Allmänna villkor

Terms and Conditions for Kepler Cloud Services

Effective as of: 01.09.2023

1. Scope

1.1. These Terms of Service govern the use of Services provided by Kepler Cloud, a Swedish limited liability company with company registration 556936-1263 having its registered address at Brogatan 9, 252 66 Helsingborg Sweden.

(“Kepler Cloud”, “we”).

1.2. The Service is intended for purchase and use by entities, organisations, consumers and private persons for their personal or for professional business purposes.

2. Definitions When used in these Terms of Service, the definitions below have the following meaning:

“Affiliate” means any entity that either directly or indirectly (a) controls, or (b) is controlled by, or (c) is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Control Panel” means the control panel through which you can manage your subscription and the features of the Service, available at: https://base.keplercloud.se/ “Customer” and “you” means the person or entity that subscribes to the Service.

“Customer Data” means all data and content that you or a User or another party acting on your behalf generates in or submits or uploads to the Service.

“Credits” mean service credits that you use to pay for the Services.

“End-Customer” means a client of the Customer to whom the Customer provides its own offerings by utilising Kepler Cloud’s Service.

“Governmental Authority” means any national, supranational, governmental, municipal or administrative authority or regulatory body (including courts, police force, intelligence agencies), whether foreign or domestic, who have authority and jurisdiction over a Party or its Affiliates. “Party” and “Parties” means the Customer and Kepler Cloud either singly or jointly, as the context requires.

“Service(s)” means all offerings, software and content provided by Kepler Cloud, including Kepler Cloud’s cloud infrastructure offerings (like cloud servers, managed databases, storage, networking), support offerings, the Control Panel, and Kepler Cloud web portal.

“Service Descriptions” means the documents that describe the Service in detail, available at: https://keplercloud.se/resources/docs “Order” means an order submitted by the Customer to Kepler Cloud specifying the Service that the Customer orders. Orders can be submitted by the Customer or Users manually via the Control Panel or by contacting Kepler Cloud’s customer support, or automatically through the Application Programming Interfaces (APIs) of the Service or by other automated means to manage the Service. “User” means any person or entity whose access to the Service is attributable to the Customer, including the Customer and its Affiliates (and their employees, consultants, contractors and agents) and possible End-Customers. “Third-Party Products” means any service, product, software, platform or other component (like an operating system, application, firewall) that is offered, provided, licensed, developed or owned by the Customer or a third-party entity and interoperates with the Service.

3. Agreement Documents

3.1. These Terms of Service consists of: (1) this main body of Terms of Service and the following supplements: (2) Data Processing Agreement (“DPA”), (3) Service Level Agreement (“SLA”), (4) Acceptable Use Policy (“AUP”) and (5) the Service Descriptions – (1–5 together “Terms”). All contract documents are available on Kepler Cloud’s web portal www.keplercloud.se

3.2. In case of a conflict or ambiguity between the contract documents, the order of precedence shall be: (1.) DPA, (2.) the main body of Terms of Service, (3.) SLA, (4.) AUP, (5.) Service Descriptions.

3.3. You accept these Terms, and enter into an contract with Kepler Cloud (“Agreement”) by: (1) registering to use the Service through Kepler Cloud’s web portal, (2) executing a contract or an order form with Kepler Cloud that references these Terms, or (3) using the Service.

4. Service Account

4.1. To use the Service you have to register and create a service account (“Account”). You can create multiple sub-accounts under the Account. When registering to the Service, and at any time during the term of the Agreement, you must provide true, accurate and complete information as required by Kepler Cloud, and keep your information up-to-date. If you provide inaccurate, incomplete or fraudulent information, we have the right to suspend and/or terminate your access to and use of the Service in accordance with Section 13.

4.2. After you have created the Account, you and the Users can submit Orders. You will be responsible for all Orders made under your Account, whether by you, the Users, or your systems automatically. You will be responsible for the payment of all service fees based on the Orders made under your Account. Orders will be valid only after being accepted by Kepler Cloud. Kepler Cloud will be deemed to have accepted the Order if Kepler Cloud supplies the ordered Service. We reserve the right to limit or restrict your ability to place Orders.

4.3. You will be liable for all activities conducted in the Service under your Account, including any actions taken by the Users. You must comply, and you must ensure that the Users comply, with the AUP and all user instructions relating to the Service. You will be responsible for any violations of the AUP or the user instructions by the Users.

4.4. You must safeguard, and ensure that any Users safeguard, the usernames and passwords of your Account. You must promptly inform us if you suspect that an unauthorised third-party entity is using, or may have an access to, the Service or your Account. We reserve the right to temporarily suspend your Account if we have reasonable grounds to believe that the Account has been compromised and is used by an unauthorised third-party entity.

5. Right to Use the Service

5.1. Subject to due subscription to the Service and compliance with these Terms, we grant you a non-exclusive, non-transferable, revocable and limited right to access and use the Service, and to grant Users access rights to the Service, during the term of the Agreement. 5.2. You are allowed to utilise the Service in the provision of your own offerings to your EndCustomers. However, you remain fully liable to us for any actions your End-Customers take in, and for the content they upload to, the Service. Under no circumstances will Kepler Cloud have any liability to your End-Customers

6. Provision of the Service, Service Levels, Warranties

6.1. We will perform the Service in accordance with these Terms with commercially reasonable care and skill and in all material respects as described in the Service Descriptions.

6.2. If you consider that the Service provided to you was not performed as described in the relevant Service Description, you must promptly provide us with a written notice that describes the deficiency in the Service.

6.3. We will strive to correct possible deficiencies in the Service, but if such correction is not commercially reasonable for Kepler Cloud and the deficiency has a material effect on your use of the Service, you have the right to terminate the deficient Service.

6.4. You are entitled to compensation for unscheduled interruptions in the provision of the Service in accordance with the SLA. The SLA-compensations will be paid in the form of service credits and may not be exchanged for cash or other forms of payment.

