Skip to content

Terms of use

Last updated: 6 May 2022

Welcome, and thank you for your interest in Oneflow. These Terms of Use (the Terms) will be a part of the legally binding Agreement (as defined below) entered in between you (below You or Your) and Oneflow AB, reg. no. 556903-2989, Gävlegatan 12A, 113 30 Stockholm, Sweden (below Oneflow) (together Party or the Parties) governing Your use of the Service (as defined below).

  1. STRUCTURE OF THE AGREEMENT

    1.1 This Agreement (the Agreement) consists of (i) the order form and all documents referenced therein; (ii) these Terms; (iii) the Data Processing Agreement; and (iv) applicable Service descriptions (as available on our website https://oneflow.com).

    1.2 In case of any inconsistencies, the documents shall take precedence in the order presented above. However, the Data Processing Agreement will take precedence over any other document related to Personal Data or the processing of Personal Data as defined in the GDPR.

    1.3 The Service governed by this Agreement consists of (a) the online, web-based applications, the application program interface and any documentation, source code, modifications, or fixes thereto, and (b) any computerized system provided by Oneflow in relation to this Agreement.

    1.4 By agreeing to  an order form, registering on our website https://oneflow.com, or by using Oneflow via an Oneflow authorized partner You accept and enter into this legally binding Agreement and agree to subscribe to the Service. 

    1.5 You agree to provide Oneflow with accurate and complete information and to promptly notify Oneflow in the event of any changes to any such information. If You agree to these Terms for use of the Service by an organization, You also agree to the terms on behalf of a organization. By doing so, You guarantee that You have the authority to enter into legally binding Agreements in the name of said organization. 

    1.6 Your purchase, procurement or other terms shall not apply to the Agreement, even if referred in or attached to Your purchase order or other document submitted by You.
  2. YOUR USE OF THE SERVICE

    2.1 You are responsible for maintaining the equipment, software, and communication services required to use the Service and for maintaining the security of Your IT environment. Any violation of these Terms by any of Your users shall be deemed to be a violation thereof by You. You will be liable for any actions or omissions to act via Your user account(s), whether such activities occur with Your permission or not. It is therefore of great importance that You make sure to keep all login details such as usernames and passwords safe and protected. If You become aware of unauthorized use of Your user account(s), make sure You notify Oneflow immediately. 

    2.2 You agree to ensure that the total number of users does not exceed the maximum number of seats purchased from Oneflow. You may assign different individuals to the seats authorized by and purchased from Oneflow, so long as the total number of users at any time does not exceed the maximum number of seats authorized by and purchased from Oneflow. 
  3. USAGE RESTRICTIONS

    3.1 You may not (i) sell, resell, or lease the Service to any third party; (ii) reverse engineer, decompile or create derivative works of the Service, or attempt or assist anyone else to do so, unless this restriction is prohibited by law, (iii) access or attempt to access Service unless lawfully authorized to do so, (iv) use the Service to transmit or store any malicious code, (v) access the Services to create a competitive product, (vi) interfere with the integrity or performance of the Services, (vii) remove or alter any proprietary materials or trademarks from the Services, or (viii) use the Service to transmit any defamatory, unlawful, fraudulent or obscene materials or otherwise use the Service in a way that threatens to harm the Service. 

    3.2 You warrant that You will take action against any illegitimate web harvesting activity if Oneflow deems that such activity is affecting the use, profitability, or effectiveness of the Service.
  4. THIRD-PARTY APPLICATIONS

    4.1 Third-Party Applications means online, web-based applications, and offline software products or services that are (a) provided by third parties, (b) interoperate with Oneflow, and (c) may be either separate or conjoined with Oneflow whether or not such are indicated by Oneflow as being Third-Party Applications. For the avoidance of doubt, available integrations in Oneflow which are managed by You and require a separate agreement between You and the integration provider are not considered Third Party Applications. If a Third-Party Application is a sub-processor, what’s stated in the Data Processing about sub-processors applies.

