3. Customer use of the Service 3.1 Terms of use 3.1.1 By using the Services, Customer agrees to all of the terms and conditions of these ICONFIRM Terms and Conditions, including the limitations on liability set forth herein and the provisions governing ICONFIRM’s ability to modify these Terms and Conditions set forth in Section 8.1. IF CUSTOMER DOES NOT AGREE WITH ALL OF THE TERMS AND CONDITIONS SET FORTH HEREIN, CUSTOMER IS NOT PERMITTED TO USE THE SERVICES. 3.1.2 The Customer, upon subscribing to the Service, receives a limited, revocable, nonexclusive and non-transferable right to use the Service in accordance with the Agreement. 3.1.3 The Service is provided as "Software as a Service" (SaaS), and is made available through the Internet. The Customer is responsible for having the necessary equipment for accessing and further use of the Service. 3.1.4 The Customer pays a subscription for rights of access and usage of the Service, as described in Section 3.2 of the Agreement. The price for use of the Service is to be agreed with the ICONFIRM partner arranging and managing the subscription. The subscription is scalable, and can be upgraded for extended features. The Customer can access the service through the website https://www.iconfirm.eu/. Additional integration with Customer's own systems can be established through access to ICONFIRMs API web service. The use of the APIs provided is entirely managed by the Customer. The Customer will not get a physical copy of the software for download. 3.1.5 The Customer shall be given login rights for the Service. 3.1.6 The Service is offered as a standardized service, without customizations, and entitles the Customer access to the Service as it is delivered at any given time. The right of use is not linked to any particular version, to a given functionality or to a particular time. The right to use the Service does not require delivery of any future versions or functionality. 3.2 Subscription and additional features 3.2.1 ICONFIRM offers the Customer a SaaS subscription with optional add-ons. The Customer can choose from o ICONFIRM subscription; o Privacy Storage add-on; o Recipient management add-on; o An API solution as an additional feature for integration with the Customer's own systems. 3.2.2 Subscriptions and additional features are described in more detail in Appendix 2. Terms and conditions regarding the use of the ICONFIRM services 4 3.2.3 The Customer can adjust the subscription and add-ons at any time. Changes are done in writing and will take effect from the following month. 3.2.4 In the case of upgrading and downgrading, payment will consequently be amended in accordance with Appendix 2 and section 3.3 below. 3.3 Payment 3.3.1 Initial payment for use of the Service shall be made at the signing of this Agreement and thereafter in arrears after each month. 3.3.2 Taxes and fees will be added to invoice according to at any time current rates and fees. 3.3.3 In case of late payment, the applicable late interest rates in accordance with the Norwegian Act relating to Interest on Overdue Payments of 1976 will apply at the current interest rate, from 14 days after maturity. 3.3.4 From 30 days after maturity, ICONFIRM has the right to close Customer's access to the Service until payment occurs. 4. Delivery of the Service 4.1 Availability 4.1.1 ICONFIRM is responsible for making the Service available to the Customer upon signature of the Agreement. 4.1.2 ICONFIRM cannot guarantee that the Service is available at all times. ICONFIRM will strive for an uptime of 99% outside of the general Maintenance Window. Uptime and General Maintenance Window are defined in Point 3 of the Agreement. 4.1.3 ICONFIRM is not responsible for Downtime caused by Third Party Vendors. ICONFIRM shall, as far as possible, notify the Customer of any planned Downtime of Third Party Vendors. 4.1.4 ICONFIRM may, at any time, make improvements, add, modify or remove functionality, or correct any errors or omissions in the Service. ICONFIRM can do this without obligation or liability because of such act or omission. ICONFIRM nevertheless undertakes to limit Downtime as far as possible. ICONFIRM has a duty to maintain Essential Functions for the duration of the Agreement. 4.2 Maintenance 4.2.1 ICONFIRM is responsible for maintenance of the Service. Maintenance is carried out regularly and when needed. The Customer is not entitled to demand maintenance of the Service. 4.2.2 Testing and maintenance of the software shall be such that it affects the Service to the least extent possible. 4.2.3 From time to time, ICONFIRM may require additional maintenance windows in addition to the standard. Such scheduled Downtime will be notified on the Services welcome page at least 7 days before and is not included in the calculation of availability. 4.2.4 In cases where maintenance causes Downtime, which is necessary to safeguard the security of the Service, such notice may be omitted. The same applies to extraordinary cases where it is not possible to provide such notice. 4.3 Support 4.3.1 Main line of support is provided through the ICONFIRM partner managing the subscription. 