Terms and conditions

Terms and conditions IEX version 3

1. Company information

IEX ApS
VAT # 35527710
Herstedvang 7A, 2. th.
2620 Albertslund
Phone: (+45) 3222 4344
Email: kontakt@iex.dk

2. General conditions

2.1 IEX ApS delivers services to the Internet. IEX has legal as well as normal ethical rules related to these services, which must be adhered to. The below-mentioned terms of sale and delivery ("Terms of Sale and Delivery") are applied to the extent that they are not waived by other written agreement between the parties ("Parties"). IEX is not bound by any purchase terms and conditions specified in the customer's order, unless they comply with these Terms and Conditions.

3. Ordering and payment.

3.1 Upon completion of ordering, the customer will receive an order confirmation

3.2 IEX forwards an invoice as soon as your integration has been delivered.

3.4 The invoice is paid by bank transfer or by credit card to following accounts:
Bank information: Nordea Bank
Registration number: 2274 Account number: 6888670996
IBAN: DK232000688870996
SWIFT: Remember to take note of the invoice number by bank transfer.

3.5 IEX accepts payment with the following credit cards:
Visa/Dankort, Visa, MasterCard, Visa Electron, JCB and Maestro.

4. Registration of customer data (privacy policy)

4.1 For you to enter into an agreement with IEX ApS, we need the following information: Name, Address, Telephone number, Email address and VAT number.

4.2 IEX makes registration of your personal information with the purpose of providing the service to you.

4.3 The personal data is registered with IEX and is stored for 5 years after which the data is deleted.

4.4 When personal data is collected through our website, IEX ensures that it is always done by submitting your explicit consent such that you are informed of precisely what data is collected and why.

4.5 The management, the consultant working with the case as well as the bookkeeper of IEX have access to the data recorded about you.

4.6 The data responsible in IEX are the Board of Directors and Niel Rokkjær.

4.7 IEX stores customer data encrypted.

4.8 IEX transmits customer data encrypted.

4.9 Data passed on to IEX is in no way forwarded or sold to any third party, and we do not register any sensitive personal information.

4.10 As registered user of IEX, you at any time have a right to state an objection towards the registration: You also have the right to inspect the data registered about you. You have these rights cf. the Act on the Processing of Personal Data (31.5.2000/429). Enquiries related to this will be directed towards IEX Ltd. via email kontakt@iex.dk.

4.11 IEX reserves the right to send informational emails about the IEX service as well as new measures and offers.

5. Methods of delivery, processing and delivery time.

5.1 IEX will always process the order as soon as possible.

5.2 For more of our integrations, you will be connected to IEX service with the same per. mail, and can make your configuration as per the guides mm.

5.3 In cases where IEX manages your configuration, delivery time is typically 1-3 work days.

5.4 You will be contacted by an IEX employee concerning the configuration where IEX may request login information.

5.5 Delivery time may vary if there are problems with the configuration or with custom configuration.

5.6 IEX always strives to inform the customer of delays of delivery and and causes hereof.

5.7 You can always make an enquiry to be informed of a expected delivery deadline.

5.8 IEX delivers digital content not associated with any physical media. IEX exclusively delivers services which has been expressly ordered and accepted by the customer, and therefore, there is no right of cancellation once the integration has been registered as ready and billed.

6. IEX subscription

6.1 The services may vary depending on the plan you subscribe to cf. IEX website, which is typically divided into Basic, Standard or Premium customer subscriptions.

6.2 Subscriptions are prepaid and run from contract commencement and 6 months forward.

6.3 The subscription can at any time be terminated in writing with one month's notice to the expiration of the subscription period, after which IEX sends a confirmation of termination. The termination can be made in writing at billing@iex.dk. It is the Customer's sole responsibility to terminate the agreement 1 month prior to the renewal period, even if the Customer ceases to use the services provided by IEX.

6.4 The agreement is automatically renewed every 5 months onto a new subscription period, which means that the invoice is shipped one month before the expiration of the subscription period. Once the invoice has been submitted, the period is accepted and renewed.

6.5 In case of breach of rules referred to on this page IEX may, without notice, terminate a subscription upon which written termination from IEX is sent and effectuated.

6.6 The customer's subscription type can at any time be changed by IEX without prior notice. IEX will typically account for an upgrade under the terms of data usage etc. Prepaid tax may only be offset against the cost of major types of integrations, but no such guarantees are given.

6.7 Concerning Premium customers with more than 2.000 orders p/m, IEX reserves the right to contact the customer at any time about changing the subscription to a dedicated integration for EUR 101 p/m with unlimited order transfers. This is due to the operation of IEX shared integration. Naturally, it is up to the customer to decide whether said customer wishes to subscribe to the dedicated integration or terminate the subscription.

6.8 At any time, IEX reserves the right to contact customers with a substantially larger transfer of data than normal, be it orders, products or customers, concerning a change in subscription type.

6.9 Changing a subscription to a smaller type of integration can be initialized only by the Customer's written request, prompting a sovereign assessment of IEX. Changes to a smaller type of integration in an already ongoing subscription period does not result in financial compensation.

