Terms and Conditions

To start using the Service, the Subscriber may be required to provide Controla with certain information and follow the registration or onboarding procedures provided by Controla. The Subscriber's registration for the Service constitutes a request to purchase the requested Service. Controla's acceptance of that request, and the formation of a legally binding contract between Subscriber and Controla under these Terms, occurs when Controla activates the Subscriber's account or otherwise enables the Subscriber to access or use the Service.

Controla may make additional features or functionality of the Service available to the Subscriber. The use of such features may be subject to additional terms and conditions presented to the Subscriber. Such features are provided at Controla's discretion and may be subject to additional fees beyond those described in these Terms.

Subject to the terms of this Agreement, Controla shall provide to Subscriber the Service set out in this Agreement in accordance with the agreed Subscription Plan, directly by Controla or through a Partner. Controla hereby grants to Subscriber, subject to Subscriber's timely payments of the applicable fees under this Agreement and Subscriber's continuous compliance with all the terms of this Agreement, a limited, non-exclusive, non-transferable and non-sublicensable right to use the Service in Subscriber's business operations.

Controla commits to providing the Service in a professional manner, in line with good market practice and in accordance with applicable laws.

Where the Service is provided through a Partner, certain commercial aspects of the Service (including fees, invoicing and order administration) may be governed by separate agreements between the Subscriber and the Partner.

Where the Service is provided through a Partner, Controla may provide the Partner with reports or aggregated information regarding Subscriber's use of the Service or security posture, subject to applicable data protection laws and relevant agreements between the Subscriber and the Partner.

The Service is designed to help improve cybersecurity posture, but Controla does not guarantee detection or prevention of all vulnerabilities, misconfigurations, or security incidents. Subscribers remain responsible for appropriate security practices and for evaluating and implementing recommendations from the Service.

The Service is commonly available 24 hours a day, 365 days a year. However, Controla does not guarantee and cannot be held liable for sudden defects, delays and interruptions. Controla reserves the right to temporarily interrupt the performance of the Service for service purposes such as maintenance, upgrades, quality of delivery, and competitive strength.

Controla is allowed to take measures that affect the Service if they are required for technical, maintenance or operational reasons. Controla shall perform such actions promptly and in a manner that limits interference as far as possible.

Each party represents and warrants to the other party that: (i) it has all necessary rights and authority to enter into the Agreement and grant the rights and licenses under the Agreement; (ii) it shall comply with all applicable laws, and (iii) the execution or acceptance of the Agreement, and the performance of its respective obligations and duties pursuant to the Agreement, do not and will not violate any agreement to which such Party is bound.

The Subscriber may not use the Service in such a way that Controla or anyone else suffers inconvenience or damage. The Subscriber undertakes not to handle Subscriber Data via the Service that is unlawful, infringes on the rights of third parties or that may be perceived as offensive or disorderly.

If Controla is made aware that Subscriber uses the Service in violation of the Agreement or in a manner which could pose a security risk to Controla or any third party, Controla has the right to suspend the Service for the Subscriber and (if the violation or security risk is material) terminate the Agreement with immediate effect. The same rights for Controla applies if Controla reasonably suspects that Subscriber uses the Service in violation of the Agreement and has contacted the Subscriber to resolve such suspected violation in good faith but has failed to resolve the matter within seven (7) days. Controla will reactivate the Subscriber's access to the Service if Subscriber makes it probable that Subscriber has not used the Service in violation of the Agreement and there is no other reason for Controla to terminate the Agreement with Subscriber.

The Subscriber understands that it is the Subscriber's responsibility as a data controller for the processing of Users' personal data (as defined under the General Data Protection Regulation (“GDPR”)) to ensure that Users, and other relevant data subjects, are provided with sufficient information on the processing of their personal data in line with the requirements under relevant Data Protection Laws (as defined in Appendix 1).

The Subscriber undertakes to pay Controla the fees stipulated in the Agreement unless the Service is provided through a Partner that has agreed with Controla to pay such fees. All prices are exclusive of VAT and other applicable taxes. Where the Parties have agreed on a Trial Period, fees for the Service will apply from the end of the Trial Period and will be charged according to the agreed payment interval specified in connection with the Subscriber's registration for the Service. Where the Service is provided through a Partner, payment for the Service may instead be governed by the agreement between the Subscriber and the Partner.

Controla, either directly or through its third-party payment processor (“Payment Processor”) will charge the Subscriber for the fees via credit card or other payment mechanism agreed between the Parties. Controla has the right to charge the Subscriber's credit card or other agreed payment method for any services provided to the Subscriber by Controla under the Agreement, including recurring fees. It is the Subscriber's sole responsibility to provide Controla with a current and up-to-date credit card or other applicable payment information; failure to provide such information may result in suspension of the Subscriber's access to the Services. Controla will also have the right to set off any fees due from the Subscriber to Controla. If the Subscriber pays the fees through a Payment Processor, such payment processing will be subject to the terms, conditions, and privacy notices of the Payment Processor in addition to this Agreement. Controla is not responsible for any error by, or other acts or omissions of, the Payment Processor.

