Terms & Conditions
General Terms and Conditions
Appendix 1: Data Processing Agreement (DPA)
Appendix 1.1: Instructions for the Processing of Personal Data
1. THE SERVICE
1.1 Mainter AB (hereinafter “Mainter”) has developed and provides the web based platform Mainter (hereinafter the “Service”). These General Terms and Conditions (hereinafter the “GTC”) apply to the Service and to any other services provided by Mainter.
1.2 The agreement (hereinafter the “Agreement”) between Mainter and the legal entity identified as the customer in the Customer Agreement (hereinafter the “Customer”) consists of:
(1) the Customer Agreement;
(2) the Data Processing Agreement (the “DPA”); and
(3) the GTC.
1.3 In the event of a conflict between the Customer Agreement, the DPA and the GTC, they will apply in the order of precedence as prescribed in Section 1.2 above.
1.4 The Contract Owner (defined in Section 18.1) represents and warrants that he/she/they have the authority to enter into the Agreement on behalf of the Customer and shall indemnify Mainter for any and all losses otherwise incurred by the company.
1.5 Mainter and the Customer are hereinafter individually referred to as a “Party” and jointly as the “Parties”.
2. RIGHT TO USE
2.1 Provided that the Customer fully complies with the provisions of the Agreement, and unless expressly stated otherwise, Mainter grants the Customer a non‑exclusive, non‑transferable, limited right to use the Service for its own use.
2.2 Except as set out in Sections 18.2 and 19.1, the Customer may not assign, transfer or sublicense its rights under the Agreement.
3. AVAILABILITY, INCIDENTS AND REMEDIATION
3.1 Mainter shall be responsible for making a back-up copy of the Customer data transferred to Mainter via the Service on a daily basis.
3.2 The Service is generally available 24 hours a day, seven days a week, 365 days per year. However, Mainter does not guarantee that the Service shall be free of faults or interruptions during the aforementioned period. Considering that the Service is web based, the Customer is aware and acknowledges that temporary Internet disruptions and delays do not constitute faults or interruptions in the Service. Mainter has no obligation to remedy faults or interruptions beyond its reasonable control, which Mainter could not reasonably have foreseen and the consequences of which could not reasonably have been avoided or overcome, including, but not limited to, faults, deficiencies or interruptions relating to the Customer’s hardware, software, or Internet access. Furthermore, Mainter shall have no obligation to remedy faults or interruptions where such is prevented due to a Force Majeure Event (defined in Section 10.4).
3.3 The Service may be taken offline from time to time for maintenance, support or updates (hereinafter “Maintenance”). Mainter reserves the right to interrupt the Service to perform Maintenance and will schedule Maintenance, where reasonably possible, during low‑usage hours. For Maintenance expected to exceed one (1) hour, Mainter shall notify the Customer in advance.
3.4 In the event there is a fault or interruption for which Mainter is responsible according to the Agreement, it will be remedied without cost for the Customer. A “fault or interruption” shall in this regard mean that the Service does not function as intended or is unavailable.
3.5 Remedial measures are performed on business days between 08:00 and 16:00 Swedish time (hereinafter “Office Hours”). Mainter undertakes to initiate remedial measures within forty‑eight (48) hours of receiving notice of the fault in respect of minor incidents and within five (5) hours in respect of severe incidents.
3.6 If a notice of fault is received outside Office Hours, the aforementioned time limits shall instead begin to run at 08:00 on the next business day. The term “initiate remedial measures” shall in this Agreement mean that Mainter personnel are actively working on the issue. In the event that Mainter is in delay with initiating the remedial measures, the Customer is entitled to a price reduction in proportion to the scope of the fault.
3.7 In conjunction with giving notice of faults, the Customer shall describe how the issue manifests and, upon request, demonstrate how the issue manifests itself.
3.8 The Customer must give notice of faults within fourteen (14) days of discovery or when they reasonably should have been discovered.
3.9 If Mainter determines that a fault reported by the Customer is not within Mainter’s responsibility, the Customer is obligated to reimburse Mainter for the costs Mainter have incurred due to the fault notice. If the Parties do not agree otherwise, such costs shall be based on Mainter’s hourly rate for consulting services, at any given time (the “Hourly Rate”). In this respect, Mainter charges for every commenced half hour of work.
3.10 Upon request and subject to availability, Mainter may assist with issues outside its responsibility according to this Section. Such work is charged based on the Hourly Rate.
4. SUPPORT
4.1 Mainter undertakes during the term of the Agreement to provide support for the Services. The term “Support” shall in this Agreement mean assistance enabling the Customer to use the Service as intended. Support is provided primarily via the help Section in the Service and secondarily via the contact form in the Service or via e‑mail to info@mainter.com. Support is only provided during Office Hours.
4.2 Mainter does not provide support in respect of Equipment (defined in Section 5.4). Upon request and subject to availability, Mainter may provide additional support, not encompassed under Section 4.1 (e.g. user training). Such support is charged based on the Hourly Rate.
