GDPR Hero – General Terms and conditionsGDRPHero300 logo 

Applicable from 1 February 2020

Ver. 2020:01


1.1 These General Terms and Conditions (“Terms”) is a contract between you (“Customer” or “you”) and GDPR Hero AB (559088-5116) with corporate domicile Bankgatan 1A, SE-223 52 Lund, Sweden (“GDPR Hero”, “we”, “our” or “us”). 

1.2 GDPR Hero provides a Software as a Service product (“Service”). The purpose of the Service is to provide a tool for Customer to establish a Register of Processing in compliance with Article 30 of the GDPR. 

1.3 These Terms govern your access to, and use of, the Services. If you agree to these Terms on behalf of a company or other entity, you warrant and represent that you are the agent or authorized representative of that company or entity and that that you have read, understood and agree to enter into a legally binding agreement with GDPR Hero and to be bound by these Terms. 


Account means Master Account(s) and Entity Account(s). 

Administrator means an End User who administrates Customer’s Master Account and/or Entity Accounts. 

Agreement means these Terms, invoices and agreed Order Form. 

Billing Period means the period of months for which you agree to prepay fees under an Order Form, which will be the same as the Subscription Term.

Contact Person means the natural person that the Customer provided contact information to in the Order Form at the time of applying for an Account, or updated Contact Person following 7.3 below. 

Customer Data means any information entered by Customer in the Service including, but not limited to, personal data. 

End User means a natural person authorized by Customer to access the Service. 

Entity Account means an account where Customer Data is entered by a User. The Entity Account, accessed by an Administrator, may have the option to administer, create and delete End Users, if the function is included in the subscription. 

GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), any and subsequent EU regulation. 

Master Account means an account with the option to administer, create and delete Entity Account(s). The Master Account have reading access to all Customer Data provided in the Entity Account(s). 

User means a personal set of login information to reach the Entity Account. The Users can have either reading access or edit/delete access.

Order Form means the order document, form or page for the Service. 

Reseller means a reseller authorized by GDPR Hero, listed on GDPR Hero’s website.

Subscription Fee means the monthly fee prepaid for the Billing Period. Subscription Term is a period of twelve (12) months beginning the day Customer applies for an Account through an Order Form or through a Reseller. 

Third Party means a legal or natural person, other than the Costumer. 


3.1 Customer agrees to these Terms by applying for one or more Accounts by means of an Order Form. If the Parties agree to other terms in writing, the other terms will take precedence over these Terms. 

3.2 Customer has the option to create additional Accounts during the Subscription Term.


4.1 Unless otherwise specified, the first thirty (30) days of the first Subscription Term is a Trial Period (“Trial Period”). During the Trial Period either Party is free to terminate these Terms without cause. The Subscription Fee for the Subscription Term shall be repaid if the Trial Period is cancelled.

4.2 Unless otherwise specified, the Trial Period is restricted to once (1) per Customer and company group, subject to Section 4.4, below. 

4.3 Subscription Term is a period of twelve (12) months. 

4.4 Unless otherwise specified, following the Subscription Term or a Renewal Term, the subscription to the Services will automatically renew for a new Subscription Term (“Renewal Term”), unless either party gives the other written notice of termination at least sixty (60) days prior to the expiration of the then-current Subscription Term or Renewal Term. 

4.5 This Agreement is ongoing, and Customer is invoiced yearly in advance, unless otherwise specified.


5.1 Customer will pay GDPR Hero or Reseller’s all applicable Subscription Fees for the Services, in the currency and pursuant to the payment terms indicated on the Order Form, or in the applicable agreement between Customer and Customer’s Reseller. Customer authorizes GDPR Hero, or Reseller, to charge Customer for all applicable Subscription Fees using Customer’s selected payment method, and Customer will issue the required purchasing documentation.

5.2 Customer will pay GDPR Hero invoices on the payment interval set forth in these Terms. GDPR Hero may suspend or terminate the Services if Subscription Fees are past due. Customer will provide complete and accurate billing and contact information to GDPR Hero or to Customer’s Reseller. Terms of payment are thirty (30) days, unless otherwise specified.

5.3 Unless otherwise agreed to by the Parties, the Subscription Fee for the Services published at GDPR Hero’s website at the time the Customer enters the Order Form, or order an Account from a Reseller, applies.

5.4 Subscription Fees are exclusive of taxes and Customer is responsible for all taxes. GDPR Hero, or Customer’s Reseller, will charge taxes when required to do so.

5.5 The Subscription Fee will remain fixed during the Subscription Term unless you: (a) upgrade the Service, (b) add additional Accounts, (c) subscribe to additional features or products, or (d) unless otherwise agreed to by the Parties. 

5.6 GDPR Hero may once (1) per calendar year revise Subscription Fee by providing Customer at least thirty (30) days’ notice prior to the next charge. Changes will not take effect until the following Renewal Term.