If authorized by the Subscriber through the Service or through Subscriber's order of the Service, recurring charges (e.g., monthly or yearly billing) will be charged from Subscriber's payment instrument without further authorization from Subscriber until Subscriber terminates this Agreement or changes its payment method in Subscriber's account.

Controla reserves the right to change the prices set out in the Agreement and will notify the Subscriber of such changes. Any price change will take effect at the start of the next Subscription Period.

The Subscriber, or its licensors, retains all rights in and to the Subscriber Data. The Subscriber grants Controla a non-exclusive, royalty-free license to process Subscriber Data solely as necessary to provide and operate the Service during the term of this Agreement. Controla may share Subscriber Data with authorized subcontractors where necessary to provide the Service, subject to applicable confidentiality obligations and the Data Processing Agreement.

Controla may collect and use anonymized or aggregated data derived from the operation and use of the Service to operate, improve, analyze and develop the Service. Such anonymized or aggregated data will not identify any Subscriber, Users, or other individual, and Controla may share such anonymized or aggregated data with third parties.

Any technical, commercial or other information of a confidential nature disclosed by a Party (“Disclosing Party”) to the other Party (“Receiving Party”) shall be treated as strictly confidential and the Receiving Party shall use such information solely for activities that are necessary under the Agreement.

The Receiving Party undertakes to not, without prior written consent from the Disclosing Party, pass on any of the Disclosing Party's confidential information to any person or party, except to those of the Receiving Party's employees and authorized subcontractors and representatives for whom such information is required for the proper performance of their duties or rights under the Agreement and who are themselves bound by obligations of secrecy. The confidentiality undertakings in this Agreement shall, inter alia, apply to the terms and conditions of the Agreement, the Service, Software, license fees and all Subscriber Data and information about the Subscriber that Controla gains access to in connection with the Subscriber's use of the Service.

The Parties' obligations of confidentiality shall survive termination of the Agreement for a period of five (5) years thereafter.

All rights, including but not limited to all intellectual property rights, to the Service and Software, including the technical solution and any content therein provided by Controla, belong to Controla or its rightsholders and are protected by law. The Agreement does not entail that any rights to the Service or rights created in connection with the performance of the Parties obligations under the Agreement are transferred to the Subscriber. For avoidance of doubt, this clause does not limit the Subscriber's right to the Subscriber Data.

The Subscriber may not reproduce, copy, modify, adapt, change or otherwise handle the Software, tools or other material belonging to the Service, nor transfer or grant any rights to such material to others, unless permitted under this Agreement or approved in writing by Controla.

Provided that full payment for the Service has been received, Controla grants a non-exclusive, non-transferable, non-sublicensable license to the Subscriber to use Controla's intellectual property rights to the extent required for the use of the Service and Software.

The Subscriber understands that the Service may only be used for the purposes described in this Agreement and the Subscriber undertakes to indemnify Controla for any and all claims from third parties (including claims from authorities) directed against Controla due to the Subscriber's wrongful use of the Service.

The Subscriber shall compensate Controla for any costs incurred by Controla in connection with the Subscriber's failure to pay on the relevant due date, such as, for example, agency and debt collection costs.

Each Party shall defend, indemnify and hold harmless the other Party and its respective agents, affiliates, subsidiaries, directors, officers, employees, contractors and partners (as applicable), against any and all third-party claims resulting from the breach of such Party's representations and undertakings under this Agreement.

In connection with any such claim: (i) the indemnified Party shall provide prompt written notice to the indemnifying Party of any such claim (provided that the failure to provide such prompt notice shall not relieve the indemnifying Party of its indemnification obligations in the Agreement, except to the extent it has been damaged thereby); (ii) the indemnifying Party shall have sole control of the defense or settlement of the claim (provided that the indemnifying Party may not enter into any settlement that may adversely affect the rights or obligations of the indemnified Party without the indemnified Party's prior written consent); (iii) at the indemnifying Party's request and expense, the indemnified Party cooperating in the investigation and defense of such claim; and (iv) the indemnified Party shall have the right to participate in its defense with counsel of its own choosing at the indemnified Party's expense.

Controla is neither responsible for any damages that arise due to the Subscriber providing incorrect information when registering for or using the Service, nor issues related to third party service providers who are not subcontractors to Controla.

Controla's total liability to the Subscriber under this Agreement for each twelve-month period during the term of the agreement is limited to an amount corresponding to 100 % of the amount paid or payable by Subscriber under the Agreement in the twelve (12) months immediately preceding the month in which the event (or first in a series of connected events) occurred.