6.10 Should IEX wish to terminate subscription on grounds of violation of the common rules, the balance corresponding to the remaining subscription will not be refunded to the Customer. Harassment of other subscribers and violation of terms of business will be considered as abuse of IEX' services. This may at any time result in closure as well as termination of subscription. IEX is in every respect sovereign in the definition of abuse.

6.11 In case of consumption of order transfers beyond the upper monthly limit stipulated by the Customer's selected IEX subscription, said customer will be billed the closest possible additional orders package. Prices for additional orders package appear in the IEX dashboard.

7. Fair use transaction limit

7.1 IEX has a Fair use transactions limit for its subscriptions and the amount of customers, products and orders that can be transmitted both daily and monthly. This is due to operational causes and to ensure stability.

7.2 Fair use limit for IEX Shared (Basic, Standard, Premium and Enterprise) subscriptions is 5.000 transactions daily and 60.000 monthly. IEX Dedicated subscription's Fair use limit is 5.000 daily and 120.000 monthly.

7.3 IEX can without prior notice close demo accounts at any time during the trial period. Demo users are not entitled data transfer nor access to support.

7.4 IEX can at any time conduct an upgrade of a subscription in case of exceeding the Fair use transactions limit. IEX will typically contact in this regard. In case of substantial overuse of transactions IEX can at any time suspend, until the overuse has been resolved, or terminate a subscription.

8. Operational reliability

8.1 IEX has a Fair use transactions limit for its subscriptions and the amount of customers, products and orders that can be transmitted both daily and monthly. This is due to operational causes and to ensure stability.

8.2 Fair use limit for IEX Shared (Basic, Standard, Premium and Enterprise) subscriptions is 5.000 transactions daily and 60.000 monthly. IEX Dedicated subscription's Fair use limit is 5.000 daily and 120.000 monthly.

8.3 IEX can without prior notice close demo accounts at any time during the trial period. Demo users are not entitled data transfer nor access to support.

8.4 IEX can at any time conduct an upgrade of a subscription in case of exceeding the Fair use transactions limit. IEX will typically contact in this regard. In case of substantial overuse of transactions IEX can at any time suspend, until the overuse has been resolved, or terminate a subscription.

9. Logging of data

9.1 IEX logs data in order to be able to resend data or to ascertain whether the data has been delivered or not and also out of concern for the Customer's transfer statistics.

10. Configuration managed by IEX

10.1 Where IEX is in charge of the Customer's integration configuration. In this context, IEX willl request access (login) in order to initialize the integration between systems.

10.2 It is the responsibility of the customer to assign the necessary login options to IEX, such that IEX can deliver the integration.

10.3 IEX will contact the Customer regarding further configuration, ultimately also a clear message.

10.4 It is the Customer's sole responsibility to become familiarized with the most general questions concerning configuration and ensure that the prompt is adequate.

10.5 IEX takes no responsibility for changes in the systems important to the integration.

10.6 IEX does not take responsibility for conflicts with third party plugins or similar. Typically, these options arise:
- Uninstall or find another 3rd party plugin without a conflict
- IEX works around the conflict after appointment

10.7 Within 10 days after initialization of the configuration, it is possible to have normal configuration adjustments made. From here on, the configuration is considered completed. Further configuration can then be arranged on an hourly basis.

11. Support

11.1 IEX primarily offers support towards proprietary services and always refers to external support pertaining to other services.

11.2 Contacting IEX support is typically done by mail support@iex.dk, ticket system or chat for normal support.

11.3 Phone support should only take place in case of emergencies, lack of connection or if the subscription allows it.

11.4 If the error is attributable to the Customer's own neglect, faulty setup or otherwise, IEX reserves the right to invoice the Customer in accordance with the current hourly rate for support.

12. Updates, upgrades and maintenance of IEX service

12.1 IEX continuously updates its services.

12.2 Depending on your IEX subscription, you have access to download and install new (and old) versions.

12.3 Basic customers will only be able to buy updated versions of IEX (Contact IEX for price).

12.4 Updating will be ongoing while critical updates will happen quickly as possible. You are always welcome to contact IEX for an status of updates.

12.5 IEX is not obligated to upgrade its service to newer versions, but will typically provide for this.

12.6 IEX will typically inform its Customers about upgrading to newer versions, and will also provide an estimate of the time consumption.

12.7 IEX is not obligated to support or maintain an outdated IEX service in operation, but will strive to do so as long as IEX deems it necessary.

13. Functionality

13.1 IEX can not be held accountable by the customer for features in source code, associated plugins or other applied software in the provided services. This entails any damage, loss of data, loss of earnings, loss of working hours or the likes due to both properly applied tools like software and hardware failures or misconfigurations. The cost of repairing damages as a result of the customer's breach of this agreement is required by the Customer. This also includes IEX' time spent at the current hourly rate for support.

14. Prices

14.1 All prices listed are ex. 25% VAT. The valid price is the one stated on the website on the day of the order and adjacent to the service in question. Listed prices are valid as of 01.01.2015 and can be changed at any time by IEX with one month's notice.

