This data processing agreement including appendices and references ("DPA") forms part of the Agreement between
Customer and SSG are hereinafter jointly referred to as "Parties" and separately as "Party".
1.1 The parties have one or more concluded agreements, including SSG’s general terms and conditions and appendices (the "Agreement") through which SSG shall provide certain services to the Customer (the "Service"). SSG is primarily the data controller for processing of personal data within the framework of SSG's products and services, including the Service. In exceptional cases, however, SSG acts as a data processor to the Customer as a data controller. This DPA applies only to the processing of personal data that SSG performs as a data processor for Customer as a data controller in connection with the provision of one or more of the Functions as defined below and further described in this DPA.
1.2 By reference to this DPA in the Agreement or in SSG's general terms and conditions, the DPA forms an integral part of the Agreement between the Parties, provided that the Customer purchases one or more of the Features described in this DPA. The DPA is limited to regulating only the processing of personal data carried out by SSG as a data processor to the Customer. If different data processing agreements have been entered into between the Parties, the most recent version drawn up by SSG shall apply. The most recent version of the DPA is the one published on SSG's website. The Parties agree that the most recent version of the DPA shall apply between the Parties and replace any existing data processing agreements on the processing of Relevant Personal Data (as defined below) that the Parties may have previously entered into.
1.3 Upon Customer's written request, the Parties may enter into a digitally signed version of the most recent version of this DPA.
2.1 The terms "Data Controller", "Data Processor", "Personal Data", "Data Subject" and other terms in this DPA shall be interpreted and applied in accordance with the GDPR, unless otherwise described herein.
2.2 The following terms shall have the following meanings in this DPA.
“Applicable Law” means the laws applicable to the processing of Relevant Personal Data under this DPA, such as the General Data Protection Regulation (EU 2016/679) ("GDPR") and the Swedish act (2018:218) with supplementary provisions to the GDPR.
“Data Controller” means the Customer, which determines the purposes and means of processing Relevant Personal Data in the Features.
“Data Processor” means SSG, which processes personal data on behalf of the Customer when providing the Features.
“Data Subject” means the individual(s) to whom Relevant Personal Data refers.
“DPA” means this Data Processing Agreement between SSG and the Customer.
"Feature"/"Features" means those parts of SSG's services described in the Instruction, in which SSG as Data Processor processes Relevant Personal Data on behalf of the Data Controller.
“Instruction” means the instruction in Appendix 1 from the Customer as the Data Controller to SSG as the Data Processor to process Relevant Personal Data in the Features.
“Relevant Personal Data” means the personal data specified in the Instruction relating to Data Subjects that are processed by SSG as Data Processor for the Customer to provide the Features.
3.1 The Customer is the data controller and SSG is the data processor only for the processing of Relevant Personal Data in the Features as explicitly described in this DPA.
3.2 Appendix 1 constitutes the Instruction from the Customer to SSG to process personal data in the Features in accordance with the DPA. The provisions of the DPA shall only apply to the personal data processing carried out by SSG as data processor for the Customer in order to provide the Features as described herein, not to any other part of the Parties' agreements and interactions. When interpreting the DPA, the commitments, obligations, and rights of a Party shall be deemed to be applicable only to the Feature provided and the Relevant Personal Data.
3.3 For the avoidance of doubt, with the exception of the Features, SSG is the data controller of the personal data processing carried out by SSG in SSG’s services. This includes, inter alia, personal data about end-users of the services and other parts of SSG's services (including the Service as defined in the Agreement). Such personal data processing is subject to SSG's data protection policy, which is updated from time to time and published on SSG's website. Please visit https://www.ssgsolutions.com/about-ssg/privacy to read the data protection policy.
4.1 SSG shall provide one or more of the Features to the Customer in conjunction with provision of the overall Service, to the extent and in the manner described in the Agreement. Processing of Relevant Personal Data in the Features is described in detail in the Instruction. The DPA shall apply only to the processing of Relevant Personal Data carried out by SSG for the Customer in provision of the Features.
4.2 SSG shall notify the Customer if SSG believes that an instruction from the Customer regarding Relevant Personal Data violates Applicable Law. SSG shall comply with the Customer's additional instructions provided that they are legally required, technically feasible, reasonable and do not require any changes to the Features. If SSG is unable to comply with an additional instruction, it shall immediately notify the Customer.
