Terms of Service

This page includes the Terms of Service, which is the full agreement entered into by you, the Customer, when completing the signup for Extellio. The Terms of Service include a Service Agreement, General Terms & Conditions, End-user Terms, and a Personal Data Processor Agreement. Please read everything on this page thoroughly before signup.


Service Agreement between Extellio and the Customer

Version 2024-1.4, published 2024-10-31

1.     This service agreement constitutes a binding agreement, entered into when the signup process is complete, between the Customer and Extellio International AB with Swedish organization number 556555-1321 (”Extellio”) according to the specification of the chosen plan, including products, services, prices, data source (e.g. a website), volumes and agreement period, as shown at signup and in the order confirmation (hereinafter the ”Service Agreement”). 

2.     Any analysis and support services are available for call-off during the Agreement Term to which they belong.

3.     For support services without a stated end date, parts that have not been fully utilised during an agreement term can be transferred to a directly following agreement term.

4.     The Services are paid in advance at the beginning of each Agreement Term according to the agreed payment method.

5.     VAT is added to all prices.

6.     The Service agreement is automatically extended with a new Agreement Term if it is not terminated before the end of the current Agreement Term for monthly subscriptions, and at the latest one month before the end of the current Agreement Term for yearly subscriptions,

7.     Volumes are handled differently for different products.

    1. All free licenses and all heatmap- & session recordings licenses are offered as fixed-volume products, meaning that they will stop collecting data when the volume stated in the Service Agreement is reached. The Customer will not be charged any extra fees at any point.
    2. The paid analytics and survey licenses are offered as variable-volume licenses, meaning that Extellio will keep collecting data above the volume level stated in the Service Agreement by automatically and recurringly increasing it by 1/5 when it’s reached. Extellio will subsequently charge the Customer for the extra volume at the same price/volume as for the stated level.

8.     Acceptance of the Service Agreement also means that the Customer enters into the Extellio Personal Data Processor Agreement, whereby Extellio becomes the personal data processor for the Customer. 

9.     Extellio General Terms and Conditions apply throughout the Entire Agreement Term.

10.     The definitions in the General Terms and Conditions also apply in the Service Agreement and the specification.

11.     By accepting the Service Agreement, you certify that you have the right to enter into this Agreement in its entirety on behalf of the Customer.


General terms and conditions for the use of Extellio services

General Terms and Conditions, version 2024-1.3, last updated 2024-02-07

1        General starting points

1.1       These general terms and conditions (the “Terms and Conditions") apply when Extellio International AB, org. no. 556555-1321, ("Extellio") provides its services and/or products (hereinafter the "Services") to legal or natural persons who have entered into a contract for the use of the Services (hereinafter the "Customer"). Extellio and the Customer are hereinafter jointly referred to as the "Parties" and individually as the "Party".

1.2       In order to use the Services, the Customer has entered into a supply agreement with Extellio that constitutes a service agreement between the parties ("Service Agreement") through online acceptance, acceptance of a quote, or otherwise - such as through an organization certified by Extellio ("Certified Partner").   

1.3       Extellio provides the Services to the Customer under the Terms and Conditions, the Service Agreement and the specification applicable from time to time for each Service ("Service Specification") available on the Extellio website. 

1.4       The Service Agreement is concluded for a fixed period ("Agreement Term") and if it is renewed, a new Agreement Term equal to the initial Agreement Term will commence. All Agreement Terms together, until the termination of the Service Agreement, constitute the entire term of the agreement ("Entire Agreement Term").

1.5       The Terms and Conditions are annexed to, and therefore subordinate to, the Service Agreement. 

1.6       The Services constitute access to features of the Extellio online platform ("Online Services") and other services Extellio provides from time to time ("Other Services"). 

1.7       The Online Services means the services provided by Extellio to the Customer via its online platform, the content thereof and any documentation related thereto - including upgrades, modified versions, updates and additions to these services and the content thereof and/or related documentation.

1.8       The Online services are offered as different product bundles, based on the type of use they are intended for, including, but not limited to, measuring UX websites or in SaaS products, or sending out surveys to customers. Products bundles can consist of one or several products. The Customer is only entitled to use the Online Services within the defined scope of the product bundles and products agreed upon in the Service Agreement.

1.9       Access to the Online Services requires that the Customer as well as - if applicable - users designated by the Customer ("Users") accept Extellio's end user terms and conditions ("End User Terms") when a user account is created. The End User Terms are subordinate to the Service Agreement, but the Customer is ultimately responsible for all Users and that their use of the Online Services complies with both the Service Agreement and the End User Terms. 

1.10    Extellio reserves the right to modify the Service Specification for the Services from time to time in light of future developments, changes, and new versions.

2        Different forms of Service Agreement for the Online Services

2.1       Extellio offers the Customer the possibility to enter into various forms of Service Agreements from time to time. With the exception of customized solutions offered via quotation, the Customer has the possibility to use the Online Services through:

            i. free versions (the "Free Versions"); or 

            ii. different pay versions (the "Pay Versions"). 

2.2       The Terms and Conditions apply regardless of the Online Service selected, unless otherwise stated.

3        Delivery

3.1       The Services must meet all functional, content, quality, system and other requirements set out in the Service Agreement and the Service Specification. However, Extellio has the right to unilaterally decide on the scope of both the Service Agreement and the Service Specification for the Free Versions and these may therefore change during the current Agreement Term. 

3.2       The Services are provided during the Agreement Term as set out in the Service Agreement. If the Service Agreement is not renewed and thus terminated, the Customer is no longer entitled to use the Services.

3.3       The Services are considered delivered in their entirety as soon as the Customer has access to them. Such delivery also exists in situations where the Customer, for whatever reason, has not used or, as the case may be, has not subscribed to all or part of the Services during the Agreement Term to which those Services belong. The Customer shall not be entitled to compensation or credit for all or part of the Services not used during the Agreement Term.

3.4       Extellio shall, subject to the limitations set forth in the Terms and Conditions, provide the Online Services so that the Customer and Users who have a valid license can access them via the Internet.

4        License for Online Services

4.1       Extellio grants the Customer a time-limited, non-exclusive, non-transferable license to use the Online Services and their content during the Agreement Term in accordance with the Service Agreement, the Service Specification and the Terms and Conditions.  

4.2       All rights, including all copyright and other intellectual property rights and all other rights, in the Online Services, and in all content of the Online Services such as text, illustrations, photographs, film clips, sound clips and 3D animations, are owned by Extellio and the respective author(s). 

