Appendix 1 – Installation & training

Installation services are charged at a premium rate with an hourly fee based on applicable rate, unless otherwise expressly stated in the agreement. By ”installation” is meant new installation of hard- or software, change of registration number, re-programming, adjustments in databases and additions to previously installed hard- or software.

Client is responsible for, in immediate connection with delivery, checking delivered equipment. Should there be defects, OPEN shall be notified hereof within 3 (three) working days from when the delivery arrived to the Client.

Client is responsible for recording any control units (cash registers) with the Swedish Tax Agency

Client is responsible for, in immediate connection with installation/delivery, checking delivered software, programming and settings. Should inaccuracies exist, OPEN shall be notified hereof within 3 (three) working days from when installation/delivery was completed for Client. Client is responsible for ensuring that pre-programmed data and settings are in compliance with applicable recommendations and regulations regarding bookkeeping, VAT, supplying information etcetera.

Prior to delivery, OPEN wishes to receive complete documentation and programming instructions from Client with at least two weeks’ advance notice. The accounting number for selected redeemers (Visa/MasterCard, American Express, Diners) needs to be sent well before delivery, preferably a minimum of two weeks ahead of time. OPEN has the right to determine when delivery or installation may be carried out.

Prior to delivery and installation, the Client is responsible for ensuring that equipment such as the required amount of electrical sockets and internet connections are in place. The Client is also responsible for having technically skilled staff on-site in such cases where OPEN does not have full access to the equipment on the Client’s premises. If this does not exist prior to installation, the installation may be denied and a surcharge may be charged in the amount of SEK 750 per hour.

Appendix 2 – Operating, support and service agreement

OPEN has a standard support via telephone and e-mail available on standard working days between in 08.00-17.00 (Sweden), 08.00 – 16:00 (Norway).

Outside of standard opening hours, OPEN provides a free emergency service for operational disturbances and technical difficulties. This emergency service is available at all hours and days outside of standard opening hours, year-round (Sweden) and Norway 16-08.

Generally, for questions not related to operational disturbances and technical difficulties, standard opening hours apply.   Other assistance such as user support and technical guidance outside of standard opening hours are charged at applicable emergency hourly rate.

Upon contact with OPEN’s support, the Client’s matter is registered in OPEN’s business system. The Client will be assigned a matter number which will then be used as reference for feedback. Upon change of status, the Client is kept up-to-date with what happens in the matter. The registered matter is sorted into a system of priority (high, medium, low). Matters with high priority are generally associated with stoppage in operations/sales and will be handled immediately.

Warranty, service and exchanges
For defects in hardware, the client files its own error report under the heading Support at www.openpos.tech.

For equipment and parts, warranty periods and conditions issued by the manufacturer apply. For financing agreements via OPEN’s chosen partner, the extended warranty period for capital goods applies during the entire original rental period. However, the extended warranty period does not cover an extended or prepaid financing agreement.

For defect covered by warranty, OPEN will, for most products, send a replacement unit when receiving a completed error report from Client. The Client is then responsible for returning the defective unit to OPEN without delay.

OPEN is not responsible under the warranty for wear-and-tear on products such as batteries and keypads, nor for abnormal wear-and-tear/use of the products.

Contact information
– Client registered in Sweden

The Client may always call OPEN at +46 (0)10 – 410 2000 for technical support. During standard opening hours you select touchtone 2 for technical support. Outside standard opening hours, the Client instead selects touchtone 4 for technician on duty.

The Client may also file a support matter by visiting OPEN’s website www.openpos.tech and selecting the tab Support or by sending an e-mail to support@openpos.tech.

– Client registered in Norway

The Client may always call OPEN at 23031200 for technical support.

The Client may also file a support matter by visiting OPEN’s website www.openpos.tech and selecting the tab Support or by sending an e-mail to support@openpos.tech.

Who can contact OPEN

In order to prevent unnecessary disruptions in the Client’s business operations, OPEN does not have restrictions on who may contact our support technicians. However, OPEN would be grateful if OPEN, together with the Client, could appoint a standard contact person who may gather any questions. That way, the risk of misunderstandings or shortcomings in feedback caused by complicated contact routes is diminished.

