Privacy notice & Terms of Service

Privacy notice

Introduction
Processing in SWESTEP
Processing outside of SWESTEP
What are your rights?
Contact information

Your integrity matters to us.

At SWESTEP AB (SWESTEP) we process personal data daily, for our own business purposes, on behalf of our customers and ultimately for you. This privacy notice details how SWESTEP is processing personal data relating to customers and prospects, as well as how personal data is being processed within SWESTEP. Every document signed with SWESTEP services includes information about the individuals sending, receiving and signing it and as long as the data resides with us, it is our job to protect it from unlawful access and use.

What is personal data?

The GDPR (General Data Protection Regulation, regulation (EU) 2016/679) defines personal data as “any information relating to an identified or identifiable natural person”. The natural person, such as yourself, is referred to as a “data subject” and you may be identified (or are identifiable) via information like your name, your personal identification number, but also via e.g. an IP-address, genetic data etc.

“Sensitive personal data” are by their nature, particularly sensitive for you. It requires specific protection to avoid significant risks to your fundamental rights and freedoms. This includes, among other things, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs.

Data protection law.

As a Swedish company, SWESTEP is governed by the laws of Sweden which, as from May 25th 2018 includes the GDPR.

The GDPR describes how organisations, such as SWESTEP, must “process” (collect, handle and store) personal data. Rules on data protection apply regardless of whether personal data is stored electronically, on paper or on other materials. Organisations that process your personal data are obliged to do that in accordance with strict regulations. Similar regulations have been in force even prior the GDPR, but now the law, and the serious economic consequences of not adhering to the law, are the same for the whole of the EU. An organization that determines the purposes of the processing is called “controller“, whereas an organization that the controller has engaged to assist in the processing is called a “processor”.

Processing in SWESTEP

What roles do SWESTEP have?

SWESTEP offers the SWESTEP service though different business models, and the responsibility for the processing of personal data depends to some extent on how the services are provided, and to whom. SWESTEP’s responsibility for the different categories of data subjects that may take part in an electronic signature process within SWESTEP (“SWESTEP workflow”) is as described below:

(i) SWESTEP Users: representatives of SWESTEP customers with an individual admin or user account registered in SWESTEP subject to a valid license agreement between SWESTEP and the SWESTEP customer.

SWESTEP Users may initiate SWESTEP workflows, receive invitations to take part in SWESTEP workflows initiated by a third party, and retain their signed documents and templates in their e-archive within SWESTEP.

SWESTEP may contact SWESTEP Users through SWESTEP or through a representative, via phone or email in order to give updates on our products, services or concerning other account related issues.

SWESTEP is a processor on behalf of SWESTEP’s customers. The legal basis to process personal data of SWESTEP Users is the necessity to provide the services under the SWESTEP License Agreement between SWESTEP and the SWESTEP customer.

We may also use personal data of SWESTEP Users for marketing and sales purposes. SWESTEP may contact SWESTEP Users through SWESTEP or through a sales representative of SWESTEP, via phone or email in order to give you updates on other products or other materials SWESTEP deems may be interesting to you. When we process personal data for marketing and sales purposes we make a legitimate interest assessment, by taking into consideration our existing relationship with you, whether it would be reasonably expected by you that the processing takes place and whether we can fulfil the same business outcome without processing personal data. We do not process personal data for marketing and sales purposes that do not pass this criteria.

(ii) Representatives of SWESTEP resellers’ customers: representatives of SWESTEP resellers’ customers with an individual admin or user account registered in SWESTEP subject to a valid sub-license agreement with an authorized reseller of SWESTEP.

Representatives of SWESTEP resellers’ customers may initiate SWESTEP workflows, receive invitations to take part in SWESTEP workflows initiated by a third party, and retain their documents in their e-archive within SWESTEP.

SWESTEP is a subprocessor of the SWESTEP reseller who in turn processes personal data on behalf of their customer. SWESTEP may contact representatives of SWESTEP resellers’ customers through SWESTEP or through a representative, via phone or email in order to give updates on our products, services or concerning other account related issues.

