ReQtest terms of services
These terms (the “Terms”) settle the rights and obligations between the customer (“Customer”) and the service provider ReQtest AB (corporate reg. no. 556780-0601), (“ReQtest AB”), regarding the Customer’s use of the cloud-based service ReQtest (“the Service”) provided through www.reqtest.com (“the Web Site”).
1. General
These Terms regulate the use of the subscription service ReQtest. ReQtest is a cloud-based software development and maintenance management tool (i.e. software as a service) enabling the Customer to develop, test, distribute and maintain its software products.
2. The Obligations of ReQtest AB
ReQtest AB shall provide the Service according to these Terms, including taking reasonable measures to ensure that the Service is available on the Internet twenty-four hours a day. For technical, maintenance, operative or safety reasons, ReQtest AB has the right to limit availability and interruptions in the Service may be necessary. ReQtest AB is not liable for deficiencies in the Customer’s Internet connection.
3. The Obligations of the Customer
The Customer shall adhere to the instructions for usage as communicated by ReQtest AB in these Terms, via e-mail or at the Web Site. The Customer shall ensure that the usage of the Service does not violate any substantive law or regulation. The Customer shall ensure that all its users of the Service are informed of the contents of these Terms. The Customer may assign usage rights of the Service, in accordance with these Terms, to users in other organizations. The Customer accepts liability for all users to whom the Customer gives access to the Service.
4. Third Party Claim
Should a third party address a claim against ReQtest AB attributable to the Customer’s usage of the Service, the Customer shall hold ReQtest AB free from any damages related thereto.
5. Defects
In case of defects in the Service which impede the Customer’s use of the Service in a material way and are attributable to ReQtest AB, ReQtest AB will ensure that the defect is corrected without undue delay, unless doing so would cause unreasonable costs to ReQtest AB. Should ReQtest AB not correct the defect within reasonable time, even though correcting the defect would not cause unreasonable costs for ReQtest AB, ReQtest AB is liable for losses caused, with the limitations set forth in clause 6 below. In other circumstances, ReQtest AB cannot be held liable for defects in the Service and thereto connected services unless the defect is caused by gross negligence or intent by ReQtest AB. Defects shall be reported by the Customer to ReQtest AB in writing to support@reqtest.com.
6. Liability for Other Losses
ReQtest AB is, subject to limitations set forth in these Terms, liable for losses caused by negligence of ReQtest AB. ReQtest AB’s liability for damages is limited to damages for direct losses, with a maximum amount corresponding to what has been paid by the Customer to ReQtest AB during the six-month period preceding the violation of these Terms. ReQtest AB is not liable for any loss of information or damage claim from third party, or any indirect losses, unless gross negligence or intent is established.
7. Confidentiality
ReQtest AB does not without written consent from the Customer, have the right to review the information stored by the Customer via the Service and shall not forward, copy, sell or in any other way distribute such information. Should however such information be communicated to ReQtest AB, it shall be treated as strictly confidential.
8. Intellectual Property Rights
8.1 Customer’s rights
All data, and intellectual property rights connected thereto, that the Customer transfers to the Service for processing and storing, will remain in the Customer’s ownership and may not be used by ReQtest AB in any wider sense than expressly provided in these Terms.
8.2 ReQtest AB’s rights
All intellectual property rights related to the Service and to the technical solutions used for providing the Service, remain the property of ReQtest AB or of the holder of a right provided to ReQtest AB, and the Service is not to be used in any wider sense than expressly provided in these Terms.
The Customer may not modify, add, translate or erase any part of the Service except where express written consent has been given by ReQtest AB.
9. Terms of Payment
ReQtest AB will set the terms of payment for each Customer. The default payment method is by credit card but the Customer and ReQtest AB may agree on payment by invoice.
Unless the parties have specifically agreed otherwise, ReQtest AB’s current price list shall be considered a part of these Terms. The price list is available on the Web Site.
9.1 Payment by credit card
Payments will be made monthly in arrears. The Customer agrees that ReQtest will charge a monthly fee based on the total number of users who have been active during the previous month.
9.2 Payment by invoice
Payments will be made monthly in arrears. The invoice amount shall be based on the total number of users who have been active during the previous month. Payment is due thirty (30) days after invoice date and interest on any payments overdue will be charged in accordance with the Swedish Interest Act (Swedish Räntelagen SFS 1975:635).
