These Terms and Conditions is a part of the Agreement (the “Agreement”) between the Grundfos and the Customer for Grundfos’ sale and delivery of Grundfos Utility Analytics – in partnership with Baseform (“GUA”) - to the Customer.
GUA is one of the digital services (“Digital Service(s)”) offered by Grundfos.
1. Scope of Digital Service
1.1 Grundfos Utility Analytics is a dynamic, subscription-based software platform dedicated to urban water & wastewater networks, operating in the cloud, and offering holistic support to network operators, with capabilities ranging from operational network management, through monitoring and diagnostics, to strategic planning and long-term asset management. A list of the Digital Services and Associated Services selected by the Customer as part of GUA, will be included in the order acknowledgement.
3. Associated Services
3.1 The Customer will designate up to two contact persons who shall be the sole contacts for the coordination and receipt of the Associated Services. If Grundfos is unable to contact any designated contact person through the specified means for a period of time and such contact would be necessary for performing the Associated Services, Grundfos may refuse to perform the Associated Services until Grundfos or Grundfos’ third party supplier is able to contact a designated contact person in which case any response times set forth in the Agreement will be suspended for such period of time.
4. Ownership of data
4.1 The Customer will retain ownership to any data, which the Customer has provided to the Digital Service(s). The Customer grants to Grundfos: (i) during the term of the Agreement a non-exclusive, transferrable, worldwide, perpetual, irrevocable, royalty-free license to use the Customer’s data to provide service(s) to the Customer and applicable end-users; and (ii) a non-exclusive, transferable, worldwide, perpetual, irrevocable, unlimited, royalty-free license to use anonymized data.
5.1 The subscription for GUA will continue until terminated as agreed either below under General Terms clause 17 or by a party giving at least 3 months' written notice to the expiry of a billing cycle.
5.2 By Customer ordering additional km/miles of pipes covered by this Agreement during a billing cycle Grundfos will invoice Customer for a proportional fee until end of billing cycle.
5.3 By Customer ordering additional number of AMI meters covered by this Agreement during a billing cycle Grundfos will invoice Customer for a proportional fee until end of billing cycle.
6. Agreed price
6.1 Grundfos may adjust fees at the end of a billing cycle by giving Customer not less than 3 months written notice. Actual price is listed in the order acknowledgement.
7. Limitation to use
7.1 The Customer’s subscription will be subject to the following limitations:
a. The Customer shall submit to GUA data as agreed with Grundfos.
b. The Customer may only grant its own employees a user account with access to GUA; the Customer may not grant access to any third party (incl. employees of any affiliated company, representatives, supplier or any other third party), without Grundfos’ prior written consent.
7.2 It is considered material breach, if the Customer uses or attempts to use GUA or parts thereof in any other way than what is set out in the Agreement, including any breach of the limitations above.
8. Third party components
8.1 GUA includes components licensed under open source licenses and / or other third-party components subject to additional terms and conditions, incl. source code availability obligations. Copies of those licenses can be found here: https://baseform.com/np4/opensource.html. The Customer accepts to be bound by the terms and conditions of such licenses. By Customer’s breach of the licenses, the Customer is liable to Grundfos and direct claims from the issuing third party. The Customer's obligation applies regardless of whether a license to the software being part of the Digital Services delivered by Grundfos (i) has been obtained by Grundfos to the effect that the Customer derives its limited right from Grundfos; or (ii) has been obtained directly by the Customer. Disclaimers as well as limitations and exclusions of Grundfos’ liability set forth in the Agreement applies in addition to the Third-Party Notices.
B. General Terms and Conditions for Grundfos’ Sale of Digital Services
1.1. The parties have entered into the Agreement on delivery of Digital Services on the earliest of; (i) the Customer clicks a box indicating acceptance (ii) execution by both parties; (iii) Grundfos has confirmed the Customer’s order of Digital Service(s) in writing; or (iv) Grundfos has begun to provide the Digital Service(s) to the Customer.
1.2. Any person accepting an Agreement on behalf of the Customer represents and warrants to (i) have full legal authority to bind the Customer to the Agreement; (ii) have read and understand all parts of the Agreement; and (iii) agree, on behalf of the Customer, to the Agreement, including these General Terms and Conditions and the Specific Service Terms.
