Information about Asker Technologies
These terms and conditions (“Terms“) are applicable to all services provided by Asker Technologies AB (company registration number 559368-1769) (“Asker Technologies“, “us“, “our” or “we“) to our customers (“you“).
When we refer to the “parties” we mean you and us together.
You may contact us by sending an email to email@example.com (“Contact Information“).
Agreeing to the Terms
By creating an Account and using the Services, you agree to the Terms. If you do not agree to the Terms, you may not create an Account or use the Services.
“Account” means the account that you register and create on the Site.
“Contact Information” means the information set out above.
“Functions” means the Site, your Account and the Services, jointly.
“Services” means the services described under section “Description of the Services” below and which we have made available through the Site together with any such other related services and information made available by us to you.
“Site” means our website relating to the Services.
Description of the Services
Asker Technologies provides services to help companies to conduct science-based and candidate-friendly job interviews. (“Services“). More information about the Services can be found on the Site. To be able to use the Services, adequate internet access is required.
Setting up an Account
To subscribe to the Services, you must create an Account. You confirm that all information provided to us in the creation of your Account is correct and agree to ensure that the information is accurate at all times. We are entitled to decline or adjust an order from you or shut down your Account in the event that you provide us with untrue, inaccurate, not current, or incomplete information when creating your Account.
Once an Account has been successfully created, and payment has been made where prepayment is required, the Services will be available and ready to use or order, as detailed on the Site.
Credentials for your Account must be kept secure at all times. You may only create one Account. You are not allowed to transfer the Account to another person or to share data relating to your Account with any third parties. Should you suspect that your Account or your credentials have been or are being used by a third party you must contact us immediately by using our Contact Information.
Ordering the Services
The Services shall be ordered in accordance with the instructions on the Site.
Your order has been confirmed when we send you an order confirmation through email. When an order confirmation has been sent, you have entered into an agreement with us.
We offer the Services to companies and other legal entities. You warrant that you are authorized to enter into these Terms on the behalf of the legal entity as well as to use all Functions.
These Terms constitute the entire agreement between us in relation to the Services. You warrant that the persons (for example, employees and representatives) you authorize to create an Account and use the Services have read and understand the Terms. You are at all times responsible for the use of the Services under these Terms, including by such persons – as if it was you using the Services.
Use of the Functions
When you use the Functions, you must always comply with all applicable laws, regulations, and public orders. You shall not access the Site other than through interfaces provided by us and as otherwise expressly authorized under these Terms. You may not use the Functions in a manner contrary to our, or any third party’s, rights and interests. You agree to comply with all instructions and recommendations provided by us from time to time.
You are responsible for all activities that occur under your Account.
You also agree not to:
- defame, abuse, harass, threaten or otherwise violate the legal rights of any third party or us;
- publish, post or – in any other way express – any material or information that is inappropriate, defamatory, infringing, obscene, pornographic, racist, terrorist, politically slanted, indecent or unlawful;
- contribute to destructive activities such as dissemination of viruses, spam or any other activity that might harm us and/or the Site in any way;
- monitor the Services’ availability, performance or functionality for any competitive purpose, meaning, for example that you agree not to access the Services for the purpose of developing or operating a competitive product or service or copying the Services’ features or user interface; or
- resell or in any way redistribute results generated on the Site or use the Services in order to create a competing service or product.
We may have to suspend the supply of any of the Functions to:
- deal with technical problems or make minor technical changes; or
- update the Functions to reflect changes in applicable laws or satisfy a regulatory requirement.
We will endeavor to contact you in advance in the event we need to suspend the supply of any Services, but may not be able to if the problem is urgent or an emergency.
Your provision of content
The Site includes functions for uploading and storing files and other information provided or created by you (“Content“). You are responsible for all distribution and other actions taken by you and in your name.
By adding Content to the Site, you warrant that you are a) the owner of the uploaded Content, or, b) entitled to manage the Content in such a way and that the Content or your use of the Content in no way violates any applicable legislation. We will not supervise whether any Content is lawfully uploaded or distributed through the Site.