14.2 Reservations are made for any printing errors.

15. Returns and complaints

15.1 The purchase of digital services in the form of ads, additional purchases, etc., gives the Customer, according to legislation, no right of withdrawal and may in principle not be refunded the purchase.

15.2 Digital services are not provided with a 2 year warranty. The Customer has the right to have any deficiencies in the service that may be attributed to it's nature rectified, unless it is based upon own circumstances, or other external circumstances which IEX pursuant to Danish law can not be held responsible for.

15.3 Please contact IEX immediately if you experience problems with the service.

15.4 Should the integration, under the Customer's circumstances, not be possible or satisfactory, a refund will be assessed at the request of the Customer.

15.5 The complaint must contain sufficient reasoning for why the solution is not in line with expectations.

16. Responsibility

16.1 IEX makes its service available to handling and automation of data. The Customer is responsible for using IEX service primarily for troubleshooting and secondarily for reaching out to support for assistance.

16.2 IEX warrants that the services ordered will be conducted in a professional and technical manner, but does not guarantee that the service will lead to a certain result.

16.3 IEX disclaims any liability for loss of data, loss of earnings or other direct / indirect losses. This applies whether the loss is due to system failure, unauthorized access to the system or absent delivery of ordered services / services, or other conditions at IEX.

16.4 IEX can not be responsible for the user's or third party's use of the service or its features.
16.5 IEX ApS can not be held responsible for errors caused by a third party.

17. Termination

17.1 The Customer can at all times terminate the subscription and service agreements with IEX cf. applied conditions. This is done with one month's notice prior to the subscription expiring (see sub-section 6.4 about automatic renewal). Insofar as the invoice for a new period already HAS been sent, the Customer can, for a fee of EUR 34 + VAT, have the subscription immediately closed and have the claims credited - however, paid claims are not reimbursed. Should the Customer wish to have the subscription terminated mid-period the subscription is closed at expiry date - equally without options for reimbursement of payments.

17.2 Termination must be in writing by mail to billing@iex.dk. The termination notification specifies the debtor no. and the domain having its integration terminated. It rests upon the Customer to be able to document the termination.

18. Subscription period

18.1 As of November 1, 2015 the subscription period runs from the 1st to the 1st of the month. Orders are translated as a data-entry on the customer that counts down the transfer.

19. Changes in Terms and Conditions

19.1 IEX reserves the right, with simultaneous notice, to amend these Terms and Conditions.

Data Processing Agreement

Between
(”The Data Controller")

and

IEX ApS
CVR number 35527710
Herstedvang 7A 2. th.
2620 Albertslund
Denmark
(”The Data Processor”)
The Controller and the Processor are separately referred to as ”Part” and together as ”Parties”

1. PREAMBLE

1.1 The Controller has entered into an subscription agreement (”Subscription”) with the Processor for the purposes of conducting integration between the Controller's IT systems and web shop.

1.2 The Processor processes personal data on behalf of the Controller, for instance, through handling on the Processors servers.

1.3 The data processing is handled via a technical solution (”System”) designed by the Processor that ensures the integration between the IT systems utilised by the Controller in his enterprise. The Controller can at all times via login in the System view all the personal data being processed in the System

1.4 The purpose of this DPA is to ensure that the Processor at all times comply with existing legislation regarding processing of personal data, including the Act on Processing of Personal Data (Act No. 429 of 31 of May 2000 with later amendments) as well as the General Data Protection Regulation (Regulation 2016/679 of The European Parliament and of the Council of 27 April 2016 – hereafter ”GDPR”).

1.5 This DPA sets out the rights and obligations that apply to the Data Processor’s handling of personal data on behalf of the Data Controller.

1.6 The DPA is subject to the terms of cancellation/termination of the Subscription, cf. item 1.1 and the associated terms and conditions. The terms and conditions apply in general in relation to the DPA. In case of doubt or conflicting circumstances, the DPA shall take priority unless the DPA explicitly states otherwise.

1.7 Attached to the DPA are Appendix 1-2. The Appendices form an integral part of this DPA.

1.8 The DPA and its associated Appendices shall be retained in writing as well as electronically by both Parties.

2. INSTRUCTIONS

2.1 The Processor shall solely be permitted to process personal data on documented instructions from the Data Controller unless processing is required under EU or Member State law to which the Data Processor is subject; in this case, the Processor shall inform the Controller of this legal requirement prior to processing unless that law prohibits such information on important grounds of public interest, cf. Article 28, sub-section 3, para a.

2.2 The instruction consists of 2 (two) parts:

2.3 This DPA including the appendices at the time of signature.

2.4 The integration, the Processor makes in the System (and where the processing of sensitive data is done) represents an instruction to the Processor, as the Processor automatically from the informationer, and uploads, received from the Controller, carries out collection, registration, organizing, systematization, storage, adaptation or changing, recovery, search,use, disclosure by transmission, communication or any other kind of availability, collation or interconnecting, limitation, deletion or destruction.

