1. FORMATION OF CONTRACT
1.1. This website is owned and operated by Plandisc ApS, Grimhøjvej 6, DK-8220 Brabrand, Denmark, CVR No. 37204854 (“Calendardisc”).
1.2. These Terms and Conditions of Use (the “Terms”) are accepted by ticking “I have read and accept the Terms and Conditions of Use” on the order form, by using the application or the services or in any other way by expressing your consent thereof, and applies between Calendardisc and the customer (the “Customer”). If the Customer is a legal person, these Terms are accepted on behalf of the Customer.
2. OPERATIONAL STABILITY
2.1. Calendardisc aims to ensure the highest possible operational stability, but is not liable for breakdown or interruptions of operation, including interruptions caused by matters outside Calendardisc’s control. This includes, among others, power failure, equipment failure, internet connections, telecommunication connections or the like. Calendardisc is delivered as is, and Calendardisc waives any warranty, guarantee, undertaking, claim or other terms, whether directly or indirectly.
2.2. In case of breakdowns or interruptions, Calendardisc aims to restore normal operation as soon as possible.
2.3. Planned interruptions will essentially be placed in the period between 9:00 P.M. and 06:00 A.M. CET. If it becomes necessary to cut off access to Calendardisc outside the specified time period, this will be duly notified in advance to the extent possible.
3. INTELLECTUAL PROPERTY RIGHTS
3.1. The program and information provided by Calendardisc, apart from the Customer’s data, is protected by copyright and other intellectual property rights and belongs to or is licenced to Plandisc ApS.
3.2. No intellectual property rights are transferred to the Customer.
4. CALENDARDISC’S LIABILITY
4.1. Calendardisc waives any liability in relation to the Terms, services or use of the program, regardless whether this is contractual or non-contractual liability, including for operational loss, consequential loss or other indirect loss, loss of data, loss based on product liability or loss caused as a result of ordinary negligence.
4.2. Regardless of the type of loss or the basis of liability, Calendardisc’s total liability in terms of value is limited to the Customer’s payment during the period of twelve (12) months before the actionable event occurred.
4.3. The Customer accepts to indemnify Plandisc ApS for any claim or loss caused by product liability, loss suffered by third parties or liability for third parties, to the extent such claim or loss results from the Customer’s use of the program.
5. CUSTOMER’S USE AND OBLIGATIONS
5.1. The Customer obtains access to Calendardisc pursuant to the extent of the subscription chosen.
5.2. The access is only made available to the Customer and the program cannot be used by other persons than the Customer. The Customer is responsible and fully liable for any third parties which the Customer allows access to the program or who use the Customer’s log-in information.
5.3. The Customer must ensure that the program is not used in any way that may impair Calendardisc’s name, reputation or goodwill or that is contrary to relevant legislation or other regulation.
5.4. If the Customer enters personal data (e.g. names, contact information) in the Calendardisc program, the Customer is fully responsible that he or she may lawfully do so. Calendardisc recommends that the special categories of personal data (sensitive personal data) are not used or are limited to the widest possible extent.
DATA PROCESSING AGREEMENT
1.0 Introduction and background
1.1 In order to ensure that Calendardisc and the Customer (hereinafter jointly referred to as the “Parties”) meet their obligations pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) and the national data protection rules under the GDPR, the Parties have entered into this Data Processing Agreement. This Data Processing Agreement shall apply when the Customer adds personal data in the planning tool that is made available by Calendardisc and whereby Calendardisc processes personal data on behalf of the Customer.
1.2 This Data Processing Agreement shall not apply when
(1) the Customer is a natural person who uses the planning toll for strictly personal or household activities or
(2) no personal data is added in the planning tool by the Customer
2.1 Calendardisc can only process personal data for the purposes necessary to provide its service to the customer.
3.0 Calendardisc’s obligations
3.1 Calendardisc will meet its obligations pursuant to applicable legislation on data protection in respect of the personal data covered by this Data Protection Agreement.
3.2 Calendardisc may only process personal data according to documented instructions from the Customer, including as regards transfer of personal data to a third party, unless this is required to ensure compliance with EU legislation or national legislation of the member states. In such case, Calendardisc must notify the Customer of that legal requirement before the processing is commenced, unless that law prohibits such notification on important grounds of public interest.