Appendix 3 – General Terms and Conditions

General

(1) These general terms and conditions shall be applied between the Client and OPEN regarding delivery of products and services according to a business proposal with appendices applicable between the parties (the ”Agreement”). These general terms and conditions shall be considered an integrated part of the Agreement. In the event of conflicting information in the Agreement, the business proposal itself and other appendices shall take precedence over these general terms and conditions.

Contract period and termination

(1) The contract period is forty-eight (48) months unless otherwise specified in the Agreement. The contract period starts when both parties have signed the Agreement and delivery of the products has been made. The Agreement remains valid throughout the entire contract period and may not be terminated in advance without consent from OPEN.

(2) Notice of termination of the Agreement shall be made in writing no later than six (6) months prior to the expiration of the contract period. Upon termination, the Client shall provide OPEN with requested information. Following termination, any information is saved for a period of two (2) weeks.

(3) If the Agreement is not terminated in accordance with what is prescribed in section 2(2) above, the contract period is extended by twelve (12) months at a time.

(4) Upon termination of the Agreement, the Client shall pay for and be responsible for the immediate return of the equipment covered by the Agreement.

(5) Upon termination of the Agreement during the current contract period, no fees will be refunded for the current period.

(6) OPEN is entitled to terminate the Agreement effective immediately if the Client (i) suspends its payments, goes into liquidation, is declared bankrupt or initiates composition proceedings or otherwise may be feared to be insolvent according to OPEN’s assessment, or (ii) is in breach of any regulation in the Agreement or other agreement entered into by the Client in connection with the Agreement (for example financing agreement regarding equipment).

(7) Should OPEN cancel the Agreement according to the above or on any other grounds, OPEN is entitled to remuneration for products and services provided under the Agreement as well as damages from the Client.

Fees and payments

(1) As payment for the products and services provided by OPEN under the Agreement, the Client shall pay fees and remunerations to OPEN in accordance with what is stated in the Agreement. Fees and remunerations shall be paid in advance on invoice. Payment terms are fourteen (14) days from date of invoice, unless otherwise specified in the Agreement. Interest on late payment is payable under the Interest Act.

(2) Invoicing is preferably handled by third party (currently Visma Collectors AB). The Client shall without delay notify OPEN if an invoice is inaccurate. 

(3) The prices and fees included in the Agreement are exclusive of VAT and other taxes declared after the Agreement was entered into. The prices are stated in SEK unless otherwise specified in the Agreement. Unless stated otherwise, the prices for services and licenses stated in the Agreement shall be adjusted upwards by three (3) percent at each subsequent turn of the calendar year throughout the contract period. OPEN also has the right to carry out price changes during the contract period due to exchange rate fluctuation.

(4) If the Client does not pay on time, OPEN is entitled to interest on late payment under law as well as the right to withhold/abort delivery of products and services under the Agreement.

(5) If the Client is in default of payment for more than ten (10) days following demand from OPEN that the Client shall pay the overdue amount, OPEN may through written notice to the Client cancel the Agreement in its entirety.

Transfer of the Agreement

(1) The Client may not transfer the Agreement onto a third party without the prior written consent of OPEN.

(2) OPEN may transfer the right to receive payment under the Agreement without the Client’s consent. Furthermore, OPEN may delegate operations, maintenance and development under the Agreement to a third party without the Client’s consent.

Dispute

– Client registered in Sweden

(1) Swedish law shall be applicable on the Agreement.

(2) Disputes regarding the interpretation or application of the Agreement and legal relationships associated therewith shall be finally settled by arbitrators in accordance with Swedish law.  If dispute arises and the value of the claim does not exceed 25 times the price base applicable at the time of claim for arbitration according to the National Insurance Act (SFS 1962:381), the dispute shall be settled by public court with Gothenburg city court as first instance.

– Client registered in Norway

(1) Norwegian law shall be applicable on the Agreement.

(2) Disputes regarding the interpretation or application of the Agreement and legal relationships associated therewith shall be finally settled by arbitrators in accordance with Norwegian law.  If dispute arises and the value of the claim does not exceed 25 times the price base applicable at the time of claim for arbitration according to the Swedish National Insurance Act (SFS 1962:381), the dispute shall be settled by public court with Oslo city court as first instance.