    4.2 Oneflow may provide tools through the Service that enable You to export information, including User Data, to Third Party Applications, including through features that allow You to link Your account in Oneflow with an account in the Third-Party Applications. By using one of these tools, You agree that Oneflow may transfer that information to the applicable Third-Party Application. Third-Party Applications are not under Oneflow’s control, and, to the fullest extent permitted by law, Oneflow is not responsible for any Third-Party Application’s use of Your exported information. The Service may also contain links to third-party websites. Linked websites are not under Oneflow’s control, and Oneflow is not responsible for their content. 
  5. PRICES AND PAYMENT

    5.1 Oneflow agrees to provide the Service and You agree to pay for the Service as applicable. Your payment obligations will enter into force on the date stated in the order form. You agree to pay by the means of payment offered by Oneflow and in the currency stated on the invoice. Fees are non-refundable and non-cancellable except as required by law. 

    5.2 If You pay by invoice, payment is due thirty (30) days from the invoice date. By paying for the Service by card, You authorize Oneflow to automatically charge the Service fee on the final day of Your current payment cycle, together the Last Day of Payment, unless agreed otherwise. If You do not have sufficient available funds on Your card to cover the transaction on the Last Day of Payment, we will make another attempt to charge the fee on the card a few days later. If You still do not have sufficient funds on Your card Oneflow reserves the right to send You an invoice of the total sum owed to Oneflow.

    5.3 To ensure a balance between the fee and the Service, Oneflow may revise the price annually by up to 5 %.

    5.4 All prices are exclusive of applicable VAT. You are responsible for all VAT and related liability. We will only charge VAT when required to do so. If You are required by law to withhold any taxes, You must provide us with an official tax receipt or any other appropriate documentation to ensure that we can handle the VAT correctly. 

    5.5. If payment is late or incomplete, Oneflow is entitled to charge interest on overdue payment in accordance with the Swedish Interest Act (SFS: 1975:635) or a debt collection fee according to applicable laws. In addition to any other available remedies under the Agreement, if full payment is not received within ten (10) days from the Last Day of Payment, Oneflow may suspend the Service or terminate the Agreement with immediate effect.
  6. USER DATA

    6.1 You hold all rights, including intellectual property rights, to Your Data. Your Data means all content, Personal Data, and other data or information processed and/or submitted directly or indirectly by You or on Your behalf (with or without Your permission) in relation to Your use of the Service. 

    6.2 You grant us a worldwide, transferable, non-exclusive, royalty-free, revocable license to use Your Data (excluding any Personal Data as defined in the Data Processing Agreement) for the limited purposes of operating, protecting, developing, customizing, and improving the Service and creating new services.

    6.3 The license You give us allows us to store, reproduce, use, publish and publicly display to You, modify and create derivative works of and permit our service providers to process Your Data solely to provide our Service, to prevent or address service or technical problems or at Your request in connection with customer support matters.

    6.4. You also grant Oneflow a royalty-free, worldwide, transferable, sub-licensable, irrevocable, and perpetual license to use and/or incorporate into the Service or any other product of Oneflow, any suggestions, enhancement requests, recommendations, or other feedback provided by You relating to the operation of Oneflow. The license includes the right to modify and further develop any of the aforesaid. Any sub-licensee shall have the corresponding rights, as decided by Oneflow.
  7. INTELLECTUAL PROPERTY RIGHTS

    7.1 Subject to Your complete and ongoing compliance with these Terms Oneflow grants You a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service. Oneflow or its third-party licensors hold all rights, including all current and future intellectual property rights, related to the Service and any therein included visual interfaces, graphics, design, compilation, information, data, computer code (including source code or object code), products, software, services, promotional content, patents, copyrights, trade secrets, design rights, moral rights, trademarks and all other elements of the Service provided by Oneflow. Oneflow reserves all rights to the materials not granted expressly in these Terms.

    7.2 Nothing in this Agreement shall be interpreted as a transfer of any Party’s rights, or part thereof, to the other Party unless specifically agreed. Should the Service in any way require Oneflow’s use of intellectual property rights held by You or Your licensor(s), Oneflow is granted a non-exclusive license by You to utilize such intellectual property rights for the said purpose for as long as the Service is provided to You.

