1. Agreement. This agreement (the “Agreement”) is entered into by and between the entity or company accepting these terms by reference (“You”, “Your” or “Partner” as the case may be), and Checkin.com International AB, reg. no 559352-2500, Engelbrektsplan 2, 114 34 Stockholm, Sweden (“Checkin”), each a “Party” and collectively the “Parties”.
The Agreement is entered into by reference through a binding order or agreement between You and an authorized reseller of Checkin’s software, where (i) such order or agreement specifies Checkin’s software ordered, (ii) such order or agreement specifies the license fee to be paid by You, and provided that (iii) You have a business relationship with the Reseller, and (iv) the order is pre-approved by Checkin.
By accepting these terms, you confirm your intent and authority to enter into this Agreement on the terms stated herein on Your behalf.
2. Software and Fee. Checkin’s software stated by the order or agreement between You and the Reseller (the “Software”) is made available for Your use on the terms of this Agreement. In consideration of the grant of the license to use the Software, You shall pay to the Reseller a license fee (the “Fee”) as agreed between You and the Reseller.
3. Term. This Agreement is effective as specified by the order or agreement referencing these terms, and shall remain in force as specified by the order or agreement referencing these terms, or otherwise until terminated according to the terms of this Agreement (the “Term”).
4. License. The Partner is hereby granted a non-exclusive and non-transferable license to use the Software in its business during the Term, subject to payment of the Fee and subject to the terms and conditions of this Agreement.
It is understood that the Software will include the use of one or more third party supplier(s) and integrations.
Each Party acknowledges that the Software may be used by the Partner as a step in an identity verification or know-your-customer (KYC) procedure, but that provisions under AML/KYC and terrorist financing regulations, or otherwise, may require further actions to verify end users. The Partner shall be responsible for any conclusions drawn through use of the Software and for any additional identity verification or AML/KYC measures required.
5. Obligations and Undertakings.
Checkin undertakes to:
a) Provide the Software to the Partner in accordance with the terms of this Agreement and in a workmanlike manner with the professionalism that can reasonably and commercially be expected.
b) Ensure that the Software does not infringe any intellectual property or related rights of any third party.
c) Deliver the Software with a service and support level in accordance with Appendix 1.
Each Party represents and warrants that it:
a) shall comply with all applicable laws and regulations with respect to its activities under this Agreement;
b) has and will maintain all necessary licenses, consents and permissions, as applicable, necessary for the performance of its obligations under this Agreement;
c) has all the necessary power, authority and rights to enter into and to perform its obligations under this Agreement;
d) has no actions or proceedings pending or threatened against it before any court tribunal or governmental body agency or authority which may adversely affect its ability to perform its obligations hereunder; and
e) adheres to applicable international sanctions and embargoes imposed by relevant authorities, including but not limited to the United States Office of Foreign Asset Control (OFAC) and the European Union. Under this Agreement, neither party shall, directly or indirectly, engage in business transactions, sales, or provision of services, or purchase products or services from, embargoed or sanctioned individuals, organizations or regions as applicable.
Checkin shall, subject to prior written approval (including email), on its website, in sales pitches, partner presentations and otherwise be entitled to (i) use the Partner’s name as reference case and (ii) use a quote from the Partner whereby Checkin and the Software are promoted (exact wording to be agreed jointly between the Parties).
6. Data Privacy and Intellectual Property Rights. The Partner is and shall remain the sole owner of its customer database and is the data controller of any personal data entered by its customers. Checkin may process certain data and as such, Checkin will take measures regarding the processing of personal data as reasonably requested in writing by the Partner and in accordance with this Agreement, including the data processing agreement, Appendix 2.
The Partner shall ensure that Checkin can legally process Partner’s customers’ personal data in accordance with this Agreement.
Checkin is and shall remain the sole and exclusive owner of any intellectual property vested in the Software. Checkin shall automatically become the owner of any development of the Software and intellectual property created in connection with such development.
