Bricknode Personal Data Assistants Agreement
Effective starting: 2016-10-24
This Bricknode Personal Data Assistants Agreement (the “Agreement”) is between you (“Personal data manager”) and Bricknode Platform AB (“Personal Data Assistant”) (company number 559040-5709) with primary place of business at Kanikegränd 3B, 541 34 SKÖVDE, SWEDEN). If you are agreeing to this Agreement not as an individual but on behalf of your company, then “Customer” or “you” means your company, and you are binding your company to this Agreement. Bricknode may modify this Agreement from time to time, subject to the terms in clause 28 (Changes to this Agreement) below.
By clicking on the “I agree” (or similar button) that is presented to you at the time of your Order, or by using or accessing Bricknode products, you indicate your assent to be bound by this Agreement.
1. Scope of the Agreement. According to the Bricknode Customer Agreement you are going to use Bricknode Products as a tool for managing Your Data which you are responsible for according to the Personal Data Act (1998:204).
2.1. Personal data: All kinds of information that directly or indirectly attributable to a natural person who is alive.
2.2. Personal data manager: who alone or jointly with others determines the purposes and means of the processing of personal data.
2.3. Personal Data Assistant: Anyone who processes personal data on behalf of the Personal data manager.
2.4. Treatment: Any action or series of actions taken in respect of personal data, whether by automatic means or not.
3. Responsibility and instructions. You are responsible for all processing of Personal data that the Personal Data Assistant treats in accordance with this agreement. The Personal Data Assistant can only treat Personal data in order to fulfill commitments in the agreements that form the basis for the services delivered to you by Bricknode.
4. Security and secrecy. Personal Data Assistant shall take appropriate technical and organizational measures to protect the Personal data processed under this Agreement. The Annex to this Agreement sets out the measures that the Personal Data Assistant taken in this regard. If, after review by the Datainspektionen or you, it appears that additional measures need to be taken in this regard, the annex shall be changed immediately. You will be allowed full disclosure of security measures listed in the Annex to meet the Personal Data Act's requirements for the Personal data manager.
Bricknode shall permit the inspections that Datainspektionen, you or other interested party, according to the Personal Data Act, may require in order to ensure the maintenance of a proper processing of personal data. Any reasonable costs incurred by Bricknode for such inspections will be paid by you and will be invoiced by Bricknode to you separately from any other fees according to the Bricknode Customer Agreement.
5. Indemnity. Bricknode should keep you harmless in the event that you incur damage that is attributable to the Personal Data Assistants processing of Personal data in violation of this Agreement or the Annexes to the Agreement. Unless intent or gross negligence, the maximum liability for Bricknode shall be limited, per calendar year, to the direct damages to a total amount of 10% of the annual fee that you have actually paid to Bricknode for the purchase of Bricknode Products. Bricknode is not responsible for any lost profits or other indirect damage or loss incurred by you.
6. Termination of treatment. Upon termination of the processing of Personal data by Bricknode you shall have 60 days to export data from Bricknode Products. After 60 days from termination Bricknode will delete all data from Bricknode Products.
7. Disputes. Disputes concerning the interpretation or application of this Agreement shall be governed by the provisions of the dispute in the agreements that form the basis for cooperation between you and Bricknode, the Bricknode Customer Agreement.
Annex 1 to Bricknode Personal Data Assistants Agreement
Instruction for the processing of personal data.
Personal Data Assistant shall observe the following instructions when processing personal data. The terms "Personal data" and "Treatment" means personal data and treatment as defined in the Personal Data Act (1998: 204) and for which you are responsible for personal information ("Personal Information").
Personal Data Assistant shall comply with the Datainspektionens general advice on "Security of personal data" (2008), available on the Datainspektionens website.
Employees, consultants and other assistants of the personal data assistant will of the personal data assistant get information on the processing of personal data.
Employee, consultant and other aides of the personal data assistant shall only have access to personal data they need to perform their duties for the fulfillment of contractual agreements with you.
Personal data assistant must have an access control system that prevents unauthorized use of or access to personal data.
The premises that personal data assistant uses shall be protected by adequate emergency equipment for fire, water damage, intrusion, etc. Furthermore, there should be procedures and equipment in the form of alarms and locks governing access to the premises.
Personal data assistant should have an updated and implemented security policy that specifies how personal data are processed, to whom staff should turn if an intrusion or other incident has occurred, which staff have access to the type of data, etc. This policy should be formulated after a risk analysis has been made to map the threats to personal data and the impact realized threat could have on the integrity of personal data. The safety policy should also consider backup procedures, contingency plans, etc.
Personal data assistant shall have updated antivirus software. Updates will be installed immediately and virus software should be on all workstations, desktops, laptops and servers.
You are responsible for the deletion and monitoring of data according to the Personal Data Act (1998: 204) and understand that Bricknode delivers a tool that you are using to process the data.