General Terms and Conditions, Data Processing Agreement, Privacy Policy and Sub Data Processors

These documents are valid from 1. September 2021. ABAX customers who accepted the contract before 1. September 2021 can find the relevant legal documents here

print to PDF

General Terms and Conditions

Data Processing Agreement

Privacy policy

Sub Data Processors

General Terms and Conditions

1. Contracting parties and scope

1.1. The contracting parties are:

- The Supplier, by the legal entity as specified in order confirmation or the signed customer contract (the “Customer Contract”)

- The Customer, by the person or legal entity as specified in the Customer Contract.

1.2. The Supplier and the Customer are collectively referred to as the “Parties” and separately as a “Party”.

1.3. These general terms and conditions (“General Terms”) apply to any purchase of services from the Supplier.

1.4. The Contractual Relationship between the Parties is governed by the following documents, and in the following order in case of conflict between the documents (the “Contract Documents”) which collectively constitutes the “Agreement”:

- the Customer Contract

- the Data Processor Agreement

- this General Terms

- the Service Level Agreement (if concluded)

- the description of the Supplier’s services, as updated from time to time, available at https://www.abax.com/servicedescription, (the “Service Description”)

- the Customer’s terms and conditions (if made part of the Agreement by the Supplier’s acceptance)

1.5. Modifications or amendments to the Contract Documents are only binding if the Supplier has confirmed them in writing (also electronically).

1.6. By its signature on the Contract Documents, the individual entering into the Agreement on behalf of the Customer thereby confirms having the legal authority to bind the Customer.

 

2. Contact information

2.1. The Parties’ contact information is stated in the Customer Contract. All inquiries and notices in accordance with this General Terms shall be made in writing to the given e-mail address to be considered submitted.

2.2. The Parties are responsible to inform each other of any changes in contact information. Inquiries and notices sent to the Party's original or most recently provided contact information shall be considered submitted.

 

3. The Service

3.1. Each subscription, as specified in the Customer Contract, creates a Service (the “Service”).

3.2. The Service shall be deemed as activated when the hardware included in the Service has been shipped (the “Activation Date”). If the Supplier shall not provide hardware, the Activation Date is when the Customer is provided with log-in details that enable access to use the Service and data from a connected device is made available.

3.3. The Customer is granted a non-exclusive and non-sublicensable right to use the Service and the data generated or created through the Service within the purpose of the Service. The right of use is time-limited to the duration of the Agreement.

3.4. The right granted in section 3.3 does not include the right to access the source code or object code, or otherwise access parts of the Service or the Supplier’s systems that are not intentionally made available. The right to use does not include the right to modify, reproduce, reverse-engineer, decompile, disassemble, copy or imitate the Service.

 

4. Hardware provided by the Supplier

4.1. Unless otherwise is stated in the Customer Contract, the physical equipment/hardware (the "Hardware") provided by the Supplier is placed at the Customer's disposal and is the property of the Supplier. Hardware that is contracted before 1st February 2020 is however the Customer’s property regardless of the wording of the Customer Contract.

4.2. Hardware is delivered DAP (Incoterms 2020) unless otherwise is stated or agreed.

4.3. Unless otherwise agreed, the Customer is obliged to install the Hardware himself and is solely responsible for ensuring that the Hardware is properly positioned and assembled as described in the user manual and additional instructions from the Supplier.

4.4. The Customer is obliged to test the Hardware after installation and notify the Supplier immediately if the Hardware is not working. The test is done by checking registrations in the interface.

4.5. The Customer may request guidance on installation and testing by e-mail to the Supplier. The Supplier is not liable for the consequences of technical failure or inadequate registration due to incorrect installation or misplacement of the Hardware.

4.6. Any service, maintenance or repair of the Hardware may only be carried out by the Supplier or its authorised partners, as instructed by the Supplier. If the Customer detects that the Hardware is defective or damaged, the Supplier shall be notified by e-mail immediately for guidance in troubleshooting and/or the procedure for Hardware return and re-delivery.

4.7. The Supplier reserves the right to replace all or part of the Hardware at any time. In such a case, the Customer is obliged, at its own cost, to receive and install the new Hardware, as well as to return the old Hardware (if the Hardware is the Supplier’s property, cf. section 4.1), no later than 7 days after receipt of new Hardware.

4.8. The Supplier reserves the right to make use of the Hardware to collect data for other customers, provided the latter ensures that any personal data is processed in accordance with applicable data protection legislation.

4.9. Hardware sold for use within the EU/EEA/UK cannot be used outside this area unless agreed in writing. In case of use outside the approved area, the Customer shall reimburse the Supplier of all and any additional expenses caused by out of area usage, e.g. roaming, within 14 days after the date of invoice provided by the Supplier.

4.10. The Hardware may only be used in connection with the Supplier’s services. The Customer is obliged to process the Hardware with due care and in accordance with the user manual. The Customer is not entitled to make changes and/or modifications to the Hardware beyond as set out in the user manual.

4.11. In case of suspected misuse of the Hardware, the Supplier has the right to demand the return of Hardware that is the Supplier’s property, cf. section 4.1, within a given timeframe.

4.12. Upon termination, the Customer is responsible at its own expense, immediately and at the latest within one month after the expiry of the Contract Period (as defined in 8.2), to return Hardware that is the Supplier’s property, cf. section 4.1, according to the instructions given by the Supplier.

4.13. In all cases of non-return of the Hardware as provided herein, the Customer will be liable to reimburse the Supplier per Hardware according to the current lost device fee, within 14 days after the date of reimbursement invoice provided by the Supplier.

 

5. Third-party Hardware and Software

5.1. If the Supplier shall receive and process data from hardware provided by or to others (“Third-party Hardware”) or software provided by others (“Third-party Software”), the Customer acknowledges that the Supplier shall not be liable for (i) not being able to provide the Service due to errors or defects in the Third-party Hardware or Third-party Software, or (ii) errors or failures in the Services due to the Third-party Hardware or the Third-party Software.