2.5 The Data Processor shall immediately inform the Data Controller if instructions in the opinion of the Data Processor contravene the GDPR or data protection provisions contained in other EU and Member State law.

2.6 Unless otherwise stated in the DPA, the Processor may utilise all relevant aids, including IT system.

3. SECURITY OF PROCESSING

3.1 The Data Processor shall take all the measures required pursuant to Article 32 of the GDPR.

3.2 In Article 32, it appears, for instance, that appropriate technical and organisational measures shall be implemented to ensure a level of security appropriate to the risk with consideration for:

3.3 The current level

3.4 Implementation costs

3.5 The nature, scope, context and purposes of the processing in question (including the consideration for the category of personal data in Appendix 1)

3.6 The risk of varying likelihood and severity for the rights and freedoms of natural persons

3.7 The Processor shall in ensuring the above – in all cases – at a minimum implement the level of security and measures specified below in Appendix 4, 5 and 6 to this DPA.

3.8 The Parties agree upon the sufficiency of these guarantees at the time of commencement of this DPA, taking note, that the Processor otherwise has implemented measures in internal procedures.

4. PHYSICAL SECURITY

4.1 The Processor will carry out security of physical locations.

5. ORGANISATIONAL SECURITY

5.1 The Processor shall ensure that only those persons who are currently authorised to do so are able to access the personal data being processed on behalf of the Controller. Access to the data shall therefore without delay be denied if such authorisation is removed or expires.

5.2 Only persons who require access to the personal data in order to fulfill the obligations of the Processor to the Controller shall be provided with authorisation.

5.3 The Processor shall ensure that persons authorised to process personal data on behalf of the Controller have undertaken to observe confidentiality or are subject to suitable statutory obligation of confidentiality and that the employees comply with the DPA.

5.4 All employees are briefed on and subject to internal procedures as to how security breaches are handled.

6. TECHNICAL SECURITY

6.1 The Processor exclusively utilises hard- and software of high quality that continuously is updated, including antivirus software, antihacking software and firewalls.

6.2 All communication to/from the System is encrypted (https) and supports a 256/128 bit TLS connection.

6.3 Access to the Processor’s internal IT systems takes place via encrypted login data which ensures that unauthorized persons are denied access. In appropriate intervals, the Processor alters the login credentials in internal IT systems that ultimately grant access to the Controller’s personal data.

6.4 For integrational application of the System with Controller’s IT systems, the Processor receives the necessary passwords and access information. The Processor erases data upon configuration/integration of the Subscription has been completed unless the Parties enter into an alternative valid agreement. The Controller ought to simultaneously change the data.

6.5 However, the Processor stores correspondence and log files concerning support for the Controller in a ”ticket”. In order to conduct error detection and survey previous records pertaining support, the contents of the ”ticket” is not erased unless the Controller actively solicits it.

7. NOTIFICATION ON PERSONAL DATA BREACH

7.1 On discovery of personal data breach at the Processor’s facilities or a sub-processor’s facilities, the Processor shall without undue delay notify the Controller.

7.2 Such security breach includes any breach that can potentially lead to accidental or unlawful destruction, loss, alteration, unauthorised transmission of or access to the personal data processed for the Controller (”Security Breach”).

7.3 The Processor shall maintain and store a register of all Security Breaches. The register shall at a minimum contain the factual circumstances surrounding the Security Breach, the effects and the measures made to limit its possible damage.

8. USE OF SUB-PROCESSORS

8.1 The Processor shall meet the requirements specified in Article 28, sub-section 2 and 4, of the GDPR in order to engage another processor (Sub-Processor).

8.2 The Parties have agreed upon the Processor’s general engagement of Sub-Processors, cf. Appendix 2, wherein the already approved Sub-Processors are adduced.

8.3 The Processor shall inform the Controller of any planned changes with regard to additions to or replacement of other data processors and thereby give the Controller the opportunity to object to such changes.

8.4 The Processor shall ensure that the Sub-Processor is subject to at minimum the same data protection obligations as those specified in this DPA on the basis of a contract or other legal document, in particular providing the necessary guarantees that the Sub-Processor will implement the appropriate technical and organisational measures in such a way that the processing meets the requirements of the GDPR and any relevant legislation.

8.5 If the Sub-Processor does not fulfill his data protection obligations, the Processor shall remain fully liable to the Controller as regards the fulfilment of the obligations of the Sub-Processor.

9. TRANSFER OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

9.1 The Processor shall solely be permitted to process personal data on documented instructions from the Controller, including as regards transfer (assignment, disclosure and internal use) of personal data to third countries or international organisations, unless processing is required under EU og Member State law to which the Controller is subject.

9.2 The Controller’s instructions or approval of the the transfer of personal data to a third country, if applicable, shall be set out in the Appendices or by separate instructions.

9.3 Without the instructions or approval of the Controller, the Processor therefore cannot - within the framework of this DPA - disclose personal data to a data controller in a third country or in an international organisation.

9.4 If data is transferred to a third country, the Processor will assist, without charge, the conclusion of the necessary agreements or the Controller will be issuing authorization to conclude the necessary agreements on the Controllers behalf on their expense.

