Terms of Service

By using Snowfire, Snowfire AB (“Snowfire”) software, you are agreeing to the following terms and conditions (“Terms of Service”). Snowfire reserves the right to update and change the Terms of Service at any time without notice to you. You can review the most current version of the Terms of Service at any time at http://snowfire2.com/account/terms/terms_sv. To ensure that you are aware of the current Terms of Service, we recommend that you check our website periodically.

Violation of any of the following terms will result in the termination of your account. Snowfire is not responsible for the content posted on Snowfire.

Account Terms

You must be a registered user to access Snowfire.You must be of age (legal age) in your jurisdiction to use Snowfire.You will be solely responsible and liable for any activity that occurs under your account.You must be a private person or legal person to use Snowfire.You must provide your legal full name or your company’s legal name, a valid e-mail address, and any other information required.You will choose a password (and for certain accounts a username).You are entirely responsible for maintaining the confidentiality of your password and account.You are solely responsible for all content posted under your account (even when content is posted by others who have accounts under your account).You may not use Snowfire for any illegal or unauthorized purpose. You must not, in the use of Snowfire, violate any laws in your jurisdiction.

Acceptable Use and Conduct

Snowfire uses business partners to provide the necessary hardware, software and related technology required to run Snowfire. You are solely responsible for your conduct and your data related to Snowfire. Snowfire is made available to you and/or your company for personal or commercial use, which use must be in compliance with all applicable laws, rules and regulations and must not infringe or violate third party rights.

Any unauthorized use of Snowfire is a violation of this agreement and the valid laws. Such violations may subject the unauthorized user to civil and criminal penalties.

Intellectual Property

Snowfire owns all right, title and interest in and to Snowfire, including without limitation all intellectual property rights. You agree that you will not copy, reproduce, alter, modify, or create derivative works from Snowfire. Snowfire claims no intellectual property rights over the material you provide to Snowfire.

Support

Snowfire provides technical support regarding Snowfire by e-mail. Technical support is only provided to paying account holders. For technical support, contact Snowfire at support@snowfire.net

Privacy and Communications

Snowfire may send you communications regarding your account or Snowfire via e-mail. See the Privacy Policy, which is incorporated into this Terms of Service by reference.

Fees and Termination

User fees are evaluated on a per-month contract agreement with Snowfire. At the end of the contract term, the contract will automatically renew indefinitely until you terminate the contract. Users can opt to upgrade or downgrade their Snowfire service agreement to any other Snowfire service agreement that Snowfire is currently offering.

Snowfire may submit periodic charges monthly without further authorization from you, until you have terminated Snowfire. Termination must be issued via Snowfire and must be done five (5) days prior to the end of the contract.

Terminate Snowfire or change your service by sending an email to support@snowfire.net

If you terminate Snowfire, the service will remain active until the end of the contract period. You can also deactivate Snowfire immediately. In the event of account termination you will lose all data related to your account.

Snowfire can change the fees for Snowfire at any time but we will give you reasonable notice of this before we do so. If you are unhappy with any subscription fee changes you may terminate Snowfire or change your service by sending an email to support@snowfire.net

Snowfire reserve the right to terminate your account at any time.

No Warranties

Snowfire is provided “as is” without any conditions, warranties or other terms of any kind.

Snowfire provides you with Snowfire on the basis that Snowfire excludes all warranties, representations, conditions and other terms and Snowfire makes no warranty or representation regarding the results that may be obtained from the use of Snowfire, the security of Snowfire, or that Snowfire will meet your requirements.

The use of Snowfire is at your own risk. You will be solely responsible for any damage to you resulting from the use of Snowfire. The entire risk arising out of use, security or performance of Snowfire remains with you.

This legal notice and the foregoing disclaimers are without prejudice to any mandatory legal rights that cannot be excluded under applicable law.

Links

Snowfire or third parties may provide links to other websites. Snowfire has no control over such websites and Snowfire is not responsible for the availability of such external websites and is not responsible or liable for any content, advertising, products, or other materials on or available from such websites. Snowfire shall neither be responsible or liable, directly or indirectly, for any damage or loss caused by or in connection with use of any such content, goods or services available on or through any such website.

Contact us

If you have any questions, comments or concerns regarding our agreements, please contact Snowfire at support@snowfire.net

Appendix 1 – GENERAL TERMS AND CONDITIONS Cloud Services, version 2014, Published by IT&Telekomföretagen 2014

These general terms and conditions are intended for use when the Supplier provides a standardised, permanent Internet based service.

These general terms and conditions constitute an appendix to the Agreement entered into between the parties. In the event of any conflicting information in the Agreement, the parts of the Agreement prepared by the parties shall take precedence over these general terms and conditions.

These general terms and conditions are intended for use for example when the Supplier provides storage capacity, infrastructure or software as a service (SaaS). Certain provisions only apply to SaaS Services. If the Customer requires support for the startup of the Service, the parties should enter into a separate agreement in this respect..

1. Definitions

   Unless the context or circumstances clearly require otherwise, the following words and phrases shall have the meanings specied below:

   Access Point

   Unless the parties have agreed otherwise, the point or points at which the Supplier connects the Service to a public electronic communications network.

   Application

   The software provided in a SaaS Service.

   Agreed Start Date

   The date on which the Service shall be available to the Customer in accordance with the Agreement.

   Agreement

   The agreement, including appendices, entered into between the parties.

   Customer's Data

   Data or other information that the Customer, or another party on the Customer's or a user's behalf, puts at the Supplier's disposal as well as the result of the Supplier's data processing.

   Customer's Software

   The software owned by the Customer or which the Customer is entitled to use in accordance with an agreement with a third party, and which is used in the Service.

   Product Supplier

   The company that grants the Supplier a license to and provides maintenance in respect of a Third Party Application.

   SaaS Service

   The provision of software as a service.

   Specifikation

   The specification of the contents of the Service contained in the Agreement or on the domain address specied in the Agreement and subsequent changes thereof agreed in writing.

   Actual Start Date

   The date on which the Service is available to the Customer. Additional Services Possible support services not included in the Speci cation.

   Service(s)

   Each service which the Supplier, pursuant to the Agreement, shall make available to the Customer over a public electronic communications network and any subsequent changes thereof.

   Tjänsten

   Varje tjänst som leverantören enligt Avtalet ska göra tillgänglig för kunden över ett allmänt elektroniskt kommunikationsnät samt senare överenskomna förändringar därav.

   Third Party Application

   Software (a) the copyright to which clearly belongs to a company other than the Supplier or a company within the Supplier's group of companies and nothing else follows from the Agreement, or (b) specied as Third Party Products in the Agreement.