By adding Content to the Site, you are aware that, depending on the settings of your Account, such Content might be shared with others. We are not liable for any loss of Content, and we advise you to always keep your own backup of your Content. We do not take any responsibility with regards to the validity of Content provided or created by you.
PRICES AND PAYMENT
Payment for the use of the Services is made in advance on an annual basis or other regular time intervals that we inform you about before the purchase.
You shall pay all applicable fees as described on the Site for the Services you have selected. The prices for the Services exclude value added tax (VAT) or other fees and taxes. The price of the Services provided to you will be indicated on the order pages when you placed your order or as otherwise notified by us to you in writing.
We have the right to change the prices for the Services. If we change the prices, we will notify you in advance.
The new prices will take effect from the first day of the next Subscription Period which follows the date when the prices were changed.
By continuing to use the Services after the price change takes effect, you are bound by the new prices. If you oppose the price changes, you must terminate your subscription with us.
You can pay for the Services through any of the payment methods listed on the Site.
For payments made through a third-party supplier, this third-party supplier’s terms and conditions apply. Such terms and conditions can be found on the relevant supplier’s website.
You agree to pay within the set time for the applicable payment method. We have the right to close down your Account until you have paid for all the charges incurred by you. Payment after the due date can entail late payment fees and interest.
Unless otherwise expressly set out in these Terms, we do not provide refunds, right to return for a purchased subscription, credits for any partially used subscription, credits for any unused Account or credits by reason of your dissatisfaction with the Services and/or the Functions.
TERM AND TERMINATION
The agreement is valid from the date you create an Account and continues to be valid during the subscription period (“Subscription Period“). A Subscription Period is 12 months. At the end of each Subscription Period, your subscription will be automatically renewed for another 12-month period.
Your subscription will, however, not be renewed if you terminate it no later than 30 days before the end of your current Subscription Period.
You may terminate your subscription by going to the Site and following the instructions given there or by contacting us via our Contact Information.
Upon termination, your right to access the Services will be revoked. We will also delete or anonymize any personal information about you, with an exception for any personal information that we are required to keep by law.
Obligations arising from any breach of contract during the term of these Terms shall not be affected by the termination.
Termination from our side
We reserve the right to terminate or limit the Services if you:
- materially breach or otherwise violate these Terms or any other provisions set up by us;
- use the Site in any way that does not comply with the intended purposes or is otherwise harmful for us or any third person;
- in our reasonable opinion, use the Site in violation of any applicable law; or
- are late in payment.
Upon the occurrence of any of these events, we may contact you and request that you remedy your breach of these Terms before terminating or limiting the Services.
LIABILITY AND LIMITATION OF LIABILITY
Disclaimer of warranties
Except as expressly provided for in these Terms, the Services and all related components and information are provided on an “as is” and “as available” basis without any warranties of any kind, and we expressly disclaim any and all warranties, whether express or implied, including the implied warranties of merchantability, title, fitness for a particular purpose and non-infringement. You acknowledge that we do not warrant the Services will be uninterrupted, timely, secure or error-free.
Limitation of liability
In no event shall Asker Technologies, its subsidiaries, affiliates or any of their respective employees, officers, directors, agents, partners be liable for:
- loss of contracts;
- loss of reputation and/or goodwill;
- loss of profit, loss of revenue, loss of anticipated savings and/or loss of business; or
- indirect, consequential or special loss, damage or liability even if such loss or damage was reasonably foreseeable, arising out of or in connection with your use of the Functions or the performance of our obligations under these Terms.
Our total liability to you for all other losses arising under or in connection with any contract between us, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall be limited to the total sums paid by you for the Services under the applicable order/contract. We have no liability if you use the Services under a trial period or otherwise free of charge.
We shall not be liable for any loss or damages unless notice in writing summarizing the nature of the damages (in so far as it is known by you) and, as far as is reasonably practicable, the amount of damages claimed, has been provided to us within 3 months of you becoming aware of the loss or, if earlier, within 6 months from when the loss occurring.
