General Terms and Conditions for ESM SaaS 



These General Terms and Conditions, along with the agreement documents that form part of the agreement on software services, constitute the ESM – Enterprise Security Models Agreement between the Customer and the Supplier.


In this document, “ESM – Enterprise Security Models” is referred to as “the Service”.

2.Financial Terms

Innovate Security applies payment terms of 30 days net. All prices are given in SEK and are exclusive of VAT. If the Customer does not pay promptly, Innovate Security has the right to charge late payment interest, as provided for by law. Innovate Security has the right to discontinue delivery after giving written notice to the Customer, until the Customer has paid off any outstanding debts and provided satisfactory security for payments for Innovate Security’s continued delivery.

3.Licensing Right

The Customer is granted a time-limited, non-exclusive, non-transferrable right to use the Service in accordance with the Agreement.

4.Intellectual Property Rights

The Supplier is responsible for holding all rights to be able to provide the Service. The Customer is not granted any intellectual property right to any part of the Service or any third party right. The Customer may not copy or modify the Service or allow anyone else to do so. The Customer does not have the right to obtain the source code for the Service, and nor may its research, change or modify it.


Intellectual property rights that appear as a result during the period of the agreement and that are not included in the intellectual property rights that belong to the Supplier or any third party shall be ceded to the Customer on termination of the agreement. The result may consist of the documentation and other material associated with the Agreement.


The Supplier is responsible for ensuring that the Service does not infringe anyone else’s copyright or other right owing to usage in Sweden. The Supplier shall defend the Customer at its own expense if a claim is made or legal action is pursued against the latter for infringement of copyright or other right on the grounds of usage of the Service in Sweden. This applies on condition that the Customer has used the Service in accordance with the Agreement and that the Supplier has been notified by the Customer in writing and within a reasonable time scale of claims or legal action initiated, and that the Supplier alone may decide how such legal action should be defended and conduct proceedings on settlement or conciliation.

5.Processing of Personal Data

The Supplier processes personal data in order to administer the Services in accordance with the Agreement and in compliance with the The General Data Protection Regulation (EU) 2016/697 (the Regulation).


The Customer gives consent for their personal data to be anonymised, so that traceability is not possible, to form the basis for marketing and customer analyses, business and methodology development and for statistical purposes at an aggregated level. In the event that one or more subcontractors are hired, the Supplier is responsible for these as well as for the Suppliers’ own work, and the Supplier shall make sure that subcontractors process Personal Data in accordance with this Agreement and the Supplier’s instructions.


The personal data the Supplier is given access to for the purposes stated in the Agreement will be processed in Sweden or within the EU/EEA.


All suitable technical and organisational measures will be taken to protect the Customers’ personal data processed in the Service in compliance with the provisions of the PDA and the Regulation.


Personal Data will not be disclosed to third parties.


Upon termination of the Agreement, all processing of the Customers Personal Data shall cease and all data containing personal information shall be deleted or transferred to the Customer in accordance with a separate agreement, unless otherwise stipulated in other legislation.


The Supplier undertakes not to disclose to third parties confidential information that has been obtained or developed in connection with the Agreement, and not to use it for any other purpose than that of the Agreement.


Confidential information refers in this provision to all information concerning the Agreement or the Customer’s activity - whether technical, commercial or otherwise - regardless of whether the information is documented in data media, in verbal or written form, except for:


information that is publicly known or of which the public is made aware by other means than through breach of this provision, information that can be proven to be known before receipt from the Customer, information that is received or will be received from a third party without being subject to confidentiality in respect of the latter.


A party does not have the right to use the other party’s company name for advertising or other marketing purposes without having obtained the prior written consent of the other party.


The Supplier undertakes to ensure that its consultants comply with this provision on confidentiality.


The duty of confidentiality will apply three (3) years after termination of the Agreement.

7.Force Majeure

If a party is prevented from fulfilling its obligations in accordance with the Agreement as a result of circumstances the party has had no control over and that it could not have been expected to predict at the time of entering into the Agreement, and the consequences of which it could not reasonably have avoided or overcome, this shall constitute grounds for release, which allows for a deferment of the agreed time scales for performance and release from liability for damages and any other sanctions. The party shall take reasonable steps to minimise the effects of such circumstances.


A party wishing to be released from its obligations on the grounds of force majeure circumstances shall notify the other party of this in writing as soon as possible, stating what circumstances are being invoked and when the obstacle may be expected to be brought under control. A similar notification shall be given when the obstacle is brought under control.


If force majeure circumstances continue for more than three (3) months, either party may terminate the Agreement in writing with immediate effect.


Complaints in respect of the Agreement shall be made within a reasonable time scale after the party has been made aware, or should have been made aware, of what the complaint is based on, but at the latest within three (3) months after the termination of the Agreement. Complaints shall be made in writing.

9.Amendments and Additions

Amendments and additions to this agreement will only be valid if drawn up in writing and signed by both parties.

10.Transfer of the Agreement

A party does not have the right to transfer the Agreement without having obtained the written consent of the other party beforehand.


All notifications or dispatches in respect of the Agreement shall be in writing. The notifications shall be deemed to have been received by the other party directly if they have been given in person. If they have been given by e-mail or post - two (2) working days after dispatch to the other party’s e-mail address or postal address at the latest:


Either party may change the address to which or the person to whom all notifications, claims or other communications are sent or served in accordance with the Agreement, by sending a written notification to the other party from time to time.

12.Limitation of Liability

The Supplier is only liable for damage caused by the Supplier up to 50% of the total payment the Customer has made over the last twelve (12) months. The Supplier is not liable for loss of profit, expected savings, loss of income, loss of good will or similar, and nor for any consequential loss or other indirect loss. This limitation of liability does not apply in the case of breach of provisions “Intellectual Property Rights”, “Processing of Personal Data” and/or “Confidentiality”.

13.Liability Insurance

The Supplier shall make sure that it has the required liability insurance.

14.Early Termination

Either party has the right to give notice of immediate termination of this Agreement if the other party does not fulfil or neglects its obligations according to the Agreement and does not effect full rectification within fourteen (14) days after a written request to do so.


A party has the right to suspend the Agreement with immediate effect if the other party has discontinued payments, initiated composition proceedings, entered into liquidation, been made bankrupt, is undergoing a restructuring or shows other clear signs of insolvency, or is prevented by law from fulfilling its obligations in accordance with this Agreement.

15.Applicable Law and Disputes

This Agreement is governed by Swedish law.


Disputes arising out of this Agreement will be resolved conclusively by arbitration administered by the Rules for Simplified Arbitration Proceedings of the Stockholm Chamber of Commerce Arbitration Institute. The venue for the arbitration proceedings shall be Stockholm. The language of the proceedings shall be Swedish.


The arbitration proceedings invoked in accordance with this arbitration clause are subject to confidentiality. Confidentiality applies to all information that is given during the proceedings, as well as decisions or arbitration notified in connection with the proceedings. Information that is subject to confidentiality may not be passed on to a third party in any form without the other party’s written consent.


The above provisions of this section do not, however, present any hindrance to a party in the exercising of its right to recover a clear and due debt in an ordinary court of law or through the agency of another competent authority.