3.3 Calendardisc has no reason to believe that the applicable data protection legislation prevents Calendardisc from complying with the instructions in this Data Processing Agreement. If Calendardisc at a later time has reason to believe that the Customer’s instructions are contrary to applicable data protection legislation, Calendardisc must immediately notify the Customer thereof.
3.4 Calendardisc shall make the required technical and organisational safeguards, including such additional measures as may be required to prevent the processed data from being accidentally or illegally destroyed, lost or deteriorated and to prevent information from being disclosed to unauthorized persons, misused or otherwise processed contrary to the provisions of Danish legislation on data protection, cf. Article 32 of the GDPR.
3.5 Personal data are confidential and must remain confidential. Calendardisc must ensure that any person processing personal data has received sufficient instruction and training in the processing of personal data and has undertaken to observe confidentiality.
3.6 Calendardisc must assist the Customer in ensuring compliance with the obligations pursuant to Articles 32-36 of the GDPR, having regard to the nature of the processing and the information available to Calendardisc.
3.7 Calendardisc must notify the Customer without undue delay if Calendardisc becomes aware of a security breach, and Calendardisc must immediately notify the Customer of any request for disclosure of personal data from a law enforcement agency, unless this is prohibited according to applicable legislation.
3.8 Having regard to the nature of the processing, Calendardisc will assist the Customer – as far as possible and by taking appropriate technical and organisational measures – in the fulfilment of the Customer’s obligations to reply to requests regarding exercise of the rights of the data subjects as laid down in Chapter 3 of the GDPR.
3.9 If the Customer requests information or assistance regarding security measures and documentation or information on how Calendardisc processes personal data, and such request includes information that exceeds what is considered reasonable and necessary according to applicable data protection legislation, Calendardisc may request payment for such additional services.
4.0 Customer’s obligations
4.1 The Customer guarantees to meet its obligations pursuant to the applicable data protection legislation. In this connection, the Customer undertakes the following:
o When using the planning tool that is made available by Calendardisc, the Customer will only process personal data in accordance with applicable data protection legislation;
o The Customer has a legal basis for processing personal data;
o The Customer ensures the accuracy, the integrity, the contents, the reliability and the lawfulness of the personal data processed by Calendardisc;
o The Customer has complied with its duty as a Data controller, e.g. its duty to provide information to the data subjects regarding the processing of personal data in accordance with applicable data protection legislation.
5.0 Use of sub-processors and disclosure of data
5.1 This Data Processing Agreement represents the Customer’s prior general and specific written approval of Calendardisc’s use of other data processors (“Sub-processors”). The Customer accepts Calendardisc’s use of the Sub-processors specified in Appendix 1.
5.2 The Data Processor’s Sub-processors are listed in the list of Sub-processors updated from time to time and available here: https:/ /Calendardisc.com. The Customer must be informed before Calendardisc replaces or adds new Sub-processors. However, the Customer is only entitled to object against a new Sub-processor if this Sub-processor, in the Customer’s opinion, does not process data in accordance with applicable data protection legislation. In such a situation, Calendardisc must document compliance by giving the Customer access to Calendardisc’s data protection evaluation of the said Sub-processor. In case of continued disagreement regarding use of the Sub-processor, the Customer may terminate its subscription for the planning tool so that the Customer’s personal data cannot be processed by the said Sub-processor.
5.3 Before transferring personal data to a Sub-processor, Calendardisc must ensure that (1) the Customer has not objected against the use of this Sub-processor; (2) Calendardisc and the Sub-processor have entered into an agreement (“Sub-processor Agreement”) corresponding to the content of this Data processing Agreement, especially as regards a guarantee for implementation of appropriate technical and organizational measures; (3) the Sub-processor Agreement regarding the Customer’s personal data will terminate automatically in case of termination of this Data Processing Agreement.
5.4 If a Sub-processor is established outside, or if personal data are stored outside, the EU/EEA, the Customer authorises Calendardisc to ensure a legal basis for transferring personal data to a third country on behalf of the Customer, including by using the EU Commission’s standard contractual clauses or the EU-U.S. Privacy Shield.
5.5 Calendardisc is fully liable towards the Customer if the Sub-processor does not meet its obligations pursuant to this Data Processing Agreement.
