MapUs Privacy Policy & Terms and Conditions

On this page, you can read our Privacy and Cookie Policy for mapus.io as well as the terms and conditions for being a trial user and subscriber of the MapUs software.

Privacy and Cookie Policy

Last updated on June 16th 2021

  1. Welcome
    1. When you visit https://mapus.io (hereinafter “Website”, “Site”) personal data is collected about you. This Privacy and Cookie Policy is meant to help you understand what personal data we collect, why we collect it, and how we delete it.
  2. Data controller
    1. Center for Digital Dannelse (hereinafter “us”, “our”, “us”) is responsible for the processing of your personal data and ensuring that it complies with the rules of the General Data Protection Regulation (GDPR).
      Center for Digital Dannelse
      Vesterbrogade 14A, 2. sal
      1620 Copenhagen
      Denmark
      digitaldannelse.org
      dd@digitaldannelse.org
      +45 71 74 38 76
  3. Personal data
    1. Personal data is information that can identify you, personally. For example: your name, email, address, telephone number, etc. When you use our Website we collect and process the personal data, you provide to us. This occurs, for instance, if you sign up for a newsletter or fill out a contact form.
    2. To the extent that you enter information such as name, address, workplace, phone number and email, we process this personal data. You can enter this type of information while using the contact forms.
  4. Security
    1. We have taken technical and organizational measures to prevent your data from being accidentally or illegally deleted, published, lost, impaired, disclosed without authorization, abused or otherwise processed in violation of the law.
  5. Purpose
    1. When personal data such as name, email, workplace or other information you enter is collected via our contact forms, the purpose is to qualify an answer to your inquiry. The legal basis on which we process your personal data is our legitimate interest. 
    2. If you sign up for a free trial via our forms, the personal data you submit is what enables us to create a trial account for you. 
    3. When you are asked to submit your email in our forms, it will only be used for other purposes, if the purpose is clearly stated. Examples include, but are not limited to, subscribing to a newsletter, asking for feedback on our Service, or receiving an email as part of an exercise/test.
  6. Period of storage
    1. We only store your data for the purposes described in this Privacy and Cookie Policy and for the time allowed by law. When we no longer need to use your personal data for the identified purposes and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or anonymize it so that you cannot be identified.
  7. Disclosure of information
    1. Besides otherwise described in this Privacy and Cookie Policy, we may disclose personal data that we collect or that you provide to trusted third-party providers (data processors). We only use data processors that can give your personal data adequate level of data protection.
    2. We only use data processors within the EU or in countries which can provide the adequate protection of your information. We have DPAs with all our data processors. 
    3. Our data processors are: ActiveCampaign (US-based CRM system that hosts our forms and send out newsletters) and DLX (Danish-based server hosting company hosting this website). 
  8. Cookies
    1. Our Website uses cookies. A cookie is a small text file that is stored in your browser. Cookies allow the Website to recognize your computer, gather information about which pages and features are visited with your browser and make sure the Website is technically functional. Cookies are the only way to make the site function as intended. Cookies are used by virtually all websites.
    2. Cookies we use:
      • The Site uses cookies from Google Analytics to measure traffic on the Site.
      • The Site can contain videos embedded on the page via YouTube or other video services, that use cookies to detect which video is displayed and how much of the video you have seen.
      • The Website stores your accept of cookies via a cookie: cookie_notice_accepted
  9. Insights and complaints
    1. You are entitled to know what personal information we are processing about you. You may also object to the use of information at any time. You may also revoke your consent to processing information about you. If the information processed about you is incorrect, you are entitled to alter or delete this. Inquiry may be made to Center for Digital Dannelse (see contact details under data controller). If you would like to complain about our processing of your personal information, you also have the opportunity to lodge a complaint with your national Data Protection Authority (DPA).
  10. Publisher and data processor

The website is managed, published and data processed by:
Center for Digital Dannelse
Vesterbrogade 14A, 2. sal
1620 Copenhagen
Denmark
digitaldannelse.org
dd@digitaldannelse.org
+45 71 74 38 76

Terms of Service for MapUs 14-day free trial

The following terms and conditions apply fortrial usersof the MapUs software

Last updated on June 16th 2021

Service description

MapUs is a SaaS platform used to map digital competence in organizations. By surveying users, analyzing the data and visualizing it in interactive reports, MapUs is intended to be a guiding tool to help it’s users understand and unlock their digital potential. 

