Terms of Service


Information about Just Klingit AB

These terms and conditions (the “Terms“) are applicable to all services provided by Just Klingit AB (Reg. No. 559287-1304) “Just Klingit AB“, “us“, “our” or “we“).

By “you“” we mean the legal entity that is ordering Services under these Terms, any of your affiliates together with your and your affiliates’ employees and representatives.

When we refer to the “parties” we mean you and us together.

Klingit aims to make the world’s companies look a little better. We offer innovative design services through our unique platform

Contact information

You may contact us by using any of the contact details set out below “Contact Information“):
Telephone number:
 08-21 15 00
Email address:
 [email protected]

Agreeing to the terms

By creating an Account and using the Services you agree to the Terms. Please make sure that you have read and understood the Terms beforehand. If you do not agree to these Terms, you must not create an Account or use the Services.


Account” means the account that you register and create on the Site and/or in the App.

App” means our application accessible via computer or mobile device relating to the Services.

Contact Information” means the information set out above.

Functions” means the Site, the App, your Account and the Services, jointly.

Privacy Policy” means our Privacy Policy (https://klingit.com/privacy-policy/) which describes how we process your personal data.

Services” means the services described under section “Services” below which we have made available through the Site and the App, together with any such other related goods, equipment, services and information made available by us to you.

Site” means our website (https://klingit.com) relating to the Services.

Subscription Period” is defined under section “Term and termination” below.


Description of the services

We provide Klingit aims to make the world’s companies look a little better. We offer innovative design services through klingit.com. We provide automated design services in combination with project managers and distributed teams of designers working all over the world. (the “Services“). More information about the Services can be found on the Site and in the App.

Setting up an account

For ordering of the Services, you must create an Account. You are not allowed to transfer the Account to others, and you may only sign up one (1) Account. Once an Account has been successfully created, and payment has been made where prepayment is required, the Services will be available and ready to use or order, as instructed on the Site and in the App.

Order Services

The Services shall be ordered in accordance with the instructions on the Site and the App.

Our confirmation of your order will take place when we email you and/or send you a confirmation in the App, at which point a contract will come into existence between you and us.

Delivery of services

During the order process we will let you know when and where we will provide the Services to you.


Eligible customers

We offer the Services to companies and other legal entities. You warrant that you are authorised to enter into these Terms on the behalf of the legal entity as well as to use all Functions.

These Terms constitute the entire agreement between us in relation to the Services. You warrant that the persons ( e.g. employees and representatives) you authorise to create Accounts and use the Services have read and understand the Terms. You are at all times responsible for the use of Services under these Terms, including by such persons – as if it was you using the Services.

Use of the functions

When you use the Functions, you must always comply with all applicable laws, regulations and public orders. You shall not access the Site or the App other than through interfaces provided by us and as otherwise expressly authorised under these Terms. You may not use the Functions in a manner contrary to our, or any third party’s, rights and interests. You agree to comply with all instructions and recommendations provided by us from time to time.

You agree to be responsible for all activities that occur under your Account. Credentials for your Account must be kept secure at all times and you are forbidden to share data relating to your Account with any third parties. Should you suspect that your Account or your credentials have been or are being used by a third party you must contact us immediately by using any of our Contact Information.

You also agree not to:

  • Defame, abuse, harass, threaten or otherwise violate the legal rights of any third party or us;
  • Publish, post or – in any other way express – any material or information that is inappropriate, defamatory, infringing, obscene, pornographic, racist, terrorist, politically slanted, indecent or unlawful;
  • Contribute to destructive activities such as dissemination of viruses, spam or any other activity that might harm us, the Site and/or the App in any way;
  • Monitor the Services’ availability, performance or functionality for any competitive purpose, meaning, for example that you agree not to access the Services for the purpose of developing or operating a competitive product or service or copying the Services’ features or user interface; or
  • Resell or in any way redistribute results generated in the Site and/or the App or use the Services in order to create a competing service or product.