2. Supplier’s undertaking

   1. From each Agreed Start Date the Supplier shall provide the Service at the Access Point in accordance with the terms and conditions of the Agreement, and perform the agreed Additional Services. The contents of the Service are set out in the Specication.
   2. The Supplier shall perform its obligations in a professional manner. Unless otherwise follows from the Specication, the Service shall be performed in accordance with the methods and standards normally applied by the Supplier for this type of service.
   3. The Supplier may engage a subcontractor to perform the Service and other obligations under the Agreement. The Supplier is liable for a subcontractor's work as if it had been performed by the Supplier itself.
   4. Unless otherwise follows from the Agreement, the Supplier may, while observing the provisions on personal data in clause 14, provide the Service, in whole or in part, from another country, provided that the Supplier otherwise ful ls the terms and conditions of the Agreement.

3. Customer’s undertaking

   1. In order for the Supplier to be able to perform its obligations under the Agreement, the Customer is responsible for the following:
      1. a) The Customer shall review documentation provided by the Supplier and make decisions regarding the appro- val of such documentation, and otherwise provide the information necessary for the Supplier to perform its obligations under the Agreement.
      som leverantören tillhandahåller godkänns samt i övrigt fortlöpande lämna de upplysningar som är nödvändiga för att leverantören ska kunna genomföra sina åtaganden enligt Avtalet.
      2. b) The Customer is responsible for the communication between the Customer and the Access Point. It is also the Customer's responsibility that it has the equipment and software that the Supplier, on a website or by another written method, has stated is required to use the Service, or which otherwise is clearly required for such use.
      3. c) The Customer is responsible for faults and defects in the Customer's Software.
      4. d) Unless otherwise follows from the Agreement, the Customer is responsible for the backup of Customer's Data.
      5. e) The Customer shall ensure that (i) Customer's Data are free from viruses, Trojans, worms or other malicious software or code; (ii) Customer's Data are in the agreed format; and (iii) Customer's Data otherwise cannot damage or interfere with the Supplier's system or the Service.
      6. f) The Customer shall ensure that log-in information, security methods and other information provided by the Supplier for access to the Service are handled con- dentially in accordance with clause 16. The Customer shall notify the Supplier immediately in the event of unauthorised access to information in accordance with this clause.
      7. g) The Customer shall notify the Supplier immediately upon discovery of any infringements or attempted infringements that might affect the Service.

4. Startup the Service

   1. It is the Supplier's responsibility that the Service is avai- lable to the Customer from and including the Agreed Start Date. The Supplier shall, in good time, have provided the instructions that are necessary for the Customer to start using the Service from the Agreed Start Date. The parties may conclude a separate agreement regarding the Supplier's obligations in respect of the startup of Service. The Service shall be deemed available when the Customer can start using the Service from the Access Point.

5. Changes to the Service

   1. The Supplier may, without prior notification to the Customer, make changes to the Service or the method of providing it, which evidently may not cause the Customer more than minor insigni cance.
   2. The Supplier may make other changes to the Service or the method of providing it than those set out in clause 5.1 3 months after notifying the Customer to this effect. The Customer may, at the latest when the change enters into force, terminate the Service with effect from the date the change enters into force, or such later day speci ed in the notice of termination, albeit not later than 3 months from the date the change entered into force. However, the Supplier may not make any changes relating to any requirements for the Service, if the parties have speci cally stated that they may not be changed.

6. Customer’s use of the Service

   1. Unless the parties have agreed otherwise, the Customer is granted a non-exclusive right to use the Service in its own business only. The Customer may allow contractors to use the Service on its behalf.
   2. The Customer may not copy software that is included in the Service or let anyone other than the persons nominated in accordance with clause 6.3 use the Service.
   3. The Customer shall specify what persons are allowed to use the Service. The Customer shall immediately notify the Supplier if such a person is no longer authorised to use the Service. The Customer is responsible for the use of the Service by such persons.
   4. The Customer is obliged to follow any written instructions from the Supplier for the use of the Service. The Supplier may, after the conclusion of the Agreement, change instruc- tions provided in accordance with clause 5.
   5. If the Supplier has stated in the Agreement, that the Supplier's good practice standards apply to the use of the Service, these standards shall be made available to the Customer on the website or another accessible place speci ed in the Specication. In such event, the Customer shall comply with the Supplier's good practice standards when using the Service. The Supplier may, after the conclusion of the Agreement, change the applicable standards in accordance with clause 5.
   6. The Customer is responsible for ensuring control over data handled in the Service and for ensuring that the Customer can prevent the data from spreading in accordance with the requirements in applicable legislation or so that the data do not contravene the standards of the Supplier pursuant to clause 6.5.

7. Specific provisions relating to SaaS Service

   1. Scope

      The Customer may use the SaaS Service for the number of licenses or other use set out in the Agreement and otherwise as set out in clause 6. Where a Third Party Application is provided via the SaaS Service, clause 7.4 shall also apply. From the Actual Start Date the Supplier shall provide the updates, versions or releases of the Application speci ed in the Agreement, with the changes that follow from clause 7.2.

   2. Maintenance of the Application

      The Supplier shall implement the updates or new versions provided by the Supplier or Product Supplier in the Application within the scope of its maintenance, and to the extent the Supplier nds it appropriate for the Service. The provisions of clause 5 shall apply to the implementation of an update or a new version. The Supplier may, even if it would inconvenience the Customer, implement updates in the Application in order to protect the Service and for other security related purposes.

   3. Documentation

      The Supplier shall make available user documentation for the use of the Application in form of manuals and other instructions. The user documentation shall be in Swedish or English.

   4. Specific provisions relating to Third Party Applications

      The Customer may only use a Third Party Applications in accordance with the licensing terms issued by the Product Supplier and referred to by the Supplier. With respect to Third Party Applications, the Supplier's liability for faults or intellectual property infringements is restricted to an obligation to report the fault/infringement to the Product Supplier immediately. The Supplier shall implement any potential solution from the Product Supplier, provided this can be done without negative interference with the Service. The Supplier shall also monitor that the Product Supplier ful ls its obligations under the applicable agreement with the Supplier. The Supplier has no other responsibility for fault or infringement in relation to Third Party Applications. If it is nally decided that infringement has occurred or if it is likely, in the opinion of the Supplier, that such infringement has occurred, and the Product Supplier does not take the necessary action, the Supplier may terminate the Agreement with 3 months' notice.

