Terms of Service (EULA)
Effective August 28, 2023
1. Introduction
1.1 - These Terms of Service (the “Terms”) govern the use of the service KLASH (the "Service") and apply between Klash AB, org. no. 556829-7245 (the "Supplier"), and 1. such company (the “Company”) which, through an authorized representative, or 2. such individual (“Individual”) who has the right to enter into this agreement, and who, in relation to both 1. and 2., has accepted to be bound by them i) through the self-service sign up in the Service, or ii), as applicable, upon request, by executing an individualized agreement (the “Main Agreement”) with the Supplier.
1.2 - The Supplier and the Company, as well as the Supplier and the Individual, are each collectively referred to as the “Parties” and individually as a "Party". The Company and the Individual are individually referred to as a “Client”.
1.3 - By accepting the Terms, the Client warrants that it has the legal right to do so according to applicable law (including international law), and that this does not constitute a breach against any court decision or decision made by competent authority or any EU and UN institution.
1.4 - The Terms and, where applicable, the Main Agreement and any eventual attachments agreed between the Parties are collectively referred to as the "Agreement". In the event that the Terms, the Main Agreement and any attachments differ with respect to a certain matter, the Main Agreement shall take precedence over the Terms and the Terms shall take precedence over any attachments. If there are several attachments, they shall take precedence in ascending numerical order.
2. The Service
2.1 - The Service is a review and collaboration software service, provided as a Software as a Service (SaaS). The Service is intended to be used for the Client’s internal purposes as well as to act as a bridge between the Client and (other) companies and/or other third party users (as set forth herein), meaning that the Client may cooperate with other users through the Service. The Service is provided through the website https://klash.studio/ (the "Platform").
2.2 - Through the Service and through the Client’s Account (as defined below), the Client may invite individuals (i.e., “team members”, mainly, in relation to the Company, the Company’s employees, subcontractors and clients) to use the Service under the Client’s Account (each such person is referred to as a “User”).
2.3 - The Supplier has the right to hire subcontractors for the provision of the Service or parts thereof. The Supplier is responsible for the actions of its subcontractors as if they were the Supplier’s own actions.
3. Access to and use of the Service
3.1 - Through the Agreement, the Client is granted a non-exclusive, non-transferable and non-sublicensable license to use the Service to the extent, and in accordance with, the terms set forth in the Agreement.
3.2 - For the use of the Service, the Client needs access to the internet and such computer equipment and software as required for the use for the Service according to the Supplier’s instructions from time to time, and is responsible for having such. If the Client uses a third party's product or service in connection with the use of the Service, the Client undertakes to comply with the eventual terms applicable for such product or service.
3.3 - For using the Service, the Client also needs to have an account in the Service (“Account”) which is created by the Client following the instructions in the Platform and thereby providing the information requested. Certain features within the Service require a premium account (hereinafter referred to as a “Premium Account”, however, a Premium Account is also included in the definition of “Account”) which is also created by the Client following the instructions in the Platform and thereby providing the information requested.
3.4 - The Client is responsible for ensuring that all activity that takes place within the Client’s Account is carried out in accordance with the Agreement, applicable law and any eventual contractual obligations in relation to any third party, and for protecting the login details to the Account. This means that the Client is responsible for the acts and omissions of its Users as if they were the Client’s own actions/omissions. The Client shall ensure that all of its Users are made aware of and abide to terms no less onerous than those of the Agreement in relation to the usage of the Service. For the avoidance of doubt, the Client’s liability for its Users includes, where applicable, both such Users which are part of the Client’s (internal) organisation, as well as external Users who have been invited to use the Service within the Client’s Account.
3.5 - The Client is responsible for ensuring that any information provided by the Client when creating the Account or using the Service, or which is otherwise shared with the Supplier, is correct and complete, and for having the right to share it. This includes, for instance, the right to share the email addresses of, and, where applicable, other information about (where applicable) the Client’s (external and internal) Users.
4. Changes to the Service
4.1 - The Supplier reserves the right to at any time change, extend, reduce, add or terminate features of the Service without giving prior notice to the Client.
4.2 - However, if a change is to be made that significantly changes the Service, the Client shall be notified at least 30 days before the change becomes effective. If the Client does not agree to the change, the Client has the right to terminate the Agreement in accordance with Clause 13.1.
5. Price and payment
5.1 - For the use of the Service through a Premium Account, the Client shall pay a monthly fee per User, per internal User only (i.e., normally the Company’s employees) or as otherwise agreed, as set forth in the Client’s subscription plan in the Platform (unless otherwise set forth in a Main Agreement) (the “Subscription Plan”). Use of the Service which is not conducted through a Premium Account is free of charge. For the use of certain services/features within the Service, the Client may (as from time to time) have to pay an additional fee in accordance with the Subscription Plan.
5.2 - The Supplier has the right to change the price of the Service at any time (including, for instance, the price per User, the price for a certain service/feature within the Service etc.). If this happens and the price is increased, the Client shall be notified thereof no later than 30 days before the amended price becomes effective. If the Client does not accept the amended price, the Client has the right to terminate the Agreement in accordance with Clause 13.1 whereby the price (previously) agreed shall apply during the remaining term of the Agreement.
5.3 - Payment shall be made in accordance with the Subscription Plan applicable to the Client (or as set forth in the Main Agreement). Where applicable, the Supplier has the right to charge a reasonable invoice fee. In the event of late payment, penalty interest, and reminder and delay fees may be charged in accordance with law.
5.4 - All prices in the Service or as otherwise communicated by the Supplier are excluding VAT and other applicable fees and taxes.
6. Right of withdrawal
Should the Individual sign up for a Premium Account, the Individual acknowledges and agrees that the Individual does not have a right of withdraw from the purchase since the Individual will get direct access to the features under the Premium Account in connection with subscription. This means that the right to withdrawal under the Swedish Distance and Off-Premises Contracts Act (2005:59) (Swedish: distansavtalslagen) does not apply to the subscription of a Premium Account.
7. Intellectual property rights etc.
7.1 - Subject to Clause 7.2, all intellectual property rights relating to the Service and the Platform, and all information contained therein (such as but not exclusively copyright (including source code), trademarks and designs) (“Intellectual Property Rights") constitute the exclusive property of the Supplier or the Supplier’s subcontractors or a third party. The Agreement does not imply that the Client acquires any rights to Intellectual Property Rights, other than a license to use the Service during the term of this Agreement and otherwise in accordance with the Agreement. The Client undertakes not to modify or try to modify, copy, reverse engineering the Service (including any software or other rights embodied therein), but in all aspects respect the intellectual property rights of the Supplier.