We may have to suspend the supply of any of the Functions to:

  • Deal with technical problems or make minor technical changes; or
  • Update changes to the Functions to reflect changes in applicable laws regulatory requirement.

We will contact you in advance in the event we need to suspend the supply of any Service. This does not apply if the problem is urgent or an emergency.

We are entitled to decline or adjust an order from you and close down your Account in the event that you provide us with untrue, inaccurate, not current, or incomplete information when creating your Account. This shall also apply if you fail to comply with these Terms (for example if you have not paid for the Services in time) or other mandatory provisions by law. Upon occurrence of any of these events, we will contact you and request that you remedy your breach of these Terms.

Your provision of content

The Site and/or the App include(s) functions for uploading and storing of files and other information provided by you (“Content“). You are responsible for all distribution and other actions by you and in your.

By adding Content to the Site and/or the App, you warrant that you are a) the owner of the uploaded Content or b) entitled to manage the Content in such way and that the Content or your use of the Content in no way violates any applicable legislation. We will not supervise whether any Content is lawfully uploaded or distributed through the Site and/or the App.

By adding Content to the the Site and/or the App, you are aware that, depending on the settings of your Account, such Content might be shared with others. We are not liable for any loss of Content and we advise you to always keep your own backup of your Content. We do not take any responsibility with regards to the validity of Content provided by you.


Price information

Payment for use of the Services are made periodically in advance or in arrears. Each payment will cover a Subscription Period during which you will have access to the Services.

You must pay all applicable fees as set out and described on the Site and/or the App for the Services that you have selected. The prices for the Services are set out on the Site and/or in the App and include any explicitly set out relevant delivery costs, value added tax (VAT) or other fees and taxes. The price of the Services provided to you will be the price indicated on the order pages when you placed your order.

We have the right to change the prices for the Services. If we change the prices, we will notify you in advance. Price changes will take effect at the start of the Subscription Period following the date the prices where changed. By continuing to use or access the Services after the price changes come into effect, you agree to be bound by the new charges. You are entitled to cancel your subscription at any time, and you will continue to have access to the Services throughout your current Subscription Period. If you have been offered Services for a specific term and price, that price will remain in force for that agreed time.

Where you have signed up to use the Services during a trial period, you will have access to all or some of the Services (as further described on the Site and in the App) free of charge during such trial period.

Prices, Terms And Conditions For Klingit Services 

Klingit sells subscription-based designs and design services at fixed rates. Alongside ongoing assignments at hourly rates. 

The terms and conditions for Klingit’s subscription-based services are listed below.

A: Unless otherwise agreed upon separately and explicitly, a period of notice of at least three (3) months is standard. The services are invoiced in advance quarterly and delivered by the company’s project managers, creative consultants and designers.

B: Klingit’s subscription-based services for graphic design are sold with a given number of production hours per month. The list below specifies what is applicable for each subscription in terms of production rate and the number of hours included in the agreement.

  • Production: SEK 19,950 monthly (ex VAT). Includes a maximum of, 
    • 30 design hours monthly
    • 10 project management hours monthly
    • 1 project in parallel in production
  • Creative: SEK 34,500 monthly (ex VAT). Includes a maximum of, 
    • 60 design hours monthly
    • 15 project management hours monthly 
    • 2 projects in parallel in production
  • Full-stack: SEK 54,500 monthly (ex VAT). Includes a maximum of, 
    • 110 design hours monthly
    • 20 project management hours monthly 
    • 3 projects in parallel in production

C: Klingit’s subscription-based services for social media marketing are sold with a given number of production hours per month. The list below specifies what is applicable for each subscription in terms of production rate and the number of hours included in the agreement.

  • Starter: SEK 7,900 monthly (ex VAT). Includes,
    • 1 platform
    • 1 campaign
    • 2 ad sets
    • 2 ads/ad set 

The total budget may not exceed SEK 30,000 monthly.