The Partner grants Checkin a non-exclusive and royalty free license to use the Partner’s logo, trademarks and other intellectual property necessary in order for Checkin to comply with its obligations under this Agreement. Partner represents and warrants that it has the right to license or sublicense any such intellectual property rights to Checkin.
7. Confidentiality Undertaking. Each Party has disclosed or will disclose information, data, API specifications, etc. to the other that is sensitive and confidential. Each Party agrees that it will at all times hold in strict confidence and not disclose Confidential Information (as defined below) to any third party except as approved in writing by the other Party and will use the Confidential Information for no purpose other than evaluating the future provision of the Software. Each Party agrees to only permit access to Confidential Information to those of its employees having a need to know and who have signed confidentiality agreements or are otherwise bound by confidentiality obligations at least as restrictive as those contained herein. The receiving Party shall be liable for any failure of its employees to abide by the provisions of this Agreement as if such failure was the act or omission of the receiving Party.
“Confidential Information” shall include but not be limited to all non-public materials and information provided or made available to the other Party, including products and services, information relating technology, know-how, processes, software programs, APIs, research, development, financial information, and information the disclosing Party provides regarding third parties.
The Parties agree that the foregoing confidentiality undertaking shall not apply with respect to any information that either Party can document (i) is or becomes (through no improper action or inaction by the receiving Party or any affiliate, agent, consultant or employee) generally available to the public, or (ii) was in its possession or known by it without restriction prior to receipt from the other Party, or (iii) was rightfully disclosed to it by a third party without restriction, or (iv) was independently developed by employees of the receiving Party without use of any Confidential Information of the other Party. Either Party may make disclosures required by law or court order provided that such Party uses diligent reasonable efforts to limit disclosure and to obtain confidential treatment or a protective order and has allowed the other Party to participate in the proceedings.
Upon expiry of the Term (regardless of reason for termination), or upon request by the disclosing Party, the other Party shall promptly return to the disclosing Party all documents, notes and other tangible materials and return or certify the destruction of all electronic documents, notes, software, data and other materials in electronic form representing Confidential Information and all copies thereof.
The receiving Party agrees that nothing contained in this Agreement shall be construed as granting any ownership rights to any Confidential Information disclosed pursuant to this Agreement, or to any invention or any patent, copyright, trademark or other intellectual property right. The receiving Party shall not make, have made, use or sell for any purpose any product or other item using, incorporating or deriving from any Confidential Information or the Software.
The Partner will not modify, reverse engineer, decompile, create other works from, disassemble or otherwise use information, know-how or methods included in the Software to create or build (or allow any third party to create or build) the same or similar set up as the Software.
8. Indemnification etc. Each Party (the “Indemnifying Party”) shall indemnify and hold the other Party (the “Indemnified Party”) harmless from and against any claim, loss, damage, costs and expenses (including the reasonable fees and expenses) suffered or incurred as a result of a breach of any representations, warranties or obligations under this Agreement.
The Indemnifying Party’s obligation to indemnify the Indemnified Party against any third party claim is conditioned on the Indemnified Party: a) providing the Indemnifying Party prompt written notice of the claim, b) giving the Indemnifying Party sole control of the defence and settlement of the claim (provided that the Indemnifying Party may not settle or defend any claim unless it unconditionally releases the Indemnified Party of all liability), c) providing the Indemnifying Party all available information and reasonable assistance, and d) not having compromised or settled such claim.
Save for each Party’s breach of confidentiality obligations (above) or if caused by gross negligence or intentional misconduct, neither Party will be liable for any indirect or consequential losses arising out of this Agreement (including, without limitation, loss of business, revenue, profits, goodwill, use, data or other economic advantage) however they arise and even if that Party has previously been advised of, or could reasonably have foreseen, the possibility of such damages. Furthermore, Checkin’s maximum aggregate liability to the Partner under or in connection with this Agreement shall not exceed the amount of Fees actually paid by the Partner under this Agreement during the 12 calendar months period preceding the claim.
