General Contractual Terms for services at netProviders International AB (netProviders)
- the contract: concerns the contract between the Customer and netProviders through the Customer ordering a service
- contractual terms: concerns these general terms and conditions and specific rules for specific services
- order: the order for services made by the Customer
- customer data: concerns the addresses the Customer provides for the service, and the information the Customer provides to the recipients via the service
- the Customer: concerns the physical or legal person entering into a contract with netProviders
- recipients: concerns the physical or legal person that the Customer communicates with through the services
- Party: netProviders and the Customer are respectively referred to as a “Party” and collectively as “the Parties”
- the service: concerns the services provided by netProviders at any time for which a contract can be signed
- the service specification: the conditions specified by netProviders that apply to a given service
2. Entering into and terminating a contract
2.1. The terms of the agreement, together with the service specification and the special rules stated in such specification, regulate the contractual content between netProviders and the customer regarding the service ordered.
2.2. A service can be ordered using the form on the website, via mail or verbally. Anyone wishing to use the service must provide the details netProviders requests when registering. The Customer shall sign a written contract at the time of placing an order, if so required by netProviders.
2.3. If no specific customer contract is signed, the contract between the Parties will be regarded as in effect when the service is opened for use by the Customer, which normally occurs when the Customer logs into netProviders using a username and password to use a service.
2.4. A service ordered with successive contractual periods will be automatically extended unless terminated before the start of a new contractual period. A Freemium Account will be automatically shut down if the Customer has not logged onto the account for a period of twelve months.
2.5. Termination of a service with successive contractual periods must be notified in writing via mail before the start of a new contractual period. Non-payment of invoices is not regarded as notice of termination.
2.6. When a service is terminated, it will be automatically shut down the day after the last day of the contractual period, or any other day notified for use of the service. The Customer is responsible exporting any data it wishes to retain before the service is shut down. netProviders cannot guarantee that the Customer’s data from the service is saved or backed up after the last day of the contractual period or any other date notified for the service has passed.
2.7. netProviders has the right to invoice the Customer for each contractual period started. netProviders cannot pay compensation for unused parts of a contractual period in any other circumstances than termination being due to a fault or delay in provision of the service due to circumstances at netProviders and that are not of minor significance to the Customer.
2.8. When ordering a degraded or upgraded service, the contract will not be terminated unless the order concerns a change in scope of service. The new scope of service will begin to apply in the following contractual period.
2.9. netProviders has the right to terminate the contract with immediate effect if it intends to shut down the service, incorporate it into some other service, revises the contract terms or changes the service specification for connection to the service, e.g. in the event of expanded functionality or tax applied to the service. Any outstanding payments will then be credited to the Customer via a credit note.
2.10. When paying with credit or charge card, netProviders has the right to terminate the contract and order, if there is no cover in the card account. However, in such circumstances, the service can be provided as a Freemium Account. In accordance with the above, a Freemium Account will be automatically shut down if the Customer has not logged onto the account for a period of twelve months.
2.11. If the customer violates netProvider’s contract terms or rules, netProviders has the right to immediately block the customer’s account and if the violation according to netProviders is significant, it is also possible to terminate the agreement with the customer and terminate the customer’s account. Upon termination of account, netProviders has the right to delete all information including customer data stored in the customer’s account. In the event of termination of the agreement as a result of the customer’s violation of the terms of the agreement or service-specific rules, the customer is obliged to pay the agreed fee. Fees already paid will not be refunded.
3. Using the service
3.1. To gain access to a service, the Customer must set up and register a user account. When the Customer registers a user account, the Customer guarantees that the details given will always be correct during the contractual period. The Customer also guarantees that the user account is not set up using a false identity or incorrect information.
3.2. The Customer acknowledges that there will only be one registered user per account. The Customer can open an account on behalf of a client, but is liable to netProviders for the account and for its own usage according to the contract terms.
3.3. All file transfer between the Parties shall be performed using encrypted files that netProviders provide, or in the manner agreed by the Parties. Alternative means of delivery must have a high level of security with regard to access by any unauthorised or third party.
3.4. To use the service, the Customer’s technical criteria must meet the minimum requirement stated for the service.
3.5. Access to services can only be granted to authorised personnel within the organisation the service is provided to. The information cannot be disseminated or disclosed to any third party. Exchange, sale or the use of the service by anyone other than the Customer is forbidden.
3.6. Address data that the Customer provides through use of the service must be stored securely and access by any unauthorised internal personnel or external third parties prevented. The Customer must ensure that information is not stored for longer than necessary, and comply with the GDPR and sale of goods act laws.