In no event shall either Party be liable for indirect costs such as: (i) loss of revenue; (ii) loss of profits; (iii) loss of contracts; (iv) loss of business or anticipated savings; (v) loss of data; (vi) loss of goodwill or reputation; or (vii) for any other consequential, special or indirect losses whether or not such losses were within the contemplation of the Parties at the date of this Agreement, suffered or incurred by that Party arising out of or in connection with the provisions of, or any matter under, this Agreement.

The Agreement will automatically renew for successive Subscription Periods unless either Party gives notice of termination at least one (1) month before the end of the then-current Subscription Period. In such case, the Agreement will terminate at the end of the current Subscription Period. If the Parties have agreed on a Trial Period, the Subscriber may terminate the Agreement at any time during the Trial Period, and no fees will apply unless the Subscriber continues to use the Service after the Trial Period has ended. Subscriber may provide notice of termination to Controla by cancelling the Service through the Service interface.

Termination must be made in writing or through such other termination method available in the Service from time to time in order to be valid.

Controla may terminate this Agreement, effective on written notice to Subscriber if Subscriber; (i) materially breaches this Agreement; (ii) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (iii) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (iv) makes or seeks to make a general assignment for the benefit of its creditors; or (v) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

Upon termination of the Agreement, unless otherwise is agreed in writing with the Subscriber or required by applicable law, Controla may delete the Subscriber Data, or in any other manner make it inaccessible for the Subscriber.

A party is entitled to postpone the performance of its obligations and is relieved from the consequences of non-performance of its obligations under the Agreement where such performance is prevented, rendered significantly more complicated, or unduly rendered more costly due to a circumstance beyond the reasonable control of the Party, and which the Party neither could nor reasonably should have foreseen at the time of execution of the Agreement. Such circumstance (“Force Majeure Event”) can comprise, for example, war or warlike situations, civil war, military mobilisation or military conscription of a similar scope, insurrection and riot, terrorism, sabotage, fire, flood, natural disaster, epidemic, pandemic, break-down of means of transport, discontinuation of the supply of energy, strike, lock-out or other general or local industrial action (notwithstanding that the Party itself is a party to the action), requisition, seizure, public authority order, trade restrictions, payment restrictions, or currency restrictions, or circumstance comparable therewith. Any delay in delivery on the part of any party assisting Controla in the performance of the Agreement which is caused by any such Force Majeure Event, shall also constitute grounds for discharge from liability.

A Party shall notify the other Party in the event of a risk that an obligation cannot be performed or will be delayed due a Force Majeure Event. A failure to provide such notice within a reasonable time shall result in an obligation to compensate for the loss that could have been avoided had timely notice been given.

If a Force Majeure Event has persisted for three (3) months, each and every Party shall be entitled to terminate the Agreement with immediate effect.

The Parties confirm that this Agreement represents the entire understanding and constitutes the whole agreement between the Parties relating to the subject matter hereof and supersedes any and all prior agreements, covenants, arrangements, communications, representations or warranties, whether oral or written, by any officer, agent, employee or representative of either of the Parties.

All notifications in connection with the agreement must be made by e-mail.

The waiver of a right under this agreement is valid only in writing. The failure of a Party to insist on adherence to any term of this Agreement shall not be considered a waiver of any right, nor shall it deprive that Party of the right thereafter to insist on adherence to that term or any other terms of the Agreement. A waiver of a specific breach of contract does not constitute a waiver of any other breach of contract.

A Party may not assign, pledge or otherwise encumber this Agreement or any of its rights or obligations under this Agreement without the prior written consent of the other Party.

Notwithstanding the above, Controla is allowed, without the Subscriber's consent, to transfer all or part of the Agreement, or its rights and obligations under the Agreement, to companies that are part of the same corporate group as Controla.

This Agreement shall be governed by the substantive law of Sweden.

Any dispute, controversy or claim this Agreement, or the breach, termination or invalidity thereof, shall be finally settled by arbitration administered by the Arbitration Institute of the Stockholm Chamber of Commerce (the “SCC”). The Rules for Expedited Arbitrations shall apply, unless the SCC in its discretiondetermines, considering the complexity of the case, the amount in dispute and other circumstances, that the Arbitration Rules shall apply. In the latter case, the SCC shall also decide whether the Arbitral Tribunal shall be composed of one or three arbitrators.

The seat of arbitration shall be Stockholm, Sweden.The language to be used in the arbitral proceedings shall be English unless agreed otherwise.

The Parties undertake and agree that all arbitral proceedings conducted with reference to this arbitration clause will be kept strictly confidential. This confidentiality undertaking shall cover all information disclosed during such arbitral proceedings, as well as any decision or award that is made or declared during the proceedings. Information covered by this confidentiality undertaking may not be disclosed to a third party without the prior consent of the other Party. Exceptions to the foregoing shall only apply to the extent that disclosure may be required of a Party due to mandatory law, an order of a competent court or public authority, or to protect, fulfil or pursue a legitimate legal right or obligation or to enforce or challenge an award.