The legal basis to process SWESTEP reseller customer representatives’ personal data is to provide the services under the SWESTEP Sub-License Agreement between us and the reseller.

(iii) Private account holders: individuals that have opted in for a limited, cost-free account in SWESTEP.

When a private account holder signs a document in SWESTEP, this will be retained within that party’s own e-archive within SWESTEP.

Private account holders may only initiate SWESTEP workflows through SWESTEP subject to such restrictions for cost-free accounts as SWESTEP maintains from time to time.

For private account holders, SWESTEP primarily acts as a controller due to the service being provided cost-free and that SWESTEP may single handedly re-determine the terms for the free account, or withdraw the same at any time. Thus, SWESTEP reserves the right to terminate the account of an inactive private account holder. In case of such termination, SWESTEP will provide due pre-warning to the email registered in the account and enable the private account holder to offboard the contents or their account prior to final deletion thereof.

The legal basis to process SWESTEP Private account holders’ personal data is to provide the services under the Terms of Service that the private account holder agreed to before creating a SWESTEP account.

(iv) External SWESTEP users: individuals that have received an invitation message to review or sign a document made available through SWESTEP, and that have no account of their own within SWESTEP. (An external SWESTEP user may opt in to become a private account holder in SWESTEP.)

External SWESTEP users only take part in a SWESTEP workflow when so invited.

SWESTEP remains a processor, or subprocessor, on behalf of the customer that initiated the specific electronic signature process.

The legal basis to process External SWESTEP users’ personal data is to provide the services under the SWESTEP License Agreement between SWESTEP and the controller.

N.b. should SWESTEP itself be the initiator of the SWESTEP workflow, then SWESTEP is the controller, in which case the legal basis is the necessity for the performance of a contract between us and the recipient of the SWESTEP workflow.

Is my data secure with SWESTEP?

Security is a core value of SWESTEP. Ensuring the security of customer and company data is important as our customers, employees and partners hold us in a position of trust with their confidential data. SWESTEP applies the principles of Privacy by design and Privacy by default in developing, maintaining and providing the SWESTEP service, as well as in the handling of personal data for other purposes.

To this end SWESTEP has implemented information security management and data protection policies covering i.a. acceptable use, access control, operations, technology, applications, data management, business continuity and physical security. The rules and controls within these policies are considered the security baseline for information assets owned/controlled or otherwise processed by SWESTEP. Such policy documentation may be provided upon request.

The policies and processes relating to information security are subject to at least yearly management reviews.

What security measures has SWESTEP implemented?

SWESTEP continuously educates staff on security. 2FA login, VPN, individual accounts, and activity logging are implemented as appropriate for employees with access to SWESTEP’s infrastructure and for employees with customer support tasks in the system. Access to systems is given to employees on a need-to-have basis and is governed by an approval process. Testing and production environments are separated, and data is never transferred between them.

For the actual servers, SWESTEP has firewalls, anti-virus and encrypted communication where feasible and reasonable. All documents are individually encrypted with keys stored in a different geographical site from the documents and the key storage itself is also encrypted. The security of the system as a whole is regularly tested by means of penetration tests performed by a third party.

The data centers used by SWESTEP have appropriate levels of security and are certified with ISO-27001, amongst other standards.

How is personal data processed within SWESTEP?

When SWESTEP acts as the processor (or subprocessor) on behalf of a customer using the service, the customer is responsible for the processing of your personal data and the legal basis of processing.

If you have an individual account with SWESTEP, SWESTEP is processing the following personal data in relation to you:

Name and email (mandatory)
mobile phone number
ID number
position with your employer
user language (as setting in SWESTEP)
company details (name, address, organization number and country)

This information is necessary for us to process for the purpose of performance of the contract with you/the company you represent. Without this information we will not be able to provide the Service to you. We keep this data for the duration of our agreement with you/your employer and for up to 10 days thereafter.