2.2. Customer shall deliver the required data to be processed in the Digital Service(s) in the agreed quality and format.
3.2. When using the Digital Service(s) with the Customer Facilities the Customer shall comply with all of Grundfos’ instructions as applicable from time to time.
3.3. The term “end-user” or “user” when used in relation to Digital Service(s) means any physical person (i.e. employee, representative, third party etc.) in any tier, including of sub-licensees (if any), who has access to the Digital Service as a result of the Agreement. The Customer is responsible for use of the Digital Service(s) by end-users having access to the Digital Service as a result of the Agreement.
3.4. The Customer shall ensure that no end-user will: (i) use the Digital Service(s) (a) for the collection, registration, storage, processing or manipulation of the Customer’s data in breach of the Agreement; (b) to obtain unauthorised access to systems or to unauthorised use the Digital Service(s) or content; (c) to store or transmit malicious code such as files, scripts, agents and programs intended to do harm, like time bombs, viruses, worms and/or Trojan horses and (d) in breach of applicable law in force from time to time and any rules and regulations issued in pursuance thereof (e.g. by interfering with or violating the integrity or security of a network or system; evading administrative or security restrictions; sending unsolicited, abusive or deceptive messages, viruses or harmful code; taking actions as described in Clause 3.4(i)(a) in breach of applicable law; or in breach of third party rights); (ii) copy, modify, frame, create a derivative work of, reverse engineer, decipher, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code(s) or algorithm(s), hardware or other technology contained within the Digital Service(s) (except to the extent permitted according to the conditions for performance of the specific Digital Service(s) or to the extent this restriction is expressly prohibited by applicable law) and (iii) create multiple applications or accounts to simulate or act as a single application or account (respectively) or otherwise access the Digital Service(s) in a manner intended to avoid incurring fees.
3.5. The Customer must notify Grundfos immediately in case the Customer becomes aware of any actual, threatening or suspected abuse of the Digital Service(s), including but not limited to any use in conflict with Clauses 3.1-3.4 or in case the Customer by fault or otherwise gains access to third party data (e.g. digital services or data of Grundfos’ other customers).
3.6. The Customer shall obtain and maintaining all necessary authorisations, permissions, licences and consents to use, provide, store and process the content of the Digital Service(s), which must also grant the right to Grundfos to do the same on the Customer’s behalf if necessary, for Grundfos’ delivery of the Digital Service(s). Grundfos shall obtain and maintain such permits, authorisations, licences, approvals and consents, which are strictly necessary or required by applicable law for Grundfos’ delivery of the Digital Service(s) as such and the remedying of defects (if any).
3.7. The Customer shall possess (access to) and is responsible for any premises, equipment, software, networks (the Customer’s or third party’s), third party licenses, documentation etc. which are not included in the Digital Service(s) but are necessary for the Customer’s use and Grundfos’ delivery of the Digital Service(s) (the “Customer Facilities”). The Customer must ensure that the Customer Facilities comply with applicable law in force from time to time and any rules and regulations issued in pursuance thereof (such as climate requirements and requirements for electrical connection).
3.8. The Customer shall, without charge, upon Grundfos’ request give Grundfos access to the Customer Facilities to the extent necessary for Grundfos’ provision of the Digital Service(s) and shall also otherwise to the best of its ability assist Grundfos in the provision of the Digital Service(s).
3.9. If Grundfos gives the Customer notice that a certain information or a non-Grundfos application shall be removed, modified or disabled to avoid breach of the applicable law, third party rights and/ or to comply with Grundfos’ policies, the Customer shall immediately act accordantly. In case the Customer does not take required action, Grundfos may suspend the Digital Service(s) according to Clause 5 or disable the relevant affected content or non-Grundfos application.
4.1. To protect the confidentiality, integrity, and availability of Grundfos’ systems, networks, and the data stored, processed, and/or transmitted, Grundfos has adopted a layered strategy. The layered strategy has multiple layers of protection to prevent unauthorized access to, tampering and misuse of the Customer’s information and to protect against evolving threats. The technology layers include, among other things, firewalls, intrusion protection, access control, threat prevention, vulnerability and malware protection, audit logs, cognitive & deep learning-based security monitoring and handling of alerts.
