1. General
These terms and conditions relate to all services provided by MultiNet Interactive AB (556272-2594), hereinafter referred to as MN, to a legal entity referred to as the Client.
The contract and payment periods are specified in the Client's main agreement, typically on pages 1 or 2 of the main agreement.
The Agreement automatically renews for a period of the same length as initially agreed if the Agreement is not terminated in writing or by e-mail no later than three months before the period expires.
1.1 Service Description
The service is a so-called online subscription. The subscription fee includes server operation, server maintenance (hardware, software, and licenses), product updates, and automated backups.
A computer with an internet connection and a modern browser is required to access the service.
The Service includes access for the Client's Users to the web-based service, its functionality, and the options specified in the main agreement.
1.2 Prices and fees
Fees will be invoiced in accordance with the current price list for each extension. All prices are exclusive of VAT.
Volumes, user licenses, and additional modules will automatically update the billing when the client makes these changes in the service. The new updated fee will be automatically applied to the next invoice if the next invoice period is less than a month away. If the next invoice period is more than a month in the future, the updated fee (plus or minus) multiplied by the number of months remaining until the next invoice will be applied to the next invoice.
Any discounts received upon execution of the Agreement shall apply to the first contract period of the Agreement unless otherwise agreed in writing.
2. Proprietary rights
MN offers the Client temporary right to use its services via the Internet, per the Client's Service Agreement. All intellectual property rights in the Service are owned exclusively by MN. The Service may be used only by the legal entity referred to by the Client and by the Client's users, unless otherwise agreed in writing.
For any adaptations to MN's services made at the Client's request, MN charges a consultancy fee to prioritize the development of such adaptations. These adaptations belong to MN and will be included in the service provided to the client. In addition to such adaptations, the system is delivered as is, including planned updates.
3. The Client's liability
The Client is responsible for the hardware and software required to connect to the Service, i.e., a computer with an Internet connection. Each party is responsible for compliance with copyright law, applicable personal data legislation, and other applicable laws and regulations. The Client is responsible for ensuring that third-party copyright or intellectual property rights are not infringed upon when uploading the Client's data to the web service.
3.1 Safe usage
The Client is responsible for,
- using only personal user accounts when accessing the service;
- that strong passwords are used and are stored securely;
- unauthorized use of the service due to the Client's negligence, i.e., sharing login credentials or using weak passwords.
The Client can request that MN temporarily block the service if there is suspicion of unauthorized use.
3.2 Correct configuration
The Client is responsible for ensuring that third-party programs, including web browsers, PDF readers, antivirus software, and firewalls, are correctly installed and configured to permit outgoing traffic from the Client to MN's Services.
3.3 Integration with third-party on-prem applications
When the Client has subscribed to integration with a third-party on-prem application, the Client is responsible for maintaining these third-party services, and any upgrades or changes to them are made only after consultation with MN to avoid loss of the integration's functionality.
3.4 Payment
The Client will pay the license fees in advance. Payment must be made no later than 30 days after the invoice date. In the event of a payment being overdue, interest at 8% will be charged. MN has the right, no earlier than 14 days after the invoice is due and after two written reminders have been sent to the Client, to temporarily suspend the Client's access to the service until full payment has been received.
4. Service availability (SLA)
MN is responsible for providing the Service to the Client 24 hours a day, except for planned downtime during maintenance, subject to the limitations imposed by the following service levels.
| Service hours | Resolution time | Availability | Error report | User support |
|---|---|---|---|---|
| Non-holiday Mon-Fri 08:00 - 17:00 CET | See Section 4.2 | 99.8% | Every day 00:00 - 24:00 CET |
Opening hours are posted on MN's website. |
MN shall maintain the availability of the Service at 99.8% or higher during Service hours. If the Availability Rate during the contract period is below 99.8% during Service hours, the Client may request a reduction in the current contract period's running fee in accordance with the penalty levels below. The Client must report any perceived downtime per Section 4.4.
| Reduction Level | Availability (%) | Penalty |
|---|---|---|
| 1 | Below 99.8% but over 99.0% | 10% of the fee |
| 2 | Below 99.0 % but over 98.5 % | 20 % of the fee |
| 3 | Below 98.5 % but over 98.0 % | 30 % of the fee |
| 4 | Below 98.0 % but over 97.5 % | 40 % of the fee |
| 5 | Below 97.5 % but over 96.0 % | 50 % of the fee |
| 6 | Below 96.0 % but over 95.0 % | 75 % of the fee |
| 7 | Below 95.0 % | 100 % of the fee |
Downtime exceeding five (5) working days in a quarter constitutes a material breach of the Agreement. It entitles the Client to terminate the Agreement immediately and receive damages per Section 14.
