XENTRA Software Terms of Service


Version 1.0

Table of Contents

Definitions  2

1. General terms  5

1.1. Order 5

1.2. Fees  6

1.3. Notifications  6

1.4. The Software  7

2. Right of use  9

2.1. Customer 9

2.2. Accounting Office and Clients  9

2.3. API and Development Accounts  10

2.4. Trial Customer 11

3. Use of data  11

4. Data Processing Agreement 13

5. Miscellaneous  18

5.1. Confidentiality  18

5.2. Intellectual Property Rights  19

5.3. Warranty  20

5.4. Liability  20

5.5. Indemnification  21

5.6. Termination  22

5.7. Governing law and dispute resolution  23

Definitions

Terms may also be used in the plural, e.g. “Parties” or “Users”.

Term Definition
Affiliate A legal entity that (i) a Party directly or indirectly controls, (ii) directly or indirectly controls a Party or (iii) is directly or indirectly under common control with the Party. A legal entity shall be deemed to be controlled by another if that other legal entity has more than fifty percent (50%) of the votes in the entity and is able to direct its operations.
Accounting Office (AO) A public accountant that provides AO Services to Clients and, if required under applicable regulations, is certified through the applicable Financial Supervisory Authority or other authority that regulates financial markets.
AO Services Accounting, bookkeeping, auditing services or tax consultancy services.
API Application Programming Interface.
API Credentials Keys, tokens or other credentials in use to authenticate, access and use a XENTRA API.
API Documentation Documentation, data and information regarding the use of an API.
Breach* A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data.
Client A customer of an Accounting Office. Clients may also be a customer of XENTRA, and vice versa.
Controller* The entity that determines the purposes, conditions and means of the Processing of Personal Data.
Customer The entity as defined in the Order Confirmation that has entered into this agreement.
Customer Data Data belonging to the Customer (or Users) and processed by the Software, such as customer databases, invoices and other production data.
Data A collective term for Customer Data and Usage Data, including Personal Data, data sets, as applicable in context.
Data Processing or Process(ing)* Any operation performed on the Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, erasure or destruction etc.
Data Subject* A natural person whose Personal Data is Processed by a Controller or Processor.
Development Account An account whereby an ISV is granted access to Development Environments for the purposes of testing, developing and supporting Integrated Applications, subject to specific terms.
Development Environment A software development and operations environment provided by a XENTRA company for the testing, development and support of Integrated Applications, subject to specific terms.
Fee(s) The compensation, payable by the Customer, for the Limited Licence(s) granted by XENTRA to the Customer under the Licence Agreement, as set out in the Order Confirmation and XENTRA’s price list at the relevant point in time.
Including Unless the context requires otherwise, the term “including” means “including but not limited to”.
Integrated Application A non-XENTRA software application or service integrated with the Software using a XENTRA API, subject to specific terms.
Intellectual Property Rights or IPR Any and all intellectual and industrial property rights, whether or not registered or registerable, including, but not limited to: (i) patents, processes, and technology (whether patentable or not); (ii) know-how, trade secrets, business models, and other confidential information; (iii) authors’ rights (e.g., in computer software, source and binary code and documentation), design rights, database rights, compilation of data, and technical information of all kinds; (iv) copyrights, trademarks, trade names, and domain names; and (v) other rights of a similar kind, whether or not registered or registerable, including all applications or rights to apply for, and renewals or extensions of, such rights and all similar or equivalent rights.
Internal Business Operations In a non-Accounting Office scenario, solely the Use of the Software to support the Customer’s own internal operations and/or administration, such as accounting and payments. “Internal Business Operations” shall not include operations and activities related to offering or making the Software available for third parties and similar activities.
ISV Independent Software Vendor.
Limited Licence A limited, non-transferable, non-exclusive, and fully revocable right.
Module A functional package within the Software, such as a logistics module or report builder. Modules may have to be Ordered separately.
Order An order for the Software (including Users and Modules), including self-service ordering from within the Software, or registering for a Development Account.
Order Confirmation A confirmation from XENTRA specifying the Software (including Users and Modules) and Fees of the Customer’s Order, identifying the XENTRA Company which the Customer is contracting, and any additional terms and conditions that apply.
Partner A non-XENTRA company certified as a partner by a XENTRA Company.
Party XENTRA or the Customer as defined in the Order Confirmation.
Personal Data* Any information relating to an identified or identifiable natural person (Data Subject).
Software Software applications and related services as specified in the Order Confirmation, including modifications, new features, upgrades and data storage.
Processor* The entity Processing Personal Data on behalf of the Controller.
Software Documentation Documentation describing Software features, functionality and configuration, such as manuals and help files.
Special Categories of Personal Data* (Sensitive Personal Data) Any Personal Data related to: Racial or ethnic background, Political opinions and affiliations, Religious beliefs and other beliefs of a similar nature, Trade union membership, Mental and physical health, including sexual orientation, Genetic and biometric data.
Subscription Period Time period for which the Fees grant the Customer a Limited Licence to Use the Software, as set out in the Order Confirmation. The Subscription Period expires when either Party terminates the Licence Agreement (as defined below) in accordance with section 5.6.
Third Party Component Software or IPR from a third party that is provided by XENTRA as part of or in connection with the Software.
Usage Data Certain data collected from and/or generated from the Software and the use thereof.
Use Any and all lawful actions performed on or with the Software by the Customer (including Users) or on its behalf.
User A named individual user of the Software. Users may be employees of the Customer, or anyone granted a User account by the Customer, such as a consultant or accountant, or a Development Account user.
XENTRA The company in the XENTRA Group as defined in the Order Confirmation, with which the Customer has entered into this Licence Agreement.
XENTRA API An API for the Software, provided by XENTRA for the purpose of integrating third party software applications and services.
XENTRA Company A company within the XENTRA Group.
XENTRA Group XENTRA Capital AB and all its subsidiaries, either directly owned by XENTRA Capital AB or indirectly through one of XENTRA Capital AB’ subsidiaries or Affiliates.

