General Terms and Conditions
These general terms and conditions, including any appendices and other terms referred to in this document (jointly the “Terms”), are binding upon the legal entity(-ies) for which you register subscription(s) (“the Customer”). You confirm that you have the authority to accept the Terms with binding effect for the Customer, and that the Customer accepts that the Terms may be amended from time to time. The latest version of the Terms can always be found here.
The Terms are applicable for the Customer’s subscription to the services described in section 1 below, delivered by dCompany AS, Norwegian business register number 925 885 681 (“dCompany”). You accept that the services are not intended for consumer purposes, and that you do not act as a consumer in your use of the services.
1.1 For as long as the Customer has an active subscription, dCompany shall give the Customer access to and the right to use the services which are comprised by the subscription. Access to certain modules, functionality etc. may depend on subscription type.
1.2 The services will have the functionality which is available at any given time, as described in the Service Description. dCompany reserves the right to make changes in the services, including replacing or removing functionalities. The services will include support to the extent and on the terms stipulated in the Service Description.
1.3 dCompany may use subcontractors in the provision of the services and otherwise in the fulfillment of dCompany’s obligations.
1.4 dCompany will use reasonable measures to ensure that the services are available for the Customer with the functionality described in the Service Description. The Customer acknowledges that the services are not always free from errors, and that downtime and unavailability may occur.
USER ACCOUNT AND USER DATA
2.1 dCompany is not responsible for unauthorized access to the services through the Customer’s user account(s) or other unauthorized access caused by the failure by Customer or Customer’s users to keep login credentials confidential.
2.2 The Customer is responsible for all use of the services by persons acting on behalf of the Customer, or who is otherwise given access to the services by the Customer. This includes the responsibility to ensure that such use of the services is in keeping with the Terms.
2.3 dCompany may monitor the Customer’s and the Customer’s users’ access to and use of the services.
2.4 The Customer is responsible for ensuring that files and data uploaded to the services by or on behalf of the Customer are in compliance with applicable laws and regulations and do not infringe the intellectual property rights of any third parties.
2.5 The Customer shall provide correct and complete information in its use of the services. The Customer especially guarantees that the Customer will not register incorrect information about management or ownership interests in any legal entity, or in other ways use the services to create the appearance of being or representing a different legal entity.
LIMITATIONS IN THE USE OF THE SERVICES
3.1 The Customer shall not, and will not allow any user or third party to:
(a) try to copy, change, duplicate, make derived works from, mirror or distribute any part of the services and/or associated documentation;
(b) access any part of the services in order to develop or make available a product or a service which may compete with the services;
(c) use the services in order to provide services or products based on the services to any third party;
(d) introduce or allow the introduction of viruses or other malware into dCompany’s networks and IT systems.
PRICE AND PAYMENT
4.1 Access to the services is offered as a running subscription service. The Customer accepts that upgrading to a different subscription type, including from any free subscription, may trigger an increased subscription fee.
4.2 Paid subscriptions are payable in advance on a monthly basis for customers who pay their subscription by credit card, or in advance on a yearly basis for customers who pay their subscription by invoice. dCompany reserves the right to cancel the Customer’s access to the services if the Customer’s subscription expires or is not paid on the due date.
4.3 If payment is not made on time, dCompany has the right to claim interest in accordance with Norwegian legislation on interest on overdue payments.
4.4 dCompany reserves the right to change prices, including changing any free subscriptions to paid subscriptions and increasing prices as the services are further developed and improved, with 30 days’ notice. Such notice will be given to the email address which is registered for the subscription in question.
4.5 dCompany’s services are automated. Nevertheless, we may need to do manual follow-up in rare cases of wrong information or user mistakes from the Customer, for example if a user uploads the wrong document as an attachment to a corporate decision. Such work is invoiced to the Customer at our standard rate, which currently is NOK 1 790 per hour.
INTELLECTUAL PROPERTY RIGHTS
5.1 Nothing in the Terms may be interpreted as a transfer of intellectual property rights between the parties. dCompany retains any and all rights to the services and intellectual property rights associated with the services.
5.2 If the Customer or the Customer’s users give feedback or suggestions regarding the services, dCompany (and those authorized by dCompany) may use such information without obligations to the Customer or the Customer’s users.
6.1 dCompany will process personal data about the Customer’s contact persons and personal data in user profiles, as a controller. You may read more about this in dCompany’s Privacy Statement.
6.2 dCompany will process any other personal data in the services, including any personal data in documents and registers which are generated, stored or shown in the services, as a processor on behalf of the Customer as controller. This processing is governed by dCompany’s Data Processing Agreement, Appendix 1 below.
Permission to disclose shareholder data to T-rank
6.3 It is an important objective for dCompany to contribute to transparency about the ownership of limited companies. This is positive for investors, business partners and authorities, and makes it more difficult for criminals to hide who is really behind transactions. Increased transparency about ownership is a political objective in Norway and the EU.
dCompany provides shareholder data to our partner T-rank AS, which makes the information publicly available through data deliveries to i.a. anti-money laundering systems. The information provided is the main information from the shareholder register in all companies on the dCompany platform. For personal shareholders, we disclose the following data: name, year of birth, postcode/city, country code, number of shares, share class and voting weight. The information is public, cf. Section 4-6 of the Limited Liability Companies Act. The same information is also published by the Tax Authority, but only once a year. For companies on the dCompany platform, updated ownership information is made available to the public on a daily basis.