4.3.2 ICONFIRM offers technical support via email or through the website https://www.iconfirm.eu/. The technical support is limited to: o Critical advice on Essential Functions Terms and conditions regarding the use of the ICONFIRM services 5 o Reporting errors in the Service o Problems with access to the Service provided by ICONFIRM 4.3.3 The technical support provided by ICONFIRM is included in the subscription fee and is not separately billed. Additional support is provided by ICONFIRM partner arranging the subscription as per 4.3.1 above. 4.3.4 ICONFIRM will respond to requests for technical support within 24 hours. For inquiries about Essential Functions, ICONFIRM will respond within 1 hour unless such requests are filed between 22:00 and 06:00 Norwegian time. 4.3.5 Support do not include; o connection of the Service API with Customer's internal systems, o Customer's customizations, o administration of user access rights, o text for use in the Service o and any other issue for which the Customer is responsible. 4.4 Third Party Vendors 4.4.1 ICONFIRM reserves the right to use any Third Party Vendors in providing the Service and to fulfil any obligation in accordance with this Agreement. Current Third Party Vendors used for the fulfilment of this Agreement are shown in Appendix 4. 4.4.2 ICONFIRM can change Third Party Vendors at any time at its own discretion. 4.4.3 ICONFIRM shall notify the Customer of any change of Third Party Vendors. 5. Responsibility 5.1 Limited liability 5.1.1 When providing the Service as a Data Processor, ICONFIRM will process personal information in accordance with EU-law, the laws of the Kingdom of Norway and other applicable mandatory rule of law. 5.1.2 ICONFIRM assumes responsibility for damage caused to data subjects due to breach of applicable privacy requirements in accordance with EU-law, the laws of the Kingdom of Norway and other applicable mandatory rule of law, provided ICONFIRM has acted in conflict with instructions from or agreement with the Data Controller. The processing of personal data is further regulated in Appendix 3. 5.1.3 The Customer is responsible for its own operating system and vendors, and for adjustments made in their own systems to deploy the Service. 5.1.4 The service is self-service and the Customer is responsible for own use. This includes, but is not limited to, configuration of the system, wording of the texts, obtaining valid consents from the data subject etc. It is recommended that all texts to be configured by the Customer is reviewed by appropriate legal experts. 5.1.5 The Customer is responsible that the obtained consent from the data subjects fulfils the requirements for consent relevant for the Customer's business. The Customer is responsible for having knowledge of current and relevant regulations regarding the processing of personal data, consent management and related requirements. 5.1.6 The Customer is responsible for necessary Customer internal training for the use of the Service. ICONFIRM personnel do not have access to the Customer's data unless specifically granted by the Customers dedicated administrator. 5.1.7 ICONFIRM is not responsible for the unlawful use of the Service or for illegal content placed in the Service by the Customer or anyone provided by the Customer. Terms and conditions regarding the use of the ICONFIRM services 6 5.2 Information Security 5.2.1 ICONFIRM has implemented technical and organizational security measures to protect data against loss, abuse and unauthorized change. Such measures have been implemented to correspond to a level of security that is in proportion to the risk of data processing, including personal data, and considering the cost of implementation. 5.2.2 ICONFIRM provides regular backup of data stored through the Service. 5.2.3 ICONFIRM seeks to prevent security threats, including data being available to unauthorized third parties. 5.2.4 ICONFIRM performs risk assessments of third party deliveries to the Service. 5.2.5 Information security measures are described in more detail in the data processing agreement 5.3 Processing of personal data 5.3.1 The Customer is the Data Controller in relation to the processing of Personal data of own data subjects. ICONFIRM is a Data Processor for the Customer. The parties undertake to enter into a separate data processor agreement, enclosed with this Agreement in Appendix 3. 6. Limited rights and obligations 6.1 Rights to the Service 6.1.1 «ICONFIRM» is a registered trademark. 6.1.2 The Customer, upon entering into the Agreement, receives a limited, revocable, nonexclusive and non-transferable right to use the Service. 6.1.3 ICONFIRM retains all rights to the Service regardless of whether the rights are registered or not. This includes property rights and intellectual property rights such as copyright, patents, trademarks, design, product design, source code, databases, business plans, know how, ideas and other types of rights. 6.1.4 The Customer shall, without undue delay, inform ICONFIRM in writing if the Customer becomes aware of third party infringement to ICONFIRM's trademarks or other intellectual property rights. 