*These terms shall have the same meaning and interpretation as in applicable privacy legislation, and are referenced here for convenience.

1.      General terms

1.1.        Order

  1. The Customer orders the Software from XENTRA through an Order, either directly by phone, email, webpages, in-product web shops, or through a Partner with their procedures for providing Client access to the Software.
    1. These terms of service (the “Terms of Service” or “TOS”) are standard terms that govern the use of the Software. By: (i) placing an Order, (ii) signing the Order or the TOS, or (iii) clicking or marking “I accept”, the Customer understands and accepts that the Customer enters into a legally binding Licence Agreement (as defined below) with XENTRA which, unless otherwise set out in the Order Confirmation, becomes effective once XENTRA issues an Order Confirmation. XENTRA is not bound by the Licence Agreement before XENTRA has issued an Order Confirmation and may, at its own discretion, choose not execute a contract with the Customer at any time before the Order Confirmation is issued. Only individuals with administrative, purchasing and representation rights for their company may do so. For Trial Customers, special procedures in

2.4 apply.

  1. The following information may appear in the Order Confirmation and invoice, depending on Software:
    1. The name of the XENTRA Company the Customer is contracting with.
    1. Software, Users and Modules the Customer has Ordered.
    1. Fees for the Software Ordered.
    1. Termination terms for a subscription or the customer relationship.
    1. Any additional terms and services as agreed between the Parties.
  1. Unless agreed otherwise in writing, the TOS and Order Confirmation constitute the entire agreement for the Software (together the “Licence Agreement”). The Licence Agreement prevails in the event of a conflict between the Licence Agreement and any other agreement entered into between the parties. Other services from XENTRA or a Partner, such as training, implementation or customisation, are not covered by the Licence Agreement. XENTRA has the right to assign its rights and obligations under the Licence Agreement to a third party without the Customer’s consent.
    1. XENTRA may change the Licence Agreement by notifying the Customer in accordance with 1.3.1 and 1.3.2, as applicable. The changes become effective as of the date set out in the relevant notice. The Customer’s continued use of the Software after the changes have become effective constitutes the Customer’s acceptance of the changes. If the Customer objects to any changes to the Licence Agreement, the Customer may terminate the Licence Agreement in accordance with section 5.6.1. The latest version of the TOS is at all times available on the products homepage.

1.2.        Fees

  1. The Customer agrees to timely pay XENTRA the Fees in accordance with the Order Confirmation and the, at the relevant time up-to-date, price list made available online or in-Software.
    1. Unless otherwise agreed in writing (e.g., in sections 1.4.4 and 1.4.5), all Fees are due on the date set out in the relevant invoice and non-refundable, with no refund for unused transactions, Users, Software or remaining days in a Subscription Period. That is unless the Software availability has been significantly reduced for reasons solely attributable to XENTRA. XENTRA may at its discretion and as the sole remedy, offer a reasonable refund for Fees accrued during such period of reduced availability.
    1. Fees are exclusive of all taxes, levies and duties. Unless agreed otherwise, XENTRA will add the applicable value added tax (VAT) to the invoice.
    1. XENTRA reserves the right to change the Fees and/or the Fee model, on three months’ notice in accordance with section 1.3.1 up to two times per year for any individual Software, and on one month notice if a subcontractor increases its prices towards XENTRA. Further, XENTRA has an annual right to increase prices in accordance with general price and cost level developments without notice and with effect from the 1st of January each year.
    1. In the event of the Customer’s non-payment or late payment of the Fees, XENTRA reserves the

right to suspend the Customer’s access to the Software or restrict the access to read-only, and charge penalty interest as permitted by law, with unpaid invoices sent to collection. If not resolved within a reasonable time, XENTRA reserves the right to terminate the Customer’s right of use to the Software c.f. 5.6.

1.3.        Notifications

  1. Information about new features, price changes or planned maintenance, will be delivered inside the Software, on the Software’s webpages, online community or by email.
    1. Notifications regarding Order Confirmations, contract changes (other than changes mentioned in section 1.3.1), information of particular importance, security or privacy, will be sent to the Customer’s contact email.
    1. The Customer is responsible for providing at all times up to date contact information, including a primary contact email.
    1. All notices are deemed notified and effective immediately when sent or posted by XENTRA.

1.4.        The Software

  1. The Customer purchases a right to use, and is granted access to as set forth in this TOS, the Software as it is made available online by XENTRA, or installed on the Customer’s computers. Software installed on the Customer’s computers may contain embedded online components and Software. The Customer must not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code from the Software or parts thereof.
    1. XENTRA provides operational support free of charge for login- or account issues or functional issues in the Software. Additional support, such as user training, consulting or implementation may be purchased separately from XENTRA or a Partner.
    1. The Software is provided “as is” as standard software, without any expressed or implied representations or warranties of any kind. The Customer may access and use online Software as it is provided at any given time, such Software is not contingent on a particular version nor publications or materials. When Software is installed on the Customer’s computers, the Customer is responsible for using a supported version.
    1. XENTRA reserves the right to make improvements, add, change or remove functionality, or correct issues or omissions in the Software at its sole discretion without any obligation or liability accruing therefrom. In the event a modification disables functionality that forms a material part of the Software permanently or for more than two months, the Customer may terminate the subscription only for the affected Software, and request a pro-rated refund for any remaining Fees paid in advance for the affected Software.
    1. XENTRA has the right to discontinue any Software or its availability in a particular market on twelve months prior notice, unless the discontinued service is caused by force majeure circumstances outlined in section 5.4, where shorter notice periods may apply. The Customer is entitled to request a pro-rated refund for any Fees paid in advance for the period following the discontinuation.The Customer must cease using the Software after notified discontinuation and is not entitled to make any further claims against XENTRA.
    1. Certain Software may be subject to additional terms or restrictions, such as limitation on storage space or transactions. Some features, such as payment, may require separate registration on websites, as specified in the Order Confirmation or within the Software.

