement of a third party's intellectual property rights, the Supplier may choose to either:
a) ensure the Subscriber a continued right to use the Service;
b) change the Service so that infringement no longer exists;
c) replace the Service, or any part thereof, with any other non-infringing equivalent service; or
d) terminate or temporarily cease to provide the Service and, after deducting the Subscriber's reasonable benefit, repay the Subscriber's fee paid for the Service, without interest.
13.6. The Supplier has the right to freely use the know-how, professional knowledge, experience and skills that the Supplier acquires through or in connection with providing the Service.
13.7. The Supplier's obligations under this section 13 are conditional upon the Subscriber’s use of the Service exclusively in accordance with the terms of the Subscription.
13.8. This section 13 constitutes the Supplier's total liability towards the Subscriber for infringement of third parties´ intellectual property rights.
14. Limitation of Liability
14.1. The Supplier's responsibility for the provision of the Service is limited in accordance with what is stated in these Terms.
14.2. The Supplier is - with the limitations set out below - liable towards the Subscriber for damages caused due to the Supplier's negligence. However, the Supplier is not liable for damages caused by third party platforms as Atlassian or any integrations to other systems or applications that the Subscriber may want to use the Service together with, or modifications or changes to the Service made according to the Subscriber’s instructions or performed by anyone other than the Supplier (including but not limited to the Subscriber and Subscriber's suppliers).
14.3. The Service is provided on an “as-is” basis without any express or implicit promises or guarantees.
14.4. Notwithstanding the above, the Supplier shall under no circumstance be liable for indirect damages (Sw. indirekt skada), including damages caused by loss of profit, revenue, anticipated savings or goodwill, loss of information or Subscriber Data, loss due to operational, business, power or network interruptions, loss due to modifications of the Service made in accordance with Subscriber's instructions or performed by anyone other than the Supplier, as well as any claims due to the Subscriber's possible liability to third parties; without prejudice to section 13.3. The Supplier is neither liable for any claims deriving from the Subscriber’s relationship with any third party platform such as Atlassian where the Service was purchased or integrated with.
14.5. The Supplier’s total and aggregate liability under the Subscription regardless of the number of incidents, is limited to the amount paid by the Subscriber according to the Subscription during the twelve (12) months prior to the time the damage occurred.
14.6. The Subscriber shall, in order to not lose its right, submit a claim for compensation in writing no later than ninety (90) days after the Subscriber noticed or should have noticed the actual damage or loss, however in no case later than six (6) months from when the loss arose.
14.7. In case of a claim from a third party, the party responsible for such claim shall indemnify and hold the other party harmless.
15. Force Majeure
15.1. Each party shall be relieved from liability for damages for a failure to perform any obligation under the Subscription to the extent that the due performance is prevented by reason of any circumstance beyond the control of the party. Such as internet limitation or slow connection, power outages, network intrusion, lawsuits, pandemics, labour disputes, loss of communications, mobilisation or large-scale military recruits, ordinances, rationing of fuel, goods or energy, and defects and delays in deliveries from subcontractors caused by any party outside the party's control provided that the other party is notified immediately.
15.2. The parties have the right to terminate the Subscription immediately if force majeure continues or will obviously continue for more than sixty (60) days.
16.1. The Supplier is entitled to assign subcontractors to accomplish its obligations under the Subscription. The Supplier is liable for the work of the subcontractors as well as its own.
16.2. The primary means of communication between the parties concerning the Service shall be e-mail to email@example.com. Emails sent to this address will create a support request in our support portal. We will correspond with you via this support request.
16.3. The content of the Subscription and its appendices shall supersede all previous written or oral commitments and undertakings.
16.4. The documents described in the definition of the Subscription shall have mutual priority in the following order: (i) the Order Agreement, (ii) the Terms and (iii) any annexes. Any annexes shall have priority over each other in accordance with the order set out in the Order Agreement.
16.5. The Subscription may not be transferred to a third party without the other party's prior written consent. However, the parties are allowed to transfer the Subscription to companies within the same corporate group and in a situation of transferring the Supplier’s operation or a part thereof, the Supplier is admissible to transfer the Subscription to a third party.