5. CUSTOMER RESPONSIBILITIES
5.1 The Customer undertakes to ensure that the Customer and the Users (defined in Section 6.1) will:
(a) in conjunction with the use of the Service, comply with (i) the provisions of this Agreement, (ii) applicable laws, ordinances and decisions by governmental authorities, and (iii) instructions provided by Mainter from time to time in respect of the use of the Service;
(b) not upload or transfer to the Service any material containing viruses, trojans, or other malicious code (so-called malware) that could harm or impair the Service or interfere with Collaborators’ (defined in Section 18.1) or Another Customer’s use of the Service. The term “Another Customer” shall in this Agreement mean another customer who, by virtue of an agreement with Mainter, uses the Service in a manner comparable to that of the Customer;
(c) not take measures, the purpose of which is to circumvent Mainter’s security systems (e.g. by using a Collaborator’s or Another Customer’s username and/or password or providing a username and/or password to a third party) or attempt to test the security without Mainter’s prior written consent therefor;
(d) not decompile (reverse engineer) the Service;
(e) not take measures, the purpose of which is to afford the Customer unauthorized access to any system or network related to the Service, and
(f) not attempt to obtain data or content which was not intentionally made available or provided via the Service.
5.2 Breaches or attempted breaches of one, several or all provisions under Section 5.1 may constitute criminal offenses and Mainter may therefore involve relevant governmental authorities if deemed appropriate.
5.3 The Customer will indemnify Mainter and hold Mainter harmless (subject to the limitations set forth in Section 10) for any and all losses arising from the Customer’s or User’s breach of the Agreement.
5.4 As stated under Section 1.1, the Service is accessed via an Internet connection. Henceforth, certain hardware and software equipment as well as internet subscriptions (Hereinafter “Equipment”) is required. The Customer is responsible for procuring and maintaining Equipment at its own cost. Current technical requirements are available in our Data and Security Policy. Mainter is not liable for losses caused by faults in the Customer’s Equipment. The Customer is aware and acknowledges that upgrades and/or changes to the Service may require updates with regard to the Equipment in order to benefit from the improvements from such upgrade and/or change.
5.5 The Customer may not modify, publish, forward, distribute, display, transfer, sell, create derivative works from, or otherwise commercialize (e.g. in printed form or on another website or network-connected computer) any content of the Service (in whole or in part) without Mainter’s prior written consent.
6. ACCOUNTS AND CREDENTIALS
6.1 Each User must have an individual user account (hereinafter a “User Account”). The term “User” means an individual who is part of the Customer’s personnel (employees, consultants, or similar). User Accounts may be created by the Customer or by a User. The Customer is responsible for ensuring that the user details, which are supplied when creating the User Account (hereinafter the “User Details”) are complete and accurate. All User Accounts are administered by the Customer’s System Administrator (defined in Section 18.1), who has extended authorities when using the Service (including password policy enforcement in accordance with Section 6.3(a)).
6.2 Mainter can verify only whether valid credentials are used, not the identity of the person using them. Henceforth, the Customer is obliged to ensure that Users (i) do not disclose credentials, and (ii) prevent unauthorized access to credentials. If the credentials to a User Account are used by an unauthorized person or if the password regulation in Section 6.3 are violated, Mainter may suspend the User. In the event of a suspension, the Customer will be notified.
6.3 The Customer undertakes to ensure that Users:
(a) choose strong passwords. Subsequently, a password cannot be based on the name of the Customer/User and/or company/personal identification number,
(b) to carefully safeguard any notes regarding the password to the User Account,
(c) do not disclose passwords, and
(d) change passwords immediately in the event of any suspicion that an unauthorized person has learned the password.
6.4 If there is reason to suspect misuse of a username or password, the Customer must immediately (i) change the password, or (ii) block the User Account. The Customer is liable for losses Mainter incurs during the period that the User Account is misused, until such action prescribed in Section 6.4 (i) and (ii) is taken.
7. FEES AND PAYMENT
7.1 For the use of the Service, the Customer undertakes to pay Mainter fees in accordance with the Customer Agreement. Unless agreed otherwise, the fees will be invoiced and paid accordingly:
(a) Annual Agreement (defined in Section 11.1): charged either (i) annually in advance with a due date of 30 days, or (ii) monthly in advance by calendar month, usually invoiced on the first day of the calendar month and due on the last day of the same calendar month. The Customer Agreement specifies which payment rate that apply.
(b) Monthly Agreement (defined in Section 11.1): charged monthly in advance by calendar month, usually invoiced on the first day of the calendar month and due on the last day of the same calendar month.
7.2 The Customer may add or remove Users at any time by notifying Mainter. Fee adjustments (as specified in the Customer Agreement) take effect on the date of the change and are debited/credited at the beginning of the month immediately following the change.
7.3 The Customer may upgrade or downgrade the Service at any time during the term of the Agreement. Fee adjustments take effect on the date of the change and are debited/credited at the beginning of the month immediately following the change.
7.4 One‑off fees and work performed at the Hourly Rate are invoiced in arrears (payment term: 30 days net).
7.5 Unless otherwise agreed, invoices are issued in Swedish kronor (SEK) and shall be paid to the bank account stated on each invoice. Payment must be received by Mainter not later than the due date set forth on the respective invoice. In case of late payments, penalty interest shall be payable in accordance with the Swedish Interest Act (Swedish Code of Statutes1975:635, Sw; räntelagen). In addition, Mainter shall be entitled to charge the Customer statutory reminder fees, collection fees and comparable fees applicable from time to time.
7.6 In the event the Customer is of the opinion that an invoice is incorrect, the Customer shall notify Mainter within fourteen (14) days of receipt. If the Customer fails to notify Mainter within the prescribed period of time, the Customer shall be deemed to have waived its right to dispute the invoice, and payment shall be made accordingly.