Specific terms concerning payment, reporting and financial services

  1. The Customer authorises XENTRA to, on the Customer’s behalf, place and authenticate invoices, payments, governmental reports (e.g. SAF-T) and information such as bank statements, made by or sent to the Customer using the Software, between the Customer’s banks, authorities, and other business-to-business and business-to-consumer relations. Certain payment Software may assign API Credentials to the Customer used to access, identify and authorise the Customer’s account, and Use of the Software with the payment API. The Customer is responsible for notifying its banks or other parties of the above authorisation, and accepts any charges incurred from its banks or other related parties when using the Software. If XENTRA is invoiced by any such third party when providing the Software, XENTRA will re-invoice the Customer for said charges.
    1. XENTRA uses invoice networks, including third party networks, such as the PEPPOL network, bank- and mobile payment suppliers and other document and payment networks, as well as third parties for processing invoices, payments and documents, for example for scanning paper invoices. PEPPOL is an international network for electronic exchange of invoices and other business documents, further information and contact points can be found at the PEPPOL web pages (www.peppol.org). The Customer authorises XENTRA to exchange payment profile information, invoices and related business documents and data with such networks and providers as necessary to provide the Software, financial services modules and add-ons. Certain invoice networks such as PEPPOL and other financial services modules or add-ons to the Software, including linked or affiliated third party services, may also require subjecting the Customer to personal identification and other customer due diligence requirements, often referred to as a Know Your Customer (KYC) processes, and/or a credit check or credit score check processes. The Customer accepts that completing, updating and sharing data for a KYC process or credit checks may be a premise for accessing such networks and making use of the Software.
    1. The Customer remains fully responsible for the business content of the datasets exchanged with such networks as mentioned in section 1.4.8, including compliance with applicable laws and regulations, as well as for any resulting business commitment. The Customer can be blocked from networks such as the Peppol network in case of suspected fraud, spam or other criminal acts. The Customer may notify XENTRA in writing not to be registered in the address registers of such networks or notify not to use all or some financial services modules and add-ons, and acknowledges such reservation may limit or disable the Software functionality in whole or in part.

2.              Right of use

2.1.        Customer

  • Subject to the Customer’s compliance with the Licence Agreement, XENTRA grants the Customer, and its Affiliates (if Affiliates are included in the Order Confirmation), a Limited Licence to access and Use the Software, solely for Internal Business Operations. For Accounting Offices and Clients, please refer to 2.2.
    • The Customer is responsible for the legality of User actions and administration, integrations by third parties and for the Customer Data. The Customer must not, and undertakes to ensure that Users, and any other third parties the Customer is responsible for, do not transfer harmful code, unlawful data or viruses to or with the Software, or use the Software in or for any unlawful manner or purpose or in breach of the Licence Agreement.
    • User accounts are for single named individuals and may only be assigned to third parties performing normal usage of the Software on behalf of the Customer, such as accountants, auditors, and consultants.
    • The Customer will not share usernames and passwords to user accounts to any third party without XENTRA’s written consent.
    • For avoidance of doubt, the Customer, its Affiliates, or any other third parties the Customer is responsible for, may not assign or transfer any rights or obligations under the Licence Agreement, including the Limited Licence to the Software, to any entity in whole or in part, including in connection with mergers, demergers or bankruptcy or to the Customer’s stakeholders, without prior written authorisation from XENTRA.

2.2.        Accounting Office and Clients

  • To buy an Accounting Office (AO) right of Use for the Software, the Customer must be an Accounting Office. Other AO related businesses, e.g. a shared services centre, may be permitted after written approval from XENTRA.
    • Subject to the Customer’s compliance with the Licence Agreement and fulfilment of section 2.2.1, XENTRA grants the Customer and its Affiliates (if Affiliates are included in the Order Confirmation) a Limited Licence to access and Use the Software solely to provide the AO Services to its Clients.
    • The Software may only be used for the Internal Business Operations of the Client, meaning solely the Client’s own accounting and payments. User accounts may be assigned to Clients subject to section 2.2.8.
    • Neither the Customer nor its Affiliate will provide any Client user accounts to the Software without also providing AO Services to the Client.
    • For avoidance of any doubt, the Customer, its Affiliates, or any other third parties the Customer is responsible for, may not assign or transfer the Limited Licence granted in section

2.2.2 to any entity, in whole or in part, including in connection with mergers, demergers, bankruptcy or to the Customer’s stakeholders without prior written authorisation from XENTRA.

