Cobuilder Platform Agreement

Standard Terms and Conditions

1. Definitions

Agreement: The Cobuilder Platform Agreement includes the Frontpage (in a written agreement), the Customer Registration page (in the online registration module), Cobuilder Standard Terms and Conditions as published at any time on, and the appendices.

Cobuilder API: The Application Programming Interfaces made available to the Customer by Cobuilder on the terms and conditions as stated in this Agreement. The Cobuilder API consists of technology, which may include object code, software libraries, software tools, sample source code, published specifications, and documentation. The Cobuilder API includes any future, updated, or otherwise modified version(s) thereof furnished by Cobuilder in its sole discretion to the Customer. The Cobuilder API may enable the Customer with its authorised End-Users to use the rest of the Cobuilder Platform, including providing the End User with access to Content such as product information, product data, product properties, and document files stored on Cobuilder`s servers as well as metadata for these – such as names, the revision date of documents, identifiers of products and other data stored in Cobuilder`s databases.

Cobuilder Platform: The standard products developed by Cobuilder and delivered as Software as a Service to the Customer including any End-User, and such products may be Cobuilder Collaborate, Cobuilder Supply (prev. goBIM), Cobuilder Connect as well as Cobuilder API, Cobuilder APP and other Cobuilder Background like DefineTM.

Cobuilder’s Background: Any data, know-how or information – whatever its form or nature (tangible or intangible), including any rights such as intellectual property rights (IPR) – that is held by Cobuilder before acceding to this Agreement. The Cobuilder Background includes all the existing software solutions owned by Cobuilder when entering into this Agreement, and any updates later done of these solutions. The Cobuilder Background includes the Cobuilder’s Platform and the end-product of the Cobuilder’s Platform or other products or functionality developed by Cobuilder based on the IPR held by Cobuilder before this Agreement was entered into or other development by Cobuilder regarding the standard Platform, as well as all the Cobuilder’s proprietary processes, algorithms, software, computer programs, plugins, documents, designs, flowcharts, schematics, techniques, know-how, methods, processes, procedures, improvements, hardware, products, devices, discoveries or inventions, whether or not an IPR, and whether or not reduced to practice. For purposes hereof, any third-party licensed materials shall, except to the extent sublicensed to the Customer, be deemed Cobuilder’s Background. Changes to the Cobuilder’s Background made in the performance of the Agreement shall inure to the benefit of Cobuilder and be deemed Cobuilder’s Background (excluding any of the Customer’s Materials to the extent incorporated therein).

Commercial Use: Commercial use is defined as any presentation, derivation, or application of Cobuilder Background in a derivative product or resource with the intention to generate revenue by selling this to any third party.  “Revenue” is not limited to direct financial gains and may also include indirect gains that may accrue from such an application, such as providing a service or application without fee that helps to market or position an organization or individual by association.

Customer: The legal entity purchasing the Services from Cobuilder, i.e. the company that signs this Agreement or the company identified on the Frontpage or in the Customer page in the online registration module. The Customer decides how many End Users will have the possibility to use the Services from Cobuilder on behalf of the Customer.

Customer’s Material: The Customer’s formulas, patterns, programs, software, algorithms, devices, methods, prototypes, demonstrations, techniques, or other materials, including any of the Customer’s IPRs or any other trade names, logos, or data.

Customer Data: All data about the Customers own business, products, projects and associated data e.g the values of properties uploaded or otherwise added to the Cobuilder platform by the Customer/End-User, or by Cobuilder upon request by the Customer/End user.

Data dictionary: A Data dictionary enables the Customer to create relationships between concept types making up ontologies defining various functions of buildings, infrastructure, products, systems, rooms within the construction industry.

Data template (DT): A common data structure describing the characteristics (called ‘properties’) of a construction object, and its physical qualities, according to a credible source of information – be it a standard or regulation.

End-User: A physical person using the Services from Cobuilder who is;

  • authorized to use these Services on behalf of the Customer subject to the terms of the Cobuilder Platform End User License Agreement because of a subscription and having been supplied user identifications and passwords.
  • accessing a public page published by the Customer or Cobuilder without having a subscription.

Any End User is obliged to accept the Cobuilder Platform End User License Agreement, which shall become a binding part of this Agreement.