6.5. In all other respects the Service is provided on “as-is” and “as-available” basis, and Kepler Cloud will not give the Customer any warranty or guarantee, express or implied, for the Service, its merchantability, fitness for any particular purpose, performance, or non-infringement. The Service is not designed to be error-free or uninterrupted and therefore it is neither intended nor fit for purposes that require fail-safe performance. The remedies set forth in this Section 6 will be your sole and exclusive remedies for any defects, deficiencies or interruptions in the Service.

7. Support We will provide technical support for your dedicated administrative Users, as described in the Support Service Description, which includes the Support Team’s contact details and service hours.

8. Third-Party Products

8.1. If you use Third-Party Products in connection with the Service, you must comply with the contract and license terms of the Third-Party Products. We are responsible only for the provision of the Service. Any Third-Party Products are provided by the relevant third parties and covered by their terms of service or licence contracts. We do not assume any liability with regard to ThirdParty Products or their use, whether or not they are linked to the Service.

8.2. Certain Third-Party Products, like Microsoft Windows Server operating systems, cannot be used in the Service unless licensed from Kepler Cloud. We will provide additional information regarding such Third-Party Products upon request.

9. Changes to the Service

9.1. Kepler Cloud is entitled to develop its offerings and business offerings. Kepler Cloud may, without notice and at Kepler Cloud’s sole discretion, implement changes and updates to the Service and to the Service Descriptions, provided that the changes do not have a material adverse effect on the functionalities of the Service. 9.2. If we consider implementing a change in the Service that will have a material adverse effect in your use of the Service, we will notify you at least 30 (thirty) days before the change will be affected and reserve your possibility to terminate the Agreement.

10. Prices

10.1. The rates applicable to the Service are available on Kepler Cloud’s web portal at

https://keplercloud.se/pricing and shown in the Control Panel when ordering the Service. The actual service fee will be determined based on your use of the Service. Unless otherwise agreed, we will charge the Service on an hourly basis, meaning you will pay a service fee in advance for each 60-minute period that you use the Service.

10.2. Applicable value added tax (VAT) and other applicable duties and taxes will be added to the prices, unless the prices are specified “VAT inclusive”.

10.3. Kepler Cloud has the right to increase the prices at any time by providing at least 30 (thirty) days’ advance notice to the Customer.

11. Payment Terms and Service Credits

11.1. Unless otherwise agreed in writing, we will charge the Service by debiting prepaid Credits from your Account. The Credits are non-refundable and non-transferable unless otherwise decided by Kepler Cloud at its sole discretion. Through your Account, you can download invoices for the Credits you have purchased.

11.2. To utilize the Service, maintaining a positive Credit balance in your Account is essential. You are responsible for ensuring an adequate amount of Credits in your Account at all times to cover the service fees for your subscribed Service. Should your Credit balance deplete to zero or become negative, Kepler Cloud reserves the right to suspend your Service access. In the event of a negative or zero balance, if you fail to replenish Credits within a reasonable timeframe set by Kepler Cloud (minimum of fourteen (14) days), the Agreement will be deemed terminated. Your Account will be closed, and all Customer Data will be deleted. Notably, you are still liable for applicable service fees (such as storage and IP address fees) during any suspension period until the Agreement’s termination.

For customers with an Invoice arrangement and approved credit, the aforementioned conditions apply directly.

Payment delays will result in:

• 7 days past due: Invoice Warning issued.
• 14 days past due: Automatic Service termination without notice.
• 30 days past due: Permanent deletion of services and data. Restoration after 14 days is subject to a $350 USD fee per instant, server and service.

12. Free Trials

12.1. We may from time to time offer trials of the Service for a specified period without payment obligation by offering you free-of-charge Credits or by way of a money-back guarantee (“Free Trial”). The features of the Service may be limited during the Free Trial. We reserve the right, in our sole discretion, to determine the Customer’s eligibility for a Free Trial, and, subject to applicable laws, to withdraw or modify a Free Trial at any time without prior notice and with no liability, to the greatest extent permitted under the law. 12.2. We may require you to provide payment details to start the Free Trial. After the expiry of the Free Trial, we have the right to start charging for the Service the applicable service fees in accordance with Section 11 and according to the currently valid public price list.

12.3. If you do not wish to continue using the Service subject to the applicable service fees, you must terminate the subscription to the Service through your Account’s subscription page before the expiry of the Free Trial.

13. Suspensions You must at all times comply with these Terms and your local laws and regulations when using the Service. If we have reasonable grounds to believe that you or any of the Users have violated any provision of these Terms, we have the right to temporarily suspend your use of or deny your access to the Service. If we determine the violation to be material or if the violations are recurring, we have the right to terminate the Agreement with immediate effect. You are obliged to provide us reasonable assistance with regard to possible investigations on suspected breaches of the Agreement. Kepler Cloud shall have no liability to the Customer or any third-party entity for any suspension or termination pursuant to this Section.

14. Use Restrictions

14.1. You are not permitted and not entitled to permit the Users or any other parties to use the Service for any illegal, harmful, fraudulent, infringing or offensive purposes or to transmit, distribute, store or display any information or content that is illegal, harmful, fraudulent, infringing or offensive, as determined by Kepler Cloud in its sole discretion. The list below contains examples of prohibited actions and content (the list is not exhaustive):

(i) copy, redistribute, reproduce, record, transfer, perform or display to the public,

broadcast, or make available to the public any part of the Service, or otherwise make any use of the Service which is not expressly permitted under the Agreement or applicable law or which infringes the intellectual property rights (like copyright) in the Service or any part of it or any other intellectual property rights of third parties;

(ii) use the Service in any manner that could damage, disable, overburden or impair the Service; (iii) use any data mining, robots, scraping, or similar data gathering or extraction methods; (iv) create an Account on behalf of someone else without their authorisation;

(v) use, sell, rent, transfer, license or otherwise provide anybody with the Service, except as provided herein;

(vi) interfere with other Customers’ use and enjoyment of the Service;

(vii) circumvent or try to circumvent any usage control, anti-copy functionalities, geographical restrictions or other similar limitations of the Service;

(viii) reverse engineer or decompile the Service or access the source code thereof, except as permitted by law;

(ix) use the Service for transmitting any unauthorised advertising, promotional materials, junk mail, spam, chain letters, contests, pyramid schemes, or any other form of solicitation or mass messaging;

(x) use the Service in violation of the laws applicable to you;

(xi) use the Service in ways that violate intellectual property rights, business secrets or privacy of third parties; (xii) use the Service to transmit any material that contains adware, malware, spyware, software viruses, worms or any other computer code designed to interrupt, destroy, or limit the functionality of computer software or equipment.