10. ASSISTANCE TO THE CONTROLLER

10.1 The Processor, taking into account the nature of the processing, shall, as far as possible, assist the Controller with appropriate technical and organisational measures, in the fulfilment of the Controller’s obligations to respond to requests for the exercise of the data subjects’ rights pursuant to Chapter 3 of the GDPR.

10.2 The Processor shall assist the Controller in ensuring the compliance with the Controller’s obligations pursuant to Articles 32-36 of the GDPR taking into account the nature of the processing and the data made available to the Processor, cf. Article 28, sub-section 3, para f.

10.3 The Parties’ agreement on the payment for the Processor’s assistance to the Controller appears in item 12.

11. ERASURE

11.1 The Processor shall not erase the Controller's personal data (or other data) during the term of the Subscription unless the Controller requests the Processor.

11.2 On cessation of the Collaboration and associated processing of personal data, the Processor shall be under obligation, at the Controller’s discretion, to erase and return all the personal data to the Controller and to erase existing copies and password unless EU law or Member State law requires storage of the personal data.

11.3 Erasure of all forms of data at the Processor and Sub-Processors shall be conducted at latest 3 months after cessation of the Subscription and without notification. Premature erasure can be requested from the Processor.

12. INSPECTION AND AUDIT

12.1 The Processor shall make available to the Controller all information necessary to demonstrate compliance with Article 28 of the GDPR and this DPA.

12.2 The Processor allows for and contributes to audits, including inspections performed by the Controller or another expert (i.e. accountant or IT specialist) mandated by the Controller.

12.3 The Processor shall – insofar as the Controller desires – once a year obtain a customary and recognised report (i.e. inspection report or IT report) from an independent, expert third party with regard to the Processor’s compliance with this DPA and its associated appendices. The report is compiled at the Controller’s expense and the Processor is entitled to receive a copy of the report. If in this occasion a report has been compiled within the latest 12 months, the Processor may offer the Controller to receive a copy of this instead.

12.4 The Controller or the Controller’s representative shall in addition have access to inspecting, including physically inspecting, the processing at the Processor’s facilities when the Controller deems that this is required.

12.5 Inspection occur with a minimum of one months notice. Along with the notice, the Controller shall send a detailed plan with a description of scope, duration and the inspection starting date. The Processor shall, however, be under obligation to set aside the resources (mainly time) required for the Controller to be able to perform the inspection.

12.6 The Processor’s costs related to an audit and/or other forms of inspection (including internal time) shall be at the expense of the Controller and shall be settled in relation to the Processor’s time consumption.

12.7 This equally applies if the Controller requests documents or other material be handed over from the Processor for the purpose of controlling compliance with the DPA.

13. BREACH OF CONTRACT

13.1 The regulation of remedies follows the terms and conditions associated with the Subscription, cf. item 1.7.

14. LIABILITY AND LIMITATION OF LIABILITY

14.1 The Parties shall be responsible in accordance with the applicable rules of the law, subject to the limitations set forth in this section.

14.2 The Parties renounce any responsibility of indirekte losses and collateral damage, consequential loss, loss of goodwill, loss of savings and earnings including expenses for reclaiming lost earnings and loss of data.

14.3 The Parties’ responsibility of all the cumulated claims with regards to this DPA is limited to the aggregated due payments in accordance with the main service for the 6 months period that precedes the harming act.

14.4 If the DPA has not been in operation for 6 months, the amount is calculated as the agreed upon payment of the services the period that the DPA has been in operation divided by the amount of months the DPA has been in operation and then multiplied by 6.

14.5 The following is not subject to the limitation of liability in this item 14:

14.6 Loss as a consequence of the gross negligence or intentional actions of the other Party.

14.7 Expenses and resource consumption at fulfilment of a Party’s obligations towards a supervisory authority or the registered as well as bøder imposed by a supervisory authority or a court of lay, in the extent that such entities have been prompted by the other Party’s negligence.

15. CHANGE

15.1 The Processor may without costs and with 1 month’s notice change the contents of the DPA.

16. COMMENCEMENT AND TERMINATION

16.1 The DPA may be replaced by an alternative valid DPA. The DPA shall not be terminated or cancelled separately in the Subscription’s term.

16.2 Regardless of the DPA’s cessation the agreement’s items 5.3 (confidentiality of employees), 11 (erasure/return), 14 (ansvar og ansvarsbegrænsning) and 17 (disputes) take effect after the DPA’s cessation.

16.3 The Processor can process and store the personal data in up till 3 months after the DPAs expires to the extent necessary to take the necessary statutory measures, cf. and item 11.2. In this period, the Processor has the right to let the data be included in their backup procedure.

16.4 During this period, The Processors handling is still considered to be in compliance with the instructions in the DPA.

17. DISPUTES

17.1 Handling of disputes related to the DPA are subject to the terms and conditions of the Subscription.

17.2 Unless otherwise agreed, the DPA is subject to Danish law and the Parties are entitled to demand the dispute settled by the common courts of law. The Court of Glostrup has been chosen as venue of the first instance.