7.2 - Any digital assets, such as video, audio, pictures and similar, which are uploaded by the Client in the Service, and all intellectual property rights embodied therein (“Assets”), constitute the exclusive property of the Client or a third party who has granted to the Client a license necessary to use such Assets (as they are being used by the Client). The Client warrants that it has the right to upload and use any Assets which are furnished to the Service and shall be solely responsible (and shall indemnify, defend and hold harmless the Supplier) if this is not the case. The Agreement does not imply that the Supplier acquires any rights to such Assets. This means that the Supplier may not exploit, disclose to third parties (not including the Supplier’s subcontractors which may get access to Assets when performing services to the Supplier as referred to in Clause 2.3) or otherwise use any Assets for its own purposes or for the benefit of a third party. Notwithstanding anything to the contrary, the Supplier has, unless otherwise agreed in writing, the right to use the Company’s company name and trademark for its own marketing purposes.
7.3 - Notwithstanding anything to the contrary, such data and compilations which are created in the Service when the Client uses the Service, may be used by the Supplier without limitation provided that the data and the compilations are anonymized. This right also applies after the term of this Agreement. Such data and compilations may for example be used by the Supplier to improve the Service. For the avoidance of doubt, the Supplier has the right to use cookies as set forth in the cookie policy in the Platform (as amended from time to time).
8. Storage, Backups and security
8.1 - The Service is a review and collaboration software service, and a tool for cloud storage of Assets. A certain storage space is included per User, as offered by the Supplier from time to time. This applies unless otherwise has been agreed between the Parties.
8.2 - IT and information security is of outmost importance to the Supplier. Therefore, the Supplier will always ensure that appropriate (considering the standard solution for companies within the same industry as the Supplier) security measures are in place within the Service, such as measures in line with or substantially in line with the Trusted Partner Network (TPN), Motion Picture Association (MPA), Content Delivery & Security Association’s (CDSA) best practices, and/or ISO 27001/20000 Information Security Management System (ISMS).
9. Confidentiality
The Supplier undertakes to not disclose to any third party information about the Client, its Assets or any other information provided by the Client to the Supplier. This applies unless Supplier has an explicit right to disclose such information as set forth in the Agreement, if such disclosure is otherwise required for the provision of the Service (as deemed by the Supplier acting reasonably), or if the Supplier is required by law, regulation or a decision of a court or competent authority to disclose certain information.
10. Processing of personal data
10.1 - Personal data of which the Company or, as applicable, the Individual, is the data controller may be shared for the purposes of the Agreement. The Supplier will process such data in the capacity of the Client's data processor. Therefore, when entering into this Agreement, the Supplier and the Company and, where applicable, the Supplier and the Individual, shall enter into the data processing agreement, attached hereto as Appendix 1. This applies unless the Parties has agreed to another data processing agreement.
10.2 - The Supplier also collects certain personal data in the capacity of a data controller, mainly in relation to the Individual. When processing such personal data, the terms of the Supplier’s privacy policy as applicable from time to time shall apply, which may be found, for example, here: https://klash.studio/legal, and in the Platform.
11. Defects in the Service and support
11.1 - The Supplier strives for the Service to always function smoothly and without interruption but does not guarantee that this will always be the case. If problems arise in the Service, the Supplier undertakes to try to resolve them promptly and in a way that causes the Client minimal damage.
11.2 - If the Service is wholly or partly out of function or flawed and this is material and lasts for a longer period than the Client should reasonably accept, the Client is entitled to a reasonable price reduction provided that the Client makes a complaint to the Supplier no later than 30 days after the flaw occurred. The price reduction shall correspond to the license fee for the period during which the Service is wholly or partially out of function.
11.3 - The Supplier provides support for the Service through the Platform, by email and phone. The support is available during business hours on weekdays which are not public holidays in Sweden. The Supplier uses its best efforts to handle support inquiries promptly. The Supplier has the right to decide what is included in the support provided.
12. Limitation of liability
12.1 - For the avoidance of doubt, the Supplier is not responsible for errors relating to the Client's computer equipment, software and/or internet connection, or for any third-party actions. Further, the Supplier is not responsible for the acts of other users of the Service (than the Client) with whom the Client chooses to collaborate through the Service, including in relation to the Client’s Assets.
12.2 - The Supplier can never be held liable for indirect or consequential damages, including but not limited to loss of profit or loss of cost savings. The Supplier's liability under the Agreement is limited to the amount paid by the Client for the Service during the period of 6 months preceding the date of the damage/damage. Should the Client suffer loss as a result of the Supplier’s breach of contract, the Client undertakes to try to limit such loss.
12.3 - The Service may contain links to websites provided by third parties. The Supplier does not control the content of such websites, nor can the Supplier accept any responsibility for such content (including such third party's handling of personal data), or any loss suffered by the Client as a result of the Client visiting such website.
12.4 - Neither Party is responsible for the performance of obligations prevented by circumstances beyond the control of the same Party, including but not limited to amendments in laws or regulations of authorities, interference in telecommunications networks, and computer viruses or hacker attacks that could not have been prevented by reasonable safeguards. If such circumstances exist, the Party which is prevented from performing in accordance with the Agreement shall inform the other Party thereof as soon as possible. An obligation which could not be complied with as a result of such circumstance shall be complied with as soon as the relevant circumstances do not longer exist.
12.5 - The limitation of liability provisions under the Agreement do not apply to the extent a Party has acted intentionally or through gross negligence, and only to the extent permitted by appliable law. In the event that a liability limitation provision under the Agreement or a part thereof is deemed invalid, the provisions of Clause 14.3 shall apply.
13. Term and termination
13.1 - The Agreement enters into force as set out in Clause 1.1 and shall be applicable until any Party terminates it which, unless otherwise agreed, may be done at any time before a new payment for a new contract period is due (as set forth in the Subscription Plan). The Supplier will not be required to repay any amount already paid by the Client or waive the right to any payment which is due.
13.2 - The Client may terminate its Account following the instructions set out in the Platform or by the Client notifying the Supplier in writing of the termination via the contact details set forth in the Platform. The Supplier may terminate the Agreement by notifying the Client in writing thereof through the Platform or by e-mail to the e-mail address to which the Client's Account is linked.
13.3 - The Supplier has the right to terminate the Agreement with immediate effect and/or suspend the Client from the Service if the Client i) commits a breach of the Agreement which is not minor, or it is likely that this is the case (for instance by not making relevant payments), ii) in another way uses the Service in a way which reasonably could cause damage to the Supplier, other users of the Service or the Service, iii) by, or when, using the Service, commits a breach of applicable law (including international law) or a court decision or decision made by a competent authority or any EU and UN institution, or iv) where applicable, suspends its payments, enters into composition procedure, files for bankruptcy, submits a request regarding company reorganisation or similar, or enters into liquidation. For the avoidance of doubt, termination/ suspension according to this Clause 13.3 will not result in the Supplier having to repay any amount already paid or waive the right to any payment which is due.
13.4 - The termination of the Agreement shall not affect any rights and obligations that has arisen prior to termination. Regardless of the termination of the Agreement, the Agreement shall, where applicable, for instance as regards law and disputes (Section 15), continue to apply.