9. Force Majeure. Neither Party shall be liable to the other Party in damages or otherwise because of any failure to perform its obligations due to an event, such as fire, fire alert, severe weather conditions, natural catastrophe, national emergencies, war, riot, terrorism, communication failure, failure of technical facilities or any other incident beyond the control of the Parties (“Force Majeure Event”). If a Party is affected by a Force Majeure Event it will promptly notify the other Party and the Parties will discuss and seek to reach an agreement in good faith that is fair and reasonable. Notwithstanding the above, either party shall be entitled to terminate this Agreement with immediate effect if the performance of this Agreement is delayed for more than 30 days due to a Force Majeure Event.
10. Full Agreement, Amendments, Notices and Survival. This Agreement, together with any documents referred to in it, constitutes the whole agreement between the Parties relating to the Software and the negotiation and provision thereof and supersedes all previous agreements between the Parties in relation thereto. This Agreement may only be amended by an instrument in writing duly executed by the Parties.
Notices and notifications under this Agreement shall mean written notice (email or similar or signed document) by an authorised representative of the Party providing the notice or notification.
Provisions which expressly, or by nature or implication, shall survive termination of this Agreement shall survive termination. This includes provisions on indemnification, limitation of liability, payment of Fees, confidential information and governing law.
11. Assignment. Neither Party may assign or transfer its rights or obligations under this Agreement without the other Party’s prior written consent, such consent not to be unreasonably withheld or delayed.
12. Termination. Without affecting any other right or remedy available to it, either Party may terminate this Agreement with immediate effect by giving written notice to the other Party, if:
a) the other Party commits a material breach of this Agreement which is irremediable or, if such breach is remediable, fails to remedy that breach within a period of 14 days after being notified in writing to do so;
b) the other Party repeatedly breaches any of the terms of this Agreement in such a manner as to reasonably justify the opinion that its conduct is inconsistent with it having the intention or ability to give effect to the terms of this Agreement;
c) the order or agreement referencing these terms does not specify the end of the Term, each party shall be entitled to terminate this Agreement without cause subject to three months notice; or
d) the other Party is or becomes subject to any kind of insolvency, bankruptcy or similar procedure.
Non-payment or late payment by the Partner shall be considered to be a material breach by Partner and shall give Checkin the right to suspend the use or availability of the Software or terminate this Agreement with immediate effect.
Written notice of termination shall be delivered by registered mail or courier, or delivered by email (in case of Partner’s termination notice by email to address [email protected]). The termination period shall commence as of the date of receipt by the receiving Party.
Checkin may also terminate this Agreement or part of the use or availability of the Software with immediate effect in case a relevant agreement between Checkin and a third party supplier is terminated or if the Software is otherwise unavailable or unsuitable for its purpose under this Agreement.
Upon termination of this Agreement, the Partner’s license shall expire and the Partner shall immediately cease to use the Software.
Termination of this Agreement shall not affect any rights, remedies, obligations or liabilities of the Parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the Agreement which existed at or before the date of termination.
13. Governing Law and Disputes. This Agreement shall be governed by the substantive law of Sweden, without giving effect to the choice of law principles thereof.
Any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof, which cannot be amicably settled between the Parties shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce. The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the proceedings shall be English. All aspects of the arbitration shall be confidential.
Notwithstanding the above, Checkin has the right to submit to a court of competent authority and jurisdiction any claim relating to the payment for overdue claims.
*******
1. SERVICE LEVELS
1.1 Availability
1.1.1 Availability of the Software means that it is working and shall be calculated as follows:
Availability (%) = Total time - Downtime x 100
Total time
1.1.2 The Software shall be available 99,8% per calendar month.
1.1.3 Checkin is not responsible for the local network and the internet connectivity from Partner and/or from Partner’s location and any unavailability of the Software due to such circumstances shall thus be fully taken into account when calculating any downtime.