8. Restricted access to the Service

   1. If the provision of the Service results in a risk of more than insigni cant damage to the Supplier or a another customer of the Service, the Supplier may block or restrict access to the Service. In connection with this, the Supplier may not adopt more far-reaching measures than is justi ed in the circumstances. The Customer shall be informed as soon as possible if the access to the Service is restricted.
   2. Unless otherwise follows from the service level agreement, the Supplier may carry out planned measures that affect the availability of the Service if required for technical, maintenance, operational or safety reasons. The Supplier shall perform such measures promptly and in a manner that limits the disruption. The Supplier undertakes to notify the Customer within a reasonable time before such action and, if possible, to plan such action to be carried out outside of normal of ce hours.
   3. The supplier has the right to immediately prevent information in the Service from spreading further, if it is reasonable to believe that continuing to spread the information contravenes applicable legislation. In exercising this right, the Supplier is entitled to access any information transferred or submitted to the Service. If the Supplier exercises this right, it shall notify the Customer.
   4. The Supplier is entitled to prevent persons from continuing to use the Service if the persons have submitted information in breach of applicable legislation or the Supplier's standards referred to in clause 6.5. If the Supplier exercises this right, it shall notify the Customer.

9. Contact persons

   1. Each party shall designate a contact person who shall be responsible for the cooperation in regard to the Agreement. Each party shall notify the other party of the designated contact person. The contact persons are entitled to represent the principal in matters concerning the implementation of the Service and any Additional Services.

10. Remuneration, fees and terms of payment

    1. Fees

       In consideration of the Supplier's performance of the Service, the Customer shall pay, from the Actual Start Date, the remuneration speci ed in the Agreement. For Additional Services, the Customer shall pay in accordance with the Supplier's from time to time applicable price list. If the parties have made an agreement on hourly rates, the remuneration is charged on current account at the agreed hourly rates. The remuneration is exclusive of VAT and other additional taxes and charges relating to Services and Additional Services that were xed after the Agreement was entered into. Unless otherwise follows from the Agreement, xed charges shall be invoiced regularly in advance. With regard to Additional Services or other remuneration in accordance with the Agreement, the Supplier is entitled to invoice monthly in arrears. Payment shall be made within 30 days of the date the invoice was issued.

    2. Changes of fees

       The Supplier may, annually as from the start of a new calendar year, change all fees in accordance with the changes in the Statistics Sweden's index: Labour Cost Index för tjänstemän (LCI tjm) preliminärt index, SNI 2007 kod J (Informations- och kommunikationsverksamhet).

    3. Changes of fees for Third Party Applications

       If the parties have agreed on a special license fee for using Third Party Applications, the Supplier may, to the extent the Product Supplier changes the fee for the use of the Third Party Application, change the license fee 3 months after notifying the Customer to this effect.

    4. Other remuneration

       In the event that the Supplier incurs extra work or additio- nal costs due to circumstances for which the Customer is responsible, the Customer shall remunerate the Supplier for such extra work and additional costs in accordance with the Supplier's current price list.

    5. Final invoice

       The Supplier shall, at the latest within 6 months of the expiry of the respective month of service, submit an invoice to the Customer that includes all outstanding items for that month of service. If the Supplier fails to submit such an invoice, the Supplier loses its right to remuneration for the services or work performed, including the remuneration referred to in clause 10.4, except with regard to its right of offset.

    6. Delays

       In event of a delay in payment, default interest and other compensation shall be paid in accordance with law. If the Customer's payment is delayed and the Supplier has requested the Customer in writing to pay the amount due, the Supplier may, 30 days after a written request to the Customer with reference to this clause, withhold further provision of the Service until the Customer has paid all amounts due and outstanding.

11. Intellectual property rights

    1. The Supplier and/or the Supplier's licensors hold all rights, including intellectual property rights, to the Service and any software included in the Service.
    2. It is the Supplier’s responsibility that the Customer's use of the Service does not infringe any copyright, patent or other intellectual property right. If the infringement relates to the use of an Application that is not a Third Party Application in a SaaS Service, the Supplier is only responsible under this clause 11.2 when the Customer uses the Application in Sweden or another agreed country. The Supplier undertakes to defend, at its own expense, the Customer against any claims or actions regarding infringement of a third party's rights due to the Customer's use of the Service. The Supplier shall also indemnify the Customer for any costs or damages that the Customer may become liable to pay as a result of a judgment or settlement. The obligation by the Supplier only applies if the Customer has noti ed the Supplier in writing of a claim or action within a reasonable time and the Supplier has sole control over the defence against such action and the sole right to negotiate any agreement or settlement. Where a third party alleges that the Customer's use of the Service infringes upon a third party's rights, the Supplier is responsible for obtaining any necessary rights or procuring other non-infringing software without any costs and as few operational interruptions as possible to the Customer or, if the infringement concerns an Application that is not a Third Party Application in a SaaS Service, amend it so that it no longer causes infringement, or terminate the Agreement with 3 months’ notice, in which case the Customer, during the notice period, is entitled to a deduction of the fee that corresponds to the reduction of the value of the Service as a result of the infringement. As concerns liability for infringement relating to the Customer's use of a Third Party Application in a SaaS Service, the provisions in clause 7.4 shall apply instead. Other than as stated in this clause, the Supplier is not liable towards the Customer for infringements of a third party's intellectual property rights.
    3. It is the Customer’s responsibility that the necessary rights to use the Customer's Software within the scope of the Service are in place. The Customer undertakes to defend, at its own expense, the Supplier against any claims or actions regarding infringement of a third party's rights due to use of the Customer's Software within the scope of the Service. The Customer furthermore undertakes to indemnify the Supplier against any costs or damages that the Supplier may become liable to pay as a result of a judgment or settlement. The undertaking by the Customer only applies if the Supplier has noti ed the Customer in writing of a claim or action within a reasonable time and the Customer has sole control over the defence against such action and the sole right to negotiate any agreement or settlement. Where a third party alleges that the use of the Customer's Software infringes upon the third party's rights, the Customer is responsible for obtaining any necessary rights. Other than as stated in this clause 12.2, the Customer is not liable towards the Supplier for infringements of a third party's intellectual property rights.

12. Customer ́s Data

    1. In the relationship between the Customer and Supplier, the Customer is the holder of all rights pertaining to Customer's Data. Unless otherwise follows from the Agreement, work in connection with transferring Customer's Data to the Customer during the term of the Agreement is an Additional Service.
    2. The Customer is liable for, and shall indemnify and hold the Supplier harmless from and against, any infringement by Customer's Data of any third party right or any other non-compliance with applicable law.

13. Logs

    1. If the Supplier keeps a log of the use of the Service the Supplier may only, unless the parties have agreed otherwise, use the data from the log as necessary to perform the Ser- vices, and if the log does not contain any personal data for development , to clarify misuse or analyse infringements as well as to provide information to public authorities or for statistical purposes. If data from the logs are used for statistical purposes, the data shall not contain Customer's Data or information to which a con dentiality obligation applies, so that the Customer or a person can be identi ed, and such statistical analyses shall not create personal data. The Supplier shall allow the Customer access to the data registered by the Supplier regarding the use of the Service pursuant to this clause.