4.2. Grundfos utilizes built-in security features provided by Grundfos’ sub-suppliers, including standard Microsoft Azure infrastructure - Trusted Computing concept or other similar concepts.
4.3. Grundfos’ sub-suppliers’ services have passed Grundfos’ internal security clearance process, which adheres to the newest international security standards.
4.4. The Customer shall take adequate security measures to prevent unauthorized physical or analogue access to the Digital Service(s) using measures which is not less rigorous than best practices in the industry.
5.2. In order to determine the extent to which the negative impact set out in Clause 5.1.1 is not attributable to the Customer’s/end-user’s, the Customer must, at Grundfos’ request, provide information on the Customer's/end-user’s usage pattern. On the basis of the information provided, Grundfos may demand that usage is reduced. If the Customer fails to comply with such request, Grundfos shall be entitled without incurring any liability to suspend the Customer's/end-user’s access to the Digital Service(s).
5.3. The Customer shall immediately upon Grundfos’ request to disconnect the Customer Facilities that are causing disruption in Grundfos’ network, Grundfos’ systems or in the Digital Service(s), or give rise to alleged or potential infringement in accordance with Clause 12, and thereafter keep such Customer Facilities disconnected according to Grundfos’ instructions.
5.4. Grundfos will use commercially reasonable efforts to provide the Customer a notice and – in case a suspension is caused by the Customer’s breach or threat thereof – an opportunity to remedy such breach or threat.
5.5. The scope and length of any suspension or request for disconnection will be to a minimum. At the Customer’s request, Grundfos will provide the Customer with the reason for the suspension or request as soon as is reasonably possible.
6.1. To access and use the Digital Service(s) the Customer must pay the agreed subscription fee at agreed charges and billing frequencies.
6.2. Except as otherwise agreed, all fees are in EUR.
6.3. Any amount payable by the Customer is exclusive of value added tax, sales tax or other excise duties chargeable. The Customer shall pay any of the aforementioned at the same time as payment is due for related products or services.
6.4. Following applicable law, The Customer shall (i) pay withholding taxes directly to the appropriate government entity as required by applicable law; (ii) upon request, provide a tax certificate to Grundfos evidencing that customer has paid withholding taxes; (iii) pay Grundfos only the net proceeds after customer has paid withholding taxes; and (iv) fully cooperate with Grundfos in seeking a waiver or reduction of withholding taxes and promptly complete and file all relevant documents.
6.5. If the Customer does not pay a subscription fee on the due date, Grundfos may, with no effect on any other right or remedy that Grundfos may have under applicable law, claim payment for reminders, collection charges and interest. Interest is fixed at 2 % per month (or the interest rate under applicable law, if higher). Interest will accrue daily from the due date until actual payment of the overdue amount. Grundfos may also (i) suspend all deliveries, incl. the Customer’s access to the Digital Services, until the Customer has paid or provided a guarantee for the payment as required by Grundfos; and/or (ii) suspend the provision of further deliveries until the Customer has paid the overdue amounts in full.
6.6. All sums payable to Grundfos becomes due immediately on termination of the agreement, despite any other provision. This Clause 6 is without prejudice to any right to claim for interest under applicable law.
7.1. Grundfos warrants that it performs the Digital Service(s) in a professional and skilful manner as agreed.
7.2. A Digital Service is defective only if it is not delivered as agreed due to faulty design or workmanship and subject to Clauses 7.3 - 7.9.
7.3. Except for breach of any agreed service level(s) in the conditions for performance of the specific Digital Service(s) (if any), all warranties, conditions and other terms implied by statute, common law or otherwise including but not limited to the accuracy, reliability, completeness, or timeliness of the access, use or content or about the results to be obtained from using the Digital Service(s) and the content are, to the fullest extent permitted by law, excluded from this Agreement.
7.4. Grundfos does not warrant; that the Digital Service(s) or servers are free of computer viruses or other harmful features; or that Grundfos will remedy all defects, which does not have a direct effect on compliance with the agreed service level(s), or prevent third party disruptions or authorized third party actions (in excess of what is stated in these General Terms and Conditions). To the extent it does not have a direct effect on compliance with the agreed service level(s), Grundfos does not warrant that there will be no deletion of or failure to store any Customer data and other communications maintained or transmitted through use of the Digital Service(s). Grundfos is only obligated to do backup and other restore functions if explicitly agreed as a service level for the specific Digital Service(s).