4.3 In processing Relevant Personal Data, SSG shall comply with Applicable Law, which shall be interpreted in all respects in accordance with the functionality of the Features provided by SSG.
4.4 SSG shall assist the Customer with appropriate technical and organisational measures, taking into account the nature of the processing and insofar as this is possible, to enable the Customer to comply with its obligations regarding data subjects' rights under Chapter III GDPR. SSG undertakes to assist the Customer following reasonable written instructions from the Customer on a case-by-case basis.
4.5 At the Customer's request, SSG shall assist the Customer in ensuring compliance with the obligations under Articles 32 to 36 GDPR, taking into account the nature of the processing and the information available to SSG.
4.6 SSG is entitled to reasonable compensation from the Customer for any work or action carried out specifically for the Customer under this DPA or carried out on the Customer's instructions, for example in relation to the fulfilment of SSG's obligations as a data processor under Articles 32-36 GDPR.
5.1 SSG shall implement and maintain appropriate technical and organisational measures as instructed by the Customer and take the measures required pursuant to Article 32 of the GDPR. SSG is expressly allowed by the Customer to implement and maintain alternative measures that achieve an equivalent or higher level of security than instructed by the Customer.
5.2 The Customer acknowledges and agrees that Relevant Personal Data may be published or shared by SSG in the context of the provision of the Features. SSG shall, where appropriate, endeavour to ensure that Relevant Personal Data are handled confidentially, and that access is limited to only those employees who need access to perform their duties. SSG shall ensure that employees who are involved in the processing of Relevant Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
6.1 SSG shall grant the Customer access to the information which is reasonably necessary to enable the Customer to verify compliance with the obligations which follow from Article 28 of the GDPR and to enable and assist in audits, including inspections, which are conducted by the Customer or by a reputable auditor authorised by the Customer. SSG shall be entitled to reasonable notice in the event the Customer wishes to exercise its right to conduct an audit or inspection. SSG is entitled to compensation from the Customer for the reasonable costs incurred as a result of such an audit or inspection. The Customer is entitled to audit SSG once a year.
6.2 The information and knowledge obtained by the Customer as a result of the audit carried out under this chapter shall be treated with strict confidentiality and shall be considered as SSG's trade secret. The information and knowledge may not be used for any purpose other than to verify SSG's compliance with Applicable Law. All collected information shall be deleted within one month from the date of the inspection. The Customer acknowledges and agrees that access to server halls and other such premises may not be possible to arrange in certain cases for security reasons, whereby alternative measures shall be discussed between the Parties.
6.3 SSG shall ensure that the competent supervisory authority can carry out an audit in accordance with the provisions of Applicable Law. If access to Relevant Personal Data is requested by authorities, SSG must refer to the Customer without undue delay, unless such reference is prohibited by Applicable Law.
7.1 The Customer acknowledges and agrees that SSG will engage Sub-processors (“Sub-processor”) to fulfil its obligations under the Agreement. Relevant Personal Data will thus also be processed by Sub-processors on behalf of the Customer.
7.2 SSG is currently engaging the Sub-processors listed on the SSG website at the following link: https://www.ssgsolutions.com/about-ssg/privacy/subprocessors. The Customer authorises SSG to use the Sub-processors listed on the website.
7.3 The Customer grants SSG a general authorisation to engage new Sub-processors and replace Sub-processors. SSG will inform the Customer of any plans to engage a new Sub- processor and if an existing Sub-processor is to be replaced, provided that the Customer has chosen to subscribe to such information. In order to subscribe to SSG's information on changes regarding Sub-processors, please visit https://www.ssgsolutions.com/about-ssg/privacy/subprocessors. The Customer acknowledges and agrees that SSG will only send information on Sub-processors to the Customer if the Customer has chosen to subscribe to the information. SSG encourages the Customer to subscribe to the information and to enter an email address linked to a department/function rather than a specific person.
7.4 The Customer has the possibility to object to changes regarding Sub-processors. An objection must be made in writing within fourteen (14) days of SSG sending out the information in accordance with paragraph 7.3. Objections shall only be made if there are objectively acceptable reasons. If the Customer objects, the Parties shall endeavour to adjust the provision of the relevant Feature in order to remove the objection raised. If such adjustment cannot reasonably be made within thirty (30) days of the objection, or if the adjustment is not commercially reasonable for SSG, either Party may terminate the Feature(s) that cannot be provided without the use of the relevant Sub-processor. The Customer is not entitled to any remedies other than the termination right in this paragraph.