14. Miscellaneous
14.1 - Transfers: The Supplier, but not the Client, may assign and transfer its right and obligations under this Agreement.
14.2 - Entire agreement: The Agreement constitutes the entire agreement between the Parties with respect to the subject matter of this Agreement and supersedes all eventual previous guarantees, undertakings, understandings, and agreements as agreed between the Parties, whether written or oral.
14.3 - Substitution: If any provisions of this Agreement or the application of it shall be deemed void, this shall not result in the Agreement or the provision as a whole being void. Instead, an appropriate adjustment of the Agreement shall be made taking into account the Parties' intention when entering into the Agreement.
15. Applicable law and disputes
15.1 - This Agreement shall be governed and interpreted in accordance with Swedish law (however not including conflict of law provisions).
15.2 - Any dispute, controversy or claim arising out of or in connection with this contract, or the breach, termination or invalidity thereof between the Supplier and the Company, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be Swedish, unless otherwise agreed between the Parties.
15.3 - All arbitral proceedings conducted with reference to this arbitration clause will be kept strictly confidential. The confidentiality provision includes all information which emerges during the proceedings as well as any decisions or arbitration award of the Arbitral Tribunal. Any information covered by this confidentiality provision may not be disclosed to any third party without the other Party’s prior consent. This confidentiality provision shall however not prevent a Party from disclosing information as required by compulsory law, a decision of a court or authority, in order to safeguard in the best possible way its rights vis-à-vis the other Party in connection with the dispute, or in order to enforce, appeal or challenge a decision or arbitration award.
15.4 - Any dispute, controversy or claim arising out of or in connection with this contract between the Supplier and the Individual, or the breach, termination or invalidity thereof, shall be finally settled by the public courts of Sweden, with Stockholm District Court (Swedish: Stockholms tingsrätt) as first instance.
15.5 - The Individual also has the right to get eventual disputes tried outside the public court, by filing a complaint with the National Board for Consumer Disputes (Swedish: Allmänna reklamationsnämnden) (”ARN”). More information and contact details to ARN may be found at www.arn.se.
15.6 - Further, the Individual may, in case of a transnational dispute, avail of the online dispute resolution platform of the European Union, which is available here: www.ec.europa.eu/consumers/odr.
15.7 - The Individual may always contact the Supplier in relation to disputes using the email address hello@klash.studio.
Our processing of your personal data
Effective August 28, 2023
It is important to us, Klash AB, company registration number 556829-7245, to protect all personal data that we process. This Privacy Policy includes information on how we process your personal data, and it applies in relation to all processing activities that we conduct in the capacity of data controller. Of course, we only process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (the ”GDPR”) and other applicable laws.
1. Introduction and Important Terms
For this Privacy Policy to become easier to read, some of the terms used herein are described below:
The term ”personal data” (or sometimes just ”data” or ”information”) refers to any and all information about you or someone else (i.e., to any identifiable, natural person), even if linking the information to you or someone else would require some effort. This could for instance be information about your phone number or your workplace.
The term ”processing” refers to any action taken, such as use or collection, in relation to personal data. The processing can either be automatic or manual.
The term ”data controller” refers to the person who is responsible for certain processing of personal data, and therefore determines the purpose and means of the processing. We, Klash AB, are the data controller in relation to the processing of personal data which we conduct on our own behalf, and such processing is covered by this Privacy Policy. You find our contact details further down in this policy.
The term ”you”, when used herein, refers to a person whose personal data we process in the capacity of data controller. Depending on your relationship with us or actions taken by you, i.e., which type of data subject you are (see the left column below in Section 2), the information in Section 2 below may be applicable to you. The different kind of data subjects whose personal data we process in accordance with this Privacy Policy are the following:
1. Persons representing our company customers (including as internal users within the company’s account in the service)
2. Individuals who use our service for private purposes
3. Persons representing our potential customers
4. Persons who have been invited to our service by any of our current customers and who use our service without a user account
5. Persons representing (or who are themselves) a supplier, partner, or another person within our network
6. Persons who appear in our own content in our service
7. Persons who apply for a job or internship with us or who are otherwise subject to a recruitment process of ours
8. Website visitors (including all users of our service)
9. Any other persons who contact us
2. Processing of Personal Data
Below you will find information on how, for how long, and based on what legal ground we process your personal data as well as what kind of personal data we process.
| Data Subject | Processing and purpose of processing | Type of personal data | Legal ground for processing | How we received the personal data |
|---|---|---|---|---|
| Persons representing our company customers (including as internal users within the company’s account in the service) | We use your personal data to be able to provide the service to your employer/principal, customize the user interface, present relevant features and content, and to administrate the relationship between the customer and us, for instance for payment and communication purposes and for setting up and maintaining user accounts. We collect the data, compile the data in our systems, we communicate with you by email, phone (by talking, texting or otherwise), and take other actions necessary for the stated purposes. | Contact details such as name, phone number, email address, profile picture, work title, information about your use of the service, conversation data and, should the customer be a sole trader, information about your account in our service/ your order(s) within the service, payment preferences, other information about current and previous agreements, your personal identification number, and payment data. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. In some cases, our processing is based on the agreement between your employer/principal and us or, as applicable, you and us. | Most of the personal data that we process about you, we have received directly from you. For instance, it might be that you provide us with information when your employer/principal, through you, engage with us for the provision of the service, or when you send emails to us. It might also be that your employer/principal or one of your colleagues provides us with information about you. |
| Persons representing our company customers (including as internal users within the company’s account in the service) | To be able to conduct troubleshooting and for security reasons, we collect the data and use it as necessary for the stated purpose. | Name, email address and IP address, and information about what company you are representing. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. | As regards your name and email address, we receive the data directly from you (this will be requested for you to be able to use our service). Your IP address will be collected automatically when submitting your name and email address in the service, and when logging in. Information about what company you are representing is linked to the user account from which you use the service. |
| Persons representing our company customers (including as internal users within the company’s account in the service) | To be able to, for marketing or information purposes, inform about us and our services and products, including, provide your employer/principal with customized offers, we compile the information in our system and use it to send news and information emails and similar. Should you no longer wish to receive such information, we also compile and use such information to ensure that no more emails are sent to you. | Email address and name as well as information about your use of the service, i.e., user data. | We have a legitimate interest in being able to market ourselves and provide information about us, that is the legal ground for our processing. We are obliged to not continue to send newsletters to you should you not wish to receive them anymore, which is why we base the relevant processing on our legitimate interest in complying with applicable law and respecting your wishes. | It varies; for instance, we might receive it directly from you when contacting us, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website. |
| Persons representing our company customers (including as internal users within the company’s account in the service) | Sometimes, we might publish commercials of our customers and cases in the service/on our website. The purpose of this is to improve/promote the service and improve the user experience. We take all actions necessary for the stated purpose, such as storing and posting the content. | It depends on the nature of the content as from time to time. Normally the content will include one or several pictures and/or videos, but may also include name, work title, employer/principal. | In most cases, our processing is based on the agreement between you and us, or your employer/principal and us. | In most cases, the content will be created and provided to us by you (or a third party acting on behalf of you/our customer) when you use the service. |