A 14-day free trial to MapUs gives the customer access to their own MapUs platform for 14 days with superuser access at the highest possible level for regular customers (Survey Builder), giving them full access to customization features.

After the 14 days, the customer can either choose to purchase a subscription or yield their right of use. 

Definitions 

“Services”: The web-based Software-as-a-Service developed and sold by Supplier. The Services are offered to Customers who themselves or on behalf of one or more institutions, e.g. companies or schools, have signed up to a 14-day free trial for access to the Services

“End Users”: The Customer’s end user making use of the Services.   

“Authorized User”: A physical person in- or outside Customer’s organization, that Customer has authorized. 

“Confidential Information”: includes but is not limited to trade-secrets, know-how, and any other information that a reasonable person would deem confidential.

Agreement 

This Agreement shall apply to all Customer’s use of the Services. 

The Services are provided as a free trial and nothing in this Agreement will be interpreted or construed as a sale or purchase of software.

The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint-venture or other relationship not explicitly stated in this Agreement.

Use right 

Subject to the terms and conditions in this Agreement, Supplier hereby grants to Customer a non-exclusive, non-transferrable, non-assignable, time-limited and worldwide right to access and use the Services as intended by Supplier.

This use right is only applied to Authorized Users and End-Users enrolled in Customer’s trial, and only for purposes within Customers internal business operations, i.e. not for the benefit of any other person or entity.

Intended Use 

Customer is solely responsible for ensuring that Customer’s Authorized Users and End Users only use the Services for the intended purpose, cf. the Service Description. 

Restrictions on Use 

Customer, Authorized Users and End Users may not reverse engineer, disassemble, decompile or in any way work around any technical limitations. Unless otherwise agreed, Customer may not rent, lease, lend, resell or in any way grant access to the Service to third parties except as expressly permitted in these terms and conditions. 

Customer, Authorized Users and End Users may not modify or create any derivative product(s) or services based on the Service and may not combine or integrate the Services with any hardware, software or other technology not permitted by Supplier.

Legal Use 

Customer is solely responsible for ensuring that Customer’s  Authorized Users End Users use of the Services complies with the Agreement and all applicable legislation, including, but not limited to privacy, employment law, and union rules. 

Intellectual Property 

Supplier and Customer agree that Supplier owns all rights, including, title, trademarks, copyright, and interests including all intellectual property rights to the Service and documentation. Supplier reserves to itself all rights to the Service not expressly granted to Customer in this Agreement. Supplier claims no intellectual property rights over the data and material the Customer, Authorized User or the  End Users enter into the Services.

Assignment 

Customer may not directly, or indirectly assign all or any part of this Agreement or Customer’s rights or obligations under this Agreement to a third party without Supplier’s written consent. Supplier may assign this Agreement in connection with a merger or change of control of Supplier, or the sale of all or substantially all of Supplier’s assets provided that any such successor agrees to fulfil its obligations pursuant to this Agreement.

Trial Terms 

This Agreement shall come into force upon Customer’s acquisition of the Services. At the end of the Trial Term (after 14 days), __________

If Customer chooses not to purchase a subscription, _____ 

Force Majeure

Neither Party shall be liable for any failure of or delay in the performance of this Agreement for the period that such failure or delay is due to causes beyond its reasonable control, including but not limited to acts of God, riots, war, terrorist act, epidemic, pandemic, quarantine, war, strikes or labour disputes, embargoes, government orders or any other Force Majeure event. No party is entitled to terminate this Agreement in such circumstances. 

If a party asserts Force Majeure as an excuse for failure to perform the parties’ obligation, the non performing party must prove that the party took reasonable steps to minimize delay or damages caused by foreseeable events, that the party substantially fulfilled all non-excused obligations, and that the other party was timely notified of the likelihood or actual occurrence of a Force Majeure event. 

Suspension 

Any use of the Service, in breach of this Agreement, including unintended or illegal use, or Customer’s failure to meet any obligations in this Agreement, may result in Supplier suspending the Service. If Supplier suspends the Service, the Customer shall be notified immediately and given an opportunity to remedy such violation. If the Customer is unable to remedy the violation within 14 calendar days, Supplier is entitled to terminate the Agreement.