16.6. The failure of a party to exercise any right under the Subscription or the failure to point out any particular condition attributable to the Subscription shall not constitute a waiver by a party of such right.
16.7. The following sections apply even after the termination of the Subscription: 8 (Term and termination), 11 (Confidentiality), 13 (Intellectual Property Rights), 14 (Limitation of Liability) and 17 (Governing Law and Disputes).
17. Governing Law and Disputes
17.1. The Subscription shall be governed by and construed in accordance with the laws of Sweden.
17.2. Any dispute arising out of or in connection with the Subscription shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC Institute”).
17.3. The Rules for Expedited Arbitrations shall apply, unless the SCC Institute, considering the complexity of the case, the amount in dispute and other circumstances, determines, in its discretion, that the Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce shall apply. In the latter case, the SCC Institute shall also decide whether the arbitral tribunal shall be composed of one or three arbitrators.
17.4. The place of arbitration shall be Malmö. The language of the proceedings shall be Swedish and Swedish law shall apply to the dispute. Regardless of what has just been said, the Supplier shall always have the right to apply for an injunction to payment or bring an action regarding non-payment in a general court.
"Agreement" refers to the collective documents including the Order Agreement, Terms and Conditions, and the DPA.
"Documentation" any instruction or other documentation that the Supplier provides to the Subscriber at any time.
"DPA" means the data processing agreement concluded between the parties.
"End-Users" means the individual who uses the Service as part of the Subscriber’s Subscription.
"Early Access" means a time limited period for which the parties have agreed that the Subscriber shall test new features or a beta version of the Service. The version of the Service used during Early Access is under ongoing development by the Supplier and therefore not complete or equivalent to the Service.
"Order Agreement" means the contract between the Subscriber and the Supplier that includes Subscriber details and specific terms in relation to the Subscriber’s purchase of the Service or Subscription to use the Service. The Order Agreement may be constituted by a document signed by the Subscriber, an offer accepted by the Subscriber, an e-mail or a web form at the Supplier’s website where the Subscriber has provided its credentials and signed up to use the Service.
"Service" means the service provided to the Subscriber according to the Subscription.
"Subscriber" means the company specified in the Order Agreement as a customer or the person who otherwise agrees with the Supplier to use the Service.
"Subscriber Data" means any data that is provided to the Supplier by or on behalf of the Subscriber through the use of the Service.
"Subscription Term" means the term agreed upon in the Order Agreement.
"Subscription" means the contractual agreement between the parties no matter in what form, including the Order Agreement, these Terms, the DPA and any appendices mentioned in the Order Agreement, in the Terms or in the DPA.
"Supplier" means the company providing the Service which the Subscriber has concluded the Subscription with.
"Trial Period" means a time limited period for which the parties have agreed that the Subscriber is entitled to use the Service for the sole purpose of evaluation prior to purchase.
Data Processing Agreement
Effective July 15, 2022
1. Background and Interpretation
1.1. The Supplier will upon performance of the Agreement when providing its Service process personal data on behalf of the Subscriber, in the capacity of Subscriber’s processor. The Supplier will process personal data for which Subscriber is the controller.
1.2. This Data Processing Agreement (the "DPA") forms an integral part of the Agreement. The purpose of this DPA is to ensure a secure, correct and legal processing of personal data and to comply with applicable requirements for data processing agreements as well as to ensure adequate protection for the personal data processed within the scope of the Agreement.
1.3. Any terms used in this DPA, e.g. processing, personal data, data subjects, supervisory authority, etc., shall primarily have the meaning as stated in the European Parliament and the Council Regulation (EU) 2016/679 (the "GDPR") and otherwise in accordance with the Agreement, unless otherwise clearly indicated by the circumstances.
1.4. In light of the above, the Parties have agreed as follows:
2. Instructions and Responsibilities
2.1. The type of personal data and categories of data subjects processed by the Supplier under this DPA and the purpose, nature, duration and objects of this processing, are described in the instructions on processing of personal data in Appendix 2A or the written instructions that Subscriber provides from time to time. The Supplier shall not process additional categories of personal data or personal data in relation to other data subjects than those specified in Appendix 2A.