14.2. If you wish to use the Service for sending bulk e-mail or other mass communications, you must seek Kepler Cloud’s prior approval for such activities. Kepler Cloud has the right to approve or reject your request at its sole discretion.

15. Indemnifications

15.1. Kepler Cloud will at its own expense defend the Customer against any claim brought against the Customer alleging that the Service infringes the intellectual property rights of a third-party entity, and will pay any damages finally settled or awarded by a competent court of law in a trial to the third party with respect to such claim, provided that the Customer:

(i) immediately notifies Kepler Cloud in writing about the claim, and in any case no later than within 30 (thirty) days after receiving the claim;

(ii) gives Kepler Cloud the sole control of the defense and all related settlement negotiations in relation to the claim; and

(iii) provides Kepler Cloud with reasonable assistance and all information necessary in the defense of the claim, as well as necessary authorisations by the Customer to allow Kepler Cloud to defend or settle the claim on behalf of the Customer.

15.2. At any time, if Kepler Cloud reasonably deems that any part of the Service infringes the intellectual property rights of a third-party entity, Kepler Cloud has the right, at its own expense and sole discretion, to:

(i) modify the Service or any part of it to eliminate the infringement in such a manner that the modified Service complies with the Agreement; or

(ii) procure to the Customer the needed license to allow for continued use of the Service.

If neither of the aforementioned alternatives are reasonably possible, Kepler Cloud has the right to terminate the Agreement and Kepler Cloud will refund the service fees paid for the Service by the Customer less the proportion of the service fees corresponding to the time the Customer has been able to use the Service in accordance with the Agreement.

15.3. Kepler Cloud shall not, however, be liable for any infringement of third-party intellectual property rights or claim thereof if the claim:

(i) is made by an Affiliate of the Customer;

(ii) results from a modification of or an addition to the Service done by the Customer, a User, or any third-party at the Customer’s request;

(iii) results from the use of the Service in combination with any product or service not provided or approved by Kepler Cloud;

(iv) could have been avoided by using the latest available version of the Service provided by Kepler Cloud; or

(v) is not related to the Service, or is related to a part of the Service for which Kepler Cloud is not responsible for pursuant to the Agreement.

15.4. If the third-party claimant is adjudged liable or agrees in a settlement to pay a

compensation to the Customer, then the Customer shall remit such compensation to Kepler Cloud immediately after receiving it from the third-party claimant. 15.5. The Clauses 15.1–15.4 above contain Kepler Cloud’s entire liability and the Customer’s sole and exclusive remedy in case the Service infringes on third-party intellectual property rights.

15.6. The Customer shall, at its own expense, defend Kepler Cloud against any third-party claims brought against Kepler Cloud as a result of any breach of the Agreement by the Customer and/or User, and indemnify Kepler Cloud against: (i) any damages awarded by a court of law to the third-party claimant; (ii) any liabilities imposed on Kepler Cloud as a result of the claim; (iii) any settlement costs and fees approved by the Customer and paid by Kepler Cloud to the third-party claimant; and (iv) any costs and expenses (including reasonable attorneys’ fees) suffered or incurred by Kepler Cloud as a result of the claim.

16. Customer Data

16.1. As between Kepler Cloud and the Customer, the Customer retains all title and intellectual property rights in and to the Customer Data. You grant Kepler Cloud the right to host, use, process, display and transmit Customer Data to provide the Service in accordance with the Agreement. You have sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of Customer Data, and for obtaining necessary rights and consents related to Customer Data to allow Kepler Cloud to perform the Service. If you do not have necessary rights or consents related to the Customer Data, you are not allowed to upload or store such Customer Data in the Service. Upon termination of the Agreement or your Account, Kepler Cloud will deactivate the Account and, within reasonable time, delete all Customer Data thereunder.

16.2. If the Customer Data contains personal data, the provisions of the DPA shall govern the processing of that personal data by Kepler Cloud. With the exception of obligations relating to the personal data set forth in the DPA, we do not assume any liability with respect to the Customer Data, nor do we endorse any opinion contained in the Customer Data.

16.3. You must ensure that the Customer Data does not infringe any third-party intellectual property rights or violate any applicable laws or regulations. You shall not upload any illegal, infringing, offensive, threatening, libellous, defamatory, or otherwise inappropriate data or content to the Service.

16.4. You are responsible for making necessary and appropriate backup copies of the Customer Data stored in the Service. Such backup copies must be stored outside the Service.

17. Confidentiality

17.1. The Parties may exchange Confidential Information during the performance of the Agreement. “Confidential Information” means any non-public information which is marked as confidential or which should be understood as confidential, irrespective of its form of storage or disclosure, including in particular Customer Data. Any information of or relating to a Party or that Party’s Affiliates, personnel, suppliers, contractors, customers or end-users, which information is obtained or detected by the other Party or processed or generated in the course of providing or receiving the Service shall be deemed Confidential Information of that Party.

17.2. All Confidential Information shall remain the property of the disclosing Party, and the the receiving Party shall keep it confidential and refrain from using it otherwise than for the purposes of the Agreement. The Parties shall limit access to the Confidential Information within their organisations to only those Affiliates, employees, directors, officers, agents, and advisors (including attorneys, accountants, and consultants) (collectively, “Associates”) who need to access the Confidential Information for the purposes of the Agreement. The receiving Party shall ensure that its Associates are bound by confidentiality obligations at least as protective as those set forth herein before disclosing any Confidential Information.