– Client registered in Finland

(1) This Agreement shall be governed by, and construed, in accordance with the laws of Finland. It is expressly agreed that the United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.

(2) Disputes regarding the interpretation or application of the Agreement and legal relationships associated therewith shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The arbitral tribunal shall be composed of one (1) sole arbitrator and the language of the arbitration shall be English. The seat of arbitration shall be Helsinki, Finland. In case dispute arises and the value of the dispute does not exceed 25 times the price base applicable at the time of claim for arbitration according to the Swedish National Insurance Act (SFS 1962:381) the dispute shall be settled by the District Court of Helsinki, as the first instance.

 OPEN’s responsibility

(1) The Client shall without delay report occurrence of defects in products and services provided under the Agreement to OPEN. In order to claim defects, the Client shall report the defect to OPEN within reasonable time following the Client’s discovery of the defect as well as state and, if necessary, demonstrate how the defect manifests.

(2) Remedy of defects is made through correction, when possible for OPEN, or through instructions on circumvention of the defect that does not cause significant inconvenience to the Client. Should OPEN be unable to meet the agreed specification through remedy, OPEN shall propose other measures including exchange for other, equivalent, products. The Client shall accept measures proposed by OPEN if the delivery thereby meets the Agreed specification and the measures do not cause the Client inconvenience.

(3) Should OPEN or other party ship exchange hardware to the Client in connection with defect, the Client is responsible for returning the defective hardware without delay to a return address provided by OPEN. Upon shipment of hardware, the Client is charged the shipping cost applicable at the time. Upon the Client’s return of the hardware reported as defective, OPEN covers the shipment cost. Any returns shall arrive at the return address designated by OPEN within five (5) working days. Upon delayed return, a delay charge applicable at the time will be applied. Returns that have not arrived within ten (10) working days are invoiced at the full amount. All returns made to the return address provided by OPEN shall be sent by delivery. For shipment via private package, registered mail, or similar services, the Client is charged the handling cost applicable at the time.

(4) If the Client has reported a defect and no defect for which OPEN is responsible exists, the Client shall remunerate OPEN according to price list applicable at the time for the provided service.

(5) If OPEN does not remedy defect with the urgency warranted by the circumstances, the Client may, in writing, give OPEN a final and reasonable deadline for remedying. If the defect is not remedied by the time the deadline expires, the Client is entitled to reduction of the price/fee corresponding to the defect.

(6) Each night, OPEN performs backup of fourteen (14) days of history. Backup requires that the Client has a functioning internet connection which may be connected to OPEN’s backup servers. OPEN shall not be held responsible when backup has not been performed due to negligence or non-completion on the part of the Client, nor due to circumstance over which OPEN had no control.

(7) OPEN has the full right to log on to the Client’s system in connection with troubleshooting and updates. Information gathered from data inside the system may not be copied or transferred to third party.

(8) OPEN is only responsible for hardware that OPEN itself has delivered. The hardware is only covered by the applicable manufacturer’s guarantee unless otherwise expressely agreed with the Client in writing.

(9) OPEN is only responsible for such software that is provided under the Agreement.

(10) OPEN’s commitment towards the Client does not cover laws, standards, requirements, regulations, or alike, which have entered into force after the Agreement.

(11) OPEN’s liability for defects does not include (i) defects caused by the Client’s use of equipment, accessories, computer software etc. not approved by OPEN, (ii) defects caused by changes or interventions made by the Client without OPEN’s consent or through the Client’s negligence, (iii) defects caused by viruses or other outside attacks, unless introduced by OPEN through negligence, or defects caused by third party in other way or through other circumstances outside OPEN’s control, such as defects in equipment, accessories or computer software not included in the delivery under the Agreement and/or (iv) normal wear-and-tear or that consumable items must be acquired.

(12) OPEN’s liability for defects in products and services provided under the Agreement is limited to what is stated above unless there is intent or gross negligence and the Client cannot direct other claims against OPEN due to defects under the Agreement.

The Client’s undertakings

(1) Client is responsible for ensuring that the Client’s information processed by OPEN under the Agreement does not infringe on third party rights or is otherwise in breach of applicable legislation.

