1. General
These terms and conditions relate to services provided by MultiNet Interactive AB (556272-2594), hereinafter referred to as MN, to a legal entity referred to as the Client.
The contract and payment periods are specified in the Client's main agreement, often on page 1 or 2 of the main agreement document.
The Agreement is automatically renewed, with a period of the same length as initially agreed, in case the Agreement is not terminated in writing, by e-mail, no later than three months before the period expires.
1.1 Service Description
The service is a so-called online subscription. The subscription fee includes server operation, maintenance of servers (hardware, software, and licenses), updates with product improvements, and automated backup.
A computer with an internet connection and a modern browser is required to access the service.
The Service includes access for the Client's Users to the web-based service, its functionality, and the options specified in the main Service Agreement.
1.2 Prices and fees
Fees will be invoiced according to the current price list for each extension. All prices are exclusive of VAT.
Any discounts received when signing an agreement will apply to the first contract period of the Agreement unless otherwise agreed in writing.
2. Proprietary rights
MN offers the Client temporary right to use its services via the Internet, per the Client's Service Agreement. All intellectual property related to the Service belongs exclusively to MN. The Service may only be used by the legal entity referred to by the Client, as well as by the Client's users, unless otherwise agreed in writing.
For any adaptations made to MN's services at the request of the Client, MN charges a consultancy fee to prioritize development. These adaptations belong to MN and will be included in the service. In addition to such adaptations, the system is delivered as is, including planned updates.
3. The Client's liability
The Client is responsible for the hardware and software required to connect to the Service, i.e., a computer with an Internet connection. Each party is responsible for compliance with copyright, applicable personal data legislation, and other laws and regulations. The Client is responsible for ensuring that third-party copyright or intellectual property rights are not infringed upon when uploading the Client's data to the web service.
3.1 Safe usage
The Client is responsible for,
- using only personal user accounts when accessing the service;
- that strong passwords are used and are stored securely;
- unauthorized use of the service due to the Client's negligence, i.e., sharing login credentials or using weak passwords.
The Client can request that MN temporarily block the service if there is suspicion of unauthorized use.
3.2 Correct configuration
The Client is responsible for ensuring that third-party programs such as web browsers, PDF readers, antivirus programs, and firewalls are correctly installed and allow outgoing traffic from the Client to MN's Services.
3.3 Integration with third-party applications
When the Client has subscribed for integration to a third-party service, such as an ERP or CRM, the Client is responsible for maintaining these third-party services, and upgrades or changes to these are made only after consultation with MN to avoid loss of the integration's functions.
3.4 Payment
The Client will pay the license fees in advance. Payment must be made no later than 30 days after the invoice date. In case of overdue payment, overdue interest of 8% will be charged. MN has the right, no earlier than 14 days after the invoice is due and after two written reminders have been sent to the Client, to temporarily suspend the Client's access to the service until full payment has been received.
4. Service availability (SLA)
MN is responsible for providing the Service to the Client 24 hours a day, except for planned downtime during maintenance, subject to the limitations imposed by the following service levels.
| Service hours | Resolution time | Availability | Error report | User support |
|---|---|---|---|---|
| Non-holiday Mon-Fri 08:00 - 17:00 CET | See Section 4.2 | 99.8% | Every day 00:00 - 24:00 CET |
Opening hours are posted on MN's website. |
MN shall maintain the availability of the Service at 99.8% or higher during Service hours. In the case of the Availability Rate during the contract period being below 99.8% during Service hours, the Client may request a reduction of the current contract period's running fee according to the penalty levels below. The Client must report any perceived downtime per Section 4.4.
| Reduction Level | Availability (%) | Penalty |
|---|---|---|
| 1 | Below 99.8% but over 99.0% | 10% of the fee |
| 2 | Below 99.0 % but over 98.5 % | 20 % of the fee |
| 3 | Below 98.5 % but over 98.0 % | 30 % of the fee |
| 4 | Below 98.0 % but over 97.5 % | 40 % of the fee |
| 5 | Below 97.5 % but over 96.0 % | 50 % of the fee |
| 6 | Below 96.0 % but over 95.0 % | 75 % of the fee |
| 7 | Below 95.0 % | 100 % of the fee |
Downtime exceeding five (5) working days during a quarter (corresponding to an Availability Rate below 92%) is regarded as a material breach of the Agreement. It entitles the Client to terminate the Agreement immediately and receive damages per Section 14.