Frontpage: The additional written document explaining who the Customer is, the contact persons of the Parties, the Services and Products ordered, Effective date of the Agreement as well as other terms and conditions not covered by these general terms and conditions or other appendices to the Agreement.

Internal Use: Means use by the Customer’s employees as part of the execution of work tasks for the Customer.

License Fee: The prepaid fixed subscription fee to be paid by the Customer to Cobuilder for use of the Platform.

Party/Parties: Cobuilder or/and the Customer including any End User.

Services: The other services than those covered by the License Fee which the Parties have agreed and specified that Cobuilder shall deliver to the Customer.

2. In general

2.1 This Agreement regulates the Parties’ obligations concerning the performance of the agreed-upon Services and delivery of the agreed-upon Platform. In the event of a conflict between these General Terms and an appendix, the appendix shall prevail. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable.

2.2 The Parties’ contact persons listed on the Frontpage or in the Customer registration page in the online registration module, may send a written notice as specified in the Agreement. To the extent possible, the Parties shall communicate through writing concerning the Agreement. The Parties accept email correspondence as a written means of communication and as the preferable method to send written notice.

2.3 Nothing outlined in this Agreement is intended, or shall be deemed, to establish any partnership or joint venture between the Parties, nor constitute either Party the agent of the other Party, or to authorize either Party to make or enter into any commitments on behalf of the other Party.

2.4 The Customer may not assign this Agreement, or any interest or rights granted hereunder to any third party without the prior written consent of Cobuilder. A change of control or reorganization of the Customer under such as a merger, sale of assets or stock shall be deemed to be an assignment under this Agreement, but Cobuilder may only terminate the Agreement with 30 days written notice upon the occurrence of any prohibited assignment (approval from Cobuilder shall not be unreasonably withheld or delayed).

3. Term

3.1 This Agreement is effective from the date of signing as stated on the Frontpage or from the date the Customer has registered on the Cobuilder Platform. The term of the subscription of the Platform starts after the Customer has paid the agreed License Fee for such prepaid fixed subscription and lasts for the periods’ such License Fee are paid for.

3.2 This Agreement shall be automatically renewed for successive one-year periods unless terminated by either Party by written notice delivered at least 3 months before the beginning of the next such period. In case of termination, the Agreement is to be deemed terminated as of the last day of the prepaid fixed subscription (License Fee) paid for by the Customer. As from the notice of termination, Cobuilder shall inform the End Users on the upcoming termination.

3.3 If one of the Parties is guilty of substantial noncompliance with the Agreement, which is not remedied within 30 days after being urged thereto by written notice, the other Party may terminate the Agreement with immediate effect. Provided the Agreement is terminated due to substantial breach by Cobuilder, the Customer shall be entitled to a pro-rata refund of prepaid fees or to claim higher proven damages limited to direct documented loss of the Customer and the payment received from the Customer for the last 12 months.

3.4 In the event of termination of the End User account or a written request by the End User for deletion of such End User’s own personal data, the personal data regarding such End User shall be deleted unless storage for a certain period is required by law.

4. Prices

4.1 The prices for use of the Cobuilder Platform are specified in the current Cobuilder pricelist, available upon request. The prices valid for the Customer when signing the Agreement are specified on the Frontpage, in the online service when registering or contained in the Appendix Cobuilder Price book.

4.2 The consideration is due for payment within 20 days of the invoice date. Delayed payment shall cause interest to accrue according to applicable law.

4.3 After the initial 12-month period as well as after each renewal period, the prices stated on the Frontpage, in the online service or in the Appendix Cobuilder Price book may be subject to adaption at the national inflation rate.

4.4 If changes to public taxes or fees affecting the Agreement are adopted after the signing of the Agreement, these will be charged or credited to the Customer.

4.5 Cobuilder may update its standard price list for the Platform or the Services from time to time with thirty (30) days’ written notice.

4.6 All registered use of the Cobuilder Platform will require the customer or the end-user to pay a license fee to the owner of the IPR for use of relevant European and national Standards, unless there is an agreement with the owners of the IPR on a national level for the individual contexts.

5. Intellectual property rights (IPR)

5.1 This Agreement does not include a transfer of either Party’s IPR to the other Party, unless otherwise expressly agreed upon in writing. This Agreement only involves the transfer of non-exclusive rights regarding the Cobuilder Platform to the Customer or third parties as expressively outlined in this Agreement.