(2) The Client does not have the right to install additional software, during or after the agreement, in hardware delivered by OPEN without OPEN’s express written consent. Likewise, the Client does not have the right to install additional software in or connected to OPEN’s computer software and services.

(3) The Client is responsible for taking prompt action if OPEN urges the Client to remove information or other software which is not deemed acceptable or is in breach of other condition in the Agreement.

(4) OPEN is entitled to verify information handled under the Agreement in connection with troubleshooting or if there are suspicions of violation of these terms. OPEN also has the right to, effective immediately, delete or move information handled within the subscription if this information causes damages to OPEN’s clients, servers, networks or third party.

(5) The Client is responsible for ensuring that payment card information such as payment card number, payment card agreement, receipts etc. are in compliance with the standards set out by Visa/MasterCard, Diners, Amex and other payment card issuers. All agreements on payment card redemption shall be complied with in order for the Agreement to be valid. Upon misuse, OPEN has the right to suspend the Client and secure the information.

(6) Prior to delivery and installation, the Client is responsible for ensuring that the necessary equipment such as electrical sockets and internet connection is in place and that necessary actions and preparations for payment card traffic have been carried out. The Client is also responsible for ensuring that technically skilled personnel is on-site where OPEN does not have full access to the necessary equipment.

(7) Upon installation and delivery of security measures necessary in order to receive card payments, it is necessary that these are kept intact. Upon necessary changes affecting the security such as new security certificates, change of access points, network traffic and servers, the Client shall contact OPEN prior to making alterations.

(8) When the Client has received a certificate (VPN), the Client must keep the certificate in a safe location and, in the event of theft or alike, it shall be blocked via telephone call to OPEN. Regardless of time of day, a theft report shall be made to the switchboard number +46 (0)10-410 2000. 

(9) Upon infringement attempt on programming code or use of VPN-certificate in order to infringe or damage OPEN’s servers, OPEN is entitled to suspend the Client effective immediately.

(10) The Client alone is responsible for ensuring that the business takes out necessary insurance. The condition applies both to clients with short-term rent and other variations on agreements.

(11) The Client is responsible for continuously keeping OPEN up-to-date on current invoicing, delivery and contact information. Should payment be delayed due to inaccurate invoicing address, it is incumbent on the Client to carry any late fees or other additional fees. Should delivery be delayed due to inaccurate delivery address, OPEN cannot be held responsible for the delay.

(12) The Client is responsible for registration and deregistration of equipment with necessary authorities.

Software licenses, installation and support

(1) Software license is required for use of computer software provided by OPEN.

(2) Technical support is included during regular Swedish office hours, weekdays from 08.00 until 17.00 (Monday – Friday), Noray office hours, weekdays from 08.00 until 16.00 (Monday – Friday) excluding public holidays for each country. By ”technical support” is meant technical guidance and assistance regarding the software delivered by OPEN. The support does not include defects or disruptions caused by events outside OPEN’s control or commitment. Technical guidance and assistance concerning matters outside the scope of technical support above is charged at an hourly rate in accordance with OPEN’s applicable price list.

(3) Emergency service regarding technical support is free of charge only for technical defects which cause imminent disruption in system operation such as stoppage in sales. By ”emergency service” is meant technical guidance and assistance outside of regular opening hours for software delivered by OPEN. The emergency service does not cover defects or disruptions caused by events outside OPEN’s control or commitment. Technical guidance and assistance concerning matters outside the scope of technical defects, included in the Agreement, is charged at an hourly rate in accordance with OPEN’s applicable price list.

(4) Technical support included in the Agreement is limited to no more than eight (8) hours per month. For additional hours, an hourly fee per each hour started may be charge. The hourly fee is charged based on applicable rate unless stated otherwise in the agreement.

Use of products and services

(1) OPEN has full ownership of its computer software and systems. The Client does not under any circumstances have the right to source code, information or databases. The Client is not entitled to carry out adjustments directly in database or otherwise make alterations in information unless specifically intended for the Client. The Client may not copy computer software or documentation.

(2) The Client may not lend or lease out products and services provided by OPEN under the Agreement or otherwise reassign its user right without OPEN’s approval.