  • Contracts for AO Services are entered into between the Customer and its Clients, and XENTRA is not part of, nor liable for, any such contracts or breaches thereof.
    • The Customer is responsible for its use of the Software, including by its Clients, and the content and legality of Customer and Client Data. The Customer must not, and undertakes to ensure that Clients, and any other third party the Customer is responsible for, do not transfer harmful code, unlawful data or viruses to or with the Software, or use the Software in or for any unlawful manners or purposes or in breach of the Licence Agreement.
    • User administration, and acquiring necessary rights for users, is the sole responsibility of the Customer. User accounts are for single named individuals. The Customer may assign User accounts to Clients, and third party individuals performing actions on behalf of the Customer or Client, such as the Client’s accountant, auditor or consultant. When Clients terminate their customer relationship with the Customer, the Customer is responsible for deleting and transferring the Client data to the Client according to applicable legislation, including the GDPR and accounting acts.
    • The Customer must ensure that the Client can exercise its right to its Client data in accordance with applicable legislation, and, for a nominal fee, obtain such data in the richest possible technical format supported by the Software.
    • The Customer will indemnify and defend XENTRA, including XENTRA’s Affiliates, directors, officers, personnel, agents, and representatives, from and against all claims, costs, and expenses arising out of, or resulting from, any claims and requests by a Client, unless it’s directly caused by XENTRA’s gross negligence or willful misconduct.

2.3.        API and Development Accounts

  • Subject to the Customer’s compliance with the TOS, the Customer is granted a Limited Licence to Use the XENTRA API to integrate non-XENTRA software applications with the Software (Integrated Application).
  • Using XENTRA API as a Customer, developer or ISV, establishing Development Accounts and being granted access to Development Environments is subject to actively accepting additional terms and Partner Agreements available, and periodically updated, at developer.XENTRA.com and similar web pages outlined by XENTRA to the Customer. The API, the Development Environments, their documentation and Customer communities are fully owned by XENTRA, and all are provided “as is” without any warranties in regards to availability, uptime, quality or fitness for the Customer or developers needs or requirements, and the Customer is solely liable for any damage brought by using them. XENTRA may at its discretion and at any time with reasonable notice revoke and terminate the Limited Licence to Use the XENTRA API. Development Accounts or Developer Environments may further be closed, revoked, terminated or limited upon suspicion of over-use, misconduct, lack of security, a breach of terms, data processing laws or intellectual property laws, or unlawful Use. XENTRA reserves the right to charge additional Fees for any XENTRA API or Development Environment, current or future, including making the right of use or sale of Integrated Applications contingent upon payment of such Fees.

2.4.        Trial Customer

  • The Customer is granted a Limited Licence to Use the Software registered for a trial account for a limited time, solely for the purpose of evaluating the Software’s suitability to the Customer’s Internal Business Operations and always in accordance with the TOS.
    • Unless otherwise agreed in writing, the trial period commences when XENTRA issues the Order Confirmation and continues for the period agreed in writing in connection with the trial registration. If the Parties have not agreed on a trial period in connection with the trial registration, XENTRA is entitled to terminate the trial period and revoke the Limited Licence three weeks after the Order Confirmation was issued.
    • Without prejudice to section 3, Customer Data processed during the trial will be deleted after the trial period, unless it is stated in the registration process that the Customer Data can be transferred to an ordinary paid and purchased customer account.

3.                Use of data

  • When using the Software, the Customer, Users, Clients, and other third parties using the Software on behalf of the Customer, including Affiliates, if applicable, will add Customer Data to the Software and generate Usage Data, collectively referred to as Data. Data may contain both Personal Data and non-Personal Data. For more information regarding how XENTRA Processes Personal Data, see section 4.
  • Data consists of:
  • Technical information and traffic data (Usage Data), such as the type of operating system, browser type, device, browser language and IP address;
  • Customer- or user- generated data (Usage Data), such as page views, clicks, inactivity, session durations, number of sent invoices, expenses filed, accounting years created, password resets, context and content of support tickets, chat boxes, security logs and similar; and
  • Production data (Customer Data), such as images, files, invoices or any data included in the Software by the Customer as part of using the Software.
    • The Customer hereby grants XENTRA and its Affiliates a non-exclusive and transferable right to access and use the Data for the following purposes:
  • Software and user experience improvement, typically by aggregating and analysing usage patterns and indicated needs brought by the Users, Customers and Clients, enabling individual or customised user experiences by, for instance, offering to enable relevant additional modules or services tied to the Software based on user patterns, suggest more efficient ways of making use of the Software by analysing the usage of the Software, or otherwise enhance the Software and features thereto.
  • Marketing and displaying relevant information, for example for complimentary or value-adding Software or new features, seek to avoid providing marketing for Software the Customer has already subscribed to and providing relevant market updates or information within the Software to educate Customers and Users.
  • Security and related purposes, for example by analysing session and login data, incident records and similar in order to prevent, investigate and document security issues and incidents and improve the security of the Software.
  • Statistics and research, typically by analysing the amount and trend of invoices, payments or expenses etc. going through our systems, including the Software, using such aggregated and anonymous statistics in general marketing and reporting, and as part of developing value-adding Software such as additional modules, features or services tied to the Software.
  • Compliance. XENTRA may use Data for compliance purposes, for example by logging when a Customer accepts the TOS, fulfilling KYC or credit check purposes according to legislation or as part of operating the XENTRA security program.
  • Contractual obligations. XENTRA may use the Data for the purpose of fulfilling its contractual obligations towards the Customer.
    • XENTRA may also use relevant information from public or commercially available sources and registers, and combine such information with Data as outlined above.
  • To the extent the Data contains Personal Data, XENTRA undertakes to process such Personal Data in accordance with the data processing terms included in section 4, if XENTRA is the Processor with respect to the relevant Personal Data. To the extent Personal Data is part of such Data processing, it shall primarily be anonymized, because identifying named individual users is seldom of any relevance for these purposes. If anonymization is not possible, due to technical or practical reasons, XENTRA shall take alternative compensating measures to enhance protection, taking into account the requirements brought by the data processing terms included in section 4.
    • XENTRA may share Data with its Affiliates, vendors and Partners in order to deliver the Software and fulfil the purposes outlined in section 3.3, including offering additional modules, services and add-ons, service improvements and comply with the rights and obligations according to the TOS. The Data may be shared with third parties as a part of a commercial cooperation tied to the Software, typically to develop and offer additional modules or add-ons to the Software.
    • XENTRA will only share Data with public authorities or other third parties in the following situations:
  • to comply with law or regulation, or to respond to a legally binding request such as a court order or warrant;
  • to deliver the Software according to this TOS;
  • to investigate or prevent security threats or fraud; or
  • a reorganisation, merger, sale or purchase of XENTRA in part or whole, where Confidential Information may be disclosed to other companies in the XENTRA Group, or to prospective purchasers and trusted advisors, that observe the obligations set forth herein by entering into a confidentiality agreement.
    • XENTRA will promptly notify the Customer of requests from governmental authorities regarding disclosure of Data, unless such notification is legally prohibited or if such notification is taken care of by the governmental authorities themselves.
    • XENTRA is entitled to compile, collect, copy, modify, publish, assign, combine with other data, and otherwise use anonymous and aggregate data generated from or based on Data both during and after the termination of the agreement between the Customer.