3.7. Customers using the service are granted a non-exclusive, non-transferable, limited period licence for the term of the contract to use the service via the Internet for their own business purposes. The Customer is also granted a non-exclusive, limited period right to use later versions, updates or modifications to the service. The Customer’s user rights are limited to those stated above and in the contract. netProviders retains in all other respects its rights to the service, including all intellectual property rights pertaining to the service, or any that can arise through development, updating or revision of the service except concerning customer data.
3.8. The service, or parts of the same, cannot be sold, resold, copied, reproduced or used in any manner incompatible with the Customer’s user rights according to these contractual terms.
3.9. Services which involve providing address data relate to the address data provided initially. Regular updates of address data by netProviders is not included in the service, unless specifically stated in the service specification. The Customer will normally order new address updates for a new despatch.
4. The Customer’s undertakings
4.1. The contract grants the Customer a non-exclusive, royalty-free, fully paid, global licence to all customer data to the extent necessary for netProviders to be able to provide the Customer with the service ordered and other services under the terms of the contract. The Customer consents to being solely liable for its own use of its account with netProviders. The Customer guarantees that it has all the rights needed for the netProviders licences given regarding customer data.
4.2. The Customer undertakes to refrain from disclosing its password to any unauthorised person, and to ensure that documents with details of the password are kept in a manner that prevents unauthorised persons from gaining access to the password. The Customer shall immediately ask netProviders to block the password in the event of any suspicion of it being known by any unauthorised person.
4.3. The Customer is solely responsible for the Customer data transferred, stored or provided through the service in relation to netProviders.
4.4. The customer may only use e-mail addresses that the customer has demonstrably obtained the addressee’s permissions to use for the type of information that the relevant mailing covers.
4.5. The customer may not use email addresses that the customer has received from third parties.
4.6. The Customer is responsible for (i) stating the source of the address in the mail, (ii) stating who the recipients can contact if they want no more emails from the Customer, and (iii) cease to send mails to recipients who object to receiving advertising via mail from the Customer.
5. Restrictions to the service
5.1. netProviders and its licensors hold the intellectual property rights to the services provided, notwithstanding the form or format, with the exception of customer data.
5.2. The Customer cannot use netProviders’ company, trademark or other marks without the written consent of netProviders.
5.3. netProviders reserves the right to check customer data to ensure that the Customer complies with its undertakings according to the contract terms. On the other hand, netProviders cannot check the Customer’s use of the service.
5.4. The Customer only has the right to use the service under the auspices of applicable law.
5.5. netProviders reserves the right to immediately suspend provision of the service if the Customer’s use of the service breaches the contract terms or other reasonable written restrictions from netProviders. netProviders also reserves the right to immediately suspend provision of the service in the event of other uses that are damaging to netProviders, the service or anyone the Customer is using the service to communicate with.
5.6. Examples of such restrictions to use include:
- offensive content such as racism, nazism, communism, fascism, socialism, slander, affront, persecution, intimidation or pornography;
- communication involving infringement of copyright;
- provision of material containing viruses, Trojans, masks, timebombs, cancelbot files, harmful files or other programs that can disrupt operation of anyone else’s PC or property;
- breach of codes of conduct, morals or other guidelines that can be applicable to the service;
- bypass any taxation/fee policy for the service, such as by systematically importing and exporting the same address or all or large parts of the recipient list; or
- sending emails in such a manner that will or can cause any form of blacklisting, spam mail filtering or blocking of the IP number for the services.
5.7. Services that are suspended due to any breach of the terms will not provide any entitlement to a refund to the Customer. The Customer’s right to use the service ceases with immediate effect when the service is suspended. netProviders has no responsibility towards the Customer for loss of data arising from suspension of the services.
6. Faults in the service
6.1. netProviders provides the services “as-is” and cannot guarantee that the information in the services provided is complete or correct.
6.2. Running the service is not monitored during certain periods, and disruptions at such times can occur. Furthermore, netProviders has the right to restrict or suspend the service for service purposes without prior notice, e.g. for bug fixes, maintenance and upgrades.
6.3. In the event of faults, delays caused by netProviders on regular services that are of major inconvenience to the Customer, an adjustment will be for the Customer in the form of free extension of the contractual period in proportion to the loss of service.
6.4. netProviders will replace incorrect information for address data up to and in proportion to the guarantee limit according to the service specification.
6.5. For netProviders to be liable for compensation to the Customer for errors in addresses, the Customer must send the incorrect addresses to netProviders in a collective file which the Customer wishes to make a warranty claim for. Such a claim must be received within ten days from delivery. netProviders has the right at its own discretion to correct the errors and provide a new file with address data within thirty days. If netProviders fails to provide an updated file with correct data up to the relevant guarantee limit stated, netProviders shall credit the Customer for the incorrect address data.