4.1 Service hours
Service hours refer to when MN guarantees initiating and remedying service interruptions. Received error reports are categorized into Critical, High, Medium, and Low.
- Critical: Very serious impact on Client's business. Total outage of The Service.
- High: Serious impact on Client's business. Reduced functionality in the Service. Serious error that has a high impact on the Customer.
- Medium: Impact on Client's business. The customer can use The Service but with reduced efficiency/functionality.
- Low: Small impact on the Client. The customer can use The Service unimpeded.
4.2 Resolution time
Resolution time refers to the maximum time a reported error must have been rectified. The start time occurs when the Client's error report is confirmed in MN's helpdesk system during Service Hours. MN then opens a so-called error ticket. The end time occurs when MN has rectified the error, and the Client can work in the service as usual.
| Priority | Start of problem analysis | Resolution goal | Resolution time |
|---|---|---|---|
| Critical | Immediately | Within 4 hours | Solved within 3 days |
| High | Immediately | Within 8 hours | Solved within 3 days |
| Medium | Within 8 hours | Within 4 days | Solved within 7 days |
| Low | No guarantee | Within 12 days | Solved within 30 days |
If the Resolution Time is exceeded on more than four (4) occasions during a quarter, it will be regarded as a material breach of the Agreement. It entitles the Client to terminate the Agreement immediately and receive damages per Section 10.
4.3 Availability rate calculation
Service availability is measured according to the following formula:
T= (P-F) * 100/P
T= Availability in percentage
P= Contract period measured in minutes
F= Time lost within period P measured in minutes defined as downtime.
Downtime refers to errors resulting in the Service being unavailable to the Client.
4.4 Error reporting
The Client must report all perceived errors and downtime in the service. Error reporting can be done around the clock, every day of the year, via https://support.multinet.com/ or the support button in the service.
4.5 User support
User support is only provided for questions about how to use the service. Questions regarding the application of regulations regarding the use of the services and questions about third-party integrations and corrections due to incorrect use of the service are not included in the support agreement. MN can help with questions of the type above if time is available and for an extra charge, e.g., meeting time. User support is provided via MN's helpdesk https://support.multinet.com or e-mail, phone, and chat, according to the times posted on MN's website.
4.6 Measurement of general uptime and information about ongoing operational disturbances
MN has implemented systems that can measure MN's operating environment's overall uptime and response time. Via this page, the Client can get a summary of the measurements for the last 90 days and the status of any ongoing operational disruptions: https://status.multinet.com/. As the service depends on the Internet's normal functioning, the Client understands that interruptions, delays, bugs, and similar obstacles on the Internet do not constitute errors in the service or delivery.
4.7 Non-compliance
MN is responsible for non-compliance with agreed service levels only according to the terms of Sections 4, 4.1, and 4.2. In addition, the Client is not entitled to damages or other compensation due to deviation from the service level unless there is intent or gross negligence.
4.8 Discharge from liability for MN even if the agreed service level is not reached
MN is not liable for non-compliance with the agreed service levels if MN can provide evidence that this has been caused by any of the following circumstances and provided that such circumstance is not directly attributable to MN,
- Errors in the Client's equipment or software.
- Viruses or other attacks on the security of the Client.
- Circumstances outside MN's area of responsibility for the Service, including errors in integrations with other third-party products or services for which MN has not expressly taken responsibility for.
- DDoS attacks, which MN has taken steps to protect against.
- Force majeure, which means that MN is not obliged to pay compensation for loss or damage that the Client may suffer as a result of the performance of MN's obligations being prevented or significantly impeded by circumstances beyond MN's reasonable control or foreseeing, including but not limited to industrial disputes, war, rebellion or riots, mobilization or unforeseen military call-ups, requisition, seizure, currency restrictions, export or import restrictions, earthquake, lightning, fire, flood or water damage, general scarcity of goods or scarcity of means of transport, legislation, or other restrictions set by the authorities.
4.9 MN's maintenance work
MN is entitled to perform actions for technical, maintenance, or operational reasons that affect the use of the service. MN shall ensure that operational disturbances are limited by carrying out measures promptly and outside Service hours if possible. Planned downtime must be communicated to the Client. Occasional short-term (a few seconds) interruptions in the service provision during Service hours do not entitle the Client to a fee reduction.
5. Data Security and Confidentiality
The parties undertake not to disclose to others any information relating to this Agreement or received by the party from the other party within the framework of the Agreement, regardless of whether the information is disclosed in writing, orally, in the form of samples, models or computer programs, by demonstration of products or parts thereof, or by other means.