6.0 Access to audit
6.1 Calendardisc makes any information available to the Customer that is required to demonstrate compliance with the requirements of Article 28 of the GDPR.
6.2 The Customer is entitled to commence an audit of Calendardisc’s obligations pursuant to the Data Processing Agreement once every year. If the Customer is obliged pursuant to applicable legislation, an audit may be made more than once every year. In connection with a request for an audit, the customer must send a detailed audit plan, including a description of the extent, duration and commencement date, at least four (4) weeks before the suggested commencement date. It must be agreed jointly between Calendardisc and the Customer if a third party is to do the audit. However, the Customer may let Calendardisc determine that the audit, for security reasons, must be performed by a neutral third party at Calendardisc’s option, if the processing environment includes data from several data subjects.
6.3 Under all circumstances, the audit must take place during normal office hours at the relevant facility in accordance with Calendardisc’s policies and cannot unfairly interfere with Calendardisc’s general commercial activities.
6.4 All costs related to the audit are to be covered by the Customer. Any assistance from the data processor in this regard, which exceeds the general service that Calendardisc must provide as a result of the applicable data protection legislation, will be invoiced separately.
7.0 Duration and termination
7.1 The Data Processing Agreement comes into force by the Customer’s electronic box ticking or another acceptance of the agreement.
7.2 The Data Processing Agreement applies as long as Calendardisc processes personal data on behalf of the Customer in connection with the Customer’s use of the planning tool.
7.3 This Data Processing Agreement will automatically expire upon termination of the Customer’s subscription to the planning tool. By termination of the subscription, Calendardisc will delete or return all personal data in the relevant format, which Calendardisc has processed on behalf of the Customer. If the Customer requires assistance in relation to the return of data, costs related thereto will be fixed jointly between the Parties and must be based on i) hourly rates for Calendardisc’s time spent, ii) the complexity of the requested process and iii) the format chosen.
8.0 Amendment of terms
8.1 This Data Processing Agreement is binding upon the Parties and may only be amended by entering into a new data Processing Agreement.
8.2 Regardless of the provision in clause 8.1, Calendardisc may amend the Data Processing Agreement in order to ensure compliance with the applicable data protection regulation in force from time to time. In such case, Calendardisc will notify the Customer of any amendments of the Data Processing Agreement.
9.1 Calendardisc is not liable towards the Customer for any accrued loss as far as such loss has been caused by circumstances outside Calendardisc’s control.
9.2 Calendardisc is under no circumstances liable in damages towards the Customer for any indirect loss of the Customer, including, but not limited to, loss of turnover and loss of reputation. In addition, Calendardisc’s total liability in damages towards the Customer is limited to an amount corresponding to the subscription payments paid by the Customer during the most recent twelve (12) months.
10.0 Governing law and venue
10.1 This Data Processing Agreement shall be governed by Danish law.
10.2 Any claim and dispute arising out of or in any other way related to this Data Processing Agreement shall be settled by the Aarhus City Court.
This Appendix is an integral part of the Data Processing Agreement and represents the Customer’s instructions to Calendardisc in connection with Calendardisc’s processing of personal data on behalf of the Customer.
Processing of personal data
1. Purpose of the processing:
Calendardisc processes the Customer’s personal data to the extent the Customer add such personal data in the planning tool that is made available and hosted by Calendardisc. The processing of personal data is necessary in order for Calendardisc to comply with its obligations pursuant to the subscription agreement.
2. Categories of data subjects:
Calendardisc processes personal information about the categories of data subjects which the Customer adds to the planning tool, including the Customer’s employees, customers, clients, cooperation partners, service recipients (e.g. pupils in a school and their parents).
3. Categories of personal data:
As the planning tool includes free-text fields and the possibility of uploading
documents, Calendardisc processes the personal data which added to the planning tool by the Customer, including name, title, contact information, civil reg. no. (CPR) as well as information about illness, holiday and non-working days.
The Customer is encouraged to limit the entry of sensitive personal data.
4. Sub-processors and the physical location of the processing
Calendardisc uses Microsoft as a sub-processor as the Calendardisc software is hosted in Microsoft’s data centre in Dublin, Ireland.