4.3       The Customer may, as a result of the terms of the Service Agreement, have the right to allow Users to use the Online Services in accordance with the Terms and Conditions. Such access is subject to the respective User's acceptance of the End User Terms when the User creates his/her user account. The Customer is ultimately responsible for all Users and their use of the Online Services.

4.4       The Online Services may only be used within the Customer's business and as specified in the Service Agreement. The Customer is therefore responsible for ensuring that accounts are only granted to Users who work within its own organization, such as employees and consultants acting as employees. Exceptions are persons approved by Extellio or working for Certified Partners of Extellio.

5        Impermissible use

5.1       It is the responsibility of the Customer to prevent use and access of the Online Services other than as permitted by the Service Agreement, the Terms and Conditions, the End User Terms or applicable mandatory law. The Customer shall immediately notify Extellio if the Customer becomes aware of or suspects any unauthorized use of or access to the Online Services, or that a password has been provided to a user other than a user with a valid license for the Online Services.

5.2       Except as expressly stated in the Service Agreement, the Terms and Conditions and the End User Terms or as permitted by mandatory law, the Customer may not, for example

i          copy in any form or format all or any part of the Online Services or any content of the Online Services other than the data collected on behalf of the Customer;

ii         modify or reproduce any content of, or any part of, the Online Services;

iii        lend or rent, distribute, resell, or otherwise provide or make available the Online Services or any content on the Online Services to any third party;

iv       embed the Online Services in any other system (e.g. by means of an iframe) without special agreement.

v         attempt to circumvent the security systems of the Online Services or attempt to test the security of the Online Services;

vi       use the Online Services in any manner that could damage, disable, overburden, impair or interfere with any other customer's use of the Online Services. This includes, but is not limited to, sending or transmitting any material that contains software viruses or other computer code, files or programs designed to damage, disable, destroy or impair the functionality of any computer software or hardware or equipment directly or indirectly connected to the Online Services;

vii      attempt to gain unauthorized access to any computer system, network, content or information comprising the Online Services or the system on which the Online Services are based. The Customer shall also not attempt to access any material or information not intentionally made available or intended to be made available through the Online Services.

5.3       Violation of paragraphs 5.2 i-vii above shall always be considered a serious breach of the Terms and Conditions, which entitles Extellio to immediately close the Online Services to the Customer and/or make the Online Services inaccessible to the Customer, or otherwise prevent further unauthorized conduct. Breaches of the terms of this paragraph may give rise to claims for damages.

5.4       In the event of unauthorized use of or access to the Online Services or unauthorized content in the Online Services, or when there is reasonable suspicion thereof, Extellio is entitled to prevent the Customer's access to the Online Services with immediate effect until further notice, without any right to compensation or indemnification for the Customer.

6        Right to data

6.1       The Customer has access to data collected by Extellio on its behalf ("Collected Data") in logged-in mode in the Online Services or via the API. Collected data may include, for example, data that Extellio collects from participants in customer surveys ("Respondents") or via script, or by other means through the Online Services.

6.2       Extellio may not share or transfer Collected Data that identifies the Customer to organizations that are not part of the same group of companies as Extellio, without the permission of the Customer. 

6.3       The exception to 6.2 is subcontractors to Extellio who store and process data. 

6.4       If the Customer agrees, Extellio has the right to share data relating to the Customer with a Certified Partner with whom the Customer cooperates in order for the Certified Partner to carry out its work.

6.5       The Customer grants Extellio the right to, even after termination of the Service Agreement, keep a data-preserved copy, cleared from any personal data, of the Collected Data as well as the data that the Customer transmits to Extellio's systems. 

6.6       Extellio has the right to use the data referred to in 6.5 to perform and improve its services, such as for industry benchmarking and index calculations.

7        Defects

7.1       Defect means a non-conformity with the specification of the Services or the Service Agreement caused by Extellio that results in a significant reduction in value, function or availability for the Customer, such as downtime or other malfunction of Extellio's online services (hereinafter “Defect"). 

7.2       Extellio's liability for Defects does not include:

i          Defects which are not relevant to the intended use of the Services or which cannot be considered to constitute an inconvenience to the Customer, or

ii         Defects caused by the use of the Services by the Customer, the respondent or any other third party other than as set out in the Service Specification.

7.3       Extellio's liability for Defects in the Services is limited to promptly - after the Customer's written notice of the nature, type and extent of the Defect - rectifying the Defect free of charge. If Extellio fails or neglects to remedy such Defect within a reasonable time, the Customer shall be entitled to compensation for the direct loss suffered as a result of the Defect in accordance with Section 12 of the Terms and Conditions. 

7.4       When using the Free Versions, the Customer is never entitled to any compensation whatsoever from Extellio for Defects or omissions, including loss suffered by the Customer due to circumstances for which Extellio is liable. 

7.5       The Customer shall not be entitled to any further remedies for any Defect in the Services.

8        Copyright and intellectual property rights

8.1       Extellio owns, or otherwise disposes of, all rights for the provision of the Services. This does not include any work, materials or rights provided by the Customer as a result of the Customer's use of the Services. 

8.2       A Party is responsible for ensuring that all rights for the use of material provided by said Party for the use of the Services in the intended manner have been obtained from the relevant right holder. 

8.3       Extellio reserves the copyright and all other rights in the Services and any portion of the Services. The copyright for all changes to the Services, including those changes to which the Customer contributes, is the property of Extellio. The Customer may not make any changes to the Services, its layout or design without Extellio's express written consent.

8.4       The Customer grants Extellio the right to, even after termination of the Service Agreement, use and retain a data-preserved copy, cleared from any personal data, of Collected Data and any information added to the Services by parties other than Extellio, such as Respondents, the Customer and/or website visitors. 

8.5       Any Party that fails to comply with its obligations under this paragraph shall indemnify the other Party for all its losses, including any claims for damages or claims by third parties, arising out of the infringement of any other intellectual property right by the material provided. The indemnification obligation shall be subject to the condition that the Party subject to a third party claim immediately notifies the other Party in writing and offers the other Party the opportunity to bring or otherwise manage such claim or legal proceeding itself.

9        Personal data and responsibility for material

9.1       Unless the Parties have entered into a written agreement whereby Extellio acts as data processor for the Customer, Extellio is the controller of personal data provided through the Online Services or Other Services. Such processing is carried out in accordance with the Extellio privacy policy in force at the time. 