14. Personal data

    1. When processing personal data within the scope of the Service, the Customer is the data controller and the Supplier is the data processor. As data controller it is the Customer's responsibility that personal data is processed in accordance with applicable legislation. The Supplier undertakes that it will only process personal data in accordance with the Agreement and the Customer's written instructions. Where the requested action does not follow from the Agreement, the Supplier shall be remunerated for following the Customer's written instructions. The Supplier shall implement the agreed technical and organisational measures to protect the personal data. The Supplier shall be prepared to comply with any orders issued by any governmental authority in accordance with law in relation to any measures required to ful l the stipulated security requirements pertaining to the Customer's personal data. Where the Supplier incurs extra costs for complying with amended security requirements, the Customer shall compensate the Supplier for any such costs. The Supplier shall immediately notify the Customer upon discovering any completed or attempted unauthorised access to, destruction of or amendment to the Customer's personal data.
    2. The Supplier shall allow any inspections that a governmental authority may be entitled to require under law with regard to personal data processing. The Supplier may charge the Customer for any costs in connection with the implementation of such inspection.
    3. When using a subcontractor who processes personal data (a “subprocessor”), the Supplier, as the Customer's representative, shall sign an agreement with the subprocessor, according to which the subprocessor, as data processor, undertakes towards the Customer to comply with the provisions of this clause 14. Where personal data will be transferred to a country outside of the EU/EEA, the Supplier shall ensure that the subprocessor signs the EU's standard agreement clauses for transferring personal data to a third country. The Supplier shall be entitled to sign the agreement as a representative of the Customer. Prior to using a subprocessor for the processing of personal data, the Supplier shall notify the Customer of the subprocessors it intends to use and which country personal data will be processed in. On the Customer's request, the Supplier shall send the Customer a copy of any agreements signed by the Supplier under this subclause 14.3.
    4. Upon the expiry of the Agreement, the provisions of clause 22 shall apply in regard to personal data.

15. Security

    1. Unless otherwise follows from the Agreement, the Supplier shall comply with its internal security regulations. The Supplier's internal security regulations shall be available on the website or other accessible place speci ed in the Specication. The Supplier may, after the conclusion of the Agreement, change the applicable security regulations in accordance with clause 5.

16. Confidentiality

    
    
    1. Each party undertakes not to disclose, without the other party's consent, to a third party, during the term of the Agreement or for a period of three years thereafter, any information regarding the other party's business that may be considered a business or professional secret or which according to law is subject to a duty of con dentiality. Unless otherwise follows from law, the Supplier's pricing information or other information that a party speci es as con dential shall always be regarded as a business or professional secret. The con dentiality obligation does not apply to information that the party can demonstrate has become known to the party other than through the project or which is publicly known. Furthermore, the con dentiality obligation does not apply when a party is required to disclose such information by law, court or government order or binding stock exchange regulations. Where a party is required to disclose information in such way, it shall notify the other party prior to disclosure.
    2. A party shall ensure that con dentially is maintained as set out above by entering into con dentiality agreements with employees or taking other appropriate measures. A party shall also ensure that subcontractors and subcontractors' employees that participate in the performance of the project sign con dentiality obligations on equivalent terms.

17. Liability for the Service

    
    
    1. In the event of a fault in the Service, the Supplier shall, if possible, remedy the fault with the urgency required by the circumstances. If the Customer has not been able to use the Service in signicant respects due to a fault in the Service, the Customer is also entitled to receive, for the period from the notication of the fault and during the time the fault persists, a reasonable reduction in the remuneration relating to the Service. The Supplier is only liable for faults pursuant to sub-clause 17.1 if the Customer has noti ed the Supplier within a reasonable time after discovering the fault, and has stated and, if necessary, demonstrated, how the fault presents itself. Where the fault is caused by the negligence of the Supplier, the Supplier is liable for damages, with the limitations set out in clause 18.
    2. If the parties have agreed service levels for the Service, these shall be specified in the Agreement.
    3. Specific terms and conditions for fault in the Application in a SaaS Service. As concerns faults in a Third Party Application in a SaaS Service, the provisions of clause 7.4 shall apply instead. As concerns faults in a Application that is not a Third Party Application in a SaaS Service, the Customer is entitled to a reduction of the remuneration in accordance with clause 17.1. In this respect, the Supplier is liable in accordance with clause 17.1, fourth paragraph, if the fault is not remedied after the Customer has given the Supplier a nal, reasonable deadline. Where the Customer has noti ed a fault, but no fault for which the Supplier is liable is deemed to exist, the Customer shall remunerate the Supplier for the service performed in accordance with the Supplier's from time to time applicable price list. A fault in an Application that is not a Third Party Application means a deviation from functions and other requirements that follow from (a) the Specication regarding the Application; (b) product descriptions used by the Supplier for the relevant update, version or release of the Application; and (c) deviations from generally accepted standards for equivalent software. In the event of any con ict between (a), (b) and (c) they shall take precedence in the order stated.
    4. Unless otherwise follows from the Agreement, the Supplier's liability for faults or nonperformance of service levels does not include faults or defects caused by the circumstances set out below: (a) Circumstances for which the Customer is responsible under the Agreement; (b) Circumstances beyond the Supplier's area of responsibility for the Service; (c) A virus or other security interference, provided that the Supplier has implemented security measures in accordance with any agreed requirements or, in the absence of such requirements, in accordance with professional standards.
    5. If the parties have entered into an agreement regarding agreed service levels the Supplier is only liable, in the event of noncompliance with the agreed service levels, for a price reduction or liquidated damages in accordance with the terms and conditions of the agreed service levels. Where the parties have not speci cally agreed such price reduction or liquidated damages, the Customer shall instead be entitled to a reasonable reduction of the remuneration in accordance clause 17.1. Other than as just stated, the Customer is not entitled to any damages or other compensation due to noncompliance of agreed service levels, other than in the event of intent or gross negligence.
    6. The Customer may only invoke remedies under clause 17, if the Customer has noti ed the Supplier in writing to this effect no later than 90 days after the Customer became aware, or should have become aware, of the grounds for the claim.