You agree to defend, indemnify and hold harmless Asker Technologies, its subsidiaries and affiliates and their respective directors, officers, employees and agents from and against all claims and expenses, including legal fees, arising out of or related to:
- any Content submitted or posted by you in connection with the Servicesor on the Site;
- fraud you commit or your intentional misconduct or gross negligence in connection with the Services; or
- your violation of any applicable law or rights of a third party.
Defects and delays beyond our control (force majeure)
We are not responsible for delays and defects outside our control. If our suppliers are delayed by an event outside our control, then we will contact you as soon as possible to let you know and we will take steps to minimise the effect of the delay. Provided that we do this we will not be liable for defects and delays caused by the event, but if there is a risk of substantial defect or delay you may contact us to end the agreement and receive a refund for any Services you have paid for but not received.
During the term of these Terms and thereafter, the parties undertake not to disclose to any third party information regarding these Terms, nor any other information that the parties have learned as a result of these Terms, whether written or oral and irrespective of form (“Confidential Information“).
The parties agree and acknowledge that the Confidential Information may be used solely for the fulfillment of the obligations under these Terms and not for any other purpose. The receiving party further agrees to use, and cause its directors, officers, employees, sub-contractors or other intermediaries to use, the same degree of care (but not less than reasonable care) to avoid disclosure or use of Confidential Information.
The confidentiality undertaking above shall not apply to any Confidential Information that the receiving party can establish is or becomes available to the public (otherwise than by breach of these Terms or any other confidentiality undertaking).
The parties also undertake to ensure that any information disclosed under this section, to the extent possible, shall be treated confidentially by anyone receiving such information. This confidentiality undertaking shall remain in force 3 years after the termination of the Services.
CHANGES AND ADDITIONS
We may modify these Terms at any time. For agreements that are in effect at the time these Terms are modified, any changes or additions to PRICES AND PAYMENT will take effect from the first day of the next Subscription Period which follows the date when the modification were made. In the event of changes which are not minor and may affect you, you will be notified via email. You are responsible for keeping yourself informed of any changes to the Terms. The latest version of the Terms will be available on the Site. Amendments to the Terms become effective the business day following the day they are posted.
All new functionalities, features and content introduced and added to the Services or the Site will be subject to what is stipulated in the Terms.
COMPLAINTS AND CUSTOMER SUPPORT
If you have any complaints, you may contact our support department by using our Contact Information.
PERSONAL DATA AND PRIVACY
You acknowledge that you are the data controller for any personal data processed by us on your behalf in conjunction with your use of the Services. You also acknowledge that we are considered as your data processor. Therefore, you agree to enter into a separate data processing agreement with us.
PROPERTY AND INTELLECTUAL PROPERTY RIGHTS
The Site is owned and operated by Asker Technologies. All copyrights, trademarks, trade names, logos and other intellectual or industrial property rights held and used by us as well as those presented in the Functions (including titles, graphics, icons, scripts, source codes, etc.) are our property or third party licensors’ property and must not be reproduced, distributed, sold, used, modified, copied, limited or used (in whole or in part) without our prior written consent.
Asker Technologies grants you a non-exclusive right and licence to use the Site and the Services for the sole purpose of us providing the Site and the Services to you. Upon expiry or termination of this agreement, this right and licence shall end.
Respect for our property
You must not tamper with, attempt to gain unauthorized access to, modify, hack, repair or otherwise adjust any of our material, hardware, source codes or information for any purposes.
Respect for our intellectual property
The Services and other information, including all associated intellectual property rights, provided and made available by us, remain our exclusive property. You may not use our exclusive property for commercial or any other purposes without our prior written consent.
You may not assign any of your rights or obligations under the Terms to any third party without our prior written consent.
We may assign the Terms, and we may assign, transfer or subcontract any of our rights or obligations under the Terms, to any third party without your prior consent.
APPLICABLE LAW AND DISPUTES
Swedish law shall apply to these Terms.