9.2       In the event that Extellio is the data controller, Extellio reserves the right to continually remove or anonymize personal data received through the Online Services or Other Services that Extellio deems superfluous, in violation of the Terms and Conditions, or incompatible with applicable laws or other regulations, in accordance with Extellio’s privacy policy applicable from time to time. Actions taken by Extellio, as stipulated in this clause 9.2, will not constitute a breach of the Terms and Conditions nor the Service Agreement on Extellio’s part, and the Customer may not make claims or demand compensation from Extellio for any such actions.

9.3       In the event that the Customer or User gains access in the Online Services to personal data that the Customer is not permitted to process in accordance with the Parties' agreement, or Applicable Personal Data Legislation, the Customer shall notify Extellio without delay.

9.4       The Customer is responsible for not storing, making available or otherwise processing any personal data that it accesses in the Online Services and which the Customer is not permitted to process in accordance with the Parties' agreement, or Applicable Personal Data Legislation.

9.5       The Customer is responsible for not uploading to the Online Services, or otherwise disclosing to Extellio, personal data that the Customer is not entitled to disclose to Extellio. 

9.6       If it comes to the knowledge of any Party that the Customer has processed personal data in breach of 9.3 or 9.4, the Party shall notify the other Party of this and of the data concerned, after which a decision on erasure shall be taken.

9.7       The Customer shall indemnify Extellio or its representatives for any loss they may suffer as a result of the Customer's breach of 9.3 - 9.6.

10     The Service and limitation of liability 

10.1    Extellio may, and reserves the right to, modify, upgrade, and update the Online Services during the term of the Agreement.

10.2    Extellio has the right to interrupt the Customer's access to the Online Services during the Agreement Term for upgrading, updating, maintenance and similar measures. Extellio shall notify the Customer prior to such interruption, if it is expected to last longer than 2 hours during business hours, and shall take reasonable measures to limit the extent of the interruption and its impact on the Customer's access to the Online Services. 

10.3    The Customer shall not be entitled to compensation for such interruption as referred to in 10.2, nor shall it be deemed to affect the Customer's access to the Online Services.

10.4    The operation of the Online Services is subject to certain technical requirements relating to Internet access, platforms and devices being met by the Customer. The Customer is responsible for meeting such technical requirements. Technical requirements for platforms and devices may change in connection with modifications, upgrades, updates and/or additions to the Online Services. 

10.5    Extellio does not warrant that the Online Services will operate satisfactorily or fully on all platforms and devices. If the Online Services do not function satisfactorily or if the Online Services cannot be fully used on a particular platform or device, the Customer shall inform Extellio accordingly. 

11     User-created material

11.1    In the Online Services, the Customer can create and upload, for example, questionnaires, images, logos or similar. Extellio reserves the right to decline to make such material available or to discontinue making such material available through the Online Services. This may be because, in Extellio's opinion, the material is not of sufficient quality for the purpose, the material has a political purpose or content, the material is otherwise inappropriate for the purpose, or may be contrary to law or other rules. 

11.2    Extellio is granted an unlimited right to use, for the purpose of enriching the Extellio Services, without compensation, the anonymized text and structure of questionnaires created by the Customer. This includes copying, using and processing the material.

12     Damages

12.1    Extellio is liable, subject to the limitations set out in the Terms and Conditions, only for direct loss suffered by the Customer as a result of Defects or omissions caused by Extellio in the performance of the Services.

12.2    However, Extellio's liability under clause 12.1 does not extend to indirect loss, whether by way of damages (including for negligence or breach of statutory duty), contract, misrepresentation, restitution or otherwise, loss of profits, loss of business and/or contracts, depletion of goodwill and/or similar losses or loss or corruption of data or information, or pure economic loss, or for any special, indirect or consequential loss, costs, damages, charges or expenses howsoever arising, as a result of its provision of the Services. 

12.3    The Customer assumes sole liability for the results obtained from the use of the Services and for any conclusions drawn from such use. Extellio is not liable for damages caused by defects or omissions in information or instructions provided by the Customer to Extellio in connection with Extellio's performance of the Services, or actions taken by Extellio pursuant to the Customer's instructions.

12.4    Extellio's aggregate liability for the Services is limited to the lesser of twenty-five (25%) percent of the annual contract sum for the Services or one million Swedish kronor (SEK). 

12.5    The Customer's right to damages is forfeited if an action for damages is not brought within one year of the occurrence of the Defect.

13     Services and payment terms

13.1    The following applies unless otherwise agreed in the Service Agreement:

i          VAT is added to all prices

ii         The Services are paid for in advance according to the price list in force at the start of the Agreement Term. 

iii        The Services are paid for by one of the payment options provided by Extellio

iv        If the Customer is approved by Extellio for invoice payment, 30 days payment applies.

v         In the event of late payment, Extellio is entitled to charge interest on arrears in accordance with the law. 

vi       The Service agreement is automatically extended with a new Agreement Term if it is not terminated before the end of the current Agreement Term for monthly subscriptions, and at the latest one month before the end of the current Agreement Term for yearly subscriptions.

vii       The price for different Services can be based on a fixed volume and/or a variable volume.

a) A Service based on fixed volume will stop collecting data once the volume limit, as stated in the Service Agreement, is reached.

b) A Service based variable volume will continue to collect data above the volume stated in the Service Agreement by automatically and recurringly increasing it by 1/5 when it’s reached. At the end of each month, the volume is reset to the stated volume. Extellio will subsequently charge the Customer for the extra volume at the same price/volume as for the stated volume.

viii       The Customer is not entitled to compensation for using a lower volume metric level during an Agreement Term than the billing at the beginning of the Agreement Term was based on.

ix         Any analysis and support services are available for call-off during the Agreement Term to which they belong.

x          Extellio has the unilateral right to adjust the content and scope of products and license levels, and the price list for the Services from time to time. For the Customer, such adjustment will only take effect in connection with the renewal of the Service Agreement and the commencement of a new Agreement Term.  

13.2    Extellio reserves the right to unilaterally decide to provide certain parts of the Services when the Service Agreement is automatically renewed, no longer in which case they will automatically lapse. The Customer will be informed of this at the time of renewal and these Services will be deducted from the invoice.

14     Force majeure

14.1    If performance of any of the Party's obligations is prevented or impeded by circumstances beyond the control of the Party concerned, such as new legislation, industrial disputes, epidemics of disease, war, mobilization or major military drafts, government regulations, general restrictions on access to data networks, general shortage of transport, goods and energy, or errors or delays in deliveries by subcontractors due to circumstances specified herein, and such condition causes a delay or other impediment, the condition shall, for so long as it continues, give rise to a release from any sanctions, provided that the Party unable to perform its obligations has promptly notified the other Party thereof.