(3) The Client shall care for and maintain equipment provided by OPEN under the Agreement so that the equipment remains in good, working and legal condition.

(4) The Client is, regardless of negligence, liable for all loss of or damage to equipment provided by OPEN under the Agreement. If equipment is damaged, lost or otherwise rendered useless, the Client shall immediately notify OPEN of the damage in writing. The Client is not entitled to deduction on fees or expenses or extensions on payments of these fees and expenses under this agreement due to equipment being damaged, under repairs or potential exchange.

 Short-term lease

(1) What is stated in this Section 10 applies in such cases where OPEN leases equipment to the Client for a limited time, so-called short-term lease, and is then applicable in addition to what is otherwise stated in these general terms and conditions. In such cases, what is stated in this Section 10 takes precedence over what is otherwise stated in these general terms and conditions regarding contradictions.

(2) For short-term lease, the agreed-upon rental period applies without notice period.

(3) Upon delayed or missing return of short-term leased equipment, an extension fee equivalent to the agreed-upon rent is charged. The fee is charged for every started period covered by the delay. Should the equipment for some reason not be possible to return, a price for redemption of the equipment is charged in addition to the rental cost, fixed by OPEN based on current market price based on the equipment’s nature, condition and age.

(4) The Client is responsible for maintaining a full value insurance during the entire short-term lease from the time the equipment reaches the Client’s business until it has been returned to OPEN.

(5) At the time of installation; internet connection and networks shall be active upon arrival. When incomplete upon delivery, OPEN is entitled to charge an hourly cost. The Client is also responsible for ensuring that the products are protected from the weather.

(6) The client is responsible for ensuring that there are 2 network sockets no farther than 1 meter from each location where the cash system is to be installed, which then includes a cash register and a payment terminal. Should several payment terminals be connected, there will need to be more network sockets.

Financing agreement

(1) What is stated in this Section 11 only applies in cases where equipment provided under the Agreement is financed by third party through special agreement, so-called financing agreement, with the Client and then applies in addition to what is otherwise stated in these general terms and conditions. What is stated in this Section 11 then takes precedence over what is otherwise stated in these general terms and conditions in cases of contradictions.

(2) What is stated in the Agreement shall apply between the Client and OPEN notwithstanding that the Client has entered into a financing agreement regarding the equipment.

 Limitation of liability, force majeure

(1) If OPEN is prevented from fulfilling its undertakings under the Agreement by circumstance which party could not have controlled, for example lightning strike, labor dispute, fire, amended government regulations, government intervention and defects or delays in services provided by subcontractors due to circumstances specified herein, this shall constitute exemption which causes postponement of agreed-upon time for performance and discharge from damages and other possible penalties. OPEN is also not liable for damages caused by viruses, unauthorized breach or unauthorized influence over OPEN’s servers.

(2) OPEN’s liability for damages under the Agreement shall, unless there is intentional or gross negligence, be limited to direct damage of an aggregated amount equivalent to fifty (50) percent of the remuneration OPEN has received from the Client during the current calendar year for current licenses. OPEN is not, unless there is intent or gross negligence, in any case liable for missing profit or other indirect damage or loss including the Client’s possible liability to pay damages to third party or loss of information.

 Miscellaneous

(1) Regarding processing of personal data, the conditions listed in ”Appendix 4 – Personal Data Processing Agreement” apply.

(2) In accordance with applicable law, the Client alone is responsible for the registrations, applications for changes and deregistrations which shall be carried out towards the Swedish Tax Agency. OPEN may, in cases where specifically agreed, undertake to carry out new registration of cash register, however never changes or deregistrations. If this has not been expressly agreed in writing, it is always the Client’s responsibility to handle this. In cases where OPEN has undertaken to carry out new registration, the responsibility to ensure that such registration has been made correctly still lies with the client. The Client may check both the information and time through contact with the Swedish Tax Agency and review the confirmations sent to the client by the Swedish Tax Agency. OPEN does not under any circumstances acquire neither legal nor fiscal liability for ensuring registration of correct information or within deadline.

Appendix 4 – Personal Data Processing Agreement

Security in Open

At Open, we are committed to ensuring the security and protection of the Personal Information that we process, and to provide a compliant and consistent approach to data protection. We secure a robust data protection program which complies with existing law and abides by the data protection principles.