7.7 Price reductions (e.g. under Section 3.6) and adjustments (e.g., under Sections 7.2 or 7.3) shall be set-off against Mainter’s subsequent invoices. In the event that the Customer, upon termination of the Agreement, has counterclaims not yet regulated in accordance with this Section 7.7, such counterclaims are no longer valid, i.e. Mainter has no obligation to pay such counterclaims after the Agreement has been terminated, regardless of the reason thereof.
7.8 In addition to Section 7.7, the Customer is only entitled to set-off counterclaims, if such counterclaims are confirmed by final judgment of a competent court, other enforcement order, or expressly accepted by Mainter.
8. SUSPENSION
8.1 Mainter may suspend the Customer from the Service immediately and until further notice if:
(a) payment is not received by the due date, or
(b) the Customer breaches the Agreement or if Mainter has reasonable cause to suspect such a breach.
8.2 The Customer is continuously obliged to pay the fees for the Service during the time of suspension. If grounds for premature termination do not exist (see Section 9), Mainter will restore access to the Service once the Customer is no longer in breach of the Agreement.
9. EARLY TERMINATION
9.1 In addition to what is set forth in other provisions in this Agreement, Mainter may terminate the Agreement immediately if full payment is not received within fourteen (14) days after the due date. Furthermore, Mainter may terminate the Agreement with thirty (30) days’ notice if the Customer changes the instructions for the processing of the Personal data (defined in Section 15.2) in a way that such processing becomes more burdensome for Mainter (other than insignificantly) than set out in the Instructions for the Processing of Personal Data.
9.2 In addition to what is set forth in other provisions in this Agreement, either Party may terminate immediately if
(a) the other Party materially breaches this Agreement and fails to fully rectify this breach within fourteen (14) days after receiving written notice therefor by the other Party, or
(b) the other Party (i) suspends payments, (ii) takes a decision regarding, or is placed into, liquidation, (iii) applies for, or is placed into, company reorganization or bankruptcy, or (iv) is otherwise reasonably deemed insolvent.
9.3 Early termination shall be in writing and made without undue delay following that the terminating Party became, or should have become, aware of the circumstance(s) that constitute grounds for the early termination.
9.4 Irrespective of whether the Agreement is terminated or not, a Party shall be compensated for any losses incurred as a consequence of the other Party’s breach of contract.
10. LIABILITY
10.1 Except as otherwise expressly stated in this Agreement, the following shall apply. Subject to the limitations set forth below, each Party shall be liable for direct losses caused by negligence of the Party, or that of those for whom the Party is responsible) in connection with supplying or using the Service. The term “Direct losses” means reasonable and verifiable additional costs incurred by a Party. Neither Party is liable for indirect or consequential losses, including but not limited to loss of profit in a Party’s or a third party’s business, failure to meet third party obligations, or the loss of benefit of the Agreement.
10.2 Mainter’s aggregate liability per year shall be limited to an amount equal to the actual annual fee for the Service (excluding work at the Hourly Rate).
10.3 The limitations in Sections 10.1 and 10.2 do not apply (i) to breaches of Sections 5, 6, 12, 14.3, 14.4 or 14.5, or (ii) to losses caused by intent or gross negligence.
10.4 Neither Party is liable for losses caused as a consequence of events beyond its reasonable control, which such Party could not reasonably expect and the consequences of which such Party could not reasonably have avoided or overcome, including but not limited to, accidents, explosions, armed conflict or similar conditions, riots, fire, lightning strikes, floods, leakage, power outages, unlawful industrial action, governmental actions or omissions, or new/changed laws (hereinafter a “Force Majeure Event”). The same applies if Mainter’s subcontractors or other cooperating partners are prevented from providing the Service due to a Force Majeure Event. The affected Party must notify the other Party without delay of the start and end of such Force Majeure Event. Once the Force Majeure Event ceases, the affected Party’s shall perform its obligations in accordance with this Agreement. If this is not done, the affected Party is not relieved from liability for its failure to fulfil its obligations under the Agreement.
10.5 Claims for losses shall be made within ninety (90) days of when the loss was or should reasonably have been discovered. If a Party has not brought a claim for compensation against the other Party within the prescribed time, the Party’s right to assert the claim is forfeited.
11. TERM AND EXPIRY
11.1 The Agreement comes into force on the date it is signed by the Parties. The Customer Agreement specifies whether it is an “Annual Agreement” or a “Monthly Agreement”. For each agreement type, the following applies:
(a) Annual Agreement: The Agreement is valid for twelve (12) months, upon which it is automatically renewed for twelve (12) months at a time, unless either Party gives written notice of termination at least one (1) month before the end of the relevant contract period.
(b) Monthly Agreement: The Agreement is valid for one (1) month, upon which it is automatically renewed for one (1) month at a time, unless either Party gives written notice of termination at least one (1) month before the end of the relevant contract period.
11.2 As a general rule, the Customer is well aware in advance that the Agreement will expire. It is therefore incumbent on the Customer to, prior to the expiry of the Agreement, export the information it has transferred to Mainter through the use of the Service (hereinafter the “Transferred Information”), which it wishes to retain.
11.3 However, if Mainter terminates the Agreement in accordance with Section 9, Mainter will provide at least thirty (30) days after expiry of the Agreement for the Customer to export Transferred Information, provided that all fees due have been paid.
11.4 In the event that Mainter is placed into bankruptcy and the Customer does not terminate the Agreement in accordance with Section 9.2 (b), the Customer may request at least thirty (30) days after expiry of the Agreement to export Transferred Information, provided that all fees due up to the time of the bankruptcy have been paid.
11.5 Upon request and subject to availability, Mainter may assist the Customer with the export of the Transferred Information. Such work is charged based on the Hourly Rate.