Liability 

The Parties are not in any event liable for any direct, consequential or other indirect losses. Data losses are considered indirect losses. 

The above restrictions apply only if the loss is not attributable to gross negligence or wilful conduct by the damaging party. The foregoing does not regulate the conditions concerning losses in connection to delay. 

The total liability shall in no event exceed the total fees paid to Supplier under this Agreement during the past 12 months. 

In the case that the Service is dependent on collecting information from the Customer or users in order to present suggested recommendations, the Supplier takes no responsibility for the Customer’s actions based on output from the Service. This includes, with no limitation, if such actions do not deliver correct or the expected results.  

Confidentiality 

Supplier and Customer are required not to disclose any Confidential Information that Supplier or Customer may have gained during the term of this Agreement.

Customer, Authorized Users and End Users are obligated to keep confidential any ‘magic’ links provided by Supplier. The Customer shall be liable for any misuse of such links, regardless if such misuse is caused by the Customer, Authorized Users, End Users or a third party having obtained possession of the Customer’s, Authorized Users’ or End-Users’ link. 

Reference 

Unless otherwise agreed between the Parties, Supplier reserves the right to use Customer name and logos and Trademarks as a reference, and or case story on Supplier’s webpage and marketing materials.

Data ownership 

Customer shall retain ownership of all data submitted to the Services.

Data Protection (Data Processing Agreement)

This data processor agreement must be used, if the Supplier as part of its delivery of the services as mentioned in the Agreement shall process personal data on behalf of the Customer, cf. Article 6 of the Regulation (EU) 2016/679 of European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). If the Supplier is to process sensitive personal data on behalf of the Customer pursuant to Article 9 of the GDPR, the parties enter into a separate data processor agreement. 

Both parties shall meet the requirements of the GDPR and applicable data protection legislation. The Customer is responsible for ensuring that the processing of personal data takes place in compliance with the GDPR, including ensuring that the processing of personal data, which the Supplier is instructed to perform, has a legal basis. The Supplier shall process personal data only on documented instructions from the Customer. The documented instructions consist partly of the Agreement, so the Supplier can carry out such processing of the Customer’s personal data as is necessary to be able to provide the agreed services (the purpose of the processing), and partly of the subsequent separate documented instructions, which the Customer may provide to Supplier. If the Supplier is of the opinion that the Agreement or a separate instruction does not cover the Supplier’s processing of the Customer’s personal data, or that an instruction from the Customer will be in conflict with the GDPR or other applicable data protection legislation, Supplier must immediately notify the Customer thereof in writing. 

Both parties shall, on an ongoing basis, implement appropriate technical and organizational measures that comply with the requirements of Article 32 of the GDPR in order to ensure the protection of the data subjects’ rights. The Supplier must, at the request of the Customer, assist the Customer pursuant to Article 32 of the GDPR by, among other things, provide the Customer with sufficient information so the Customer can demonstrate compliance with the requirements of applicable data protection legislation, including that the above-mentioned technical and organizational security measures have been taken.

The Supplier ensures that the persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and that this can be demonstrated to the Customer. 

The Supplier shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor). The Supplier has the Customer’s general authorisation for the engagement of sub-processors. The Supplier shall inform the Customer in writing of any intended changes concerning the addition or replacement of sub-processors at least 60 days in advance, thereby giving the Customer the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). If the Supplier does not receive objections from the Customer within 30 days of receiving notification thereof, the Supplier is entitled to implement the change. The Supplier ensures that the sub-processor meets the requirements of Article 28 of the GDPR, and engage to enter into a sub-processor agreement with the sub-processor in question, which is subject to at least the same obligations as the Supplier has undertaken in this Agreement. Sub-processor agreement(s) and any subsequent changes thereto are sent – at the Customer’s request – in copy to the Customer. The Supplier shall be responsible that the sub-processor complies with the obligations to which the Supplier is subject pursuant to the clauses and the GDPR. Without the Customer’s prior written consent, the Supplier may not transfer the Customer’s personal data to countries outside the EU / EEA. When entering into the Agreement, the Supplier uses the following sub suppliers, which has been approved by the Customer:

Name

Server location

service

legal basis for transfer

DLX A/S

Denmark

Hosting

N/A

Mailgun Technologies

USA

E-mail provider

Standard contractual clauses

  

Taking into account the nature of the processing, Supplier shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, in the fulfilment of the Customer’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR. The Supplier’s assistance will be invoiced according to time spent. The Supplier shall, furthermore, taking into account the nature of the processing and the information available to the Supplier, assist the Customer in ensuring compliance with the obligations under Article 32 – 36 of the GDPR. Supplier shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 and the clauses and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

The Supplier shall comply with Article 33 of the GDPR and without undue delay notify the Customer after becoming aware that there has been a personal data breach. The notification to the Customer must take place no later than 24 hours after the Supplier has become aware of the breach. The notification shall contain at least the information referred to in Article 33 (3), litra a), b) and d) mentioned requirements for notification. These obligations apply regardless of whether the Supplier is responsible for the personal data breach. If Supplier or its sub-processors are not responsible for the breach, the Supplier’s assistance will be invoiced according to time spent. 

If the Customer does not instruct Supplier otherwise, the Supplier is entitled and obliged to delete the Customer’s personal data no longer than 3 months after the Agreement has been finally terminated. However, the obligations regarding the processing of personal data remain in force as long as the Supplier processes the Customer’s personal data. 

All matters relating to non-compliance, liability and compensation are regulated in the Agreement. 

Both parties shall keep records of processing activities referred to in Article 30 of the GDPR. If there are changes in the categories of personal data or categories of data subjects that the Supplier processes for the Customer, the Customer must immediately notify the Supplier thereof: 

categories of personal data

categories of data subjects

General personal data, including e-mail and name

End Users

Notices 

All written notices between the Parties shall be delivered by e-mail. 

Updates 

Supplier reserves the right to upgrade, modify, replace, or reconfigure the Service at any time upon at least 14 calendar days’ notice, for changes that significantly may affect the use of the service. Any future release, update, or other addition to functionality of the service shall be subject to these terms. 

Accessibility and Uptime 

Supplier endeavours to ensure that the Service is available 24/7, however, Customer accepts that Supplier does not warrant that the Service will be uninterrupted or error-free. The Service is provided on an “as is” and “as available” basis, without any warranties to the fullest extent permitted by law.

The Customer can access the Service through the browser. With the exception of Internet Explorer, the Service supports all new versions of standard browsers on the large platforms. Internet Explorer 11 on Windows, Chrome and Firefox on Linux, and browsers that use older versions of WebKit, Blink or Gecko are not explicitly supported. However, the Service should also (in most cases) display and function correctly in these browsers.

Severability 

Should any term or condition hereof be declared illegal or otherwise unenforceable, it shall be severed from the remainder of this Agreement without affecting the remaining sections.

Survivability 

The sections on confidentiality, liability, payment, reference, and dispute shall survive any termination of this Agreement.

Acceptance and Termination 

This Agreement is entered into by Customers electronic acceptance of these Agreement terms on Suppliers and is concluded upon Customers receipt of the confirmation e-mail from Supplier. The Agreement is valid until terminated by one of the parties in accordance with the applicable terms. 

Dispute 

Any dispute between Customer and Supplier must be settled under Danish law, with the exception of CISG, the District Court in Copenhagen as the agreed venue, with usual reference and appeal rights.

Terms and Conditions for using MapUs

The following terms and conditions apply forsubscribers and usersof the MapUs software

Last updated on February 8th 2021

 

Service description

MapUs is a SaaS platform used to map digital competence in organizations. By surveying users, analyzing the data and visualizing it in interactive reports, MapUs is intended to be a guiding tool to help it’s users understand and unlock their digital potential. 

A Premium Subscription to MapUs gives the customer access to their own personalized MapUs platform and a bundle of mappings to use yearly. Extra mappings can be purchased.

Additionally, a Premium Subscription to MapUs gives the customer superuser access at the highest possible level for regular customers (Survey Builder), giving them full access to customization features. The subscription includes a mandatory superuser course, teaching a selected group of superusers how to navigate all administrative functionalities.

Furthermore, a number of add-on services can be added to the purchase of the Premium Subscription.

The MapUs subscription runs on a yearly basis. It follows that the subscription will be activated on the delivery date and will run on a yearly basis from said date.