5.2 The Customer has and retains the copyright and/or other intellectual and neighbouring rights to the Customer’s Material. The Customer will have the non-exclusive rights to the Cobuilder applications as described in this Agreement for the term the Customer has paid the agreed License Fee.

5.3 The Customer has ownership of the Customer Data. The Customer acknowledges that the Customer Data can only be used in the customers normal business operation. The Customer shall have no right to distribute, license or otherwise transfer any Cobuilder Background to any third party or incorporate the Cobuilder API in any software, product, or technology as part of a separate commercial operation to monetize on the Cobuilder Background without the consent of Cobuilder. Any planned commercial implementation will be covered by a separate Agreement between the Customer and Cobuilder.

5.4 Cobuilder has and retains the copyright and/or other intellectual and neighbouring rights to the Cobuilder Background. Cobuilder retains the exclusive right to make changes to the source code and the exclusive right to further assignment of such results. Cobuilder holds the ownership rights and all intellectual property rights to the technology, including the databases and any associated programs and services that Cobuilder offers to the Customer through this Agreement for use of the Cobuilder Platform.

5.5 The Customer transfers a non-exclusive right to Cobuilder and all users of Cobuilder’s online services offered on the market in any country to use the data and documents the Customer or Cobuilder with the Customer’s authorization has input in Cobuilder’s systems. Should the Customer discover or judge that there are use-related restrictions on some documents or data, the Customer shall promptly notify Cobuilder in writing, identifying the documentation or data in question, and Cobuilder shall remove the data within 24 hours.

5.6 The Parties shall inform the other Party without undue delay if it becomes aware of any infringement of trademark, patent, design, or copyright concerning the Platform or Services.

5.7 Cobuilder grants to non-authorized (non-registered) users a non-transferable, non-exclusive right to read the content from a Cobuilder public page solely as a free license for use in its normal internal business operations and not to use the content for any commercial use to monetize on the Cobuilder Background by selling this to any third-party.

6. The Customer’s obligations

6.1 The Customer may allow employees and others who perform functions for the Customer to become End Users of the Cobuilder Platform. The Customer acknowledges that only those who perform functions under the same company number (business registration number) as the Customer shall be covered by the Customer’s subscription. The End User License Agreement applies to all users the Customer creates for the Cobuilder Platform. If the End User does not accept the End User License Agreement, the End User will not be granted access to the Cobuilder Platform. The Customer cannot raise any claims to Cobuilder other than what is specified in the End User License Agreement regarding service breach covered by the End User License Agreement.

6.2 Should the Customer want to use other products or services offered by Cobuilder specified in on the Agreement, the Customer must agree and pay for such additional products or services to Cobuilder. The Customer is solely responsible for acquiring, financing, and maintaining the computer equipment and internet access, etc. necessary for using the Cobuilder Platform. The Customer is responsible for the creation, maintenance, and use of data from the Cobuilder Platform for the Customer’s needs. The Customer is solely responsible for providing the necessary training on the Cobuilder Platform for the Customer’s or the End User’s needs. The Customer is responsible for the necessary training of its End User needed to use the Cobuilder Platform and related services in the Customer’s own business. Training can be organized by Cobuilder and billed as an additional service as per the hourly rate specified in the online service or in the appendix Cobuilder Price book. The Customer acknowledges that the Cobuilder Platform may be subject to export restrictions of various countries. The Customer shall fully comply with all applicable export license restrictions and requirements as well as with all laws and regulations relating to the importation of the Cobuilder Platform in any foreign jurisdiction in which the Cobuilder Platform is used.

6.3 The Customer is solely responsible for ensuring all data in which the Customer or Cobuilder with the Customer’s authorization enters the Cobuilder Platform is correct (except for mistakes made by Cobuilder while entering the data); including that such data or data entry does not constitute an infringement of third-party IPRs. This obligation applies to any use of the Cobuilder Platform, including the Customer’s reception or distribution of data or information belonging to any third party as well as information that is imported by the Customer. If the Customer has a contractual obligation with third parties that restricts the Customer’s right to use such data, the Customer is responsible for complying with such agreements. If a third party raises claims against Cobuilder due to data or content the Customer or Cobuilder with the Customer’s authorization has submitted into the Cobuilder Platform, Cobuilder can require that the Customer acquires the claim with all risks. Cobuilder may in any event require that the Customer keeps Cobuilder indemnified for loss Cobuilder may inflict by such claims against Cobuilder.