4.                Data Processing Agreement

  • Processing of Personal data
    • This section 4 only applies to XENTRA’s Processing of Personal Data as a Processor on behalf of the Customer.
    • XENTRA is committed to ensure that the Software is compliant with applicable data protection laws and regulations.
  • The categories of Data Subjects and Personal Data, as well as the nature and duration of the Processing are outlined by this TOS, the Order Confirmation, the Trust Centre, the Customers use of the Software, and the document mentioned in clause 4.1.7 below or additional addendums entered into writing between the Parties, if applicable.
    • It is the Customer that submits the Personal Data into the Software, and thereby decides what kind of Personal Data XENTRA Processes and who the Data Subjects are. This may include, but is not limited to, Personal Data relating to the following categories of Data Subjects:
  • Customer’s employees
  • Customer’s own customers, including Clients
    • The Customer may submit Personal Data into the Software and Processing may include, but is not limited to, the following categories of Personal Data:
  • First and last name
  • Contact information (company, email, phone, physical business address)
  • IP address
  • Professional life data
  • Personal life data
  • Invoicing, expense or payroll data
    • The Customer undertakes to create and maintain an up-to-date document solely listing the Personal Data and Data Subjects subject to Processing pursuant to this section 4, which shall be considered a part of the Licence Agreement, complementing the list of Data Subjects and Personal Data set out above. For avoidance of any doubt, the Customer ensures that it will not include any other information, terms, or conditions in the document and agrees that the document only forms part of the agreement between the Parties in so far as it lists the Data Subjects and Personal Data reasonably meant to be subject to Processing in light of the purpose of the agreement. Any other information, terms, or conditions set out therein will be considered null and void.
    • The nature of the Processing includes collection, structuring, storage, alteration, retrieval, use, analysing, disclosure by transmission, anonymisation, erasure, and destruction.
    • The purpose of the Processing is to deliver the Software, and ancillary services, if applicable, pursuant to the TOS and the Order Confirmation.
    • The Personal Data XENTRA Processes as a Processor on behalf of the Customer will be Processed for the duration of the Licence Agreement, unless the Customer instructs XENTRA in writing to cease such Processing.
  • XENTRA will only Process the Personal Data in accordance with the Customer’s written instructions. The Customer hereby instructs XENTRA to:
  • Process the Personal Data on behalf of the Customer, and for the purpose of and to the extent necessary to provide the Software, including additional service modules and add-ons, in a secure and professional manner, in accordance with and to fulfil the TOS, the Order Confirmation and applicable data protection law;
  • Process Personal Data as initiated by the Users in their use of the Software;
  • Use the Personal Data as part of developing the Software further to bring additional value to the Customer, with the security measures and purpose limitations as outlined in section 3;
  • strive to anonymize the Personal Data if using it for the purposes mentioned in section

3.3 so that the data is no longer Personal Data and the Data Subjects can no longer be identified; and

