Terms and conditions - Abicart

General terms and conditions

General terms and conditions
1. The following general terms and conditions (the "Terms") always apply, unless otherwise agreed in writing, between Abicart AB, org.nr 559202-5406 ("Abicart") and the purchaser and user of Abicart's services (the "Customer"), with regard to all services, of whatever kind they may be, such as but not limited to Abicart e-commerce platforms (the "Platform") and related additional services (the"Services"). Abicart and the Customer are hereinafter referred to jointly as the "Parties" and individually as a "Party". The terms and conditions and agreements entered into between the Parties regarding the Services are hereinafter collectively referred to as the "Agreement". The Terms are updated from time to time and are available on Abicart's website www.abicart.com. The Terms are an integral part of the Agreement.
2. Abicart is entitled to amend or supplement the Terms at any time and in such manner as Abicart deems appropriate, without the Customer's prior approval. Updated versions of the Terms will be made available to the Customer by publication on Abicart's website. The Terms will enter into force from the date of such publication. In the event that Abicart offers new services or functions to the Services, these shall, unless otherwise expressly stated, be subject to the Terms.
3. For the avoidance of doubt, a Customer shall also be deemed to be any company or person who has accepted Abicart's offer, created a subscription or account on Abicart's website or used the Services and thereby entered into an Agreement with Abicart.
The Services
1. Abicart has the right at any time, without prior notice, to change the design of the Services and its functions, as well as the way in which the Services are provided. Abicart also has the right to implement updates, develop, improve and modify the Services to the extent that Abicart deems necessary or appropriate. Such changes may result in the modification, discontinuation or addition of certain features of the Services.
2. Abicart has the right, when required for maintenance, technical or security reasons, to take measures that may affect the availability of the Services. If the Customer's use of the Services risks harming Abicart, is in violation of applicable law, the Terms or Abicart's express instruction, or otherwise if Abicart deems necessary, Abicart has the right to immediately block the Customer's access to the Services without prior notice. In the event that access to the Services is blocked or restricted in any way, the Customer shall be notified of the actions as soon as Abicart deems reasonably possible.
3. Abicart provides support for Customers via email, chat and telephone. Email, chat and phone numbers are available at www.abicart.com.
Subscription and termination
1. The Services shall be offered in subscription form with an optional binding period unless otherwise agreed ("Subscription"). All Subscriptions are payable in advance in accordance with Abicart's payment terms. The Customer may at any time choose to change the payment method for the Subscription and such a change will take effect after the end of the current binding period.
2. If the Agreement has not been terminated by the Customer no later than 1 (one) week before the end of the Subscription's binding period, the Agreement shall be automatically extended further by a period corresponding to the chosen binding period for the previous Subscription.
3. Abicart has the right to terminate the entire Agreement or parts of the Agreement or certain services in writing with 80 days' notice.
4. In addition to what is otherwise stated in the Agreement, Abicart has the right to terminate the entire Agreement or parts of the Agreement or certain service with immediate effect, without the right for the Customer to recover any part of the fee, if
  1. The Customer commits a material breach of the Agreement and does not remedy such breach within 30 days of the breach being notified in writing;
  2. the Customer becomes bankrupt, subject to corporate reorganization, files for composition, suspends payments, goes into liquidation or is otherwise deemed insolvent; or
  3. misuses the Services, violates laws, regulations, official decisions, or if a change in legislation means that the Services can no longer be provided.
5. Abicart shall notify the Customer in writing without unreasonable delay after the circumstance entitling to termination became known to Abicart.
Charges
1. Fees for the Services are payable in accordance with the price list applicable at any given time. Upon the Customer's payment, the binding period chosen by the Customer is activated immediately. If the Customer has chosen invoice payment, the binding period is activated immediately and an invoice is issued at the time of activation with invoice terms of 30 days (unless otherwise agreed).
2. Temporary promotional prices do not affect ongoing Subscriptions or agreed fees.
3. In the event that Abicart offers a free trial period for the Services, the Customer must, after the end of such trial period, subscribe to a Subscription for continued use of Abicart's Services.
4. When upgrading a Subscription, the Customer shall be charged for the difference between the new and old Subscription for the current payment period. The current binding period is not affected by upgrading a Subscription for a store package.
5. If the customer wishes to switch to a cheaper Retail Package Subscription, this can only be done after the end of the current binding period.
6. In the event of late payment, penalty interest is charged at twelve (12) percent per month or part thereof after the due date. Abicart is also entitled to compensation for any collection costs and payment reminders that arise as a result of the delay.
7. For the avoidance of doubt, in the event of late payment under these Terms, Abicart has the right to restrict the Customer's access to the Services.
8. Any objection to an invoice or other claim for compensation must, in order to be enforceable against Abicart, be made within five (5) days after the circumstance giving rise to the objection or claim was discovered or should have been discovered, and no later than two (2) months from the Customer's receipt of the allegedly incorrect report or invoice.
Transfer of Subscriptions
1. The Customer may transfer Subscriptions to another party, provided that the new party meets Abicart's customer requirements and undertakes to comply with the Terms and Conditions and payment obligations for the transferred Subscription from the time of transfer, meaning that the withdrawing Customer is not liable for payment for obligations arising after the time of transfer and that the incoming Customer is not liable for payment for obligations arising before the time of transfer.
The Customer's liability