7.5. Information provided through the Digital Service(s) to the Customer is intended only to support the Customer. Thus, Grundfos has no direct or indirect liability for the Customer’s use, actions taken or inaction occurring in the reliance upon the information provided through the Digital Services.
7.6. Grundfos’ warranties or agreed service level (if any) do not apply in case of; the Customer’s breach of Clause 3.3; use of the Digital Service(s) for which they are not intended; modifications and alterations undertaken by the Customer or a third party (not acting on Grundfos’ behalf); failure to follow Grundfos’ instructions (whether oral or in writing) (see Clause 3.1) and/or good industry practice; accidental or wilful damage or misuse of the Digital Service(s) by the Customer or third party (not acting on Grundfos’ behalf); the Customer’s non-compliance with applicable law and regulation; suspension according to Clause 5; or if otherwise stated in the conditions for performance of the specific Digital Service(s).
7.7. Grundfos does not warrant merchantability, fitness for any particular purpose and non-infringement of proprietary or third-party rights.
7.9. The Customer must give notice of any defect or any other non-compliance with the Agreement immediately and no later than 30 (thirty) days after the Customer became or should have become aware of such non-compliance. If the Customer fails to comply with these requirements, the Customer shall forfeit its right to claim any non-compliance with the Agreement.
8. Maintenance and Changes
8.1. Grundfos will continuously develop the Digital Service(s), including the equipment necessary for the Customer to access the Digital Service(s) (if any). This may from time to time affect the functionality of the Digital Service(s) and/or changes to the Agreement.
8.2. Grundfos may amend or modify the Digital Service(s) and the agreed terms, provided that the Digital Service(s)’ performance or functionality does not deteriorate in more than negligible extent as a consequence of such amendment. Grundfos shall conduct such amendment or modification in a way that limits any disruptions. Substantial changes (such as downgrade from one Digital Service to another of lower value or reduction of agreed service level(s)) may only be implemented by Grundfos upon 2 (two) months’ written notice to the Customer. By Grundfos’ substantial changes of Digital Service(s) or the agreed terms, the Customer may – despite any agreed period of non-terminability (if any) – terminate the Agreement for convenience by giving notice no later than 30 (thirty) days before such substantial amendments to Digital Service(s) or the agreed terms are scheduled to be implemented. Under no circumstances is Grundfos under an obligation to maintain legacy systems.
8.3. Amendments or modifications to the Digital Service(s) or any equipment necessary for the Customer to access the Digital Service(s) may result in a need for the Customer's own equipment to be adjusted. The Customer shall bear the risk for any costs of adaption of its own equipment.
8.4. Grundfos may make any changes to the Digital Service(s) and any equipment necessary for the Customer to access the Digital Service(s) if use of the Digital Service(s) may result in damage or risk of damage (such as in case of security updates; the Customer's use in violation of Clause 3.1 or 3.3; or if Grundfos is so required in order to adhere to applicable law or statutes or court or governmental decisions). In such case, the Customer will be informed as soon as possible.
9. Grundfos’ Product Liability
9.1. Grundfos is liable for personal injury (including death or injury), damage to real and personal property, caused by defective Digital Service(s) to the extent set out in applicable mandatory law on product liability. Grundfos’ liability for damage to real and personal property (not being consumer property) caused by defective Digital Services is subject to the limitations in Clause 10, however, so that Grundfos’ total liability as described Clause 10.2 for damage to real and personal property is limited to a maximum amount of the higher of EUR 3 million (per claim and in the annual aggregate) and the amount set out in Clause 10.2. Customer assumes all product liability, which is not allocated to Grundfos in this Clause 9.1.
9.2. If a party is held liable for damages allocated to the other party in Clause 9.1, then the other party shall indemnify the first party for any amount paid inconsistently with the allocation in Clause 9.1.
10.1. To the extent permitted by applicable law, neither party is liable (in contract, tort (including negligence), breach of statutory duty or otherwise) for loss of production, loss of turnover, loss of profit, loss of business opportunity, loss of data, loss of savings, loss of goodwill, loss relating to unauthorised access to data or systems, loss as a result of business interruption, or any other indirect or consequential losses of any kind whatsoever arising under or in connection with this Agreement or a breach hereof.