17.3. The confidentiality obligations herein shall not apply to Confidential Information which:

(i) is or becomes known publicly through no wrongful act or omission of the receiving Party;

(ii) was known to the receiving Party prior to the disclosure hereunder, and has not been obtained directly or indirectly from the disclosing Party;

(iii) is lawfully disclosed to the receiving Party in good faith by a third-party entity having rights therein without restriction on disclosure;

(iv) has been approved for release by the disclosing Party; or

(v) has been independently developed by the receiving Party without the use of and prior to receiving the Confidential Information from the disclosing Party.

17.4. Notwithstanding the above, the receiving Party may disclose Confidential Information to third parties where compelled to do so by law or an order of Governmental Authority. Unless prohibited by law or an order of Governmental Authority, the receiving Party shall take reasonable steps to notify the disclosing Party of such disclosure request or order.

17.5. Each Party shall promptly upon termination of the Agreement cease using Confidential Information of the other Party and use reasonable means to destroy such Confidential Information. Each Party shall, however, be entitled to retain the copies of Confidential Information which: (i) the Party is required to retain by applicable laws; and (ii) are generated pursuant to the receiving Party’s electronic backup system if destroying such copies would be unreasonable taking into account the costs and effort required to do so.

18. Intellectual Property Rights All title and intellectual property rights pertaining to and in the Service (including all modifications, extensions, customisations, scripts or other derivative works of the Service provided or developed by Kepler Cloud) are exclusive property of Kepler Cloud or its licensors. Any rights in the Service or Kepler Cloud’s intellectual property not expressly granted herein by Kepler Cloud are reserved by Kepler Cloud. The Customer grants Kepler Cloud a royalty free, worldwide, perpetual, irrevocable, transferable right to use, modify, distribute and incorporate into the Service (without attribution of any kind) any suggestions, enhancement request, recommendations, proposals, correction or other feedback or information provided by the Customer or any User relating to the operation or functionality of the Service.

19. Limited Liability

19.1. Neither Party shall be liable for any indirect or consequential damages, like loss of profit, loss of sales or business, loss of anticipated savings, loss of use or corruption of software, data or information, or loss of goodwill.

19.2. Kepler Cloud’s maximum liability under or in connection with the Agreement shall be limited to an amount equal to the aggregate service fees paid by the Customer to Kepler Cloud during the last six (6) months immediately preceding the occurrence of the event giving rise to the liability (“Liability Cap”). Notwithstanding the above, Kepler Cloud’s maximum liability for damage caused by a breach of the DPA shall be limited to two (2) times the Liability Cap.

19.3. The above limitations of liability shall not apply to damage caused intentionally or by gross negligence, or to liability which, under the applicable law, cannot be excluded.

19.4. In order to be valid and enforceable, the Customer must present any claims for damages within six (6) months after the occurrence of the event giving rise to the claim.

20. Force Majeure

20.1. Force Majeure is an event that prevents, or makes unduly difficult, the performance of the Service or the fulfillment of the provisions of the Agreement, like war, rebellion, natural catastrophe, general interruption in energy distribution or telecommunications, fire, strike, embargoes or sanctions, or another equally significant and unforeseen event independent of a Party. Each Party shall be entitled to suspend its duties without liability thereof in case of Force Majeure affecting the Party either directly or indirectly through its subcontractor.

20.2. If a Party is prevented from fulfilling its duties due to Force Majeure for more than 60 (sixty) days, the other Party has the right to terminate the Agreement with immediate effect.

21. Export Control and Sanctions

21.1. The Service may be subject to export control and sanctions laws and regulations of the European Union (EU), United States (US) and any other relevant jurisdictions (“Sanctions Regulations”), and the Parties agree to comply with such Sanctions Regulations.

21.2. You represent and warrant that you (or any of your owners, directors or officers) or the Users are not designated under or targeted by any Sanctions Regulations, and that you are not acting on behalf of any such individual or person.

21.3. You are not allowed to use, distribute, transfer or transmit the Service or related technical information (even if incorporated into other offerings or products) in violation of the Sanction Regulations, and in particular you will not permit any User to access or use the Service in a country or region subject to Sanction Regulations (like Cuba, Iran, North Korea, Syria or the Crimea Region).

22. References

22.1. Subject to the Customer’s prior written approval, the Customer grants Kepler Cloud a right to use the Customer’s business name and logo as a public reference on Kepler Cloud’s web portal and in sales and marketing materials.

22.2. Kepler Cloud may ask the Customer to participate in a case study about the Customer’s use of the Service. Kepler Cloud is not allowed to publish the case study without the Customer’s prior approval. Provided that the Customer approves the case study, Kepler Cloud shall have a royalty-free, perpetual, worldwide right and license to reproduce, publish, distribute, and translate the case study, whether in written or recorded form. The case study may be used on Kepler Cloud’s web portal, Kepler Cloud’s social media channels (like YouTube, and LinkedIn), and other sales and marketing presentations and materials.

23. Termination for Convenience Unless the Parties agree on a separate fixed-term committed contract referencing these Terms, you have the right to terminate the Agreement for any reason by issuing at least five (5) days written notice to us, and we have the right to terminate the Agreement for any reason by issuing at least 30 (thirty) days written notice to you.

24. Termination for Cause Either Party may terminate the Agreement with immediate effect if the other Party:(i) has materially breached the Agreement and has not remedied the breach within 10 (ten) business days from the receipt of a written notice thereof from the other Party; or (ii) files for bankruptcy or debt rescheduling program, is put into liquidation, or is made subject to any other similar procedures, ceases its payments, or fails to pay its invoices when due.

25. Entire Agreement and Amendments

25.1. The Agreement (including all webpages and documents referred to or linked herein) constitutes the entire contract and supersedes all previous commitments between the Parties in respect of the provision of the Service.

25.2. All amendments to the Agreement must be made in writing. We have the right to modify these Terms by posting a revised version of the Terms on Kepler Cloud’s web portal. If we consider the revision to be material, we will notify you in writing at least 30 (thirty) days before the revision will be effected and reserve you a possibility to terminate the Agreement. If you continue using the Service, you will be deemed to have accepted the revised Terms.