| Individuals who use our service for private purposes | We use your personal data to be able to provide the service to you, customize the user interface, present relevant features and content, and to administrate the relationship between you and us, for instance for payment and communication purposes and for setting up and maintaining user accounts. We collect the data, compile the data in our systems, we communicate with you by email, phone (by talking, texting or otherwise), and take other actions necessary for the stated purposes. | Contact details such as name, phone number, email address, profile picture, work title, information about your use of the service, conversation data and information about your account in our service/ your order(s) within the service, payment preferences, other information about current and previous agreements, your personal identification number, and payment data. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. In some cases, our processing is based on the agreement between you and us. | Most of the personal data that we process about you, we have received directly from you. For instance, it might be that you provide us with information when you engage with us for the provision of the service, or when you send emails to us. |
| Individuals who use our service for private purposes | To be able to conduct troubleshooting and for security reasons, we collect the data and use it as necessary for the stated purpose. | Name, email address and IP address. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. | As regards your name and email address, we receive the data directly from you (this will be requested for you to be able to use our service). Your IP address will be collected automatically when submitting your name and email address in the service, and when logging in. |
| Individuals who use our service for private purposes | To be able to, for marketing or information purposes, inform about us and our services and products, including, provide you with customized offers, we compile the information in our system and use it to send news and information emails and similar. Should you no longer wish to receive such information, we also compile and use such information to ensure that no more emails are sent to you. | Email address and name as well as information about your use of the service, i.e., user data. | We have a legitimate interest in being able to market ourselves and provide information about us, that is the legal ground for our processing. We are obliged to not continue to send newsletters to you should you not wish to receive them anymore, which is why we base the relevant processing on our legitimate interest in complying with applicable law and respecting your wishes. | It varies; for instance, we might receive it directly from you when contacting us, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), or another third party. |
| Persons representing our potential customers | To be able to create business relationships with new customers, we collect the data, compile the data in our system for any future contact with you, use it to enter into an agreement with you/your employer/principal, and we communicate with you by email, phone (by talking, texting or otherwise) and/or in another way. | Contact details such as name, phone number, email address, and as applicable, information about your work title and employer/principal. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. | It varies; for instance, we might receive it directly from you when contacting us, for instance by using the contact form on the website, or by collecting it ourselves from the internet, including from social media (such as LinkedIn), another third party or from your employer’s or principal’s website. |
| Persons who have been invited to our service by any of our current customers and who use our service without a user account | To enable access to the service, and to let you use certain parts of it when you have been invited by any of our customers, we collect the data, compile the data in our system and take other actions which are necessary for the stated purpose. | Email address, communication data such as comments regarding certain content, the username chosen by you, as well as information about what customer you have been invited by. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. | Your email address will be received by a customer of ours (who has guaranteed that he/she/it has the right to share such data). In relation to other data, we will, normally, receive it directly from you. |
| Persons who have been invited to our service by any of our current customers and who use our service without a user account. | To be able to conduct troubleshooting and for security reasons, we collect the data and use it as necessary for the stated purpose. | Username, email address and IP address, and information about what user you have been invited by. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. | Your email address will be received by a customer of ours and in connection therewith, we will receive information about what user you have been invited by. Your IP address will be collected automatically when submitting your username (which you will provide us with as set forth above). |
| Persons representing (or who are themselves) a supplier, partner, investor, or another person within our network | To be able to conduct, develop, improve our business, and otherwise to meet a need of ours, we sometimes need to purchase certain services/products, cooperate with others, engage with investors and similar. If we have entered into an agreement with a supplier, partner, investor or other third party, the purpose of the processing is dependent on what has been agreed with you/the company that you represent and us, or the relevant need of ours. In general, in such cases, processing takes place to meet the need of ours, which may include the performance and administration of what has been agreed to, and to take advantage of our rights as set forth in the relevant agreement. | It depends on the relevant situation or agreement. In most cases, only contact details such as name, phone number, email address, communication data and, as applicable, information about who is your employer/principal, you work title, and, should you be a sole trader, in some cases, your bank account/invoicing information and personal identification number. If you provide us with other personal data, we will also process such data. We might also request that you provide us with additional data as depending on the type of agreement to be or which has been entered into. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. In some cases, our processing is based on the agreement between you or your employer/principal and us. | Most of the personal data that we process, we have received directly from you or anyone else representing the supplier/partner/investor/third party. It might also be that the company that you represent or one of your colleagues provides us with information about you. Further, we might also, where needed, collect it ourselves from the internet. |
| Persons who appear in our own content in our service | To improve/promote the service and improve the user experience, we sometimes publish pictures and videos on our website. We take all actions necessary for the stated purpose, such as storing and posting the content. | It depends on the nature of the content as from time to time. Normally the content will include one or several pictures and/or videos. | In most cases, our processing is based on the agreement between you and us, or your employer/principal and us. | In most cases, the content will be created by us. It might also be that we purchase the content from you or your employer/principal. |
| Persons who apply for a job or internship with us or who are otherwise subject to a recruitment process of ours | For us to be able to find suitable persons to hire for employment and finding suitable persons for internships, we compile the data in our system for any future contact with you, we communicate with you by email, phone (by talking, texting or otherwise) and/or in another way, and use the data in connection with eventual job interviews, in connection with taking of references and to be able to enter into an agreement with you. | Contact details such as name, phone number and email address, information included in your CV and other parts of your application, communication data, as well as notes from eventual job interviews and our taking of references. | If you submit an application to us, this means that you give your consent to our processing of your information. If we, as a result of our own searching activities, find that you are a potential candidate and therefore process your data, we do so because it is necessary for us in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. | If you submit an application to us, the data is thus collected directly from you. We may also collect the data ourselves from the internet, including from social media (such as LinkedIn), or another third party (such as from someone telling us about you). Personal data may also be collected directly from you in connection with job interviews and in connection with taking of references. |
| Website visitors (including all users of our service) | To be able to improve/market our business, in particular optimizing our website/our service, we collect the data, compile it within our system, and evaluate it. | Data regarding demography and website behaviour, as well as information about your geographical location. | In relation to strictly necessary cookies, we have a legitimate interest in being able to develop our business and that is the legal ground for such processing. As regards other types of cookies, our processing will be subject to your consent (which may be withdrawn). | The information will be collected by us when you visit the website. |