5.2. Any use of Hardware which is provided by the Supplier to others than the Customer shall be deemed as Third-party Hardware. The Supplier shall not be liable for defects on such Third-party Hardware for which the Supplier is not responsible or in control of, including but not limited to situations where the other customer removes or damages the Third-party Hardware or otherwise restricts or prevents the collection of data.

5.3. The Supplier shall have no responsibility or liability regarding the Customer’s use of Third-party Hardware or Third-party Software. The Customer shall assume all the risks and costs of using such Hardware and/or Software, including, but not limited to, any inconvenience, damage, cost etc. inflicted on the third-party supplier or others.

5.4. The Customer is solely responsible to solve any issues or defects with such Third-party Hardware and/or Third-party Software, and the Customer shall comply with its obligations under the Agreement, including, but not limited to, payment obligation regardless of the issues or defects.

5.5. The Customer shall notify the Supplier with undue delay if issues or defects with Third-party Hardware or Third-party Software is detected, whereupon the Supplier may provide assistance or support to the Customer.

 

6. Customer’s Obligations

6.1. The Customer is responsible for ensuring that both the Service and the Hardware are used in accordance with any instructions, user manuals or similar information provided by the Supplier and any provider of Third-party Hardware or Third-party Software.

6.2. The Customer shall not use the Service or its possibilities in violation of applicable law or in a manner contrary to the rights of others, including but not limited to the Supplier’s or third-party’s intellectual property rights and privacy rights, or contrary to any other agreements entered into with the Supplier or the Supplier’s group companies.

6.3. The Customer is responsible for the use of the Service and compliance with the Agreement by its officers, directors, employees, contractors, and any other person to which Customer gives access to the Service.

 

7. Payment

7.1. The price for the Service is set out in the Customer Contract.

7.2. The Customer will be invoiced annually and in advance with due per 14 days unless otherwise agreed in writing. The invoice is subject to an invoice fee. The first invoice will be issued at Activation Date and following invoices every anniversary of the Activation Date.

7.3. In case of delayed payment, the Supplier shall be entitled to interest from the day on which payment was due and continue until the date payment is fully received. The interest rate shall be in accordance with the applicable national law on interest on overdue payments in the country where the Supplier has its registered business address. Claims for interest do not reduce other claims the Supplier may have against the Customer under other rules, including compensation claims.

7.4. The Supplier is entitled to charge the Customer for any additional costs incurred as a result of the Customer not picking up Hardware that has been sent to the address provided by the Customer.

7.5. The Customer has no right to make deductions in the invoice or to exercise any right of retention, counterclaims or set-offs against the invoice unless the claim has been acknowledged in writing or legally settled.

7.6. Upon the expiry date of any financed agreement, invoicing will be continued directly from the Supplier to the Customer if the Agreement is not terminated in accordance with section 8.4. It is the Customer’s sole responsibility to terminate a financed agreement within the notice period.

7.7. If the Customer believes the invoice is incorrect, the Customer shall notify the Supplier as soon as possible by e-mail, and no later than one day before the invoice due date in order for the Supplier to correct the invoice, if the Supplier at its sole discretion agrees with such adjustment.

7.8. In the event of a material breach, the Supplier has the right to claim payment for all outstanding and remaining benefits during the Contract Period (as defined in section 8.2).

7.9. The Supplier reserves the right to sell the invoice to another company, which thereby will collect the invoice.

 

8. Term and Termination

8.1. The Customer Contract is entered into by the Customer’s electronic signature (the “Effective date”).

8.2. Unless otherwise agreed in the Customer Contract, the initial term of the Agreement shall be 36 months calculated from the Activation Date (the “Initial Term”). The Agreement shall thereafter be automatically renewed for 12 months at a time (the “Renewal Term”), unless terminated in accordance with section 8.4. The Initial Term and any Renewal Term are hereinafter collectively referred to as the “Contract Period”.

8.3. If the Customer purchases additional services (add-ons) to a Service, the Contract Period of the Service applies.

8.4. The Agreement in its entirety or specific Services only may be terminated by either Party in writing (e-mail) at least 3 months before the expiry of the Contract Period.

8.5. Upon termination, the Supplier shall stop providing the Service at the end of the Contract Period. The Supplier is entitled to payment throughout the Contract Period regardless of whether the Customer uses the Service or not.

8.6. Customer who has received a discounted price on the Service due to membership or agreement with a third party, loses the right to the discount upon expiry of the membership or agreement with the third party.

 

9. Lifetime Warranty

9.1. The Supplier warrants that the Hardware is free from defects in workmanship and materials at the time of the shipment and undertakes to provide functional Hardware throughout the Contract Period (the “Lifetime Warranty”).

9.2. The Lifetime Warranty covers Hardware failures and is solely and exclusively limited to replacement or repair, at the Supplier’s sole option.

9.3. The Lifetime Warranty is provided on the following conditions:

9.3.1. The Customer notifies the Supplier of the defect by e-mail.

9.3.2. The Customer disconnects and returns the defective Hardware to the Supplier, at its own cost.

9.3.3. The Supplier’s examination of the returned Hardware disclose that defects have not been caused by improper handling, storage, testing, installation, misuse, neglect, repair, alteration or accident.

9.3.4. The Customer receives and install the new Hardware, at its own cost.

9.4. The Lifetime Warranty does not:

9.4.1. Cover defects or damage caused by circumstances for which the Customer is responsible, including negligent use or use in violation of this General Terms, the user manual, the Service Description or other instructions from the Supplier.

9.4.2. Apply if the battery runs out on battery-powered Hardware. The Customer must either replace the battery or the Hardware, depending on what the Hardware allows.

9.4.3. Apply for any Third-party Hardware.

 

10. Transfer of the Agreement or Services

10.1. The Customer may by e-mail to the Supplier request for the Agreement in its entirety or specific Services to be transferred to another customer. The Supplier may reject the request if the credit check of the new customer is not approved. Upon transfer, the Supplier will charge the Customer a transfer fee according to the current price list.

10.2. The Supplier has the right to transfer the Agreement to any other company within the group or to third parties.

 

11. Limitations of Liability

11.1. The Supplier shall in no event be liable for any indirect loss or consequential damages, including but not limited to, loss of time or profit, revenue, goodwill, business opportunities, data or other business interruptions.

