Terms of Use and Privacy Legislation

Terms of Use and Privacy Legislation

1. GENERAL TERMS

The agreement is valid as long as the Customer has an agreement with ITassist for one or more Services. Special terms for certain Services are set forth in the document. Services not specifically mentioned are governed by the General Terms and Conditions.

The Agreement shall mean this document, as well as any offer documents, specifications and order forms used in connection with the Services. Customer shall mean the customer who enters into an agreement with ITassist for the provision of the Service. The Service or Services shall mean the services ITassist provides in accordance with the offer letter, including specifications. Software shall mean the standard computer software(s) offered by ITassist to access the Services, with any additional modules, whether developed by ITassist or third parties.

The Customer is responsible for all content posted and communicated via the Services and retains ownership and copyright to all material submitted by the Customer. Everything published on the Service must be in accordance with applicable legislation. This includes that the Customer undertakes not to make available or store content that is threatening or offensive, to forge senders, to send spam and chain letters, to spread viruses, to break into ITassist or others' servers, or to store personal data in violation of applicable legislation. Any violation of this may result in ITassist closing the Service immediately and terminating the Agreement. ITassist may access and make copies of the Customer's stored data when there is a suspicion that the Customer is sending or publishing illegal or inappropriate content via the Service. The Customer is obliged to store the username and password for the Service in such a way that no one other than the Customer has access to it. The customer is obliged to immediately report suspected losses. The Customer is solely responsible for use and misuse of the Service performed using the Customer's access information.

​1.1 MATTERS RELATING TO THIRD-PARTY FUNCTIONALITY

Where functionality in a Service is dependent on third party software, platform, service or other form of performance ("Third Party Functionality"), ITassist is not responsible for errors or omissions resulting from changes or lapses in Third Party functionality occurring after the earlier date of a binding offer being made by ITassist or a binding agreement to perform the Service. Any work performed by ITassist to restore functionalities in the Service that have been changed or lapsed as a result of such changes to the Third-Party functionality is performed without separate agreement on an hourly basis to ITassist at the standard hourly rates.

​1.2 INTELLECTUAL PROPERTY RIGHTS

No copyrights or other intellectual property rights are transferred to the Customer upon entering into or executing this Agreement. The Customer only has access rights to intellectual property rights developed and/or made available to the Customer in connection with the Services for the agreed number of users and within the limits of this Agreement. The right of use is conditional on the Customer's compliance with this Agreement. The customer undertakes not to copy/transfer templates and documentation to third parties.

If a third party claims that the Service infringes its copyrights or other intellectual property rights, and this is due to circumstances for which ITassist is responsible, ITassist may, in its sole discretion, choose between obtaining the Customer the right to continue use, or making replacements or changes so that said right is not infringed. If, in ITassist's opinion, none of these options can reasonably be applied to the Service, the Customer may not assert any liability to ITassist as a result of infringement of third party copyrights or other intellectual property rights.

​1.3 SERVICE

In the event of missing or late payment beyond 30 days after the due date, ITassist may terminate the Agreement with immediate effect and claim compensation for its financial loss. In case of non-payment beyond 30 days after the due date, the service may be closed without prior notice.

​1.4 LICENSES

The number of named users of the solution is revised on 1 December each year. According to the license agreement with the customer, the license costs for the next 12 months are revised based on this measurement. In the event of an increase of more than 10% of the user base since the previous license review, the customer is obliged to notify this to ITassist, so that a new license agreement can be drawn up based on new license figures. The Customer may not claim a reduced license cost in the period up to 1 October. ITassist will perform occasional measurements of named users, and will notify the customer of any findings that may affect license costs. It is not allowed to create more users than you have acquired a license for. A user license is also unique and cannot be used by others.

​1.5 DURATION

Unless explicitly agreed otherwise, ITassist services will run for a minimum of 12 months after the end of the year in which the Delivery Day occurred. Thereafter, the Service continues for one year at a time with a 3-month mutual notice period before the end of the period. Upon termination of the Agreement, the Services with content will not be supported, and content may be deleted by ITassist to the extent that the information is on ITassist's servers. Any agreements entered into with third parties continue to run independently of this Agreement on the terms applicable in relation to the third party concerned.

​1.6 TERMINATION AND COMPENSATION

ITassist is only liable for direct losses caused by negligence and indirect losses caused by gross negligence or wilful misconduct on the part of ITassist. ITassist's total liability is limited to 25% of the original contract value (estimated cost of performing the Service excluding VAT and any ongoing maintenance fee for 12 months, or actual cost, if less).