1.2 Penalties
1.2.1 Any interruption in the Software shall be remedied by Checkin at its own cost unless due to circumstances described in 1.1.3.
1.2.2 In case of unavailability of the Software beyond the service level agreed in section 1.1 above, the Partner shall be entitled to penalties in the form of a price reduction as follows:
| Availability | Penalty |
|---|---|
| 99,8 – 100 % per calendar month | No Penalty |
| 99,0 – 99,79 % per calendar month | 25% of the Fee for the relevant month |
| 98 – 98,99 % per calendar month | 50% of the Fee for the relevant month |
| 97 – 97,99 % per calendar month | 75% of the Fee for the relevant month |
| < 97 % per calendar month | No Fee payable for the specified performance period |
1.2.3 Both Parties agree that the penalties described above are a reasonable method of price adjustment to reflect poor performance. Such penalties shall be the Partner’s exclusive financial remedy for a failure to meet the Service Level.
2. SUPPORT
2.1 The following service channels are covered by this SLA during business hours and outside business hours.
a) Manned telephone support
b) Monitored email support
c) Messenger system (e.g. Slack)
Email: [email protected]
Phone: +1 (347) 434-8955
2.2 Checkin shall provide the support with due care and workmanship and with suitable, qualified and competent personnel. Resolutions of interruptions shall be made as swift as possible. Critical events takes priority over major events, which takes priority over minor events. Critical and major events shall be attended to without delay, and through an internal Checkin escalation process for adequate attention.
2.3 During discovery and resolution of critical and major events, Checkin shall communicate to Partner via email (address provided by the Partner), via the relevant support ticket or other reasonable means of communication, to provide updates on incident management, resolution and post-mortem.
2.4 During support, Checkin shall:
a) Actively act to minimize any disturbances in the business of the Partner;
b) Actively work towards transfer of knowledge to the Partner; and
c) Give suggestions on priorities and workarounds with consideration to the Partner’s interest of a secure, effective and economical operation of the Software.
* * *
This data processing agreement (the “DPA”) is entered into by and between the Partner (as defined in the Agreement, and Checkin.com International AB, 559352-2500, Engelbrektsplan 2, 114 34 Stockholm, Sweden (“Checkin”), each a “Party” and collectively the “Parties”.
1. Checkin’s Data Processing
1.1 When Checkin processes personal data on behalf of the Partner, Checkin will do so in accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) (the “GDPR”) and other applicable legislation.
1.2 Checkin will take measures regarding the processing of personal data as reasonably requested in writing by the Partner and will, unless otherwise agreed between the Parties, only process data for the specified purposes, as defined in appendix 2.1.
1.3 Checkin will adhere to the following security measures.
1.3.1 Access control to premises and facilities; Measures taken to prevent unauthorized access to premises and facilities holding personal data (to the extent stored under the DPA) include ID reader, magnetic card, chip card, keys, surveillance facilities and alarm system.
1.3.2 Access control to systems; Measures taken to prevent unauthorized access to IT systems, including password procedures, central management of system access and access to IT systems subject to management approval.
1.3.3 Access control to data; Measures taken to prevent authorized users from accessing data beyond their authorized access rights includes differentiated access rights defined according to duties and automated log off user access via IT systems.
1.3.4 Disclosure control; Measures taken to prevent the unauthorized access, alteration, or removal of data during transfer, and to ensure that all transfers are secure and are logged include the use of a wholly-owned private network for all data transfers, encryption using a VPN for remote access for any personal data stored, transport and communication of data, prohibition of unencrypted portable media and creation of an audit trail of all data transfers.
1.3.5 Input control; Measures are put in place to ensure all data management and maintenance is logged, and an audit trail of whether data have been entered, changed, or removed (deleted) and by whom must be maintained.