1. The Customer shall indemnify Abicart for damage, including indirect damage, which Abicart and its representatives suffer as a result of the Customer's, the Customer's representatives' and the Customer's subcontractors' use of the Services in violation of applicable laws and regulations. The same applies to technical abuse where the Customer, the Customer's representatives or the Customer's resellers spread malware, viruses, Trojans, spiders, etc. in or through the Services.
2. The Customer is responsible for all actions and activities undertaken by the Customer, the Customer's representatives or subcontractors of the Customer, within the framework of the Services and for material that it makes available on or through the Services. The Customer is responsible for ensuring that sensitive information such as login information, passwords and the like are handled without risk of access by unauthorized persons. In the event that the Customer suspects or should suspect that an unauthorized person has gained access to the user account, the Customer is obliged to take immediate action to restrict access to the Services and immediately notify Abicart.
3. The Customer undertakes not to publish offensive material or material whose publication infringes the rights of third parties. Abicart reserves the right to determine when material is considered offensive or infringing. Abicart has the right to refuse to enter into an agreement with the Customer or to immediately suspend the Customer's subscription if the Customer publishes material that Abicart deems to be offensive or infringing. The Customer shall also indemnify Abicart in the event that the Customer's or the Customer's representative's use of the Services should give rise to liability for compensation for Abicart in relation to third parties.
Limitation of liability and liability for damages
1. Abicart makes no warranties, either direct or indirect, regarding the content, function or availability of the Services.
2. Abicart does not exercise any control over the transactions carried out on the Platform on behalf of the Customer. Abicart is not liable for direct or indirect damages and financial losses due to errors, delays, imperfections, interruptions, non-delivery of data, lack of availability or similar circumstances or events in connection with transactions on behalf of the Customer. The Customer is thus responsible for ensuring that it has the correct Subscription or transaction fees via, for example, third-party providers.
3. Abicart does not guarantee continuous, uninterrupted or secure access to the Services, nor is it responsible for any technical disruptions. Abicart also does not guarantee that technical errors will be corrected within a certain time or that the Services or the servers required for the Services to function are free of malicious components. Technical disruptions may prevent the Customer from using the Services. Abicart is not responsible for the availability of the Services or loss of data.
4. In no event shall Abicart be liable for any indirect damage or loss arising under or in connection with this Agreement, including but not limited to loss of profit, loss of reputation or goodwill, loss of production, loss of business or business opportunities, loss of income or anticipated savings, or loss of and/or damage to data or information. This applies regardless of how the damage or loss was caused (including damage or loss caused by negligence) and whether or not the damage was foreseeable at the time of entering into the Agreement (even if the Customer was informed of the risk of such damage or loss).
5. Abicart's total liability during the term of the Contract in relation to any damage or other loss (howsoever caused, including damage or loss caused by negligence) arising under and/or in connection with the Contract shall be limited to an amount equal to one hundred percent (100%) of the fee paid by the Customer to Abicart for the Services in the immediately preceding twelve (12) months before the damage occurred.
Handling of personal data
1. By accepting the Terms, the Customer also accepts Abicart's data processing agreement regarding Abicart's processing of personal data on behalf of the Customer. The Data Processing Agreement is an integral part of the Terms and is attached as Appendix 1.
Right of withdrawal
1. According to the Distance and Off-Premises Contracts Act (2005:59), there is a 14-day withdrawal period for consumers. By ordering the Services, the Customer agrees that Abicart will begin the performance of the Services ordered before the specified withdrawal period of 14 days has expired. This means that the right of withdrawal for a customer who is a consumer under the stated law does not exist.
Force majeure
1. If Abicart's fulfillment of its obligations under the Agreement is prevented due to circumstances beyond Abicart's control and which Abicart could not reasonably be expected to have anticipated at the time of entering into the Agreement and the consequences of which Abicart could not reasonably have avoided or overcome, such as general labor dispute, war, fire, lightning, flood, pandemic, epidemic, quarantine, virus outbreak, terrorist attack, changed government regulation, government intervention, this shall constitute grounds for exemption from damages and other penalties. If this paragraph is invoked, Abicart shall notify the Customer in writing without undue delay. If such notice is not given without unreasonable delay, the circumstance shall not constitute grounds for release from Abicart's performance of its obligations under the Agreement. If Abicart's performance of the Agreement is substantially prevented for a period of more than three (3) months due to the circumstances described in this paragraph, the Customer may terminate the Agreement in writing with immediate effect.
Intellectual property rights
1. Abicart owns exclusive rights to all rights, intellectual property rights, to the Services, including but not limited to rights relating to trademark, trade name, design, text and software, with the exception of certain rights owned by Abicart's licensors. Nothing in the Agreement shall be construed as transferring any of these rights in whole or in part to the Customer. Any copying, modification, transfer, licensing and/or other use of the Services is prohibited.
2. The Customer understands that unauthorized use of Abicart's intellectual property rights constitutes a breach of contract under the Agreement and may otherwise constitute a criminal offense. Abicart is entitled to take legal action against the Customer in the event of such unauthorized use of Abicart's intellectual property rights.
Applicable law and disputes
1. This Agreement shall be interpreted and applied in accordance with Swedish law.
2. Disputes arising from this Agreement shall be settled by a general court with Gothenburg District Court as the first instance.