26. Non-Waiver A failure by either Party to enforce any provision of the Agreement will not be deemed to constitute a present or future waiver of such provision. All waivers must be made in writing.

27. Assignment and Third-Party Beneficiaries

27.1. Neither Party may transfer the Agreement without the other Party’s prior written consent (which may not be unreasonably withheld). However, such consent shall not be required if:

(i) Kepler Cloud transfers the Agreement, in whole or in part, to any of Kepler Cloud’s Affiliates;

(ii) Kepler Cloud (or its future assignee) transfers the right to receive payments and related rights due by the Customer under the Agreement; or (iii) Kepler Cloud transfers the Agreement to a third-party entity in connection with the purchase of all or substantially all of Kepler Cloud’s business or assets or any deemed transfer by Kepler Cloud by reason of merger, consolidation, change-in-control or corporate reorganisation. Kepler Cloud has the right to use its Affiliates and other qualified subcontractors to provide the Service to the Customer, provided that Kepler Cloud remains responsible to the Customer for the performance of the subcontractors.

27.2. The Customer’s obligations towards Kepler Cloud and the provisions regarding Kepler Cloud’s limitations of liability are in place also for the benefit of Kepler Cloud’s Affiliates, subcontractors, personnel and owners. Otherwise the Agreement does not create any third-party beneficiary rights in any third-party entity. 28. Severability If any provision of the Agreement is ruled unenforceable by a court of competent jurisdiction, the remaining provisions of the Agreement will remain in full force and effect to the fullest extent permitted by law. The Parties shall attempt through negotiation in good faith to replace the unenforceable provision with such provisions that correspond as closely as possible to the original intention of the Parties.

29. Governing Law and Arbitration

29.1. The Agreement will be governed by the substantive laws of Sweden, with the exception of any conflict of law principles. Any dispute, controversy, or claim arising out of or relating to the Agreement, or the breach, termination, or validity thereof, shall be finally settled by Swedish courts. The seat of litigation shall be Helsingborg, Sweden, and the language of the proceedings shall be English.

29.2. Notwithstanding the above, Kepler Cloud may file any debt collection action against the Customer for any outstanding amounts payable by the Customer under the Agreement in any court of competent jurisdiction in the Customer’s domicile.

Data Processing Agreement

1. Scope

1.1. This Data Processing Agreement (“DPA”) is an integral part of the Agreement between Kepler Cloud and the Customer.

1.2. If the Customer Data contains personal data, the provisions of this DPA shall govern the processing of that personal data by Kepler Cloud.

2. Definitions Unless otherwise defined, the capitalised terms defined in the Terms of Service shall have the same meaning when used herein. In this DPA the following terms shall have the meanings set out below:

“End-Customer” means an end-customer of the Customer, who has engaged the Customer to process personal data regarding which the End-Customer is data controller, in which case the Customer acts a data processor towards the End-Customer and Kepler Cloud acts as a subprocessor of the Customer:

“Data Breach” means a breach of security attributable to the acts or omissions of Kepler Cloud leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Relevant Personal Data;

“Data Protection Laws” means the data protection and privacy laws and regulations applicable to the processing of Relevant Personal Data under this DPA, including EU Regulation 2016/679 of the European Parliament and of the Council (“GDPR”); “personal data”, “processing”, “data controller”, “data processor”, and “data subject” have the same meaning as in the Data Protection Laws;

“Relevant Personal Data” means the personal data controlled by the Customer, or, as the case may be, an End-Customer, and processed by Kepler Cloud on behalf of the Customer pursuant to the Agreement;

“Supervisory Authority” means (i) an independent public authority which is established by an EU/EEA member state pursuant to Article 51 of GDPR; and (ii) any similar regulatory authority responsible for the enforcement of Data Protection Laws. 3. Processing of Personal Data

3.1. Details of Processing:

a) Subject matter: Processing of Relevant Personal Data in order to provide the Service pursuant to the Agreement.

b) Duration: For as long as the Customer uses the Service in a manner that entails the processing of Relevant Personal Data by Kepler Cloud.

c) Purpose: The provision of the Service ordered by the Customer.

d) Nature of the processing: Compute, storage and/or other Service described in the Agreement that the Customer may order under the Agreement.

e) Type of personal data: The Customer controls which types of personal data the Customer enters into the Service.

f) Categories of data subjects: The categories of data subjects may include the Customer’s, or, if applicable, End-Customers’ employees, job applicants, directors, agents, contractors, suppliers, customers, clients, and/or end-users.

3.2. Kepler Cloud processes certain personal data also as data controller. Such personal data may include, inter alia, data of the Customer’s contact persons, users of the Services, credit card information, and other personal data of the Customer’s personnel which Kepler Cloud processes in order to provide the Services, collect payments, and maintain and develop the customer relationship. Processing of this type of personal data is outside the scope of this DPA. For more details about how Kepler Cloud processes personal data as data controller, please see Kepler Cloud’s Privacy Policy available on Kepler Cloud’s web portal at https://keplercloud.se/.

4. General Obligations of the Customer

4.1. The Customer shall comply with the Data Protection Laws and warrants that the Customer is, and for the duration of this DPA remains, in compliance with all responsibilities set for data controllers or data processors (as applicable) under Data Protection Laws towards data subjects, Kepler Cloud, and, where applicable, the End-Customers.

4.2. If the Customer acts as data controller of the Relevant Personal Data, the Customer shall be responsible for the lawful collection, processing and use, and for the accuracy of the Relevant Personal Data, as well as for preserving the rights of the data subjects concerned, and the Customer shall be responsible for informing the data subjects about the processing of their personal data by Kepler Cloud, and shall obtain the needed consents from the data subject, if necessary.

4.3. The Customer shall ensure that the Customer is entitled to process the Relevant Personal Data and to disclose, transfer or otherwise make it available to Kepler Cloud for lawful processing hereunder. The Customer acknowledges that due to the nature of the Service, Kepler Cloud cannot control and has no obligation to verify what types of personal data the Customer transfers to Kepler Cloud for processing in connection with the Service.