When we share this information about natural persons who own shares in companies on the platform, we process personal data. dCompany is the controller for this processing of personal data. Because the information originates from the Customer, we need the Customer’s permission for the disclosure. By accepting these terms and using dCompany’s services, the Customer permits such disclosure of personal data. The customer also undertakes to inform personal shareholders that ownership information is being disclosed.
dCompany has prepared an assessment of the legality of this disclosure of personal data, which is available to the Customer on request.
7.1 Each party undertakes to treat all information exchanged or received in connection with the services and the Terms, which is not publicly available, as confidential information. Such confidential information shall not be disclosed to third parties without the prior written approval of the other party. Each party shall take reasonable precautions to prevent unauthorized disclosure of the other party’s confidential information. This non-disclosure obligation shall persist even after the expiry of the parties’ agreement and the Terms.
7.2 The confidentiality obligations in section 7.1 shall not prevent dCompany from publishing or otherwise sharing information which the Customer uploads to the services where the information is, or will by its nature become, publicly available information, for example about the identity of shareholders, beneficial owners or board members of a company. Nor shall they prevent dCompany from using the Customer’s name and logo in the marketing of the services.
CONTRACT PERIOD AND TERMINATION
8.1 The Terms apply for as long as the Customer uses the services.
8.2 The Customer may terminate the subscription for the services with three months’ written notice, calculated from the first day of the month following dCompany’s receipt of the notice. Such termination can not, however, take effect earlier than 12 months after the start of the subscription period. For customers who pay their subscription by invoice, the subscription is automatically renewed for a new 12 month term unless it is terminated within three months before expiry of the present term. dCompany may terminate the Customer’s subscription for any reason with three months’ written notice.
8.3 dCompany may cancel the Customer’s access to the services with immediate effect if dCompany has reason to believe that the Customer or Customer’s users use the services in breach of the Terms or in violation of applicable laws or regulations, or otherwise in a manner which may be substantially detrimental for dCompany.
8.4 The Customer is not entitled to any refund of fees upon termination of the services unless such refund is provided for in a mandatory rule of law.
8.5 The Customer’s access to the services expires on the date on which the termination is effective. From the same time, dCompany may delete or deactivate the Customer’s user accounts and delete all of the Customer’s data which are stored in the services. This does not apply to user accounts or data which are directly linked to subscriptions which are not terminated. The Customer is responsible for making copies of data stored in the services before termination takes effect, in order to avoid permanent loss of such data.
9.1 The Customer acknowledges that dCompany does not provide legal or other advisory services, and that the information provided through the services does not constitute legal advice. The Customer is responsible for doing its own assessments related to the information which is provided and the documents which are generated through the services.
9.2 The Customer accepts that the services are provided as is, without warranties of any kind. Use of the services takes place at the Customer’s own risk, and the Customer alone is liable for any damage to the Customer’s content, systems, service platform or units which the Customer makes use of in order to avail itself of the services. The Customer further acknowledges that the information provided through the services is based to a significant degree on information gathered from the Customer itself and/or third parties, and that dCompany can not under any circumstances be held liable for errors, deficiencies or inaccuracies in such information or in calculations or other information being generated on the basis of such Customer and/or third party information.
9.3 Each party may claim compensation for documented direct losses which are caused by the other party’s failure to comply with the Terms.
9.4 None of the parties shall be liable for the other party’s indirect losses. Loss or corruption of data shall always be considered indirect loss. Any liability for direct losses shall be limited to the fee the Customer has paid for the subscription the claim relates to, for a period of three months prior to the event which caused the liability.
9.5 dCompany’s liability to the Customer for errors or deficiencies related to dCompany’s subcontractors, including dCompany’s hosting partner, is under any circumstances limited to the subcontractor’s liability for the same to dCompany.
9.6 The Customer shall indemnify dCompany from any claims, lawsuits and losses which may arise as a consequence of (i) the Customer’s or the Customer’s users’ breach of obligations pursuant to the Terms; (ii) the Customer’s or the Customer’s users’ infringement of any intellectual property rights or privacy rights; and (iii) abuse of the services by a third party where such abuse was possible because the Customer or the Customer’s users failed to take reasonable precautions to protect login credentials. The Customer’s liability pursuant to this section 9.6 is not limited by the limitations of liability above.
10.1 Each of the parties may assign all or a portion of its rights under the Terms to an entity which acquires all of or almost all of the party’s business through a merger, acquisition or similar arrangement. The Terms are binding upon any permitted recipients or acquirers. Any other assignment of the Terms is subject to the other party’s prior written consent.
CHOICE OF LAW AND DISPUTE RESOLUTION
11.1 The Terms and any dispute which may arise from the Terms and/or the use of the services, shall be governed by and construed according to the laws of Norway, regardless of choice of law principles.