| Any other persons who contact us | To be able to answer any request received from you, we need to process personal data to communicate with you and, as applicable, take any actions as a result thereof. | This depends on what information you provide us with. In most cases, your name and other contact details will be processed, as well as communication data. | It is necessary for us to process the data in order to fulfil the stated purpose, and we therefore, after having carefully assessed the matter, consider that we have a legitimate interest in processing the personal data. However, the processing may instead, depending on your inquiry, be based on your consent, an agreement, or other legal ground. | Normally, all personal data will be received directly from you. |
| All categories of data subjects | We may need to process certain personal data in order to fulfil an obligation under law (for example, to fulfil our obligation to keep accounts). The types of processing that may occur is dependent on what legal obligations that we have from time to time. For example, we may use the information to share your data with authorities to the extent they require us to do so. | All categories of personal data set forth herein may be processed in connection with the stated purpose. | Such processing of personal data may take place on the basis that we have a legal obligation that requires the processing. | Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply. |
| All categories of data subjects | We may need to process certain personal data in order to safeguard our or someone else’s rights and/or interests in the event of a legal claim against us or someone else. The type of processing is depending on each situation. Normally, we may need to use the data in connection with court proceedings or when having a dialogue with a counterparty or counterparty counsel. | All categories of personal data set forth herein may be processed in connection with the stated purpose. | Should we need to process personal data for the stated purpose, we consider, after having carefully assessed the matter, that we have a legitimate interest in doing so. | Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply. |
| All categories of data subjects | To be able to reconstruct, such as divide into several businesses, or if someone wishes to invest in us, acquire us or a part of us, or any of our assets, we might have to disclose your personal data to such potential investor or purchaser (who is bound by a confidentiality obligation), for instance as part of a due diligence investigation, and take other measures within the scope of the above-mentioned purpose (such as discussing with a counterparty about their findings). For the avoidance of doubt, the processing of your personal data will continually be in accordance with this Privacy Policy, unless you are informed otherwise. | All categories of personal data set forth herein may be processed in connection with the stated purpose. | If we process data due to the stated purpose, such processing will be based on our legitimate interest, after having carefully assessed the matter, in being able to restructure ourselves, finance our business or as otherwise stated, and thereby process your personal data. | Since all personal data processed by us may be included, everything set forth in this column above and below regarding how we received the data apply. |
| All categories of data subjects | If you on your own initiative provide us with other personal data than the one that we it requested, we may process them by, for instance, compiling them in our systems and communicate with you about them by email, phone (by talking, texting or otherwise) and / or in another way. | Since we cannot control what information you provide to us, any type of personal data may be processed in connection with the stated purpose. | The legal ground for our processing is dependent on the type of data provided by you and the reason for it. The processing may thus be based on your consent, an agreement, our legitimate interest or other legal ground. | We receive the data directly from you, your employer/principal or another third party. |
3. Storage Period
We process personal data only for as long as it is necessary to fulfil the purpose with the processing. When we no longer need certain personal data for the processing stated above, we delete it. Depending on the legal ground for the processing, the period during which we process the personal data may be governed by an agreement, be subject to a valid consent, be specified in legislation or be a result of our own assessment based on our legitimate interest. In relation to our customers (including the data of their representatives), their data is deleted within our year after the termination of the service agreement as entered into between us and them respectively.
4. Security
We have taken technical and organizational measures to ensure that your personal data is protected in the best possible way, such as:
i) Encryption
ii) Organizing information in four different security classes according to ISO 27001/20000
iii) Login with two-step verification and single sign-on (SSO)
iv) Great focus on security-related work and staff training
v) Information classification
vi) Continuously monitoring the access to information
vii) Subcontractors are chosen with great care
viii) Entering into confidentiality agreements
We ensure that your personal data is not disclosed other than when necessary, for instance by the establishment of routines and the measures set forth above (which varies depending on the type of personal data and the purpose of the processing), and otherwise ensure that it is protected from loss and unauthorized access.
5. Disclosure
The personal data that we process is available to persons within our organisation who need it in order to carry out their work duties only (which varies depending on the type of personal data and the purpose of the processing) who are employees or consultants. We also share personal data with our subcontractors and, where applicable, to potential investors and purchasers according to Section 2 above, to the extent necessary for us to be able to achieve the purpose of the personal data processing. We might also share personal data with authorities to the extent we are required to do so.
We never share more information than necessary given the purpose of the sharing. We choose our subcontractors with great care and enter into data processing agreements with all of them, meaning that they may only process personal data in accordance with applicable law and our instructions. We use or may use, as from time to time, subcontractors/third-party tools for the following purposes:
i) Cloud storage
ii) Media processing
iii) Streaming services
iv) Speech-to-text
v) Two-factor authentication
vi) Analytics
vii) Online payments
viii) Error handling and debugging
ix) Email
We strive for your personal data to be processed within the EU/EEA. However, some of our subcontractors are domiciled outside the EU/EEA, and therefore personal data may sometimes be transferred and processed outside the EU/EEA where other rules on personal data processing apply. However, we will always take all necessary measures to ensure that your personal data is processed with appropriate safeguards in accordance with the GDPR and other applicable laws (such as standard contractual clauses).
6. Your Rights
Due to our processing of your personal data, you have the following rights:
i) You have the right to
a. access the personal data which concerns you and which is processed by us, and
b. should it or parts of it be inaccurate and/or incomplete, have it rectified or completed.
ii) You have the right to demand
a. that we erase the personal data which concerns you and which is processed by us,
b. that we restrict our processing of your personal data, and/or
c. that we completely discontinue our processing of your personal data.
iii) You have the right to exercise your right to data portability (i.e., the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format which may be transmitted to another controller).
iv) Should our processing of your personal data be based on your consent, you have the right to withdraw such consent (in relation to future processing).
If you wish to exercise one or several of your rights, you are welcome to contact us via the contact details provided in Section 7 below. If you exercise your rights as described above, we may not be able to cooperate or have continued contact with you (or the company that you represent), provide our services to you (or the company that you represent), include you in a recruitment process etc.
Please note that you in some cases do not have all the rights listed above. This applies, for example, if we have to process your personal data i) for the purpose which it was collected, ii) according to our conclusion after having carefully weighed interests, or iii) otherwise according to EU law or the national law of an EU country. The rights set forth above are not absolute, and you only have the right to exercise them to the extent it would be in accordance with the GDPR and other applicable law, and where we otherwise have the legal/contractual right to comply with them (for instance by disclosing information to you). Further, please note that the rights set forth above apply subject to the duty of confidentiality which we might have in relation to third parties. Such duty of confidentiality may imply that we cannot disclose certain data that we have received.
Further, you have the right to make complaints about how we process your personal data if you believe that this is not done in accordance with applicable laws. You may do this by contacting the Swedish Authority for Privacy Protection (Swedish: Integritetsskyddsmyndigheten), for instance by using the email address imy@imy.se. Other contact information for the Authority for Privacy Protection can be found here: https://www.imy.se/kontakta-oss/.