Definitions 

“Services”: The web-based Software-as-a-Service developed and sold by Supplier. The Services are offered to Customers who themselves or on behalf of one or more institutions, e.g. companies or schools, pay for access to the Services for a number of End Users.

“End Users”: The Customer’s end user making use of the Services.   

“Authorized User”: A physical person in- or outside Customer’s organization, that Customer has authorized. 

“Confidential Information”: includes but is not limited to trade-secrets, know-how, and any other information that a reasonable person would deem confidential.

Agreement 

This Agreement shall apply to all Customer’s use of the Services. 

The Services are provided as a subscription, not sold, by Supplier to Customer, and nothing in this Agreement will be interpreted or construed as a sale or purchase of software.

The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint-venture or other relationship not explicitly stated in this Agreement.

Use right 

Subject to the terms and conditions in this Agreement, Supplier hereby grants to Customer a non-exclusive, non-transferrable, non-assignable, and worldwide right to access and use the Services as intended by Supplier.

This use right is only applied to Authorized Users and End-Users enrolled in Customers subscription plan, and only for purposes within Customers internal business operations, i.e. not for the benefit of any other person or entity.

Intended Use 

Customer is solely responsible for ensuring that Customer’s Authorized Users and End Users only use the Services for the intended purpose, cf. the Service Description. 

Restrictions on Use 

Customer, Authorized Users and End Users may not reverse engineer, disassemble, decompile or in any way work around any technical limitations. Unless otherwise agreed, Customer may not rent, lease, lend, resell or in any way grant access to the Service to third parties except as expressly permitted in these terms and conditions. 

Customer, Authorized Users and End Users may not modify or create any derivative product(s) or services based on the Service and may not combine or integrate the Services with any hardware, software or other technology not permitted by Supplier.

Legal Use 

Customer is solely responsible for ensuring that Customer’s  Authorized Users End Users use of the Services complies with the Agreement and all applicable legislation, including, but not limited to privacy, employment law, and union rules. 

Intellectual Property 

Supplier and Customer agree that Supplier owns all rights, including, title, trademarks, copyright, and interests including all intellectual property rights to the Service and documentation. Supplier reserves to itself all rights to the Service not expressly granted to Customer in this Agreement. Supplier claims no intellectual property rights over the data and material the Customer, Authorized User or the  End Users enter into the Services.

Assignment 

Customer may not directly, or indirectly assign all or any part of this Agreement or Customer’s rights or obligations under this Agreement to a third party without Supplier’s written consent. Supplier may assign this Agreement in connection with a merger or change of control of Supplier, or the sale of all or substantially all of Supplier’s assets provided that any such successor agrees to fulfil its obligations pursuant to this Agreement.

Subscription Terms 

This Agreement shall come into force upon Customer’s acquisition of the Services. At the end of the Subscription Term, the subscription will be automatically renewed for an additional period, unless the Customer notifies Supplier in writing at least one (1) month before the end of the Subscription Term. The renewal term period shall be equal to the duration of the initial Subscription Term.

If Customer terminates the Agreement without justification before the end of the end of a Subscription Term, Supplier is entitled to full compensation for the remuneration due for the residual Subscription Term. There is no termination fee.

Payment Terms 

Customer will pay all amounts specified in the Agreement. All invoices are due for payment within 14 days.

Payment is charged in advance for the Subscription Term by the Customer’s preferred payment method. Customer authorizes Supplier to store the necessary payment details, and charge Customer until the Agreement is terminated. 

If payment is declined or for any reason insufficient, Supplier reserves the right to suspend the Service, or provide the Service and charge interest on any overdue balances for the period from the date on which payment became due, until the date on which payment is made. The interest rate is equivalent to the rates stated in the Danish Interest Act (currently 8%).

Subscription prices are subject to change at a month’s notice. If notice of price changes is given, the Customer can terminate the Agreement into a minimum of 30 days’ notice as from the date on which the price change comes into force. 

Force Majeure 

Neither Party shall be liable for any failure of or delay in the performance of this Agreement for the period that such failure or delay is due to causes beyond its reasonable control, including but not limited to acts of God, riots, war, terrorist act, epidemic, pandemic, quarantine, war, strikes or labour disputes, embargoes, government orders or any other Force Majeure event. No party is entitled to terminate this Agreement in such circumstances. 