  • Pro: SEK 14,990 monthly (ex VAT). Includes, 
    • 2 platforms 
    • 2 campaigns
    • 4 ad sets
    • 3 ads/ad set. 

The total budget may not exceed SEK 50,000 monthly.

  • Advanced: SEK 24,990 monthly (ex VAT). Includes,
    • 2 platforms
    • 4 campaigns
    • 4 ad sets
    • 4 ads/ad set

The total budget may not exceed SEK 100,000 monthly.

D: Klingit’s subscription-based services for web development are sold with a given number of production hours per month. The list below specifies what is applicable for each subscription in terms of production rate and the number of hours included in the agreement.

  • Hosting & maintenance: SEK 5,500 monthly (ex VAT). Includes,
    • 1 development hour monthly
  • Light: SEK 15,490 ex. VAT/monthly. Includes a maximum of, 
    • 10 development hours monthly
    • 2 project management hours monthly 
  • Standard: SEK 22,290 monthly (ex VAT). Includes a maximum of, 
    •  20 development hours monthly 
    •  5 project management hours monthly
  • Pro: SEK 39,990 monthly (ex VAT). Includes a maximum of, 
    • 40 development hours monthly 
    • 10 project management hours monthly 

Hours not used during a month cannot be carried forward from one month to another.

Klingit offers a 15-day invoice period for all subscription-based services.

Klingit’s fixed-rate undertakings are always specified before the quote. For these, the specified rate applies regardless of whether the delivery takes more or less time than estimated

Klingit’s fixed-rate undertakings include the following:

  • Project management and consultation
  • Account at Klingit.com including storage of brand assets
  • 2 feedback rounds including all adjustments and corrections
  • Final delivery in the specified format

The following terms and conditions apply for Klingit’s fixed-rate undertakings:

  • Klingt must have received the invoice and company details before the project commences.
  • Klingit submits an invoice to the customer upon delivery or after 30 days of project inactivity
  • Klingit offers a 15-day invoicing period for invoices

For Klingit’s ongoing undertakings or supplemental orders related to one of Klingit’s subscription-based services during a given month, the following applies:

  • Klingit submits invoices of SEK 700 ex. VAT on an ongoing basis per commenced work hour in production
  • Klingit invoices the customer SEK 1,150 ex. VAT on an ongoing basis per commenced work hour for consultation, strategy and project management

For Klinigit’s ongoing undertakings, the following terms and conditions apply:

  • Klingit must have received invoice and company details before the project commences
  • Klingit submits an invoice to the customer upon delivery or after 30 days of project inactivity
  • Klingit offers a 15-day invoicing period for invoices

Payment information

Payment for the Services can be made in accordance with what is set out below.

We offer payments in cooperation with Stripe by way of:

  • Invoice
  • Card payment
  • Direct payment

On your payment, the third party processor’s/provider’s terms and conditions will apply (https://stripe.com/en-se/ssa). You may be requested to identify yourself and credit reports may be pursued by the third party processor/provider. Where we use a third party for payments, we will not have access to or store any payment information.

The Services may be paid for by credit or debit card. You must keep the payment information provided to us accurate and up-to-date.

We may invoice you for the Services in advance or in arrears, with the frequency agreed for the period contracted. You agree that we may issue electronic invoices, which will be sent to the email address you have provided in your Account. You must keep the payment information provided to us accurate and up-to-date.

We are entitled to perform a credit control when this is needed in order to be able to offer you a credit period.

You agree to pay within the set time for the payment method you choose. We have the right to close down your Account until you have paid for all the charges incurred by you. Payment after due date can entail late payment fees and interest.


Unless otherwise expressly set out in these Terms, we do not provide refunds, right to return for a purchased subscription, credits for any partially used subscription, credits for any unused Account or credits by reason of your dissatisfaction with the Products and/or the Functions.



The term for our Services commences upon creation of an Account with us and shall remain in force during the subscription period (“Subscription Period“). A Subscription Period.