Regardless what data subject category you belong to SWESTEP processes the following information regarding you:

your communication and behaviour in SWESTEP, for example IP-addresses, language settings and digital fingerprints that can strengthen the legal position of the parties to a document in a SWESTEP workflow;
your usage of the service (including user statistics such as number of documents sent/signed by you);
your interactions with us, including emails and support tickets

This information is necessary for us to process for the performance of the contract with you/the company you represent and to provide you with support in relation to our service. We keep this data for as long as you/the company you represent retain your documents within the e-archive of SWESTEP. However, we also process some of your interactions with us due to our legitimate interest of being able to understand how you use the service in order to improve the service for the benefit of all our customers.

For further details about data handling within SWESTEP, please refer to the SWESTEP Terms of Service.

Third country transfers

SWESTEP does not transfer personal data outside of the EU/EEA within the context of providing our service, and all our processors are located within the EU/EEA.

However, through the SWESTEP workflow, you and your counterparts may in each separate case access the processed document remotely (via internet) from anywhere. SWESTEP has no way of knowing where the recipient of the email and/or SMS notifications (invitations, reminders, confirmations) sent through SWESTEP will be located geographically, some recipients may therefore be located in a region outside of the EU/EEA. Therefore, such transfer of personal data to third countries is necessary for the performance or conclusion of a contract (signing a document electronically) in the interest of a data subject or that a data subject is a party to.

PROCESSING ACTIVITIES

Processing outside of SWESTEP Service

How does SWESTEP process personal data outside of SWESTEP Service?

SWESTEP is processing personal data outside of SWESTEP Service as described below:

Processing for invoicing and payment purposes

SWESTEP processes the following information regarding you:

Information related to invoices, such as name, billing address and similar.

This information is necessary for us to process due to legal requirements, such as book-keeping/financial laws that SWESTEP is subject to. This information is kept for as long as the law requires.

Processing for marketing purposes

Based on our legitimate interest to market our products and services, SWESTEP seeks out new potential customers through various public and commercial sources such as for example LinkedIn and similar. SWESTEP may also collect information directly from you from events, fairs or our website using cookies or forms based on your consent. The information that SWESTEP collects for marketing purposes are:

Name, title, company affiliation
Email
Phone number
Number of employees
Industry
Turnover
Information collected through cookies (Cookie Declaration)

We keep such information for eighteen months unless you before that time becomes a customer, qualify as an opportunity or subscribe to information of SWESTEP.

You can at all times ask us to stop processing your personal data that we received your consent about by reaching out to us.

Processing for customer support purposes

When you contact SWESTEP for support request in any form (for example by submitting an online form, email etc.), either as an existing customer or as a non-customer, we process any data you provide to us to assist you with your request or to refer you to the relevant department at SWESTEP. We may contact you multiple times in relation to your request. The legal basis for such processing is either the contract between SWESTEP and you/the company you represent or your consent.

We may also process some of your interactions with us due to our legitimate interest of being able to understand how you use the service in order to improve the service for the benefit of all our customers.

Processing of information provided to us for recruitment purposes

SWESTEP will process the information you provide to us for a job application, for recruitment purposes during the specific recruitment process and within a year from the end of such recruitment process.

SWESTEP will also process the information you send in any open applications via the links provided on our website for recruitment purposes in relation to any relevant positions for one year from the submission of your application.

Both types of applications will be processed via a candidate profile which brings together the information you provided. Your candidate profile may be of interest for SWESTEP in other recruitment processes, which means that if your candidate profile matches other vacant positions than the position you have applied for we may contact you to see if you find interest in other recruitment processes.

The legal basis for processing information provided in both types of applications is your consent.

Third country transfers

Some of the service providers that SWESTEP utilises for marketing purposes keep their data located outside of the EU/EEA. When personal data is transferred to these service providers, SWESTEP always ensures that the personal data is protected through transfer mechanism deemed appropriate in accordance with the GDPR.

Sharing your personal data

SWESTEP does not share your personal data except, in the following cases:

To others in the SWESTEP workflow

Irrespective of if you are a sender or receiver of a document in a SWESTEP workflow, you and the other party/-ies invited to that workflow receives information on the other party/-ies taking part in that workflow. Such information is necessary for the execution of the workflow, to identify/authenticate the individuals taking part in accordance with the methods as configured in the SWESTEP service by the sender, and to enable SWESTEP to produce the evidence package (including a transaction log) that is attached to each document signed through SWESTEP. Thus, such information typically includes names, emails, mobile phone numbers, title, company details and IP-addresses. In addition, this may also include drawn signature (added by a party), evidence of eID authentication (including inter alia ID number or similar) when and as required for a stronger authentication.