11.2. The Supplier's maximum liability to the Customer for all obligations (whether under the Agreement or otherwise) which are directly or indirectly connected with the Agreement shall be limited to the price the Customer has paid for the Service the last 36 months before the event giving rise to the liability.

11.3. The Supplier disclaims any and all liability, including any express or implied warranties, whether oral or written, for Third-party Hardware and Third-party Software. This implies even if such hardware or software is essential for the Service to effectively function.

 

12. Data Processing

12.1. The Customer is the data controller and responsible for complying with the rules laid down in the GDPR and/or national privacy act for all personal data processed by the Supplier via the Services. The Customer is solely responsible for having a legal and adequate processing basis for personal data processed through the relevant Service at all times.

12.2. The Supplier's responsibility and right to store data generated or created through the Service ceases at the end of the Contract Period. The Customer is responsible for exporting and storing data from the Supplier’s system before the expiry of the Contract Period.

12.3. Upon termination of the Agreement, the Supplier will delete all data within the deadline specified in the Data Processor Agreement. However, this will not apply if the Customer enters into a separate agreement with the Supplier regarding continued data storage.

12.4. The Supplier has the right to, free of charge and without any limitation, use data generated or created through the Service that does not constitute personal data and personal data that has been anonymised, including transferring such data to third parties.

12.5. The Parties further rights and obligations related to the data processing are regulated in the Data Processor Agreement.

 

13. Breach of Contract

13.1. The Agreement or specific Services may be terminated with immediate effect by either Party in the event of a material breach by the other Party, and such breach is not rectified within a reasonable time after the breaching Party was notified of its breach in writing. The consequences of a material breach are governed by the background rules of law in addition to what is stated in these General Terms, including the right to compensation etc., with the limitations of the Supplier's liability arising from section 11.

13.2. In case of a material breach by the Customer, the Customer shall remain liable for the payment of the fees equivalent to the remainder of the current Contract Period.

13.3. If payment has not been received in a timely manner in accordance with section 7, nor within 14 days after the Supplier has given a written notice requiring payment, the breach is deemed as material.

13.4. Violation of section 6.2 is considered a material breach.

13.5. Upon a material breach by the Customer, the Supplier is entitled to immediately:

- terminate the Agreement with immediate effect

- disable the Customer's access to the Service

- claim payment for all outstanding benefits, and/or

- claim compensation for the loss due to payment defaults.

13.6. In the event of termination due to a material breach, the Customer is obliged to immediately return the Hardware, cf. section 4.11.

 

14. Software Updates and Changes of the Service 

14.1. Software updates are included in the price.

14.2. The Supplier reserves the right to at any time update, make modifications and alter the contents of the Services offered, without providing any notice thereof. New versions do not necessarily include all the functions available in the previous version but shall not materially alter the functional level of the Service negatively.

14.3. If the Supplier, at its sole discretion, decides to no longer offer a specific Service or a part of a Service, the Supplier is entitled to terminate the Agreement in whole or in part with 30 days’ prior notice to the Customer. The same applies if a contract with a subcontractor is terminated, involving that the Service can no longer be provided.

 

15. Changes to the Contract Documents

15.1. The Supplier, at its sole discretion, may from time to time update or modify these General Terms with one month's prior written notice (also electronically) to the Customer.

15.2. In addition, the Supplier may conduct such changes to the Contract Documents as it appears from these General Terms or the individual Contract Documents.

 

16. Price Changes

16.1. The Supplier may unilaterally adjust the price corresponding to any increased purchasing costs or costs to subcontractors, for example to providers of mobile data and/or map services, compared with the time of entering into the Customer Contract. Such change can take place with 2 months’ prior written notice (also electronically) to the Customer.

16.2. The Supplier may at any time and without prior notice adjust the price agreed upon for a Service in accordance with changes in the general price level by using a recognised and commonly used index in the country where the Supplier has its registered business address or such index in Europe. Choice of index is the Supplier’s sole decision. Adjustment may take place at the earliest with effect from January the calendar year after the Effective Date.

16.3. Upon automatically renewal of the Agreement, the Supplier may adjust the price for the Service according to the current pricelist, which without prior notice thereof applies for the Renewal Term.

 

17. Intellectual Property Rights and Know-How

17.1. The Supplier is the exclusive owner and retains all rights, titles and interests to Intellectual Property Rights and Know-How related to or arising from the Service and the Hardware, including, but not limited to the technology (including all modifications, enhancements, upgrades and updates thereto), algorithms, source code, object code and accompanying documentation, trademarks, logos, domain names, user interface design, graphics, illustrations, drawings, images, sound, music, videos, concepts, techniques and specifications.

17.2. “Intellectual Property Rights” include, but are not limited to patent rights, design rights, and copyrights.

17.3. “Know-How” includes, but is not limited to all industrial, technical, marketing and commercial information and techniques in any form, and all designs and artistic creations, regardless of whether it is patentable, registered as Intellectual Property Rights or protected as trade secrets.

 

18. Force Majeure

18.1. If circumstances beyond the Parties control, which is classified as force majeure, significantly complicate the implementation of the agreement, the Parties obligations under the Agreement are suspended to the extent the circumstance is relevant and for as long as the circumstance lasts.

18.2. Force majeure includes inter alia events that are beyond the Supplier's control, such as failure, damage, service, inspection or repair of communications facilities, failure of the telecommunications network or satellites, war, natural disaster, lightning strikes, fire, strike, lockout and other labour disturbances and incidents that result in sudden or unforeseen large waivers of personnel.

18.3. If force majeure shall be invoked, the afflicted Party must notify the other Party. The duty to notify also applies upon the end of the force majeure. During force majeure, the Parties have a mutual duty to inform of circumstances that may be of significance to the other Party. The information must be given within a reasonable time.

18.4. The Customer’s obligations under the Agreement are suspended during the period the Supplier's obligations are suspended, however short-term force majeure cases do not allow the Customer to demand a reduction in the price.

18.5. Regulatory changes outside the Supplier’s control does not influence the Contract Period, the price or the number of ordered Services.