Your contract is valid for the duration of the notice period that is specified in your contractual agreement with Just Klingit AB. If you cancel the subscription the contract will not be renewed at the end of the contract period.


To terminate the Services please write and email to [email protected] or by contacting us using the Contact Information.

Upon termination, your right to access the Services will be revoked immediately. We will also delete or anonymise any personal information about you, with exception for any personal information that we are required to keep by law.

Any Services still ongoing upon termination shall be carried through in accordance with these Terms. Obligations arising from any breach of contract during the term of these Terms shall not be affected by termination.

Early termination

We reserve the right to terminate the contract with you if you:

  • Breach or otherwise violate these Terms or any other provisions set up by us; or
  • Use the Site, the App or the Services in any way that does not comply with the intended purposes or is otherwise harmful for us or any third person.

Trial period

You may sign up to use the Services during a trial period in which case you will have access to all or some of the Services (as further described on the Site and the App). If you would like to continue using the Services following the agreed trial period, you shall notify us upon the expiration of such trial period.



Our liability to you will be limited as follows:

  • we shall not be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss of profit, or any indirect or consequential loss arising under or in connection with any contract between us; and
  • our total liability to you for all other losses arising under or in connection with any contract between us, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall be limited to the total sums paid by you for Services under the applicable order/contract. If you use the Services under a trial period or otherwise free of charge, our liability is limited to an amount corresponding to that period.


We are not liable for damages unless you notify us in writing thereof no later than three (3) months after you noticed or should have noticed, the actual damage, however no later than six (6) months from when the damage occurred.

Defects and delays beyond our control (force majeure)

We are not responsible for delays and defects outside our control. If our suppliers are delayed by an event outside our control, then we will contact you as soon as possible to let you know and we will take steps to minimise the effect of the delay. Provided that we do this we will not be liable for defects and delays caused by the event, but if there is a risk of substantial defect or delay you may contact us to end the agreement and receive a refund for any Services you have paid for but not received.


During the term of these Terms and thereafter, the parties undertake not to disclose to any third party information regarding these Terms, nor any other information that the parties have learned as a result of these Terms, whether written or oral and irrespective of form (“Confidential Information“).

The parties agree and acknowledge that the Confidential Information may be used solely for the fulfilment of the obligations under these Terms and not for any other purpose. The receiving party further agrees to use, and cause its directors, officers, employees, sub-contractors or other intermediaries to use, the same degree of care (but not less than reasonable care) to avoid disclosure or use of Confidential Information.

The confidentiality undertaking above shall not apply to any Confidential Information that the Receiving Party can establish is or becomes available to the public (otherwise than by breach of this Agreement or any other confidentiality undertaking.

Each party also undertakes to ensure that any information disclosed under this section, to the extent possible, shall be treated confidentially by anyone receiving such information. This confidentiality undertaking shall remain in force three (3) years the termination of the Terms.


The parties are not allowed,  during the contract period and 12 months following the end of the  contract period, to solicit or in any way entice away any Employee or encourage any Employee to terminate his or her employment, appointment or other contract with the company or any other group company whether or not such a contract would result in a breach of contract by the Employee(or procure or assist the same). This breach of contract would give the company the right to levy a penalty of six months of billed full time.


We may modify these Terms at any time. In the event of changes which are not minor and may affect you, you will be notified via email or via the App.You are responsible for keeping yourself informed of any changes to the Terms. The latest version of the Terms will be available on the Site. Amendments to the terms and conditions become effective the business day following the day they are posted.

All new functionalities, features and content introduced and added to the Services, the Site or the App will be subject to what is stipulated in the Terms.


If you have any complaints, please contact our support department by using any of our Contact Information.


You acknowledge that you are the data controller for any personal data processed by us on your behalf in conjunction with your use of the Services. You also acknowledge that we are considered as your data processor; therefore, by agreeing to the terms we enter into the data processing agreement (Appendix DPA), which shall remain in effect for as long as we process personal data on your behalf.