  • Process Personal Data as set out in this section 4, which in its entirety represents the Customer’s instructions for XENTRA’s Processing of Personal Data on behalf of the Customer.
  • The Customer is entitled to give XENTRA subsequent instructions, in writing, for XENTRA’s Processing of Personal Data on behalf of the Customer, if the instruction is reasonable and necessary for the compliance with the GDPR and XENTRA is given reasonable time to implement the instruction. Instead of complying with the subsequent instruction, XENTRA may, at its own discretion and without any liability, cease the relevant Processing of Personal Data to which the subsequent instruction relates, even though this may affect the Software or XENTRA’s performance of any other service or obligation under the TOS, or terminate the Licence Agreement. If XENTRA instead chooses to comply with the subsequent instruction, XENTRA reserves the right to charge the Customer an additional fee, which shall not be disproportionate to the additional costs incurred by XENTRA, for such compliance. XENTRA shall notify the Customer of any additional fees before taking any action due to the Customer’s subsequent instructions. The Customer is obligated to document all subsequent instructions.
    • The Customer guarantees that the Customer: (i) complies with all requirements applying to it under the applicable data protection laws; (ii) has the right to transfer the relevant Personal Data to XENTRA for Processing in accordance with the TOS; and (iii) the instructions to XENTRA regarding XENTRA’s Processing of the Personal Data on behalf of the Customer comply with all applicable laws.
  • With respect to XENTRA’s Processing of Personal Data on behalf of the Customer, XENTRA undertakes to:
  • Process the Personal Data only in accordance with the Customer’s instructions as outlined in section 4.1.11, and, upon becoming aware of it, notify the Customer of instructions which, in the opinion of XENTRA, infringes applicable privacy legislation.
  • implement technical and organisational security measures to protect the Personal Data from loss and unauthorised Processing, to ensure the confidentiality, integrity and availability of the Personal Data according to the GDPR article 32, and, together with the Customer, make sure that these measures represent a level of security appropriate to the risk presented by the Processing, having regard to the state of the art and the cost of implementation.
  • notify the Customer without undue delay after becoming aware of a Breach to a reasonable degree of certainty.
  • within its obligations as Processor under applicable data protection law, assist the Customer in its role as Controller by appropriate technical and organisational measures, insofar as reasonably possible and taking into account the nature of the Processing and the information available to XENTRA, hereunder assisting the Customer in responding to requests for exercising the Data Subject’s rights, ensuring compliance with the obligations pursuant to GDPR articles 32 to 36 and by providing information necessary to demonstrate compliance with applicable data protection law.
  • when XENTRA’s instructions from the Customer to Process the Personal Data expires for whatever reason, such as termination of the Licence Agreement, return the Personal Data to the Customer or delete it from the Software according to defined deletion policies, unless mandatory provisions of law require continued storage of the Personal Data by XENTRA or the Personal Data has been irrevocably anonymised.
  • notify the Customer of any request for the disclosure of Personal Data received directly from a Data Subject and from governmental authorities, unless such notification is legally prohibited. Subject to applicable legal obligations, XENTRA will not respond to requests from governmental authorities unless authorised by the Customer. XENTRA will only disclose Personal Data to governmental authorities to comply with legally binding requests, such as a court order or warrant.
  • ensure that the persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
  • XENTRA shall in an easy and efficient manner make available to the Customer all information

necessary to demonstrate compliance with applicable data protection legislation. XENTRA shall also allow for and contribute to reasonable and specific audits or inspections. To request an specific audit, the Customer must submit a detailed audit plan at least four weeks in advance of the proposed audit date. If a requested audit scope is addressed in an ISAE, ISO or similar assurance report performed by a qualified third party auditor within the prior twelve months, and XENTRA confirms that there are no known material changes in the measures audited, the Customer agrees to accept those findings instead of requesting a new audit of the measures covered by the report.The Customer shall be responsible for any costs arising from the Customers requested audits. XENTRA has no intention to make money by assisting our customers with GDPR compliance. Quite the opposite, we want to use our GDPR efforts as a competitive advantage. However, XENTRA does see that Customer requests vary in time and scope and on this basis we reserve the right to invoice our assistance subject to prior notification.

  • Subprocessors
    • XENTRA may use other XENTRA companies and third party subprocessors for the provision and development of the Software and other ancillary services set out in the Order Confirmation, hereunder Processing of Personal Data. XENTRA will always enter into a data processing agreement with subprocessors if the subprocessor processes Personal Data, in order to fulfil the obligations set forth herein and in the GDPR.
    • XENTRA will notify the Customer of planned changes of subprocessors in advance using normal communication channels or XENTRA Trust Centre. The Customer authorises XENTRA to engage other EU/EEA located companies within the XENTRA Group as subprocessors without the XENTRA Company being listed at Trust Centre and without other specific notification to the Customer than this section.
    • XENTRA aims to avoid Processing Personal Data outside the EEA and will not process Personal Data in a country outside the EEA that, at the time of Processing, does not enjoy the benefit from an adequacy decision from the EU Commission without the Customer’s prior authorization. To the extent Processing of Personal Data outside the EEA is necessary, for example, in connection with the engagement of certain subprocessors, the Customer hereby authorises and instructs XENTRA to Process Personal Data outside the EEA, provided that such Processing is subject to one of the transfer mechanisms set out in Articles 45 and 46 GDPR, for example, the European Commission’s Standard Contractual Clauses, and supplementary measures, if necessary.
  • The Customer may reasonably object to the use of a new subprocessor, for legitimate reasons relating to the protection of Personal Data intended to be Processed by such subprocessor, within 30 days after XENTRA has notified the Customer in accordance with section 4.7.2. Upon such an objection, the Parties will discuss the Customer’s concerns in good faith with a view to achieving a commercially reasonable solution. If no such solution can be reached, XENTRA may, at its sole discretion, either not appoint the new subprocessor, permit the Customer to suspend the affected services, or terminate the Licence Agreement, without any liability to either Party, and without prejudice to any fees incurred by the Customer prior to the suspension or termination.
  • Security
    • XENTRA is committed to providing a high level of security in our Software, including with regards to Personal Data and privacy protections such as the requirements outlined by GDPR article

32. XENTRA provides appropriate security through organisational, technical and physical security measures, designed to ensure the confidentiality, integrity, availability and resilience of the Software, and the Data processed using the Software.

  • The Customer agrees that it is responsible for independently determining whether the security provided for the Personal Data adequately meets the Customer’s obligations under the applicable data protection laws. The Customer is furthermore responsible for its own secure use of the Software, including protecting the security of Personal Data in transit to and from the Software and securely backuping or encrypting any such Personal Data outside the Software to the extent deemed necessary by the Customer.