If a party asserts Force Majeure as an excuse for failure to perform the parties’ obligation, the non performing party must prove that the party took reasonable steps to minimize delay or damages caused by foreseeable events, that the party substantially fulfilled all non-excused obligations, and that the other party was timely notified of the likelihood or actual occurrence of a Force Majeure event. 

Suspension 

Any use of the Service, in breach of this Agreement, including unintended or illegal use, or Customer’s failure to meet any obligations in this Agreement, may result in Supplier suspending the Service. If Supplier suspends the Service, the Customer shall be notified immediately and given an opportunity to remedy such violation. If the Customer is unable to remedy the violation within 14 calendar days, Supplier is entitled to terminate the Agreement.

Liability 

The Parties are not in any event liable for any direct, consequential or other indirect losses. Data losses are considered indirect losses. 

The above restrictions apply only if the loss is not attributable to gross negligence or wilful conduct by the damaging party. The foregoing does not regulate the conditions concerning losses in connection to delay. 

The total liability shall in no event exceed the total fees paid to Supplier under this Agreement during the past 12 months. 

In the case that the Service is dependent on collecting information from the Customer or users in order to present suggested recommendations, the Supplier takes no responsibility for the Customer’s actions based on output from the Service. This includes, with no limitation, if such actions do not deliver correct or the expected results.  

Confidentiality 

Supplier and Customer are required not to disclose any Confidential Information that Supplier or Customer may have gained during the term of this Agreement.

Customer, Authorized Users and End Users are obligated to keep confidential any ‘magic’ links provided by Supplier. The Customer shall be liable for any misuse of such links, regardless if such misuse is caused by the Customer, Authorized Users, End Users or a third party having obtained possession of the Customer’s, Authorized Users’ or End-Users’ link. 

Reference 

Unless otherwise agreed between the Parties, Supplier reserves the right to use Customer name and logos and Trademarks as a reference, and or case story on Supplier’s webpage and marketing materials.

Data ownership 

Customer shall retain ownership of all data submitted to the Services.

Data Protection (Data Processing Agreement)

This data processor agreement must be used, if the Supplier as part of its delivery of the services as mentioned in the Agreement shall process personal data on behalf of the Customer, cf. Article 6 of the Regulation (EU) 2016/679 of European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”). If the Supplier is to process sensitive personal data on behalf of the Customer pursuant to Article 9 of the GDPR, the parties enter into a separate data processor agreement. 

Both parties shall meet the requirements of the GDPR and applicable data protection legislation. The Customer is responsible for ensuring that the processing of personal data takes place in compliance with the GDPR, including ensuring that the processing of personal data, which the Supplier is instructed to perform, has a legal basis. The Supplier shall process personal data only on documented instructions from the Customer. The documented instructions consist partly of the Agreement, so the Supplier can carry out such processing of the Customer’s personal data as is necessary to be able to provide the agreed services (the purpose of the processing), and partly of the subsequent separate documented instructions, which the Customer may provide to Supplier. If the Supplier is of the opinion that the Agreement or a separate instruction does not cover the Supplier’s processing of the Customer’s personal data, or that an instruction from the Customer will be in conflict with the GDPR or other applicable data protection legislation, Supplier must immediately notify the Customer thereof in writing. 

Both parties shall, on an ongoing basis, implement appropriate technical and organizational measures that comply with the requirements of Article 32 of the GDPR in order to ensure the protection of the data subjects’ rights. The Supplier must, at the request of the Customer, assist the Customer pursuant to Article 32 of the GDPR by, among other things, provide the Customer with sufficient information so the Customer can demonstrate compliance with the requirements of applicable data protection legislation, including that the above-mentioned technical and organizational security measures have been taken.

The Supplier ensures that the persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and that this can be demonstrated to the Customer. 