    7.3 You are encouraged to publicly state that You use the Service. However, neither of the Parties may remove, change, or in any other way misuse the trademark of the other Party in any way. 

    7.4 We are proud of our customers and by signing this Agreement, You give us the right to use Your name or logo in sales and marketing materials. If You do not want us to use Your name or logo, please send an e-mail to customersuccess@oneflow.com and we will make sure not to use Your name or logo.
  8. CONFIDENTIAL INFORMATION

    8.1 Confidential Information means all confidential and proprietary information of a party, whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including the Terms of this Agreement, the Services, documentation, business and marketing plans, technology and technical information, product designs, and certification and business processes. Confidential Information shall not include any information that is or becomes generally known to the public without breach of any obligation owed to the other Party; (ii) was publicly known prior to its disclosure without breach of any confidential obligation; (iii) was independently developed by the other Party without breach of any confidentiality obligation; or (iv) is received from a third party without breach of any confidentiality obligation. 

    8.2 No Party shall disclose any Confidential Information for any purpose outside the scope of this Agreement, except with the other Party’s prior written consent. Receiving Party shall protect the confidentiality of the Confidential Information in the same manner that it protects the confidentiality of its own confidential information of like kind (but in no event using less than reasonable care). Parties shall promptly notify the other Party if it becomes aware of any actual or reasonably suspected breach of Confidential Information.

    8.3 If a Party is compelled by law or stock market regulations to disclose Confidential Information, it shall provide the other Party with prior notice of such disclosure (to the extent reasonable and legally permitted) and reasonable assistance, at the other Party’s cost, if the other party wishes to contest the disclosure.

    8.4 Upon any termination of this Agreement, the Parties shall continue to maintain the confidentiality of the Confidential Information as long as it remains confidential and, upon request, return to the Disclosing Party or destroy all materials containing such Confidential Information.
  9. CHANGES

    9.1 You may at any time choose to upgrade or downgrade Your subscription plan directly through the Service or by contacting Oneflow. A downgrade will come into effect at the time of the next renewal date of Your subscription plan provided that Your request is made within the notice period stated in the order form. Otherwise, the downgrade will take effect as of the second renewal date from Your request.

    9.2 Oneflow reserves the right to make improvements, additions, and changes, or to remove functions of the Service at Oneflow’s own discretion. Where such modification, although unlikely, removes a material function of the Service, You may terminate the Agreement with immediate effect. Oneflow will post information on relevant changes on its website https://oneflow.com.

    9.3 Oneflow also reserves the right to make changes, amendments, and updates to these Terms. Such changes, updates, or amendments will have effect thirty (30) days after Oneflow’s notification. You are entitled to terminate the Agreement with immediate effect would said change, in Your reasonable opinion, imply a material change to our Agreement. Disputes arising under these Terms will be resolved in accordance with the version of these Terms that was in effect at the time the dispute arose. This clause does not relate to price updates under clause 5.3. 
  10. PERSONAL DATA

    10.1 The Parties have agreed to enter into a Data Processing Agreement included in the Agreement. The Data Processing Agreement shall remain effective independently of the Agreement for as long as Oneflow processes Personal Data on behalf of You. 
  11. INDEMNIFICATION

    11.1 You shall indemnify, release and hold harmless Oneflow and its licensors and suppliers, and each of their respective officers, directors, employees, and agents, from and against any loss, liability (including settlements, judgments, fines, and penalties), and costs (including reasonable attorney fees, court costs, and other litigation expenses) relating to any claim or demand made by any third party due to or arising out of Your wrongful access or misuse of the Services or software, violation of this Agreement, or infringement of any intellectual property or another right of any person or entity. 
  1. LIMITATION OF LIABILITY

    12.1 To the fullest extent permitted by law, in no event will the Oneflow entities be liable to You for any indirect, incidental, special, consequential, or punitive damages (including damages for loss of profits, goodwill, or any other intangible loss) arising out of or relating to Your access to or use of, or Your inability to access or use, the service or any materials or content on or available through the Service, whether based on warranty, contract, tort (including negligence), statute, or any other legal theory, and whether or not any Oneflow entity has been informed of the possibility of damage. 