​1.7 MISUSE

Neither the Customer nor anyone for whom the Customer is responsible shall exploit any security holes or weaknesses in the Service to cause damage or increase the risk of damage occurring. If such circumstances are discovered or if the Customer suspects that username/password has gone astray, the Customer is obliged to notify ITassist immediately. Continued use after such discovery is considered a material breach of contract. The Customer shall indemnify ITassist for any losses ITassist may incur as a result of the Customer or someone responsible for using the Service in violation of what follows from the Agreement. The Customer's material breach of contract entitles ITassist to terminate the Agreement with immediate effect.

​1.8 DEFECTS AND COMPLAINTS

ITassist strives to deliver a good and reliable Service that meets the Customer's needs and is of good technical standard. It may be considered a defect if the Service deviates significantly from the Agreement. However, ITassist cannot represent that the Service is error-free or that outages will not occur. The service is not scaled for operation and maintenance of mission-critical systems or specially developed software, and ITassist disclaims any liability for losses related thereto. The following conditions are considered to constitute a deficiency: a. Significant performance issues with the Service, when this is not related to the Customer's use of the Service or conditions on the Customer's side (e.g. use of less widespread browsers and/or template languages or due to Third Party functionality). b. Upgrades of the Software that have significant negative consequences for the Service provided that the templates, operating system, integrations or code libraries used are newer than 2 years or the browser is no more than one major version older than the previous version. ITassist has the right and duty to remedy deficiencies that are notified without undue delay, provided that there is a valid agreement and agreed remuneration for the Service has been paid. If the defect is immaterial to the Customer's use of the Service, ITassist lapses its obligation to remedy the defect. Troubleshooting and error correction are invoiced according to the hourly rate if it turns out that the error is not due to errors or deficiencies for which ITassist is responsible.

​1.9 OPERATION AND MAINTENANCE

ITassist will operate the Services on servers of a subcontractor to ITassist if this is stated in the agreement. (If the customer has local installation, a separate point will have to be created for regulating operation and maintenance.) Operation includes commissioning of standard software at ITassist, access and operation of agreed capacity, non-exclusive right of use, error correction of significant errors, as well as free user support according to agreement, provided that agreed remuneration has been paid. ITassist makes daily backups of content stored on ITassist's servers to ensure the most stable service, but ITassist recommends that the Customer backs up important content and important files as manual retrieval of deleted content is not included in the Service. The service has a scheduled maintenance / backup period between 02.00 and 05.00 every night, beyond this the solution will be up. Planned maintenance and backup can cause slowness and instability in the solution. ITassist will also monitor and seek to resolve Service errors as soon as they are detected. In the case of local operations, the company itself is responsible for backup, security and compliance with privacy legislation.

​2.0 OTHER CONDITIONS

The Customer may not assign its rights and obligations covered by the Agreement without the prior written consent of ITassist.

2.1 NORWEGIAN LAW

The agreement complies with Norwegian law in the event of disputes and disagreements.

3.0 DATA PROTECTION LAW

Sources: The Personal Data Act (https://lovdata.no/dokument/NL/lov/2018-06-15-38) and the New Personal Data Act valid from 20 July 2018 (https://www.regjeringen.no/no/tema/statlig-forvaltning/personvern/ny-personopplysningslov/id2340094/)

This clause 2.1 regulates the rights and obligations of the parties with regard to the Processing of Personal Data under the Agreement. By Data Processing Agreement is meant this clause 2.1 of the Agreement. The purpose of the Data Processing Agreement is to ensure that Personal Data is processed in accordance with the requirements of the Privacy Legislation (Personal Data Act of 14 April 2000 No. 31, the Personal Data Regulation of 15 December 2000 No. 1265 and the EU General Data Protection Regulation No. 2016/679 (GDPR) and subsequent legislation replacing or supplementing these). The Customer is the Controller of the Personal Data Processed under the Agreement and ITassist is the Data Processor. Capitalized words under this clause 2.1 and subsections shall be understood as defined in the Data Protection Law, unless defined in the Agreement.

​3.0.1 DESCRIPTION OF THE PROCESSING

Personal data Processed for the purpose of being able to provide the requested Services by the Customer. Which Personal Data is processed depends on which Services ITassist will provide under the Agreement, as well as to a certain extent on what use the Customer makes of the relevant Service.

The categories are Customer representatives, partners, employees, customers and end users. The processing includes types of personal data such as name, email, telephone number and other contact information, username and password.

​3.0.2 THE CUSTOMER'S OBLIGATIONS

The Customer undertakes that ITassist may Process Personal Data of End Customers in connection with the Services provided under the Agreement. The Customer shall have established internal procedures that meet the requirements imposed on the Controller in the Data Protection Legislation. The Customer shall generally act loyally towards ITassist and immediately inform ITassist of matters that may affect the Processing of Personal Data under the Agreement.