The Supplier shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor). The Supplier has the Customer’s general authorisation for the engagement of sub-processors. The Supplier shall inform the Customer in writing of any intended changes concerning the addition or replacement of sub-processors at least 60 days in advance, thereby giving the Customer the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). If the Supplier does not receive objections from the Customer within 30 days of receiving notification thereof, the Supplier is entitled to implement the change. The Supplier ensures that the sub-processor meets the requirements of Article 28 of the GDPR, and engage to enter into a sub-processor agreement with the sub-processor in question, which is subject to at least the same obligations as the Supplier has undertaken in this Agreement. Sub-processor agreement(s) and any subsequent changes thereto are sent – at the Customer’s request – in copy to the Customer. The Supplier shall be responsible that the sub-processor complies with the obligations to which the Supplier is subject pursuant to the clauses and the GDPR. Without the Customer’s prior written consent, the Supplier may not transfer the Customer’s personal data to countries outside the EU / EEA. When entering into the Agreement, the Supplier uses the following sub suppliers, which has been approved by the Customer:

Name

Server location

service

legal basis for transfer

DLX A/S

Denmark

Hosting

N/A

Mailgun Technologies

USA

E-mail provider

Standard contractual clauses

  

Taking into account the nature of the processing, Supplier shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, in the fulfilment of the Customer’s obligations to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR. The Supplier’s assistance will be invoiced according to time spent. The Supplier shall, furthermore, taking into account the nature of the processing and the information available to the Supplier, assist the Customer in ensuring compliance with the obligations under Article 32 – 36 of the GDPR. Supplier shall make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in Article 28 and the clauses and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

The Supplier shall comply with Article 33 of the GDPR and without undue delay notify the Customer after becoming aware that there has been a personal data breach. The notification to the Customer must take place no later than 24 hours after the Supplier has become aware of the breach. The notification shall contain at least the information referred to in Article 33 (3), litra a), b) and d) mentioned requirements for notification. These obligations apply regardless of whether the Supplier is responsible for the personal data breach. If Supplier or its sub-processors are not responsible for the breach, the Supplier’s assistance will be invoiced according to time spent. 

If the Customer does not instruct Supplier otherwise, the Supplier is entitled and obliged to delete the Customer’s personal data no longer than 3 months after the Agreement has been finally terminated. However, the obligations regarding the processing of personal data remain in force as long as the Supplier processes the Customer’s personal data. 

All matters relating to non-compliance, liability and compensation are regulated in the Agreement. 

Both parties shall keep records of processing activities referred to in Article 30 of the GDPR. If there are changes in the categories of personal data or categories of data subjects that the Supplier processes for the Customer, the Customer must immediately notify the Supplier thereof: 

categories of personal data

categories of data subjects

General personal data, including e-mail and name

End Users

Notices 

All written notices between the Parties shall be delivered by e-mail. 

Updates 

Supplier reserves the right to upgrade, modify, replace, or reconfigure the Service at any time upon at least 14 calendar days’ notice, for changes that significantly may affect the use of the service. Any future release, update, or other addition to functionality of the service shall be subject to these terms. 

Accessibility and Uptime 

Supplier endeavours to ensure that the Service is available 24/7, however, Customer accepts that Supplier does not warrant that the Service will be uninterrupted or error-free. The Service is provided on an “as is” and “as available” basis, without any warranties to the fullest extent permitted by law.

The Customer can access the Service through the browser. With the exception of Internet Explorer, the Service supports all new versions of standard browsers on the large platforms. Internet Explorer 11 on Windows, Chrome and Firefox on Linux, and browsers that use older versions of WebKit, Blink or Gecko are not explicitly supported. However, the Service should also (in most cases) display and function correctly in these browsers.

Severability 

Should any term or condition hereof be declared illegal or otherwise unenforceable, it shall be severed from the remainder of this Agreement without affecting the remaining sections.

Survivability 

The sections on confidentiality, liability, payment, reference, and dispute shall survive any termination of this Agreement.

Acceptance and Termination 

This Agreement is entered into by Customers electronic acceptance of these Agreement terms on Suppliers and is concluded upon Customers receipt of the confirmation e-mail from Supplier. The Agreement is valid until terminated by one of the parties in accordance with the applicable terms. 

Termination for cause In the event of a breach of this Agreement by either Party, the non-defaulting Party may give written notice of such default. If such notice is given, and the default is not cured within 30 business days following receipt of the notice, then this Agreement shall automatically terminate.  

Dispute 

Any dispute between Customer and Supplier must be settled under Danish law, with the exception of CISG, the District Court in Copenhagen as the agreed venue, with usual reference and appeal rights.

Shopping Basket