12. CONFIDENTIALITY
12.1 Each Party undertakes, without limitation in time, not to disclose Confidential Information, which a Party has received from the other Party pursuant to this Agreement. The term “Confidential Information” shall in this Agreement mean any technical, commercial or other information, except for information that
(a) is in the public domain or which enters the public domain in a manner other than as a consequence of a Party’s breach of the provisions of this Agreement,
(b) the receiving Party can prove that it already knew before it was received from the other Party, or
(c) a Party has received or will receive from a third party without being bound by a duty of confidentiality in relation thereto.
However, in cases referred to in Section 12.1 (c), the receiving Party may not disclose that the same information was also received from the other Party pursuant to this Agreement.
12.2 Each Party undertakes to ensure that its employees, consultants and board members who may access Confidential Information, do not disclose this information and that they are bound to hold such information in confidence to the same extent as the Party pursuant to this Agreement.
12.3 A breach of this provision shall be deemed to exist even without proof of intent or negligence.
12.4 Notwithstanding the provisions in Section 12.1-12.3, a Party may disclose Confidential Information to the extent required by law or an order of a competent court of law. During pending disputes before competent courts of law, a Party shall also be entitled to disclose Confidential Information in interactions with witnesses and otherwise make use of such information within the context of the proceedings. In addition, a Party shall be entitled to communicate Confidential Information to such Party’s attorney, auditors and other professional advisors who are bound by duties of confidentiality.
13. CHANGES
13.1 Mainter shall at all times be entitled to amend or change the Agreement (hereinafter jointly “Change”) in a way that (i) is minor and do not alter the meaning of the Agreement, or (ii) is required by law, regulation or decisions of courts of law or governmental authorities. Such changes take effect one (1) week after notice to the Customer.
13.2 In addition hereto, Mainter shall be entitled to adjust the price of the Services once per calendar year. Price adjustments take effect three (3) months after notice thereof to the Customer. The Customer is entitled to terminate the Agreement to end on the effective date of the price adjustment by giving written notice thereof no later than one (1) month before that date. If the Customer does not give such notice, the price adjustment is deemed accepted.
13.3 In addition to Section 13.1 and 13.2, if Mainter is acquired by, acquires, or merges with another company, Mainter is entitled to make Changes to this Agreement. Such Changes take effect three (3) months after notice thereof to the Customer. The Customer may terminate the Agreement to end on the effective date of such Changes by giving written notice thereof no later than one (1) month before that date. If the Customer does not give such notice, the Changes are deemed accepted.
14. INTELLECTUAL PROPERTY
14.1 All intellectual property rights and technical solutions in respect of the Service are the property of Mainter or a third party with whom Mainter cooperates. The Customer may use them only as necessary to use the Service under this Agreement.
14.2 In the legal relationship between the Parties, the Customer owns all rights to the Transferred Information. Mainter may use Transferred Information only to fulfill its obligations under this Agreement.
14.3 Mainter warrants and represents that the Service does not infringe any third party rights. The Customer shall without delay notify Mainter of any third party claims regarding infringement of copyright or other intellectual property rights in connection with the Customer’s use of the Service. In conjunction with an assertion of infringement for which Mainter is liable, Mainter shall, at its own cost, either (i) ensure that the necessary rights are obtained, or (ii) replace the disputed part of the Services.
14.4 The Customer warrants and represents that Transferred Information do not infringe any third party rights. Mainter shall without delay notify the Customer of any third party claims regarding infringement of copyright or other intellectual property rights due to the Transferred Information. In conjunction with an assertion of infringement for which the Customer is liable, the Customer shall, at its own cost, either (i) ensure that the necessary rights are obtained or (ii) remove the disputed Transferred Information.
14.5 Each Party undertakes to indemnify the other Party for any compensation and damages the other Party is ordered to pay by settlement or judgment due to an infringement of intellectual property, for which the indemnifying Party is responsible. Other than compensation for amounts which the other Party is obliged to pay to third parties, the other Party shall not be entitled to compensation for losses arising as a consequence of breach of this intellectual property law provision.
15. PROCESSING OF PERSONAL DATA
15.1 Mainter processes personal data from the Customer’s contact person in connection with entering into this Agreement, for the purpose of performing the Agreement. See Data and Security Policy for details. Upon request, the Customer may access documented instructions, security measures and processing logs as set out in the DPA.
15.2 Mainter also processes personal data on the Customer’s behalf in the capacity of a data processor, in accordance with data protection legislation applicable from time to time. Personal data processed includes:
(a) personal data provided by the Customer’s Contract Owner, Organization Administrator(s), System Owner and System Administrator(s) at the negotiations preceding this Agreement and during the term of the Agreement,
(b) User Details provided when creating a User Account,
(c) personal data provided by the Customer or Users in connection with support and incident matters and in conjunction with any continued contacts as a consequence of such matters, and
(d) personal data that the Customer processes in connection with its use of the Service.
The information in Section 15.2 above is hereinafter referred to as the “Personal Data”.
15.3 In its capacity as data controller, the Customer is responsible for ensuring that all processing of Personal Data is in accordance with data protection legislation applicable from time to time.
15.4 Personal Data is collected on behalf of the Customer and the processing of Personal Data takes place for the purpose of (i) Mainter being able to provide the Service, (ii) Mainter being able to protect its rights and perform its obligations under this Agreement, and (iii) Mainter being able to conduct marketing activities.