4.1 Service hours
Service hours are the period during which MN guarantees the initiation and remediation of service interruptions. Received error reports are categorized into Critical, High, Medium, and Low.
- Critical: Very serious impact on Client's business. Total outage of The Service.
- High: Serious impact on Client's business. Reduced functionality in the Service. Serious error that has a high impact on the Customer.
- Medium: Impact on Client's business. The customer can use The Service, but with reduced efficiency/functionality.
- Low: Small impact on the Client. The customer can use The Service unimpeded.
4.2 Resolution time
Resolution time means the maximum period within which a reported error must be rectified. The start time occurs when the Client's error report is confirmed in MN's helpdesk system during Service Hours. MN then opens a so-called error ticket. The end time occurs when MN has rectified the error, and the Client can resume using the service as usual.
| Priority | Start of problem analysis | Resolution goal | Resolution time |
|---|---|---|---|
| Critical | Immediately | Within 4 hours | Solved within 3 days |
| High | Immediately | Within 8 hours | Solved within 3 days |
| Medium | Within 8 hours | Within 4 days | Solved within 7 days |
| Low | No guarantee | Within 12 days | Solved within 30 days |
If the Resolution Time is exceeded on more than four (4) occasions during a quarter, it will be regarded as a material breach of the Agreement. It entitles the Client to terminate the Agreement immediately and receive damages per Section 14.
4.3 Availability rate calculation
Service availability is measured according to the following formula:
T= (P-F) * 100/P
T= Availability in percentage
P= Contract period measured in minutes
F= Time lost within period P, measured in minutes, defined as downtime.
Downtime means errors that render the Service unavailable to the Client.
4.4 Error reporting
The Client must report all perceived errors and downtime in the service. Error reporting is available around the clock, every day of the year, via https://support.multinet.com/ or the support button in the service.
4.5 User support
User support is provided only for questions regarding the use of the service. Questions regarding the application of regulations governing the use of the services, and questions about third-party integrations and corrections arising from incorrect use of the service, are not included in the support agreement. MN can assist with questions of the type above if time is available and, for an additional charge, e.g., meeting time. User support is provided via MN's help desk at https://support.multinet.com or by email, phone, or chat, during the hours posted on MN's website.
4.6 Measurement of general uptime and information about ongoing operational disturbances
MN has implemented systems to measure the overall uptime and response time of its operating environment. Through this page, the Client can obtain a summary of measurements for the last 90 days and the status of any ongoing operational disruptions: https://status.multinet.com/. As the service depends on the Internet's normal functioning, the Client understands that interruptions, delays, bugs, and similar obstacles on the Internet do not constitute errors in the service or delivery.
4.7 Non-compliance
MN is responsible for non-compliance with agreed service levels only to the extent provided in Sections 4, 4.1, and 4.2. In addition, the Client is not entitled to damages or other compensation for any deviation from the service level, unless the deviation is attributable to intent, gross negligence, or a material breach.
4.8 Discharge from liability for MN even if the agreed service level is not reached
MN is not liable for non-compliance with the agreed service levels if MN can provide evidence that this has been caused by any of the following circumstances, and provided that such circumstance is not directly attributable to MN,
- Errors in the Client's equipment or software.
- Viruses or other attacks on the security of the Client.
- Circumstances outside MN's area of responsibility for the Service, including errors in integrations with other third-party products or services for which MN has not expressly taken responsibility.
- DDoS attacks, which MN has taken reasonable steps to protect against.
- Force majeure, which means that MN is not obliged to pay compensation for loss or damage that the Client may suffer as a result of the performance of MN's obligations being prevented or significantly impeded by circumstances beyond MN's reasonable control or foreseeing, including but not limited to industrial disputes, war, rebellion or riots, mobilization or unforeseen military call-ups, requisition, seizure, currency restrictions, export or import restrictions, earthquake, lightning, fire, flood or water damage, general scarcity of goods or scarcity of means of transport, legislation, or other restrictions set by the authorities.
4.9 MN's maintenance work
MN is entitled to perform actions for technical, maintenance, or operational reasons that affect the service's use. MN shall ensure that operational disturbances are limited by promptly implementing measures, if possible, outside Service hours. Planned downtime must be communicated to the Client. Occasional short-term (a few seconds) interruptions in the service provision during Service hours do not entitle the Client to a fee reduction.