6.1.5 The Customer is entitled, and encouraged, to use the ICONFIRM logo, which is a registered, combined trademark, on its own websites. The prerequisite for such use of the logo is that it simultaneously links the website https://www.iconfirm.eu/ to the logo. 6.1.6 The Customer has ownership of all own data uploaded in the Service. This includes obtained consents, texts, documents, etc. as the Customer himself delivers to the Service. ICONFIRM cannot retrieve or use such data, texts or documents for its own purposes. 6.2 The Customer’s duty to manage access control 6.2.1 The Customer is responsible for managing their own access control to the Service. This includes: o That only employees who have a defined need can access the Service, o That all defined users should be unique individuals with delegated authority and assigned rights. If utilizing the APIs for an integrated solution, the Customer is responsible to ensure adequate access control in own systems to identify which individuals have taken action in the Service. o That the Customer's Access Control List is continuously updated and confirmable according to ICONFIRMS prevailing practices as stated at the https://www.iconfirm.eu/ website. Terms and conditions regarding the use of the ICONFIRM services 7 6.3 Transfer of the Agreement and third party use 6.3.1 The Customer cannot transfer the subscription to another legal entity without the prior written consent of ICONFIRM. Such consent shall not be unreasonably withheld. This also applies to Customer internal transfers following reorganizations or restructurings. 6.3.2 Customer is not entitled to grant third parties access to the Service without ICONFIRM's written consent. This means that the Customer cannot provide access to use, obtaining consent, retrieving information, etc., to persons other than their own employees. Consent cannot be denied without a proper basis. 6.3.3 ICONFIRM may require payment for any third party's use of the Service. 6.4 Confidentiality / Secrecy 6.4.1 The Parties are mutually bound to maintain confidentiality of the following information regardless of medium and form, provided that the information is obtained in relation to this Agreement and the information is not publicly known: know-how, show how, technical specifications, methods, terms, business assessments and analysis, business plans, budgets, strategies , financial information trade secrets, information that may be subject to intellectual property protection, or personal data 6.4.2 The confidentiality obligation applies 10 years after the termination of the Agreement. 6.4.3 The duty of confidentiality applies to the Parties' employees, subcontractors and third parties acting on behalf of the Parties during execution of the Agreement. The Parties may only transmit confidential information to such subcontractors and third parties to the extent that this is necessary for the execution of the Agreement and provided that they are bound to confidentiality identical to this Agreement. 6.4.4 The confidentiality obligation under this provision does not prevent the disclosure of information that may be required provided by law. 6.5 Indemnification 6.5.1 The Customer undertakes to indemnify ICONFIRM for any third party claims relating to the Customer's processing of data and use of the Service in violation of any third party's rights. 6.5.2 If Customer becomes aware of any third parties claiming trade mark infringement or other intellectual property rights of a third party, the Customer shall promptly notify ICONFIRM thereof. 7. Breach of the Agreement 7.1 Refunds 7.1.1 For Downtime, not caused by Third Party Vendors, the Customer may be entitled to a refund. Refund is given for a full day if the Service has had more than 240 minutes of continuous Downtime. If Downtime exceeds 1 day, the refund will be made for each additional day at commencement of the day. Refund is granted for a maximum of 29 days. 7.1.2 Refunds are calculated according to standardized rates depending on the subscription and are described in more detail in Appendix 2. 7.1.3 Customer is not entitled to any other form of refund for breach of Uptime. 7.2 Termination 7.2.1 If the Parties fail to fulfil their obligations under the Agreement, each Party shall have the right, subject to prior written notice, to withhold their respective duties until the other Party's obligations are fulfilled. Terms and conditions regarding the use of the ICONFIRM services 8 7.2.2 In the case of material breach, after giving the defaulting Party reasonable time to bring the issue in order, the other Party has the right to terminate all or parts of the Agreement with immediate effect. Such termination must be delivered in writing. 7.2.3 Significant material breach can always be declared by ICONFIRM when Customers: o Use the Service beyond the purpose of the Agreement. o Placing of illegal material in the Service. o Violation of copyright and other intellectual property rights etc. o Payment breach over 60 days from maturity. o Transfer of viruses or other security-related events from the Customer to ICONFIRM. o Third Party Use and Transfer of the Agreement without written consent. 