15.5 For the performance of the Service, Personal Data may be disclosed to third parties (subject to the DPA).
15.6 Processing of Personal Data is necessary for Mainter to perform its obligations. Mainter will process Personal Data in accordance with the attached DPA (Appendix 1).
16. AUTOMATED PROCESSING
16.1 Mainter uses automated processing, including artificial intelligence (hereinafter “AI”), to provide, maintain, improve, monitor and analyze the Service. Mainter is entitled to process the Customer’s data using third party tools and services (including AI‑based ones) for these purposes. Mainter is responsible for ensuring that such tools meet the requirements of data protection legislation applicable from time to time.
17. NOTICES
17.1 Termination and other notices under this Agreement (hereinafter a “Notice”) shall be made in writing and sent by e‑mail. Notices to Mainter shall be made to info@mainter.com (or as otherwise notified by Mainter to the Customer in accordance with this provision). Notices to the Customer shall be made to the e‑mail address registered in the Service by the Contract Owner. A notice shall be deemed to have been received by the receiving Party five (5) days after it was sent (unless actually received earlier).
18. MULTISITE – SPECIAL TERMS
18.1 In addition to the terms and concepts defined in the text, the following terms shall have the meanings set out below in the Agreement:
| Single‑Customer Multisite | A Customer with more than one System in the Service |
| Multi‑Customer Multisite | Multiple Customers forming an Organization with at least two Systems in the Service. |
| System | An instance of the Service. By default, the Service has one System (i.e. one instance). The Customer chooses how many Systems the Service shall include (e.g. one per plant) and which Systems each User may access. |
| Collaborator | Another customer granted access to one or more of the Customer’s Systems. |
| Organization | Multiple Customers collaborating in such a way that a Customer’s Users have access to another Customer’s System(s). |
| Contract Owner | A natural person authorized (i) to enter into the Agreement on behalf of the Customer, (ii) to make Changes on behalf of the Customer (including consenting to form an Organization), and (iii) to appoint Organization Administrator(s). |
| Organization Administrator | A natural person who, internally within the Organization, has the overall responsibility for administering and operating all Systems of the Organization. The Organization Administrator may appoint System Owners and System Administrators. The Organization Administrator is always a System Administrator for all Systems. A Customer may have multiple Organization Administrators. |
| System Owner | A natural person who, internally within the Customer, has overall responsibility for administering and operating all Systems of the Customer. The System Owner may appoint System Administrators. The System Owner may be a System Administrator (but does not have to be). A Customer may have multiple System Owners. |
| System Administrator | A natural person who, internally within the Customer, is responsible for administering and operating one or more Systems. |
18.2 If the Customer grants a Collaborator access to its Systems, i.e. an Organization is formed, the following applies.
18.3 By forming the Organization, Mainter consents to the Collaborator gaining access to the Customer’s System(s) to the extent that is (i) permitted by the Customer, and (ii) enabled by the functionality of the Service.
18.4 Each Customer has its own separate Agreement with Mainter. This entails i.a. the following:
(a) If a Collaborator is suspended from the Service (in accordance with Section 8.1), the Customer cannot access that Collaborator’s Systems during the suspension. This does not constitute a fault or interruption in the Service.
(b) If Mainter terminates a Collaborator’s agreement prematurely pursuant to Section 9 (or its equivalent of that agreement), the Customer loses access to that Collaborator’s Systems after the expiration of the agreement. This does not constitute a fault or interruption in the Service under this Agreement. For the avoidance of doubt, this does not give the Customer a right to premature termination of this Agreement.
(c) After a Collaborator’s agreement expires, Mainter has no obligation to provide the Customer with an opportunity to export the Collaborator’s Transferred Information, regardless of who uploaded it.
18.5 If information accessible to a Collaborator’s Users within an Organization constitutes Confidential Information, then, by forming the Organization, the Customer shall be deemed to have consented to the disclosure of such information to the Collaborator’s Users.
18.6 Within an Organization, the Customer and all Collaborators are jointly and severally liable for ensuring that Transferred Information does not infringe any third party rights (see Section 14.4). Consequently, the Customer and all Collaborators are jointly and severally liable for any resulting losses that Mainter may suffer as a result of the Transferred Information infringing third party rights.
18.7 If information accessible to a Collaborator’s Users within an Organization constitutes Personal Data, the Customer, by forming the Organization, shall be deemed to have instructed Mainter to disclose such data to the Collaborator’s Users.
19. MISCELLANEOUS
19.1 The Customer may not transfer or pledge the Agreement (in whole or in part) without Mainter’s prior written consent. Upon transfer, the transferring Customer is not liable for payment obligations arising after the transfer date. The acquiring Customer shall be responsible therefor. Furthermore, the acquiring Customer is not liable for payment obligations arising before the transfer date. The transferring Customer shall be responsible therefor. Any fees paid by the transfer Customer for periods following the transfer date are non‑refundable and not credited against the acquiring Customer’s fees. Mainter is entitled, in its sole discretion, to transfer its rights and obligations pursuant to the Agreement in connection with group restructuring or in connection with a transfer of the business conducted by Mainter.
19.2 In the event that any provision of this Agreement becomes illegal, invalid or for some other reason unenforceable, such provision will be severed from the other provisions of the Agreement, and such severance shall not affect the validity or enforceability of the remaining provisions. In such case, the invalid provision shall be replaced with a valid provision agreed upon by the Parties in order to achieve the same result, both economically and otherwise.
19.3 This Agreement constitutes the Parties’ full agreement in respect of the issues addressed by the Agreement. Any and all prior written or oral commitments and representations preceding this Agreement shall thus be replaced by the contents hereof.