When payment is not possible by credit card or a payment by invoice is overdue ReQtest may, at its own discretion, choose to terminate the Service for the Customer in accordance with clause 12.
10. Personal Data
ReQtest AB shall process personal data in accordance with the Swedish Personal Data Act (Swedish Personuppgiftslagen SFS 1998:204) and other applicable legislation for the protection of the personal integrity (including any other legislation implemented due to directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)).
The Customer is responsible for removing or anonymising data for it’s users as needed to comply with applicable legislation.
By accepting the terms of service for Reqtest, the Customer also accepts Appendix 1, Data processing agreement.
11. Change of Terms
ReQtest AB reserves the right to change these Terms, including the rates charged by ReQtest AB. The Customer will be notified of such change either via e-mail or via notification posted on the Web Site. The Customer is considered notified one week after such message has been either sent via e-mail or published on the Web Site. If the Customer does not accept the change, the Customer has the right, within thirty (30) days of the notification, to end this agreement, on behalf of the Customer or individual user, with immediate effect. Has ReQtest AB not been notified of such termination, the Customer is deemed to have accepted the new terms.
12. Duration of Terms etc.
Unless specifically agreed between the Customer and the Client, these Terms are in force until further notice and can be terminated as per the last day of the Customer’s next payment cycle. Termination of these Terms between the parties shall be in written form and shall be sent to ReQtest AB, Fridhemsgatan 49, SE-112 46 Stockholm, Sweden, or alternatively via email to invoice@reqtest.com. A final invoice will be issued adjusting any outstanding payments due to ReQtest AB.
ReQtest AB has the right to erase all data the Customer has stored in the Service one (1) month after the Agreement is terminated.
ReQtest AB has the right to, with immediate effect, deny a Customer access to the Service, should the usage of the Service comprise of any of the following:
- Criminal act;
- Act which otherwise violates Swedish law or these Terms;
- Act which results in damage or which ReQtest AB deems might result in damage for ReQtest AB or third party;
- Act violating ReQtest AB’s safety or administrative rules;
- Omittance to pay due amount within stated time;
- Misuse of the number of user accounts in order to lower license fees;
- Sharing user accounts between several users.
Denying the Customer access to the Service may involve either the termination of the agreement with the Customer, or shutting down the account of the relevant individual user.
13. Dispute
These Terms shall be governed by the laws of Sweden. Dispute arising out of or in connection with these Terms shall be finally settled by arbitration in accordance with the Rules for Expedited Arbitrations of the Arbitration Institute of the Stockholm Chamber of Commerce. The seat of arbitration shall be Stockholm.
Version 2018-05-21
Data Processing Agreement
1 Parties
1.1 […], corporate identity number […], [address], hereinafter the “Data controller”, and
1.2 […], corporate identity number […], [address], hereinafter the “Data processor”.
The above mentioned parties are hereinafter referred to as “Party” and in jointly as the “Parties“.
2 Background
2.1 The Parties have entered into this Data Processing Agreement (hereinafter the ”Agreement”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the Data Controller to the Data Processor of Personal Data and the Processing of Personal Data by the Data Processor on behalf of the Data Controller, pursuant to a separate agreement between the Parties (the “Main Agreement”). This Agreement is intended to fulfil the requirement of a written agreement that governs the Processing Personal Data by the Data Processor on behalf of the Data Controller.
2.2 The specific terms and expression relating to the Processing of Personal Data not defined in this Agreement shall have the same meaning as the terms and expressions in the Personal Data Legislation applicable at the time of the Processing of the Personal Data.