5. General Obligations of Kepler Cloud 5.1. Kepler Cloud shall process the Relevant Personal Data in accordance with (i) the Data Protection Laws, (ii) this DPA, (iii) the Agreement, and (iv) the Customer’s documented processing instructions set out in this DPA or given otherwise, provided that any processing instructions issued by the Customer outside this DPA solely pertain to: (a) changes in the Data Protection Laws and/or guidance of the Supervisory Authority, European Data Protection Board or other similar competent authority, or (b) decision or court order issued by a competent court. Without prejudice to the above, further processing instructions may also be issued otherwise as mutually agreed in writing by the Parties.

5.2. Without prejudice to Article 28(3) of GDPR, Kepler Cloud shall not be obliged to verify whether any processing instructions issued by the Customer are compliant with the Data Protection Laws, as the Customer is responsible for such compliance verification of its processing instructions. Nonetheless, if Kepler Cloud detects that any processing instructions issued by the Customer are noncompliant with the Data Protection Laws, Kepler Cloud shall inform the Customer thereof. 5.3. Kepler Cloud shall not use the Relevant Personal Data for any other purposes other than that of providing the Service, and shall not process, transfer, modify, amend, assert liens or other right over or alter the Relevant Personal Data. Kepler Cloud shall not disclose or permit the disclosure of the Relevant Personal Data to any third-party entity without the Customer’s prior written approval, unless such disclosure is required by applicable laws or an order of Governmental Authority, in which case Kepler Cloud shall, to the extent legally permitted, inform the Customer of the disclosure.

6. Kepler Cloud’s Assistance Obligations

6.1. Kepler Cloud agrees to reasonably and insofar as practically possible assist the Customer in the fulfilment of the Customer’s, and where applicable, End-Customer’s, obligations (as a data controller in each case) under the Data Protection Laws to respond to requests for exercising data subject rights established under the Data Protection Laws by implementing appropriate technical and organisational measures to facilitate the fulfilment of such obligations and by providing the Customer with necessary information relating to Kepler Cloud’s processing of the Relevant Personal Data. However, the Customer shall primarily use the corresponding control functions of the Service in responding to such requests, like the Control Panel.

6.2. Kepler Cloud shall further provide the Customer with commercially reasonable assistance in enabling compliance with the Customer’s, and where applicable, End-Customer’s (as a data controller in each case), obligations to perform data protection impact assessments, breach notifications and prior consultations of the competent Supervisory Authority, as set out in the applicable Data Protection Laws, taking into account the nature of the processing and the information available to Kepler Cloud.

6.3. If the Customer requires assistance from Kepler Cloud, Kepler Cloud shall be entitled to a reasonable remuneration for providing the assistance. The amount of remuneration will be agreed upon between the Parties in advance.

7. Kepler Cloud’s Personnel

7.1. Kepler Cloud shall ensure that its personnel (including its subprocessors’ personnel) who process the Relevant Personal Data:

(i) process the Relevant Personal Data in accordance with the Customer’s written instructions and only for the purposes allowed under this DPA;

(ii) are informed of the confidential nature of the Relevant Personal Data and are aware of Kepler Cloud’s obligations under this DPA;

(iii) are under confidentiality undertakings or an appropriate statutory obligation of confidentiality; and

(iv) have undertaken appropriate training in relation to the processing of the Relevant Personal Data.

8. Security Measures

8.1. Kepler Cloud and the Customer shall implement and maintain appropriate technical and organisational security measures to protect the Relevant Personal Data within their areas of responsibility, in order to safeguard the Relevant Personal Data against unauthorised or unlawful processing or access and against accidental loss, destruction or damage. Such measures include where necessary and appropriate, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons the following measures:

(i) access right controls to systems containing the Relevant Personal Data;

(ii) the pseudonymisation and encryption of the Relevant Personal Data;

(iii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and offerings;

(iv) the ability to restore the availability and access to the Relevant Personal Data in a timely manner in the event of a physical or technical incident; and

(v) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

9. Subprocessors

9.1. Kepler Cloud is entitled to use subprocessors in the provision of the Service. The subprocessors approved by the Customer are listed in Appendix 1 hereto. Kepler Cloud ensures that the engaged subprocessors are properly qualified, are under a data processing contract with Kepler Cloud, and comply with data processing obligations similar to the ones which apply to Kepler Cloud under this DPA. Kepler Cloud shall be liable towards the Customer for the processing of Relevant Personal Data carried out by Kepler Cloud’s subprocessors.

9.2. Kepler Cloud is entitled to change its subprocessors. Kepler Cloud shall inform the Customer regarding changes (additions or replacements) in the subprocessors by providing at least 30 (thirty) days’ advance notice, giving the Customer the opportunity to object to such change. The Customer may object to the change by providing a written notice thereof to Kepler Cloud within thirty (30) days after being informed of the change. In such case, the Parties shall strive to find an alternative solution. If such a solution is not found, the Customer may terminate the Agreement without any liability to Kepler Cloud.

10. Transfers of Personal Data 10.1. The Customer may choose in which Kepler Cloud data centre(s) the Relevant Personal Data will be processed. Some of the data centres are located outside the European Economic Area (“EEA”). Kepler Cloud shall not move the Relevant Personal Data from the selected data centre unless explicitly instructed to do so by the Customer.

10.2. The Customer authorises Kepler Cloud to transfer the Relevant Personal Data outside the EEA to its subprocessors, if and only to the extent such transfers are necessary for the provision of the Service ordered by the Customer. If the Relevant Personal Data needs to be transferred outside the EEA in a country that is not recognised by the European Commission as providing adequate level of protection for personal data, then the Customer accepts that Kepler Cloud performs the international transfer of the Relevant Personal Data in accordance with the Standard Contractual Clauses adopted by the European Commission (processor-to-processor module) entered into by Kepler Cloud (as data exporter) and the relevant subprocessor (as data importer).