To service providers

In order to be able to provide the services or support services, conduct marketing or keep our financials, SWESTEP employs several service providers, such as for example hosting partners and system providers.

These service providers may only process your personal data on behalf of us and in accordance with our agreement with them, and never for their own purposes. SWESTEP ensures that all its service providers are bound by confidentiality terms and sign a non-confidentiality agreement (NDA) regarding information received from SWESTEP. SWESTEP enters into Data Processing Agreements (DPA) with all its service providers and conducts Data Protection Impact Assessment (DPIA) if the processing activity poses risk to the rights and freedoms of data subjects.

Use of cookies on SWESTEP.com website

A cookie is a small text file that a website saves on a user’s computer. The text file contains data the website may use when the visitor returns to the website. SWESTEP.com may use cookies to collect and use data from its visitors in the manners explained below.

On the public part of SWESTEP.com domain SWESTEP may gather:

Information about the visit (page views, time, IP, browser, referring URL etc.)

Information provided by the user in any of the website’s forms

Such data may be used by SWESTEP:

For website statistics

To personalise the website when a visitor returns (e.g. language preference, customisations)

For marketing purposes (e.g. retargeting ads, email campaigns)

When you enter SWESTEP.com website, you have the option to read our Cookie Declaration and adjust your cookie preferences.

How to further restrict/block use of cookies:

If you do not wish SWESTEP.com, or one of the services we use, to collect information about your visit you may enable the “Block cookies from third parties and advertisers” option in your web browser settings. This will still allow some “non-tracking” cookies to be stored on your computer, such as language preferences. You may also disable cookies altogether in your browser settings. This will, however, limit your web browsing experience and even stop some web services from working, including SWESTEP eSign.

DATA SUBJECT RIGHTS

What are your rights?

The GDPR provides the data subject certain rights with regards to your personal data.

Thus, you may make a request to the controller for:

access; i.e. a confirmation as to whether or not your personal data are being processed and, when that is the case, the provision of certain information about the processing

rectification of personal data
erasure of personal data (“right to be forgotten”)
restriction of processing
data portability
object to processing
withdrawal of consent

This is called a data subject rights (DSR) request. The controller is obliged to respond to a DSR-request as soon as possible and no later than within 30 days. If SWESTEP is the controller of personal data, the DSR requests to SWESTEP should be made by email, addressed to the Data Protection Officer at privacy@swestep.com.

Please note that in case you want to make a DSR-request, this must be directed to the controller and that SWESTEP cannot accommodate such a request where SWESTEP is the processor, or subprocessor.

CONTACT INFORMATION

Contact and questions

SWESTEP AB, org no 556898-9825, with registered address at Lillvägen 4, 59241 Vadstena, is responsible for the processing as described in this policy.

If you have any questions regarding how SWESTEP is processing your personal data, how functions within SWESTEP eSign can be used for different purposes in this regard, or would like to come in contact with our Data Protection Officer, do not hesitate to contact us at privacy@swestep.com.

Terms of Service

These terms of service (“Terms”) apply to the use of the electronic service (”Service” or “SWESTEP Access”) for accessing documents by different parties (either as a private person or as representative of a legal person) (“Parties”) developed and provided to you (“You” or “User”) by SWESTEP AB (“SWESTEP”). The Terms are an agreement between you (“You” or “User”) and SWESTEP. By using, creating an account and/or by logging into the Service (whether directly or indirectly), You accept and agree to the Terms. SWESTEP reserves the right to, without liability, at any time, amend, add or remove parts of these Terms. It is Your own responsibility to stay informed of any update of the Terms each time You use the Service. Your continued use of the Service after changes have been made in the Terms means that You accept and agree to those changes. You understand and agree that as a User of the Service You remain bound by and shall adhere to the Terms even though You may be contractually licensed to use the Service under any separate confirmed order or license agreement by and between the legal entity You represent (“Your Company”) and SWESTEP.