Last updated 2024-08-05

Summary of Terms and Policy

These are the terms and conditions that apply to the services offered by Abicart AB, a company that provides e-commerce platforms and other services. The agreement between Abicart and its customers is governed by these terms and conditions. The parties to this agreement are referred to as "parties" and each party is referred to as a "party". The agreement is concluded when the customer orders the services and accepts the terms.

Abicart has the right to change or supplement the Terms without prior notice, and the updated version will be available to the Customer and any changes will apply from that date. Abicart offers support to customers via email, chat and telephone.

The services offered by Abicart are usually provided on a subscription basis, and all subscription packages are prepaid and automatically renewed according to the customer's chosen subscription period. Customers may change their subscription period or payment method at any time during the subscription period, and any changes will take effect after the end of the current subscription period.

Abicart is not liable for any direct or indirect damages or financial losses resulting from errors, delays, interruptions or other circumstances or events in connection with transactions made on Abicart's e-commerce platform on behalf of the Customer. Abicart cannot guarantee that the services will function flawlessly and continuously, and the services may be affected by factors and circumstances beyond Abicart's control, such as technical disruptions, failures in the customer's digital device or network or viruses.

Customers are responsible for complying with Swedish and international legislation when using the Services. Customers are also responsible for all actions and activities they perform within the framework of the Services and for all material they make available on or via the Services.