Any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (“SCC“). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be English, unless otherwise is agreed between the parties. The SCC shall appoint the arbitrator(s).
Asker Technologies AB is an entity registered in Sverige with its address at Fleminggatan 85, 11245 Stockholm.
DATA PROCESSING AGREEMENT
This Data Processing Agreement with appendices (the “Agreement“) has been entered between:
You (“Controller“); and
Asker Technologies AB, Reg. No. 559368-1769 (“Processor“),
The parties are jointly referred to as the “Parties“, each being a “Party“.
The Agreement refers to the Personal Data Processed under the Asker Technologies ABs Terms of Service entered into by the Parties regarding services to help companies to conduct science-based and candidate-friendly job interviews. (The “Terms“), as a result of which the Processor processes personal data on behalf of the Controller.
In the event of any conflict with the Terms, this Agreement shall prevail.
The agreement contains the following appendices:
- Appendix 1 – List of sub-processors
- Appendix 2 – Technical and organizational security measures
- Appendix 3 – Contact details
The terms used in this Agreement shall have the same meaning as ascribed to them in Article 4 of the GDPR.
“Applicable Law” refers to the legislation applicable to the processing of Personal data under the Agreement, including the GDPR, supplementary national legislation, as well as practices, guidelines and recommendations issued by a Supervisory Authority.
“Controller” means the company/organization that decides for what purposes and in what way Personal data is to be processed and is responsible for the processing of Personal data in accordance with applicable data protection legislation.
“GDPR” refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and movement of such data, and repealing Directive 95/46/EC.
“Data Subject” means the natural person whose Personal data is processed.
“Personal Data” means any kind of information that can be derived from an identifiable natural person (in the Agreement, “Personal data” is used synonymously with “personal data for which the Controller is responsible and that is processed by the Processor on behalf of the Controller”).
“Processing” means any operation or set of operations that is performed on Personal data, e.g. storage, modification, reading, handover and similar.
“Processor” means the company/organization that processes Personal data on behalf of the controller and can therefore only process the Personal data according to the instructions of the controller and Applicable law.
“Supervisory Authority” means Swedish or EU authority, such as the Swedish Authority for Privacy Protection, or another supervisory authority that on the basis of law has the authority to conduct supervisory activities over the Controllers operation.
Unless otherwise defined herein, all capitalized terms (definitions) used in this Agreement shall have the same meaning as ascribed to them in the Terms.
This Agreement concerns the processing of Personal Data that the Processor performs on behalf of the Controller. It has been drawn up to meet the requirements set out in Article 28 (3) of the protection of natural persons with regard to the processing of personal data and the free movement of such data, and to repealing Directive 95/46/EC (“GDPR“). According to this provision, the Processing of Personal Data by the Processor on behalf of the Controller shall be governed by a contract.
4. DESCRIPTION OF PROCESSING
4.1 Categories of Data Subjects
The Controller directs the Processor to process data that identifies the Controllers’:
- Potential employees
4.2 Categories of Personal Data
- Contact information
- Interview data
The processor is processing Personal Data that:
- The Controller’s employees enter in the Service
- The Controller collects from the data subject
4.4 The purpose of the processing of Personal Data (the Purpose”)
- Enable for the Controller to conduct science-based and candidate-friendly job interviews with potential employees through our platform
4.5 Processing of Personal data
- Analysis anonymously
5. SPECIFIC UNDERTAKING OF THE PROCESSOR
5.1 The Processor undertakes to consider and observe the principles for processing Personal Data set out in Article 5 of the GDPR in connection with each and every Processing.
5.2 By entering into this Agreement, the Processor guarantees that the Controller does not need to take any additional measures to ensure that the Processor meets the requirements for expertise, reliability and resources to carry out the technical and organizational measures required by Applicable law.
5.3 The Processor undertakes to only process Personal Data in accordance with the Agreement, the purposes set out in the Terms, the Controller’s documented instructions and Applicable Law.