User accounts

You are responsible for maintaining the confidentiality of, and protecting Your account information, including passwords. You are responsible for all activity on Your account. You shall immediately notify SWESTEP on suspicion of unauthorised use or attempted unauthorised use of Your account or Your code, or other security breach.

General Account Terms: You agree that You will provide accurate, current and complete information about Yourself within any account information registered in the Service. You shall keep all your account information accurately updated by following the procedures provided by the Service. You may not use any automated device, program, algorithm, method, or any similar manual process, to access, acquire, copy, probe, load-test, index, manipulate, test or monitor any portion of the Service or any content, or to in any way reproduce or circumvent the Service’s structure or presentation, or to attempt to obtain any materials, documents or information through any means other than the infrastructure created and/or made available by SWESTEP to that end. You agree that You will not perform any action that exposes the Service’s infrastructure, or subject any systems or networks that are part of or affiliated with the Service, to an excessive burden.
User Content: You agree that You will not use the Service for illegal purposes. This includes disrupting the Service, disseminating content that violates privacy, copyright or proprietary right of any third-party, or using the Service for any purposes that are or may be perceived as illegal, obscene, unethical, abusive, libellous, threatening, vulgar or otherwise reprehensible. SWESTEP is not liable for the removal of any such content, or for any failure or delay in removing such content. SWESTEP has the right to, at any time, delete, reject and litigate against User and User content if SWESTEP deems it to violate the Terms or otherwise violate any applicable laws and regulations. You are fully responsible for the contents of Your account and any transactions made with Your account through the Service.
Normal usage: Restrictions for normal use apply as per the price plans published on www.swestep.com, except in the event You/Your Company has a separate valid license agreement with SWESTEP – or with an authorised reseller of the Service (“Reseller”) – which includes price plans with other conditions about normal use. Fees for exceeding use (if any) are charged monthly in accordance with the applicable price plan.
Suspension of Service or termination: You agree that SWESTEP at any time, without notice, may freeze Your account in the Service or otherwise stop Your access to the Service for (1) alleged breach of the Terms, (2) our attempts to address safety in the software or to protect the contents, (3) modification of the Service, (4) unexpected operational interruptions or problems, (5) delayed payment, (6) malicious breach of any applicable limits of normal usage (7) explicit action requested from any legal authority or other government authorities. You agree that SWESTEP also is entitled to, with a week’s notice, terminate Your account for (1) clear violations of the Terms, or (2) explicit action request from any legal authority or other government authorities. SWESTEP will not be liable to You or any third-party due to your account in the Service being frozen or terminated in accordance herewith.
Usage through a Free Account: If You are subscribing to a Free Account with SWESTEP, You agree to be required to log in to your account at least once every twelve (12) months to be considered by SWESTEP to maintain a valid subscription to the Service. SWESTEP reserves the right to, without liability to You or Your Company, terminate Your Free Account and permanently delete all contents therein in case You fail to log in to Your account within such interval. SWESTEP nevertheless undertakes to, prior to such deletion, make at least two (2) good faith attempts to notify You of the pending termination via the contact details registered in Your account information.
Usage through a Portal: If You are invited to use the Service through a portal of a company (“Portal”) You will either (i) create a Free Account with SWESTEP, or (ii) if You already have an account with SWESTEP, log in to the Service with your existing credentials. When You log in to the Service through a portal, You will only have access to documents between You and the company that invited You to the Portal. When You log in to the Service directly through the www.swestep.com, You will have access to Your full e-archive and the functionality offered with Your current price plan.
Initiating a signing process without an account: SWESTEP may from time to time offer the possibility to initiate a signing process from a specific landing page for a specific type of document/purpose. In such cases your usage of the Service is limited to the single signing process you initiate. Once the document is signed by all Parties thereto, all Parties will receive the signed version of the document, at which point the agreement (Terms) between you and SWESTEP expires forthwith and the Errand (as defined in Section 2.2 Data Storage) will be immediately deleted. SWESTEP will only retain the following information relating to the Errand in its transaction log; the document id (unique transaction number) and the date & time for sealing of the document. To avoid doubt, without an account you will not have access to an e-archive or any other functionality offered by SWESTEP to its Users with an account.