10.2. Subject to Clause Fejl! Henvisningskilde ikke fundet., to the extent permitted by applicable law, Grundfos’ total liability (including in regard to payment of financial credits (if any) and third party claims) towards the Customer in respect of any and all losses arising under or in connection with this agreement and the cooperation hereunder, whether in contract, tort (including negligence), breach of statutory duty or otherwise, shall under no circumstances exceed an amount equal to 100 % of the annual fee (excl. VAT) paid and/or payable for the specific Digital Service on which the claim is based.
10.3. The annual fee referred to in Clause 10.2 is calculated as the actual fees paid and/or payable for the 12 months preceding the date of damage occurring, or, if the Digital Service(s) at the date of damage has been provided for a period of less than 12 months, then at 12 times the average monthly fee for the period under which the Digital Service was provided.
10.4. If the parties have agreed that non-compliance with an agreed service level is subject to Grundfos’ payment of financial credit, such financial credit is the sole and exclusive remedy for any non-performance of the agreed service level, however without prejudice to the right to terminate according to Clause 16.1. Any financial credit shall under no circumstances exceed the amount agreed in the conditions for performance of the specific Digital Service nor the amount paid by the Customer for the specific Digital Service in question in the month where the Grundfos incurs a financial credit as a result of the non-compliance of the agreed service level.
10.5. The limitations set out in this Clause 10 will not apply to the extent an act or failure to act of a party causes personal injury; a party intentionally causes the other party or non-party to suffer damage; or a party as a result of its reckless disregard of the consequences of an act or failure to act causes the other party or non-party to suffer damage.
10.6. If a claim is based on losses, which derives from more than one Digital Service and/or one or more Digital Service(s) in combination with a Grundfos company’s delivery of products and/or other services, then Grundfos’ total liability (if any) shall be allocated to the different deliveries based on each such delivery’s contribution to the claimed losses. Each allocated part of the total liability shall be determined according to the legal basis applicable between the parties for the said part of the total losses, including the agreed limitation of liability (if any).
11.1. The Customer agrees to defend, indemnify, and hold harmless Grundfos, its officers, directors, employees and agents, from and against any claims, actions or demands, including without limitation reasonable legal and accounting fees, alleging or resulting from the Customer’ breach of the Agreement, including but not limited to breach of Clause 5 and unlawful or infringing activities, including infringement of third party intellectual property rights, caused by the Customer’s actions, lack of action, content, material, designs or specifications.
12.1. Subject to Clause 4.1, Grundfos owns all rights in or arising out of the Digital Service(s) (including intellectual property rights),
12.2. A party does not have the right to use the other party’s trade names, trademarks, logos or other signs or identification symbols, unless the prior written consent of the other party has been obtained.
13. Third Party Rights
13.1. If (i) the Digital Service(s) infringes third party rights, including intellectual property rights, or if (ii) Grundfos reasonably believes (based on reasonable documentation) that the Digital Service(s) or parts thereof might infringe third party rights, then Grundfos may at its expense and discretion (a) substitute an allegedly infringing Digital Service with a non-infringing Digital Service(s) having at least equivalent functionality; (b) modify the allegedly infringing Digital Service(s) so that it no longer infringes third party rights but remains having at least equivalent functionality; (c) obtain license from the third party allowing the Customer and other third parties (to the extent relevant to comply with the Agreement) to continue using and/or sub-license (as applicable) such allegedly infringing Digital Service(s) or parts thereof of; or (d) terminate the agreement on the delivery of the specific Digital Service(s) in question with immediate notice and repay to the Customer any payments paid in advance. In such case, the Customer will be informed as soon as possible.
14.1. Any license acquired by Grundfos from a third party as part of the delivery of the Digital Service(s) will remain Grundfos’ or the sub-contractor's property. If the Digital Service(s) is installed on the Customer Facilities, the Customer shall uninstall the Digital Service(s) after termination of the agreement, the Service Specific Terms or the expiry of Grundfos licenses, whichever is the earlier.