Abicart uses cookies on its website in accordance with its cookie policy to improve visitors' user experience, collect statistics on the number of visitors to the website and obtain information on how the website is used. By using Abicart's e-commerce platform, customers accept the use of cookies on the website in accordance with Abicart's cookie policy.

Appendix 1: Data Processing Agreement

1. GENERAL
1.1. This Data Processing Agreement is an integral part of Abicart's general terms and conditions and always applies, unless otherwise agreed in writing, between Abicart and the Customer when Abicart processes personal data on behalf of the Customer.

2. DEFINITIONS
2.1. Unless otherwise specifically stated, the definitions in Abicart's General Terms and Conditions shall also apply in this Data Processing Agreement.

To the extent that Regulation (EU) 2016/679 of the European Parliament and of the Council (the "Data Protection Regulation") contains terms that correspond to those used in this Data Processing Agreement, such terms shall be interpreted and applied in accordance with the Data Protection Regulation.

In this Data Processing Agreement, the following terms shall have the following meanings

‍a) "Processing" means any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(b) 'Personal data' means any information relating to an identified or identifiable natural person, an identifiable natural person being one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

c) "Personal Data Breach" means a security incident resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

d) "Applicable Regulations" means the General Data Protection Regulation and other laws and regulations applicable to the Processing of Personal Data from time to time.

3. CUSTOMER'S RESPONSIBILITIES
3.1. The Customer, as data controller, shall be responsible for ensuring that all Processing of Personal Data is carried out in accordance with this Data Processing Agreement and the Applicable Rules.

3.2 The Customer shall provide Abicart with the information and Personal Data necessary and appropriate for Abicart to fulfill its obligations under this Data Processing Agreement and Applicable Rules.

3.3 The Customer shall immediately provide Abicart with correct information in the event that the documented instructions are incorrect, incomplete or otherwise need to be changed.

3.4 By signing this Agreement, the Customer confirms

3.5. that the Customer has a legal basis to process and disclose the relevant Personal Data to Abicart (and to any sub-processors used by Abicart),

3.6. that the Customer is solely responsible for the accuracy, integrity, content, reliability and lawfulness of the Personal Data provided to Abicart

3.7. that the Customer has complied with any mandatory requirements and obligations to notify or obtain authorization from relevant authorities for the Processing of Personal Data

3.8. that the Customer has complied with its obligations to provide relevant information to its customers in relation to the Processing of Personal Data under the Applicable Rules

3.9. that Abicart has provided guarantees regarding the implementation of technical and organizational security measures sufficient to protect its customers' privacy and Personal Data; and

3.10. that when using the services provided by Abicart, the Customer does not transfer to Abicart any sensitive Personal Data, or data relating to criminal convictions and offenses. If such transfer occurs, Abicart cannot be held liable for improper Processing of such sensitive Personal Data.

3.11. The Customer shall provide Abicart with documented instructions. These shall, inter alia, but not exclusively, regulate the Personal Data to be Processed, the subject matter of the Processing, the duration and scope of the Processing, the nature and purpose, the type of Personal Data and categories of data subjects, the obligations and rights of the Customer and Abicart, and the scope of safeguards and other IT and security related obligations. The Customer's documented instructions are attached to this Data Processing Agreement as Appendix 1A.

3.12. The Customer shall provide all information that may be necessary for Abicart to fulfill its contractual obligations to the Customer.

4. PROCESSING
4.1. Abicart shall only process Personal Data on behalf of the Customer in accordance with this Data Processing Agreement and Applicable Rules. Abicart shall not, without Customer's consent, order from authorized supervisory authority or mandatory legislation, collect or disclose Personal Data from or to any third party unless otherwise agreed in writing, change the method of Processing, copy or recreate Personal Data or otherwise Process Personal Data for purposes other than those specified in the documented instructions.

5. TRANSFER
5.1. Abicart may not, without the Customer's consent, transfer any Personal Data to a state outside the EU/EEA if such state is not on the European Commission's list of countries with an adequate level of protection, with the exception of transfers of Personal Data to recipients against whom Abicart has taken appropriate safeguards, such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).