    12.2 To the fullest extent permitted by law, our aggregated liability under these Terms will not exceed the amount paid by You to us hereunder during the twelve (12) month period immediately preceding the event(s) giving rise to such liability.

    12.3 To the fullest extent permitted by law, in no event will You be liable to Oneflow for any indirect, incidental, special, consequential, or punitive damages (including damages for loss of profits, goodwill, or any other intangible loss) arising out of or relating to Your access to or use of, or Your inability to access or use, the Service or any materials or content on or available through the service, whether based on warranty, contract, tort (including negligence), statute, or any other legal theory, and whether or not You have been informed of the possibility of damage. 

    12.4 To the fullest extent permitted by law, Your aggregated liability under these Terms will not exceed one hundred thousand (100 000) SEK. 

    12.5 You agree that this limitation of liability represents a reasonable allocation of risk and is a fundamental element of the basis of the bargain between Oneflow and You. 

    12.6 Neither Party is liable for damages unless the other Party notifies the liable Party about it in writing no later than 90 days after the actual damage or loss was noticed or should have been noticed, however no later than six (6) months from when the damage occurred.

  2. THIRD-PARTY INFRINGEMENTS

    13.1 Oneflow represents that the Service, to the best of Oneflow’s knowledge, does not infringe any third-Party intellectual property rights or any other rights of a third party. Oneflow shall defend or settle any claim made against You based on Your use of the Service, or part thereof, infringing any such Third Party’s intellectual property rights. Oneflow’s obligations in accordance with this clause are subject to You only having used the Service in accordance with the conditions outlined in the Agreement and shall only apply for such claims by third parties in Your country.

    13.2 Oneflow’s liability under this section only applies provided that You, without undue delay, notifies Oneflow in writing of the claims brought against You, allows Oneflow to control the defense and to solely decide in all related settlement negotiations, and acts in accordance with Oneflow’s instructions and cooperates with and assists Oneflow to the extent reasonably requested by Oneflow.

    13.3 Subject to the conditions under this section, Oneflow shall be liable for such damages, liabilities, costs, or expenses awarded in a final judgment or settlement which has been approved in writing by Oneflow.

    13.4 If it is finally determined that there is an infringement of a Third Party’s intellectual property rights for which Oneflow is liable under these Terms, Oneflow shall at its own discretion procure for You the right to continued use of the Service modify the Service so that it does not infringe replace the Service, or part thereof, with an equivalent Service which does not infringe or cancel the Service and repay the fees that You have paid for the Service without interest and with deduction of any reasonable benefit You might have had from the Service.

    13.5 With respect to Third Party Applications, Oneflow’s liability for errors or intellectual property infringements is restricted to an obligation to report the fault/infringement to the relevant third supplier immediately. Oneflow shall implement any potential solution from the third supplier, provided this can be done without material negative interference with the Service. 

    13.6 This section constitutes the entire obligation of Oneflow towards You with respect to any infringement in a third party’s intellectual property rights.

  3. WARRANTIES

    The Service and all materials and content available through the Service are provided “as is” and on an “as available” basis. Except what has been agreed in the Agreement, Oneflow disclaims all warranties, whether express or implied, relating to the Service and all materials and content available through the Service, including any implied warranty of merchantability and fitness for a particular purpose. This means that Oneflow only warrants that the operation of the site, Service, and software will meet requirements agreed upon between the Parties in this Agreement. Oneflow is only responsible for information, whether oral or written as expressly stated in these Terms. 
  1. FORCE MAJEURE

    Except for payment obligations, the Parties shall be relieved from liability for inadequate performance due to an event caused by a condition that was beyond the Party’s reasonable control. This clause is subject to immediate notification of the other Party. 
  1. TERM AND TERMINATION

    16.1 The Service is provided on a subscription basis by the subscription plan or such other trial period or free subscription period applicable for Your use of the Service as stated in Your order form (where applicable) . Unless otherwise specifically agreed in the order form, Your subscription plan will automatically renew until terminated by one of the Parties by the Terms of this Agreement. 