14.2. If, as part of the Digital Service(s) and at the Customer's request, Grundfos installs third party software for the Customer's use, the Customer guarantees that it has the necessary rights in such software.
15.1. A party (receiving party) shall keep in strict confidence all technical or commercial know-how, specifications, prices, inventions, processes, initiatives and other information concerning the disclosing party’s business, its products, services and Digital Services, which are of a confidential nature (confidential information) and has been disclosed to the receiving party by the other party (disclosing party), its employees, agents or subcontractors (representatives). The receiving party shall not use confidential information of the disclosing party for purposes other than the performance of its obligations under the agreement, including (except as permitted by applicable law) not to reverse engineer the Digital Service(s) or any products delivered in connection with the Digital Service(s). The receiving party may only disclose confidential information to those of its representatives who need to know to discharge the receiving party's obligations and rights under the agreement and shall ensure that such representatives comply with the obligations set out in this Clause 15 as though they were a party to these terms.
15.3. The obligations under this Clause 15 apply from the execution of the Agreement and – subject to applicable law – for a period of 5 years after the Agreement expires or is terminated by one of the parties.
16. Force Majeure
16.1. Neither party will be in breach of the Agreement nor liable for delay in performing, or failure to perform, any of its obligations under the Agreement if such delay or failure results from a hindrance beyond its reasonable control (“Force Majeure”). In the event of a Force Majeure, the parties agree to suspend the affected party's obligations until the Force Majeure situation ceases to exist.
16.2. Either party may terminate the Agreement with immediate effect upon notice to the other party if the period of Force Majeure continues for a period of 3 consecutive months. In case of termination due to such circumstances neither party shall be liable to the other for such termination. However, such termination will not affect any pre-existing liabilities or claims or any other provisions of the Agreement.
17.1. The purchase of Digital Service(s) cannot be cancelled.
17.2. Either party may, without prejudice to its other rights and remedies, terminate the Agreement in whole or part for cause with immediate effect by written notice to the other party in case of (i) material breach of the Agreement or material breach of one or more conditions for performance of the specific Digital Service(s), provided either such breach is incapable of remedy or the defaulting party to the Agreement and/or conditions for performance of the specific Digital Service(s) has failed to remedy within 14 (fourteen) days after receiving notice from the other party requiring it to do so. Material breach includes among others use of the Digital Service(s) in breach of with Clause 3; delayed payment; the Customer’s use of intellectual property rights in breach of Clause 12.
17.3. As from the last day of the notice period, Grundfos may – but is not obligated to – retain and use the Customer’s and end-user’s data for a reasonable period of time to facilitate onboarding and quality of usability of the Digital Service(s), should the Customer choose to re-subscribe to the Digital Service(s). Grundfos may decide at any time after the termination/expiry of the Agreement to delete the Customer’s and end-user’s data and will do so if obligated by applicable law. Upon termination, the Customer may ask Grundfos to provide the Customer a copy of data collected through the Customer’s use of the Digital Service(s). Grundfos shall strive to provide such copy but is not obligated to do so. If Grundfos provides the Customer with such copy, Grundfos may make such provision conditional upon e.g. further confidentiality obligations, payment of man-hours spent on gathering the data in question, etc.
17.4. Termination of the Agreement (regardless of the cause) will not affect those provisions of the Agreement which, by nature or necessity, operate after any expiration.
18. Use of Sub-Contractors
18.1. Grundfos may use sub-contracts for the performance of the Digital Service(s) under the Agreement. Grundfos shall ensure that all persons involved in the Digital Service(s) are informed of and comply with the Agreement.
19.1. The Agreement may not be transferred or assigned in whole or in part by operation of law or otherwise by the Customer, without the prior written consent from Grundfos. Without prior notice, Grundfos may assign rights and obligations under the Agreement to any company within the Grundfos group.
20. Export Control and Sanctioned Parties
20.1. Any delivery covered by the Agreement may be subject to export control and trade sanction rules, including such rules of among others the European Union, United Nations and the United States of America.
20.2. It is a condition for Grundfos’ delivery of Digital Service(s) to the Customer that the Customer complies with all applicable export control and trade sanction rules and has relevant compliance procedures and controls. The Customer shall ensure that the Digital Service (s) are used only in accordance with the export control and trade sanctions rules, and that neither the Customer nor any end-user accessing the Digital Service(s) is sanctioned.