18. Limitation of liability

    1. If a party is prevented from ful lling its obligations under the Agreement due to a circumstance beyond the party's control, including but not limited to lightning strike, la- bour dispute, re, natural disaster, changes in regulations, governmental actions and/or a failure or delay in services provided by a subcontractor due to a circumstance stated herein, then this shall constitute a ground for release resulting in an extension of the deadline for performance and release from damages and other remedies. If the performance of the Service in substantial respects is prevented for a period exceeding two months due to a circumstance stated herein, either party shall have the right to terminate the Agreement in writing, without incurring any liability for compensation. When terminating the Agreement in accordance with this clause, clause 22 shall apply.
    2. A party's liability for damages is limited, per calendar year, to a total sum equal to 15% of the annual fee for the Service in question. With regard to Additional Services, the Supplier's liability, per calendar year, shall be limited to the total amount of that Additional Service. A party is not in any event liable for loss of pro t or other indirect damage. Furthermore, a party is not liable for the other party's liability towards a third party, other than as stated in clause 11 or, as regards the Customer’s liability, under clause 12.2. The Supplier shall not be liable for any loss of data, except in respect of possible loss of data caused by the Supplier's negligence in performing its agreed commitments regarding backup copying. The limitation of liability in this clause 18.2 does not apply in the event of personal injury, liability in accordance with clause 11 and 12.2 or in the event of intent or gross negligence.
    3. A party does not have the right to make a claim for damages, unless such claim is made within 6 months from the time the damage occurred.

19. Principles of business ethics

    1. The Supplier undertakes to use principles of business ethics that comply with the IT&Telekomföretagen's basic principles on business ethics.

20. Term of Agreement

    1. This Agreement takes effect when signed by the parties. The term of Agreement, extension period and notice period shall be speci ed in the Agreement. In the event a term of Agreement has been speci ed, the term is deemed to have started on the Actual Start Date. Unless the parties agree otherwise, either party may terminate the Agreement no later than 90 days before the expiry of the current Agreement term. Otherwise the agreement is extended each time by the agreed extension period. In the event that an Agreement term or extension period has not been not agreed, the Agreement continues to apply with a mutual notice period of 90 days. The Agreement expires at the calendar month end following the expiry of the notice period. Termination of the Agreement shall be made in writing.

21. Early Termination

    1. 1 Either party may terminate the Agreement: (a) if the other party commits a signi cant breach of its obligations under the Agreement and does not remedy such breach within 30 days of a written notice that is addressed to the party in question and contains a reference to this clause; or (b) if the other party enters into bankruptcy, initiates composition negotiations, is subject to a business reorganisation or is otherwise insolvent.
    2. The terminating party may terminate the Agreement with effect from a certain date, which must not be later than three months after the notice of termination.
    3. Termination shall only be valid if made in writing.

22. Winding up of the Service

    1. Upon termination of the Agreement, a copy of the Customer's Data and, when applicable, the Customer's Software shall, on a request from the Customer that shall be made at the latest 60 days from the termination of the Agreement, promptly be returned to the Customer or to a person designated by the Customer, and any parts which exist electronically shall, if the Customer so wishes and to the extent reasonable, be submitted in electronic form in accordance with the Customer's instructions. After the expiry of such 60-day period, and unless otherwise is required by law, the Supplier may destroy such Customer's Data and the Customer's Software at the Supplier’s premises, or in a different manner make it inaccessible to the Customer.
       
       In order to achieve a transfer of the service that disrupts the Customer as little as possible, the Supplier shall, as an Additional Service and to a reasonable extent, assist the Customer if the Customer will provide an equivalent service to the Service, either itself or through another company designated by the Customer. After transferring the Customer's Data, or if the Customer has not requested such transfer, the Supplier shall, after the expiry of the 60-day period referred to in the previous paragraph, delete or anonymise the Customer's Data within a reasonable time but by not later than 12 months from the expiry of the Agreement. After expiry of the Agreement, the Supplier shall not process personal data contained in the Customer's Data for any purpose other than to delete or anonymise Customer's Data. The Supplier shall be entitled to reasonable remuneration for such work or any required investment in accordance with the Supplier's current price list. The Customer's obligation to pay for an investment only arises if the Customer requests such an investment

23. Notices

    1. Notice of termination and/or other notices shall be sent by courier, registered post or electronic message to the other party's contact person at the address speci ed by such party. The other party shall be deemed to have received such notice: (a) at the time of delivery, if delivered by courier; (b) 5 days after dispatch, if sent by registered post; (c) at the time the electronic message arrived at the recipient's electronic address, if sent by electronic message.

24. Assignment

    1. The Agreement may not be assigned without the approval of the other party.
    2. Notwithstanding the above the Supplier may assign the right to accept payment under the Agreement without the approval of the Customer.

25. Governing law, disputes

    1. This Agreement shall be governed by Swedish law, without application of its con ict of laws principles.
    2. Any disputes arising out of the Agreement shall be settled in the general courts.

Appendix 2 – Special Terms and Conditions for the Processing of Personal Data in conjunction with Cloud Services

These Special Terms and Conditions are intended to apply together with the General Terms and Conditions for Cloud Services issued by the Swedish IT and Telecom Industries if the supplier processes personal data on behalf of the customer in relation to the provision of such a service. Any processing of Customer Data that does not include the processing of personal data shall only be governed by the General Terms and Conditions for Cloud Services issued by the Swedish IT and Telecom Industries.

These Special Terms and Conditions constitute an appendix to the Agreement. These Special Terms and Conditions shall have precedence over any con icting terms in the General Terms and Conditions for Cloud Services issued by the Swedish IT and Telecom Industries. The Agreement shall have precedence over any con icting terms in these Special Terms and Conditions.

The customer is the controller of personal data and the supplier is the processor for the processing of personal data under these Special Terms and Conditions.

The parties shall ensure, before signing the Agreement which includes these Special Terms and Conditions, that the Appendix ‘Specication of the Processing of Personal Data’ has been correctly lled in. The Appendix ‘Specication of the Processing of Personal Data’ shall, among other things, specify the subject matter of the processing, the duration, nature and purpose of the processing, the type of personal data and categories of data subjects.

1. DEFINITIONS

   
   

   Applicable Data Protection Legislation

   ‘Applicable Data Protection Legislation’ means, unless otherwise agreed separately, the General Data Protection Regulation, the Data Protection Act in Sweden and the binding regulations and decisions issued by the Data Protection Authority that apply to the processing of personal data under the Data Processing Agreement.

   The Data Processing Agreement

   These Special Terms and Conditions and the Appendix ‘Specication of the Processing of Personal Data’ together with any amendments to these that the parties have agreed upon in the Agreement.

   The General Terms and Conditions

   The General Terms and Conditions for Cloud Services issued by the Swedish IT and Telecom Industries that constitute an appendix to the Agreement.

   Other terms

   Terms with initial capital letters in these Special Terms and Conditions shall have the meaning speci ed in the General Terms and Conditions. Other terms in these Special Terms and Conditions shall be interpreted in accordance with Applicable Data Protection Legislation.

2. APPLICABILITY

   1. The Data Processing Agreement becomes applicable from and including 25 May 2018, unless otherwise agreed between the parties, and thus replaces the General Terms and Conditions’ terms regarding the processing of personal data (Clause 14 (Personal Data), and any references to and from this clause).
   2. Clause 14 (Personal Data), and any references to and from this clause, in the General Terms and Conditions shall apply between the parties up until 25 May 2018, unless otherwise agreed.

