SERVICE AGREEMENT HEARTPACE AB
Heartpace is a service that helps to create a transparent structure for goal-oriented employee appraisals for companies and organisations. The aim is to create a clear feedback culture, utilise and develop the skills of the employees to the benefit of the organisation’s common goals.
Heartpace, a cloud service which contains a number of modules as described below.
· Profile – basic data in the form of CV skills and other optional information
· Skills profile – support for organising personal, professional and organisational competence.
· Talk – support for conducting and documenting different types of discussions and follow-ups.
· Archiving – a structure for saving documents relating to the employees
The service is developed on a continual basis with new functionality. Releases are ongoing.
All standardised program development is included in the price and provided to the customer.
1. Term of the Agreement
If the test account is not terminated within the test period of 30 days it will run for one year from the time the test account was opened. Unless the Agreement is terminated no later than three months prior to its expiry date it will be automatically extended by 12 months whereupon a new agreement period with 3 months notice will run.
All rights to the information posted belongs to the customer and can be exported by the customer on conclusion of the collaboration.
DATA PROCESSING AGREEMENT
2.1 Words and concepts in this Data Processing Agreement have the same meaning as to be found in the Swedish Personal Data Act (SFS 1998:204) Section 3, which e.g. means that:
a) the Data Controller referred to, alone or together with others determines the purposes and means of the processing of personal data.
b) the Data Processor referred to, processes personal data on behalf of the Data Controller.
c) processing refers to any measure or series of measures taken in respect of personal data, whether by automatic means or not.
d) personal data refers to any information which directly or indirectly may be attributable to a physical existing person.
3. Contents and purpose
3.1 This Data Processing Agreement is designed to meet the requirements of Section 30, second paragraph of the Swedish Personal Data Act, that there should be a written Data Processing Agreement on the Data Processor’s processing of personal data on behalf of the Data Controller.
3.2 The Service Agreement shows the Data Processor’s processing of personal data on behalf of the Data Controller and what the Data Processor is responsible for carrying out.
4. Processing of personal data
4.1 Data Processor, and the person or persons working under the Data Processor, is/are only entitled to process personal data provided by the Data Controller in accordance with the Data Controller’s instructions and according to the Service Agreement.
4.2 If the Data Processor does not have the instructions necessary to carry out the assignment under the Service Agreement, the Data Processor shall inform the Data Controller of this.
4.3 The Data Processor shall only process personal data in accordance with the Swedish Personal Data Act and be kept informed of any changes in legislation. The Data Processor shall only process personal data on equipment that is physically located within the EU.
4.4 The Data Controller shall promptly inform the Data Processor of changes in the processing which affect the Data Processor’s obligations.
5.1 It is incumbent upon the Data Processor to take technical and organisational measures to protect personal data processed to a level that is appropriate with regard to the sensitivity of the personal data; the particular risks that exist; existing technical possibilities as well as the costs of implementing the measures. The personal data must be protected against any form of unlawful processing such as alteration, destruction or unauthorised access and dissemination.
5.2 The Data Processor will continuously log system events and communication under this Data Processing Agreement. System and security logs shall have adequate security protection. Logs may be deleted at the earliest one year after the logging event.
5.3 The Data Processor shall be prepared to comply with the Swedish Data Protection Authority’s decisions on measures to meet the Swedish Personal Data Act’s security requirements.
5.4 The Data Processor shall work systematically and continuously with information security.
5.5 The Data Controller is entitled at its own expense, to check that the Data Processor takes the security measures as stated above. The Data Processor shall hereby provide reasonable assistance for such inspection.
6.1 The Data Processor shall replace the Data Controller if the Data Controller incurs injury which can be attributed to the Data Processor’s processing of personal data in contravention of instruction from the Data Controller or the Service Agreement.
6.2 A party’s liability under this Data Processing Agreement is limited in scope and the amount of the liability restriction arising from the Service Agreement.
7. Confidentiality and disclosure of information
7.1 The Data Processor and its personnel, when processing personal data for which the Data Controller is responsible for personal information, shall observe confidentiality, which means that data covered by the Swedish Personal Data Act may not be disclosed.
7.2 The Data Processor may not disclose personal information or other information about the processing of personal data without written instruction from the Data Controller.
7.3 In the event that a third party requests information from the Data Processor concerning the processing of personal data on behalf of the Data Controller, the Data Processor shall refer to the Data Controller.
8. Term of the Agreement
8.1 This Data Processing Agreement is in force as long as the Service Agreement remains in force between the parties and will cease upon termination of the Service Agreement, unless the parties agree otherwise.
9. Termination of processing of personal data
Upon termination of the Data Processor’s processing of personal data on behalf of the Data Controller, all data shall be returned to the Data Controller or destroyed.
10.1 Disputes concerning interpretation or implementation of this Data Processing Agreement shall be settled in accordance with the Service Agreement’s provision on disputes.
10.2 Swedish law shall apply to this Data Processing Agreement.