 

19. Confidentiality

19.1. Each Party are obliged to keep and maintain the other Party’s confidential information in the strictest of confidence and shall not otherwise make the other Party’s confidential information available in any form, to any third party, or use the other Party’s confidential information for any purpose other than the performance of its obligations in the Agreement.

19.2. Each Party shall be responsible for ensuring that their respective officers, agents and employees do not disclose, use or distribute the other Party’s confidential information in violation of the terms and conditions of the Agreement. Each Party shall make commercially reasonable efforts to protect the other Party’s confidential information.

19.3. Confidential information includes, but is not limited to, any information that may be of the importance of competition or privacy considerations to keep secret for a third party, including personal information and information about security and business matters.The duty of confidentiality applies during the Contract Period as well as later.

19.4. For the avoidance of doubt, it is emphasised that the Customer does not have the right to authorise a competitor of the Supplier to obtain the Contract Documents or information about the contractual relationship and the terms of the Agreement, as this includes confidential information.

 

20. Mandatory law – Severability

20.1. Should any provision of the Contract Documents be or become invalid or unenforceable, e.g. because of conflict with mandatory law, the validity of the remaining provisions will not be affected. The invalid or unenforceable provision is to be replaced by a valid and enforceable regulation that comes closest in its effect to the commercial intent pursued in concluding the invalid or unenforceable provision. The same applies in the event of an omission.

20.2. This also applies if the Customer is a consumer, and any provision of the Contract Documents conflict with mandatory consumer legislation. Further information on consumer purchases can be found here: https://www.abax.com/terms-and-conditions

 

21. Prevailing Language

21.1. The Contract Documents shall be governed, interpreted, and construed in the English language, regardless of any translations that may be made into any other language.

 

22. Governing law and Jurisdiction

22.1. All disputes arising out of or in connection with the Agreement shall be governed by the laws of the Country where the Supplier has its registered business address.

22.2. The Parties shall seek to resolve any dispute amicably through negotiations. If such negotiations fail, each of the Parties may initiate legal proceedings before ordinary courts. Sole and exclusive venue for all disputes shall be the courts of the country where the Supplier has its registered business address, by the local district court.

Data Processing Agreement

Between:

THE SUPPLIER,

by the legal entity as specified in order confirmation or the signed customer agreement (the "Customer Contract"), acting as data processor

and

THE CUSTOMER,

by the person or legal entity as specified the Customer Contract, acting as data controller

the following agreement on the processing of personal data has been entered into ("Data Processor Agreement"):

 

1. Background and purpose

1.1       The Supplier and the Customer have entered into a Customer Contract. The Supplier’s provision of some or all services under the Customer Contract requires that the Supplier process personal data on behalf of the Customer. The Supplier is therefore regarded as a data processor and the Customer as a data controller in connection with processing of personal data.

1.2       This Data Processor Contract sets out the rights and obligations of the Supplier’s processing of personal data on behalf of the Customer pursuant to the Customer Contract, and applies to all processing of personal data the Supplier undertakes for the Customer upon performing the services. This Data Processor Agreement constitutes an integral part of the Customer Contract, including other contract documents. In case of any inconsistencies between the terms of this Data Processor Agreement and the General Terms and Conditions, the terms of this Data Processor Agreement shall prevail with regards to the processing of personal data.

1.3       The Data Processor Agreement shall ensure that personal data is processed in accordance with applicable national laws and EU or EU member state law for processing of personal data, including the General Data Protection Regulation (2016/679) of the European Parliament and of the Council (“GDPR”), hereinafter jointly referred to as the “Data Protection Legislation”.

1.4       Concepts and definitions used in this Data Processor Agreement shall be understood in the same way as in the Data Protection Legislation.

 

2. The Supplier’s obligations

2.1       The Supplier shall only process personal data on behalf of the Customer in accordance with documented instructions of the Customer.

2.2       The Supplier shall process personal data in the manner as described in this Data Processor Agreement, or as otherwise agreed in writing (including electronically) between the Supplier and the Customer.

2.3       Any supplementary instructions on the processing shall be submitted to the Supplier’s stated contact information.

2.4       Regardless of what is stated in clause 2.1 to 2.3, the Supplier shall process personal data as required by law. The Supplier shall notify the Customer if the Supplier is required by mandatory law to process personal data contrary to the Customer’s instructions, unless providing such notification is prohibited by law.

2.5       If the Supplier considers that an instruction from the Customer is in violation of the Data Protection Legislation, the Supplier shall immediately inform the Customer of its opinion. The Supplier undertakes to exercise its obligations under the Customer Contract and Data Processor Agreement despite its opinion.

2.6       The Supplier shall ensure that employees and subcontractors or other third parties authorised to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. This provision also applies after the termination of the Data Processor Agreement.

2.7       The Supplier shall implement appropriate technical and organisational measures required pursuant to Article 32 of the GDPR, including measures to ensure that data is available to the Customer, to prevent the loss or destruction of data, and prevent unauthorised access to data.

2.8       The Supplier shall keep an updated list of all sub-processors and ensure that any sub-processors processing personal data on behalf of the Customer have entered into a binding agreement with the Supplier pursuant to Article 28 (2) and (4) of the GDPR.

2.9       The Supplier shall, by means of appropriate technical and organisational measures, bearing in mind the nature of processing and to the extent possible, assist the Customer in responding to requests submitted by data subjects seeking to exercise their rights pursuant to Chapter III of the GDPR.

2.10      The Supplier shall assist the Customer in fulfilling the duties pursuant to Articles 32 to 36 of the GDPR.

2.11      The Supplier shall keep a record of processing activities performed on behalf of the Customer, which shall contain at least the information provided pursuant to the GDPR Article 30 (2).

 

3. The Customer’s obligations

3.1       The Customer is responsible for ensuring that the processing of personal data complies with the requirements set out in the Data Protection Legislation, hereunder ensuring that the processing of personal data, which the Supplier is instructed to perform, has a legal basis.