3. PROCESSING OF PERSONAL DATA

   1. Instructions

      1. The customer is, in its capacity as controller of personal data, responsible for personal data being processed in accordance with Applicable Data Protection Legislation. The customer is responsible for the supplier not processing any categories of personal data other than those speci ed in the Appendix ‘Specication of the Processing of Personal Data’ and to the extent speci ed therein.
      2. The supplier, and each person authorised to perform work on its behalf, undertakes to only process personal data in accordance with the customer’s documented instructions, unless the supplier is obligated to process the personal data pursuant to Swedish or European legislation. In such event, the supplier shall inform the customer about this obligation before the processing begins, to the extent that this is permissible under applicable rules. Each party shall ensure that the other party is entitled to process contact details and any other personal data of employees if and to the extent that this is necessary to facilitate the performance of the Service.
      3. Without limiting the scope of Subclause 3.1.2 above, the supplier may not process personal data for its own purposes or any purpose other than those stated in the Agreement. The supplier shall be entitled to process personal data for the purposes of providing, maintaining and delivering support in relation to the Service. The supplier shall also be entitled to process personal data for the purposes of developing and improving the Service, provided that this is expressly indicated by the Appendix ‘Specication of the Processing of Personal Data’.
      4. The Data Processing Agreement, including the Appendix ‘Specication of the Processing of Personal Data’, constitutes the customer’s complete instructions for the processing of personal data under the Data Processing Agreement, with the exception of any written instructions that the customer is obliged to provide during the term of the Agreement in order to comply with Applicable Data Protection Legislation. Any other amendments shall be agreed separately. Any amendment that constitutes an amendment of the Appendix ‘Specication of the Processing of Personal Data’ shall be documented. The supplier shall be entitled to reasonable compensation for abiding by the amended written instructions. If the supplier noti es the customer within a reasonable time that the supplier cannot ful l the customer’s amended instructions for complying with Applicable Data Protection Legislation, the supplier shall not be bound by the amended instructions and the customer shall be entitled to terminate the Agreement for the Service affected in writing subject to a notice period of at least 30 but no more than 60 days. The supplier shall reimburse the customer for any charges paid for the period following expiry of the termination period.

   2. Security measures

      1. The supplier shall implement the organisational and technical measures required pursuant to Applicable Data Protection Legislation and those stated in the Appendix ‘Specication of the Processing of Personal Data’ and also those that may otherwise be stipulated in the Agreement in order to protect the personal data processed against personal data breaches (‘security measures’).
      2. When performing the Service, the supplier shall abide by the security measures specified in the Appendix ‘Specication of the Processing of Personal Data’ and as may be stipulated in the Agreement and otherwise its internal security regulations. After signing of the Agreement, the supplier may amend its internal security regulations in accordance with the terms of the Agreement, provided that the amendment is compliant with Applicable Data Protection Legislation.
      3. The customer is responsible for ensuring that the security measures agreed in accordance with Subclause 3.2.1 complies with the customer’s data security obligations pursuant to the Applicable Data Protection Legislation as regards the personal data processed. If the customer requests an amendment of the security measures, the same provisions as apply for the customer’s instructions according to Subclause 3.1.4 shall apply to such a request. The provisions of Subclause 3.2.4 shall apply if the supplier requests amended security measures.
      4. If the supplier discovers that the security measures agreed in accordance with Subclause 3.2.1 wholly or in part conflict with Applicable Data Protection Legislation, the supplier shall notify the customer in writing within a reasonable time and await the customer’s written instructions on appropriate security measures as set forth in Subclause 3.1.4. In order to comply with Applicable Data Protection Legislation, the supplier is entitled to implement any reasonable and necessary security measures at the cost of the customer if the customer fails to provide new instructions within a reasonable time despite being asked to do so.

   3. Reporting personal data breaches

      1. The supplier shall notify the customer without undue delay after becoming aware of a personal data breach.
      2. Taking into account the nature of the processing and the information that the processor has available, such a notification shall:
         a) describe the nature of the personal data breach and, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned,
         b) describe the likely consequences of the personal data breach, and
         c) describe the measures taken or proposed to be taken to address the personal data breach or mitigate its possible adverse efects.
      3. Where, and insofar as, it is not possible to provide the information at the same time, the information may be provided in phases without further undue delay.
      4. If the customer, in violation of Applicable Data Protection Legislation, does not inform the data subject of a personal data breach and the Data Protection Authority orders the supplier to do so in its stead, the customer shall compensate the supplier for the costs incurred by the supplier when complying with the Data Protection Authority’s decision.

   4. Subprocessors and transfers to third countries

      1. Unless otherwise stated in the Agreement, the supplier shall be entitled to engage subprocessors within and outside the EU/EEA for the processing of personal data. The supplier shall ensure that subprocessors are bound by written agreements that impose the same obligations when processing personal data as those obligations laid down in the Data Processing Agreement. Where the subprocessor fails to ful l its obligations under such a contract, the supplier shall remain fully liable to the customer for the performance of the subprocessor’s obligations. By entering into this Data Processing Agreement, the customer accepts that personal data may be processed by the subprocessors, including group companies, specied in the Appendix ‘Specication of the Processing of Personal Data’ and in those countries stated in the same Appendix. ‘Group companies’ shall mean companies that at any given time control, are controlled by or are jointly controlled with the supplier.
      2. The supplier shall notify the customer if the supplier intends to replace or engage a new subprocessor. The supplier shall then state the subprocessor’s name and details of the location of the processing and, at the customer’s written request, information about the processing activity to be undertaken by the subprocessor on behalf of the supplier. The customer shall be entitled to object to such changes in writing within 30 days of the supplier’s notice. If the supplier still intends to replace or engage a new subprocessor despite the customer’s objection, the customer shall be entitled to terminate the Agreement for the Service affected within 30 days of the supplier’s notice of the change. Notice of termination shall be given in writing, and the notice period shall be at least 30 days but no more than 60 days. The supplier shall then reimburse the customer for any charges paid for the period after the expiry of the notice period. If the customer has a justi able reason for its objection, the supplier may not, for the Service affected, engage the new subprocessor for the processing of the customer’s personal data during the customer’s notice period. If the customer does not have a justi able reason for its objection, the customer’s notice shall be regarded as a premature notice of termination without cause, whereby the customer shall pay the compensation stated in the Agreement for such termination and otherwise an amount corresponding to 25% of the remaining monthly charges for the Service from the expiry of the notice period. A ‘justi able reason’ shall in this Subclause mean circumstances on the part of the subsupplier that signi cantly affect, or are likely to affect, the protection of the data subject’s personal data, e.g. where the new subprocessor does not satisfy the requirements on processors in Applicable Data Protection Legislation.
      3. The supplier shall ensure a legal ground for transfers of personal data to, or access from, a location outside the EU/EEA, for example by using the European Commission’s standard contractual clauses for transfer of personal data to a third country or any provisions succeeding these. The supplier shall be entitled to enter into such standard contractual clauses with subprocessors on behalf of the controller.