7. Contact and Questions
If you have any questions about our personal data processing or want to exercise your rights as set out above, you are welcome to contact us. The easiest way to reach us is to send an email to privacy@klash.studio. Also, you are always welcome to send us a letter. Our address is:
Klash AB
Högalidsgatan 42
117 30 Stockholm, Sweden
8. Privacy Policy Updates
We may make changes to this Privacy Policy. The latest version of it is always available upon request. Before any material amendments to this Privacy Policy enter into force, we will inform you about them (for instance through a notice on your website or an email) before continuing the processing of your personal data.
Data Processing Agreement
Effective August 28, 2023
1. Introduction
1.1 - This Data Processing Agreement (the “DPA”) is entered into on the date of signing between the parties of the Service Agreement to which this DPA is an appendix (the “Agreement”).
1.2 - Defined words used is the Agreement shall be given the same meaning when used in this DPA, unless the context in which they are used clearly indicates otherwise. The contact details of the Supplier for the purposes of this DPA are set forth in the Platform, and the contact details for the Company for the purposes of this DPA are those provided by the Company when creating its Account or, where applicable, as set forth in the Main Agreement.
1.3 - Pursuant to the undertakings which follow from the Agreement, the Supplier may process personal data as well as other information on behalf of the Company. As a consequence, the Parties are entering into this DPA to govern the conditions for the Supplier’s Processing of, and access to, Personal Data belonging to the Company.
1.4 - The DPA comprises this document and the appended Instruction, Appendix I. In the event of any contradictions between this document and the Instruction, this document shall take precedence, unless otherwise specifically stipulated or clearly indicated by the circumstances.
1.5 - The DPA shall apply to all agreements executed between the Parties in which the Supplier is the Processor on behalf of the Company, and the DPA shall remain in force for as long as the Supplier Processes Personal Data on the Company’s behalf.
2. Definitions
Unless the circumstances clearly indicate otherwise, definitions or terms used in this document shall be defined as set forth below. Any term which is used in the GDPR (as defined below) and which is not stated below shall be defined as follows from Article 4 of the GDPR.
Other Regulation means national laws which, from time to time, apply to Processing of Personal Data (excluding the GDPR)
Processing means an operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation)
Instruction means the instructions which the Company gives to the Supplier within the scope of this DPA
Personal Data means any information relating to an identified or identifiable natural person, whereupon an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
Controller means a natural or legal person, public authority, institution, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union law or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union law or Member State law
Processor means a natural or legal person, public authority, institution, or other body which processes Personal Data on behalf of the Controller
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored, or otherwise Processed
Data Subject means the living natural person who is alive and whose Personal Data is Processed
3. Generally regarding the Processing of Personal Data
3.1 - The Company is the Controller of the Personal Data which is Processed within the scope of the Agreement, and the Supplier is regarded as the Processor on behalf of the Company.
3.2 - The Supplier has provided sufficient guarantees that it shall take suitable technical and organisational measures to ensure that the Processing of Personal Data meets the requirements of the GDPR and any Other Regulation, and ensures protection of the rights of the Data Subject.
3.3 - Taking into consideration the nature of the Processing, the Supplier shall assist the Company by taking suitable technical and organisational measures, to the extent possible, to enable the Company to perform its obligation to respond to requests regarding the exercise of the Data Subject’s rights in accordance with Chapter III of the GDPR.
3.4 - If the Supplier believes that the Instruction or other instruction or notification from the Company would conflict with the GDPR or any Other Regulation, the Supplier shall be entitled to notify the Company and defer the Processing in question.
4. Purpose and type of Personal Data etc.
The Instruction shall, inter alia, state the subject of the Processing, the duration of the Processing, the nature and purpose of the Processing, the type of Personal Data, and categories of Data Subjects.
5. The Supplier’s personnel etc.
5.1 - The Supplier, its employees, and other persons who perform work under the Supplier’s supervision and who gain access to Personal Data belonging to the Company may only process such Personal Data on the Company’s instruction, unless such person is obligated to do so pursuant to Union law or Swedish national law.
5.2 - The Supplier shall ensure that its employees and all other persons for whom the Supplier is liable and who are authorised to process Personal Data covered by this DPA have undertaken to maintain confidentiality (unless such person is subject to an appropriate statutory confidentiality obligation).
6. Security
6.1 - The Supplier shall take all safeguards required under Article 32 of the GDPR.
6.2 - Taking into consideration the type of Processing and the information which the Supplier has, the Supplier shall assist the Company in ensuring that the obligations regarding security can be satisfied in a manner which follows from Article 32 of the GDPR.
6.3 - In conjunction with the assessment of an appropriate security level, particular consideration shall be given to the risks which follow from the Processing, particularly resulting from unintentional or unlawful destruction, loss, or modification, from unauthorised disclosure, or from unauthorised access to the Personal Data which is transferred, stored, or otherwise processed.
7. Personal Data breach
Taking into consideration the type of Processing and the information available to the Supplier, the Supplier shall assist the Company in ensuring that the obligations arising due to any Personal Data Breach can be fulfilled in a manner as required in Articles 33-34 of the GDPR.
8. Impact assessment and prior consultation
Taking into consideration the nature of the Processing and the information which is available to the Supplier, the Supplier shall assist the Company in fulfilling its obligations, if any, to conduct an impact assessment and/or prior consultation with a supervisory authority pursuant to Articles 35 and 36 of the GDPR.
9. The Instruction
9.1 - The Supplier may only process the Personal Data which is covered under this DPA on the Instruction (including in respect of transfers of Personal Data to a third country or an international organisation, provided such Processing is not required pursuant to EU law or the national law of a Member State to which the Supplier is subject and, in such case, the Supplier shall inform the Company of the legal requirement before the data is Processed, unless such information is prohibited with reference to an important public interest under relevant national law).
9.2 - The Company shall be entitled to update the Instruction from time to time. The Supplier shall be entitled to compensation for additional costs incurred if the Company modifies the Instruction.
10. Sub-processors
10.1 - The Supplier has the Company’s general authorisation for the engagement of sub-processors. The Supplier shall inform in writing the Company of any intended changes concerning the addition or replacement of sub-processors at least 30 days in advance, thereby giving the Company the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s) (however, any objection must be based on an objectively acceptable reason). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix II. The list of sub-processors already authorised by the data controller can be found in Appendix II.
10.2 - Where the Supplier engages a sub-processor for carrying out specific processing activities on behalf of the Company, the Supplier shall ensure that any such sub-processor enters into a written personal data processor agreement before the sub-processor begins work related to the Company. Any such personal data processor agreement must contain the undertakings and obligations which follow from the DPA. In any such a personal data processor agreement, the sub-processor shall provide sufficient warranties in respect of taking suitable technical and organisational measures so that the Processing meets the requirements of the GDPR.
10.3 - In the event the sub-processor fails to fill its obligations, the Supplier shall be liable to the Company for the performance of the sub-processor’s obligations.
10.4 - The Supplier is aware that it must comply with the provisions regarding retention of sub-processors.
11. Transfer to a third country
The Supplier may move, store, transfer, or otherwise process Personal Data belonging to the Company outside of the EU/EEA, provided such transfer meets the requirements and undertakings which follow from the GDPR.