11. Audits

11.1. Upon written request of the Customer, Kepler Cloud agrees to make available to the Customer and, where relevant, to the End-Customer, the information necessary to demonstrate compliance with this DPA, and allow for and contribute to audits by the Customer or an established thirdparty auditor approved by Kepler Cloud (such approval not to be unreasonably withheld) and agreed by both Parties (“Mandated Auditor”), of Kepler Cloud’s systems and premises where the processing of Relevant Personal Data takes place, in order to assess Kepler Cloud’s compliance with this DPA. Kepler Cloud shall permit the Customer, or, where relevant, a Mandated Auditor to inspect and audit Kepler Cloud’s relevant records solely pertaining to the Relevant Personal Data, and to inspect and audit processes and systems related to the processing of the Relevant Personal Data. Kepler Cloud agrees to co-operate in respect of such audits. All audits by the Customer, or, where relevant, by Mandated Auditor are subject to a thirty (30) days’ prior written notice.

11.2. Where an audit may lead to the disclosure of business or trade secrets of Kepler Cloud (or its Affiliates or other customers) or otherwise pose a threat to intellectual property rights of Kepler Cloud, the Customer shall employ a Mandated Auditor to carry out such audit. Whenever a Mandated Auditor is used, the Customer shall procure such Mandated Auditor’s acceptance to be bound to confidentiality to Kepler Cloud’s benefit by way of such confidentiality undertaking as accepted by Kepler Cloud.

11.3. Unless otherwise agreed between the Parties, the Customer is allowed to conduct one (1) audit in every twelve (12) months. Any audit must be conducted during the normal business hours of Kepler Cloud and in a way that does not cause substantial disturbance to Kepler Cloud’s business operations. The Customer shall bear all costs and expenses relating to the audits conducted hereunder and pay a reasonable compensation to Kepler Cloud for the work required to assist in the audits.

12. Data Breaches

12.1. Kepler Cloud shall notify the Customer without undue delay after becoming aware of any Data Breach, providing the Customer with sufficient information which allows the Customer to meet its obligations to report a Data Breach under the Data Protection Laws. Such notification shall at a minimum:

(i) describe of the nature of the Data Breach, including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of Relevant Personal Data records concerned;

(ii) communicate the name and contact details of Kepler Cloud’s contact point where more information can be obtained; and

(iii) description of the measures taken by Kepler Cloud to address the Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

12.2. Kepler Cloud shall cooperate with the Customer and, where relevant, the End-Customer, and take commercially reasonable steps to assist in the investigation, mitigation and remediation of the Data Breach.

13. Deletion and Return of Personal Data

13.1. Within a reasonable time after the termination or expiry of the Agreement, or after the Customer has permanently ceased to use the Services, Kepler Cloud shall delete and procure deletion of all copies of the Relevant Personal Data processed by Kepler Cloud or any subprocessor, except to the extent that Kepler Cloud is obliged to retain copies of the Relevant Personal Data pursuant to applicable laws or orders of Governmental Authority.

13.2. Notwithstanding the Clause 13.1 above, the obligation to delete Relevant Personal Data shall not apply to copies of the Relevant Personal Data contained in Kepler Cloud’s regular backup copies of comprehensive datasets from which the individual deletion of the Relevant Personal Data would not be possible without significant efforts or costs, provided that such backup copies are appropriately secured in accordance with this DPA and the Data Protection Laws and not used for any other purposes.

14. Liability

14.1. Each Party’s liability for: (i) damages incurred by a data subject and (ii) administrative fines imposed by a Supervisory Authority, in connection with the processing of the Relevant Personal Data under this DPA shall be defined in accordance with Articles 82 and 83, respectively, of the GDPR, or another corresponding and applicable provision of compulsory Data Protection Laws.

14.2. Otherwise the Parties’ liability for a breach of the DPA shall be subject to Section 19 of the Terms of Service.

15. Term

15.1. This DPA remains in force until Kepler Cloud ceases to process the Relevant Personal Data pursuant to the Agreement, whereafter this DPA shall automatically expire.

APPENDIX 1 – Kepler Cloud Subprocessors Kepler Cloud utilises its Affiliates (some of which are located outside the EEA) in the provision of the Service. As the GDPR’s definition for ‘processing‘ is very extensive, Kepler Cloud considers its Affiliates as subprocessors of Kepler Cloud even though such Kepler Cloud Affiliates do not have access to the Customer Data. The employees of Kepler Cloud Affiliates may participate in the processing of the Customer Data when providing Support Services to the Customer, or when maintaining Kepler Cloud’s server infrastructure. In connection with the Customer’s support requests, the Support Team may, if authorised by the Customer, carry out actions in the Customer’s cloud servers on behalf of the Customer. When maintaining Kepler Cloud’s data centre infrastructure, Kepler Cloud’s Operations Team may need to move storages or other resources containing Customer Data from one physical host machine to another physical host machine in the same data centre, for maintenance and reliability purposes.

Such actions can be deemed as ‘processing’ as defined in Article 4 of the GDPR. However, Kepler Cloud personnel will never take actions to access the Customer Data, unless specifically requested by and agreed with the Customer.

Service Level Agreement

1. Scope. This service level contract (“SLA”) is an integral part of the Agreement between Kepler Cloud and the Customer. This SLA does not apply to: (i) Free Trials; (ii) Kepler Cloud web portal; (iii) APIs of the Service; and (iv) the Control Panel.

2. Service Guarantee. Subject to the exemptions set out in Sections 1 and 8, we will guarantee you the availability of the Services. For all unscheduled interruptions in the provision of the Service that last longer than five (5) minutes, you will be entitled to an SLA-compensation in accordance with this SLA. The availability guarantee is applied on a per Service-item basis and is not applicable to such Service-items that are not directly affected by the interruption. For example, if you have five virtual servers and one of them is unavailable, the SLA-compensation will be calculated based on that one server’s downtime and not based on your entire Service portfolio.

3. Scheduled Interruptions. We will notify you by e-mail or by publishing a notice on Kepler Cloud’s web portal about scheduled interruptions in the provision of the Service at least 24 hours prior to the interruption, with the exception of important security updates and patches which we may deploy without prior notice.