20.3. If, due to export control and trade sanction rules, Grundfos considers that it is or will be prohibited, hindered, restricted or significantly adversely affected in complying with its obligations under the Agreement, Grundfos may cancel or postpone the delivery of the Digital Service(s). In such cases, Grundfos will not be liable for any direct or indirect claim or loss.
20.4. To enable authorities or Grundfos to conduct checks on the Customer’s compliance with the export control and trade sanction rules, or in support of Grundfos' applications to the appropriate authorities in connection with the export and/or sale of the Supplies under the Agreement, the Customer shall – upon reasonable request – promptly provide to Grundfos all information on end-users, the parties involved in the delivery, the destination(-s) and the intended use of the Digital Service(s).
21. Law and Venue
21.1. The Agreement, and any dispute or claim arising out of or in connection with it or its formation (including non-contractual disputes or claims) is governed by and constructed in accordance with the laws of Denmark, without reference to the conflict of laws or principles thereof, which may cause the application of the laws of another country. The United Nations Convention on Contracts for the International Sale of Goods (CISG) shall not apply.
21.2. The Danish Maritime and Commercial High Court has exclusive jurisdiction to settle any dispute or claim (including non-contractual) that arises out of, or in connection with, the Agreement or its subject matter or formation (including non-contractual disputes or claims). If the Danish Maritime and Commercial High Court rules that the dispute is not within its scope of jurisdiction, then the exclusive jurisdiction is the Danish District Court in Lyngby.
C. DATA PROCESSING AGREEMENT
This Data Processing Agreement (the “DPA”) is entered into by and between Customer (Data Controller) and Grundfos (Data Processor).
Whereas The Data Controller and the Data Processor have engaged in a cooperation where the Data Processor delivers certain services to the Data Controller (the “Cooperation Relationship”);
Whereas The Data Processor in connection with the Cooperation Relationship processes personal data (the “Personal Data”) on behalf of the Data Controller; and
Whereas The Parties wish to ensure the parties’ compliance with Article 28, sub-section 3 of the General Data Protection Regulation 2016/679 (the “GDPR”), which sets out specific requirements for the content of data processing agreements;
Now therefore the Parties have agreed to the following:
1.1 This DPA supersedes and replaces all prior agreements, oral and written, regarding the subject matter of the DPA, including any prior data processing addenda entered by the Parties.
1.2 In case of discrepancies between the DPA and any other agreement between the Parties, the Terms of the DPA shall prevail.
1.3 The Parties acknowledge and agrees that the provisions of the DPA shall also apply for the processing of Personal Data carried out by the Data Processor on behalf of any associated company within the Data Controller’s group of companies which is authorized to use the Data Processor’s services as part of the Cooperation Relationship.
1.4 This DPA, including Appendix A, constitutes the Data Controller’s instructions to the Data Processor.
2. THE DATA PROCESSOR’S OBLIGATIONS AND SECURITY OF PROCESSING
2.1 The Data Processor shall process Personal Data on behalf of the Data Controller in accordance with applicable data protection law and only on the direct documented instructions from the Data Controller for the purpose of providing the services under the Cooperation Relationship, including with regard to transfers of Personal Data to a third country or an international organization.
2.2 The Data Processor may not process or use the Data Controller's Personal Data for any other purpose or without instructions from the Data Controller, unless the Data Processor is required to do so by Union or Member State law to which the Data Processor is subject. In that case, the Data Processor shall inform the Data Controller of that legal requirement before processing the Personal Data, unless that law prohibits such information on important grounds of public interest.
2.3 The Data Processor shall take all measures required pursuant to Article 32 of the GDPR and shall assist the Data Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of GDPR, taking into account the nature of processing and the information available to the Data Processor.
2.4 The Data Processor shall notify the Data Controller without undue delay after becoming aware of any security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed by the Data Processor under the Cooperation Agreement (a “Security Breach”). The notification shall include: a) the nature of the Security Breach; b) the recommended measures to minimize the negative effects of the Security Breach; c) the identified and probable consequences of the Security Breach; and d) actions taken by the Data Processor to mitigate the effects of the Security Breach.