More information about how we process personal data can be found in our Privacy Policy.


Our rights

The Site and the App are owned and operated by Just Klingit AB. All copyrights, trademarks, trade names, logos and other intellectual or industrial property rights held and used by us as well as those presented in the Functions (including titles, graphics, icons, scripts, source codes etc.) are our property or third party licensors’ property and must not be reproduced, distributed, sold, used, modified, copied, limited or used (in whole or in part) without our written consent.


The Just Klingit AB grants you a non-exclusive right and licence to use the Site, the App and the Services for the sole purpose of us providing the Site, the App and the Services to you. Upon expiry or termination of this agreement, this right and licence shall end.

Respect for our property

You must not tamper with, attempt to gain unauthorised access to, modify, hack, repair or otherwise adjust any of our material, hardware, source-codes or other information for any purposes.

Respect for our intellectual property

The Services and other information, including all associated intellectual property rights, provided and made available by us, remain our exclusive property. You may not use our exclusive property for commercial or any other purposes without our written consent.

Ownership of the products

As a Customer, You understand and agree that You shall be the sole owner of the Product ordered by You only upon Product completion and once it’s final and does not assume any revisions/changes/substitutes and all the fees associated with the Services were properly paid”


Swedish law shall apply to these Terms.

Any dispute, controversy or claim arising out of or in connection with these Terms, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (SCC). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be English, unless the parties have agreed otherwise. The SCC shall appoint the arbitrators. All arbitral proceedings shall be kept strictly confidential.


Just Klingit AB is an entity registered in .

Registered address: Eriksbergsgatan 10, 11430 Stockholm
Reg. No.
: 559287-1304
: SE559287-130401


This Data Processing Agreement with appendices (the “Agreement“) has been entered between:

The Controller
You (“Controller“); and

The Processor
Just Klingit AB, Reg. No. 559287-1304 (“Processor“),

The parties are jointly referred to as the “Parties“, each being a “Party“.


The Agreement refers to the Personal Data Processed under the Just Klingit ABs Terms of Service entered into by the Parties regarding Klingit aims to make the world’s companies look a little better. We offer innovative design services through klingit.com. We provide automated design services in combination with project managers and distributed teams of designers working all over the world. (The “Terms“), as a result of which the Processor processes personal data on behalf of the Controller.

In the event of any conflict with the Terms, this Agreement shall prevail.

The agreement contains the following appendices:

  • Appendix 1 – List of sub-processors
  • Appendix 2 – Technical and organisational security measures
  • Appendix 3 – Contact details

The terms used in this Agreement shall have the same meaning as ascribed to them in Article 4 of the GDPR.

Applicable Law” refers to the legislation applicable to the processing of Personal data under the Agreement, including the GDPR, supplementary national legislation, as well as practices, guidelines and recommendations issued by a Supervisory Authority.

Controller” means the company / organisation that decides for what purposes and in what way Personal data is to be processed and is responsible for the processing of Personal data in accordance with applicable data protection legislation.

GDPR” refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and movement of such data, and repealing Directive 95/46/EC.

Data Subject” means the natural person whose Personal data is processed.

Personal Data” means any kind of information that can be derived from an identifiable natural person (in the Agreement, “Personal data” is used synonymously with “personal data for which the Controller is responsible and that is processed by the Processor on behalf of the Controller”).

Processing” means any operation or set of operations which is performed on Personal data, e.g. storage, modification, reading, handover and similar.

Processor” means the company / organisation that processes Personal data on behalf of the controller and can therefore only process the Personal data according to the instructions of the controller and Applicable law.

Supervisory Authority” means Swedish or EU authority, such as the Swedish Data Protection Authority, or another supervisory authority which on the basis of law has the authority to conduct supervisory activities over the Controllers operation.

Unless otherwise defined herein, all capitalised terms (definitions) used in this Agreement shall have the same meaning as ascribed to them in the Terms.