12. Right to transparency
The Supplier shall grant the Company access to all information which is required and necessary to enable the Company to verify compliance with the obligations which follow from Article 28 of the GDPR and to enable and assist in audits, including inspections, which are conducted by the Company or by an examiner authorised by the Company. The Supplier shall, at all times, be entitled to reasonable notice in the event the Company wishes to exercise its right to conduct an audit or inspection and the Company shall compensate the Supplier for its costs incurred in connection with any such audit or inspection.
13. Compensation
The Supplier shall receive compensation for verified additional costs for measures which it takes in respect of Processing of Personal Data in accordance with the DPA or as a consequence of the DPA otherwise.
14. Liability
In the event the Parties have reached an agreement regarding limitation of liability in another agreement, such limitation of liability shall also apply to this DPA. In the event the Parties have not reached an agreement regarding such a limitation of liability, a Party’s liability under this DPA or as a result of the Processing which is covered under the DPA shall be limited to one hundred thousand kronor (SEK 100,000). Notwithstanding anything to the contrary contained herein, the following shall apply. If the Supplier’s wrongful processing of Personal Data is a result of the Company’s wrongful acts or instructions, the Company shall compensate the Supplier for any eventual administrative fees or damages which the Supplier shall pay as a consequence of such acts/instructions (whereupon any limitation of liability provision, for the avoidance of doubt, shall not apply).
15. Termination of the DPA
15.1 - When the Supplier discontinues Processing Personal Data on behalf of the Company, the Supplier shall return all Personal Data to the Company in the manner instructed by the Company or, upon the Company’s written notice, destroy and erase all Personal Data which is associated with the DPA.
15.2 - Following termination of the DPA, the Supplier shall not be entitled to save any Personal Data belonging to the Company and, as soon as the Supplier has complied with the provisions of Clause 15.1 above, the Supplier’s right to process or otherwise use Personal Data belonging to the Company shall cease (provided storage of Personal Data is not required pursuant to national law or Union law, or the Supplier has legal grounds to process relevant Personal Data).
16. Confidentiality
16.1 - The Parties hereby undertake, during the term of the DPA and thereafter, not to disclose to any third party information regarding the DPA, nor any other information which the Parties have learned as a result of the DPA, whether written or oral and irrespective of form (“Confidential Information”). The Parties agree and acknowledge that the Confidential Information may be used solely for the fulfilment of the obligations under the DPA and not for any other purpose. The receiving Party further agrees to use, and cause its directors, officers, employees, sub-contractors or other intermediaries to use, the same degree of care (but not less than reasonable care) to avoid disclosure or use of Confidential Information as it uses with respect to its own confidential and/or proprietary information.
16.2 - This confidentiality undertaking does not apply to information which
i) at the date of its disclosure is in the public domain or at any time thereafter comes into the public domain (other than by breach of this DPA); or
ii) the receiving Party can evidence was in its possession or was independently developed at the time of disclosure and was not obtained, directly or indirectly, by or as a result of breach of a confidentiality obligation.
16.3 - Neither shall this confidentiality undertaking apply to the extent that any Party is required to make a disclosure of information by law or pursuant to any order of court or other competent authority or tribunal or by any applicable stock exchange regulations or the regulations of any other recognised market place. In the event that any Party would be required to make any such disclosure, each Party undertakes to give the other Party immediate notice prior to any such disclosure. Each Party also agrees and undertakes to use its best efforts to ensure that any information disclosed under this section, to the extent possible, shall be treated confidentially by anyone receiving such information.
17. Assignment of the DPA
Neither Party shall be entitled to assign its rights and/or obligations under the DPA, in whole or in part, without the prior written consent of the other Party.
18. Governing law and jurisdiction
18.1 - This DPA shall be governed by the substantive law of Sweden.
18.2 - Any dispute, controversy or claim arising out of or in connection with this DPA, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretion determines, taking into account the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators. The seat of arbitration shall be Stockholm, Sweden. The language to be used in the arbitral proceedings shall be English, unless the Parties agree that it shall be Swedish.
18.3 - The undertake and agree that all arbitral proceedings conducted with reference to this arbitration clause will be kept strictly confidential. This confidentiality undertaking shall cover all information disclosed in the course of such arbitral proceedings, as well as any decision or award that is made or declared during the proceedings. Information covered by this confidentiality undertaking may not be disclosed to a third party without the prior consent by the other Party. Exceptions to the foregoing shall only apply to the extent that disclosure may be required of a Party due to mandatory law, an order of a competent court or public authority, or to protect, fulfil or pursue a legitimate legal right or obligation or to enforce or challenge an award.
APPENDIX I TO DPA - INSTRUCTION
The following document is the Instruction.
Definitions used in this Instruction shall have the same meaning as in the DPA, unless the circumstances clearly indicate otherwise.
1. Contact Information
The contact details as set out or referred to in the Agreement shall apply also for the purposes of the DPA.
2. Processing of Personal Data
2.1 - Categories of Personal Data
Contact information such as full name, address, email address, phone number, work title, profile pictures and place of work
Registration data such as contact information (as described above) and other information provided in connection with the creation of an Account
User data such as communication data generated in connection with the use of the Service, the terms for a certain User’s right to use the Service (as decided by the Company), and information about the usage of the Service
Payment data such as information about invoicing address, payment card details etc.
Data contained in Assets (i.e., any digital assets, such as video, audio, pictures and similar, which are uploaded by the Company in the Service)
Other data which the Company (or anyone acting on behalf of the Company) chooses to upload in the Service or otherwise communicate with the Supplier, such as requests, preferences etc.
2.2 - Special categories of Personal Data
Assets may include special categories of Personal Data to the extent the Company (or anyone acting on behalf of the Company) uploads such content.
2.3 - Categories of Data Subjects
Persons who are included in Assets, such as persons seen and/or heard in movie clips
The Company’s employees
Representatives of the Company’s subcontractors and clients
2.4 - Purpose and categories of the Processing
The Supplier will Process the Personal Data for the general purpose of providing the Service to the Company in accordance with the Agreement, including in accordance with the Company’s instructions. Any instructions with are explicitly or indirectly provided through the Company’s use of the Service (such as any settings made in the Service) shall, for the avoidance of doubt, be regarded as instructions provided by the Company for the purposes of the DPA In further detail, Personal Data will be Processed for the following purposes:
For the provision of the Service, including, inter alia, to enable the provision of an Account, adjust the user interface, offer relevant functions, provide relevant content
For communication about and within the Service, such as provide information about updates within the Service and provide relevant offers/subscription plan
To enable payment of the Service
3 - Security measures
3.1 - Technical and organisation security measures
Taking into consideration the type of Processing and the information which the Supplier has, the Supplier takes, for instance, the following technical and organisation security measures:
Encryption
Organizing information in four different security classes according to ISO 27001/20000
Login with two-step verification and single sign-on (SSO)
Great focus on security-related work and staff training
Information classification
Continuously monitoring the access to information
Subcontractors are chosen with great care
Entering into confidentiality agreements
3.2 - Storage minimisation
Normally, Personal Data shall be deleted within one year after the termination of a service agreement. This applies unless Processing is required due to a legal obligation (for example, to fulfil the obligation to keep accounts) or to safeguard someone’s rights and/or interests in the event of a legal claim, in which case Processing may take place during a longer period. When Personal Data is no longer required for such purposes, it shall be deleted.
