Amendments in June 2023

A review of the General Terms and Conditions have been performed, where the structure has been adjusted and clarifications and additions have been included. E.g. clarifications have been made in Clause 9 regarding intellectual property rights  in Clause 9 (Intellectual Property Rights and Data) and in item 13 (Infringements of Intellectual Property Rights) conditions regarding the parties’ liability in the event of infringement have been added.

In the Data Processing Agreement, in addition to some minor editorial changes, the following material amendments have been made: 

Section 3.2: The first sentence has been clarified with the following: “[…] and which are not necessary to comply with Applicable Legislation, […]”.

Section 5.2, second paragraph: The last sentence has been clarified with that the Data Processor’s right to remuneration is applicable “[…] if the Data Breach is due to circumstances over which the Data Processor had no control.”

Section 7.4: A clarification has been included regarding information about a new sub-processor “Information about a new Sub-processor will be published on https://iasystemet.se/en/amendments-and-additions-to-the-access-agreements/ ninety (90) days before the change enters into force.”

Section 7.5: A clarification has been included regarding the Data Controller’s right to terminate the Access Agreement prior the change of the sub- processor occur “The Data Processor also has the right to terminate the Access Agreement up and until the day on which the change of Sub-processor enters into force by notifying the Data Controller in writing. Continued use of the IA System after the change of the new Sub-processor has entered into force means that the change in Sub-processors is considered to have been accepted by the Data Controller.”

Appendix 2.1 Description of the processing of Personal Data Subject to this Data Processing Agreement: The table has been clarified with information about the geographical location of processing of personal data of the Data Processor and its sub-processor.

Minor changes.

Amendments June 2022

Appendix 3 – IA System Security has been developed with more detailed writing but does not include any substantive changes

Amendments November 2021

Appendix 2 – Data Processing Agreement

Clause 6.3: ”Swedish Data Protection Authority (Datainspektionen)” is replaced by ” Supervisory Authority”

Clause 12.1.3: Previous wording: it is the understanding of the Data Processor that it is possible to rely on another exemption for the transfer of Personal Data under Applicable Personal Data Legislation.

New Wording 12.1.3:  it is possible to rely on another exemption for the transfer of Personal Data under Applicable Personal Data Legislation

Appendix 3 – IA System security

Clause 12.2 Browsers and tools. A reference to the terms of use and privacy policy for Google Maps is added.

Amendments October 2020

Appendix 2 – Data Processing Agreement

Section 12.1.2 has been clarified with the text […] as well as other necessary protective measures required in the individual case; […].     

Section 12.3: If Data Processor intends to transfer Personal Data to a third country, the Data Processor shall, before such transfer takes place, inform the Data Controller of this.

Amendments June 2020

Appendix 1 – General terms and conditions

In Appendix 1 - General Terms and Conditions, apart from minor editing changes, the main changes are as follows:

Clause 15.1: The agreement can be terminated with a notice period of 6 months (earlier 30 days) for The Supplier and a notice period of 30 days for the User Company.

Clause 6.2: In the event of planned downtimes, the User Company will be notified by information about them published in the IA system prior to the downtime occurring.

Clause 8: The division of responsibility between AFA Trygghetsförsäkring and the User Company in respect of personal data has been clarified for the purpose of further explaining which personal data processing each party is responsible for.

Clause 12.2: For additional services such as technical systems support, the cost will be SEK 1200 per hour.

Appendix 1 - General terms and conditions

In Appendix 1 - General Terms and Conditions, apart from minor editing changes, the main changes are as follows:

Clause 3.2: Amendments and additions to the Association Agreement will be published on (https://www.afaforsakring.se/ia/amendments).

Clause 3.3: The User Company is entitled to withdraw from the Association Agreement up to and including the date that the change in terms and conditions comes into force.

Clause 6.2: In the event of planned downtimes, the User Company will be notified by information about them published in the IA system prior to the downtime occurring.

Clause 8: The division of responsibility between AFA Trygghetsförsäkring and the User Company in respect of personal data has been clarified for the purpose of further explaining which personal data processing each party is responsible for.

Clause 12.2: For additional services such as technical systems support, the cost will be SEK 1200 per hour.

Appendix 2 - Personal Data Processing Agreement

In Appendix 2 - Personal Data Processing Agreement, apart from minor editing changes, the main changes are as follows:

Clause 7.3 (new): The sub-processors processing the personal data on behalf of the User Company must always be listed on https://www.afaforsakring.se/ia/subcontractors.

Comment: This provision is new and is intended to make it easier for the User Company to exercise its responsibility for checking who is performing the processing of the personal data. However, in accordance with Clause 7.4, AFA Trygghetsförsäkring will always, and without unnecessary delay, inform the User Company in writing of its intention of engaging a new sub-processor.

Clause 9 (formerly 7): The liability provision has been changed to make it clearer that it takes account of Article 82 of GDPR with regard to responsibility for fines and the possibility of limited liability and recourse in relation to claims for damages from data subjects.

Clause 12 (formerly 10): AFA Trygghetsförsäkring shall only be entitled to transfer personal information belonging to the User Company to a third country where the following conditions are fulfilled:

• the third country guarantees an adequate level of security for personal information in accordance with a decision handed down by the EU Commission;
• there are suitable security measures in place in accordance with the applicable personal data legislation, e.g. standardised data protection provisions adopted by the EU Commission which cover the transfer and  processing of personal data; or
• in the opinion of the Data Processor, it is possible to rely on another exemption under applicable personal data legislation for the transfer of personal data.

Comment: This provision means that the transfer of personal data to a third country can only be done in accordance with the rules in Chapter V of the GDPR.