    16.2 Unless otherwise specifically agreed in the order form, either Party may terminate the subscription plan by sending an email to Oneflow at support@oneflow.com with a notice period of three (3) months for contracts with a duration of a year or longer. The termination will have effect from the date when Your subscription plan would otherwise have been renewed, subject to such termination being made within the notice period applicable for Your subscription plan.

    16.3 You shall not be entitled to recover any excess amount paid in advance unless the Agreement is terminated by Oneflow, and the termination was caused by actions outside of Your control.

    16.4 Either Party is entitled to terminate the Agreement with immediate effect where the other Party has committed a material breach of the Agreement and does not rectify such breach within 15 days of the other Party giving written notice thereof, where the other party is declared insolvent, is subject of an application or order for bankruptcy or company reorganization, suspends payments or otherwise can be presumed to be insolvent. Either Party also has the right to terminate the Agreement or if the other Party has or is affected by financial sanctions or trade embargoes. 

  2. CONSEQUENCES OF TERMINATION

    17.1 Unless otherwise agreed between the Parties, Oneflow may, upon the termination of the subscription plan, automatically move You to a free subscription of the Service. 

    17.2 Oneflow lets You retrieve or delete Your Data currently in Oneflow’s possession through the Service in such generally accepted format as provided by Oneflow from time to time. If this Agreement is terminated or otherwise expires for any reason, You shall promptly return to Oneflow or destroy any Confidential Information, or other materials in Your possession belonging to Oneflow and all rights and licenses granted to You by Oneflow under this Agreement shall terminate, where applicable. 

    17.3 All provisions of this Agreement that by their nature should survive termination shall survive termination, including, without limitation, confidentiality, ownership provisions, warranty disclaimers, indemnity, limitations of liability, and miscellaneous provisions.

  3. MISCELLANEOUS

    18.1 Oneflow is entitled to engage subcontractors for the performance of its obligations under this Agreement. Oneflow is responsible for the subcontractors’ work as for its own work. For the avoidance of doubt, subcontractors acting as sub-processors to Oneflow shall be handled by the Data Processing Agreement.

    18.2 The Agreement forms the parties’ entire understanding of all the questions related to the Service. All written or oral representations or warranties prior to the Agreement are replaced by the Agreement.

    18.3 The Agreement may not be assigned to a third party without the other Party’s prior written approval unless it is to a company within the same group. Oneflow is however entitled to assign the Agreement to a third party in connection with a transfer of Oneflow’s business or a part thereof.

    18.4 Both Parties guarantee that the execution and delivery of, and the performance obligations under this Agreement, will not result in a violation or breach of any applicable law or regulations.

  4. GOVERNING LAW AND DISPUTES

    19.1 This Agreement is governed by Swedish law.

    19.2 Any dispute, controversy, or claim arising out of or in connection with this Agreement, or the breach, termination, or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce.

    19.3 The Rules for Expedited Arbitrations shall apply, unless the Stockholm Chamber of Commerce in its discretion determines, taking into account the complexity of the case, the amount in dispute, and other circumstances, that the Arbitration Rules shall apply. In the latter case, the Stockholm Chamber of Commerce shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators.

    19.4 The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be English.

    19.5 All information about the arbitration proceedings and the award thereof shall be considered confidential information about this Agreement and be kept in strict confidence of the Party for an indefinite time.

PREVIOUS TERMS OF USE

Data processing Agreement

  1. GENERAL

    1.1 This Data Processing Agreement (below DPA) forms part of the Agreement. 

    1.2 The DPA is conducted between You, below the Controller, and Oneflow, below the Processor or Oneflow, together referred to as Party or Parties.  

    1.3 The Parties seek to implement a DPA that complies with the requirements of the current legal framework in relation to data processing and with the GDPR and the UK GDPR.