5.                Miscellaneous

5.1.        Confidentiality

  • Each Party may disclose or obtain information from the other Party that should reasonably be understood to be proprietary, confidential or competitively sensitive (“Confidential Information”). The Parties shall hold Confidential Information in confidence and take reasonable measures to protect the other Party’s Confidential Information, and not disclose it to third parties unless authorised by the other Party to do so, or if required under mandatory provisions of law or regulations or pursuant to court orders.
    • Confidential Information does not include a) information the recipient can demonstrate was in the recipient’s possession or knowledge prior to entering into the TOS; b) is or becomes publicly available through no fault of the recipient; c) is received by the recipient from a third party without a duty of confidentiality; or d) is independently developed by the recipient.
  • XENTRA may disclose Confidential Information to Affiliates, Partners, subprocessors, or subcontractors to the extent necessary to provide the Software according to the TOS. The Confidential Information may also be shared for the purposes mentioned in section 3.6.
    • The confidentiality obligations set out in this section 5.1 lapse three years after the expiry of the Licence Agreement, unless otherwise is stipulated by law or regulations.

5.2.        Intellectual Property Rights

  • XENTRA, or its licensors where applicable, is the owner of, and retains ownership to, the Software and all related Intellectual Property Rights in and to the Software and any other services provided under the TOS, including any IPR arising out of XENTRA’s processing of Data. With the sole exception of the Limited Licence(s) explicitly granted to the Customer under the Licence Agreement, nothing in the Licence Agreement constitutes a transfer of, or licence to, any IPR from XENTRA or its licensors to the Customer.
    • Where IPR from a third party is part of the Software provision (“Third Party Components”), such Third Party Components are also subject to the TOS, unless separate terms are supplied, in which case the licensing terms for the Third Party Component shall prevail. If the Third Party Component is open source, then under no circumstance shall the Software, except for the Third Party Component, be deemed to be open source or publicly available software. Where a Third Party Component requires XENTRA to provide licence or copyright attribution, this will be available from the “About box” in the Software or Software Documentation.
    • To the extent XENTRA not already has the exclusive ownership thereto, the Customer hereby irrevocably and perpetually assigns to XENTRA the worldwide, fully-paid-up, and royalty-free ownership of: (i) anonymised and aggregated Data; and (ii) all rights, titles, and interests, including Intellectual Property Rights, in and to, any application programming interfaces accommodating the integration of the Software with other platforms or software, and other developments designed to facilitate the interaction between the two, if not solely developed and implemented by the Customer. The preceding includes the right to use, modify, and further assign such rights, titles, interests, content, and information.
    • In the event of infringement of IPR, XENTRA or its licensors may take all reasonable steps to protect its interests as available by law.
    • The Customer, or its Clients as applicable, is the owner of the Customer Data and IPR in and to the Customer Data.

5.3.        Warranty

  • XENTRA shall use commercially reasonable efforts to ensure that the Software will perform substantially as described in the Software Documentation during the Subscription Period, provided it is properly configured (including the Customer’s choice of browser) and updated to a supported version. Supported versions may differ and are available from the Software Documentation. The Customer agrees that the Software and delivery will not be completely error free and that Software improvement is a continuous process.
    • XENTRA does not warrant that the Software will meet the Customer’s requirements, operate correctly with the Customer’s choice of equipment, systems or settings, setup, configuration, modifications, plugins or integrations not performed or controlled by XENTRA, or if delivered over the internet, be uninterrupted. XENTRA is not responsible for the internet, internet service providers nor the Customer’s internet connection.
    • If the Software does not function in accordance with the limited warranty specified in this section 5.3, XENTRA shall correct confirmed errors or defects in the Software at its own expense. “Confirmed errors or defects” means errors or defects that are reproducible by XENTRA and/ or confirmed through XENTRA’s support channels, and which occur during the Subscription Period. XENTRA may choose to replace the Software or functionality instead of performing a correction.
    • If the confirmed error or defect is of a material nature, meaning that the Customer’s ability to use the Software is significantly reduced, and XENTRA does not correct confirmed errors or defects or replace the Software within a reasonable period of time, c.f. 5.3.3, the Customer may terminate the Limited Licence for the affected Software. In such a case, the Customer has the right to a pro-rated refund for any Fees for the remaining Subscription Period for the affected Software, starting from the month following verification by XENTRA of the errors or defects.
    • Except as expressly set forth herein, the Customer shall not be entitled to make any claims against XENTRA.
    • Links to websites not controlled by XENTRA that appear in the Software, associated webpages or documentation are provided for convenience only. XENTRA is not responsible for such websites.

5.4.        Liability

  • XENTRA is not responsible or liable for the Customer Data, including its content, ownership and legitimacy, nor for Use or other activities performed upon the Customer Data by the Customer.
    • XENTRA’s liability is limited to direct damages. XENTRA shall not be liable for any indirect, incidental, consequential, punitive or special losses or damages, including but not limited to any loss of profit, loss of revenue, loss of business, loss of Data, lost savings, claims from third parties, loss of goodwill etc.
  • Total accumulated liability for XENTRA during the Subscription Period shall in total not exceed an amount equalling 12 months’ Fees for the affected Software immediately preceding the event giving rise to liability.
    • Neither Party shall be liable for delay or failure in performance arising out of force majeure, including earthquake, riot, labour dispute, pandemics, swift or new temporary legislation pertaining to the internet, governmental or EU sanctions and other events similarly outside the control of the Parties. Cyber attacks that XENTRA has not been able to prevent by reasonable measures are regarded as a force majeure event. In the event of legislation, directives or regulations being changed swiftly, or new legislation or directives being passed after the Software have been made available, preventing XENTRA from fulfilling obligations under the TOS, in whole or in part, temporarily or indefinitely, this shall be considered a force majeure event. If a subcontractor extraordinarily increases its fees towards XENTRA partially or fully due to a force majeure event, or if XENTRA due to a force majeure event is required to switch to a subcontractor with increased fees to sustain Software delivery, XENTRA reserves the right to adjust its Fees towards the Customer accordingly and with notice as specified in 1.2.4.
    • The Customer acknowledges that the internet is an open system and that XENTRA does not warrant or guarantee that third parties may not intercept or modify the Data. XENTRA is not liable for such misuse, disclosure or loss.