7.5 SSG shall ensure that Sub-processors enter into a written data processing agreement before the Sub-processor processes Relevant Personal Data. Such data processing agreement shall contain the corresponding commitments and obligations that follow from this DPA. If the Sub-processor fails to fulfil its obligations, SSG shall be liable to the Customer for the performance of the Sub-processor's obligations, subject to the limitations set out in the DPA.
7.6 SSG may transfer Relevant Personal Data to third countries, i.e. to countries outside the EU/EEA. Such transfer shall take place in accordance with Applicable Law, for example by entering into the European Commission's standard contractual clauses with Sub-processors processing Relevant Personal Data outside the EU/EEA. The Customer authorises SSG to enter into standard contractual clauses with Sub-processors on the Customer's behalf where applicable.
8.1 Taking into account the nature of processing and the information available to SSG, SSG shall assist the Customer in ensuring that the obligations in relation to any personal data breach relating to Relevant Personal Data can be fulfilled in accordance with Articles 33-34 GDPR.
9.1 SSG shall in relation to the Customer be liable for damages awarded to Data Subject(s) of the Customer caused by SSG’s or its Sub-processor’s processing of Relevant Personal Data in the Features in violation of the provisions of this DPA and which the Customer is obliged to compensate. The liability of SSG shall not extend to any claim arising from (i) a negligent act or omission of the Customer, its personnel and/or the data subject; (ii) Customer's breach of Applicable Law or the DPA, or (iii) an act or omission by a third party, including the data subject. The Customer must notify SSG immediately and within one month of Customer becoming aware of any claim. SSG's liability for damages is limited to the actual compensation that the Customer has been ordered by a court ruling to pay to the data subject or to the amount determined by a settlement approved by SSG. SSG's total liability to the Customer under this DPA is limited to the amount actually paid by the Customer for the Feature that caused the damage during the year preceding the damage. SSG is not responsible for any administrative fines imposed on the Customer.
9.2 SSG, in its capacity as a data processor, processes personal data as collected by the Customer and is not responsible for any consequences if the personal data obtained proves to be incorrect. The Customer is also responsible for ensuring that the personal data has been collected and that the data subjects have received information in accordance with Applicable Law and that there is a legal basis for the processing. The Customer shall compensate SSG for any damage and costs incurred by SSG as a result of the Customer's breach of the DPA or Applicable Law.
10.1 This DPA enters into force on the date of conclusion of the Agreement and remains in force for as long as SSG processes Relevant Personal Data to provide the Features under the DPA. The DPA shall only apply to the processing of Relevant Personal Data to provide the Features, not otherwise.
10.2 This DPA may be terminated on the basis of the provisions that apply to the termination of the Agreement. This DPA shall automatically terminate on the same date as the Agreement, unless a new agreement is concluded to replace the Agreement or unless otherwise agreed in writing between the parties.
10.3 SSG has the right to terminate the DPA, subject to a three-month notice period.
11.1 Upon termination of the DPA, SSG shall delete or return the Relevant Personal Data to the Customer in accordance with the Customer’s instructions. If the Customer does not submit an instruction to SSG within 30 days after the termination of the DPA, SSG shall be considered instructed by the Customer to delete the Relevant Personal Data.
11.2 To avoid misunderstandings, this chapter 11 only applies to Relevant Personal Data, namely personal data processed by SSG as a data processor within the framework of the Features. The personal data processed by SSG as a data controller is not subject to the obligations set out in this chapter.
11.3 This DPA shall continue to apply for as long as SSG processes Relevant Personal Data to fulfil its obligations in accordance with clause 11.1 above, even if the Agreement has been terminated.
12.1 SSG has the right to make changes, adjustments, and updates to the DPA to the extent it follows from changes in SSG's services, including the Features. Otherwise, SSG's general terms and conditions section 15.3 shall apply to changes to the DPA.
12.2 This version of the DPA was updated by SSG - and is valid from – 15 January 2024.
13.1 Swedish law shall apply to this DPA, without regard to its principles on conflict of laws. Disputes regarding the interpretation or application of the DPA shall be finally settled in accordance with what is stated regarding disputes in the Agreement.