5.4 Upon the Controller’s request, the Processor shall a) (by using the appropriate technical and organizational measures) assist the Controller in its duty to respond to the request for the exercise of the rights of Data Subjects and b) with regards to the type of processing and available information, carry out Data Protection Impact Assessments (DPIA) and participate in consultations with Supervisory Authorities in accordance with Applicable Law.
5.5 If the Processor violates Applicable Law by independently determining the purposes and means of the Processing (e.g. processing the Personal Data for purposes other than the Purpose), the Processor shall be regarded as the controller for the new Processing. To clarify, any new Processing shall not affect the Processing made in accordance with this Agreement.
5.6 If there is a conflict between the Controller’s instructions and Applicable law, the Processor has the right to refrain from complying with such instructions. The Processor shall inform the Controller immediately if it considers that the instructions provided by the Controller are incomplete, inadequate or incorrect.
6. SPECIFIC UNDERTAKINGS OF THE CONTROLLER
6.1 The Controller determines the purpose and means for the Processing of the Personal data. The Controller has full ownership and formal control of the Personal Data Processed by the Processor.
6.2 The Controller is responsible to the Data Subject for the Processing of the Personal data.
6.3 The Controller is responsible for ensuring that the Personal Data is accurate and up to date.
7. PERSONAL DATA BREACH
7.1 In the event of a situation leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed (“Personal Data Breach“), the Processor shall, without undue delay, and no later than eight (8) hours after having become aware of the Personal Data Breach, notify the Controller by sending a written notice to the address provided in appendix 3. The information shall, to the extent that it is available to the Processor, contain the following at least:
- 7.1.1 A description of the circumstances surrounding the Personal Data Breach
- 7.1.2 A description of the nature of the Personal Data Breach, and, if possible, the categories and approximate number of Data Subjects affected and the categories and approximate number of Personal Data concerned
- 7.1.3 A description of the likely consequences of the Personal Data Breach
- 7.1.4 A description of the measures taken or proposed to address the Personal Data Breach, and, where appropriate, measures to mitigate its potential adverse effects
- 7.1.5 Contact information to the Data Protection Officer or other contact person who can provide more information to the Controller
7.2 If it is not possible for the Processor to provide all the information at once, the information may be provided in installments without undue delay.
8. AUDIT RIGHTS
8.1 Upon the Controller’s request, the Processor shall give access to all information necessary to show that the Processor’s obligations under Applicable Law and this Agreement have been fulfilled.
8.2 If the information provided in accordance with the previous paragraph cannot reasonably demonstrate that the Processor’s obligations under Applicable law have been fulfilled, the Controller is entitled to carry out physical audits.
8.3 The Processor shall enable and contribute to audits and inspections carried out by the Controller or by an impartial third party appointed by the Controller. The Controller shall notify the Processor in writing of the planned audit at least ten (10) business days in advance.
8.4 The audit shall be carried out:
- during normal business hours,
- after the Controller has ensured that the person conducting the review is subject to a confidentiality agreement appropriate in relation to the Personal Data and information to be reviewed; and
- on accordance with the Processor’s internal policies and security procedures.
8.5 Each party is responsible for its own costs incurred in connection with an audit performed.
8.6 In the event of any additional audits within one (1) year of a performed audit, the Controller shall be responsible for all costs incurred as a result of such audit(s).
9.1 The Processor may not appoint a sub-processor without first informing the Controller. Accordingly, the Processor shall inform the Controller if it intends to appoint a sub-processor (or replace an existing sub-processor) at least five (5) business days in advance.
9.2 If there is a reasonable reason for the Controller to object to the appointment of a sub-processor the parties shall endeavour to find a suitable alternative. Should the parties fail to find a suitable alternative, the Controller has the right to terminate this Agreement and the Terms.
9.3 When engaging a sub-processor, the Processor shall ensure that the sub-processor comply with the Processor’s obligations in the Agreement by entering into a contract or other legal act (the “Sub-processor agreement“). The foregoing shall be particularly observed in respect of the Processor’s obligation to provide sufficient guarantees regarding implementing appropriate technical and organizational measures as required to comply with Applicable Law.