This Agreement concerns the processing of Personal Data that the Processor performs on behalf of the Controller. It has been drawn up to meet the requirements set out in Article 28 (3) of the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR“). According to this provision, the Processing of Personal Data by the Processor on behalf of the Controller shall be governed by a contract.

  2. Categories of Data Subjects

The Controller directs the Processor to process data that identifies the Controllers’:

  • Customers
  1. Categories of Personal Data
  • Email adresses
  • Given name
  • Family name
  • Telephone number
  • organization number
  • Company name
  • Company adress
  1. Source

The processor is processing Personal Data that:

  • The Controller’s employees enter into the Service
  1. The purpose of the processing of Personal Data (the “Purpose”)
  • To deliver Klingit’s services
  1. Processing of Personal data
  • Save them to Klingit’s database
    1. The Processor undertakes to consider and observe the principles for processing Personal Data set out in Article 5 of the GDPR in connection with each and every Processing.
    2. By entering into this Agreement, the Processor guarantees that the Controller does not need to take any additional measure to ensure that the Processor meets the requirements for expertise, reliability and resources to carry out the technical and organisational measures required by Applicable law.
    3. The Processor undertakes to only process Personal Data in accordance with the Agreement, the purposes set out in the Terms, the Controller’s documented instructions and Applicable Law.
    4. Upon the Controller’s request, the Processor shall a) (by using the appropriate technical and organisational measures) assist the Controller in its duty to respond to the request for the exercise of the rights of Data Subjects and b) with regards to the type of processing and available information, carry out Data Protection Impact Assessments (DPIA) and participate in consultations with Supervisory Authorities in accordance with Applicable Law.
    5. If the Processor violates Applicable Law by independently determining the purposes and means of the Processing (e.g. processing the Personal Data for purposes other than the Purpose), the Processor shall be regarded as the controller for the new Processing. To clarify, any new Processing shall not affect the Processing made in accordance with this Agreement.
    6. If there is a conflict between the Controller’s instructions and Applicable law, the Processor has the right to refrain from complying with such instructions. The Processor shall inform the Controller immediately if it considers that the instructions provided by the Controller are incomplete, inadequate or incorrect.
    1. The Controller determines the purpose and means for the Processing of the Personal data. The Controller has full ownership and the formal control of the Personal Data Processed by the Processor.
    2. The Controller is responsible to the Data Subject for the Processing of the Personal data.
    3. The Controller is responsible for ensuring that the Personal Data is accurate and up to date.
    1. In the event of a situation leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed (“Personal Data Breach“), the Processor shall, without undue delay, and no later than eight (8) hours after having become aware of the Personal Data Breach, notify the Controller by sending a written notice to the address provided in appendix 3. The information shall, to the extent that it is available to the Processor, contain the following at least:
      • A description of the circumstances surrounding the Personal Data Breach
      • A description of the nature of the Personal Data Breach, and, if possible, the categories and approximate number of Data Subjects affected and the categories and approximate number of Personal Data concerned
      • A description of the likely consequences of the Personal Data Breach
      • A description of the measures taken or proposed to address the Personal Data Breach, and, where appropriate, measures to mitigate its potential adverse effects
      • Contact information to the Data Protection Officer or other contact person who can provide more information to the Controller
    2. If it is not possible for the Processor to provide all the information at once, the information may be provided in installments without undue delay.
    1. Upon the Controller’s request, the Processor shall give access to all information necessary to show that the Processor’s obligations under Applicable Law and this Agreement have been fulfilled.
    2. If the information provided in accordance with the previous paragraph cannot reasonably demonstrate that the Processor’s obligations under Applicable law have been fulfilled, the Controller is entitled to carry out physical audits.
    3. The Processor shall enable and contribute to audits and inspections carried out by the Controller or by an impartial third party appointed by the Controller. The Controller shall notify the Processor in writing of the planned audit at least ten (10) business days in advance.