15     Confidentiality

15.1    The Parties acknowledge and agree that information received from the other Party in connection with the Services or quotations/contract execution is confidential information and may constitute trade secrets of the other Party. 

15.2    Confidential information includes, but is not limited to, information to which the Party gains access as a result of the contractual relationship, whether the information is in oral, written or other form.

15.3    Confidential Information does not include information that (a) is generally known or generally available to the public independently of the Party's actions, (b) the Party had knowledge of prior to obtaining the information from the other Party, or (c) the Party rightfully obtained from third parties who had the right to transfer or disseminate the information.

15.4    The results that Extellio delivers to the Customer within the framework of the Services are the Customer's confidential information. However, Extellio may freely use the Customer's results anonymously to enrich the Services, e.g. in calculating industry indices and other comparisons.

15.5    The other Party's confidential information may not be used by a Party without the express consent of the other Party, other than such use as is necessary to fulfill obligations under the Service Agreement. 

15.6    The Parties undertake not to disclose or otherwise disseminate to unauthorized persons any confidential information of the other Party and undertake to take reasonable precautions to prevent any unauthorized disclosure of confidential information. In this respect, the Parties are also responsible for their employees, consultants and subcontractors.

15.7    The Parties have the right to publish the customer relationship in sales materials, newsletters and on their websites. Other means of disclosing the customer relationship, such as advertising, require the written consent of the other Party, unless such disclosure is required by law.

16     Early termination of the agreement

16.1    If a Party suspends payments, initiates composition proceedings, is declared bankrupt or is otherwise deemed to be insolvent, or if a Party commits a material breach of contract, the other Party shall be entitled to terminate the Agreement with immediate effect without liability for damages, even within the Agreement Term.

17     Other provisions

17.1    The Customer shall at all times have at least one named contact person, such as an account manager in the Online Services, working with or for the Customer and Extellio shall be notified in the event that the Customer appoints a new contact person.

17.2    Our failure to enforce any right or provision of the Terms and Conditions shall not be deemed a waiver of those rights. If any provision of the Terms and Conditions is held to be invalid or unenforceable by a court, the remaining provisions of the Terms and Conditions will remain in full force and effect.

17.3    Extellio reserves the right to make reasonable changes and additions to the Terms and Conditions and its annexes during the Agreement Term. Unless otherwise specified in a change of conditions, the following applies. Such changes and additions take effect at the time of contract renewal, with the exception of situations where they have been accepted before or at any other earlier time if required by law, government regulation or precedential court decision.

17.4    A Party may not assign all or part of the Service Agreement to a third party without the consent of the other Party. However, Extellio may assign the Service Agreement to companies within Extellio’s corporate group. Such assignments must be notified to the Customer.

17.5    The Agreement is governed by Swedish law. Disputes relating to the formation, interpretation or application of this Agreement and the agreements and legal relationships arising therefrom shall be settled by arbitration in accordance with the Rules for Expedited Arbitration of the Arbitration Institute of the Stockholm Chamber of Commerce. In the event that the value in dispute in a case exceeds SEK 1,000,000, the dispute shall be settled by arbitration in accordance with the Rules of Arbitration of the Arbitration Institute of the Stockholm Chamber of Commerce.


End-user terms for the use of Extellio services

Version 2022-1.0, published 2022-10-12

1        General starting points

1.1          These end user terms ("End User Terms") apply between you and Extellio International AB, org. no. 556555-1321, ("Extellio") when you create an account to use Extellio services and/or products, in particular in the form of access to features of the Extellio online platform ("Online Services"). The Online Services means the services provided to the Customer by Extellio, the content thereof and any documentation related thereto - including upgrades, modified versions, updates and additions to these services and the content thereof and/or related documentation. 

1.2          Extellio has entered into a separate agreement with a legal or natural person ("Customer") for the use of the Services (the "Service Agreement"). Use of the Online Services is subject to the existence of a valid Service Agreement to which your use is subject.  

1.3          The Customer has given you an authorization to create a user account (the "User Account") within the framework of the Service Agreement, which also requires that you accept the End User Terms specifically addressed to you. As the End User Terms set out what you need to be aware of when using the Online Services, Extellio would like to stress the importance of you reading them.  

2       Prohibitions on the use of the Online Services

2.1          When using the Online Services, you may not:

a)     access, store, distribute or transmit any device or thing (including software, code file or application) that may:

(i)     impair or otherwise adversely affect the operation of any computer software, hardware or network, any telecommunications service, equipment or network, or any other service or device;

(ii)    prevent, impair or otherwise adversely affect the access to or operation of any program or data, including the reliability of any program or data (whether by rearranging, modifying or deleting the program or data in whole or in part or otherwise); or

(iii)   adversely affect the user experience, including worms, Trojan horses, viruses and other similar items or devices.

b)     except as permitted by applicable law that cannot be excluded by agreement between the parties and except to the extent expressly permitted by the End User Terms:

(i)     attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit or distribute all or any part of the Online Services (as applicable) in any form or media or by any means; or

(ii)    attempt to reduce all or any part of the Online Services to human form by reverse engineering, disassembly or otherwise; or

c)     access all or any part of the Online Services and documentation to build a product or service that competes with the Online Services;

d)     use the Online Services to provide services to third parties;

e)     use the Online Services in such a way that they affect the functionality of the Customer's website (or other digital applications on which the Online Services are used) or do not comply with the Customer's policies; 

f)      license, sell, rent, lease, transfer, assign, distribute, display, disclose or otherwise commercially exploit, or otherwise make the Online Services available to any third party; or

g)     attempt to obtain, or assist third parties to obtain, access to the Online Services. 

3       Prohibitions on the content you create 

3.1         You may not access, store, distribute or transmit any material during your use of the Online Services that:

a)     is unlawful, harmful, threatening, defamatory, obscene, abusive, harassing, or racially or ethnically offensive;

b)     promotes illegal activities;

c)     depicts sexually explicit images;

d)     promotes illegal violence;

e)     is discriminatory on grounds of race, gender, skin color, religious belief, sexual orientation or disability;

f)      does not comply with the Customer's policies; or

g)     in a manner that is otherwise unlawful or causes damage or harm to any person or property.

4       License

4.1         Extellio grants you, through your User Account, a time-limited, non-exclusive and non-transferable license to use the Online Services and their content during the term of the Service Agreement in accordance with these End User Terms, the general terms and conditions, and the Service Agreement, accepted by the Customer.  