5.5.        Indemnification

  • XENTRA undertakes, at its own expense, to indemnify the Customer against damages resulting from a third-party claim against the Customer asserting that the Software provided to the Customer under the Licence Agreement, or Use thereof, infringes the third party’s IPR, if the claim has been finally settled in favour of the third party by a competent court or in a settlement approved by XENTRA.
    • XENTRA’s obligation to indemnify the Customer pursuant to section 5.5.1 only applies if: (i) the Customer notifies XENTRA immediately upon becoming aware of the claim; (ii) the Customer gives XENTRA full control of the negotiations, legal processes, and settlement, if applicable; (iii) the Customer cooperates with XENTRA in accordance with XENTRA’s reasonable instructions; (iv) the claim is not related to, or caused by, the Customer’s breach of the TOS or XENTRA’s instructions for preventing or mitigating the potential or actual IPR infringement; and (v) the claim is not related to, or caused by, use, modification, integration, or customisation not carried out, or approved in writing, by XENTRA.
    • Upon becoming aware of a potential or actual IPR infringement, XENTRA may at its discretion: (i) modify the Software so that it is not in conflict; (ii) replace the Software, or parts thereof, with a functionally equivalent software, (iii) obtain a licence for the Customer’s continued use of the Software; or (iv) revoke the Customer’s Limited Licence to Use the Software against a refund of Fees paid in advance for the part of the Subscription Period exceeding the termination date. The remedies set out in this section 5.5 are the Customer’s sole remedies with respect to third-party IPR infringement claims.
  • The Customer shall, at its own expense, defend XENTRA against claims or litigation where a third party claims that the Data, or use thereof, or the Customer’s use of the Software in violation with the Licence Agreement: (i) is in conflict with or infringes the third party’s IPR or other rights; or (ii) is in breach of applicable law. XENTRA shall without undue delay notify the Customer of such claims. The Customer shall indemnify XENTRA for damages imposed under a court-approved settlement or court ruling, including lawyer fees, provided that XENTRA reasonably cooperates at the Customer’s expense and gives the Customer control of the legal process and settlement.

5.6.        Termination

  • The Customer and XENTRA may terminate individual Software for convenience, in writing, according to the terms specified in the Order Confirmation. Terms may vary from Software to Software. Unless otherwise agreed in writing between the Parties, including in the Order Confirmation, the Parties may terminate the Licence Agreement for convenience upon three months’ prior written notice, effective as of the last day of the third month.
    • XENTRA shall always have the right to terminate the Licence Agreement with immediate effect if

(i) the Customer or its management has been sentenced or suspected to violate the local laws or (ii) the Customer or its management is or becomes subject to, or operates in a country that is or becomes subject to, the sanctions imposed by the EU or United Nations from time to time.

  • If a breach of the Customer’s obligations under the Licence Agreement is confirmed or suspected on reasonable grounds, or if the Customer files for a petition in bankruptcy or insolvency or assigns a substantial portion of its assets to the benefit of creditors, or the Customer commits or threatens XENTRA to make unlawful or offensive actions, XENTRA may suspend the Customer’s access or restrict it to read-only, until the matter is resolved. XENTRA gives prior notification and the Customer reasonable time to respond before restricting access, and reserves the right to terminate the Limited Licence(s) granted herein and the Licence Agreement if the Customer fails to remedy or correct its actions. XENTRA may at its discretion terminate the Limited Licence(s) granted herein with immediate effect if the Customer is in material breach of the Licence Agreement.
    • Upon termination, or when the Customer instructs XENTRA in writing to cease the relevant Processing of Personal Data on behalf of the Customer, XENTRA will delete the Personal Data from its systems within reasonable time, unless mandatory provisions of law or court orders require otherwise. In the event XENTRA is legally required to not delete the Personal Data, XENTRA will continue to maintain the security of the Personal Data as set out in the TOS. The timeframe within which the Personal Data will be deleted varies from Software to Software. After deleting the Personal Data, XENTRA has no further obligations towards the Customer in regards to Personal Data processed on behalf of the Customer.
  • The Customer may request the return of Personal Data within 30 days following termination, or the data may be irrecoverably deleted. Return of Personal Data will be in a format, time and method of delivery determined by XENTRA, and may vary from Software to Software. XENTRA reserves the right to charge its, at the time, standard rates for such returns.
    • Immediately upon the termination of the Licence Agreement, for whatever reason, the Limited Licence(s) granted to the Customer are revoked automatically, and the Customer undertakes to cease using the Software.

5.7.        Governing law and dispute resolution

  • The Customer is contracting with the XENTRA Company from which the right of use for Software was ordered, as evident from the Order Confirmation and invoice.
    • The Licence Agreement is governed by and must be construed in accordance with the laws of the country in which XENTRA has its head office, excluding any conflict of law provisions. A dispute in connection with, or arising out of, the Licence Agreement, or the use of the Software, shall be attempted to be resolved through amicable negotiations, and the Customer agrees to take part in such, including on e-mail and verbal meetings/phone calls on XENTRA’s request. If amicable negotiations do not result in a mutually acceptable solution, the Parties agree to refer the dispute to the ordinary courts of the country, and region, in which XENTRA has its head office as the exclusive venue. XENTRA is entitled to decide that the proceedings shall be held in English, to the extent possible.
    • The Parties agree not to bring claims arising out of the Licence Agreement when more than one year has passed after its termination.
    • In cases of doubt over interpretation between the TOS in English and any other language, English shall take precedence.