Data and material that the Client registers or provides to MN will be treated as strictly confidential by MN and its suppliers and shall not be disclosed to anyone.
MN is responsible for regulating, controlling, and authorizing all MN users with accounts in servers, systems, or applications to participate in the service delivery.
All MN employees, consultants, and suppliers are bound by the same confidentiality provisions as those between MN and the Client.
6. Technical security measures
6.1 Authentication and Encryption
All data communication and storage of data is encrypted. To access the Service, log in with a username and password is required. SAML-based Single Sign-On and 2FA are available.
- Encrypted communication: MN uses 256-bit TLS encryption (TLS1.2+) and 2048-bit RSA keys.
- Password Protection: The login procedure is fully encrypted, meaning no information is sent as unencrypted text. The user's password is stored in a one-way encrypted format (with a standardized one-way cipher).
- Automatic logout: To avoid unauthorized access to information if a computer is left unattended, the system automatically logs out the user after a certain period of inactivity, by default, 30 minutes.
- The user always bears the risk of unauthorized use of the Service due to leaving a logged-in computer unattended.
- Continuous verification of the user: Each request to MN's servers involves checking the logged-in user's permissions.
6.2 Operating environment and data centers
MN's web services are run on MN-owned servers in two Swedish data centers and are intensively monitored at all hours of the day. Some of the monitoring systems include,
- Fire protection and climate systems: The data centers have automatic smoke detection systems, and the halls are divided into separate fire zones.
- Climate control systems ensure the temperature is always low and the humidity is optimal.
- Secondary Power Supply: The data centers are equipped with secondary power supply systems and diesel generators that ensure the power supply to the servers.
- Internet Connection: Redundant high-capacity connections ensure Clients' access to the Service.
- Entrance to the data center is only granted to pre-registered and approved staff, and entry takes place after verification with a personal access card and code.
- Data centers are equipped with alarms and video surveillance.
6.3 Physical security in MN's offices
MN's offices are locked, and access requires a personal key tag. Every access attempt is logged. The offices have an active alarm system with video and motion detection outside office hours.
MN shall report any incidents, such as attempted burglary and fire, that may be important to the Client.
6.4 System architecture and backups
- MN's web services are based on a modern server platform with redundant network equipment, load balancers, web clusters, and database clusters.
- Firewalls: MN's server environment and networks are protected by redundant firewalls with DDoS and WAF protection.
- MN is proactive by monitoring and analyzing firewalls and system logs stored read-only on a central log server.
- Database security, document storage, and backups: MN has comprehensive backup routines that ensure continuity in the Service.
- Databases are encrypted with TDE (Transparent Data Encryption).
- Complete database backups are performed daily and incrementally every hour.
- Database backups are transferred to at least two physically separate locations.
- File and document storage is redundant, with regular backups to at least two physically separate locations.
- Restore tests are done regularly.
7. Organizational security measures
- MN works according to a documented management system for information security, ISMS, based on ISO27001.
- MN's documented procedures are regularly reviewed, tested, and evaluated.
- MN's employees are regularly trained in information security, privacy, data protection, and topics specific to the employees' roles and duties.
- All MN employees are bound by confidentiality and non-disclosure agreements that prevent disseminating the Client's information.
- MN's employees can access the Client's data to provide user and troubleshooting support and assist in delivering the Service. According to internal procedures, MN's employees' access to the Client's data is only granted when necessary and temporarily. All Client data access by MN's employees is personal and logged extensively.
8. The Client's right to audits and reviews
MN shall, upon request, provide the Client with the opportunity to conduct an audit. In cases where the Client is under the supervision of authorities such as the Financial Supervisory Authority and the Swedish Authority for Privacy Protection, the authorities shall have the same rights as the Client. MN shall also share its internal security regulations with the Client and provide the Client with external versions of MN's audit reports concerning security.
9. Security Incidents
The parties undertake to immediately inform their respective counterparties of security incidents or other events that have affected or could affect the parties' respective operations.
10. The Client's data
The Client holds all rights to the Client's data and materials, and MN and its suppliers do not obtain any rights to the Client's data, or any part thereof, under the Agreement. No later than six months after the termination of the Agreement, MN deletes the Client's data from the service, including its backups. The Client is responsible for exporting all data that the Client may need for future use in connection with the termination of the Agreement. Suppose the Client is unable to export its data on its own. In that case, MN shall, at the Client's request against ongoing time billing, make the Client's data available by exporting to a file in a standard format, such as Excel, within a reasonable time.