2.5 The Data Processor undertakes not to not publish any filing, communication, notice, press release, or report concerning the data breach, and not to communicate directly with data subjects or supervisory authorities about the data breach, without the Data Controller’s prior written consent.
2.6 The Data Processor shall, taking into account the nature of the processing, assist the Data Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Data Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR. The Data Processor shall act on such requests by the Data controller without undue delay. Any requests received by the Data Processor directly from a data subject shall be forwarded to the Data Controller without undue delay. The Data Processor shall not answer such requests directly to data subjects without prior instructions from the Data Controller.
2.7 The Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA and applicable data protection legislation and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.
3.1 The Data Controller hereby gives the Data Processor a general authorization to enter into agreements with sub-processors for the fulfilment of the Data Processor’s obligations in the Cooperation Relationship. The Data Processor shall meet the requirements and obligations specified in Article 28, subsection 2 and 4 of the GDPR.
3.2 The sub-processors listed in Appendix A are approved at the time of this DPA. Approval of Sub-processors processing Personal Data outside of the EU/EEA is subject to clause 4 below.
3.3 Where a Data Processor engages a sub-processor for carrying out specific processing activities on behalf of the controller, the Data Processor shall enter an agreement with the sub-processor that ensures a level of data protection at least similar to what is set out in this DPA.
3.4 The Data Processor shall remain fully liable for the sub-processor’s failure to comply with applicable data protection legislation or the obligations set out in this DPA.
3.5 The Data Processor shall inform the Data Controller, in writing, of any intended changes concerning the addition or replacement of sub-processors at least 30 days prior to the sub-processor starts processing of the Data Controller’s Personal Data.
4.1 Without the Data Controller's prior written consent, the Data Processor may not transfer or permit the transfer of Personal Data to any territory which is (i) outside the EEA and (ii) not recognised by the European Commission as providing an adequate level of data protection. Where the Data Controller has permitted such a transfer, the Data Processor must ensure that there is a legal basis for the transfer of said data, e.g. the European Commission’s Standard Contractual Clauses.
5.1 The term of this DPA is identical with the term of the Parties’ Cooperation Relationship. Termination rights and requirements of this DPA shall be interdependent with the Cooperation Relationship, however, the Data Processor remains subject to the obligations stipulated in this DPA, as long as the Data Processor processes Persona Data on behalf of the Data Controller, i.e. until the Personal Data has been returned to the Data Controller, deleted or destroyed, as described in clause 5.2.
5.2 In case of termination of the DPA, irrespective of the legal basis thereof, the Data Processor must provide the necessary termination services and, as part thereof, comply with the Data Controller’s instructions, including but not limited to, instructions to return the data to the Data Controller or to delete or destroy the data (and any copies thereof), unless Union or Member State law requires storage of the Personal Data.
6.1 The Data Processor shall keep Personal Data confidential and ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation to confidentiality.
7. GOVERNING LAW AND JURISDICTION
7.1 This DPA is governed by the same law and jurisdiction as applicable for the Cooperation Relationship.
Appendix A to the Data Processing Agreement
This Appendix is an integral part of the DPA and together they constitute the Data Controller’s instructions to the Data Processor.
1.1 Nature and purpose of the processing carried out by the Data Processor.
The Data Processor is providing a platform for collecting and processing data using statistical analysis and artificial intelligence to establish trends allowing for better business decision making as part of the services. As part of the service provided, the Data Processor will be collecting and storing personal data on behalf of the Data Controller.
1.2 Categories of Data Subjects:
- Household consumers (water utility customers)
1.3 Types of personal data:
- Email address
Water Utility customers:
- Household water consumption volume ([m³/h] or [m³/year])
- Household addresses
1.4 Types of sensitive personal data, c.f. GPDR article 9:
1.5 Sub Data Processors approved by the Data Controller:
Sub Data Processor
Amazon AWS/EC2, Microsoft Azure, or Google Cloud Storage
BF Software, Lda.
Private limited liability company by quotas (sociedade por quotas)
Sole registration and taxpayer number 51 33 58 14 5
Rua Borges Carneiro 34-RC
Delivery of digital evaluation of data
Purpose of processing: Hosting
Legal basis for transfer: N/A
Last updated 01 December 2022