3.2       The Customer has the right and obligation to determine the purpose and means of the processing.

3.3       The Customer might provide the Supplier with documented instructions on how the personal data should be processed, and hereby instructs the Supplier to process personal data to the extent and in the manner in which such processing is required to provide the services under the Customer Contract and as described in section 8.

3.4       The Customer may give other additional instructions as long as such additional instructions are, taking into account the nature of and the Supplier’s obligations under the Customer Contract, relevant for the provision of the services under the Customer Contract.

 

4. Use of sub-processors and transfer of data outside the EEA

4.1       The Supplier has the right to use the current sub-processors which appears on the list found here: https://www.abax.com/terms-and-conditions. The Supplier use few sub-processors outside the European Economic Area (EEA) where European Standard Contract Clauses (SCCs) are used as a basis for transfer.

4.2       The Customer hereby grants a general authorisation for the Supplier to use sub-processors to process personal data to fulfil the contractual obligations under the Customer Contract.

4.3       The same data protection obligations as set out in this Data Processor Agreement shall be imposed on the sub-processor, in particular concerning guarantees to implement appropriate technical and organisational measures. If a sub-processor does not fulfil its data protection obligations, the Supplier shall remain fully liable to the Customer as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR.

4.4       The Supplier shall inform the Customer in writing before replacing or adding new sub-processors, no less than 30 days prior to the intended change, thereby giving the Customer the opportunity to object to such changes.

4.5       The Customer may not reject a new sub-processor without a legitimate reason. Any rejection based on well-founded suspicion that the level of data protection may be degraded as a result of the change of sub-processor shall be regarded as a legitimate reason.

4.6       If the Customer wishes to object to the engagement of the new sub-processor and has legitimate reasons based on privacy to do so, the Customer may, within 14 days of receiving the Supplier’s written notification, serve the Supplier a written objection detailing such legitimate reasons. If the Customer does not serve such objection notice within the stipulated timeframe, the Customer is deemed to have accepted the use of the new sub-contractor.

4.7       If the Supplier insists on using the new sub-processor even though the Customer has provided an objection with legitimate reasons based on privacy  as described above, the Customer shall, as its sole remedy, have the right to terminate the part of the Customer Contract affected by the change. To terminate part of the Customer Contract, the Customer shall serve the Supplier a written termination notice stating the date the termination shall take effect, which shall be no later than the last day of the 30-day period as set out in clause 4.4. If the Supplier has not received such termination notice two days before the end of the 30-day period, the Customer’s right to termination under this section 4.7 expires.

4.8       If it is critical to replace or add a new sub-processor in order to fulfil the services under the Customer Contract, the Supplier may, notwithstanding the above, implement the change immediately after the Customer has been notified.

4.9       The Supplier is entitled to process personal data outside the EEA to the extent the processing is carried out by sub-processors at any time included on the list of sub-processors outside the EEA. Any additional transfers of personal data to a country outside the EEA will not be carried out without documented instructions from the Customer.

 

5. Security Measures

5.1       The Supplier shall fulfil the requirements for security measures imposed under the Data Protection Legislation and shall be able to document procedures and other measures to meet these requirements.

5.2       - The Supplier complies with information security management system standard ISO 27001:2017.
- All Customer data is encrypted both in transit and “at rest”.
- The Supplier utilise network segmentation in all our production environments.
- All Supplier infrastructure is kept up to date with the latest security patches released by our vendors.
- The Supplier uses the principle of least privilege (PoLP) to control access to systems and data to ensure proper access control.

5.3       The Supplier has 24/7 on-call staff to handle unplanned events and incidents. The Supplier ensures redundancy in all infrastructure and systems by using vendors that deliverers industry-standard solutions with a high degree of availability.

 

6. Audits

6.1       The Supplier shall make available to the Customer all information necessary to demonstrate compliance with Article 28 of the GDPR and fulfilment of the obligations outllined in this Data Processor Agreement, as well as facilitate and contribute to audits, including onsite inspections, conducted by the Customer or another auditor mandated by the Customer. The other auditor shall not be a competitor of the Supplier.

6.2       The Customer may require audits once per year. In case of special circumstances that motivate an additional audit, such as a personal data breach or the Customer having reasons to believe that the Supplier is in breach of this Data Processor Agreement, the Customer may carry out an additional audit.

6.3       The Customer shall provide no less than two weeks written notice of the proposed audit, and the audit shall be carried out in a manner that minimises interference with the Supplier’s day-to-day business activities. The findings of the audit shall be treated as confidential and shall be discussed and evaluated by both parties.

6.4       The Customer shall bear all costs and fees related to such audit. If the Supplier is rendering any support or services related to the audit, then the Supplier is entitled to issue an invoice for hourly time 200 EUR for all actual costs and fees.

6.5       Notwithstanding the above mentioned, the Customer or inspector will not be allowed access to server rooms and other information and location to the extent this could potentially pose a risk to the Supplier’s security level or confidential information. The Supplier alone assesses this risk.

 

7. Notification routines

7.1       If the Supplier becomes aware of a personal data breach, the Supplier shall notify the Customer without undue delay.

7.2       The notification shall at least describe:

  1. The nature of the personal data breach, including where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned,
  2. The name and contact details of the data protection officer or another contact point where more information can be obtained,

  3. The likely consequences of the personal data breach,

  4. The measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

7.3       If the Supplier is unable to provide all the information above at the first notice, the information may be provided gradually without undue delay.

7.4       The Customer shall ensure that an incident report is sent to the relevant Data Protection Authority in accordance with Article 33 of the GDPR, whereas the Supplier may not send such notice or contact the supervisory authority without the Customer's instructions.

 

8. Scope of the processing

8.1       The scope of the processing will depend on which services are included in the Customer Contract, and of the instructions given by the Customer and the adjustments made by the Customer in the user interface.

8.2       Hereby follows a description of the scope of the processing, describing inter alia the type of personal data that may be processed upon providing the services:

 

The purpose of the processing

The Supplier shall process personal data to provide the services specified in the Customer Contract.

 

The duration of the processing

The processing shall last for as long as the Supplier provides services to the Customer under the Customer Contract.