1.3.6 Availability control; Measures are put in place to ensure that data are protected against accidental destruction or loss, including backup procedures, uninterruptible power supply (UPS), Business Continuity procedures, Remote storage and Anti-virus/firewall systems
1.3.7 Segregation control; Measures are put in place to allow data collected for different purposes to be processed separately, including restriction of access to data stored for different purposes according to staff duties, segregation of business IT systems and segregation of IT testing and production environments.
1.4 Checkin will maintain written records of all categories of personal data processing activities carried out on behalf of the Partner and will make these records available to the Partner’s auditors and any supervisory authority if, and when, reasonably required by such entities.
1.5 Checkin agrees to cooperate, upon request with any supervisory authority in connection with the performance of its tasks in capacity of data processor (or “service provider”) to the Partner.
2. Appointment of Third Parties
Checkin will only transfer personal data (as specified in appendix 2.1) to a country outside the EEA to any third party or to engage any sub-contractor in the processing of personal data in compliance with all applicable laws in respect of such transfer and will ensure that any sub-processor is subject to written agreements. Checkin will be liable in relation to the Partner for any subcontractor’s acts and omissions as if performed by Checkin itself.
3. Checkin’s Employees
Checkin will ensure that all its relevant employees are informed of the confidential nature of the personal data, have undertaken training in data protection laws relating to the handling of personal data, and are aware both of Checkin’s duties and their personal duties and obligations under data protection laws and under this DPA.
4. Requests from Data Subjects
4.1 Checkin will assist and fully cooperate with the Partner regarding any request made by an individual that personal data refers to, in order for the Partner to comply with applicable data protection laws.
4.2 Checkin agrees not to disclose any personal data to any individual or to any third-party other than at the request by the Partner or as provided for in this DPA.
5. Audit
The Partner is entitled to, upon prior written request from the Partner and at the Partner’s expense, appoint an independent and certified auditor to inspect and audit Checkin’s processing of personal data to ensure that Checkin is in compliance with this DPA provided such audits are carried out on reasonable notice and does not involve the review of any third-party data. The reviewing entity shall enter into such confidentiality obligations with Checkin as may be reasonably necessary to respect the confidentiality of Checkin’s business interests and third-party data and other information of which the reviewing entity may become aware of during the inspection or audit.
6. Warranties
6.1 Checkin warrants that:
a) It will process personal data in compliance with all applicable laws, regulations, orders, and other similar instruments;
b) It will take appropriate technical and organizational measures against the unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data to ensure compliance with data protection laws; and
c) It will notify the Partner immediately if it becomes aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data and will provide such further information as the Partner may reasonably require.
6.2 Checkin will, following completion of its contractual responsibilities or upon the Partner’s request, destroy or return, any personal data processed on behalf of the Partner, unless otherwise required by applicable law or instructed by the Partner.
7. Governing Law
This DPA shall be governed by the substantive law of Sweden, without giving effect to the choice of law principles thereof. Any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce. The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the proceedings shall be English. All aspects of the arbitration shall be confidential.
*******
Appendix 2.1
Purpose of processing
Checkin’s Software provided to the Partner is specified in the License Agreement entered into between the Parties (and, if applicable, any addendum thereto). It is understood that the Software will include the use of one or more third party supplier(s) and integrations.
In connection with the use of the Software, the Partner’s end users will be submitting certain data, including personal data. Such data and personal data will be processed for the purpose of fulfilling Checkin’s obligations under the License Agreement and with the purpose of validating the correctness of such data and/or collecting such data.
The personal data processed by Checkin as part of the Software and in relation to external third-party sources includes:
Subject to provisions in the License Agreement, Checkin may also store personal data on behalf of the Partner (Storage Vault). Checkin will follow the Partner’s instructions in relation to what kind of personal data that should be stored, how much information that should be stored and for how long personal data will be stored. For the avoidance of doubt, it is the Partner’s responsibility to ensure that personal data is stored under the appropriate legal basis and that its end users’ rights under GDPR or any other applicable data protection legislation is fully respected and complied with.