5.2 Any transfer not covered by the above requires the Customer's written consent and an assurance that such transfer is in compliance with the Applicable Rules.

6. IMPLEMENTATION OF CHANGES
6.1. Abicart shall implement changes, deletions, restrictions and transfers at the express request of the Customer, unless such request is in breach of this Data Processing Agreement or the Applicable Rules.

7. DISCLOSURE OF PERSONAL DATA
7.1. Abicart shall not disclose Personal Data or information about the Processing of Personal Data without the prior consent of the Customer, except where ordered to do so by an authorized supervisory authority or where Abicart is obliged to do so under the Applicable Rules.

7.2 Abicart shall notify the Customer without undue delay if Abicart is contacted by a competent supervisory authority, data subject or third party for the purpose of gaining access to Personal Data processed by Abicart.

8. CONTROL OF COMPLIANCE
8.1. The Customer is entitled to, itself or through a third party, conduct an audit against Abicart or otherwise verify that Abicart's Processing of Personal Data complies with this Personal Data Processing Agreement and Applicable Provisions. In the event of such audit or control, Abicart shall provide the Customer with the assistance needed to carry out the audit.

8.2 Abicart shall, upon request and without undue delay, demonstrate compliance with the obligations under this Data Processing Agreement and Applicable Rules. This includes, but is not limited to, an obligation to provide documentation, demonstrate compliance with approved codes of conduct or certifications and enable and assist the Customer to carry out necessary audits and inspections.

8.3 Abicart shall provide the Customer with access to all Personal Data processed by Abicart on behalf of the Customer. This also includes access to information and documents that the Customer needs to exercise control over Abicart's compliance with this Data Processing Agreement and Applicable Rules. Such access shall be provided without undue delay, but no later than 20 days from the Customer's express written request.

9. SECURITY AND SECRECY
9.1. Abicart shall evaluate the risks of the Processing and take measures, such as encryption, to mitigate them. The measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation in relation to the risks and the type of Personal Data to be protected.

9.2. Abicart shall take steps to ensure that any natural person and legal entity performing work under Abicart's supervision, and who gains access to Personal Data, only processes it on the instructions of that Customer.

9.3 Abicart is responsible for ensuring that each natural person who has access to the Personal Data processed under this Data Processing Agreement has sufficient knowledge and training to securely and appropriately process the Personal Data.

9.4 If Abicart intends to make changes to how Personal Data is processed or otherwise make changes that may affect the security of the data subjects, the rights of the data subjects or compliance with this Data Processing Agreement or applicable law, Abicart shall inform the Customer in writing in advance. The Customer shall give its consent to such changes.

9.5 Abicart undertakes to process Personal Data and other information related to this Data Processing Agreement in accordance with applicable privacy legislation. The personnel who process Personal Data have entered into specific confidentiality agreements and have been informed that there is a duty of confidentiality under contract or national law.

9.6 Abicart shall ensure that all employees, consultants and others for whom Abicart is responsible and who process Personal Data are bound by an appropriate confidentiality undertaking and that they are informed of how the processing of Personal Data may take place.

9.7 Abicart is responsible for ensuring that the persons who have access to the Personal Data are informed about how they may process the Personal Data in accordance with the documented instructions from the Customer. Abicart shall also ensure that adequate authorization control exists.

10. TECHNICAL AND ORGANIZATIONAL MEASURES

10.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risks, of varying likelihood and severity, to the rights and freedoms of natural persons, Abicart shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, where appropriate, pseudonymization and encryption of Personal Data, the ability to ensure the confidentiality, integrity, availability and resilience of the processing services and systems on an ongoing basis, the ability to restore availability and access to Personal Data in a timely manner in the event of a physical or technical incident, a procedure to regularly test, examine and evaluate the effectiveness of the technical and organizational measures to ensure the security of the processing.