3 Definitions
The following terms, used in this Agreement have the following meanings:
“Processing (of Personal Data)” | shall have the same meaning as in applicable Personal Data Legislation; |
“Personal Data” | shall have the same meaning as in applicable Personal Data Legislation and constitutes the data that the Data Controller is responsible for and which the Data Processor shall Process in accordance with the Agreement; |
”Personal Data Breach” | shall have the same meaning as in applicable Personal Data Legislation; |
”Personal Data Legislation” | means the at each time applicable Swedish legislation regarding the Processing of Personal Data or the common EU rules on data protection, especially the Swedish Personal Data Act (personuppgiftslagen, SFS 1998:204) and the EU regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, which shall be applied from 25 May 2018 and will replace the Swedish Personal Data Act; and |
”Third Country” | means a state that is not included in the European Union or part of the European Economic Area. |
4 Obligations of the Data Processor
4.1 In addition to what otherwise follows from the Main Agreement, the Data Processor agrees and warrants:
- that the Processing of Personal Data is carried out in accordance with the applicable Personal Data Legislation;
- to assist the Data Controller in ensuring compliance with the obligations deriving from applicable Personal Data Legislation, taking into account the nature of Processing and the information available to the Data Processor;
- to Process the Personal Data only on behalf of the Data Controller and in compliance with the Data Controller’s documented instructions (which for the sake of clarity shall imply that the Processing is carried out only for the purposes decided by the Data Controller, as set forth in Appendix 1.). If the Data Processor cannot comply with such instructions for whatever reasons, the Data Processor shall promptly inform the Data Controller of its inability to comply, in which case the Data Controller is entitled to suspend the Processing, request the immediate return of the Personal Data and/or terminate the Agreement;
- that it will immediately inform the Data Controller if, in the Data Processors opinion, an instruction infringes the applicable Personal Data Legislation;
- to implement appropriate technical and organisational measures to ensure and demonstrate that Personal Data is not Processed in an illegal or unlawful manner or in a way which risk that they fall into the wrong hands, and ensure that such measures (taking into account the technological developments, the cost of implementing any measures, the nature, scope, context and purposes of the Processing) maintain a level of security which is appropriate in relation to the risk for the rights and freedoms of natural persons;
- to maintain records of all categories of Processing performed on behalf of the Data Controller, including name and contact details, and where applicable, transfers of Personal Data to a Third Country or international organisation and, where possible, a general description of the technical and organisational security measures;
- to keep authorisation controls and logging of the systems where Personal Data is Processed, for the purpose of making it possible for the Data Controller to audit and ensure the integrity and confidentiality of the Personal Data, including safeguards against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Processed Personal Data;
- to deal promptly and properly with all inquiries from the Data Controller relating to its Processing of the Personal Data and provide the Data Controller with all information required to demonstrate its compliance with obligations deriving from applicable Personal Data Legislation;
- to ensure that only authorised persons can Process Personal Data, by keeping authorisation controls and logging of the systems where Personal Data is Processed, and ensure that these persons have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- that it will without undue delay refer any third party requesting information relating to the Personal Data to the Data Controller, unless such reference is prohibited under criminal law (G. to preserve the confidentiality of a law enforcement investigation) and on request cooperate with relevant supervisory authority in the performance of its tasks and without undue delay inform the Data Controller of this;
- to assist the Data Controller through appropriate technical and organisational measures, to the extent possible, so that the Data Controller can fulfil its obligation to respond to a request following a data subject exercising its rights under applicable Personal Data Legislation;
- to, at the request of the Data Controller, taking into account the type of Processing and the information available to the Data Processor, assist to comply with the obligations regarding the preparation of a data protection impact assessment and prior consultation with the responsible supervisory authority, in accordance with applicable Personal Data Legislation;
- that it will without undue delay inform the Data Controller of any unauthorised access to Personal Data, both completed and attempts thereof;
- to, at the request of the Data Controller, submit its facilities where Personal Data is Processed for audit in order to ensure and demonstrate that the Processing is compliant with this Agreement and the obligations deriving from applicable Personal Data Legislation. The audit shall be carried out by the Data Controller or such person that the Data Controller appoints, provided that such person is bound by a duty of confidentiality.
5 Sub-Processing
5.1 The Data Processor is not entitled to sub-contract the Processing of the Personal Data without a specific or general consent from the Data Controller.
5.2 If the Data Processor engages a sub-processor, the Data Processor shall guarantee that such sub-processor’s Processing is performed in accordance with the Data Processors obligations under section 4 of this Agreement.
5.3 The Data Processor shall maintain records of sub-processors who are Processing Personal Data and shall at the request of the Data Controller provide a list of these.
5.4 If the Data Processor engages a sub-processor it agrees to without delay inform the Data Controller of the identity of the sub-processor, and, upon the request of the Data Controller, where the Personal Data will be Processed as well as other relevant information related thereto such as a copy of the agreement entered into between the Data Processor and such sub-processor.