4. Error Notifications. If you detect an interruption in the Service, you have to notify us by sending an e-mail to outages@keplercloud.se. The interruption in the Service is deemed to begin when the failure starts to affect your use of the Service, and to end when the failure has been corrected. We will maintain a system status page at https://status.keplercloud.se/

where we will post information about identified interruptions and their resolution status.

5. Payment of Compensation. If you are eligible for an SLA-compensation under this SLA, you must claim the SLA-compensation within 15 (fifteen) days after the failure has been corrected by contacting our Support Team at support@keplercloud.se and requesting the SLA-compensation. The SLA-compensation will be deposited to your Account in the form of Credits and it may not be exchanged for cash or other forms of payment.

6. Amount of SLA-compensation. The amount of the SLA-compensation will be 50 (fifty) times Kepler Cloud’s service fees charged for the interrupted Service-item allocated for the period of time when the use of that Service-item was interrupted. The maximum SLA-compensation for an individual interruption shall be limited to an amount equal to the service fees charged by Kepler Cloud for the interrupted Service-item during 30 (thirty) calendar days immediately preceding the interruption. The total sum of aggregated SLA-compensations during any 12-month period shall be limited to an amount equal to the average monthly service fee charged by Kepler Cloud for the interrupted Service during that 12-month period multiplied by 2,5. 7. Sole Remedy. The SLA-compensation set out above will be your sole remedy for any

interruptions in the Service. In case of a discontract over the amount of the SLA-compensation payable to the Customer, Kepler Cloud’s decision on the issue will be binding on the Parties until and unless a competent court rules otherwise.

8. Exemptions from Service Guarantee. The following situations will be exempt from Kepler Cloud’s service guarantee and thus not subject to SLA-compensation:

1. Scheduled interruptions and deployment of important security updates and patches.

2. Force Majeure events.

3. Failures caused by errors in Third-Party Products utilised by the Customer within the Service.

4. Failures in products or offerings which are not part of the Service or provided by Kepler Cloud.

5. Failures caused by the Customer’s actions contrary to user instructions or resulting from the Customer’s operating systems or application software used within the Service.

6. Interruptions in the Service relating to the Customer’s violation of or failure to comply with these Terms or a User’s violations of the Acceptable Use Policy.

7. Failures caused by hostile actions of third parties, like denial-of-service attacks.

8. Interruptions relating to actions Kepler Cloud is obliged to take pursuant to applicable laws or Governmental Authority’s orders.

9. Interruptions resulting from the Customer not having sufficient balance of Credits on the Account for the use of the Service at the time of the interruption.

Acceptable Use Policy

1. Scope. This acceptable use policy (“AUP”) is an integral part of the Agreement between Kepler Cloud and the Customer. The Customer must ensure that all Users comply with this AUP.

2. User Instructions. The Customer and the Users must follow all user instructions concerning the use of the Service made available to them by Kepler Cloud.

3. Customer’s Legal Compliance. You must comply with all laws and regulations applicable to you and your use of the Service. Moreover, you undertake to fulfil your binding obligations towards third parties to the extent such obligations relate to your use of the Service (for example, you have to comply with the license terms of any third-party software you use within the Service).

4. Illegal, Harmful, Offensive or Disruptive Use of Services. You are not allowed to use the Service for any illegal, harmful, offensive or disruptive purposes (which will be deemed by Kepler Cloud in its sole discretion). If you are uncertain whether or not your intended use of the Service could be deemed illegal, offensive or disruptive, you can contact Kepler Cloud in advance and request permission for your intended use.

Below are examples of actions and content which Kepler Cloud considers to be illegal, harmful, offensive or disruptive (the list is not exhaustive):

A. Illegal, Harmful or Fraudulent Activities Use of Service to engage in, promote or encourage any illegal or fraudulent conduct or Activities. Sale or promotion of illegal material, substances or products.

Unauthorised access to, or attempting to access, systems, networks or data.

Use of a third-party’s user account or computing power without the owner’s Authorisation. Collection of user information like email addresses without the consent of the person identified (phishing). Monitoring of network traffic or data without authorisation.

Content or technology that may damage, interfere with, intercept, or expropriate any system, program or data, including viruses, trojan horses, ransomware, spyware, malware, etc.

B. Infringing Content or Use

Use of Service in a manner that violates, infringes or misappropriates trade secrets, copyrights, trademarks, patents, or any other intellectual property rights, or contributes to the said violations, including storage or transfer of, or linking to, such infringing content or sale or promotion of such infringing products or materials.

C. Offensive Content

Storage or transfer of, or linking to, content that is harassing or excessively violent, threatening with violence, or inciting to hate, discrimination or violence.

Storage or transfer of, or linking to child pornography or content containing nonconsensual sexual acts.

D. Disruptive Use of Services

You may use, investigate, and modify the operating environment of the Service only within the limits allowed by the user instructions.

You may not use the Service in any way that causes security risks to the Service or interferes with the operation of the Service, including intentional or careless use of the Service in excess of a typically expected server load, like continuously high CPU or I/O use rate, intentional or careless configuration of servers that enables unauthorised thirdparty access or otherwise lacks adequate security requirements, measures aimed to circumvent, or interfere with the limitations or restrictions in the Service, or monitoring, controlling or charging of the Service by Kepler Cloud.

You are not permitted to mine any cryptocurrencies without obtaining prior written approval from Kepler Cloud.

E. Mass Emailing or Spamming

Sending, distributing, publishing or facilitating the sending of unsolicited mass email or other messages. If you wish to use the Service for sending of bulk e-mail or other mass communications, you may do so only after receiving Kepler Cloud’s written approval for the planned activity. 5. Enforcement. We reserve the right to investigate any violations of this AUP and to take legal action to enforce our rights. We may report any suspected criminal activity to the law enforcement officials. If you, a User, or anyone else – with or without your authorisation – uses the Service in violation of this AUP, we have the right to suspend or terminate your Account in accordance with Section 13 of the Terms of Service.