6.4 The Customer or any of the End-Users shall not grant third parties with any rights to use, reproduce, create derivative works of, distribute, publicly perform, or publicly display the Data Template or parts of it.

6.5 By using our services, the Customer declares that they have procured all relevant standards necessary for their operations and are compliant with industry regulations. 

7. Marketing right

The Customer acknowledges that Cobuilder is entitled to market the Agreement and inform publicly that the Customer has entered into an agreement with Cobuilder, unless otherwise agreed.

8. Cobuilder’s obligations

8.1 Cobuilder is responsible for the set-up, management, operation, and maintenance of the Cobuilder Platform. Cobuilder is only responsible for the input of data on behalf of the Customer if it is specifically agreed upon between the Customer and Cobuilder that Cobuilder shall deliver such consultancy services to the Customer.

8.2 As a supplier of the Cobuilder Platform, Cobuilder commits to exercise its business and design its applications in such a way that Cobuilder does not violate internationally recognized principles and guidelines related to privacy (e.g., the GDPR), human and labour rights, the environment, and corruption.

8.3 If a third-party claims that the Customer’s use of the Cobuilder Platform and/or other related products owned by Cobuilder under the terms and conditions of this Agreement infringes its IPRs, the Customer shall notify Cobuilder about such claim in writing and let Cobuilder handle such claim directly. Cobuilder shall indemnify and hold the Customer harmless from and against any claim from a third party provided the breach is caused by a breach in the IPRs by Cobuilder.

8.4 Regarding the use of Cobuilder Collaborate in Norway, by accepting the General Terms the Customer or End-user:

  • a) Gives Cobuilder AS authorisation on its behalf to obtain Safety Data Sheets, Declarations of Performance, assembly instructions and other relevant information regarding chemicals and solid products from manufacturers, importers and/or distributors, and to act on the Customer`s or End-user’s behalf as the reception point for Safety Data Sheets, Declarations of Performance, assembly instructions and other relevant product information from supplier.
  • b) Confirms that manufacturers, importers and/or distributors, which either directly or through a distribution chain supply chemicals or solid products to the Customer or End-user, by signing an agreement with Cobuilder AS, have complied with current regulatory requirements regarding the provision of Safety Data Sheets, Declarations of Performance, assembly instructions and other relevant product information when regulatory documentation has been provided or registered in Collaborate.

8.5 Regarding the use of Cobuilder APP, by accepting these General Terms the Customer or End-user:

  • a) Confirms that manufacturers, importers and/or distributors, who either directly or via distribution channels deliver product documentation to the Customer or End-user through the Cobuilder App, shall consider it as delivered to the Customer or End-user. This is done by the manufacturer, importer and/or distributor signing the standard Cobuilder Platform Agreement (a separate Agreement is available for Safety Data Sheets). The Cobuilder App thus acts as a receiving point on behalf of the Customer or End-user.
  • b) Authorizes Cobuilder AS to obtain relevant product documentation and other information (Declaration of Performance, environmental data, technical data, eco-labels, etc.) from manufacturers, importers and/or distributors on behalf of the Customer or End-user. The Customer or End-user shall encourage its suppliers to provide documentation in accordance with the regulations through the Cobuilders systems, and not directly to them.

9. Responsibility

9.1 Cobuilder is, as the operator of the Cobuilder Platform, not responsible for the misuse of data or products, nor for any damage (direct or indirect) arising from inaccurate or misleading data or information. Cobuilder is not responsible for events, loss, or damage caused by the Cobuilder Platform being unavailable or misused. Cobuilder will not provide any support for the Cobuilder Platform, including support services on e-mail or phone, or updates, upgrades, bug fixes, or modifications to the Cobuilder Platform, under this Agreement unless as agreed upon as additional Services.