5. Data Security and Confidentiality
The parties undertake not to disclose to others any information relating to this Agreement or received by the party from the other party within the framework of the Agreement, regardless of whether the information is disclosed in writing, orally, in the form of samples, models, or computer programs, by demonstration of products or parts thereof, or by other means.
Data and materials that the Client registers or provides to MN will be treated as strictly confidential by MN and its suppliers and shall not be disclosed to any third party.
MN is responsible for regulating, controlling, and authorizing all MN users with accounts in servers, systems, or applications to participate in the service delivery.
All MN employees, consultants, and suppliers are subject to the same confidentiality provisions as those applicable to MN and the Client.
6. Technical security measures
6.1 Authentication and Encryption
All data communications and data storage are encrypted. To access the Service, a username and password are required. SAML-based Single Sign-On and 2FA are available.
- Encrypted communication: MN uses 256-bit TLS encryption (TLS1.2+) and 2048-bit RSA keys.
- Password Protection: The login procedure is fully encrypted, meaning no information is sent as unencrypted text. The user's password is stored in a one-way encrypted format (with a standardized one-way cipher).
- Automatic logout: To avoid unauthorized access to information if a computer is left unattended, the system automatically logs out the user after a certain period of inactivity, by default, 30 minutes.
- The user always bears the risk of unauthorized use of the Service due to leaving a logged-in computer unattended.
- Continuous verification of the user: Each request to MN's servers involves checking the logged-in user's permissions.
6.2 Operating environment and data centers
MN's web services are hosted on MN-owned servers in two Swedish data centers and are continuously monitored. Some of the monitoring systems include,
- Fire protection and climate systems: The data centers have automatic smoke detection systems, and the halls are divided into separate fire zones.
- Climate control systems ensure the temperature is always low and the humidity is optimal.
- Secondary Power Supply: The data centers are equipped with secondary power supply systems and diesel generators that ensure the power supply to the servers.
- Internet Connection: Redundant high-capacity connections ensure Clients' access to the Service.
- Physical access to the data center is only granted to pre-registered and approved staff, and entry takes place after verification with a personal access card and code.
- Data centers are equipped with alarms and video surveillance.
6.3 Physical security in MN's offices
MN's offices are locked, and access requires a personal key tag. Every access attempt is logged. The offices are equipped with an active alarm system with video and motion-detection capabilities outside office hours.
MN shall report any incidents, including attempted burglaries and fires, that may be material to the Client.
6.4 System architecture and backups
- MN's web services are based on a modern server platform with redundant network equipment, load balancers, web clusters, and database clusters.
- Firewalls: MN's server environment and networks are protected by redundant firewalls with DDoS and WAF protection.
- MN is proactive by monitoring and analyzing firewalls and system logs stored read-only on a central log server.
- Database security, document storage, and backups: MN has comprehensive backup routines that ensure continuity in the Service.
- Databases are encrypted with TDE (Transparent Data Encryption).
- Complete database backups are performed daily and incrementally every hour.
- Database backups are transferred to at least two physically separate locations.
- File and document storage is redundant, with regular backups to at least two physically separate locations.
- Restore tests are done regularly.
6.5 Use and implementation of AI features in MultiNet's web services
- MN's AI features are based on custom AI models installed and developed entirely on MN-owned servers in our data centers. This means that MN guarantees that customer data will not be shared with any third party.
7. Organisational security measures
- MN works according to a documented management system for information security, ISMS, based on ISO27001.
- MN's documented procedures are regularly reviewed, tested, and evaluated.
- MN's employees are regularly trained in information security, privacy, data protection, and topics specific to the employees' roles and duties.
- All MN employees are bound by confidentiality and non-disclosure agreements that prevent disseminating the Client's information.
- MN's employees can access the Client's data to provide user and troubleshooting support and assist in delivering the Service. Under internal procedures, MN's employees' access to the Client's data is granted only when necessary and on a temporary basis. All Client data access by MN's employees is personal and logged extensively.
8. The Client's right to audits and reviews
MN shall, upon request, provide the Client with the opportunity to conduct an audit. In cases where the Client is under the supervision of authorities such as the Financial Supervisory Authority and the Swedish Authority for Privacy Protection, the authorities shall have the same rights as the Client. MN shall also share reasonable internal security documents with the Client and provide the Client with external versions of MN's security audit reports.
9. Security Incidents
The parties undertake to immediately inform their respective counterparties of security incidents or other events that have affected or could affect the parties' respective operations.