19.4 Apart from what is set forth in Section 13, amendments and changes to this Agreement shall be in writing and signed by both Parties.
20. GOVERNING LAW AND DISPUTES
20.1 This Agreement shall be governed by Swedish law (without reference to its conflict of laws principles).
20.2 Any dispute, controversy or claim arising out of or in connection with the Agreement, or the breach, termination or invalidity thereof, shall at all times initially be the subject of negotiations between the Parties. In the event the Parties have not, within a period of thirty (30) days following a demand by a Party for negotiation, reached an agreement regarding a resolution of the dispute, the dispute shall be finally settled by arbitration in accordance with the Rules for Expedited Arbitrations of the SCC Arbitration Institute.
20.3 The seat of arbitration shall be Umeå, Sweden. The language to be used in the arbitral proceedings shall be Swedish.
20.4 Arbitral proceedings conducted with reference to this arbitration clause will be kept strictly confidential. This confidentiality undertaking shall cover all information disclosed in the course of such arbitral proceedings, as well as any decision or award that is made or declared during the proceedings.
20.5 Notwithstanding the foregoing, Mainter may pursue uncontested and due claims under the Agreement or seek enforcement before a competent court or public authority.
Appendix 1 – Data Processing Agreement
1. INTRODUCTION
1.1 This DPA applies between the Parties in respect of the Personal Data processed by Mainter on behalf of the Customer.
2. DEFINITIONS
2.1 In this DPA, the terms defined in the Agreement shall have the meanings ascribed to them in the Agreement (unless otherwise expressly stated). In this DPA, the terms set forth below shall have the following meanings.
| AI | Artifical intelligence. |
| AI Act | Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024. |
| Area | The countries included in the European Economic Area (EEA) and Switzerland. |
| Automated Processing | Automated processing means every form of processing of Personal Data with assistance from technical aid (e.g. computers, software or systems) without the involvement of a natural person performing every step. This includes, inter alia, collection, analysis, sorting and decisions made based on Personal Data. Automated processing may occur when done in accordance with a predetermined set of rules thereof, or through advance technology, such as AI. |
| Cyber Security Breach | An event that results in, or constitutes a risk that it may result in, the information security being jeopardized in terms of confidentiality, integrity or availability, in particular as it pertains to Personal Data or systems being processed. |
| Data Subject | A natural person to whom Personal Data pertains. |
| DPA | This Data Processing Agreement and amendments and supplements thereto in accordance with the provisions of the Agreement. |
| GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. |
| Instruction | The Customer’s instruction for processing Personal Data (see Appendix 1.1 of this DPA). |
| Personal Data | All information pertaining to an identified or identifiable natural person, whereupon an identifiable natural person is a person who may be directly or indirectly identified particularly by reference to an identifier such as a name, an identification number, localisation data or online identifier or one or more factors specific to that natural person’s physical, physiological, genetic, psychological, economic, cultural or social identity. |
| Processing | A measure or combination of measures in respect of Personal Data or sets of Personal Data, whether carried out automatically or not, such as the collection, registration, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Sub-processor | The party retained by Mainter to Process, as personal data sub-processor of Mainter, Personal Data on behalf of Mainter. |
3. BACKGROUND
3.1 The GDPR requires a written data processing agreement when a party is to Process Personal Data on behalf of another party.
3.2 Since the Agreement may entail that Mainter Processes Personal Data on behalf of the Customer, the Parties have entered into this DPA in order to govern the scope and details of such Processing.
4. PERSONAL DATA PROCESSING
4.1 In conjunction with the Processing of Personal Data pursuant to the Agreement, Mainter shall ensure that such Processing occurs in accordance with the GDPR and other applicable laws or regulations governing the Processing of Personal Data and shall accept amendments and supplements to the Agreement necessary in order to fulfil the requirements of the GDPR or other applicable law in respect of the Processing of Personal Data.
4.2 Mainter and the person or persons working under the guidance of Mainter may only Process Personal Data in accordance with the Instructions appended to this DPA or other instructions provided by the Customer from time to time. Unless otherwise agreed between the Parties, an amendment of the Instruction shall enter into force sixty (60) days after notice thereof have been received by Mainter. The content of the Agreement and the Instructions set out the subject of Processing of Personal Data, the duration, nature and purpose of the Processing, the type of Personal Data and the category of Data Subjects.
4.3 From time to time, Mainter uses Automated Processing – including the use of AI – in the performance of the Service. If Automated Processing occurs without the Processing of Personal Data, no Instruction from the Customer is necessary. Conversely, if Automated Processing of Personal Data occurs, Mainter shall only perform such Processing in accordance with an explicit Instruction from the Customer. Mainter may not use Personal Data for the purpose of AI system training, without prior written consent from the Customer.
4.4 Mainter may not release Personal Data or other information regarding the Processing of Personal Data without an explicit Instruction from the Customer. However, the aforementioned shall not apply where Mainter is obliged to do so according to law or pursuant to an order issued by a governmental authority or competent court of law.
4.5 Unless otherwise expressly stated in the Agreement, Mainter shall not be entitled to take measures in respect of Personal Data which Mainter obtains from the Customer (i) for purposes other than to fulfil its obligations pursuant to the Agreement, or (ii) in some manner other than in accordance with Instructions from the Customer.
4.6 Taking into account the nature of the Processing, Mainter shall, to the extent possible, assist the Customer by means of suitable technical and organisational measures such that the Customer can fulfil its obligations to respond upon request to exercise the Data Subject’s rights in accordance with Chapter 3 of the GDPR.