   5. Obligation to assist the customer

      1. The supplier shall, in addition to the provisions of Subclause 3.2 (Security measures), implement appropriate technical and organisational measures in order to, at the customer’s written request, assist the customer in ful lling the customer’s obligation to respond to the requests for exercising the data subject’s rights laid down in Chapter III of the General Data Protection Regulation, such as transparency and modalities, information and access to personal data, recti cation and erasure and the right to object and automated individual decisionmaking. The supplier shall only be required to perform its obligations as set forth in this Subclause insofar as it is possible and to the extent the nature of the processing requires it.
      2. Taking into account the nature of processing and the information available to the supplier, the supplier shall also be obliged at the written request of the customer toassist the customer in ensuring compliance with the customer’s obligations in respect of security for processing, personal data breaches, data protection impact assessments and prior consultation in accordance with Applicable Data Protection Legislation.
      3. Unless otherwise agreed in writing, the supplier shall be entitled to reasonable compensation for the supplier’s assistance in accordance with Subclause 3.5.

   6. Disclosure of personal data

      1. The supplier shall not disclose or otherwise reveal any personal data covered by the Data Processing Agreement to a data subject or third party, unless otherwise stated in the Agreement or required by law or a court or of cial authority’s decision. In the event that the supplier must disclose such data due to law or a court or of cial au- thority’s decision, the supplier shall notify the customer of the disclosure, unless this is prohibited by applicable law or a court or of cial authority’s decision.
      2. The supplier shall notify the customer without undue delay if a data subject requests information relating to the processing of its personal data under the Data Processing Agreement, and also refer the data subject to the customer. The supplier shall help the customer to respond to such enquiry in accordance with Subclause 3.5.
      3. Pursuant to Applicable Data Protection Legislation, the supplier and its representatives are obliged to cooperate with the Data Protection Authority upon its request when the authority excercises its supvervisory powers. The supplier undertakes to notify the customer without undue delay about any enquiries from the Data Protection Authority or another supervisory authority that refer speci cally to the processing of personal data under the Data Processing Agreement. The supplier shall not be entitled to represent the customer or act on the customer’s behalf in case of any enquiries. The supplier shall be entitled to reasonable compensation for any requested cooperation that refers speci cally to the processing of the customer’s personal data and that is not a consequence of the supplier being in breach of its obligations under the Data Processing Agreement regarding the processing of personal data.

4. AUDIT

   1. The supplier shall make available to the customer all information necessary to demonstrate compliance with the Applicable Data Protection Legislation’s requirements on processors and allow for and contribute to audits, including inspections, conducted by the customer or another auditor mandated by the customer. In the event that the customer wishes to conduct an inspection, the customer shall provide the supplier with reasonable prior notice and shall at the same time specify the content and scope of the inspection. The supplier may charge the customer for any reasonable costs incurred in conjunction with the audit.
   2. The supplier shall immediately inform the customer if the supplier considers that information, including inspections, in accordance with Subclause 4.1, is not required or infringes Applicable Data Protection Legislation. An inspection may only be conducted if an audit cannot according to Applicable Data Protection Legislation be met by the supplier providing information.
   3. A precondition for an audit under Subclause 4.1 is that the customer, or auditor mandated by the customer, has entered into necessary con dentiality undertakings and complies with the supplier’s security regulations at the location where the inspection is to be performed, including that the inspection will be performed without any risk of it hindering the supplier’s business or the protection of other customers’ information. Information collected as part of the inspection shall be erased after the audit has been completed or when it is no longer needed for the purpose of the audit.

5. CONFIDENTIALITY

   
   The supplier’s processing of the customer’s personal data under the Data Processing Agreement is covered by the condentiality provisions included in the General Terms and Conditions.

6. REMUNERATION FOR WORK PERFORMED

   
   In addition to what is otherwise stated in the Data Processing Agreement, the supplier shall be entitled to reasonable remuneration for complying with the customer’s written instructions, provided that the action requested is not specified in the Agreement. If the supplier is entitled to remuneration for work performed, the price list applicable in the Agreement shall apply to such work and, in the absence of such, the supplier’s current price list.

7. LIABILITY ACCORDING TO APPLICABLE DATA PROTECTION LEGISLATION

   1. If the supplier becomes the party liable to pay damages to the data subject under Applicable Data Protection Legislation, and the customer was involved in the same processing that constitutes the ground for the data subject’s claim, the customer shall reimburse the supplier for such part of the compensation that the supplier is according to law obliged to pay to the data subject that exceeds the compensation that the supplier is lawfully obligated to pay to the data subject if the supplier has not complied with the General Data Protection Regulation’s obligations specically directed to the supplier as processor or where the supplier has acted outside or contrary to the lawful instructions issued by the customer in its capacity as controller. The customer shall also reimburse the supplier’s reasonable and proportional (in relation to the customer’s responsibility) costs, including compensation for litigation costs that the supplier has become obliged to pay to the data subject, for defending itself against such claims.
   2. If the customer becomes the party liable to pay damages to the data subject under Applicable Data Protection Legislation, and the supplier was involved in the same processing that constitutes the ground for the data subject’s claim, the supplier shall reimburse the customer for such part of the compensation that the customer is according to law obliged to pay to the data subject that corresponds to the compensation the supplier is lawfully obligated to pay if the supplier has not complied with the General Data Protection Regulation’s obligations speci cally directed to the supplier as processor or where the supplier has acted outside or contrary to the lawful instructions issued by the customer in its capacity as controller and the supplier cannot prove that the supplier is not responsible in any way for the event giving rise to the damage. The supplier shall also reimburse the customer for its reasonable and proportional (in relation to the supplier’s responsibility) costs, including compensation for litigation costs that the customer has become liable to pay to the data subject, for defending itself against such claims. The supplier’s overall responsibility under the Data Processing Agreement in accordance with Subclause 7.2 is limited to an amount corresponding to 150% of the first 12 months’ fees for the Service affected, except in the case of intent or gross negligence.
   3. A Party’s obligation to reimburse the other party under this Clause 7 shall survive the termination and expiration of the Agreement.
   4. A party receiving a claim from a data subject shall within a reasonable time notify the other party in writing about such a claim when the party deems it likely that a claim against the other party as set forth in Subclauses 7.1 and 7.2 may be pursued, allow the other party to review the data subject’s and the party’s documentation in such proceedings and to provide its comments. No later than within six months from when the party became liable to pay damages to the data subject shall the party make a claim for reimbursement as set forth in Clause 7.
   5. A party’s liability for other types of damages than what is expressly governed by this Clause 7 shall be exclusively governed by the General Terms and Conditions.