Data Management

Except from the documents and personal data that has been shared with the Service by the Parties, SWESTEP also collects information about the Parties’ communication and behaviour in the Service, for example IP-addresses, language settings and digital fingerprints that can strengthen the Parties’ legal position (”Information”). SWESTEP has a purpose to, with the help of the Information, as an independent third party decrease transaction costs, strengthen the evidence trail of signed documents and to decrease administrative and legal costs. Thus, as part of the Service, SWESTEP provides the Parties, paying or non-paying, with equal opportunities to different forms of storage, handling and processing of the Information through the Service that can be of legal use to the Parties. This requires that SWESTEP handles the Parties’ Information automatically according to the following guidelines and You accept and authorise SWESTEP to handle the Parties’ Information in accordance with these guidelines. (For general information on SWESTEP’s processing of personal data and use of cookies, please refer to SWESTEP’s Privacy Policy.)

Sharing data: SWESTEP has the right to communicate with You, and also directly or indirectly with the invited Parties, regarding the documents to be signed via the Service. SWESTEP has the right to share with the Parties the Information that is reasonably needed for the Parties to be able to (1) review the document, (2) examine the identities of the signing Parties and, (3) to know whether the document is signed or not signed and understand the circumstances surrounding the events.
Data storage: Whenever You initiate a signing process in the Service this constitutes an “errand”, irrespective of whether the document in question is subsequently signed by all Parties thereto or not. All Information is stored per errand with at least one backup per errand assuming it is available when the daily backups are performed. All invited Parties, paying or non-paying, get equal opportunity to access the errand via separated access to the Service. Errands containing documents that have been signed through the Service by all Parties are retained within the Parties’ respective accounts within the Service until deleted therefrom by the respective Party through any of the means available via the Service. Errands containing documents that have not been signed by all invited Parties are retained until the initiating Party deletes the document, or as configured within the Service. When a Party that had access has deleted an errand from their own account in the Service, SWESTEP may retain a backup of the errand on separate encrypted back-up servers in accordance with SWESTEP’s back-up and retention policy – i.e. currently for six (6) months – where after the backup of the errand is permanently deleted also from the back-up servers. When all Parties that had access have deleted an errand, and SWESTEP has permanently deleted any back-up copy of the errand as per the above, SWESTEP will retain in its transaction log; the document id (unique transaction number) and the date & time for sealing of the document.
Data integrity: In order to generate legally and administratively or statistically useful materials for the Parties SWESTEP may process the Information automatically. The Service must for example, to be able to generate the electronic original as the final product after all Parties have signed, be able to print extracts of logs, the SWESTEP seal and the Parties’ personal information in the documents footer, verification page and extra evidence attachments and thereafter stamp the document with a digital signature. The Information may be used by SWESTEP in anonymous form for statistical analysis and in order to promote or develop the Service. The Parties’ documents are not available to SWESTEP employees for manual handling unless either Party has requested or given their explicit consent of such handling and the document or documents as a result of such request have been made available by specially authorised staff at SWESTEP.