APPENDIX I TO DPA - APPROVED SUB-PROCESSORS
This appendix specifies the sub-processors approved by the Company. Such sub-processors will Process the Personal Data of which the Company is the Controller.
| Sub-processor | Purpose(s) |
|---|---|
| Amazon | Cloud Storage Cognitive Services Media Processing Streaming Services |
| Analytics Two-Factor Authentication | |
| Microsoft | Cloud Storage Cognitive Services Media Processing Single Sign-On (SSO) Streaming Services |
| Stripe | Online Payments |
| Functional Software Inc, dba Sentry | Error Tacking and Debugging |
| Twilio | Email Two-Factor Authentication |
| Ably | Real-Time Publish & Subscribe Messaging |
| Customer.io |
Cookie Policy
Effective August 28, 2023
In this Cookie Policy we will provide you with detailed information on how Klash AB (hereinafter - the "we" or "our"), shall undertake to ensure the security of personal information and the protection of rights of the visitors and users of the websites (hereinafter - the "Visitors", "You") while you use our websites including but not limited to http://www.klash.studio (hereinafter - the "Site") and the content on it.
1. What is a cookie?
A cookie is a small file placed onto your device that enables our Site features and functionality. For example, cookies can enable us to identify your device and secure your access to the Site. Cookies also allow the Site to remember information about your browsing on the Site for a while and to recognize you the next time you visit the Site. All this allows us to give you the opportunity to use the Site comfortably and to make the Site even more user-friendly.
2. Why do we use cookies?
We use cookies for the following main purposes:
2.1 - To ensure efficient and safe functioning of the Site. We use cookies to enable and support our security features, and to help us detect malicious activity on our Site.
2.2 - To understand, improve, and research products, features, and services, including when you access our Site from other websites or devices such as your computer or your mobile device.
2.3 - To recognize the returning visitors of the Site. Cookies help us show you the right information and personalize your experience. Cookies also help avoiding re-registration or re-filling of the information by you each time you visit the Site.
2.4 - To analyze your habits so that the functioning of the Site would be convenient, efficient and would conform to your needs and expectations.
2.5 - To measure the flows of the information and data being sent to our Site. We use the cookies for accumulation of statistical data about the number of users of the Site and their use of the Site.
2.6 - For targeting and advertising. By using the cookies we may collect information so that only relevant content is displayed for the browser by creating different target groups. We may use cookies to show you relevant advertising both on and off our Site.
3. What cookies do we use?
Each time you visit our Site, the long-term (persistent) cookies may be created, which stay in your browser after you sign-up and will be read by us when you return to our Site and not deleted after you finish browsing our Site, and the short-term (session) cookies, which expire or are deleted after you finish browsing our Site (i.e. they usually last during the current visit to our Site or browsing session). Cookies used by the Company:
3.1 - Strictly required or necessary cookies. These cookies are required for the operation of our Site. They include, for example, cookies that enable storage of information filled by you during the browsing session, enable you to log into secure areas of our Site. Without these cookies operation of the Site would be impossible or its functioning may be severely affected.
3.2 - Preferences cookies. These improve the functional performance of our Site and make it easier for you to use. These cookies remember the settings selected by the Visitors (for example, the settings of language or currency). With the use of these cookies, the Visitors may avoid the changes of settings during each visit of the Site. These cookies also remember changes made by you in the Site (for example, in case you leave comment on the Site). These cookies do not track your behavior in other websites.
3.3 - Analytics and Statistics. These cookies show us if the Visitor has visited our Site before. The analytic cookies allow us to recognize and count the number of users of our website and see how such users navigate through our Site. We also use cookies to understand, improve, and research products, features, and services. For instance, analytical cookies may show us, which websites are visited more frequently, help us to record dysfunctionalities of the Site, etc.
3.4 - Marketing and Retargeting. These cookies are usually set by our marketing and advertising partners. They may be used by them to build a profile of your interest and later show you relevant ads. If you do not allow these cookies you will not experience targeted ads for your interests.
Third-party cookies:
3.5 - Advertising cookies - some ads you can see on our Site might be provided by other legal entities. Some of these entities use their own cookies by analyzing how many people have seen the specific advertisement or how many people have seen it more than once. The companies creating such cookies apply the policies prepared by themselves and we have no influence on the creation or storage of such cookies. We recommend you take a separate interest in the Privacy Policy or the Cookie Policy of those companies, which will be placed on their websites.
3.6 - Other third-party cookies - in some web pages of our Site, the other entities (for example, social networks) may also use their own anonymous cookies designed so that the programs or applications developed by them would suit your needs. Due to the specific features of the functioning of the cookies, our Site does not have access to the information transmitted by these cookies, likewise other entities do not have access to the information collected by the cookies set by us.
3.7 - We use Google Analytics, a web analysis service provided by Google, Inc (hereinafter referred to as "Google"). The information collected by Google Analytics is transmitted to and stored with Google. Google may transmit the information collected by Google Analytics to the third parties as required by the law or when those third parties process the information in the name of Google. We recommend consulting the Google Privacy and Cookies Policy on a separate and regular basis.
4. How to refuse or block cookies?
Many web browsers are set so that they would automatically accept all cookies.
You may refuse and make a preference which cookies you allow by choosing it in our Cookie Consent Banner. Also all the cookies will be set if you accept all by clicking "Accept All" on our Cookie Consent Banner.
The Visitors may, at their discretion, manage, block or delete cookies, if the settings of their browser or device enable them to do so. Nevertheless, if you refuse or block the cookies or other similar technologies, some functions of the Site may be inaccessible to you or they may operate not properly.
We draw your attention that necessary cookies are critical for functioning of our Site, and in case of your objections, some features of the Site may not work or may not work properly.
You may require that we delete all the data about you, as collected and processed with the help of the cookies, by contacting to the email address hello@klash.studio.
You can opt out of Google Analytics without affecting how you visit our Site. For more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
You may find more information about how to delete cookies, as well as the other useful information related to the use of the cookies, on the website http://www.allaboutcookies.org/.
5. Do we update Cookie Policy?
This Cookie Policy may be updated by us from time to time. We will inform you about the updates, by providing the new version of the Cookie Policy. For this reason, we recommend you periodically visit our Site, where you will always find the latest version of this Cookie Policy. This Policy was created with the help of the TermsHub.io.
This Cookie Policy shall be applied from the date of announcement of it on the Site.