    4. The audit shall be carried out:
      • During normal business hours
      • After the Controller has ensured that the person conducting the review is subject to a confidentiality agreement appropriate in relation to the Personal Data and information to be reviewed
      • In accordance with the Processor’s internal policies and security procedures
    5. Each party is responsible for its own costs incurred in connection with an audit performed.
    6. In the event of any additional audits within one (1) year of a performed audit, the Controller shall be responsible for all costs incurred as a result of such audit(s).
    1. The Processor may not appoint a sub-processor without first informing the Controller. Accordingly, the Processor shall inform the Controller if it intends to appoint a sub-processor (or replace an existing sub-processor) at least five (5) business days in advance.
    2. If there is a reasonable reason for the Controller to object to the appointment of a sub-processor the parties shall endeavour to find a suitable alternative. Should the parties fail to find a suitable alternative, the Controller has the right to terminate this Agreement and (if applicable) the Terms.
    3. When engaging a sub-processor, the Processor shall ensure that the sub-processor comply with the Processor’s obligations in the Agreement by entering into a contract or other legal act (the “Sub-processor agreement“). The foregoing shall be particularly observed in respect of the Processor’s obligation to provide sufficient guarantees regarding implementing appropriate technical and organisational measures as required to comply with Applicable Law.
    4. The Controller is always entitled to a copy of the Sub-processor agreement (strictly commercial information may be edited).
    5. The Processor must keep an updated record of the sub-processors. The record shall be made available to the Controller upon request.
    6. Processor shall be exclusively responsible towards the Controller if the sub-processor fails to, or omits from, fulfilling its obligations under the Sub-processor agreement.
    1. The Processor undertakes to keep a written record of the processing of Personal Data according to Article 30 (2) of the GDPR. The record shall be available to the Controller upon request.
    2. If the Processing or the nature of the Controller’s business requires the Controller to appoint a Data Protection Officer in accordance with Article 37 of the GDPR, the Data Protection Officer’s contact details shall be included in the appendix 3.
    1. The Processor shall promptly inform the Controller of all contact it may have with the Data Subject, a Supervisory authority or any other third party concerning the Personal Data that the Processor is Processing.
    2. In the event a Data Subject makes a request to the Processor regarding his / her rights in respect of the Processing, the Processor shall refer the Data Subject to the Controller.
    3. The Processor shall allow any inspections that the Supervisory Authority may require to perform in accordance with Applicable law.
    4. The Processor is not entitled to represent the Controller or otherwise act on behalf of the Controller in respect of the Data Subject, a Supervisory Authority or any other third party.
    1. The Processor shall take the appropriate organisational and technical security measures to protectensure that the Personal Data included in the scope of this Agreement is protected against any unauthorised or illegal access. This includes ensuring the adequate capacity, technical solutions, skills, financial and human resources, procedures and methods.
    2. The appropiateness of the technical and organisational security measures shall be assessed taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the Processing as well as the risks (of varying likelihood and severity) for rights and freedoms of natural persons posed by the Processing.
    3. If the Controller assesses that the Processing operation is of high risk to the rights and freedoms of the Data subject and conducts a DPIA, the Controller shall share the results of the DPIA with the Processor to ensure that this can be taken into account in when determining what constitutes appropriate security measures.
    4. The Processor must comply with any decisions and consultation opinions that the Supervisory Authority announces regarding measures for complying with the security requirements and all other requirements relating to the Processor under Applicable Law.
    5. The Processor shall ensure that employees (of the Processor or their sub-contractors) are only allowed access to Personal Data to that extent necessary and that those who have access to Personal data have undertaken to respect the confidentiality of such information (e.g. by signing an individual non-disclosure agreement).
    6. Only persons employed/engaged as consultants by the Processor and who have been deemed to have the adequate level of knowledge of the nature and extent of the Processing of Personal Data may process the Personal Data.