The Cobuilder Platform is offered and delivered as it is (“as is”) with no warranty regarding the functionality, support, or availability, with exception of what follows from applicable legislation. To the extent permitted by applicable law, Cobuilder does not accept any direct or indirect responsibility or liability for the quality or functionality of the Cobuilder Platform, for the loss of any data, or any monetary damages directly or indirectly derived from the use of the Cobuilder Platform. Cobuilder is solely responsible for the safety and security of the data the End User has made available for the Cobuilder Platform, and for making the necessary back-ups to avoid loss and/or corruption of the Customer Data. In case of loss or corruption of the Customer Data due to the Cobuilder Platform, Cobuilder is only obliged to provide the Customer with the most recent available back-up, if any. Under no circumstances shall Cobuilder be obliged to input or reconstruct any lost or corrupted Customer Data, except if such loss or corruption or lack of (agreed back-ups) was caused by the gross negligence or wilful misconduct of Cobuilder.

9.2 If the implementation of the Agreement is wholly or partly prevented or materially impeded by circumstances beyond the Parties’ control, the Parties’ obligations are suspended to the extent relevant in the situation, and for as long as the situation lasts. Such circumstances include, but are not limited to acts of God, fire, wars, lightning, floods, strikes, lockouts, sabotage, civil strife, demonstrations, labour disputes, government actions, governmental laws, rules or regulations and any circumstances which under applicable law will be judged as force majeure. Nonetheless, either Party may terminate the Agreement with one month’s notice if the occurrence of the force majeure makes it particularly burdensome for the latter to maintain the Agreement.

9.3 The Parties’ liability to each other is limited to direct damages and the payment paid by the Customer excl. VAT for the Cobuilder Platform in the last six (6) months (however, section 3.3 will increase such amount in case the Agreement is terminated by the Customer due to substantial breach by Cobuilder). The Parties are under no circumstances responsible for the other Party’s consequential or indirect loss, including, but without limitation to consequential damages, operating losses, loss of use, transaction losses, losses incurred by third parties, loss of data, or losses because of an agreement with a third party being annulled or amended. The following amounts are not subject to the upper limit for compensation claims if a Party is legally responsible for them: i) Payments to third parties; ii) personal injury, including death; iii) damage to real or movable property; and iv) compensation amounts which under the current legislation cannot be limited.

9.4 Each Party warrants to the other Party to hold all necessary material and intangible rights linked to their part of the delivery (Cobuilder for the Cobuilder Platform and other agreed-upon products and/or Services, and the Customer for all information the Customer or Cobuilder with the Customer’s authorization enters into and distributes through the Cobuilder Platform). If a third party brings an action or makes an objection about infringement of intellectual property rights, the Party possessing the relevant intellectual property rights is to be immediately notified. The Party holding the relevant intellectual property rights should take over the case and the costs and risks associated with the case and hold the other Party harmless from any claims relating to such infringement or alleged infringement.

10. Confidential information

10.1 Each Party undertakes to treat all “Confidential Information” (meaning any information, knowledge or material, whether in writing, electronically or orally, of a confidential or secret nature of or concerning either Party, its affiliates, or their activities) relating to the other Party as strictly confidential and not to divulge it to any third party for any purpose whatsoever, whether during or after the termination of this Agreement and not to make use of such Confidential Information or any part thereof for any purpose (other than in the course of fulfilling its obligations under this agreement without the other Party’s prior written consent. This undertaking shall not apply to: (i) information which at the time of disclosure is published or otherwise generally available to the public; (ii) information which is published or becomes generally available to the public, other than through any act or omission on the part of the recipient; (iii) information which was in the recipient’s possession at the time of disclosure and which was not acquired directly or indirectly from the other Party; (iv) information rightfully acquired by the recipient from a third party who did not obtain it under a pledge of secrecy to the other Party or any third party; or (v) information which has been developed by the recipient independently of the Confidential Information received from the other Party.

10.2 All Confidential Information supplied to or acquired by either Party shall on termination of this Agreement be destroyed. If such Confidential Information is in hard copy, such Confidential Information shall be returned promptly to the other Party at the cost of the dispatcher.

10.3 The Parties may disclose Confidential Information only to reliable employees or reliable employees of its affiliates who need to know in order to carry out the rights and obligations under this Cobuilder Platform Agreement, provided that such persons are bound by obligations of confidentiality and non-use to the disclosing Party which are equal to the terms of this Cobuilder Platform Agreement. The disclosing Party shall ensure that such employees are fully aware of the obligations of this Agreement and shall be responsible for any breach of these provisions by its employees or employees of its affiliates.