11. ESTABLISHMENT OF AN INVENTORY

11.1 Abicart shall keep a record of all categories of Processing carried out on behalf of the Customer, which includes the following:

11.2. the names and contact details of Abicart and the Customer on whose behalf Abicart is acting and, where applicable, of the Customer's or Abicart's representative and the Data Protection Officer

11.3. the categories of Processing carried out on behalf of the Customer

11.4 Where applicable, transfers of Personal Data to a third country or an international organization, including the identification of the third country or international organization and the documentation of appropriate safeguards

11.5 Where possible, a general description of the technical and organizational security measures.

11.6. Abicart shall draw up the list in writing, including in electronic form.

12. NOTIFICATION OBLIGATION

12.1 Abicart shall notify the Customer without undue delay in the event that the processing of personal data is in breach of this Data Processing Agreement, the General Data Protection Regulation or other legislation. Abicart shall then await instructions from the Customer.

13. PERSONAL DATA BREACHES

13.1 In the event of a suspected or detected Personal Data Breach, Abicart shall immediately investigate the breach and take appropriate measures to mitigate its potential negative effects.

13.2. If requested by the Customer, Abicart shall prepare a written description of the Personal Data Breach to be provided to the Customer within 48 hours. Such description shall at least include:

a) a description of the nature of the Personal Data Breach, including, where possible, the categories and approximate number of data subjects affected and the categories and approximate number of personal data records affected

(b) the name and contact details of Abicart's Data Protection Officer or other contact points where more information can be obtained

(c) a description of the likely consequences of the Personal Data Breach; and

(d) a description of the measures taken or proposed to be taken by Abicart to address the Personal Data Breach, including, where appropriate, measures to mitigate its potential adverse effects.

13.3. If and to the extent that it is not possible to provide the information at the same time, the information may be provided in batches without undue further delay.

13.4 Abicart shall assist the Customer in ensuring that its obligations under the Applicable Personal Data Breach Notification Rules are fulfilled, taking into account the type of Processing and the information available to Abicart. This also applies if the Customer suspected or detected a Personal Data Breach.

13.5 Abicart shall notify the Customer without undue delay, but no later than 30 hours, after becoming aware of a Personal Data Breach.

13.6 A notification as described above shall contain all the information necessary for the Customer to fulfill its obligations in relation to the supervisory authority.

13.7 The above notification obligation to the Customer also applies if Abicart for any other reason cannot fulfill the obligations under this Personal Data Processing Agreement or the documented instructions or becomes aware that Personal Data has been processed in violation of this Personal Data Processing Agreement.

14. ABICART'S OBLIGATION TO ASSIST THE CUSTOMER

14.1 Abicart shall, where necessary and upon request, assist the Customer in fulfilling the Customer's obligations arising from the provisions of the GDPR regarding the performance of data protection impact assessments and prior consultation with the relevant supervisory authority.

14.2. Abicart shall, where necessary and upon request, assist the Customer in fulfilling its obligations arising from the provisions of the GDPR regarding the rights of data subjects.

15. ABICART'S ENGAGEMENT OF A SUB-PROCESSOR

15.1 The Customer hereby gives Abicart prior consent to the engagement of sub-processors for the Processing of Personal Data under the Agreement and Applicable Rules.

15.2. Abicart shall list all sub-processors in Appendix 1B, which shall be available on Abicart's website. The Customer is responsible for keeping up to date on which subcontractors Abicart uses. In the event that the Customer objects to Abicart using a particular sub-processor, the Customer is entitled to instruct Abicart to cease all processing of Personal Data carried out by such sub-processor. In this case, Abicart cannot guarantee that the Services will function properly and therefore also reserves the right to terminate the Agreement.

15.3 In the event that Abicart or its sub-processor transfers Personal Data to a territory outside the EU or the European Economic Area ("EEA"), Abicart shall ensure that such transfer complies with the applicable requirements for adequate protection under the GDPR. For this reason, the Customer authorizes Abicart to enter into agreements according to approved standard contractual clauses with sub-processors on behalf of the Customer.

16. LIABILITY FOR DAMAGE

16.1 Abicart shall be liable to the Customer for damage arising from the Processing of Personal Data only if Abicart has not fulfilled the obligations under the Applicable Rules specifically addressed to Abicart or if Abicart has acted outside or in breach of this Data Processing Agreement.