9.4 The Controller is always entitled to a copy of the Sub-processor agreement (strictly commercial information may be edited).
9.5 The Processor must keep an updated record of the sub-processors. The record shall be made available to the Controller upon request.
9.6 Processor shall be exclusively responsible towards the Controller if the sub-processor fails to, or omits from, fulfilling its obligations under the Sub-processor agreement.
10. RECORD OF PROCESSING AND DATA PROTECTION OFFICER
10.1 The Processor undertakes to keep a written record of the processing of Personal Data according to Article 30 (2) of the GDPR. The record shall be available to the Controller upon request.
10.2 If the Processing or the nature of the Controller’s business requires the Controller to appoint a Data Protection Officer in accordance with Article 37 of the GDPR, the Data Protection Officer’s contact details shall be included in the appendix 3.
11. CONTACT WITH SUPERVISORY AUTHORITY AND THE DATA SUBJECT
11.1 The Processor shall promptly inform the Controller of all contact it may have with the Data Subject, a Supervisory authority or any other third party concerning the Personal Data that the Processor is Processing.
11.2 In the event a Data Subject makes a request to the Processor regarding his / her rights in respect of the Processing, the Processor shall refer the Data Subject to the Controller.
11.3 The Processor shall allow any inspections that the Supervisory Authority may require to perform in accordance with Applicable law.
11.4 The Processor is not entitled to represent the Controller or otherwise act on behalf of the Controller in respect of the Data Subject, a Supervisory Authority or any other third party.
12. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
12.1 The Processor shall take the appropriate organizational and technical security measures to protectensure that the Personal Data included in the scope of this Agreement is protected against any unauthorized or illegal access. This includes ensuring the adequate capacity, technical solutions, skills, financial and human resources, procedures and methods.
12.2 The appropiateness of the technical and organizational security measures shall be assessed taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of the Processing as well as the risks (of varying likelihood and severity) for rights and freedoms of natural persons posed by the Processing.
12.3 If the Controller assesses that the Processing operation is of high risk to the rights and freedoms of the Data subject and conducts a DPIA, the Controller shall share the results of the DPIA with the Processor to ensure that this can be taken into account in when determining what constitutes appropriate security measures.
12.4 The Processor must comply with any decisions and consultation opinions that the Supervisory Authority announces regarding measures for complying with the security requirements and all other requirements relating to the Processor under Applicable Law.
12.5 The Processor shall ensure that employees (of the Processor or their sub-contractors) are only allowed access to Personal Data to that extent necessary and that those who have access to Personal data have undertaken to respect the confidentiality of such information (e.g. by signing an individual non-disclosure agreement).
12.6 Only persons employed/engaged as consultants by the Processor and who have been deemed to have the adequate level of knowledge of the nature and extent of the Processing of Personal Data may process the Personal Data.
12.7 Computer equipment, storage media and other equipment used in the Processing of Personal data carried out by the Processor must be kept where/or in such a manner that no unauthorized persons can access them.
12.8 The security at the Processor’s facilities where Personal Data is Processed must be appropriate and secure in regards of locking equipment, functioning alarm equipment, protection against fire, water and burglary, protection against power outages and power disturbances. The equipment used to process Personal Data must have good protection against theft and events that may destroy the equipment and/or Personal Data.
13. CONTROL OVER THE PERSONAL DATA
13.1 The Processor shall ensure that Personal Data Processed is not accidentally or unlawfully destroyed, altered or corrupted. All Personal Data shall be protected against any unauthorized access during storage, transfer and other Processing.
13.2 No Personal Data may be provided to the Controller before the identity of the recipient has been duly verified.
14. TRANSFER OF DATA OUTSIDE THE EU/EEA
In the event that the Processor transfers Personal data outside the EU/EEA, the Processor ensures that the level of protection is adequate and in accordance with Applicable Law by controlling that at least one of the following requirements are fulfilled:
- The EU Commission has determined that the level of protection is adequate in the third country where the data is Processed
- The Processor has signed up to the EU Commission’s standard contract clauses (SCCs) for data transfer to non-EU/EEA countries.