    1.4 Definitions used in this Agreement not defined herein shall have the meaning set forth in the GDPR, the UK GDPR or the Terms, as applicable. 

  2. SCOPE AND APPLICABILITY OF THIS DPA

    2.1 This DPA applies where and only to the extent that Oneflow processes Personal Data on behalf of the Controller in the course of providing the Service and such Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area, Switzerland, or the United Kingdom. 

    2.2 As between Oneflow and Controller, the customer is the Controller of Personal Data. Nothing in the Agreement or this DPA shall prevent Oneflow from using or sharing any data that Oneflow would otherwise collect and process independently of the Controller’s use of the Services.
  1. CONTROLLER OBLIGATION

    3.1 Controller Obligations. Controller agrees that it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to Oneflow; and that it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for Oneflow to process Personal Data and provide the Services pursuant to the Agreement and this DPA, if applicable.

  2. ONEFLOW PROCESSING OF PERSONAL DATA

    4.1 As a Processor, Oneflow shall process Personal Data only for the following purposes: (i) processing to perform the Services and fulfill the Agreement; (ii) to comply with other reasonable instructions provided by Controller to the extent they are consistent with the terms of this Agreement and only in accordance with Controller’s documented lawful instructions. The Parties agree that this DPA and the Agreement set out the Controller’s complete and final instructions to Oneflow in relation to the processing of Personal Data. Any additional instructions  shall be provided to Oneflow in writing and signed by the Parties. 

    4.2 Nature of the Data. Oneflow handles Personal Data as provided by the Controller. Such data may contain special categories of data depending on how the Services are used by Controller and as agreed in Sub-Appendix 1. The Controller Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to Controller; (ii) to provide Controller and technical support to Controller; and (iii) disclosures as required by law or otherwise set forth in the Agreement.

    4.3 Oneflow Data. Notwithstanding anything to the contrary in the Agreement (including this DPA), Controller acknowledges that Oneflow shall have a right to anonymize Personal Data and to use such anonymized data to improve and develop the Service. 

  3. SUB-PROCESSING

    5.1 Authorized Sub-processors. Controller agrees that Oneflow may engage Sub- processors to process Personal Data on Controller’s behalf. The Sub-processors currently engaged by Oneflow and authorized by Controller are listed here. By signing this Agreement the Controller accepts the current sub-processors. 

    5.2 Sub-processor Obligations. Oneflow shall: (i) enter into a written agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws to at least similar level to this DPA; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause Oneflow to breach any of its obligations under this DPA.

    5.3 Changes to Sub-processors. Oneflow shall provide Controller reasonable advance notice if it adds or removes Sub-processors. Oneflow will send an e-mail to the Controller from support@oneflow.com. Oneflow will also post the information on its webpage https://oneflow.com

    5.4 Objection to Sub-processors. Controller may object in writing to Oneflow’s appointment of a new Sub-processor on reasonable grounds relating to data protection by notifying Oneflow promptly in writing within fourteen (14) calendar days of posting.

    5.5 Controller’s notice in accordance with Section 5.4. Such notice shall explain the reasonable grounds for the objection. In such event, the Parties shall discuss such concerns in good faith with a view to achieving a commercially reasonable resolution. If this is not possible, either Party may terminate the applicable Services that cannot be provided by Oneflow without the use of the objected-to-new Sub-processor.

  4. SECURITY

    6.1 Security Measures. Oneflow shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Data Breach and to preserve the security and confidentiality of the Personal Data, in accordance with Oneflow’s security standards described in Sub-Appendix 2  (“Security Measures”).

    6.2 Confidentiality of Processing. Oneflow shall ensure that any person who is authorized by Oneflow to process Personal Data (including its staff, agents and subcontractors) shall be under an appropriate obligation of confidentiality (whether a contractual or statutory duty).