4.7 The Customer shall be responsible for ensuring that the Processing of Personal Data takes place in accordance with the GDPR. The Customer shall ensure that Mainter receives the necessary and complete Instructions in respect of the manner in which the company shall perform its engagement. In the event Mainter lacks the Instructions deemed necessary by Mainter in order to perform the engagement on behalf of the Customer, Mainter shall notify the Customer thereof without delay. The Customer shall provide Instructions without delay. In addition, Mainter shall notify the Customer without delay in the event an Instruction contravenes the GDPR or other applicable law in respect of the Processing of Personal Data.
4.8 In the event a Data Subject, the Swedish Data Protection Authority (Sw: Datainspektionen) or other authorised third party requests information from Mainter concerning the Processing of Personal Data, Mainter shall refer to the Customer.
4.9 Mainter shall inform the Customer, without delay, in respect of any contacts from the Swedish Data Protection Authority concerning, or which may be significant to, the Processing of Personal Data. Mainter shall not be entitled to represent the Customer in relation to the Swedish Data Protection Authority except where otherwise separately agreed upon by the Parties.
5. INFORMATION SECURITY
5.1 Taking into account the latest developments, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, Mainter shall implement appropriate technical and organisational measures in order to ensure a suitable security level in relation to the risks including, where applicable:
(a) pseudonymisation or encryption of Personal Data;
(b) the ability to continuously ensure the confidentiality, integrity, accessibility and resistance of the processing systems and services;
(c) the ability to restore accessibility and availability of Personal Data within a reasonable period of time in conjunction with a physical or technical incident; and
(d) a procedure for regularly testing, examining and evaluating the effectiveness of the technical and organisational measures which ensure the security of the Processing.
5.2 Mainter shall protect the Processed Personal Data from unintentional or illegal destruction, loss or alteration, unauthorised disclosure and unauthorised access.
5.3 Mainter shall assist the Customer in order for the Customer to fulfil its obligations in respect of data protection and impact assessments thereof. In addition, Mainter shall, to the extent possible, assist the Customer by means of suitable technical and organisational measures such that the Customer can fulfil its obligations to reply, on request from Data Subjects, in respect of the exercise of the Data Subjects’ rights in accordance with Chapter 3 of the GDPR.
5.4 In the event that the Service at any time contains Automated Processing, which is classified as a high risk according to the AI Act, Mainter shall
(a) inform the Customer thereof, in a manner that is clear. Such notice shall contain information regarding transparency, surveillance and the occurrence or non-occurrence of human control in relation to the Automated Processing; and
(b) assist the Customer in the performance of data protection impact assessments (DPIA) in accordance with article 35 of the GDPR.
5.5 Mainter has established the routines and processes it deems necessary to discover, report and manage Cyber Security Breaches. In the event of a Cyber Security Breach that risks affecting the Processing of Personal Data, the availability of the systems or other security aspects of the Service, Mainter undertakes to, without unreasonable delay, notify the Customer thereof. The notice shall contain a description of the nature of the breach, possible consequences, the measures taken or proposed to be taken as well as contact information in the specific matter.
6. PERSONAL DATA BREACH
6.1 Mainter shall take all necessary measures in order to assist the Customer in fulfilling its obligations in reporting personal data breaches to competent supervisory authorities and, where required in accordance with the GDPR, to the Data Subjects. In conjunction with the occurrence of a personal data breach, Mainter shall, without unreasonable delay after the personal data breach, notify the Customer thereof.
6.2 In any event, notices of personal data breach shall contain:
(a) a description of the nature of the personal data breach including, where possible, the categories of and approximate number of Data Subjects affected by the personal data breach;
(b) the name and contact information of the personal data representative or other contact information where additional information regarding the personal data breach may be obtained;
(c) a description of the probable consequences of the personal data breach; and
(d) a description of the measures which Mainter has taken or proposed to be taken to remedy the personal data breach including, where possible, measures to mitigate the potential negative effects.
6.3 Where the Customer so requests, Mainter shall assist the Customer in communicating the personal data breach to Data Subjects.
7. SUB-PROCESSOR
7.1 Mainter shall be entitled to freely retain Sub-processors. In the event a Sub-processor is appointed, Mainter shall enter into a data processing agreement with the Sub-processor containing provisions comparable to those in this DPA and which otherwise comply with the GDPR.
7.2 Mainter shall bear liability as principal for the work of the Sub-processor which shall not entail any change in the allocation of responsibility between the Parties pursuant to this DPA. Furthermore, Mainter shall be obliged, in conjunction with the use of Sub-processors, to ensure that such Sub-processors comply with the provisions of this DPA including, but not limited to, the provisions regarding Information Security in Section 5 above and that Processing of Personal Data by such Sub-processor otherwise takes place in accordance with the GDPR.
8. TRANSFER OF PERSONAL DATA OUTSIDE THE AREA
8.1 In the absence of prior written consent from the Personal Data controller, Mainter shall not be entitled to relocate, store or in any other manner Process Personal Data of the Customer outside the Area.
8.2 In the event the Customer has provided its consent for the transfer of Personal Data to countries outside the Area, Mainter undertakes to ensure the legal basis for such transfer by means of, for example, entering into, on behalf of the Customer, with the Sub-processor, such standard contractual clauses as have been produced by the European Commission for the transfer of Personal Data to third countries.
