TERMS OF SERVICE
FOR
VISMA.NET SYNC FOR SUPEROFFICE

By using Visma.net Sync for SuperOffice, you accept the following terms and conditions:

1. THE SERVICE

Visma.net Sync for SuperOffice connects SuperOffice with Visma.net made for SuperOffice Online , but can also set it up with SuperOffice On-Premise (the “Service”). The Service is provided by ON IT AS (“ON IT”), see more information here: https://sync-it.no/.

2. GOVERNING TERMS

The access to and use of the Service are governed by this terms and conditions. If you do not agree with any of these terms, you may not use the Service.

3. ACCESS, AVAILABILITY AND APTNESS OF THE SERVICE

ON IT hereby grants the you a limited non-exclusive and non-transferable licence to access and use the Service provided that you comply with these terms and conditions and pay the monthly fee for using the Service. The Service is provided “as is” and “as available”. ON IT disclaims all responsibility and liability for the availability, timeliness, security or reliability of the Service, inclusive any software or other content provided through the Service. ON IT reserves the right to modify, suspend, or discontinue the Service or access to the Service without any notice at any time and without any liability to you. ON IT does not warrant that the use of the Service will meet your needs or requirements, the use of the Service will be uninterrupted, timely, secure or free from errors, or that any defects in the operation or functionality of the Service will be repaired or corrected. By subscribing to the Service, you connect the Service to Visma.net and to SuperOffice, and ON IT takes no responsibility for any interference with these services.

4. LIMITATION OF LIABILITY

The total responsibility for ON IT for your use of the Service is limited to the amount you have paid, if any, for use of the Service. ON IT will not be liable for any direct, indirect, incidental, consequential or exemplary loss or damages which may be incurred by you as a result of using the Service, or as a result of any changes, data loss or corruption, cancellation, loss of access, or downtime to the full extent that applicable limitation of liability laws apply. Unless otherwise expressed, ON IT as expressly disclaims all warranties and conditions of any kind, whether express or implied, with regard to the Service including, but not limited to the implied warranties and conditions of merchantability, fitness for a particular purpose and non-infringement.

5. INTELLECTUAL PROPERTY RIGHTS

All content, materials, code, processes etc. with regard to the Service are the intellectual property of ON IT, and are protected by applicable copyright and trademark law. Any inappropriate use, including but not limited to the reproduction, distribution, display or transmission of any content on this site is strictly prohibited, unless specifically authorized by ON IT. The name “Visma” is the registered name and trademark of Visma ASA, and “SuperOffice” is the registered name and trademark of SuperOffice AS. Visma holds the rights to Visma.net and SuperOffice AS holds the rights to SuperOffice.

6. PROCESSING OF PERSONAL DATA

To the extent personal data is processed using the Service, ON IT is regarded as a data processor (“Processor”) and you are regarded as a controller (“Controller”). In such case, the data processing terms included in appendix hereto shall apply.

7. AMENDMENTS

If these Terms of Service are modified for legal, administrative or any other reasons, ON IT will give notification about these amendments on the web page of these terms: https://sync-it.no/tos and by sending email to you on the email you provided upon subscribing to the Service. If you continues to use the Service after the amendment of the Terms of Service has been published, it implies that you have consented to the amendments or new Terms of Service.

8. TERMINATION

In case of violation of these Terms of Service, ON IT may terminate your subscription of the Service immediate without notice. However you will be informed commencing the termination, and will have the opportunity to give an explanation. In case of violation or breach of the terms, ON IT may claim compensation for any loss or cost imposed due to the violation or breach.

9. GOVERNING LAW AND LEGAL VENUE

These terms are governed by the laws of Norway without regard to the rules of conflict of law that may cause the laws of another jurisdiction to apply. You agree to the sole and exclusive jurisdiction and venue of Kristiansund, Norway in the event of any dispute of any kind arising from or relating to the Service. However, ON IT has the right to use the laws of another jurisdiction to get injunctive measures against the misuse of the Service.

* * * *

APPENDIX - DATA PROCESSING TERMS

1. BACKGROUND AND PURPOSE OF THE PROCESSING

The Processor shall process the personal data on behalf of the Controller with regard to the above said. The subject matter of the processing is to process personal data as part of providing the Services. The nature and purpose of the processing of personal data, the duration of the processing of personal data, the subject matter of the processing of personal data, the types of personal data to be processed, the categories of data subjects to whom the personal data relates and other obligations and rights of the Controller are dependent on the data the Controller use for the Service. This data processing terms (“Terms”) shall provide for the processing of personal data in accordance with the regulation under the EC Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data implemented into Norwegian legislation in the Personal Data Act of 14 April 2000 no. 31 with regulation, and in accordance with the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and any new Norwegian legislation which replaces the Personal Data Act with regulations which implements the General Data Protection Regulation (jointly called “Personal Data Regulation” in the following). The Processor shall process the personal data only in the way described in the Terms, as agreed in writing with the Controller, or as instructed by the Controller. Terms and definitions used in the Terms shall be construed in the same way as in the Personal Data Regulation.