16.2. Abicart shall escape liability as set out above if Abicart proves that it is not responsible for the event that caused the damage.

16.3 The Customer shall indemnify Abicart for the claims made against Abicart, provided that the claim is based on the Customer's inadequate or incorrect instructions to Abicart.

17. DURATION AND AMENDMENTS TO THE DATA PROCESSING AGREEMENT

17.1 This Data Processing Agreement is valid from the time it is signed by the Parties and during the time Abicart processes Personal Data in accordance with the Customer's instructions.

17.2 After the Processing on behalf of the Customer has been completed, Abicart shall return or delete the Personal Data, unless the retention of the Personal Data is required by law to which Abicart is subject. If the Personal Data is to be returned, it shall be done without undue delay and in a common and readable electronic format.

17.3 The Customer may only make changes to this Data Processing Agreement to the extent necessary to comply with applicable law.

17.4 A change to this Data Processing Agreement will take effect 30 days after the notification of the change has been received by Abicart.

17.5 Abicart may only require changes to this Data Processing Agreement to the extent necessary to comply with applicable law.

17.6 If the Customer intends to extend Abicart's Processing of Personal Data to new types of processing, this requires Abicart's express consent.

18. NOTIFICATIONS

18.1 Notifications and communications under this Data Processing Agreement shall be in writing.

18.2. Notices to Abicart shall be addressed to:

Abicart AB, Krokslätts fabriker 12, 431 37 Mölndal, Sweden
or emailed to gdpr@abicart.se.

18.3. Personal data breaches must always be reported by e-mail to the e-mail address gdpr@abicart.se.

19. ASSIGNMENT

19.1 A party is not entitled to assign its rights and/or obligations under this Data Processing Agreement in whole or in part without the prior written consent of the other party, unless otherwise expressly stated in Abicart's general terms and conditions.

20. DISPUTES

20.1 This Data Processing Agreement is governed by Swedish law.

20.2. Disputes arising from this Data Processing Agreement or Abicart's Processing of Personal Data shall be finally settled through the dispute procedure set out in Abicart's general terms and conditions.

Summary of the Data Processing Agreement

Abicart's data processing agreement is included as part of its general terms and conditions. The agreement defines terms such as processing, personal data, personal data breach and applicable regulations. The agreement also sets out the responsibilities of both the customer and Abicart, including the customer's obligations to provide accurate information, obtain authorization for the processing and disclosure of personal data, and to verify that Abicart complies with applicable regulations. Abicart is obligated to process personal data only for the customer's purposes and in accordance with applicable regulations, to take steps to mitigate the risks of processing, to inform the customer of any changes in processing practices or potential impact on the data protection or rights of data subjects, and to ensure that employees handling personal data are appropriately trained and committed to maintaining confidentiality.

The contractual provisions also cover the types of processing carried out by Abicart, the obligation to keep records of processing activities, the personal data breach notification requirements, Abicart's obligation to assist the customer, the use of subcontractors, liability, the duration of the contract and the applicable law in case of disputes.

Appendix 1A: Instruction for Abicart's processing of personal data

1. GENERAL
1.1. In order for Abicart to fulfill its obligations to shopkeepers, Abicart will, in accordance with these instructions, store personal data about the Customer and the Customer's customers as long as the Customer operates an e-commerce in Abicart's system. In the event that the Customer wishes to change the Processing, the Customer is responsible for updating or otherwise processing the instruction.

1.2 Unless otherwise specified, the definitions in Abicart's general terms and conditions and the personal data processing agreement entered into between Abicart and the Customer shall also apply in these written instructions.