4.2         All rights, including all copyright and other intellectual property rights and all other rights, in the Online Services, and in all content of the Online Services such as text, illustrations, photographs, film clips, sound clips and 3D animations, are owned by Extellio and the respective author(s). 

4.3         The Online Services may only be used within the Customer's business and as specified in the Service Agreement. You are therefore responsible for contacting the Customer if you are in any doubt as to what applies to you. 

5       Extellio processing of your personal data

5.1         If Extellio processes any of your personal data, you need to read the Extellio Privacy Policy and Cookie Policy, which are available via the Extellio website. 

5.2         Extellio may also, as set out in the Service Agreement, process your personal data on behalf of the Customer as a data processor. 

6       Your use and handling of personal data

6.1         As a User, you are given some leeway to manage Online Services where the personal data of others - in addition to that of other Users - may be present, such as website visitors and recipients of or respondents to surveys ("Other Personal Data)". As a User, you have a responsibility to find out whether the Customer or Extellio is the data controller of Other Personal Data. If you are unsure, please contact us at persondata@extellio.se.

6.2         If Extellio is the controller of Other Personal Data, the following applies.      

i           As a User, you may not knowingly upload Other Personal Data to, or collect Other Personal Data using, the Online Services - for example, through Session Recordings or by asking respondents to provide Other Personal Data in surveys.

ii           If you gain access to Other Personal Data in the Online Services, you must notify Extellio without delay. In most cases, you can do this directly in the Online Services.

iii          Other Personal Data that you access through the Online Services may also not be disclosed, stored, or made available without your consent. 

6.3         If the Customer is responsible for Other Personal Data, you should inform yourself of the Customer's applicable Privacy Policy and/or other policies relating to the Customer's personal data management.

7        Penalties for breach of contract

7.1          If you violate the End User Terms, Extellio reserves the right to discontinue your access to the Online Services with immediate effect, temporarily or permanently. Violations may also result in Extellio choosing to also terminate the agreement with the Customer. In addition, Extellio may bring claims for damages against you or the Customer.   

8        Other

8.1          Our failure to enforce any right or provision of the End User Terms will not be deemed a waiver of those rights. If any provision of the End User Terms is held to be invalid or unenforceable by a court, the remaining provisions of the End User Terms will remain in effect.

8.2          Extellio reserves the right to modify the End User Terms from time to time in light of future developments, changes, new versions of the Online Services. If you do not agree to the new End User Terms, you will not be granted access to the Online Services. 

8.3          The End User Terms shall be governed by and construed in accordance with Swedish law, without regard to its conflict of law provisions.

Contact details

If you have any questions about the End User Terms, please contact us at helpdesk@extellio.com.


Personal Data Processor Agreement

Version 2024-v1.2, published 2024-02-07

 PERSONAL DATA PROCESSOR AGREEMENT

BETWEN

 THE CUSTOMER

AND

Extellio International AB

 This personal data processor agreement (the ”Agreement”) has been entered into this day by and between:

(1)           The Customer, and

(2)           Extellio International AB, reg.no. 556555-1321, registered address Djäknegatan 9, 211 35 Malmö, (”Extellio”).

The Customer and Extellio are referred to below jointly as the ”Parties” or individually as ”Party”.

Background

(A)         The Parties have previously – or in connection with this Agreement – entered into a services agreement, hereinafter referred to as the "Main Agreement".

(B)         Within the scope of the obligations set forth in the Main Agreement, Extellio may come to process personal data as well as other information on behalf of the Customer.

(C)         As a consequence thereof, the Parties are entering into this Agreement to govern the conditions for Extellio’s Processing of – and access to – Personal Data belonging to the Customer, in accordance with the definitions below. The Agreement applies to all agreements executed by the Parties in which Extellio is a Processor on behalf of the Customer and the Agreement applies for such time as Extellio Processes Personal Data on behalf of the Customer.

1             Definitions

Unless otherwise clearly dictated by the circumstances, definitions or terms used in this document shall have the meaning set forth below and such definition or term as used in the General Data Protection Regulation which has not been stated below shall have a corresponding definition to that in Article 4 of the General Data Protection Regulation.

Other Rules

means national laws, ordinances, regulations, and court decisions, as well as decisions, guidelines and general advice from relevant public authorities (including the Article 29 issued by the European Data Protection Board) which from time to time are applicable to the Processing of Personal Data (excluding the General Data Protection).

Processing

means a measure or combination of measures regarding Personal Data or sets of Personal Data, irrespective of whether performed automatically or not, such as compilation, registration, organisation, structuring, storage, processing or change, production, reading, use, disclosure through transfer, distribution or provision in some other manner, adjustment or consolidation, limitation, deletion or destruction.

General Data Protection Regulation

means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Instruction

means instructions issued by the Customer from time to time to Extellio within the scope of this Agreement; see Appendix 3.1.

Personal Data

means any information relating to an identified or identifiable natural person, whereupon an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or online identifier or one or more factors specific to the psychological, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller

means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means for the Processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided by Union or Member State law.

Processor

means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.

Personal Data Breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data which is transferred, stored or otherwise Processed.

Data Subject

means the living natural person whose Personal Data is Processed.

 

2             Documents

2.1        The Agreement comprises this document and the attached Instruction; see Appendix 1.

2.2        In the event of discrepancies between this document and the Instruction, this document shall take precedence unless specifically stated or the circumstances clearly otherwise dictate.

3             Generally regarding the Processing of Personal Data 

3.1        The Customer is Controller in respect of the Personal Data which is Processed within the scope of the Main Agreement. In the event Extellio was previously Controller in respect of such processing, the Parties are in agreement that this personal data responsibility shall pass to the Customer upon the execution of the Agreement. 

3.2        Extellio is to be regarded as Processor on behalf of the Customer. In its capacity as Processor, Extellio is responsible for performing all Processing of Personal Data on behalf of the Customer in accordance with the Agreement, the General Data Protection Regulation, Other Rules and in accordance with the Instruction.

3.3        Extellio guarantees that it shall carry out appropriate technical and organisational measures in such a manner that the Processing of Personal Data under this Agreement satisfies the requirements of the General Data Protection Regulation and Other Rules and shall ensure that the rights of the Data Subject are protected.

3.4        Extellio undertakes only to Process the Personal Data that is necessary to achieve the purpose of each Processing. This obligation relates, for example, to the volume of Personal Data, the scope of the Processing, the length of time in which the Personal Data is Processed and its availability.