11.2 Any dispute, disagreement or claim which may arise in connection with the Terms, shall be finally settled by the courts of Oslo, Norway.
Appendix 1 – Data Processing Agreement
BACKGROUND, PURPOSE AND SCOPE
1.1 This Data Processing Agreement (“DPA”) governs the processing of personal data pursuant to section 6.2 of the Terms to the extent dCompany acts as a processor.
This DPA does not apply to the disclosure of personal data to T-rank described in the Terms and Conditions section 6.3. For this disclosure, dCompany is the data controller.
1.2 In case of conflict between provisions in the main body of the Terms and provisions in the DPA on issues specifically relating to privacy, the DPA provisions shall prevail.
1.3 The nature and purpose of the processing is described in Schedule 1 to the DPA.
THE CUSTOMER’S OBLIGATIONS
2.1 The Customer shall comply with its obligations pursuant to applicable privacy law. The Customer shall, inter alia:
a) make sure it has a legal basis for processing (GDPR Article 6 and, if applicable, Article 9);
b) comply with the rights of the data subjects (GDPR Chapter III),
c) when necessary, notify the competent supervisory authority and the data subjects of any personal data breach (GDPR Articles 33 and 34).
3.1 dCompany shall:
a) only process personal data for the purposes stated in Schedule 1 to the DPA,
b) at the request of the Customer assist, through appropriate technical and organizational measures, in fulfilling the Customer’s obligations to respond to inquiries from data subjects pursuant to GDPR Chapter III,
c) assist the Customer in ensuring compliance with GDPR Article 32-36, taking into account the nature of the processing and the information available to dCompany,
d) make available to the Customer all information necessary to demonstrate that the obligations in the DPA are fulfilled, and facilitate and contribute to audits, including inspections, carried out by or on behalf of the Customer,
e) if the controller so chooses, delete or return all personal data to the controller if the Customer terminates the agreement, and delete existing copies, unless other applicable laws require retention of the personal data,
f) as soon as possible notify the Customer if dCompany has reason to believe that an instruction from the Customer violates applicable privacy law.
3.2 Any assistance as described in section 3.1 b), c) and d) will be invoiced pursuant to dCompany’s then-current hourly rates.
4.1 Pursuant to GDPR Article 32, dCompany shall implement appropriate technical and organizational measures to ensure a level of information security appropriate to the risk. dCompany can not, however, guarantee that security breaches or other personal data breaches will not occur.
4.2 dCompany shall ensure that only dCompany employees who have a legitimate need for access in the performance of their duties, have access to personal data, and that these employees are subject to contractual or statutory non-disclosure obligations.
5.1 dCompany may use other processors in order to provide the services (sub-processors). Any use of sub-processors will be subject to a written agreement which imposes obligations on the sub-processor and gives sufficient guarantees of compliance with applicable privacy laws. dCompany remains fully responsible to the Customer for the sub-processor’s fulfillment of its obligations.
5.2 dCompany’s current sub-processors are listed in Schedule 1.
5.3 dCompany will notify the Customer of any plans to use new sub-processors or exchanging sub-processors in order to give the Customer the opportunity to object to such changes. If the Customer has not objected to the change within 30 days from such notification, the change is deemed to have been accepted. If the Customer objects within the 30 day period, and dCompany can not reasonably continue the processing without carrying out the change, the Customer may terminate the Terms with 30 days’ notice.
INTERNATIONAL DATA TRANSFERS
6.1 Pursuant to GDPR Article 28 (3) (a), dCompany can only transfer personal data to a third country based on the Customer’s documented instruction. The Terms and the DPA shall be considered to constitute such instruction. In connection with providing the services, dCompany will transfer certain personal data to one or more third countries.
6.2 dCompany shall ensure that any transfer of personal data to a third country is in compliance with GDPR Chapter V.
PERSONAL DATA BREACH
7.1 dCompany shall without undue delay notify the Customer in writing of any personal data breach. The notification shall contain information enabling the Customer to comply with its obligations pursuant to GDPR Articles 33 and 34, provided that dCompany has or reasonably can obtain such information.
7.2 The Customer is responsible for sending any notifications or communications pursuant to GDPR Articles 33 and 34.
Schedule 1 to the Data Processing Agreement
|The purpose of the processing:||The purpose of the processing of personal data is to provide the services in accordance with the Terms.|
|Categories of data subjects:||Any person which the content of the services relates to. Examples are the Customer’s representatives and other persons which are mentioned in data the Customer uploads to the services.|
|Categories of personal data:||Any personal data contained in data uploaded by the Customer to the services. Examples are name, position and information on the performance of work-related duties. The Customer shall minimize the amount of personal data. Unless otherwise agreed, the processing shall not include special categories of personal data, even if it can not be excluded that special categories of personal data may unintentionally be processed as part of the services.|
|Sub-processors:||Microsoft Azure, data centers in Europe (hosting partner)Criipto ApS, data centers in Europe (authentication and signing with i.a. BankID) Mailgun EU, data center in Germany (dispatch of email)|