8. TERM OF AGREEMENT AND MEASURES UPON TERMINATION OF THE AGREEMENT

   1. The Data Processing Agreement is valid for as long as the supplier is processing personal data on behalf of the customer.
   2. Upon the termination of the Agreement, the supplier shall, at the customer’s request that shall be made no later than 60 days after the termination of the Agreement, unless the parties have agreed upon another time limit, and at the option of the customer delete or promptly return all personal data to the customer or to the party nominated by the customer, and the personal data available electronically shall, if the customer so requests, be submitted in electronic form in accordance with the customer’s instructions, provided this is reasonable.
      
      The supplier may delete existing copies following expiry of the abovementioned period, unless Swedish or European legislation requires otherwise. After transferring the customer’s personal data, or if no such transfer has been requested by the customer after the expiration of the period mentioned in the preceding paragraph, the supplier shall delete the customer’s personal data within a reasonable time, but no later than within six months from the termination of the Agreement. After the termination of the Agreement the supplier must not process personal data for other purposes than to delete or protect the customer’s personal data from personal data breaches, unless Swedish or European legislation requires otherwise. The supplier shall be entitled to reasonable compensation for any work as set forth in this Subclause 8.2 in accordance with the supplier’s current price list. The supplier shall, upon request, provide written information about what measures have been taken in conjunction with the termination of the Agreement or, alternatively, con rm that the supplier has taken the measures required to comply with this Subclause 8.2.

Appendix 3 – Specification of the Processing of Personal Data in conjunction with Cloud Services and IT Infrastructure Services

1. CONTACT DETAILS

   
   Name and Reg. No., Supplier:
   Snowfire AB, SE556742219001
   Representative: Emil Sundberg

2. INSTRUCTIONS

   
   

   1. Brief description of the Service and the purposes of the processing

      
      

      State all purposes for which personal data are to be processed by the supplier::
      Personal data shall be collected for making digital purchases or when a new/possible/exsiting customer fills in forms for events, email newsletters or contact forms

   2. Categories of personal data

      State what personal data are to be processed by the supplier:
      Name, Address, Company, Email address, Phone number, Customer number, Customer name, Invoice reference, Invoice number, Reg. nr, Personal identification number, IP address

      State what special categories of personal data are to be processed by the supplier (if any):
      None

   3. Categories of data subjects

      State what categories of data subjects the supplier will process personal data for and to what extent:
      Possible, new and existing customers

   4. Processing activities (storage, administration, combination of records, etc.)

      State what processing will be performed by the supplier:
      Storage, administration, combination of records

   5. Location of personal data processing

      State all countries where personal data may be stored and/or processed by the supplier:
      Sweden, Ireland, Germany, The Netherlands, United Kingdom

   6. Use for the purposes of improving the Service

      If the supplier is entitled to process personal data ‘for the purposes of developing and improving the Service’, this shall be expressly stated in the following completed table.
      
      Specication of the categories of personal data that may be used for the purposes of improving services that the customer has ordered (e.g.: name, address):
      Name, Address, Email address, IP address, Phone number, Personal identification number
      
      This personal data shall be obtained from the following processing activities that the supplier performs on behalf of the customer (e.g.: backup, storage, troubleshooting):
      Backup, storage, troubleshooting, development of new features
      
      And may only be used by the supplier for the purposes of improving and/or developing the following kinds of service or categories of service ordered by the customer (e.g.: the supplier’s error handling process): Troubleshooting, development of new features

3. SECURITY MEASURES

   State all organisational and technical security measures that are to be implemented by the supplier (the supplier’s internal security policy shall be available on the website or another accessible location stated in the Specification):

   1. 1. Physical access control

         
         Measures to prevent unauthorised persons from gaining physical access to IT systems where personal data are being processed:
         All storage, physical servers and data are managed in a secure way by suppliers to Snowfire. They have a separate agreement for personal data.

      2. Access control for systems

         
         Measures preventing unauthorised persons from using IT systems:
         All internal communication at Snowfire is encrypted via HTTPS/SSL/SSH. All systems are password protected with a possibility to use strong passwords.

      3. Access control for personal data

         Measures to ensure that people authorised to use the IT system are only granted access to personal data in accordance with the persons’ set access rights:
         Only authorized personnel who needs access to personal data will be given a user account at Snowfire.

      4. Access control during transfers

         Measures to ensure that personal data cannot be read, copied, altered or deleted without authorisation when being transferred by electronic means or during transfer to or storage on storage units, including measures to ensure that the recipient can be identified and cleared when personal data are transferred by electronic means:
         All transfers are protected with HTTPS/SSL.

      5. Control of personal data entry

         Measures to ensure that it can be subsequently reviewed and determined if and by whom personal data was entered, altered or deleted in the IT system:
         An audit log is created when personal data is created/modified/erased.

      6. Accessibility checks

         Measures to ensure that personal data are protected against accidental destruction or loss:
         Automatic backups of personal data is run on a daily basis.

      7. Separation checks

         Measures to ensure that personal data collected for different purposes can be processed separately:
         Collected personal data can be selected, based on data source (Event, Webshop, Specific contact form).

      8. Retention rules

         Measures to ensure that personal data are deleted during and after the term of the Agreement when it is o longer necessary for the purposes for which the personal data are processed:
         During the term of the Agreement: as soon as possible and at the latest within 30 days from when the customer asked for the personal data to be erased. After the Agreement has ceased to apply: see Sub-clause 8.2 of the Data Processing Agreement.

      9. Security policy

         State the supplier’s internal security policy that applies to the processing of personal data, or alternatively refer to the website or other accessible location where the security policy is available: All information shall be transfered with an encrypted channel (HTTPS/SSL). Only authorized personnel who needs access have access to personal data (Support, Operations)

      10. Certifications, etc.

          State any certification mechanisms or codes of conduct for data protection that the supplier has been granted or has undertaken to comply with:
          No specific certification is applied on this agreement.

      11. SUBPROCESSORS APPROVED IN ADVANCE

          The supplier is entitled to use the following sub-processors to process personal data under the Data Processing Agreement:

          • Elastx, Sweden
          • Rackspace, United Kingdom
          • Amazon Web Services, Ireland, Germany & Sweden
          • Digital Ocean, The Netherlands & Germany
          • Rollbar, USA
          • Fortnox, Sweden
          • QuickPay, Denmark
          • Chargify, USA
          • Ilait, Sweden
          • Campaign Monitor, Australia
          • Intercom, USA
          • Postmark, USA
          • Highrise, USA
          • Basecamp, USA