    6.3 Data Breach Response. Upon becoming aware of a Data Breach Oneflow shall notify the Controller within 48 hours.

    6.4 Updates to Security Measures. Controller acknowledges that the Security Measures are subject to technical progress and development and that Oneflow may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Controller.
  1. SECURITY REPORTS AND AUDITS

    7.1 Oneflow shall maintain records of its security standards. Oneflow shall provide written responses (on a confidential basis) to all reasonable requests for information made by Controller, including responses to information security and audit questionnaires, that Controller (acting reasonably) considers necessary to confirm Oneflow’s compliance with this DPA, provided that Controller shall not exercise this right more than once per year.

    7.2 Oneflow will also allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller.

    7.3 The Controller will reimburse Oneflow for its reasonable costs in relation to this clause. 

  2. INTERNATIONAL TRANSFER

    8.1 Oneflow may not transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without the prior written consent of the Controller. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To achieve this, the Parties shall, unless agreed otherwise, rely on the relevant standard contractual clauses for the transfer of personal data. This means that Oneflow uses the “new” SCC:s from 2021 for transfers from the EU and the “old” SCC:s for transfers from the UK.

  3. RETURN OR DELETION OF DATA

    9.1 Upon deactivation of the Services, all Personal Data shall be  handled in accordance with the clause on termination in Agreement or as otherwise agreed between the Parties. 

  4. COOPERATION

    10.1 Oneflow shall, taking into account the nature of the processing, provide reasonable cooperation to assist Controller by appropriate technical and organizational measures, in so far as is possible, to respond to any requests from individuals or applicable data protection authorities relating to the processing of Personal Data under the Agreement. Controller will reimburse Oneflow for any reasonable and proven costs related to this clause. 

    10.2 If any such request is made directly to Oneflow, Oneflow will re-direct such communication  to the Controller. If Oneflow is required to respond to such a request, Oneflow shall promptly notify Controller and provide it with a copy of the request unless legally prohibited from doing so.

    10.3 To the extent Oneflow is required under Data Protection Law, Oneflow shall (at Controller’s expense) provide reasonably requested information regarding Oneflow’s processing of Personal Data under the Agreement to enable the Controller to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.

  5. LIABILITY

    11.1 Controller shall indemnify and hold Oneflow harmless of any and all direct damages, including as a result of claims by data subjects or administrative fines, incurred by Oneflow as a result of your breach of this data processing agreement, your act or omission to act in accordance with applicable data protection, any other circumstance attributable to your side or Oneflow’s violations of applicable laws and regulations, including data protection law, due to vague, unlawful or absence of instructions or information from you.

  6. GOVERNING LAW

    12.1 This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the Agreement unless required otherwise by Data Protection Laws.

Sub-Appendix 1 – Instructions on processing of personal data

In addition to what is set forth in the Agreement, you instruct Oneflow to process personal data for which you are the data controller in accordance with the below instructions:

Purposes of the processing: Specify all purposes for which personal data will be processed by OneflowOneflow is an end-to-end solution for contract handling. Users will build contract templates in Oneflow (either web based or upload documents), invite participants to contracts, edit and comment in contracts, electronically sign, archive, analyse and manage the lifecycle of contracts.Personal data relating to both users as well as counterparties to the contracts is processed to facilitate the contract process for the users, to manage your subscription to the Service and to maintain your relationship with Oneflow.
Types of personal data: Specify the types of personal data that will be processed by OneflowName, email address, phone number, title, work place and personal identity number relating to users and counterparties to contracts.As to contracts stored in the Service, personal data included therein (and thereby processed by Oneflow) may vary depending on which type of document you upload.
Categories of data subjects: Specify the categories of data subjects whose personal data will be processed by OneflowEmployees and consultants of you, persons mentioned in contracts as well as the counterparties or representatives of counterparties to the contracts that the Service is used to process.
Duration of the processing: Specify the duration of the processing of personal data performed by Oneflow before data will be deleted.Personal data processed by Oneflow will be processed until deleted as per your instructions directly through the Service.

Sub-appendix 2

Oneflow Security StandardsOneflow is committed to maintaining the confidentiality, integrity, and availability of the data it processes. We do this with the use of both technical, i.e access control, encryption, redundancy, and non-technical means i.e, policies, procedures, and guidelines.