6.1 Templates are features in the Service. The Service provides general templates without extra charge in the Account(s). GDPR Hero may add custom templates in the Service on the inquiry of a Customer. The customised templates is an additional feature and comes with an extra charge, in accordance with Section 4.4. Customers who want to order customised templates for their Account(s) may contact GDPR Hero.

6.2 We may provide other features, services and products, following demand and availability. A list of the features, services and products available is published at our website.


7.1 Technical support regarding the Service will be provided by GDPR Hero to Customer through chat, email and telephone.

7.2 Legal support will be provided at no additional cost during the first month of the Subscription Term, up to two (2) hours per Customer. If Customer wishes to use further legal support, you can order our additional services, subject to Section 5.2, above.

7.3 The legal support provided by GDPR Hero should not be used as, or considered a substitute for, legal advise. Instead make sure to seek appropriate counsel for your specific situation.


8.1 Customer is responsible for complying with other instructions set forth in the Service.

8.2 Customer is responsible for ensuring that the information entered in the Service are in accordance with applicable laws.

8.3 Customer is responsible for providing GDPR Hero with updated contact information to the Contact Person. Further, Customer is responsible for notifying GDPR Hero if there are changes to billing information.


9.1 The Service includes legal information for educational purposes only, not to provide specific legal advice. Information within the Service should not be used as, or considered a substitute for, legal advice. Instead, make sure to seek appropriate counsel for your specific situation. 

9.2 You are aware, acknowledge and agree that any and all information provided by GDPR Hero’s personnel does not constitute legal advice. Information should not be used as, or considered a substitute for, legal advice. Instead, make sure to seek appropriate counsel for your specific situation. 

9.3 The Service may include hyperlinks to other websites, content or resources. GDPR Hero may have no control over any websites, content or resources which are not provided by GDPR Hero. 

9.4 You are aware, acknowledge and agree that GDPR Hero is not responsible for the availability of any external sites, content or resources, and does not endorse any advertising, products or other materials on or available from such websites, content or resources and that GDPR Hero is not liable for any loss or damage which may be incurred by you as a result of the availability of those external sites, content or resources, or as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products, information or other materials on, or available from, such websites, content or resources.


10.1 We try to make the Service available 24 hours a day, 7 days a week, except for planned down-time for maintenance. Planned down-time maintenance will be announced at our website and on the Service’s homepage, five (5) days in advance. 

10.2 GDPR Hero is not responsible for any failure of the Services or for failure to meet agreed availability, if GDPR Hero can demonstrate that this was caused by events that was beyond GDPR Hero’s control (“Force Majeure”). Force majeure means that GDPR Hero is not obliged to pay compensation loss or damage which the Customer may suffer as a result of preventing or substantially hampering the fulfilment of GDPR Hero’s obligations by circumstances which GDPR Hero or its subcontractor could not reasonably control or anticipate, including but not limited to labour conflict, war, riot or riots, lockout or other labour conflict, earthquake, fire, flood or water damage, legislation and government restrictions.


11.1 GDPR Hero will use industry standard technical and organizational security measures to transfer, store, and process Customer Data (“Security Measures”). The Security Measures are designed to protect the confidentiality and integrity of Customer Data and guard from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer data. 

11.2 Any and all GDPR Hero personnel who have access to Customer Data will be bound by appropriate confidentiality obligations.

11.3 You are aware, acknowledge and agree that you are responsible for maintaining the confidentiality of passwords associated with the Account(s) you use to access the Service and, accordingly, that you will be solely responsible to GDPR Hero for all activities that occur under your Account(s). 

11.4 You specifically agree that you will (a) use commercially reasonable efforts to prevent unauthorized access to, or use of, the Service; (b) promptly notify GDPR Hero if you become aware of, or reasonably suspect any, illegal or unauthorized activity or a security breach involving your Account(s), including any loss, theft, or unauthorized disclosure or use of a username, password, or Account(s). 

11.5 As a security measure, automated backup copies will be taken of your Account(s). 


12.1 GDPR Hero is the data controller for Administrators personal data requested by us in the context of the Service. 

12.2 Customer is the data controller for any and all personal data that is not requested by GDPR Hero and is stored in the Service by Customer. GDPR Hero is the data processor in these situations. 

12.3 Personal data processing is regulated in a separate agreement, Data Processing Agreement. 

12.4 Customer warrants not to process any special categories of data or data relating to criminal convictions or offences, by definition of Articles 9(1) and 10 of the GDPR, in the Service.


13.1 GDPR Hero hereby grants Customer, during the Subscription Term, a limited non-exclusive license to use the Service and in accordance with this Agreement. This license is non-exclusive, non-transferable and non-sublicensable.

13.2 These Terms do not grant: (a) GDPR Hero any intellectual property rights in Customer Data; or (b) Customer any intellectual property rights in the Services or GDPR Hero trademarks and brand features.


14.1 GDPR Hero may update the Service from time to time. If GDPR Hero changes the Service in a manner that materially reduces its functionality, GDPR Hero will notify your Contact Person, the Contact Person may provide notice within thirty (30) days of the change to terminate these Terms. 