11. Personal data and GDPR

11.1 If, and to the extent, Cobuilder is provided access to any personal data and/or must process any personal data when performing its obligations under the Agreement, the Parties record their intention that the Customer shall act as “data controller” and Cobuilder shall act as “data processor” as these terms are defined in the GDPR and the relevant Data Protection Act. To the extent Cobuilder is a data processor on behalf of the Customer, The Appendix “Data Processor Agreement” will be applicable and regulate Cobuilder’s rights and obligations concerning such processing of personal data.

11.2 The Customer acknowledges and agrees that personal data may be transferred or stored in any country of the European Union or European Economic Area in compliance with the applicable Data Protection Act, to carry out Cobuilder’s obligations under this Agreement. The Customer acknowledges and agrees that the personal data will be shared with Cobuilder`s employees, representatives, officers, directors, agents, advisors, affiliates, subcontractors, and consultants who need to know such data to provide technical support under strict confidentiality.

11.3 If the Customer enters personal information in Cobuilder Platform, the Customer is responsible for obtaining a legal basis for processing the information so that the personal data can be used and redistributed by Cobuilder and other users of Cobuilder’s systems as allowed by the Cobuilder systems. If sensitive information is entered, the Customer agrees to get the person the information applies to, to enter such information into the platform themselves.

11.4 For personal data not regulated by , which the Parties have access to due to their contractual relationship, such as the contact details of their respective contact persons, both Cobuilder and the Customer shall each take the appropriate technical and organizational measures that are required to protect the personal data against accidental or unauthorized destruction, accidental loss, as well as against any modification of or access to, and any other unauthorized processing of the personal data.

12. Points of Contact

To ensure cooperation between the Parties, the points of contact indicated on the Frontpage shall be used for daily communication, notifications, or changes to the Agreement. Either Party may change the contact person by sending an e-mail to the other Party’s contact with a 10 working days’ notice.

13. Revision and updates

Both Parties can request a contract revision/update based on a reasonable request. The contact persons indicated on Frontpage, or the contact persons according to the process described in clause 12, may agree on updates to any Appendices by sending suggested updates by e-mail to each other and confirming by e-mail that such updates are accepted, and that the new version shall replace the previous version.

14. Disputes

This Agreement is subject to the laws of the country where the Cobuilder Entity signing this Agreement with the Customer is located, excluding its conflict of law rules. Any dispute arising out of or relating to this Agreement shall be first attempted resolved through negotiations. The Parties accept the competent court in the country where Cobuilder Entity signing this Agreement is located, as an exclusive legal venue for any litigation that might arise should the Parties fail to resolve disputes through negotiations within 2 months after starting the negotiations. The language of litigation shall be English.

Appendix 3: Data Processing Agreement

1. Definitions

Agreement: The Cobuilder Platform Agreement including the Frontpage and any appendices between the Parties. All terms defined in the Agreement shall have the same meaning in this Data Processing Agreement, which is an appendix to the Agreement. For this DPA, “in writing” or “documented” shall also include electronically available formats, such as email.

GDPR: The EU’s General Data Protection Regulation (EU) 2016/679.

Data Processor Agreement (DPA): These terms and conditions with any annexes, alterations, and updates agreed upon between the Parties in writing (electronically or on paper). The DPA is following the GDPR. The DPA applies between the Customer as to the Controller and the Cobuilder as Processor, within the meaning of the GDPR. The DPA shall be available in writing, hereunder electronically. The DPA is an appendix to the Agreement and does not entail any changes to the commercial terms of the Agreement.

Customer: As defined in the Frontpage of the Agreement.

Controller: The Customer as defined in the Agreement.

Processor: Cobuilder as defined on the Frontpage of the Agreement.

2. Data Processor Agreement’s Aim

This DPA regulates the rights and obligations of the Parties following the GDPR. The DPA shall ensure that personal data related to the data subjects is not unlawfully processed or made available for unauthorized persons. This DPA aims to specify under which terms Cobuilder, as the Customer’s Processor, may process personal data, hereunder to give Cobuilder a legal basis for any processing according to the Agreement or the Customer’s requests.

The Processor and any person acting on behalf of the Processor, which has access to personal data, shall process said data only on documented instructions from the Controller. The Parties agree that this DPA constitutes such instructions from the Controller. The Parties agree that the Customer shall ensure that new purposes/processing activities shall be documented in writing in some way or other.