Appendix 1

PURPOSE

This appendix elaborates on the contents of the DPA including as regards to the concrete personal data that is processed on behalf of the Controller.

TYPES OF PERSONAL DATA

The agreement entails that the Processor processes the following categories of common personal data:
Name
Telephone number
Email address
Address
Payment details
Type of Subscription
Furthermore, the following categories of sensitive personal data are processed, cf. item 1.2
Political, philosophical or religious conviction
Circumstances surrounding union affiliation
Race or ethnicity
Health data
Sexual relations or sexual orientation
Criminal circumstances
Genetic or biometric data with the sole purpose to identify a natural person

THE PROCESSING INCLUDES THE FOLLOWING CATEGORIES OF PERSONS

The Controller's customers
The Controller's employees
The Controller's members
The Controller's owners
The Controller's collaborators

Appendix 2

SUB-PROCESSORS

The Processor has the Controller’s general consent for the engagement of Sub-Processors.
The Processor shall, however, inform the Controller of any planned changes with regard to additions to or replacement of other data processors and thereby give Controller the opportunity to object to such changes.
Such notification shall be submitted to the Controller a minimum of 30 days prior to the engagement of sub-processors or amendments coming into force.
If the Data Controller should object to the changes, the Controller shall notify the Data Processor of this within 14 days of receipt of the notification.
The Controller shall only object if the Controller has reasonable and specific grounds for such refusal.

LIST OF SUB-PROCESSORS AT THE COMMENCEMENT OF THE DPA

Internal systems:
e-conomic
Nordea
Atlassian
Google Workspace (calendar and email)

Hosting:
Amazon Web Services
Google Cloud Platform
Hetzner

Social media and marketing:
Google (website only, see cookie policy)
Facebook (website only, see cookie policy)
Mailchimp

Subscription and payment:
Reepay
ePay/Bambora
Stripe
Clearhaus

Supportsystems:
Intercom
Slack
3CX (JED ApS)

Privacy Policy

for

IEX ApS

relating to

processing of personal data

Privacy Policy

Thank you for your visit to our website and that you have chosen to use our services.

It is important for us that we protect and respect your privacy when you have chosen to use our services.

In addition to being the preferred provider of integrations, our ultimate goal is to treat your personal data properly and appropriately, so you can feel comfortable using our services.

We have high ethical standards and have established strict internal procedures that ensure that we treat your personal data in the best possible way.

In our privacy policy, you can read the terms of the processing of your personal data and the rights you have in connection with the use of our website / services / app.

If you have questions or comments about our privacy policy – or would you like to contact us by the way, please feel free to contact us.

What services do we deliver

Our company delivers data integrations.

For this purpose, we collect a number of data about you.

In the other menus, we have elaborated on what we collect, why we do what we do to protect your data from which we collect the personal data and what rights you have in that regard.

What is personal data

Personal data can be many things.

It may be name, address and phone number. It can also be a picture or an IP address.

Personal data are all kinds of information that can be used to identify a person. It is therefore not only the individual information that determines whether something can be called personal data.

If multiple personal data together can not identify a person, but together, they have the character of personal data.

We collect personal data in several ways

We collect personal data about you in the following ways:

When using our app and website.

When using our services

When you buy our products online

When you are in contact with our customer service

When you sign up for our newsletter

When you participate in promotions, competitions or studies

When you give us the personal data

When you provide information to third parties with whom we cooperate

When we buy services and data from other companies

You can in the menu below why we do it and on what basis we do.

We use your personal data in several ways

Here you can read the following:

● That we collect and use your personal data for specific purposes

● We delete your personal data when they are no longer necessary

● That we continuously check and update your personal data

● That we pass your personal data in certain cases

We collect and use your personal data for specific purposes

The purpose of collecting and using your personal data can be divided into the following categories:

1) In the first category there are certain personal data we need to know about you in order to provide our service to you. For example, your name, your address, your phone number and your email, ie. necessary identification and contact information. This thus constitutes our legitimate ‘treatment basis’. If we can not process these personal data, we can not provide our service to you.

It may also be that we have a different treatment basis, for example. that it follows from the law that we must register and store certain personal data. For example, personal data are used for our compliance with tax law and the accounting act.

If we wish to use your personal data in a different way from what we collected, because it was necessary, we will inform you if the ‘framework’ for the original purpose is exceeded. We do so before we get started and inform you at the same time.´

2) In the other category, there are certain personal data that we would like to know about you so that we can improve our products and services / adapt our communications and marketing to you / customize business partners’ communication and marketing to you and further optimize your relationship with us so we can offer you exactly the services and products you need.

It is also collecting personal data about the traffic on our website, including IP addresses and location of cookies on your computer. This may be necessary for our website to work properly.

None of the personal data in Category No. 2 is strictly necessary in order for us to provide our service to you. Therefore, you must expressly consent to collect and use these personal data.

Our treatment basis in this regard is your consent.

Your consent is voluntary and if you have given us, you can withdraw it at any time by contacting us at the contact details at the bottom of our Privacy Policy.