5.5 The Data Processor shall remain fully liable to the Data Controller for the performance of any sub-processor.
6 Obligation after the termination of services
6.1 The Data controller is responsible for deleting Personal data on the termination of the Main Agreement.
6.2 In the event that legislation imposed upon the Data controller prevents it from returning or destroying all or part of the Personal Data, the Data controller warrants that it will guarantee the confidentiality of the Personal Data and that it will not actively Process the Personal Data or, alternatively, anonymize the Personal Data in a manner that makes it impossible to recreate the Personal Data in such a manner that a natural person is not or no longer identifiable.
7 Liability
7.1 In the event the Parties have reached an agreement regarding limitation of liability in another agreement, such limitation of liability shall also apply to this Agreement. In the event the Parties have not reached an agreement regarding such a limitation of liability, a Party’s liability under this Agreement or as a result of the Processing which is covered under the Agreement shall be limited to one hundred thousand kronor (SEK 100,000). The Parties are aware that the limitation of liability shall not apply: (i) in the event the supervisory authority or a court orders any of the Parties to pay an administrative fine; (ii) a Party has a right of subrogation against the other Party because such Party was ordered to pay an administrative fine which legitimately (or through joint and several liability) should have been imposed on the other Party; or (iii) in conjunction with a claim for damages brought by a Data Subject.
8 Term and termination
8.1 This Agreement shall enter into force when accepting Terms of Services for ReQtest and shall remain valid until the Main Agreement is terminated.
8.2 A Party is entitled to terminate this Agreement with immediate effect should the other Party commit a material breach of its obligations pursuant to this Agreement which is not remedied within thirty (30) days of such Party being notified of such breach by the non-defaulting Party. A material breach of this Agreement shall always also constitute a material breach of the Main Agreement.
8.3 A Party’s notification of immediate termination according to section 7.2 shall be sent without undue delay after the event which gives rise to the notification has become known for such Party.
8.4 Termination of this Agreement shall be without prejudice to any rights and obligations of either Party against the other which may have accrued up to the date of such termination.
9 Handling and notification of a Personal Data Breach to the supervisory authority
9.1 The Data Processor shall without undue delay notify the Data Controller’s designated contact person after having become aware of a Personal Data Breach. If and to the extent not possible to provide all information at once, the Data Processor may provide the Data Controller with the information in batches without further delay.
9.2 The Data Processor shall without undue delay investigate a Personal Data Breach and undertake measures to mitigate possible adverse effects of the Personal Data Breach, identify its cause(s) and prevent similar Personal Data Breaches. The Data Processor shall cooperate with the Data Controller in order to protect the rights and freedoms of registered natural persons. The Parties undertake to coordinate remedial and mitigating action which are undertaken and planned.
10 Relation to Main Agreement
What is stipulated in the Main Agreement shall also be applied for this Agreement.
11 Additions and amendments
No amendments or additions to this Agreement may be made except in writing, duly signed by each of the Parties.
12 governing law and jurisdiction
12.1 This Agreement shall be governed by and construed in accordance with the laws of Sweden without regard to its principles of conflict of laws.
12.2 Any dispute, controversy or claim arising out of or in connection with this Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The Rules for Expedited Arbitrations shall apply. The seat of arbitration shall be Stockholm, Sweden.
Appendix 1
Instructions To The Data Processor
1 Purposes with the processing
The purpose off the processing is that the data processer provides a service to the data controller where the data controller can store data.
2 Categories of data subjects
The categories of data subjects are user data belonging to the users of the data controller.
3 Category of personal data which will be processed
The categories of personal data which will be processed are namn, email, company, phone number and photo.
4 Sensitive data
No sensitive data shall be handled.
5 Personal identification number
No personal identification numbers are stored
6 Data relating to criminal convictions and offences
No data relating to criminal convictions and offences are stored.
7 Security
The service the data processer provides is secure through the use of password protections. Users are limited to seeing the information based on their credentials. Access to data is limited to only the people needing it to provide the service.
8 Access to the register
The register is available to the functional units who need access to provide the service to the customer. This includes R&D and Customer success.
9 Sub-processors
The data processer is entitled to use sub-processors when needed to be able to provide the service to the customers.
10 Place of processing
The place of processing is a server placed in Stockholm.
11 Transfers to third countries
No data is transferred to a third country.
12 Singling out
The data is stored as long as the data controller is in need of the data. The data controller is responsible for deleting and / or anonymising data.
13 Inspections
The data processer should yearly make an internal audit to confirm compliance to GDPR.