The personal data to be processed: All personal data made available by the Customer to Cobuilder through the fulfilment of the Agreement. In particular: employees’ names, email addresses, phone numbers, password, employer, and job title.

The categories of data subjects are the Customer’s employees and hired personnel, the Customer’s management and owners, persons associated with the Customer’s suppliers, customers, and other contracting parties who use Cobuilder’s solution according to the Agreement as well as any other end-user the Customer connects to Cobuilder’s product or service.

The processing covered by the DPA: The processing that is necessary for Cobuilder to fulfill their obligations according to the Agreement, the Customer’s instructions, applicable laws, and according to the subsequent contractual relationship between the Parties. This paragraph sets the framework for the Processor’s processing of personal data on behalf of the Customer.

3. The Processor’s Obligations

The Processor shall comply with Controller’s requested procedures and instructions for the processing. The Controller hereby requests that the Processor keep the Customer and the end-users updated, with email and text message correspondence, on the products and services delivered according to the Agreement, including new features, manuals, technical developments, campaigns, and similar information. Any individual who does not wish to receive such updates must be able to unsubscribe from these. The Processor shall assist the Controller with complying with their responsibilities under applicable personal data legislation, hereunder the GDPR, including the Controller’s duty to respond to requests from data subjects to exercise his/her rights as a data subject and ensure compliance with the GDPR articles 32 through 36.

Unless otherwise agreed upon or provided by law, the Controller has the right to access and inspect the personal data processed and the systems used for this purpose. The Processor is obliged to provide necessary assistance to this.

The Processor shall keep the Controller’s documentation and personal data confidential. This provision also applies after the DPA’s termination. The Processor shall ensure that persons authorized to process the personal data are contractually obligated to process the information confidentially if such person is not subject to an appropriate statutory duty of confidentiality.

The Processor shall undertake necessary technical and organizational measures to achieve a level of security appropriate to the risks associated with the processing of personal data and to ensure that the processing meets the requirements of applicable data protection legislation, including the requirements of the GDPR, and the protection of the rights of the data subject. The Processor shall immediately inform the Controller if, in its opinion, an instruction from the Controller infringes the GDPR or other statutory provisions on the protection of personal data.

4. Use of Sub-Processor

The Processor shall not engage a sub-processor without obtaining a prior specific or general written permission for this from the Controller. If Cobuilder has received general written permission, Cobuilder shall inform the Customer of plans to use other sub-processors, thereby giving the Customer the opportunity to object. All of Cobuilder’s sub-processors shall be familiar with the terms in this DPA and comply with the same conditions. An overview of the Processor’s sub-processors is available in Annex A to this DPA. The Annex shall be updated if there are changes to the use of sub-processors.

5. Controller’s Rights And Obligations

The Controller has the rights and obligations that applicable law at any given time requires of the Controller for the processing of personal data. In the event of violations of this DPA or the GDPR, the Controller may require of the Processor to stop further processing of the data with immediate effect.

6. Security and Audits

An overview of the Processors’ technical and organizational security measures are available in Annex B to this DPA. The Processor shall notify the Controller of any security breaches without undue delay. The controller is responsible for forwarding the notification to the relevant authority.

The Controller may, at their own cost, carry out audits of the Processor’s processing of the Controller’s personal data. The Processor shall, upon request, enable and contribute to audits, including inspections, carried out by the Controller or another inspector, authorized by the Controller. Upon request, the Processor shall make available to the Controller all information necessary to demonstrate that the requirements set out in this DPA are met, hereunder security documentation.

7. Duration and Termination

The DPA applies as long as the Processor is processing personal data on behalf of the Controller, and the DPA follows the same rules for termination as the Agreement.

According to the Controller’s decision, the Processor shall delete or return all personal data received on behalf of the Controller to the Controller after the end of the provision of the services relating to processing (upon the termination of this DPA). The Processor shall delete existing copies of such personal data, documents, and data unless laws require the personal data or such documents/data to be stored. This also applies to any backups.

8. Notices And Disputes Resolution

Notices according to this DPA shall be sent by email to the Parties’ contact persons according to the Agreement. The DPA shall be regulated by the same national legislation and disputes shall be settled by the same courts of law as agreed upon in the Agreement.

Cobuilder, March 1, 2023.