- The Processor has taken other appropriate safeguards prior to the transfer and such safeguards comply with Applicable Law.
15.1 No Party is liable for any delay or failure to perform due to extraordinary circumstances beyond the control of the Party, which the Party could not reasonably expect and which consequences the Party could not reasonably have avoided or overcome.
15.2 The Processor is liable for direct damages that arise as a result of the Processor having Processed Personal Data in violation of the Controller’s instructions in accordance with the Agreement and Applicable law.
15.3 The Processor liability for direct damages be limited to 50 000 SEK. The Controller is not entitled to any compensation for damages related to any Processing that has been approved by, or performed in accordance with the instructions of, the Controller.
15.4 The Processor is not obligated to pay the costs of the Controller’s agent.
15.5 In no event shall the Processor be liable for any indirect or consequential damages such as lost revenue or profits, contracts, customers or business opportunities, loss of goodwill, or expected savings.
16.1 The Processor may not use information or other material to which it is granted access in connection with entering into this Agreement or the Terms for any other purpose than fulfilling its obligations under this Agreement or the Terms.
16.2 The Processor may not disclose information to third parties or any other unauthorized persons about the Processing of Personal data or the content of Personal Data covered by this Agreement or other information to which the Processor has been granted access as a result of, or in connection with entering into, this Agreement. This undertaking does not apply to information that the Processor is required to disclose under mandatory law.
16.3 This confidentiality undertaking is valid from the date this Agreement has been duly signed by both parties and for an indefinite period in time thereafter. The Processor shall ensure that this confidentiality undertaking applies to all employees and other persons working with or on behalf of the Processor and who are authorized to process Personal Data.
17. TERM AND TERMINATION
17.1 The Agreement is valid and in force from the date that the Processor first processes Personal Data on behalf of the Controller to the date when it ceases such Processing or until this Agreement is replaced by another Data Processing Agreement.
17.2 The obligations of the Processor under the Agreement shall continue to apply, regardless of whether the Agreement has been replaced, as long as the Processor processes Personal Data on behalf of the Controller.
18. ERASURE AND RETURNING OF PERSONAL DATA
18.1 Upon the termination of the Agreement, the Processor and any sub-processor shall, at the request of the Controller, either erase or return the Personal Data processed within the scope of this Agreement.
19. GOVERNING LAW AND DISPUTES
19.1 Swedish law shall apply to this Agreement.
19.2 The provision regarding disputes set out in the Terms will also apply to the Agreement.
APPENDIX 1 – EXISTING AND APPROVED SUB-PROCESSORS
Name: Blue Safespring AB
Service: Cloud Infrastructure
Data processed: All information that is entered in the platform, for example, name, email, and phone number.
Security measures: The personal data is processed in Sweden.
Name: Elasticsearch B.V.
Service: Application Performance Monitoring
Data processed: IP address and device information.
Security measures: The personal data is processed in the EU.
Name: OpenAI, L.L.C.
Service: AI-based functions in Asker to generate interview questions from job descriptions, transcripts, and summaries after an interview.
Data processed: Data varies depending on the content in the transcript.
Security measures: Standard Contractual Clauses. No data is used to train the AI model and only diagnostic/technical data is stored in 30 days.
APPENDIX 2 – TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
The Processor has taken technical and organizational measures to ensure that Personal Data is processed securely and protected from loss, misuse and unauthorized access.
Technical security measures are measures implemented through technical solutions.
- Access control level
- Access log
- Secure network
- Regular security inspection
- Two-step verification
Organizational security measures are measures that are implemented in work processes and routines within the organization.
- Internal governance document (policies/instructions)
- Login and password management
- Physical security (premises etc.)
APPENDIX 3 – CONTACT DETAILS
E-mail address: firstname.lastname@example.org