8.3 The Customer shall be entitled at any time to revoke such consent as provided in accordance with this Section 8. Following revocation of consent, Mainter shall immediately cease transferring Personal Data and, upon request, confirm in writing that such transfer has ceased.
9. CONFIDENTIALITY
9.1 Mainter undertakes not to disclose or in any other manner reveal information regarding the Processing of Personal Data covered by this DPA to any third party with the exception of Sub-processors appointed in accordance with the provisions of this DPA.
9.2 Mainter hereby undertakes to ensure that only those persons who work under Mainter’s management who require access to the Personal Data for the performance of Mainter’s obligations pursuant to this DPA or the Agreement shall be granted access to the Personal Data. Mainter shall ensure that such persons are bound by confidentiality to the same extent (at a minimum) as Mainter pursuant to this DPA.
9.3 In the event a Sub-processor is appointed, Mainter shall ensure that the Sub-processor is bound by confidentiality to the same extent (at a minimum) as Mainter pursuant to this DPA.
9.4 Mainter shall not be entitled to use such information regarding the Processing of Personal Data for purposes other than as expressly set forth in this DPA.
9.5 Section 12 (Confidentiality) of the General Terms and Conditions shall also apply in respect of information covered by this confidentiality undertaking.
10. LIMITATION OF LIABILITY
10.1 Mainter shall, in relation to the Customer, be liable for direct losses, subject to the limitations following from Section 10 (Liability) in the General Terms and Conditions, which arise as a consequence of the Processing of Personal Data in the event Mainter has not performed its obligations in accordance with the GDPR specifically applicable to Mainter or has acted beyond, or in contravention of, this DPA or otherwise in contravention of Instructions.
10.2 Mainter shall not be liable in accordance with the above if Mainter can demonstrate that it is not responsible in any respect for the event causing the loss.
10.3 The Customer undertakes to compensate Mainter for any compensation, damages or equivalent which Mainter – by settlement, judgment or comparable – is ordered to pay provided that the claim is a consequence of the Customer’s inadequate or erroneous Instructions to Mainter.
10.4 However, the Parties are aware that the limitation of liability according to Section 10.1 of this DPA is not valid (i) if a supervisory authority or a competent court of law imposes an administrative fine on a Party, (ii) if a Party has a right of recourse by virtue of being obligated to pay an administrative fine or damages, which rightly should have been imposed on the other Party (either individually or in solidarity), or (iii) in the event of a claim for damage from a Data Subject.
11. INSPECTION
11.1 The Customer, or a third party acting on the Customer’s behalf, shall be entitled, at its own cost, to examine whether Mainter has complied with this DPA. Mainter shall provide the Customer with the assistance necessary for such examination. In the event the Customer is of the opinion that Mainter has been deficient in any respect regarding the Processing of Personal Data, Mainter shall immediately comply with any Instructions provided by the Customer in order for Mainter to fulfil its undertakings pursuant to this DPA.
12. COMPENSATION
12.1 No separate compensation shall be payable for Mainter’s Processing of Personal Data pursuant to this DPA.
13. TERM OF AGREEMENT
13.1 This DPA shall apply during the term of the Agreement.
14. MEASURES UPON TERMINATION
14.1 After the Processing on behalf of the Customer has ceased, Mainter shall return or delete the Personal Data in accordance with the Customer’s instructions thereon provided that storage of the Personal Data is not required by any law applicable to Mainter. In the event the Personal Data is to be returned, such shall occur without unreasonable delay and in a general and readable digital format.
Appendix 1.1 – Instructions for processing of Personal Data
The purpose of this appendix 1.1 is to describe the Processing of Personal Data carried out by Mainter on behalf of the Customer. The defined terms used in this appendix shall have the meanings ascribed to them in the Agreement and/or the DPA.
PURPOSE OF THE PROCESSING
The purpose of Mainter’s Processing of Personal Data on behalf of the Customer is to provide the Service offered by Mainter pursuant to the Agreement. In order for a person to be able to use the Services, a User must be registered. In conjunction with registration of a User, the name and e-mail address of the User must be submitted. The purpose of registering this information is to ensure that Mainter shall be able to identify the user and ensure secure login. As regards to the Customer’s Contract Owner, Organization Administrator(s), System Owner and System Administrator(s), the aforementioned information shall also be stored in Mainter’s business system and CRM system. Mainter also Processes such Personal Data provided by the Customer and the User from time to time when using the Service.
Mainter Processes Personal Data for the following purposes:
(a) The provision of the Service to the Customer; and
(b) The provision of support and remedial measures in respect of the Service.
CATEGORIES OF PERSONAL DATA
The following categories of Personal Data will be Processed:
(a) E-mail address and name in respect of the User; and
(b) Other Personal Data provided by a User to the Service by means of Transferred Information.
CATEGORIES OF DATA SUBJECTS
The Personal Data Processed pertains to the following categories of Data Subjects:
(a) The Customer’s employees and representatives (including the Customer’s consultants);
(b) Other persons appointed by the Customer as Users of the Service; and
(c) Other persons for whom the Customer is the personal data controller of Personal Data in accordance with law or agreement.
MEASURES WITHIN THE CONTEXT OF PROCESSING
Mainter stores information regarding Users for each Customer in order to make possible the use of the Service and saves information regarding the Customer’s Contract Owner, Organization Administrator(s), System Owner and System Administrator(s) for contact regarding contractual issues. Documents and other Transferred Information provided by a Customer to the Service is stored in Mainter’s system for the purpose of providing the Service to the Customer.
LOCALISATION
All data is localised in the Area.