 

The nature of the processing

The Supplier shall collect, store and make data available for the Customer and users via a graphical user interface to provide the services specified in the Customer Contract. The Supplier may also transfer data to third parties at the Customer’s request.

The Supplier shall make data available for its affiliated company’s technical and support personnel to provide support under the Customer Contract, and collect data on how the Suppliers services are used and collected.

 

The type of personal data to be processed

Depending on services included in the Customer Contract and the instructions and amendments made by the Customer, the Supplier might process the following data that can be considered personal:

Information about users, optionally provided by the Customer, such as Name, Address, Mobile, E-mail, Job title, Employee number, Tax zone, Bank account number, Department.

Information about vehicles, optionally provided by the Customer, such as Registration number, Make, Model, First-time registered date, Emissions data, Vehicle group, Colour, Vehicle name, Vehicle type, Fuel type, Vehicle category, Assigned driver, Initial and corrected mileage readings, Leasing details (Leasing company, Contract number, Contract start date, Mileage limit, Leasing agreement duration, Mileage reading at the start of the leasing period), Insurance details (Insurance company, Contract number, Contract start date, Mileage limit, Insurance agreement duration, Mileage reading at the start of the insurance), Servicing details (Date of last service, Mileage at last service, Service interval by distance driven, Service interval by time, E-mail address on who to notify and who has been notified).

Information about equipment, optionally provided by the Customer, such as Make, Model, Name, Serial nr, Registration number, Department, Tags, Operating hours at last service, Service intervals, Inspection details (Last inspection date, Inspection interval, Inspection notes), E-mail address on who to notify and who has been notified).

Data provided by hardware or created from hardware data, such as Location, Engine on and off, Trip start and stop location, Trip start and stop address, Trip start and stop date and time, Current speed, Current direction, Raw Accelerometer data to build driving behaviour score and detect driving events (Rapid acceleration, Hard breaking, Harsh turning, Idling), Hardware diagnostic such as GPS satellites in view, installation angle, Operating hours.

User profile information such as Username, Password, E-mail, Mobile number, and language preference.

Logging of software usage such as what the user clicks on, sequence of clicks, statistics and analysis data including IP address.

 

The categories of data subjects

Customers, Customers’ employees, or others using the vehicle or equipment.

8.3       The Customer may however instruct the Supplier on the processing, which may cause the processing to deviate from what is described above. The Customer may also add information and make a change in the user interface, including changes of settings, which may cause the processing to deviate from the description above.

8.4       Unless otherwise is agreed, the Supplier has the right to receive a reasonable payment if the Customer gives instructions that do not lie within the service and requires changes or adjustments, with remuneration based on the Supplier’s hourly rate of 200 EUR. The Supplier may also refuse the instruction if it exceeds the service and cannot be met by simple means.

 

9. Liability

9.1       Each party is responsible for covering administrative fines and other sanctions imposed as a result of breaches of the Data Protection Legislation. If a party has been held liable for damages under Article 82 of the GDPR for a matter for which the other party is responsible, the party responsible shall cover the cost  of damages. The limitation of liability set out in the General Terms and Conditions shall apply to liability according to Article 82 of the GDPR.

 

10. Term and termination

10.1      This Data Processor Agreement enters into force by the Customers electronical signature and remains in force for as long as the Supplier processes personal information on behalf of the Customer according to the Customer Contract.

10.2      If the Customer Contract is terminated, this Data Processor Agreement will automatically be terminated when the processing has ended after deletion (including backup).

10.3      In the event of a breach of this Data Processor Agreement or the Data Protection Legislation, the Customer may instruct the Supplier to stop further processing of the data with immediate effect.

 

11. Duties upon termination and cancellation

11.1      Upon termination of the Customer Contract, the Supplier shall at the choice of the Customer either permanently delete or return all personal data received on behalf of the Customer.

11.2      The Customer may require that the Supplier delete all personal data processed under this agreement. The deletion shall be carried out no later than 60 days after the agreement is terminated.

11.3      Should the Customer not request return or deletion in accordance with the previous paragraph, the Supplier shall nevertheless delete personal data received on behalf of the Customer no later than 60 days after the Customer Contract is terminated, unless the Supplier has another legal basis for storing the data, such as having a legal obligation to do so or a separate agreement with Customer on further data storage.

11.4      The Supplier's obligation to delete personal data does not apply if the information is anonymized (and thus no longer constitutes personal data) or the Supplier has a legal basis for refraining from deleting, e.g. to defend a legal claim.

11.5      Backup copies that contain personal data will be deleted in accordance with the Supplier’s routines for deletion of backups. If the Customer requires the backup copies to be deleted outside the regular routines, the Supplier will do this as a paid service, with remuneration based on the Supplier’s hourly rates.

 

12. Miscellaneous

12.1      This Data Processor Agreement forms an integral part of the Customer Contract, including other contract documents, such as the General Terms and Conditions. Provisions laid down in the above-mentioned documents apply, including but not limited to the contact information, limitation of liability and law and legal venue.

12.2      Upon transfer of the Customer Contract to other parties, the Data Processor Agreement shall be transferred accordingly.

12.3      The Supplier is entitled to do necessary changes in this Data Processor Agreement. The Supplier shall send a written notice (also electronically) to the Customer. The Customer has the right to oppose major changes in writing within 30 days provided that the Customer has a just and factual objection.

Privacy Policy

1. Introduction

The ABAX Group is committed to the protection of personal data. The services we offer to our customers are developed baased on privacy by design, meaning that privacy is encompassed in the entire design of the system which enables us to process data in a safe manner. For instance, users may have access to data that is not visible to the administrator, e.g., private trips.

ABAX Group includes the parent company, ABAX AS, and its subsidiaries. All references to “we”, “us” and “our” refer to the companies within the ABAX Group.

This privacy policy describes the information we may collect and process about you if you are a customer or affiliated with one of our customers, if you are a user of our services, if you are a partner or supplier, if you have subscribed to our newsletter or requested information from us, if you have visited our website or applied for a position within the ABAX Group. All of the above are collectively referred to as the “Data Subjects”.