14.2 Either Party may terminate these Terms, including all Order Forms, if: (a) the other Party is in material breach of these Terms and fails to cure that breach within thirty (30) days after receipt of written notice; or (b) the other Party ceases its business operations or becomes subject to insolvency proceedings.

14.3 If these Terms terminates: (a) the rights and licenses granted by GDPR Hero to Customer will cease immediately; (b) Customer may, prior to termination, request reasonable additional time to export its Customer Data, provided that GDPR Hero may charge Customer for such extended access based on GDPR Hero’s then-current standard fees; and (c) GDPR Hero will delete any Account(s) and Customer Data within a commercially reasonable period of time following receipt of a Contact Person’s request to do so. 

14.4 If these Terms terminate, the Account(s) and the Customer Data in the Account(s) will be stored for sixty (60) days, unless the Customer requests GDPR Hero to delete the information at an earlier date.


15.1 Customers may not transfer or make this Service accessible to a Third Party. Example of such undertakings are selling, lending or in other ways distribute the Service.

15.2 The Parties will maintain confidentiality regarding business secrets, unless it is required by law, public authorities or similar to provide information.


16.1 You are aware of, acknowledge and agree that the Agreement constitutes the entire agreement and understanding between you and GDPR Hero relating to the subject matter hereof (but excluding any services which GDPR Hero may provide to you under a separate written agreement) and supersedes all written or oral commitments, undertakings and agreements which have preceded the Agreement. 

16.2 You are aware of, acknowledge and agree that any amendment, change or modification of the Agreement, other than as set out above, may only be made by a written agreement between the Parties. 

16.3 Changes can be made to these Terms to reflect changes in law or precedence or to improve the Terms or regulate changes to the Service. Changes must be notified at least fourteen (14) days before they are implemented. Changes will be notified to the email address of your Contact Person. If Customer does not agree with the changes, Customer can terminate their subscription within 30 days of notice. The remaining Subscription fee will be repaid. 

16.4 You are aware of, acknowledge and agree that in no event shall any delay, failure or omission of a Party in enforcing, exercising or pursuing any right, claim or remedy under this Agreement be deemed as a waiver thereof, unless such right, claim or remedy has been expressly waived in writing. 

16.5 If any court of law, having the jurisdiction to decide on this matter, finds that any provision of the Agreement (or the application thereof) shall be declared or deemed void, invalid or unenforceable in whole or in part for any reason, that provision shall be enforced to the maximum extent permissible so as to affect the intent of the Agreement and the remaining provisions of the Agreement shall continue in full force and effect. 

16.6 You are aware of, acknowledge and agree that GDPR Hero may provide you with notices, including those regarding changes to these Terms, by email, regular mail, or postings on or through the Service. The English language shall be the governing language in your relationship with GDPR Hero.


17.1 These Terms, and your relationship with GDPR Hero under these Terms, shall, to the maximum extent permitted by applicable mandatory law in your jurisdiction, be governed by and construed in accordance with the substantive laws of Sweden without giving effect to the choice of law principles thereof. 

17.2 Any dispute, controversy or claim arising out of or in connection with these Terms, or the breach, termination or invalidity thereof, shall be settled by a Swedish court of general jurisdiction and the Lund District Court (Sw: Lund tingsrätt) shall be the court of first instance. 

17.3 Before filing a claim, each Party agrees to try to resolve the dispute by contacting the other Party through the notice procedures. If a dispute is not resolved within thirty (30) days of notice, Customer or GDPR Hero may bring a formal proceeding. 

17.4 Notwithstanding the above you are aware of, acknowledge and agree, that GDPR Hero shall always be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction and through any court of competent jurisdiction. 

17.5. If there is a conflict between the documents that make up this Agreement, the documents will control in the following order: (a) the invoice, (b) the Order Form, (c) the Terms. The Agreement will be considered the confidential information of GDPR Hero, and Customer will not disclose the information to any third parties. Customer agrees that any terms and conditions on a Customer purchase order will not apply to this Agreement and are null and void.


18.1 To the extent permitted by law, in no event shall either Party be liable for any indirect damage, loss of profit or revenue. 

18.2 To the extent permitted by law, in no event shall GDPR Hero be liable for damage of more than five times the Subscription Fee of the past twelve (12) months. 

18.3 If Customer uses any Third Party service or applications, such as a service that uses a GDPR Hero API, with the Services: (a) GDPR Hero will not be responsible for any act or omission of the Third Party, including the Third Party’s access to or use of Customer Data; and (b) GDPR Hero does not warrant or support any service provided by the Third Party. Customer will comply with any API limits associated with the Services plan purchased by Customer.


19.1 In connection with the conclusion of the agreement, in accordance with 3.1 above, the Customer grants GDPR Hero the right to use the Customer’s company logo and company name as a reference in its marketing. 

19.2 Marketing through email can be cancelled by the Customer at any time by using the link in the email(s).

Share This