Signed documents

Sharing data: SWESTEP has the right to communicate with You, and also directly or indirectly with the invited Parties, regarding the documents to be signed via the Service. SWESTEP has the right to share with the Parties the Information that is reasonably needed for the Parties to be able to (1) review the document, (2) examine the identities of the signing Parties and, (3) to know whether the document is signed or not signed and understand the circumstances surrounding the events.
Data storage: Whenever You initiate a signing process in the Service this constitutes an “errand”, irrespective of whether the document in question is subsequently signed by all Parties thereto or not. All Information is stored per errand with at least one backup per errand assuming it is available when the daily backups are performed. All invited Parties, paying or non-paying, get equal opportunity to access the errand via separated access to the Service. Errands containing documents that have been signed through the Service by all Parties are retained within the Parties’ respective accounts within the Service until deleted therefrom by the respective Party through any of the means available via the Service. Errands containing documents that have not been signed by all invited Parties are retained until the initiating Party deletes the document, or as configured within the Service. When a Party that had access has deleted an errand from their own account in the Service, SWESTEP may retain a backup of the errand on separate encrypted back-up servers in accordance with SWESTEP’s back-up and retention policy – i.e. currently for six (6) months – where after the backup of the errand is permanently deleted also from the back-up servers. When all Parties that had access have deleted an errand, and SWESTEP has permanently deleted any back-up copy of the errand as per the above, SWESTEP will retain in its transaction log; the document id (unique transaction number) and the date & time for sealing of the document.
Data integrity: In order to generate legally and administratively or statistically useful materials for the Parties SWESTEP may process the Information automatically. The Service must for example, to be able to generate the electronic original as the final product after all Parties have signed, be able to print extracts of logs, the SWESTEP seal and the Parties’ personal information in the documents footer, verification page and extra evidence attachments and thereafter stamp the document with a digital signature. The Information may be used by SWESTEP in anonymous form for statistical analysis and in order to promote or develop the Service. The Parties’ documents are not available to SWESTEP employees for manual handling unless either Party has requested or given their explicit consent of such handling and the document or documents as a result of such request have been made available by specially authorised staff at SWESTEP.

Our communication with You

When You open an account in the Service, SWESTEP may contact you through the Service or through a representative, via Your phone or email in order to give you updates on our products or Service or other materials SWESTEP deems may be interesting to you. If You do not wish to receive our mailings via email, please send an email to contact@swestep.com. Please note that SWESTEP will still need to communicate with You via email about Your transactions and other account related issues, and that these emails will not be eliminated by the above procedure as these communications are a part of the Service provided.

5. Proprietary Rights

You acknowledge and agree that (i) SWESTEP, and licensors to SWESTEP, own all property rights to the Service and all interests therein, including intellectual property rights contained in the Service (whether those rights are registered or not, and wherever in the world those rights may exist); (ii) You may not decompile, disassemble, or reverse engineer the Service, nor alter or duplicate any aspect of the Service except as explicitly permitted by SWESTEP; and (iii) unless otherwise agreed in writing with SWESTEP nothing in the Terms gives You the right to use any of the SWESTEP trade names, trademarks, logos, domain names or other distinguishing marks. SWESTEP acknowledges and agrees that SWESTEP under these conditions obtains no right, title or interest from You (or Your licensors) in or to any content You submit, post, transmit or display on or through the Service, including intellectual property rights which may subsist in that content.

Disclaimer

No legal advice: It is Your responsibility to evaluate the accuracy, completeness, or usefulness of any information, opinions, advice, documents, contracts, or other content available through the Service. No part of the Service shall be regarded as legal advice. Neither SWESTEP nor its licensors and affiliates shall be liable for any errors or omissions in the content, or for the consequences of actions based on reliance on any content.

Use via Reseller (sub-licensed use)

The Terms shall apply equally and without limitation in the event that You/Your Company have been granted a sublicensed right to use the Service under a separate agreement with a Reseller. In such event the Reseller shall be deemed to replace SWESTEP as the contractual counterpart wherever the context so requires. For the avoidance of any doubt; in the event that You/Your Company uses the Service via a Reseller, SWESTEP’s role is delimited to being the licensor of the Service to Reseller, and SWESTEP shall never be deemed to have any contractual relationship with, nor liabilities to, You/Your Company on the basis of the Terms.

General contractual conditions

The conditions of this section of the Terms shall apply as an integrated part of Your/Your Company’s license agreement with SWESTEP unless and to the extent that; (i) Your Company’s separate valid license agreement with SWESTEP includes conditions addressing substantially the same subject matters as covered in this section, in which case such other conditions of the License Agreement shall prevail; or, alternatively (ii) Your Company has a valid sublicensing agreement with a Reseller that includes conditions addressing substantially the same subject matters as covered in this section, in which case the conditions of such separate agreement shall prevail.