[Please note that, under current Danish law, we are entitled to contact you as a customer offering our own products, similar to those you previously purchased from us. This applies if we have received your email address in connection with your purchase and regardless of your specific consent. If we contact you with such offers, we will clearly present you to the opportunity to waive similar requests in the future].

If we wish to use your personal data in a different way from what we collected for your consent, we will always ask for your renewed consent if the “frame” for the original purpose is exceeded. We do so before we get started and inform you at the same time.

3) In the third category, there are certain personal data that we keep in order for us to take care of our interests in the future if there is a need for it. Our treatment basis is then ‘legitimate interests’, as understood in current personal data law.

This means, among other things, that from a concrete assessment we store your personal data for a period of time. The time period and the extent of the personal data for this treatment are determined by the criteria you can see in the section ‘We delete your information when they are no longer necessary’.

We delete your personal data when they are no longer required

We make a discretion to see when we no longer need your personal data. When we no longer need the personal data for the purpose we collected them, we will delete them.

We include weight on

– What service we have provided, for example. whether we have delivered a product or advice as mentioned in the following sections

– How long since it was, we had a relationship with you as an employee, customer, collaborator or something else

– If there has been dialogue or correspondence since then

– If we know you contact us on a regular basis, for example. every six months to order new items, as we would like to give you as good service as possible

– If you have consented to storing your personal data, including for subsequent marketing efforts

– What responsibility we take for you and what responsibility we risk in relation to our advice

Some personal data must be kept for a minimum of 5 years for reasons of legislation, including Bookkeeping Act. For example, it is personal data for the purpose of issuing invoices, so we can settle tax and VAT correctly document it to the authorities.

We do this in order to take care of our financial interests and legal status if anyone thinks we acted in a responsible manner.]. In that case we must be able to document what personal data we have received, what agreement was made with the customer and what we have done in relation to the customer so that we can take care of our interests. We ‘clean’ the documents for the personal data that are not necessary.

We continuously review and update your personal data

We regularly check that the personal data we treat about you is not incorrect or misleading.

We will do this by sending a confirmation at the conclusion of the agreement, about the personal data we have registered about you.

You can use the contact information at the bottom to notify us of your changes.

We pass on your personal data in these cases

We do not sell, we do not publish and we do not otherwise convey your personal data to others unless:

● It is necessary for us to perform our service to you, or

● It is necessary for us to comply with the law, or

● You have consented to it, or

● It is necessary to protect a collaborator or third party (there are strict regulations in the law to pass on personal data on this basis)

● It is part of our use of data processing, both inside and outside the EU

If necessary

We collaborate with selected and trusted partners to provide our service to you, including: our own intra-group companies, collaborators, subcontractors, computer operators. To them we provide the necessary personal data so that we can deliver our services to you as a whole.

For example, being outsourcing of our IT systems. It may also be the Central Personnel Register, in order for us to update any name or address changes in databases about our customers.

If you have consented

We pass personal data to companies, organizations or individuals outside our company and group, if we have your consent. If required by law, or to protect ourselves, a collaborator or a third party. In some cases, the legislation allows us to disclose personal data without your consent. Sometimes should we do it. Other times can we do it. To the extent permitted by law, we may disclose personal data in order to protect or enforce our rights. The same applies to rights belonging to our collaborators and third parties.

Examples where it may be relevant are, for example, in connection with fraud prevention or other crimes.

Our use of computer users, both inside and outside the EU. We obtain your consent before disclosing your personal data to third-party partners unless they act as our data servers. For example, a third country can be certain countries in Africa. The United States is not a third country because of the so-called Privacy-Shield Agreement between the United States and the EU if the US company has signed up with the Privacy Shield Agreement.

If we pass your personal data to third countries, we have ensured that their level of personal data protection fits the requirements we have set for ourselves in this policy and the requirements we are subject to in terms of legislation.

You have many rights

In this section you can read that you have a number of rights in connection with our processing of your personal data, including that you have:

● Right to have incorrect personal data corrected

● Right to access your personal data and obtain a copy

● Right to delete your personal data

● Right to demand restriction

● Right to object to treatment

● Right to revoke consent

● Right to request information about transfer to countries and organizations outside the EU

● Right to avoid profiling

● Right to complain about our processing of your personal data

If you want to know more or take advantage of your rights, please contact us via the contact form at the bottom.

Right to receive incorrect personal data

We verify that the personal data we treat about you is not incorrect or misleading. We do this by sending a confirmation of data in an email when creating the customer relationship.

You are entitled to correct (corrected) your personal data, which we hold.

Right to delete your personal data

You may at any time require to delete your personal data that we possess. If we no longer have the purpose of having the personal data, we will delete them as soon as possible after your request.

Right to require treatment limitation

You may at any time request to restrict the processing of your personal data.

Right to object to treatment

You are entitled at any time to object to the processing of your personal data. This includes the right to object to the use of personal data for marketing purposes. We will promptly address your opposition if you make such a statement.

Right to revoke consent

You may revoke the (or any) consent (s) you have given us at any time.