All data (including Personal Data) that MN processes on behalf of the Client is processed in Sweden unless otherwise agreed to in writing.
11. Liability for Intellectual Property Rights
MN warrants and is responsible for ensuring that the intellectual property rights and/or other materials/software provided do not infringe the rights of others.
Notwithstanding anything to the contrary to this Agreement, MN shall indemnify the Client from any and all damages, losses, costs, claims, and expenses (including costs of legal and other advice) incurred by the Client as a result of MN's infringement/infringement of or alleged infringement/infringement of any intellectual property right held by a third party arising from the use; possession, provision, copying, sublicensing, selling, etc., of the services in question.
The Client undertakes in this regard to:
- notify MN in writing without undue delay of any infringement/infringement or alleged infringement /of intellectual property rights and
- not without MN's approval, which approval may not unreasonably be refused, admit liability in such regard.
In the event that a court or arbitration tribunal finds that an infringement has occurred, or in the event that the Client assesses that there is an obvious risk of such an infringement, MN shall, at its own expense, immediately:
- ensure that the Client continues to have the right to use the relevant intellectual property right or
- replace or adjust the infringing part so that the service in question no longer infringes on another's right.
Suppose MN does not fulfill its obligation under the above provisions within a reasonable time. In that case, the Client is, in addition to other sanctions that may have arisen, entitled to compensation from MN for its damage and the right to terminate the Agreement.
12. Marketing, logos
A party is not entitled to use the other party's trademarks or logos without the other party's written consent.
13. Processing of personal data
MN stores and processes specific personal data about the Client to deliver the service, offer support, carry out updates, send offers to the Client, and best fulfill its obligations to the Client per the Agreement. For this personal data, MN is the Data Controller.
MN stores the data for the duration of the Client's Agreement, after which it is deleted, provided that more extended storage is not required by law or if MN has another legal right to save the data.
The processing of personal data for MN to fulfill its obligations under the Agreement with the Client takes place according to the legal basis, "Agreement." Furthermore, marketing and other processing occur based on "Legitimate interests" and "Consent."
The personal data that MN processes on behalf of the Client in its role as a Data Processor is regulated separately in the Data Processing Agreement.
14. Compensation for data security errors or material deviations
If the Client suffers damage as a result of data security errors, negligence, or material deviations from agreed commitments or due to the negligence of any of MN's suppliers, MN will compensate the Client subject to the limitations set out in Section 15 Limitation of Liability. Only direct damage is compensated, thus not, for example, loss of profit or expected savings.
15. Limitation of Liability
Compensation to the Client is not paid in any other cases than those regulated in the Agreement. MN's liability is, in any event, limited to a maximum of one price base amount according to the Social Insurance Code (2010:110) apart from Section 5 (Data security and confidentiality) when compensation is limited to a maximum of ten price base amounts. For compensation to be paid, claims must be made promptly from the time the Client has been informed of damages.
16. Transfer of contract
MN can transfer this Agreement to another Party within the same company group, provided it does not impair the Client. Such transfer only needs to be notified to the Client in writing. The Client has the right to transfer this Agreement to another Party after written approval on a completed transfer form given by MN.
17. Amendments and changes to the general terms and conditions
MN reserves the right to change the general terms and conditions. Such changes will take effect upon the next agreement extension or no earlier than 90 days after the Client has received written notice. If the Client does not accept the changes to the Agreement, the Client has the right to terminate the Agreement from the date the change takes effect. If the Client uses the service after the change has come into effect without contesting it in writing, this will be considered as acceptance of the change.
18. Termination of the Agreement
Either party has the right to terminate the Agreement with immediate effect if the other party,
- is guilty of a material breach of the Agreement and does not rectify the breach within a reasonable time specified in the written notice of the violation of the Agreement.
- is declared bankrupt, initiates composition negotiations, is subject to company reorganization, or is otherwise insolvent.
Each party has the right to terminate the Agreement if it is done in writing, by e-mail, no later than three months before the current period expires.
19. Governing Law and Dispute Resolution
The rights and obligations of the parties in interpreting and applying the Agreement shall be determined per Swedish law.
Disputes arising from the Agreement shall be finally settled in the general courts in Stockholm, Sweden, and in the Swedish language.