Publicity: Unless otherwise explicitly agreed in writing SWESTEP shall have the right to disclose and publish that the legal person You represent is a customer of SWESTEP. Further marketing or public relations activities shall be agreed in good faith.
Confidentiality: You and SWESTEP each undertake to treat as “Confidential Information” as and when disclosed to the other party; all of the other party’s information, technical and business data or know-how which is designated in writing, or identified orally as confidential or proprietary, or which information would, under the circumstances, appear to a reasonable person to be, confidential and/or proprietary information. Confidential Information does however not include information that: (i) was in or enters the public domain through no fault of the receiving party; (ii) is communicated by a third party to the receiving party free of any obligation of confidentiality; (iii) has been independently developed by the receiving party without reference to any Confidential Information of the disclosing party; or (iv) was in the receiving party’s lawful possession prior to disclosure and had not been obtained either directly or indirectly from the disclosing party. Each party shall hold the other party’s Confidential Information in confidence and shall not disclose such Confidential Information to third parties nor use the other party’s confidential information for any purpose other than as required to perform under the agreement.
General limitation of liability: You agree to hold SWESTEP and its parent companies, sister companies, subsidiaries, affiliates, service providers, other users, distributors, licensors, officers, directors and employees free from any claim or demand, including all attorneys’ fees, from You for any direct, indirect, random, special, following or specific injury, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses (even if SWESTEP has been notified of this option), and including injuries resulting from: (i) documents submitted to the Service where SWESTEP has not been a direct party (signatory) to such document, (ii) the use or inability to use, including errors/mistakes, interruptions or delays; unauthorised access to or alteration of Your documents or transactions or (iii) any other issue relating to the Service. SWESTEP’s maximum aggregate liability for losses or damages suffered in respect of all claims arising in connection with the agreement shall not exceed the sum of Your/Your Company’s total payments for the use of the Service within the last 12-months period.
Severability and non-waiver: If any provision of the agreement is held to be legally invalid or unenforceable for any reason, the remaining provisions will continue in full force without being impaired or invalidated in any way. Failure by either party to enforce any provision of the agreement or to exercise any right in respect thereto shall not be construed as constituting a waiver of such provision or right unless express and in writing. No waiver shall be interpreted as setting a precedent.
Assignment: Neither party shall transfer, assign or sublicense its rights under the agreement to any other third party, in whole or in part, without the prior written consent of the other party. Notwithstanding the foregoing, a party may assign the agreement in connection with its merger, reorganisation, or sale of substantially all of its assets or capital stock.
Force majeure: Neither party shall be liable to the other for any delay or non-performance of its obligations under the agreement to the extent that such delay or non-performance arises directly from any cause or causes beyond its reasonable control and which the party could not reasonably be expected to have anticipated and the consequences of which the party could not have reasonably avoided or surmounted (a “Force Majeure Event”). Nevertheless, in the event that a Force Majeure Event continues for more than one (1) month, the non-affected party shall be entitled to terminate the agreement without any further liability to the affected party. The affected party shall take all reasonable steps to mitigate the effect of the Force Majeure Event.
Governing law & dispute resolution: The agreement shall be construed in accordance with and be governed by the substantive laws of Sweden. Any dispute, controversy or claim arising out of or in connection with the agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration in accordance with the Expedited Arbitration Rules of the Arbitration Institute of the Stockholm Chamber of Commerce The arbitral tribunal shall be composed of a sole arbitrator. The seat of arbitration shall be Stockholm and the language to be used in the arbitral proceedings shall be English. All awards may, if necessary, be enforced by any court having jurisdiction in the same manner as a judgement in such court. All arbitral proceedings shall be strictly confidential and all information, documentation, materials in whatever form disclosed in the course of such arbitral proceeding shall be used solely for the purpose of those proceedings.

Miscellaneous

This English version of these Terms shall be deemed as the original, governing version. SWESTEP may make the Terms available in other languages for convenience and information purposes on its website or elsewhere. In the event of any conflict between the English language version of the Terms and any subsequent translation into any other language, the English language version shall govern and control.