This agreement (“Agreement”) applies to the use of the software service Bård (“Solution”). The Agremeent is implicitly accepted by using the Solution. The Solution is developed and delivered by Restack Software AS (“The Provider”). Companies using the Solution are considered a “Customer”. The Customer may give access to one or more users (“User”).

The Solution

The Solution is a web based software service, made available to the Customer by using a browser. The Solution is delivered as is.

The User logs in to the Solution with a username and password. The Customer can invite Users to use the Solution by registering the User in the board of directors for the Customer inside the Solution. The User will then gain access to the information stored by the Customer inside the Solution.

The Customer’s responsibility

The Customer is responsible for assuring that the documentation stored or generated by the Solution, and that the board work being done is according to the current legislation. Use of the Solution is done on the Customer’s own responsibility.

The Customer may add more Users who have access to the Customer’s information inside the Solution. Information about username and passwords must be stored in a secure manner, and must not be shared with other people.

It is not allowed to copy the Solution (reverse engineering), try to gain unauthorized access, or try to damage the Solution by uploading harmful files etc.

The Provider’s responsibility

The Solution is under continuous development, and errors may occur. The Provider shall as soon as possible correct any errors, and will always work to ensure a high availability for the Solution.

The Provider’s responsibility for errors in the system are limited to direct losses the Customer can document to be the result of direct negligence by the Provider. The responsibility is under any circumstance limited to the price of one year subscription for the Customer. In cases of gross negligence or intentions the responsibility is limited to the price of two years of subscription. The Provider is under no circumstances responsible for indirect losses. The Provider has no responsibility for the Customer’s use of board positions or fulfillment of their general board responsibilities.

Some Customer’s may be given early access to new features in the Solution. These will be marked “Beta”, “Early access” or similar to make it obvious that this is functionality under active development. This is done to be able to test new features gradually, and to ensure early feedback from Customers.

The Provider will ensure that satisfactory backup and disaster recovery routines are in place.

Ownership to the Solution

The Customer owns their own data which is registered or uploaded to the Solution. The Provider may gain access to the data only if access is given by the Customer.

The Provider is given permission to create backups of the Customer’s data to secure safe operations of the Solution.

The Provider owns all other parts of the Solution. This includes but is not limited to trade marks, content, databases, source code, processes and analytic models.

Confidentiality

All information registered in the Solution, and any information the Provider is being made aware of via the Customer, is treated with confidentiality. The Proider will take necessary precautions to ensure that no unauthorized people will have access to the information being stored.

Payment

The Customer receives an invoice either yearly or every six months (Invoice Period). The Provider charges the Customer for using the Solution after current prices, and the prices will be adjusted yearly. Subscriptions are invoiced in advance in the start of the Invoice Period, while transactions are invoiced subsequently. The Invoice Period starts when the subscription is created.

Transactions will normally be invoiced together with the next invoice for subscriptions, but if the total price of transactions are more than half of the price of the subscription then the transactions may be invoiced separately.

Invoices are sent via EHF to the Customer’s organisation number, or via the email address the Customer has provided. The payment deadline is 14 days.

Some parts of the Solution may require separate agreements/subscriptions with third parties, including accounting systems. This will be invoiced from the third party and is not a part of this agreement.

Cancellation

The agreement is automatically renewed if it is not cancelled by either party before the start of the next subscription period. Cancellation of the agreement is done by stopping the subscription in the Settings page in the Solution, or by sending an email to the Provider.

On cancellation the agreement runs until the end of the current invoice period. Any accrued transaction costs will be invoiced after the end of the invoice period.

Changes to the Agreement

The Provider can change the Agreement. In that case the Customer will be notified upon next login, and must accept the updated terms and conditions before continuing to use the Solution.

Violations

The Provider can shut down the Customer’s access to the Solution if there are significant violations of the Agreement.

In the event of missing payment the Provider can shut down access to the Solution for the Customer.

Dispute resolution

Let us first and foremost try to find a solution. If there is anything you are not satisfied with please let us know, and we will try our best to solve your issue.

The Agreement is regulated by Norwegian law, and any disputes arising in conjunction with the Agreement that cannot be settled through negotiations shall be processed in the ordinary courts, with Haugaland Tingrett as the legal venue.

Privacy

The Provider is the data controller for personal data linked to the Customer’s access in the Solution. The information is processed in accordance with the Provider’s privacy policy, aswell as current privacy legislation.

If the Customer stores personal data in the Solution then the Provider acts as the processor for the Customer which then acts as the data controller. The following additional terms are applies for the Provider’s processing of personal data on behalf of the Customer.

• The processing of personal data which the data processor does on behalf of the data controller, consists of making the Solution available, aswell as performing necessary maintenance of the Solution (hosting, backup). The Customer can upload documentation related to the organisation or to board work that contains personal data.
• The data processor shall implement measures necessary with regards to article 32 in the General Data Protection Regulation. Appropriate organisational and technical measures are implemented to secure a good and compliant level of security.
• The data processor shall make sure that only the persons who at any time is authorized to, has access to the personal data processed by the data controller. Access to the information must therefore be immediately revoked if the authorization has been removed or expired. Only persons who are authorized to access personal data can be given access to fulfill the data processor’s obligations to the data controller.
• The data processor has the data controller’s general approval to use other data processors. The data processor must nevertheless notify the data controller of any plans on changing or using new data processors. The controller must receive such a notification at a minimum of 4 weeks before the changes take effect. The controller must have the possibility to oppose the changes, and shall notify the processor of this no later than 2 weeks after the notification has been received.
• The data processor shall immediately notify the controller or it’s representative after being made aware of violations of the personal data security at the data processor or a subcontractor.
• The data processor can assist the data controller to secure compliance with GDPR articles 32-36 under the consideration of the nature of the processing and the information available to the data processor.
• In the event of requests for information, the data processor must assist in collecting the necessary information. The data processor must make the information available to the data controller so that the controller can evaluate the request.
• The data processor may charge for services related to assisting the data controller for any of the aforementioned points.

This translation is here to inform. In the event of disagreements only the current Norwegian version is legally applicable.