6.6. For customers who regularly buy address data, no credit will be given unless netProviders undertakes to provide the correct address data for future contractual periods.
6.7. No refunds will be made for emails that cannot be delivered, if the Customer’s mailserver is down or blocked by the Customer’s Internet provider or for other damages suffered by the Customer as a result of a mail sent.
6.8. netProviders will not refund any costs other than those above, including direct or indirect costs which can have been incurred by a customer. No other form of warranty claim will be accepted than those stated above.
7. Price and payment
7.1. Payment for the service according to the applicable price list. Prices are quoted excluding VAT or other comparable taxes and public duties.
7.2. The service will be invoiced or paid with credit or charge card upon ordering or at the start of extended contractual periods. For payment against invoice, payment must be received by netProviders within 15 days of invoice data unless otherwise agreed between the Parties.
7.3. For payment by credit or charge card, the amount will be withdrawn immediately upon ordering the service, and automatically every time the contractual period is extended.
7.4. netProviders reserve the right to suspend provision of the service or parts thereof if payment is not received on time.
7.5. Changes to taxes will be made by the change being introduced to the price list in effect at any given time. If the Customer fails to approve the change or supplement, it has the right to terminate the contract for the service. If termination is not executed, the Customer will be regarded as having approved the new terms.
7.6. The new terms will apply as from and starting at the next contractual period, but always at least one month after netProviders has notified the Customer by mail of the forthcoming increase.
8. Processing personal data
8.2. netProviders can also process personal data on behalf of the Customer when providing a service. The Customer is the Data Controller for such data and netProviders is the Customer’s Personal Data Processor. By accepting the contractual terms, the Customer also accepts netProviders International AB’s Personal Data Processing Contract.
8.3. In its role as Personal Data Controller, the Customer shall fulfil the requirements set out by the data protection regulation (GDPR). The Customer must therefore have legal grounds for all customer data containing personal details, and for processing personal data in accordance with the principles of the GDPR.
9.1. The Customer is responsible for ensuring that the service is used in accordance with the law and regulations in Sweden and internationally, including (but not limited to) the GDPR and sales of goods regulations. The Customer undertakes to indemnify netProviders against all financial or other damages arising from the Customer’s use of the service.
9.2. netProviders cannot be held liable for any inconvenience, damage or loss related to circumstances beyond netProviders’ control or that netProviders could not reasonably have avoided or foreseen, such as accidents, war, rebellion, extreme weather, labour disputes, breakdown of the IT systems, electricity supply, computer networks, payment solutions or the like of operators, partners or suppliers beyond the control of netProviders. netProviders cannot be held liable for indirect damage or consequential damage such as (but not limited to) loss of profit or other indirect damage or loss.
9.3. netProviders’ liability under the contract is always limited to a total amount equivalent to the payment made by the Customer within the last twelve months before occurrence of the damage.
10.1. Both Parties undertake to refrain from disclosing confidential information to third parties that they obtain from the other Party, or that arises from use of the service.
10.2. netProviders is not entitled to disclose customer data to any third party without the Customer’s consent.
11. Other aspects
11.1. The Customer undertakes to notify netProviders of any change of address.
11.2. netProviders has the right to revise these contractual terms by publishing an updated version on its website. Revised contractual terms shall come into effect upon being published on the website.
11.3. The Customer cannot transfer this contract to any third party without the written consent of netProviders.
11.4. Disputes arising from these contractual terms must be resolved according to Swedish law, and with the District Court of Gothenburg as the court of venue.
Personal Data Processing Contract for services at netProviders International AB (netProviders)
1.1. The Customer and netProviders have concluded a contract on the use of netProviders services and approved the contractual terms under which netProviders and the Customer have concurrently entered into this Personal Data Processing Contract.
1.2. This Personal Data Processing Contract (“the Processing Contract”) solely regulates issues concerning netProviders’ processing of personal data on behalf of the Customer.
1.3. Accordingly, the Parties have entered into this contract to regulate the conditions for processing by netProviders of – and access to – personal data belonging to the Customer. The contract applies to contracts between the Parties under which netProviders is the Personal Data Processor for the Customer, which is the Personal Data Controller, and the contract shall apply for as long as netProviders processes personal data on behalf of the Customer.
1.4. If there are no circumstances to the contrary, the definition or terms used in this contract and if nothing else is stated elsewhere in the contract shall have the definition set out in Article 4 of the GDPR, and in netProviders’ contractual terms.