2. THE CONTROLLER’S RIGHTS AND THE PROCESSORS DUTIES

The Processor confirms that it will implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the Personal Data Regulation and ensure the protection of the rights of the data subject, inclusive comply with the requirements in Article 32 of the General Data Protection Regulation. Other duties are set forth under Section 4. The Controller shall at any time have the legal rights to the personal data. The Processor shall only process the personal data under the instructions given by the Controller. The Processor shall be able to document such instructions if requested. The Processor shall not process the personal data in any other way than instructed or necessary to provide the services or undertake the obligations requested by the Controller. The Processor shall, taking into account the nature of the processing, assists the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the General Data Protection Regulation. In addition, the Processor shall assists the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the General Data Protection Regulation taking into account the nature of processing and the information available to the Processor. If there are approved code of conduct as referred to in Article 40 or an approved certification mechanism as referred to in Article 42, which the Processor has undertaken to comply with, the Processor shall comply with such code of conduct or certification mechanism at any time during the term of these Terms. The Processor shall maintain record of processing activities (log) which the Processor performs for the Controller. The record shall contain at a minimum the information required under Article 30 no. 2 of the General Data Protection Regulation. The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this Section 2 and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. The Processor is however solely responsible for the contact and communication with the supervisory authorities, such as Datatilsynet in Norway. The Processor has a duty of confidentiality with regard to the personal data and other information the Processor receives as part of the Terms and the processing of personal data, and shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The obligation of confidentiality shall survive any termination of the Terms. The Processor shall not transfer or give access to the personal data or information which the Processor processes or handles on behalf of the Controller to a third party without the explicit instruction from the Controller. Any requests with regard to the personal data or the processing from third parties or the data subject shall be forwarded to the Controller without undue delay if not otherwise agreed in these Terms or by instruction by the Controller. If the Processor is in the opinion that an instruction by the Controller infringes the Personal Data Regulation, the Processor shall immediately inform the Controller. The Processor is however obligated to perform its duties under these Terms and any instructions by the Controller regardless its opinion on infringement.

3. USE OF SUBCONTRACTOR/SUB-PROCESSOR

The Processor shall not engage another supplier for the processing of the personal data (sub-processor) without prior specific or general written authorisation of the Controller, and the sub-processor has confirmed that it undertakes to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the Personal Data Regulation and ensure the protection of the rights of the data subject. The Controller has given the Processor a general written authorisation for the use of sub-processor for processing personal data under the Terms. In case of any intended changes concerning the addition or replacement of sub-processors, the Processor shall inform the Controller and thereby giving the Controller the opportunity to object to such changes. Any sub-processor shall be informed of the Processors obligations under these Terms and the obligations under the Personal Data Regulation, and the sub-processor shall be imposed the same obligations as the Processor set forth in the Terms in a written, binding agreement where in particular the sub-processor is providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Personal Data Regulation. Where that sub-processor fails to fulfil its data protection obligations, the Processor shall remain fully liable to the Controller for the performance of the sub-processor's obligations.

4. SECURITY OF PROCESSING AND NOTIFICATION OF BREACH

The Processor shall comply with the requirements to security given in the Personal Data Regulation. The Processor shall provide documentation of technical and organisational measures implemented to ensure the security of the personal data upon the request of the Controller. In case of personal data breach, the Processor shall without undue delay notify the Controller. Such notification shall at least:

  1. describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  2. communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  3. describe the likely consequences of the personal data breach;
  4. describe the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
If not all information above may be given in the first notice, the information shall be provided as soon as possible. The Processor is responsible for notifying the supervisory authorities, such as Datatilsynet in Norway, and the Processor is not to contact or notify the supervisory authorities without the explicit instruction by the Controller.

9. TRANSFER TO THIRD COUNTRIES

Personal data shall only be transferred to third countries, ie. countries outside EU/EEA which ensure an adequate level of protection, upon explicit agreement or instructions by the Controller. The Processor shall not transfer or give access to the personal data to persons in third countries without the explicit approval by the Controller. The consent or instruction given by the Controller must cover the country which the personal data shall be transferred to or accessed from. For transfer to or access from third countries for personal data it is required that the appropriate safeguards including with regard to the rights of data subjects is complied with.

10. TERM. INSTRUCTION TO STOP THE PROCESSING. EFFECT ON TERMINATION

These Terms shall be effective and stay in force as long as the Processor (and its permitted sub-processors) processes personal data on behalf of the Controller in the context of the Terms of Service. The personal data shall be processed as long as the Service is being used by the Controller. Upon breach of these Terms, of instructions given by the Controller or on the Personal Data Regulation, the Controller may instruct the Processor to stop the processing of the personal data with immediate effect. Upon termination of these Terms, regardless reason, the Processor (and its permitted sub-processors) shall delete or return any or all personal data to the Controller, subject to the Controllers instructions, in a standardised format and medium along with necessary instructions to facilitate the Controller’s further use of such data, and delete all copies of those personal data. The Controller shall receive a written confirmation from the Processor that all personal data has been returned or deleted according to the Controller’s instructions and that the Processor has not kept any copy, print out or any other representation of such data on any medium.