2.2. Subscriber is responsible for complying with the GDPR. Subscriber shall in particular:
a) be contact person towards data subjects and i.e. respond to their inquiries regarding the processing of personal data;
b) ensure the lawfulness of the processing of personal data, provide information to data subjects pursuant to Articles 12-14 in the GDPR and maintain a record of processing activities under its responsibility;
c) provide the Supplier with documented instructions for the Supplier’ processing of personal data, including instructions regarding the subject-matter, duration, nature and purpose of the processing as well as the type of personal data and categories of data subjects;
d) immediately inform the Supplier of changes that affect the Supplier’ obligations under this DPA;
e) immediately inform the Supplier if a third party takes action or lodges a claim against Subscriber as a result of the Supplier’ processing under this DPA; and
f) immediately inform the Supplier if anyone else is joint controller with Subscriber of the relevant personal data.
2.3. When processing personal data, the Supplier shall:
a) only process personal data in accordance with Subscriber’s documented instructions, which at the time of the Parties entering into this DPA are set out in Appendix 2A;
b) ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
c) maintain an adequate level of security for the personal data by implementing all technical and organizational measures set out in Article 32 of the GDPR in the manner set out in section 3 below;
d) respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging a sub-processor;
e) taking into account the nature of the processing, assist Subscriber by appropriate technical and organizational measures, insofar as it is possible, for the fulfilment of Subscriber’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
f) assist Subscriber in ensuring compliance with the obligations pursuant to Articles 32-36 of the GDPR, taking into account the nature of the processing and the information available to the Supplier;
g) at the choice of Subscriber, delete or return all the personal data to Subscriber after the end of the Agreement, and delete existing copies, unless EU law or applicable national law of an EU Member State requires storage of the personal data; and
h) make available to Subscriber all information necessary to demonstrate compliance with the obligations laid down in Article 28 in the GDPR and this DPA and allow for and contribute to audits, including inspections, conducted by Subscriber or another auditor agreed upon by the Parties.
2.4. The Supplier shall notify Subscriber without undue delay, if, in the Supplier’ opinion, an instruction infringes the GDPR. In addition, the Supplier is to immediately inform Subscriber of any changes affecting the Supplier’ obligations pursuant to this DPA.
3.1. The Supplier shall implement technical and organisational security measures in order to protect the personal data against destruction, alteration, unauthorised disclosure and unauthorised access. The measures shall ensure a level of security that is appropriate considering the state of the art, the costs of implementation, the nature, scope, context and purpose of the processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. The Supplier may amend its technical and organisational measures.
3.2. The Supplier shall notify Subscriber of accidental or unauthorised access to personal data or any other personal data breach without undue delay after becoming aware of such data breach and pursuant to Article 33 of the GDPR. Such notification shall not in any manner imply that the Supplier has committed any wrongful act or omission, or that the Supplier shall become liable for the personal data breach.
3.3. If Subscriber during the term of this DPA requires that the Supplier takes additional security measures, the Supplier shall as far as possible meet such requirements provided that Subscriber pays and takes responsibility for any and all costs associated with such additional measures.
4. Sub-processors and Transform to Third Countries
4.1. Subscriber hereby grants the Supplier with a general authorisation to engage sub-processors. Sub-processors are listed in the list of sub-contractors in Appendix 2B. The Supplier shall enter into a data processing agreement with each sub-processor, according to which, the same data protection obligations as set out in this DPA, are imposed upon the sub-processor.
4.2. The Supplier shall inform Subscriber of any intended changes concerning the addition or replacement of sub-processors, thereby giving Subscriber the opportunity to object to such changes. Such objection shall be made in writing and within thirty (30) calendar days after the Supplier has informed Subscriber about the intended changes. If Subscriber objects to the Supplier engaging a sub-processor and the Parties cannot agree, within reasonable time, on the new sub-processor’s engagement in the processing of personal data, the Supplier can terminate the Agreement.