2. The rights and duties of the Personal Data Controller
2.1. The Personal Data Controller shall:
- provide the Personal Data Processor with detailed and documented instructions concerning processing that will allow the Personal Data Processor to perform processing in accordance with this processing contract and the law;
- be entitled and obliged to specify the purpose and reason for processing the personal data;
- ensure that everyone whose personal data is registered receives the appropriate notification and information, and to ensure the appropriate legal grounds for transferring personal data to the Personal Data Processor are present for the relevant period, which permits the Personal Data Processor to perform processing according to the regulations set out herein;
- should the Personal Data Controller take priority over its group parent company or third party in accordance with this processing contract, ensure that the Personal Data Controller has all the legal powers to enter into and execute this processing contract on behalf of the company referred to with the Personal Data Processor, and permit the same to process personal data in accordance with the terms of this processing contract and the contract between netProviders and the Customer; and
- ensure that the personal data contractor has obtained all the necessary information from the Personal Data Controller to permit the Personal Data Processor to execute processing in accordance with the law.
3. The rights and duties of the Personal Data Processor
3.1. The Personal Data Processor shall:
- Process personal data according to documented, legal and reasonable instructions from the Personal Data Controller, such that nothing else can be required according to the law, and in the latter instance, the Personal Data Processor shall inform the Personal Data Controller of any other legal requirements, providing the law does not prevent such provision;
- ensure that persons empowered to preform processing in accordance with the Processing Contract have undertaken to observe the duty of confidentiality, or are covered by a legal duty of confidentiality as set out in this Processing Contract;
- take all security measures required by the Personal Data Processor according to the law, in the manner set out in this Processing Contract;
- fulfil the terms set out in the law if using a sub-processor in the manner set out in this Processing Contract;
- in the manner possible and with regard to the nature of the processing, assist the Personal Data Controller through appropriate technical and organisational measures such that the Personal Data Controller can fulfil its duty to respond to requests on exercising the rights of the data subjects in accordance with the law;
- assist the Personal Data Controller to fulfil its legal duties, including concerning data security, reporting personal data incidents, consequence evaluation regarding data security and duties concerning advance consultancy as required by the Personal Data Processor according to the law, with regard to the type of processing and the information the Personal Data Processor has accessible;
- on the Personal Data Controller’s instructions, erase or return all personal data to the Personal Data Controller and erase all existing copies if storage of the personal data is not required by law. The methods for deleting and returning shall be determined between the Parties; and
- maintain the necessary records of processing, and give the Personal Data Controller access to all information required to demonstrate that the duties of the Personal Data Processor have been fulfilled as set out in the law, which facilitate and assist with checks, engage in inspections performed by the Personal Data Controller or a third party authorised by the Personal Data Controller.
3.2. The Personal Data Processor has no rights to change the purpose of or reason for the processing except according to instructions from the Personal Data Controller.
4. Security requirements
4.1. The Personal Data Processor shall undertake and maintain appropriate technical and organisational measures to protect the personal data with regard to:
- the latest developments, execution costs and nature, scope, context and purpose of the processing, along with the risks of various degrees of likelihood and severity to the rights and liberties of physical persons; and
- the risks implied by processing, in particular from unintentional or illegal disruption, loss or change, or unauthorised exposure to or unauthorised access to the personal data transferred, stored or in some other manner processed.
4.2. The Personal Data Controller is responsible for ensuring that the Personal Data Processor is informed of all circumstances (including risk assessment and processing of special categories of personal data) regarding the personal data provided by the Personal Data Controller which affect the technical and organisational measures covered by this Processing Contract.
4.3. The Personal Data Processor shall inform the Personal Data Controller of the occurrence or risk of a personal data incident without unreasonable delay, although within 48 hours of such an incident coming to the attention of the Personal Data Processor.
5.1. The Personal Data Processor has the right to hire one or more sub-processor to fulfil its duties according to the Processing Contract.
5.2. If sub-processors are hired, the Personal Data Processor shall enter into a binding contract with them on at least the same terms as Personal Data Processor has under the Processing Contract. Sub-processors shall provide appropriate guarantees in such a contract on implementing suitable technical and organisational measures in such a manner that their processing fulfils the requirements of the Processing Contract and the law.
5.3. The Personal Data Processor shall keep an updated list of which sub-processors are hired. At the request of the Personal Data Controller, the Personal Data Processor shall hand over a copy of the list to the Personal Data Controller.
5.4. The Personal Data Processor is fully responsible to the Personal Data Controller for how sub-processors process personal data, including security measures adopted by the sub-processor.
5.5. The Personal Data Processor shall inform the Personal Data Controller in advance of all planned changes, additions or replacement of sub-processors such that the Personal Data Controller can object to such changes if objective acceptance is required.