3.5        Taking into consideration the nature of the Processing, Extellio shall assist the Customer through appropriate technical and organisational measures, insofar as possible, so that the Customer can perform its obligation, upon request, to exercise the Data Subject’s rights in accordance with Chapter III of the General Data Protection Regulation.

3.6        The Customer shall be entitled, from time to time, to have access to and control the Processed data and the data generated in conjunction with Extellio’s Processing of the Customer’s data.

3.7        Extellio shall notify the Customer immediately in the event Extellio is unable to perform its obligations under this Agreement or if Extellio considers that an Instruction provided by the Customer regarding the Processing of Personal Data violates the General Data Protection Regulation for Other Rules, provided that Extellio is not prevented from disclosing such information to the Customer in accordance with the aforementioned legislation.

4             Purpose and type of Personal Data, etc.

The Instruction shall, inter alia, state the purpose of the Processing, the durability, nature and purpose of the Processing, the type of Personal Data and categories of Data Subjects.

5             Extellio’s personnel, etc.

5.1        Extellio, its employees and other persons who perform work under Extellio’s supervision and who receive Personal Data belonging to the Customer, may only Process such upon instructions from the Customer, unless there is an obligation to do so pursuant to Union law or Swedish national law.

5.2        Extellio shall ensure that its employees and all other persons for whom Extellio is responsible and who are authorised to Process Personal Data covered by this Agreement are subject to a confidentiality undertaking (unless such person is covered by a relevant and suitable statutory duty of confidentiality). The Customer is entitled, upon request, to review such confidentiality undertaking. 

6             Security 

6.1        Extellio shall take all necessary measures regarding security in connection with the Processing as required pursuant to the General Data Protection Regulation (in particular Article 32), Other Rules and this Agreement.

6.2        Taking into consideration the type of Processing and the information that Extellio possesses, Extellio shall assist the Customer in ensuring that obligations concerning security – in the manner set forth in Article 32 of the General Data Protection Regulation – can be performed.

6.3        When assessing a suitable security level, particular consideration shall be given to the risks resulting from Processing, in particular from unintentional or unlawful destruction, loss or changes or to unauthorised disclosure of or unauthorised access to the Personal Data that is transferred, stored or otherwise Processed.

6.4        Upon request by the Customer, the Parties shall assess each year the technical, organisational and security requirements in the Agreement, the General Data Protection Regulation or Other Rules to ensure that the application of this Agreement satisfies such requirements.

7             Personal Data Breaches

7.1        Taking into consideration the type of Processing and information to which Extellio has access, Extellio shall assist the Customer in ensuring that the obligations in connection with any Personal Data Breach can be performed in such a manner as set forth in Articles 33 and 34 of the General Data Protection Regulation.

7.2        Extellio shall notify the Customer without unnecessary delay, however not later than 24 hours, after Extellio has learned of a Personal Data Breach. The notice shall contain the following:

(a)          describe the nature of the Personal Data Breach, the categories and approximate number of Data Subjects affected and the categories and approximate number of personal data items affected;

(b)          describe the likely impact of the Personal Data Breach.

7.3        Extellio undertakes to document all Personal Data Breaches, including the circumstances of the Personal Data Breach, its effects and the corrective measures taken of which Extellio is aware. Upon request, the documentation shall be provided to the Customer as soon as possible.

8             Impact assessment and prior consultation

Taking into consideration the nature of the Processing and the information that is available to Extellio, Extellio shall assist the Customer in performing any of its obligations to conduct an impact assessment and/or prior consultation with the supervisory authority in accordance with Articles 35 and 36 of the General Data Protection Regulation.

9             The Instruction

9.1        Extellio may only Process Personal Data covered by this Agreement in accordance with the documented Instructions (including with respect to transfers of Personal Data to a third country or an international organisation, unless such Processing is required pursuant to Union law or the national Law of a Member State to which Extellio is subject, and in such case Extellio shall notify the Customer regarding the legal requirement prior to the data being Processed, provided such information is not prohibited based on reference to an important public interest under relevant national law).

9.2        The Customer is entitled to update the Instruction from time to time. Extellio is entitled to compensation for additional costs resulting from the Customer changing the Instruction.

10         Subprocessors

10.1     Under the Agreement, Extellio is given a general authorization to retain and utilize sub-processors, which are specified at www.extellio.com/subprocessors (the “Sub-processor List”), provided that the conditions to this section 10 apply.

10.2     Extellio undertakes to maintain and update the Sub-processor List, where any changes to utilized Sub-processors will be made at least 30 days before taking effect. The Customer may subscribe to e-mail notifications at www.extellio.com/subprocessors as to receive messages of any eventual changes to the Sub-processor list.  

10.3     If the Customer objects to a Sub-processor change, Extellio shall not be entitled to utilize the Sub-processor in question. However, the Customer acknowledges that the effect of such an objection, and as decided under Extellio’s sole discretion and notwithstanding anything to the contrary in the Main Agreement, may result in Extellio not being obligated to provide any service(s) under the Main Agreement, which Extellio is not able to provide, due to Extellio not being able to utilize the objected to Sub-processor. The Customer further acknowledges that Extellio in such an event will not be at fault for not providing the affected service(s).

10.4     Extellio shall ensure that any utilized Sub-processor enters into a written personal data processor agreement before the Sub-processor begins work related to the Customer. Any such personal data processor agreement must contain, at a minimum, the undertakings and obligations which follow from the Agreement. In any such personal data processor agreement, the Sub-processor shall provide sufficient warranties in respect of taking suitable technical and organisational measures so that the Processing meets the requirements of this Agreement, the GDPR, and any Other Regulation.

10.5     In the event the Sub-processor fails to fulfil its obligations, Extellio shall be liable to the Customer for the performance of the Sub-processors’ obligations and Extellio shall, at all times, be liable for the Sub-processor’s work, undertakings, and obligations.

11         Transfer to third countries  

Extellio may only relocate, store, transfer or otherwise Process Personal Data belonging to the Customer outside the EU/EEA if the Customer has given its prior written consent. Transfer to a third country is conditional also on Extellio, prior to commencement of transfer to a third country, satisfying the requirements and measures set forth in the General Data Protection Regulation or Other Rules regarding transfer to a third country.

12         Requests for information

12.1     In those cases where a Data Subject or another third party requests information from Extellio regarding Processing of Personal Data belonging to the Customer, Extellio shall refer such Data Subject or other third party to the Customer.