Right to require information about transfer to countries and organizations outside the EU

You are entitled to be informed whether we pass personal data to a non-EU country.

We may disclose that we forward personal data to IT companies that act as our data servers in the US and Canada

All our US data servers have joined the Privacy Shield Agreement (read more here: https://www.datatilsynet.dk/erhverv/tredjelande/eu-us-privacy-shield/) and have undertaken to comply with applicable personal data law.

We can therefore pass the personal data to the companies.

Right to avoid profiling and to make automatic decisions

You are entitled at any time to prevent us from making profiles of you and your personal data or making automatic decisions.

Complaint

We make every effort to ensure that your personal data is treated with confidence and that your rights are protected and we regularly review our procedures and the handling of personal data.

If in your opinion, we do not treat your inquiry and your rights in accordance with the law, please contact us, please. email with the text “complaint” in the subject field.

You can write to us at kontakt@iex.dk.

We will then expedite your inquiry to a senior employee in our company so that any misunderstandings and mistakes can be investigated.

If you continue to believe that we do not process your inquiry and your rights in accordance with the law, you may appeal to the Data Inspectorate via:

data Protection Agency

Borgergade 28

1300 Copenhagen K

Phone: 33 19 32 00

www.datatilsynet.dk

Children

Our company is targeted adults. We do not collect conscious personal data from and to children.

We are realistic about that for example. Children’s use of electronic devices can never mean 100% security that we do not receive personal data about children.

We have tried to adapt our systems to the best of our ability so that we can not receive personal data from children and we will immediately delete the personal data if we become aware that we have accidentally received personal data about children.

If you are a parent or guardian and believe that your child has provided personal information to us deliberately or unconsciously, please contact us as soon as possible through our contact form at the bottom of the page.

We are committed to protecting your personal data. Both because it follows from the legislation, but also because our own internal code of ethics requires that we take good care of your personal data.

We use relevant and sound technical and organizational security measures to ensure that unauthorized access to the personal data we store is not created. The purpose of this is to ensure that personal data are not used, destroyed, modified, published or otherwise misused.

In this section you can read that

● We have internal rules on information security in relation to personal data

● We have implemented IT technical security measures

● User behavior is important to ensure a sufficiently high level of security

● We advise affected persons if there is a risk of or a proper data break

We have internal rules on information security that contain guidelines and procedures.

This includes, among other things, that personal data is only available to the (or those) employee (s) who need it.

Employees who need to handle personal data have signed a silence statement.

Included in our rules on information security is also that we regularly train our employees in the correct handling of personal data and ensure that the rules are met by the employees.

IT technology, among other things, has implemented the following measures:

● Installed antivirus on all IT systems that handle personal data

● Installed password on computers with regular renewal requirements

● Continuous backup of all IT systems that handle personal data

● Installed personal data processing systems that comply with industry requirements and guidelines

● Limitation of access to personal data, so that only those employees who need it have access. And only to the extent that it is necessary

Page

● Checking employees’ actual access to personal data through logging and supervision

● Investigation of whether the personal data we use can be used in anonymous or pseudonymized form. We will do so if it does not adversely affect our service and obligations to you

● Have entered into data processing agreements with suppliers that process personal data on our behalf to ensure that processing is in accordance with the laws and our own rules and ethical standards

● Implementation of risk assessment and documentation of all IT systems that handle personal data. We do this to ensure that we have an informed basis for the level of security for the processing of personal data

Risk and Disclaimer

The greatest danger of misuse of personal data is due to people’s own actions.

It is up to the individual to take good care of his own personal data (eg never provide passwords to others), and it is up to our company to take into account human interference.

Even though we have taken the above steps to limit the risk of personal data processing, it can not represent a 100% assurance that no unintended events occur.

We therefore disclaim any loss resulting from unintended events relating to our use and processing of your personal data to the extent that we can do so under applicable law.

We can not be held liable for any loss arising from the use of our company, our products and services, our website, systems, apps and other software to the extent that we can do so under applicable law.

We recommend that you also take steps to secure your personal data yourself.

You can do this by closing your browser after use, by logging out of all accounts after use, by installing antivirus antimalware and other software that can improve the security of your computer.

We recommend that you continuously update software, the apps you use, your computer, and mobile devices, and never provide your password to others.

Information

As mentioned, we have taken a large number of steps to ensure the processing of your personal data.

Should our IT systems and other security measures be compromised, we will notify you without undue delay if compromise entails a high risk of your rights and freedoms.

Links to other service providers

On our website and in our app (or other)] there may be links to other websites that do not belong to our company.

We are not responsible for the content on these websites and our privacy policy does not apply to these companies’ websites.

Contact Information

IEX Integration is data manager and ensures that your personal data is processed in accordance with the law:

IEX Integration ApS

Address: Herstedvang 7A – 2nd th.

CVR: 35527710

Phone number: +45 32 22 43 44

Mail: kontakt@iex.dk

Website: https://iex.dk

Updating our personal data

We update our personal data policy when we consider it necessary. This may be, for example, when we provide new services and products.

When we make changes to the personal data policy, we will mention it below.

About this cookie policy