 

2. The data we collect

2.1       Customer data

When you enter into a customer contract with us, we may collect the following data about you:
- The customer’s name and business register number
- Phone number, e-mail address and postal address to the customer
- Information on customer’s contact person(s) (name, e-mail and phone number)
- Information on customer’s administrator user(s) (name, e-mail address and phone number)
- Payment details

 

This information is collected to fulfil the contract with the customer and is stored throughout the contract period in order for us to manage the customer relationship and to provide support services.

 

We may retain some information beyond the contract period for the following reasons:
- Accounting; as we may, under national law, be obliged to keep accounts for a given number of years.
- Claim outstanding debts; if you still owe us money after the subscription period has expired.
- Defend legal claims, if there is a dispute regarding the terms of the customer contract.

 

2.2 Data related to the use of our services

Upon providing our services the customer can connect, track, and monitor assets from one interface. The processing of personal data is required in order to provide our services, whereupon we do only process personal data on behalf of the customer and in accordance with the customer’s instructions. Our customers are in control of the data we process on their behalf, and on this basis, we have the role of a data processor, and the customer is the data controller.

 

The data we process will depend on which services are included in the customer contract, and the instructions given by the customer and the adjustments made by the customer and end-user in the user interface.

 

Upon providing our services we may process the following personal data:

 

The type of personal data to be processed

 

Depending on services included in the Customer Contract, the Supplier might process the following data that can be considered personal:

Information about users, optionally provided by the Customer, such as Name, Address, Mobile, E-mail, Job title, Employee number, Tax zone, Bank account number, Department.


Information about vehicles, optionally provided by the Customer, such as Registration number, Make, Model, First-time registered date, Emissions data, Vehicle group, Colour, Vehicle name, Vehicle type, Fuel type, Vehicle category, Assigned driver, Initial and corrected mileage readings, Leasing details (Leasing company, Contract number, Contract start date, Mileage limit, Leasing agreement duration, Mileage reading at the start of the leasing period), Insurance details (Insurance company, Contract number, Contract start date, Mileage limit, Insurance agreement duration, Mileage reading at the start of the insurance), Servicing details (Date of last service, Mileage at last service, Service interval by distance driven, Service interval by time, E-mail address on who to notify and who has been notified)


Information about equipment, optionally provided by the Customer, such as Make, Model, Name, Serial nr, Registration number, Department, Tags, Operating hours at last service, Service intervals, Inspection details (Last inspection date, Inspection interval, Inspection notes), E-mail address on who to notify and who has been notified)


Data provided by hardware or created from hardware data, such as Location, Engine on and off, Trip start and stop location, Trip start and stop address, Trip start and stop date and time, Current speed, Current direction, Raw Accelerometer data to build driving behaviour score and detect driving events (Rapid acceleration, Hard breaking, Harsh turning, Idling), Hardware diagnostic such as GPS satellites in view, installation angle, Operating hours


User profile information such as Username, Password, E-mail, Mobile number, and language preference.

Logging of software usage such as what the user clicks on, sequence of clicks, statistics and analysis data including IP address.

 

The categories of data subjects

Customers, Customers’ employees, or others using our services.

 

We store the data for as long as the customer instructs us to, or until the customer fully terminates. The customer solely decides how long it is necessary to keep the data, and our liability is limited to complying with the customer’s instructions.

 

The customer’s administrator and a user may request for deletion of data, where the customer is the Data Controller, in the user interface and may also request for additional deletion by contacting our Group Data Protection Officer in cases where ABAX is Data Controller.

 

2.3 Partners and suppliers

We process personal data about partners and suppliers for the purposes of fulfilling the contract. The personal information being processed are names, phone numbers, addresses, e-mail addresses and invoice information.

 

This information will be stored during the contract period. Moreover, in order to facilitate potential future contact and cooperation, we retain records of current, previous and potential partners and suppliers for 5 years, on the basis of legitimate interest. We will however delete all data upon request.

 

2.4       Newsletter subscribers and information requests

If you contact us or subscribe to our newsletter, we will collect the following data:

  1. Newsletter: E-mail address, name and role, in order to send newsletters

  2. Contact by e-mail: E-mail address and the e-mail correspondence, in order to reply to your request

  3. Contact by phone: Phone number, name and a summary of the corresponding in writing, in order to reply to your request. We also record phone calls for security and training purposes, on incoming calls based on active consent from the incoming caller.

 

We need your consent in order to sign you up for our newsletters. You can withdraw your consent at any time, in which case we will delete your e-mail from the e-mail list and stop sending you newsletters.

 

If you are a customer, we reserve the right to keep the e-mail and phone correspondence as long as you are an active customer in order to provide the best customer care possible, and for one year following the end of the customer relationship in case there is a need for further contact. In addition, the information may also be retained for handling complaints and for the purposes of handling an ongoing legal claim. You can send us a request to delete all correspondence. We will then process your request. If we decide to keep your data, we will inform you of the reasoning behind such decision without undue delay.

 

All customers of the ABAX Group will receive transactional emails, also if unsubscribed to our newsletters. A transactional email can be a notification of a privacy breach, change in terms and conditions and similar information. This is information ABAX by law need to inform existing customers about.

 

2.5 Website visitors

Cookies are small text files that are stored on your computer, phone, tablet, or any other device you may use to access our website. We use cookies on our websites delivered by Google Analytics, HubSpot, Hotjar, Lead Forensics and similar tools to analyse how you use our website (which pages you visit, what links you click on and the time and duration of your visit). In addition, we use cookies from Google Ads, Facebook and other advertisement providers in order measure the effects of our marketing efforts. Finally, we use cookies from providers such as HubSpot, HeyFlow and ITX Services for enabling the use of chat tools.

 

Cookies are set to expire no later than one year after you last visited the website. You may delete all our cookies in the “Settings” menu of your browser. Our cookies may also be disabled by visiting the following link: https://tools.google.com/dlpage/gaoptout.  

 

We collect and store information provided by you when you submit any of our lead forms. Such data will be stored for a period of up to three years. You may at any time request your information to be deleted.