​3.0.3 ITASSIST'S DUTIES

Internal control: ITassist has established technical and organizational measures to ensure that Personal Data is Processed in accordance with what follows from Data Protection Legislation, including GDPR Article 32, and the terms of this Data Processing Agreement. ITassist is obliged to ensure that data processing agreements are in place with subcontractors that ensure that the Personal Data is Processed in accordance with what is stipulated in this section 2.1.3 of the Agreement.

Assistance to the Customer: ITassist shall, taking into account the nature of the processing and to the extent possible, assist the Customer, by means of appropriate technical and organisational measures, in fulfilling the obligation to respond to requests from data subjects for the exercise of their rights. Taking into account the nature of the processing and the information available to ITassist, ITassist shall assist the Customer in ensuring compliance with its obligations pursuant to GDPR Articles 32-36. Assistance under this point of agreement is provided on an hourly basis to ITassist at all times applicable standard hourly rates.

Limitation of availability and authority to instruct: ITassist shall only Process the Personal Data in accordance with this Data Processing Agreement, which shall be considered an exhaustive expression of the Customer's instructions. If ITassist Processes the Personal Data in violation of this Data Processor Agreement, or in violation of the provisions of Data Protection Legislation, the Customer may order ITassist to stop the further Processing of the Personal Data, unless ITassist is considered the Data Controller for that particular Processing.

Disclosure and confidentiality: ITassist shall not disclose the Personal Data without the Customer's prior express permission, or there is a statutory obligation to disclose the Personal Data. Disclosure pursuant to this provision does not consider that authorized personnel of ITassist or ITassist's subcontractors are given access to Personal Data necessary to perform the Agreement. ITassist shall ensure that persons granted access to the Personal Data have a duty of confidentiality. If there is no statutory duty of confidentiality, these persons must instead submit a confidentiality agreement. This provision also applies after the Processing has ceased.

Use of subcontractors: ITassist may use subcontractors to provide the Service to the Customer. ITassist will notify the Customer 14 days before the change of subcontractor. If the Customer does not accept a change of subcontractors, this must be submitted in writing to ITassist within 7 days after the Customer has received notification of the change of subcontractor. If the parties do not agree, the Customer has the right to terminate the Agreement. ITassist enters into written data processing agreements with the subcontractors, which impose the same obligations on the subcontractors as ITassist under this Data Processing Agreement. ITassist is responsible for the Processing done by the subcontractors.

ITassist uses Terrahost in Sandefjord (org. no.: 995474921) to operate its cloud-based solutions. ITassist is responsible for technical and user support.

Transfer to Third Countries: Personal data will not be transferred to a country outside the EU/EEA that does not ensure proper Processing of Personal Data ("Third Countries") without a valid transfer basis established in advance. If the provision of the Services requires the Processing of Personal Data by a subcontractor in a Third Country, the Customer will be asked to sign the EU standard contractual clauses for the transfer of Personal Data to Third Countries unless there is another legal basis for the transfer in question, such as the EU-US Privacy Shield for transfers to the USA.

Information security: ITassist undertakes, through data processing agreements with its subcontractors, to require them to establish suitable technical and organizational information security measures, which are in reasonable proportion to the risk represented by the Processing. This also includes measures to ensure that persons who have authorized access to the Personal Data only Process these in accordance with this Data Processing Agreement and the Customer's instructions. The measures must be documented.

Nonconformity notice in the event of a security breach: ITassist requires its subcontractors to notify ITassist of security breaches that have resulted in the unlawful destruction, loss, alteration, unauthorized disclosure of or access to the Personal Data processed under the Agreement. ITassist undertakes to pass on such notification to the Customer without undue delay. Access to information and security audits: ITassist shall, upon request, as far as possible, provide the Customer with access to all information necessary to demonstrate that the Processing takes place in accordance with this Data Processing Agreement. The customer has the right, upon request, to see audit reports from ITassist's subcontractors, unless special circumstances prevent this. The Customer has the right to independently, or through an independent third party, conduct an audit of ITassist's compliance with this Data Processor Agreement. ITassist may be subject to a maximum of one audit per year. The Customer covers its own costs related to audits performed by the Customer or by third parties on behalf of the Customer.

​3.1 LANGUAGE

The Software in the Service is provided in English and Norwegian.

​3.2 COMPATIBILITY REQUIREMENTS

The software in the Service is certified to support the Firefox browser in all locations where the solution requires data processing/searching. In the event of any claim for bug fixes / warranties on browsers other than Firefox, this will be improved, but no guarantee is given.

​3.3 DISPUTE RESOLUTION

Disagreements or conflicts between the parties regarding the content and implementation of this Agreement shall be sought to be resolved through negotiations. If such proceedings do not succeed within 30 days, either party may require the matter to be settled by arbitration in accordance with the Law on Procedure in Disputes of 13 August 1915, No.6 ch.32.

​3.4 DELETION OF DATA

If the customer wishes to have data deleted that the customer believes violates privacy laws, send an email to [email protected]