2. PERSONAL DATA
2.1. The Customer authorizes Abicart to Process the following Personal Data:

a) For acting customers (if applicable):
Customer number
Customer type (Private individual, Corporate customer)
First name
Last name
Company/organization
E-mail address
Pers.nr
Address (and delivery addresses)
Postal code (and zip code for delivery addresses)
Telephone number
User name
Password
If customer wants newsletter
Payment method for customer
Membership for customer
Store's notes
Date/time of creation and modification of the record

b) For orders (if applicable):
Product number
Product
Order number
Price (if applicable)
VAT rate
Order value
Date/time
Canceled (yes/no)
Customer's IP number
Currency of the order
Language of payment
Payment method
Delivery status
Store listing

c) For registered partner (if applicable):
Company/organization
First name
Last name
E-mail address

2.2. The Customer undertakes not to store any other customer data in Abicart's system than what is stated in the list above.

3. OTHER
3.1. The Customer is responsible for updating or deleting the above information. Functions for exporting, updating or deleting customer data must be available in Abicart's e-commerce platform administrator settings. The Customer must be able to contact Abicart's customer service if the Customer has questions or needs help.

3.2 The Customer is responsible for signing data processing agreements with connected external systems (such as payment solutions, business and logistics systems). By using such external systems in the Abicart E-commerce Platform, the Customer is responsible for the data transferred to third parties and the Customer accepts that Abicart does not take any responsibility for such Processing.

Appendix 1B: Abicart's sub-processors

Abicart currently uses the following sub-processors:

a) Textalk AB, Krokslätts fabriker 12, 431 37 Mölndal, Sweden, corporate identity number 556586-1472 (for server operation, data storage, Abicart's parent company)

Abicart general advice to e-commerce owners

Advice for e-commerce operators on how to comply with the EU General Data Protection Regulation (GDPR). The advice includes appointing a data protection officer, checking the legal basis for processing personal data, documenting analytics, standardizing data protection requirements with suppliers, clearly informing customers about how their data is processed, focusing on customer rights, and deleting unnecessary data. The text also lists some of the key rights for customers under the GDPR, including the right to access their personal data, the right to have inaccurate personal data rectified, the right to have personal data erased, and the right to object to automated decision-making and profiling.

1. ORGANIZE
Appoint a responsible person for the organization's data protection work.

2. CHECK
Find out the legal basis for processing personal data in your organization (e.g. name and address to be able to deliver a product to a customer; the Accounting Act which requires you to keep an invoice for 7 years). The new regulations have brought several changes, and one that has had a major practical impact concerns the grounds for processing personal data. One important change regarding the processing of personal data in running text is that an exception that existed in PuL, the so-called abuse rule, now disappears. This means, among other things, that you must now document the legal basis that supports the processing of personal data that exists in running text and in other unstructured form.

3. DOCUMENT
The GDPR requires that the data controller organization must be able to show that it complies with the rules and also how it complies with the rules. This requires, in addition to the register inventory and impact assessments, that several analyses be documented, such as risk analyses on security measures.

4. STANDARDIZE
Make sure that your other suppliers have sufficient requirements for data protection measures. For example, a data processing agreement with attached instructions that are adapted to the GDPR.

5. INFORM
If you want to send newsletters to your customers, for example, the notification must be clear and voluntary for the customer. Inform your e-commerce platform (e.g. at the checkout) about the possibility of signing up for newsletters and the benefits of doing so. Your customer must be able to easily unsubscribe from your register as a recipient of newsletters, both with a link in any mailing and from your e-commerce platform.

6. FOCUS
Make sure that the data protection work carried out in the organization is permeated by the fact that the rights of the registered individuals (your customers) are in focus. Ensure that you have procedures in place to ensure that you can fulfill all the rights that data subjects have under the GDPR. Ensure that there is information on your website or other contact points so that individuals can obtain information on the processing operations carried out, on the rights of data subjects and how to exercise them. Review and delete unstructured forms of communication with customers, such as emails and call notes, if you do not need them to fulfill commitments to the customer. Never store information about a person's health, ethnic origin, political opinion, trade union membership or other particularly sensitive data.

The main rights of your customers are:
‍Tohave access to their personal data upon request.
To have inaccurate personal data corrected.
To have their personal data erased.
to object to the use of their personal data for automated decision-making and profiling