We are dedicated to safeguarding the Personal Information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the regulations.

Privacy Policy

According to Article 4 of the General Data Protection Regulation (GDPR), “personal data” is all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”), which can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The legal basis of data protection can be found in the GDPR legislation. Open will only process personal information transmitted to or collected by us to meet our legal or contractual obligations to our customers, employees and suppliers and to provide our services.

General

In addition to concepts and terms otherwise defined in the Agreement, the following definitions are used in this appendix:

”Data processor” is OPEN.

”Data controller” is the Client.

”Processing (of Personal Data)” shall have the same meaning as in applicable Personal Data Legislation;

”Personal Data” shall have the same meaning as in applicable Personal Data Legislation and which the Client is the Data Controller for, which OPEN shall Process according to the Agreement;

”Personal Data Breach” shall have the same meaning as in applicable Personal Data Legislation.

”Personal Data Legislation” refers to the at each time applicable Swedish legislation regarding the Processing of Personal Data or the common EU rules on Data Protection, especially the Swedish Personal Data Act (SFS 1998:204) and the EU regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), which shall be applied as of 25 May 2018 and will replace the Swedish Personal Data Act; and

”Third country” refers to a state which is not part of the European Union or connected to the European Economic Area.

Concepts and terms relating to Processing of Personal Data that are not defined in the Agreement shall be considered to have the same meaning as the concepts and terms evident from applicable Personal Data Legislation when Processing Personal Data.

OPEN’s obligations

OPEN shall consider what is stated in the special instruction to OPEN, see Section 3 below. Aside from what is otherwise evident from the Agreement, it is OPEN’s responsibility to:

1. 1. ensure that the Processing of Personal Data is done in accordance with applicable Personal Data Legislation;
   2. assist the Client in ensuring that the obligations according to applicable Personal Data Legislation are fulfilled, taking into account the type of Processing and the information available to OPEN;
   3. only Process the Personal Data on behalf of the Client and in accordance with the Client’s documented instructions (which for the sake of clarity shall mean that the Processing only is done for the purpose the Client has decided). If OPEN does not meet the instructions given to the processor, OPEN shall immediately inform the Client hereof, whereupon the Client is entitled to temporarily stop the Processing, demand the return of the Personal Data and/or terminate the Agreement entirely;
   4. immediately inform the Client if OPEN finds that an instruction is in breach of applicable Personal Data Legislation;
   5. without undue delay, but not later than 36h, notify the Client if OPEN discovers completed cases of or attempts at unauthorized access to Personal Data;
   6. without delay respond to all questions posed by the Client concerning the Processing of Personal Data and grant the Client access to all information required in order to demonstrate that the obligations laid down in applicable Personal Data Legislation have been fulfilled;
   7. keep a record of all categories of Processing performed on behalf of the Client, including names and contact information, transfer of Personal Data to Third country or an international organization, where applicable, and, if possible, a general description of technical and organizational security measures;
   8. implement authentication and log of the systems where Personal Data is Processed with the objective to enable the Client to review and secure integrity and confidentiality for the Personal Data, including protection against intentional or unlawful destruction, loss or change or unauthorized disclosure of or unauthorized access to Processed Personal Data;
   9. , at the request of the Client, enable and contribute to review of the facilities where Processing of Personal Data takes place in order to secure and prove that the Processing is done in accordance with the Agreement and that the obligations set forth in applicable Personal Data Legislation have been fulfilled. The audit shall be carried out by the Client or the person/persons authorized by the Client, assuming these individuals are bound by adequate confidentiality agreement;
   10. Implement suitable technical and organizational measures in order to ensure and be able to demonstrate that Personal Data is not Processed in an unlawful or illegal manner, or in such a way which makes them risk falling into the wrong hands, and to ensure that these (considering the latest development, implementation costs and the nature, scope, context and purpose of the Processing) maintain a security level appropriate in relation to the risk of compromising natural persons’ rights and freedoms;
   11. refer to the Client without delay if third party requests information from OPEN concerning the Processing of Personal Data, unless such notice in unlawful under criminal liability (for example in order to maintain confidentiality in a criminal investigation) and, upon request, co-operate with the responsible supervisory authority for the performance of its tasks and inform the Client hereof without delay;
   12. assist the Client through appropriate technical and organizational measures, to the extent this is possible, so that the Client may fulfil its obligation to respond to request for exercise of the Data Subject’s rights under applicable Personal Data Legislation;
   13. not transfer the Personal Data to Third country without written consent from the Client; and
   14. ensure that only authorized persons may Process Personal Data through implementing authentication and log of the systems where Personal Data is Processed, as well as ensure that these have undertaken to exercise confidentiality or are subject to an appropriate statutory duty of confidentiality.
   15. The parties are responsible for fulfilling their own obligations under the terms of the Agreement and applicable Personal Data Legislation and the consequences of failure to comply with the regulations