Instruction
1.1 The Customer is the data controller and SSG is the data processor for the personal data processing operations in the Features (or part thereof) as explicitly described in this Instruction, if and as provided by SSG to the Customer under the Agreement:
a) SSG Entre and/or SSG Academy - local courses and courses with customer specific content (DPA applicable only to content provided by the Customer to SSG).
b) SSG On site - Project staffing/Personnel register.
c) SSG On Site Workflow – Issued local certificates.
d) SSG On Site Workflow – Issued work permits.
e) SSG On Site - public information regarding Customer’s site.
1.2 Relevant Personal Data includes only the personal data explicitly listed in this Appendix that is required to provide the respective Feature, or part of it. Relevant Personal Data does not include the personal data that SSG otherwise processes, such as personal data in agreements, personal data relating to end-users and administrators of SSG's services, personal data in SSG's general content such as SSG’s e-courses and/or in other services provided by SSG, for which SSG is the data controller.
1.3 This Instruction describes the processing of personal data in each Feature. Whether the Customer actually purchases a particular Feature from SSG is set out in the Agreement. With regard to this Instruction, only the Features that the Customer actually purchases in accordance with the Agreement are relevant to the DPA. Other Features are not included, and the rules thereon shall not apply between the Parties.
1.4 As data processor, SSG shall mainly perform the following processing operations on Relevant Personal Data: collection, structuring, use, copying, storage, alteration, disclosure, dissemination or otherwise making available, deletion and erasure.
2.1 Purpose: In consultation with the Customer, SSG may develop and provide local courses, such as local SSG Entre courses and local Employee Safety courses, as well as create customised courses, such as via SSG Create (SSG Skapa). A Customer-specific local course is based on both the Customer's own material, such as photos and videos from the industrial plant, and SSG's general material (the latter is not covered by this DPA). The Customer-specific local course shall be published by SSG so that end-users and course participants can take the course. The purpose of the Feature is to allow the Customer to have a customer-specific safety course or other type of local course based on actual information about the Customer's industrial plant, to enable provision of courses tailored the Customer's business operations and thereto associated risks.
2.2 Relevant Personal Data. Personal data that the Customer provides and/or SSG obtains on the Customer's instructions in order to develop the Customer-specific local course, such as photos of staff, safety briefing video, contact details to be included in the course material, union representative at the plant (special category of personal data) and other personal data that the Customer wishes to include in the Customer-specific local course. The personal data is mainly related to the Customer's staff and other persons that the Customer chooses to include.
2.3 Duration. As a general rule, the Customer's local course(s) will be retained for the duration of the Agreement, unless the Customer specifically requests SSG to delete the course(s). The Customer grants SSG the right to delete outdated and/or obsolete local courses, such as courses that have had no participants in the last three years.
2.4 Delimitation. Relevant Personal Data only includes the personal data contained in materials and data provided by the Customer to produce the Customer-specific local course. Relevant Personal Data does not include, for example, (i) personal data in materials provided by SSG to produce the Customer-specific local course, (ii) personal data of end-users and administrators of SSG's services, and (iii) personal data on course participants.
3.1 Purpose. The function SSG On site - Project Staffing/Personnel Register can be used to create and store a personnel register (Sw. personalliggare). The purpose of the Feature is to enable the Customer to keep a personnel register, which is a legal requirement that may be incumbent on the Customer. Each personnel register created by the Customer is independent and limited to the specific personnel register only.
3.2 Relevant Personal Data. A Data Subject's personal data is in relevant parts copied from the Data Subject's SSG account to the Customer's specific personnel register upon registration in the register. The copied personal data is then kept in the Customer's specific personnel register. Upon registration, the copied personal data forms part of the Relevant Personal Data. Relevant Personal Data includes name, social security number/identification number, facility visited, check-in time and check-out time. The personal data relates to the Customer's employees and contractors/suppliers who will perform work for the Customer.
3.3 Duration. In order to fulfil the legal requirements on retention of information in a personnel register, and unless otherwise specified by the Customer, a specific personnel register is kept for three years after the end of the calendar year in which the Relevant Personal Data was recorded in the specific personnel register. SSG is thereafter entitled to delete or anonymise the data. If the Customer wants to keep a personnel register for a longer time period, the Customer shall extract a separate copy of the specific personnel register in the Feature.