6. General instructions for netProviders’ services
6.1. For contracts between netProviders and the Customer that concern services by which netProviders furnishes the opportunity for the Customer to send customer data to recipients and gather information from recipients, the Personal Data Controller’s instructions shall be:
- to process personal data on behalf of the Personal Data Controller by sending out content created by the Customer with customer data to email addresses listed in an address list provided or bought by the Customer,
- to process any personal data occurring in customer data,
- to receive responses from recipients, compile responses, expressions of interest measurements,
- give the Customer access to the personal data from the recipients along with payment details, and
- to save the address list for the purpose of using the email addresses for a subsequent mailshot.
6.2. The Personal Data Controller bears the full responsibility for processing of personal data in the services fulfilling the regulatory requirements such as (but not limited to) address lists in customer data when required by the law on legal grounds, correctness and screening.
7. Transfer of personal data to third countries
7.1. Should the Personal Data Processor transfer personal data for processing purposes to a country outside the European Economic Area (EEA), and that is not regarded by the European Commission as fulfilling an adequate level of security in relation to legislation, the Parties shall enter into a supplementary contract based on standard contractual terms.
7.2. If the Personal Data Processor has hired a sub-processor with the implication that personal data will be transferred to a non-EEA country that the European Commission does not regard as fulfilling an adequate level of security in relation to legislation, a supplementary contract shall be entered into based on standard contract terms. Such a supplementary contract shall be between the Personal Data Controller and the sub-processor. In the event of a dispute between this Processing Contract and standard contractual clauses, the latter shall take precedence. netProviders has no current sub-processor outside the EEA in countries that do not fulfil an adequate level of security.
8. The right to access
8.1. At the request of the Personal Data Controller, the Personal Data Processor shall give the Personal Data Controller or an independent third party it has appointed access without unreasonable delay to such data and documents that are necessary for the Personal Data Controller to exercise effective checks of the Personal Data Processor’s activities according to the Processing Contract or the law.
8.2. The Personal Data Controller shall bear the costs incurred when checking the processing of personal data performed by the Personal Data Processor.
9.1. Except when instructed otherwise by the Personal Data Controller, the Personal Data Processor shall:
- keep all personal data provided by the Personal Data Controller confidential,
- ensure that personnel with authority to process personal data have undertaken to observe confidentiality, and
- ensure that the personal data cannot be disclosed to any third party without the prior consent of the Personal Data Controller, providing the Personal Data Processor is not obliged by the law or regulations to disclose such information.
9.2. If a data subject or an authority makes a request related to the personal data covered by this Processing Contract, the Personal Data Processor shall inform the Personal Data Controller as soon as possible of the request before responding or taking any other action concerning the personal data.
9.3. If an empowered authority requires an immediate response, the Personal Data Processor shall inform the Personal Data Controller of the request as quickly as reasonably possible after providing a response. If the Personal Data Processor is prevented according to the law or official regulations from disclosing such information, the Personal Data Processor will not be obliged to inform the Personal Data Controller of the request.
10.1. The Personal Data Controller is responsible for processing complying with the law and the Personal Data Controller’s obligations in the Processing Contract. The Personal Data Controller is also responsible for providing adequate and lawful instructions to the Personal Data Processor.
10.2. The Personal Data Processor will be responsible for processing of personal data complying with the Personal Data Controller’s instructions, the Personal Data Processor’s obligations according to the Processing Contract and according to the contractual terms.
10.3. Each Party shall indemnify the other Party against damage or loss (e.g. but not limited to administrative sanctions, damage to the data subjects or legal costs) a Party may incur as a result of the other Party acting in breach of the Processing Contract. The Personal Data Processor’s liability shall, however, be subject to the same limitations stated in the contractual terms.
10.4. In the event of a claim for damages according to the above, the Party shall take measures to limit the damage, providing such measures do not cause unreasonable cost or are otherwise unreasonably burdensome.
10.5. If the Party acted in breach of the Processing Contract to a significant extent, the other Party is entitled to give notice of termination of the contract for services to a date the other Party decides.
11. Contract term
11.1. The Processing Contract is valid between the Parties as long as the Personal Data Processor processes personal data in pursuance of the contract on services with the Customer. If the contract expires and a new contract is drawn up without a new Processing Contract being found, this Processing Contract also applies to the new contract. This Processing Contract can be terminated on the terms stated in the contractual terms.
12. Consequences of processing ceasing
12.1. When processing has ceased, or before if so requested by the Personal Data Controller, the Personal Data Processor shall return or destroy all personal data that it has been processing.