12.2     Where a public authority requests such information as set forth in section 12.1, Extellio shall immediately notify the Customer of the request and the Customer shall, in consultation, reach agreement on the most suitable approach.

12.3     Extellio may, in cases other than set forth in sections 12.1 and 12.2 above, only disclose information to a third party if Extellio has received a written instruction to do so from the Customer or such obligation is stipulated in an agreement or mandatory law.

13         Right to information 

13.1     Extellio shall provide the Customer with access to all information required and necessary to enable the Customer to verify compliance with the obligations set forth in this Agreement, the General Data Protection Regulation (in particular Article 28 of the aforementioned Regulation) and Other Rules. In addition, Extellio shall facilitate and contribute to examinations, including inspections, carried out by the Customer or a third party authorised by the Customer. 

13.2     Extellio shall document in writing the measures that the company has taken to perform its obligations under this Agreement, the General Data Protection Regulation or Other Rules. The Customer is entitled to review Extellio’s documentation pursuant to this section.

13.3     Extellio shall at all times be entitled to reasonable notice in the event the Customer wishes to exercise its right to carry out a review or inspection and the Customer shall compensate Extellio for the company’s costs in connection with such review or inspection 

14         Register of processing

Irrespective of whether or not Extellio is obliged to maintain a register pursuant to the General Data Protection Regulation, pursuant to this Agreement Extellio shall maintain an electronic register of all categories of Processing carried out on behalf of the Customer and, upon request, such register shall be available to the Customer or, where appropriate, to the supervisory authority. If a register is not maintained pursuant to the General Data Protection Regulation, the register shall contain at least the following information:

(a)          Name and contact details for Extellio and the Customer and, where appropriate, the data protection officer at Extellio and the Customer;

(b)          the purposes of the Processing;

(c)          a description of the categories of Data Subjects and categories of Personal Data;

(d)          the categories of Processing that have been – and which are being – performed on behalf of the Customer;

(e)          The categories of recipients to whom Personal Data has been disclosed, or will be disclosed, including recipients in third countries or in international organisations;

(f)           the anticipated deadlines for deletion of different categories of data;

(g)          any transfers of Personal Data to a third country or an international organisation, and identification of the third country or international organisation and documentation of appropriate safety measures; and 

(h)          a general description of the technical and organisational security measures that Extellio has taken pursuant to section 7 of this Agreement.

15         Certification 

Certification mechanisms for data protection and seals intended to prove that processing by a Controller or Processor is compatible with the General Data Protection Regulation may be introduced. In the event such mechanisms are introduced and become mandatory, Extellio shall ensure that it becomes certified, at its own expense.

16         Compensation 

With the exception of section 9.2 above, Extellio shall not receive compensation for measures or suchlike that the company takes regarding Processing of Personal Data pursuant to the Agreement or as a consequence of the Agreement otherwise.  

17         Liability 

17.1     Extellio shall compensate the Customer for loss which the company, the Data Subjects or other natural or legal persons or authorities are caused as a consequence of Extellio’s Processing of Personal Data in violation of the Instruction, the Agreement, the General Data Protection Regulation or Other Rules. The Customer shall also be entitled to turn directly Extellio for compensation in respect of the loss which the Customer might possibly suffer due to incorrect handling of Personal Data by a subprocessor. 

17.2     The Parties are in agreement that Extellio’s liability in damages is limited in accordance with section 6 of the general terms and conditions (”General terms and conditions for Extellio’s services”). The parties are aware that the limitation of liability does not apply (i) in the event the supervisory authority or a court issues an administrative fine against any of the Parties; (ii) a Party has a right of recourse against the other Party as a consequence of such Party being required to pay an administrative fine which rightly (or due to joint and several liability) should have been imposed on the first-mentioned Party or (iii) in the event of a claim in damages by a Data Subject.

18         Termination of the Agreement

18.1     This Agreement shall apply even if any other agreement between the Parties terminates until such time as Extellio and any subprocessors retained by Extellio have ceased to process Personal Data on behalf of the Customer. When Extellio ceases the Processing of Personal Data on behalf of the Customer, Extellio shall return all Personal Data to the Customer in the manner notified by the Customer or – if the Customer so notifies in writing – Extellio shall destroy and delete all Personal Data related to the Agreement. 

18.2     After the Agreement has terminated, Extellio shall not be entitled to store any Personal Data belonging to the Customer and, as soon as Extellio has performed in accordance with the provisions of section 18.1 above, Extellio’s right to Process or otherwise use Personal Data belonging to the Customer shall cease (unless storage of the Personal Data is required pursuant to national legislation or Union law).

18.3     Extellio shall, upon request by the Customer, provide written information regarding the measures taken by Extellio to perform its obligations pursuant to this section.

19         Confidentiality 

19.1     The Parties undertake, during the term of the agreement and one year thereafter, not to disclose information to outside parties regarding the content of the Agreement and other information that the Parties have received as a consequence of the Agreement, irrespective of whether the information was provided in writing or orally and irrespective of format (”Confidential Information”). The Parties undertake to use Confidential Information solely for the purpose of performing their obligations under the Agreement and for no other purpose. The recipient Party further undertakes to take necessary measures to prevent employees, subconsultants or other intermediaries from using or disclosing Confidential Information to outside parties and to exercise the same level of care (but not a lower level than reasonable care) to avoid disclosure or use of Confidential Information which the Party uses regarding its own confidential or copyright-protected information. 

19.2     The aforesaid shall not apply to such information as 

(a)          at the time of disclosure enters, or subsequently enters, the public domain other than through violation of the Agreement; or

(b)          was already available to the Recipient Party or which it has independently developed prior to entry into the Agreement and which has not been obtained, directly or indirectly, through violation of the Agreement.

19.3     This confidentiality undertaking does not preclude a Party from disclosing such information as a Party is obliged to disclose pursuant to law, judgment or a public authority decision, or agreement with an exchange or other marketplace. If a Party has an obligation, or is obliged to disclose such information, the Parties undertake to notify the other Party immediately to afford it a possibility to take protective measures. The Parties shall do their best to ensure that information disclosed in accordance with this section is, as far as possible, treated in confidence by the recipient of the information.

20         Assignment of the Agreement

A Party is not entitled, in whole or in part, to assign its rights and/or obligations under the Agreement without the prior written consent of the other Party.