3.4 Delimitation. Relevant Personal Data is only the personal data recorded and retained in the Customer's specific personnel register. Relevant Personal Data does not include, for example, (i) SSG's processing of personal data on end-users of SSG's and (ii) personal data on course participants.
4.1 Purpose. The local certificate function can be used to issue and store a local certificate linked to the Customer´s industrial plant. For example, this may apply to an issued certificate for completed safety training or authorisation to operate a certain type of machinery at the Customer´s facility. The purpose of the Feature is to enable the Customer to issue local certificates digitally and to administer site-specific certificates, licences, and authorisations. An issued local certificate is independent in each case.
4.2 Relevant Personal Data. A Data Subject's personal data is copied from the Data Subject's SSG account upon confirmation of the issuance of a local certificate or added manually by the Customer (if such functionality is available in the Feature). Upon finalisation of the issued local certificate, the copied personal data forms part of the Relevant Personal Data. Relevant Personal Data includes name, social security number/identification number, details of the issued local certificate, authorisations, and other personal data that the Customer chooses to include in the issued local certificate. The personal data relates to the Customer´s staff and others who receive a local certificate from the Customer.
4.3 Duration. Issued local certificates are stored in accordance with the validity period specified by the Customer for the local certificate at the time of issue or otherwise the automatic deletion period specified by the Customer in the Feature. If the Customer does not specify an automatic deletion period and no validity period for the local certificate, the preset deletion period specified in the Feature applies.
4.4 Delimitation. Relevant Personal Data is only the personal data recorded and retained in the Customer's issued local certificate. Relevant Personal Data does not include, for example, (i) SSG's processing of personal data of users of SSG's services.
5.1 Object and purpose. The work permit function can be used to issue and store work permits to perform a certain work on the Customer´s site. For example, this can apply to permits to enter certain areas, work permits such as hot works, handling of chemicals or work at height. The purpose of the Feature is for the Customer to be able to administer its work permits digitally and preserve them in accordance with legal requirements that may apply to the Customer. An issued work permit is independent in each case.
5.2 Relevant Personal Data. A Data Subject's personal data is copied from the Data Subject's SSG account upon confirmation of the allocation of a work permit. Upon finalisation of the issued work permit, the copied personal data form part of the Relevant Personal Data. Relevant Personal Data includes name, social security number/identification number, details of the issued work permit, authorisations, and other personal data that the Customer chooses to include in the issued work permit. The personal data relates to the Customer’s employees and contractors who will perform work for the Customer.
5.3 Duration. Completed work permits are retained in accordance with the automatic deletion period specified by the Customer in the Service. If the Customer does not specify an automatic deletion period, the preset deletion period specified in the Service applies.
5.4 Delimitation. Relevant Personal Data is only the personal data recorded and retained in the Customer's ongoing and archived work permits. Relevant Personal Data does not include, for example, SSG's processing of personal data of users of SSG's services.
6.1 Object and purpose: In SSG On Site, the Customer can choose to publish information about its site. The published information is publicly available to users of SSG On Site. The purpose of SSG On Site is for the Customer to make available to contractors, visitors, and others at the Customer’s facility the information and personal data that the Customer chooses, such as safety information, news, contacts, emergency numbers, maps and other information that a contractor needs to have access to before and during a visit to the site. Other examples of information that can be made available in the app are information in case of fire, information about evacuation and assembly point, alarm lists and alarm numbers, as well as loading and unloading information.
6.2 Relevant Personal Data. Relevant Personal Data includes the personal data that the Customer chooses to publish about its facility in SSG On Site, such as names, email addresses, contact details, titles, photographs, etc. The personal data is attributable to the Customer's employees and other persons included by the Customer. Public site information has no connection to the personal data processed by SSG as a data controller.
6.3 Duration. Any personal data included in the Customer’s public facility information in SSG On Site is stored for as long as the Customer uses SSG On Site and has such information published. The Customer chooses in the service if and when the personal data will be deleted.
6.4 Delimitation. Relevant Personal Data is only the personal data that the Customer chooses to publish in its public facility information in SSG On Site. Relevant Personal Data does not include, for example, (i) SSG's processing of personal data of users of SSG’s services, including the SSG On Site mobile application and (ii) SSG's processing of personal data of the Customer's administrators.