7.2.4 Significant material breach can be declared by both Parties in the events where is: o Confidentiality breach. o Opening of debt negotiations, insolvency, bankruptcy, or any other form of creditorship, unless otherwise provided by law. 7.2.5 If the Service loses Functions of essential importance to the Service over a period of one month, the Customer is entitled to terminate the Agreement. Cancellation of the Agreement will only be effective for future services. 7.2.6 Upon temporary suspension of the Service due to lack of payment, ICONFIRM is obliged to provide individual and temporarily access so that the Customer can retrieve their own data, but not for a longer period than necessary and until payment occurs. Upon termination of the Agreement, ICONFIRM undertakes to provide individual and temporarily access to the Service until the Customer has obtained his own data but for no longer than 45 days. 7.3 Compensation 7.3.1 Each Party is entitled to compensation for direct loss if the loss is due to negligence by the other Party. However, this does not apply if the loss is due to circumstances that the injured party itself is responsible for. 7.3.2 No Party is responsible for indirect or consequential loss, such as lost profit, loss of data, lost efficiency gains etc. If the Customer violates ICONFIRM's rights to the Service described in section 6, the confidentiality clause in section 6.4, acts that affect the reputation of ICONFIRM or act grossly negligently or intentionally, the Customer is also liable for indirect loss. 7.3.3 In all cases, Customer's claim against ICONFIRM is limited to 100% of Customers payments to ICONFIRM for the last 12 months (exclusive of VAT). 7.3.4 Customer claims for damages on data subjects are governed by the responsibility of a Data Processor according to prevailing data protection regulations and as described in section 5.1.1 8. Termination or amendment of the Agreement 8.1 Amendments 8.1.1 ICONFIRM has the right to change the terms of this Agreement with 60 days written notice. The Agreement with Attachments shall be available in the latest version by logging in to the Customer at https://www.iconfirm.eu/. 8.1.2 Updated terms are accepted by the Customer for continued use of the Service at the end of the 6o days and no notice of termination has been given within these 60 days. If the Customer does not approve the updated terms, the Agreement will expire three (3) months after the expiry of the 60 day deadline. 8.1.3 Amendments to Data Processor Agreement in Appendix 3 shall be in writing, signed and attached to this Agreement. Terms and conditions regarding the use of the ICONFIRM services 9 8.2 Duration / Termination 8.2.1 The Agreement runs from signing up to the expiration of notice period upon termination by one of the parties. 8.2.2 ICONFIRM can terminate the Agreement with 12 months written notice. 8.2.3 The Customer can terminate the Agreement with 6 months written notice. 8.3 Competence transfer and obligations upon termination of the Agreement 8.3.1 Termination of the Agreement does not discharge any of the Parties from their duty to pay due amounts as well as adherence with obligations relating to loyalty, intellectual property, confidentiality and liability. 8.3.2 Upon termination of the Agreement, ICONFIRM is obliged to contribute to the transfer of data to another supplier and / or return all data that the Customer has uploaded to the Service in the extent possible and reasonable. Such transferring shall be instructed in writing upon termination and be done within a reasonable period (e.g. 45 days). 8.3.3 In cases where such transmission involves more than one hour of work for ICONFIRM, ICONFIRM is entitled to additional compensation for the costs incurred according to the price stated in Appendix 2 for technical consultation / advice. 9. Force Majeure and extraordinary events 9.1 The parties are not liable for any damage or loss of any kind arising from extraordinary events beyond the Parties control, neither at the Parties nor at any third party. This assumes that the parties could not predict and reasonably have avoided or overcome the consequences of the incident. 9.2 The Parties' obligations are suspended for as long as the extraordinary situation persists. 9.3 Such extraordinary events include, but is not limited to, war, rebel, blockade, natural disasters, strikes, lock-outs, hacker attacks, viruses etc. 9.4 In such force majeure situations, the parties may only withdraw from the Agreement with the consent of the affected party or if the situation lasts or is expected to last for more than 90 days from the date the situation occurred and only after 30 days written notice. 10. Governing Law. Jurisdiction. Disputes 10.1 The Agreement and any dispute connected with it is governed by Norwegian law. 10.2 In the event of a dispute between the Parties concerning the validity, interpretation or execution of the Agreement and the dispute cannot be resolved by negotiation, the dispute shall be brought before the ordinary courts. Oslo District Court is adopted as a court of law.