21         Applicable law and disputes  

21.1     The Agreement shall be governed by Swedish law.

21.2     Disputes relating to the Agreement shall be conclusively determined through Arbitration

21.3     Where a dispute is determined through arbitration, it shall be determined by the Arbitration Institute of the Stockholm Chamber of Commerce (SCC). The Rules for Expedited Arbitrations shall apply unless the SCC decides, taking into consideration the complexity of the case, the value of the subject matter of the dispute and other circumstances, that the Arbitration Rules shall apply. In such case, the SCC shall also determine whether the arbitral tribunal shall comprise one or three arbitrators.

21.3.1       The seat of arbitration shall be Malmö. The language for the proceedings shall be Swedish if the Customer has its registered office in Sweden, and English if the Customer has its registered office in another country.

21.3.2       Arbitration which is requested citing this arbitration clause shall be subject to confidentiality. The confidentiality covers all information arising during the proceedings as well as decisions or awards issued as a consequence of the proceedings. Information covered by confidentiality may not be disclosed in any form to a third party without the other Party’s consent.

 


 

APPENDIX 1 to Personal Data Processor Agreement

Instruction regarding handling of Personal Data

Version 2024-1.3, published 2024-02-07

In addition to that which is already stated in the Agreement, Extellio (in its capacity as Processor) shall comply with the instructions below issued by the Customer (in its capacity as Controller)in conjunction with the Processing Personal Data. In the event of discrepancies between this Instruction and the Agreement, the Agreement shall take precedence. Definitions used in this Instruction shall have the same meaning as in the Agreement unless the circumstances otherwise clearly dictate. 

The Customer is at all times obliged to ensure that the Processing that takes place in accordance with this Instruction is lawful and that the Data Subject has been informed of the Processing in a correct manner prior to the Processing.  

 

1             Processing of personal data

1.1          Categories of data subjects 

Extellio is instructed to Process the following categories of data subjects on behalf of the Customer: 

-       Users of the Customer’s digital services where Extellio’s software is implemented.
Email recipients entered by the Customer in Extellio’s software for investigation (for example, customers, potential customers, members, employees, etc. depending on the purpose of the investigation)

-       Other e-mail recipients, with the exception of users in the previous paragraph, that the Customer uploads to Extellio software for surveys (e.g., customers, potential customers, members, employees, etc., depending on the purpose of the survey)

1.2          Categories of Personal Data

Extellio processes the following personal data within the scope of the Instruction: 

-       Name (first name and surname)

-       Company name

-       Address

-       Email address

-       Telephone number

-       Username

-       ID code

In connection with the provision of the services under the Main Agreement, Extellio may need to process the following categories of personal data ("Redundant Data")  that may be revealed or appear in free text answers, search terms, URLs, page titles, heatmaps, session recordings, or survey responses:

-       Name data: includes first and last names.

-       Contact information: Email address and phone number.

-       Identification information: ID code, social security number, or equivalent (depending on jurisdiction).

-       Address Information: Physical address.

-       Usernames: Usernames for digital services.

-       Sensitive personal information: Like political views or health information (see 1.3 for more examples)

-       Other personal information: All other personal data which this Agreement doesn’t explicitly cover.

 

1.3          Special categories of Personal Data

Within the scope of these instructions, Extellio may process special categories of personal data. This is applicable when the Customer chooses to ask questions about such data, such as membership, especially when the Customer represents a trade union, a religious community, or a politically affiliated organization:

-      Political views

-       Religious or philosophical beliefs

-       Trade union membership

-       Health data

-       Data concerning sexual orientation or equivalent

 

1.4          Categories of Processing 

General instructions regarding processing

Extellio performs the following categories of Processing within the scope of the relevant Instruction: 

-       Collection.

-       Registration.

-       Organization/structuring.

-       Processing/modification (if required by data subjects).

-       Utilization to contact a stakeholder/customer regarding either of the Client Panel, product updates in the System or for support-related matters.

-       Storage.

-       Disclosure by transfer to the Customer.

-       Disclosure by transfer to a third party designated by the Customer.

-       Disclosure by transfer to the data subject.

-       Security backup.

 

Processing Instructions for Redundant Data

When Extellio is made aware that Redundant Data is hanled, Extellio shall anonymize or delete the Data without the Customer's active involvement

 

1.5      Purpose of the Processing in question  


In order for Extellio to perform services ordered by the Customer during the term of the Main Agreement, the following Processing is carried out:
-       Collection

-       Registration.

-       Organisation/structuring.

-       Storage.

-       Disclosure through transfer to the Customer.

-       Security backup.

-       Disclosure through transfer to third party designated by the Customer.

-       Use to contact a Data Subject about the Data Subject or where the Controller so requests

 

In order to ensure that both the Customer and Extellio comply with applicable data protection legislation, the following Processing is carried out:

-       Disclosure through transfer to the data subject.

-       Processing/modification (if requested by the data subject).

 

1.6          Location of the Processing   

Within the framework of the Agreement, the Customer instructs Extellio to Process the personal data covered by the Agreement within the EU/EEA.

 1.7         Rights of the Data Subject 

In accordance with the Agreement, Extellio shall, at the Customer's request, enable the Data Subject's right to:

-       access to personal data in accordance with article 15 of the GDPR.

-       rectification of personal data pursuant to article 16 GDPR.

-       erasure of personal data pursuant to article 17 GDPR.

-       restriction of personal data pursuant to article 18 GDPR.

-       data portability of personal data in accordance with article 20 GDPR.

 

2             Precautionary measures 

2.1          Technical and organisational security measures 

Extellio shall take the following technical and organisational security measures when the personal data covered by the Agreement is processed

-       Encryption: Encryption protects personal data by converting it into encoded information.

-       Access to the personal data: access to the personal data will be restricted, for example to authorized employees of the Customer or of Extellio.

-       Backup of the personal data: the personal data covered by the Agreement will be routinely backed up to ensure that the data can be restored if necessary (please note that this is not possible for the data that has been anonymised).  

-       Two-way authorization for access to the personal data: For some of Extellio's product levels, two-way authorization is offered for extra protection when accessing. Please note that the respective user must activate such authorisation function. 

 

3             Subprocessors 

In accordance with the Agreement, Extellio is given a general approval to engage and use sub-processors, provided that these sub-processors meet the requirements set out in the Agreement. Extellio shall maintain an up-to-date list of used sub-processors. This list is available through www.extellio.com/subprocessors.

   

 

4             Duration 

Personal data that has been Processed by Extellio in order to perform ordered services during the contract period of the Main Agreement shall be deleted at the request of the Customer. Such deletion shall take place no later than fourteen (14) days after the Customer has notified Extellio thereof. Extellio shall, within the same period of time, ensure that Extellio's Subcontractors have taken corresponding measures.