4.3. If the Supplier and/or sub-processors transfers personal data outside the EU/EEA, such transfer shall always comply with the applicable data protection requirements according to the GDPR and related data protection legislation. The Supplier shall keep Subscriber informed about the legal grounds for the transfer.
5. Compensation and Limitation of Liability
5.1. The Supplier is not entitled to any additional compensation for the processing of personal data in accordance with this DPA, instead the compensation provided pursuant to the Agreement also encompasses the measures in this DPA.
5.2. Each Party shall be responsible for any damages and administrative fines imposed to it under articles 82 and/or 83 of the GDPR.
5.3. Notwithstanding any limitation of liability in the Agreement, each Party’s liability under this DPA shall be limited to direct damages. In addition, the Supplier’ liability shall be limited to an amount corresponding to the fees paid by Subscriber to the Supplier under the Agreement for a period of six (6) months before the damage occurred.
6. Term and Termination
6.1. This DPA becomes effective when the Agreement has been entered into.
6.2. Upon termination of the Agreement, the Supplier shall at the choice of Subscriber, delete all the personal data or return it to Subscriber, and ensure that each sub-processor does the same.
6.3. This DPA remains in force as long as the Supplier processes personal data on behalf of Subscriber, including deletion or returning of personal data according to section 6.2 above. This DPA shall thereafter cease to apply. Sections 5 and 6.2 shall continue to apply even after this DPA has been terminated.
7.1. If provisions of the GDPR change or if a supervisory authority issues guidelines, decisions or regulations regarding the application of the GDPR during the term of this DPA, with the result that this DPA does not meet the requirements for a data processing agreement, the Parties shall change this DPA to meet the requirements.
7.2. Any other changes to this DPA than following from section 7.1 above or changes in Subscriber’s documented instructions, shall be made in writing and signed by the Parties’ authorized representatives, to be binding.
8.1. In the event of deviating provisions between the Agreement and this DPA, the provisions of this DPA shall prevail with regard to processing of personal data and nothing in the Agreement shall be deemed to restrict or modify obligations set out in this DPA, notwithstanding anything to the contrary in the Agreement.
8.2. This DPA supersedes and replaces all data processing agreements between the Parties potentially existing prior to this DPA.
Instructions on Processing of Personal Data
The Supplier processes personal data in order to fulfil the Agreement. This means that the Supplier processes personal data for the following purposes:
Provide the Service to End-Users,
Authenticate and authorize End-Users,
Handle customer support cases,
Provide self-service license management features,
Communicate relevant information with End-Users, and
Provide additional information to key End-Users.
Categories of personal data
Categories of personal data that will be processed by the Supplier include:
Unique identifier of the device using the Service, and
Information about how the Service is used.
Categories of data subjects
Personal data about End-Users using a trial version of the Service will be stored for three months after the trial period has ended. In other cases, the personal data will be processed for as long as the End-User continues to actively use the Service and for six (6) months thereafter.
The Supplier process the personal data of End-Users in the following ways.
Technically enable the Service to be used by End-Users.
End-Users contact details are used to provide relevant information, e.g. regarding any updates of the system.
End-user name and email address are used for authentication when End-Users are using the ActionableAgile Analytics (SaaS offering).
End-user unique identifiers are used for authorization when End-Users log in to the following products:
ActionableAgile Analytics (SaaS offering), and
ActionableAgile for Azure DevOps
Subscriber name and/or e-mail address is used to identify active access to support the following products:
ActionableAgile Analytics (SaaS offering), and
ActionableAgile for Azure DevOps
End-Users name and e-mail address is collected in order to provide customer support when customers open a support request via e-mail or via the Supplier’s support portal.
The name and e-mail address regarding key End-Users of strategic customers are manually stored in the Supplier’s CRM system by Customer Success Specialists in order to provide customer success related communications.
Information Security Measures
In the table above, if a sub-processor has made their DPA available online, we have linked the company name to the DPA for your easy review.
If you would like to review a full list of 55 Degrees' sub-processors, including those that aren't relevant to this DPA, please see our sub-processors page in our Security documentation.