 

2.6 Recruitment

If you apply for a position within the ABAX Group we will collect and process your application, CV, certificates, and references as well as personal details such as name, e-mail address and phone number. The basis of our processing of this personal data is your consent which is freely given by you during the application process. We will keep such data for 12 months following the end of the recruitment process to consider you for upcoming positions. You can withdraw your consent at any time.

 

3. Security measures

We have implemented a number of security measures to be able to process data in a safe manner (which protects your personal data from loss and unauthorised access, copying, use, modification or disclosure), such as:
- We comply with information security management system standard ISO 27001:2017.
- Customer data is encrypted both in transit and “at rest”.
- We utilise network segmentation in all our production environments.
- All infrastructure is kept up to date with the latest security patches released by our vendors.
- We use a widely used method of access control called the principle of least privilege (PoLP) to ensure that our infrastructure stays secure.

 

You can find more detailed information on the security measures here: https://www.abax.com/uk/privacy

 

4. Recipients of personal data and the use of sub-processors

We will not disclose your personal information to third parties unless it is required or permitted under the applicable privacy legislation, e.g., we are instructed to do so by the customer or by using an approved sub-processor.

 

When we share personal data with a sub-processor, we require that the sub-processor enters into a data processor agreement with us in compliance with the General Data Protection Regulation (GDPR). Current sub-processors appear on the list found here: https://www.abax.com/terms-and-conditions. We use a few sub-processors outside the European Economic Area (EEA) where European Standard Contract Clauses (SCCs) are used as a basis for transfer.

 

5. Your rights as a data subject

5.1 Right to access, correction, deletion, and portability

As a data subject, you may request:
- access to all personal data we have stored about you,
- correction of any errors in the personal data we have stored about you,
- deletion of your personal data, and
- receipt of your personal data and transfer to another controller (data portability)

 

Your right to access the personal data is not absolute, as law or regulations may allow or require us to refuse to provide some of the personal data.

 

To provide the best service, it is important that the personal data in our records is correct. Please keep us informed if your personal data happens to change or for other reasons is incorrect.

 

The right to deletion is not absolute, as law or regulations may allow or require us to refuse to delete some of the personal data. For example, instead of deletion of personal data, we may make the data anonymous so it cannot be associated with or tracked back to you.

 

If the processing is based on legitimate interest, you may in addition object to the processing and request for restriction of the processing.

5.2 Where to file a request

Both the customer and the customer’s employees (or other users of our services) may exercise the above-mentioned rights by logging in to the user interface, where you will find most of the data we have stored about you and have the ability to make corrections and request deletion.

 

As we process data on behalf of our customer upon performing our services, any request on extended access, corrections or deletion, which cannot be made in the user interface, must be submitted to us by our customer. If you use our services on the basis of an employment or other affiliation with our customer, you must contact the relevant person in the company, who can make the necessary decisions, including submitting a request to us.

 

To exercise the above-mentioned rights related to personal data, which is not stored in the user interface, please contact our Group Data Protection Officer, see section 7. We will take the necessary steps to confirm the data subject’s identity before providing any information regarding personal data.

 

6. Changes to our privacy policy

We may update this privacy policy from time to time. This is at all times applicable and an updated privacy policy is available at https://www.abax.com/terms-and-conditions

 

7. Data Protection Officer

If you have any inquiries regarding this privacy policy, concerns regarding how we manage your personal data or wish to file a complaint, please contact our Group Data Protection Officer, Christine Blomquist, at dpo@abax.no.

 

8. Complaints

If you have any concerns about how we process your personal data, you are welcome to file a complaint to the relevant data protection authority in your country. In addition, you can file a complaint with ABAX Group at https://www.abax.com/uk/complaints

Sub Data Processors

 

Processor

Country

Description

Link to homepage

Mekonomen

Norway

On your request we cooperate with Mekonomen in order to ensure Installation of your ABAX units.

https://www.mekonomen.no

Skan-Kontroll Norway In your request and only after signing a legal contract we share certain data with Skan-Kontroll in order to enable our after theft recovery solution. http://www.skan-kontroll.no/
Telenor Norway Telenor delivers connectivity to our sensors.  https://www.telenor.no
Visma BWise AS Norway Bwise help us operate our business intelligence system.  https://www.visma.no/business-intelligence/
HG Datapartner Norway Delivers our ERP system Navision. http://www.hg-gruppen.no
ITX Norge AS Norway Delivers our internal phone and commitioning systems.  http://www.itxnorge.no/
Ferde Norway On your request and only after signing legal contract we cooperate with Ferde to deliver Toll Road service including ferry.  https://ferde.no/
ProffCom AS Norway ProffCom delivers resources to our customers service support function  https://www.proffcom.no
Easy-Park Sweden On your request and only after signing legal contract on this service we share certain data with Easy Park to enable this service.  https://easypark.no/

Caruso Dataplace

Germany

On your request and only after signing legal contract we can share certain data in order to offer new and better services. 

https://www.caruso-dataplace.com/

Skyrise sp Z.o.o.

Poland

Some of our development is outsorced to Skyrise sp Z.o.o. 

https://www.skyrise.tech/

Ruptela UAB

Lithuania

Supplier of our Fleet Management Solution.

https://www.ruptela.com/

HubSpot Ireland We use HubSpot to communication with our customers and prospects as well as building additional webpages on abax.com https://hubspot.com 
Other ABAX Group Companies      

Sub Data Processors - Third countries

As a result of the recent Court of Justice of the European Union ruling on data transfers, invalidating the Privacy Shield, ABAX will be moving to Standard Contractual Clauses (SCCs) for transfers of online advertising and measurement personal data out of the EU/EEA.

Any questions regarding this? Please get in touch with our Data Protection Officer, Christine Blomquist, on dpo@abax.no 

Sub Processor

Country

Description

Link to homepage

Zapier USA We use Zapier to set up integrations https://zapier.com/
Twilio Sendgrid USA We use Twilio Sendgrid to communicate with you via SMS and email https://www.twilio.com / www.sendgrid.com

 

Above mentioned terms enter into force 1. January 2022 for contracts signed prior to 1. September 2021. Receding legal documents are found here.

Withdrawal rights for private individuals