Instructions to OPEN

(1) In order to provide payment services under the Agreement, OPEN will receive and Process Personal Data in cash registers, payment terminals, card redemption and associated services. The processing refers to storage of information in OPEN’s internal systems such as CRM-system, ERP-system, Partner portal, Backups as well as, within the Client’s solution, storage of information which the Client itself records via OPEN’s computer software.

(2) Categories of Data Subjects are OPEN’s employees and the Client’s end customers, employees and partners/suppliers and the types of Personal Data that will be Processed are names, addresses, contact information (e-mail & telephone numbers), payment information, customer number, employee number, and in the form of agreement also copy of ID-card, account statement and the Client’s named contact persons. Personal identity numbers and corporate identity numbers may also be stored.

(3) Personal Data will be Processed for as long as it is required (i) for providing the payment services and (ii) in accordance with applicable laws and regulations.

(4) Processed Personal Data is collected from the Client and stored in the Data Processor’s database, which may be stored with the Client but also centrally with OPEN. The information will be transferred by use of encrypted data traffic. Connection for external data communication shall be protected with such technical function that ensures that the connection is authorized. Personal Data transferred via computer communications shall be protected through encryption.

(5) No sensitive Personal Data och special categories of Personal Data may be Processed by the Client. Information on payments and similar financial transactions will however be Processed.

Subcontractors

(1) OPEN may not hire another Data Processor without obtaining special or general permission from the Client.

(2) If OPEN hires another Data Processor, OPEN shall guarantee that such subcontractor’s Processing is carried out with consideration of the obligations OPEN must adhere to according to Section 2 above.

(3) OPEN shall keep a record of subcontractors and representatives of OPEN who Process Personal Data and shall, upon the Client’s request, provide a list of these.

(4) If OPEN appoints a subcontractor for Processing Personal Data, OPEN shall inform the Client of such subcontractor’s identity and, upon the Client’s request, where Personal Data will be Processed, as well as other relevant information attributable thereto such as copy of the agreement between OPEN and the subcontractor.

(5) OPEN is fully liable towards the Client for any subcontractors.

Obligations after termination

(1) The parties agree that the following shall apply after the termination of the Agreement. OPEN shall (and, where applicable, ensure that the subcontractor shall) return all Personal Data to the Client or delete these, and delete existing copies, providing that OPEN is not hindered to do so on account of storage being required according to Union law or national legislation. If the Client decides that Personal Data shall be deleted, OPEN shall notify the Client when this has been done.

(2) If OPEN, due to applicable legislation, is hindered from deleting or returning Personal Data, the Data Processor shall guarantee confidentiality for this Personal Data and that it will not continue to Process these, or pseudonymize Personal Data in a way that makes it impossible to trace to a single individual.

Handling and communicating a Personal Data Breach to the supervisory authority

(1) Once OPEN becomes aware that a Personal Data Breach has occurred, OPEN shall notify the Client without undue delay. If and to the extent it is not possible to provide the information at the same time, OPEN may provide the Client with the information in turns without unnecessary further delay.

(2) OPEN shall without undue delay, but not later than 36h, investigate a Personal Data Breach and take action in order to alleviate the potential negative effects of the Personal Data Breach, identify its root cause(s) and prevent similar Personal Data Breaches. OPEN shall work together with the Client in order to protect physical Data Subjects’ rights and freedoms. The parties undertake to co-ordinate corrective and alleviating measures taken and planned.