    7. Computer equipment, storage media and other equipment used in the Processing of Personal data carried out by the Processor must be kept where/or in such manner that no unauthorised persons can access them.
    8. The security at the Processor’s facilities where Personal Data is Processed must be appropriate and secure in regards of locking equipment, functioning alarm equipment, protection against fire, water and burglary, protection against power outages and power disturbances. The equipment used to process Personal Data must have good protection against theft and events that may destroy the equipment and / or Personal Data.
    1. The Processor shall ensure that Personal Data Processed is not accidentally or unlawfully destroyed, altered or corrupted. All Personal Data shall be protected against any unauthorised access during storage, transfer and other Processing.
    2. No Personal Data may be provided to the Controller before the identity of the recipient has been duly verified.
    1. In the event that the Processor transfers Personal data outside the EU/EEA, the Processor ensures that the level of protection is adequate and in accordance with Applicable Law by controlling that at least one of the following requirements are fulfilled:
      • The EU Commission has determined that the level of protection is adequate in the third country where the data is Processed
      • The Processor has signed up to the EU Commission’s standard contract clauses (SCCs) for data transfer to non-EU/EEA countries.
      • The Processor has taken other appropriate safeguards prior to the transfer and that such safeguards comply with Applicable Law.
    1. No Party is liable for any delay or failure to perform due to extraordinary circumstances beyond the control of the Party, which the Party could not reasonably expect and which consequences the Party could not reasonably have avoided or overcome.
    2. The Processor is liable for direct damages that arise as a result of the Processor having Processed Personal Data in violation of the Controller’s instructions in accordance with the Agreement and Applicable law.
    3. The Processor liability for direct damages be limited to SEK 50000. The Controller is not entitled to any compensation for damages related to any Processing that has been approved by, or performed in accordance with the instructions of, the Controller.
    4. The Processor is not obligated to pay the costs of the Controller’s agent.
    5. In no event shall the Processor be liable for any indirect or consequential damages such as lost revenue or profits, contracts, customers or business opportunities, loss of goodwill, or expected savings.
    1. The Processor may not use information or other material to which it is granted access in connection with entering into this Agreement or the Terms for any other purpose than fulfilling its obligations under this Agreement or the Terms.
    2. The Processor may not disclose information to third parties or any other unauthorised persons about the Processing of Personal data or the content of Personal Data covered by this Agreement or other information to which the Processor has been granted access as a result of, or in connection with entering into, this Agreement. This undertaking does not apply to information that the Processor is required to disclose under mandatory law.
    3. This confidentiality undertaking is valid from the date this Agreement has been duly signed by both parties and for an indefinite period in time thereafter. The Processor shall ensure that this confidentiality undertaking applies to all employees and other persons working with or on behalf of the Processor and who are authorised to process Personal Data.
    1. The Agreement is valid and in force from the date that the Processor first processes Personal Data on behalf of the Controller to the date when it ceases such Processing or until this Agreement is replaced by another Data Processing Agreement.
    2. The obligations of the Processor under the Agreement shall continue to apply, regardless of whether the Agreement has been replaced, as long as the Processor processes Personal Data on behalf of the Controller.
    1. Upon the termination of the Agreement, the Processor and any sub-processor shall, at the request of the Controller, either erase or return the Personal Data processed within the scope of this Agreement.
    1. Swedish law shall apply to these Terms.
    2. The provision regarding disputes set out in the Terms will also apply to the Agreement.


has not appointed sub-processors for the Processing of Personal Data covered in the Agreement.


The Processor has taken technical and organisational measures to ensure that Personal Data is processed securely and protected from loss, misuse and unauthorised access.

Technical security measures are measures implemented through technical solutions.

  • Encryption
  • Firewall

Organisational security measures are measures that are implemented in work processes and routines within the organisation.

  • Internal governance document (policies/instructions)
  • Login and password management


Contact Information
Phone number
: 08-21 15 00
E-mail address
[email protected]