10. The Client's data
The Client holds all rights to the Client's data and materials, and MN and its suppliers do not obtain any rights to the Client's data or any part thereof under the Agreement. No later than six months after termination of the Agreement, MN shall delete the Client's data from the service, including any backups. The Client is responsible for exporting all data that the Client may need for future use in connection with the termination of the Agreement. Suppose the Client is unable to export its data independently. In that case, MN shall, at the Client's request, and on an ongoing time-billing basis, make the Client's data available by exporting it to a file in a standard format, such as Excel, within a reasonable time.
All data (including Personal Data) that MN processes on behalf of the Client is processed in Sweden unless otherwise agreed to in writing.
11. Liability for Intellectual Property Rights
MN warrants and is responsible for ensuring that the intellectual property rights and/or other materials/software provided do not infringe the rights of others.
Notwithstanding anything to the contrary to this Agreement, MN shall indemnify the Client from any and all damages, losses, costs, claims, and expenses (including costs of legal and other advice) incurred by the Client as a result of MN's infringement/infringement of or alleged infringement/infringement of any intellectual property right held by a third party arising from the use; possession, provision, copying, sublicensing, selling, etc., of the services in question.
The Client undertakes in this regard to:
- notify MN in writing without undue delay of any infringement/infringement, or alleged infringement /of intellectual property rights and
- not without MN's approval, which approval may not unreasonably be refused, admit liability in such regard.
In the event that a court finds that an infringement has occurred, or in the event that the Client assesses that there is an obvious risk of such an infringement, MN shall, at its own expense, immediately:
- ensure that the Client continues to have the right to use the relevant intellectual property right, or
- replace or adjust the infringing part so that the service in question no longer infringes on another's right.
Suppose MN does not fulfill its obligation under the above provisions within a reasonable time. In that case, the Client is, in addition to any other sanctions that may have arisen, entitled to compensation from MN for the damage and to terminate the Agreement.
12. Marketing, logos
Neither party is entitled to use the other party's trademarks or logos without the other party's written consent. Agreeing to participate in case studies and other co-operation marketing campaigns constitutes consent.
13. Processing of personal data
MN stores and processes specific personal data about the Client to deliver the service, offer support, carry out updates, send offers to the Client, and best fulfill its obligations to the Client per the Agreement. For this personal data, MN is the Data Controller.
MN retains the data for the duration of the Client's Agreement, after which it is deleted, unless longer retention is required by law or MN has another legal right to retain the data.
The processing of personal data for MN to fulfill its obligations under the Agreement with the Client takes place according to the legal basis, "Agreement." Furthermore, marketing and other processing occur based on "Legitimate interests" and "Consent."
The personal data that MN processes on behalf of the Client in its capacity as a Data Processor is governed by the Data Processing Agreement.
14. Compensation for data security errors or material deviations
If the Client suffers damage as a result of data security errors, negligence, or material deviations from agreed commitments or due to the negligence of any of MN's suppliers, MN will compensate the Client subject to the limitations set out in Section 15 Limitation of Liability. Only direct damage is compensated, thus not, for example, loss of profit or expected savings.
15. Limitation of Liability
Compensation to the Client is not paid in any manner other than as regulated by the Agreement. MN's liability is, in any event, limited to a maximum of one price base amount under the Social Insurance Code (2010:110), except for Section 5 (Data security and confidentiality), under which compensation is limited to a maximum of ten price base amounts. For compensation to be paid, claims must be made promptly upon the Client's being informed of the damages.
16. Transfer of contract
MN may transfer this Agreement to another Party within the same company group, provided that such transfer does not impair the Client. Such a transfer need only be notified to the Client in writing. The Client has the right to transfer this Agreement to another Party upon written approval of a completed transfer form provided by MN.
17. Amendments and changes to the general terms and conditions
MN reserves the right to change the general terms and conditions. Such changes will take effect upon the next agreement extension or no earlier than 90 days after the Client has received written notice. If the Client does not accept the changes to the Agreement, the Client may terminate the Agreement, effective as of the date the changes take effect. If the Client uses the service after the change takes effect without contesting it in writing, such use will be deemed acceptance of the change.
18. Termination of the Agreement
Either party has the right to terminate the Agreement with immediate effect if the other party,
- is guilty of a material breach of the Agreement and does not rectify the breach within a reasonable time specified in the written notice of the violation of the Agreement.
- is declared bankrupt, initiates composition negotiations, is subject to company reorganization, or is otherwise insolvent.
Each party has the right to terminate the Agreement in writing or by e-mail, no later than three months before the current period expires.
19. Governing Law and Dispute Resolution
The rights and obligations of the parties in interpreting and applying the Agreement shall be determined per Swedish law.
Disputes arising from the Agreement shall be finally settled in the general courts in Stockholm, Sweden, and in the Swedish language.