Agreement and scope

1.1. This Agreement (“Agreement”) applies for the purchase of business information between Creditsafe Denmark ApS (“Creditsafe”) and the Customer. The services covered by the Agreement (“Services”) are set out in Creditsafe’s order confirmation (“Order Confirmation”). The Agreement also applies to additional services unless otherwise specified.

1.2. By using Creditsafe’s services, the Customer confirms that the Agreement shall apply, even if the Customer has not signed the Agreement in writing. The Agreement takes priority over and replaces all and any other oral or written negotiations. If any deviating terms arise orally or in any other document, the Agreement shall take priority over these, with the exception of deviations expressly approved by Creditsafe in the Order Confirmation.

1.3. The Customer acknowledges that parts of the Services or a Service in whole provided may be provided by third parties and subject to additional terms (“the Additional Terms”). Where relevant, Creditsafe shall provide copies of such Additional Terms to the Customer and the Customers agrees to enter into and comply with the Additional Terms.

2. Services

2.1. The Agreement entitles the Customer to use the Services only (i) in accordance with this Agreement, (ii) provided the Customer uses the Services in accordance with all applicable laws and (iii) only for the Customer’s internal use. The right to use Creditsafe’s information is not transferrable. The Customer must not sell, transfer, lease, distribute, commercially exploit or otherwise make any information obtained via the Services available to, or to be used to the benefit of, a third party. The Customer is also not permitted to include Creditsafe’s information in any product or service that the Customer is providing its customers. If the Customer needs to transfer information to a third party, the Customer must contact Creditsafe in advance to obtain written consent. Creditsafe reserves the right to refuse such consent or to include additional terms with such consent.

2.2. The Customer undertakes not to attempt to procure unauthorised access to the Services. In order to protect the data included in Creditsafe’s information, the Customer undertakes not to copy, disturb or use in an unauthorised way digital certificates, web certificates or other security devices provided by Creditsafe.

2.3. Creditsafe is continually improving the Services and reserves the right to make minor modifications to the service/services that Creditsafe is providing the Customer during the course of the Agreement period.

2.4. When using Creditsafe’s integrated products, the Customer undertakes to comply with Creditsafe’s development manual and programme for synchronised calls, i.e. not to enable calls to be sent without a response having been received to the previous call.

3. Credit report information (this section only applies if credit reports have been purchased)

3.1. A credit report refers to information, opinion or advice provided for the purpose of assessing the creditworthiness or other economic trustworthiness of a third party. Credit reports of the type that the Customer is given access to under the Agreement are submitted by Creditsafe in accordance with from time to time applicable data protection and credit reporting legislation. The Customer may only use a credit report obtained for credit information purposes.

3.2. The Customer acknowledges and agrees that information providing details of companies based outside Denmark is provided on a subject to availability basis and may not always be available, and the countries from which information is available may vary throughout the course of the term of the Agreement.

4. Swedish and Norwegian credit report information (this section only applies if Swedish and/or Norwegian reports have been purchased)

4.1. The Swedish credit reports of the type that the Customer is given access to under the Agreement are submitted by

Creditsafe in accordance with the Swedish Credit Information Act (1973:1173), (“KuL”) and the Norwegian reports in accordance with at each time applicable regulations for credit reference operations and data protection. More detailed regulations regarding the application of the regulations are notified by the respective supervisory authority for credit reporting operations. The Customer may only use a credit report obtained for credit information purposes.

4.2. Swedish credit reports

4.2.1. A consumer report is a specific type of credit report and there are special protection rules for this. A consumer report refers to a credit report about an individual person, provided that the person concerned is neither a trader nor has such a significant influence in a certain business that information about that person’s own circumstances is required to illustrate the financial position of the business. A credit report that is not a consumer report is called a company report.

4.2.2. A consumer report may only be obtained if the Customer has entered into or is in the process of entering into a credit agreement with a private person or the Customer has a similar reason to need the credit report. The Customer is responsible for evaluating whether the credit report is ordered regarding a company, a trader or a person associated with a business. If the Customer is uncertain, the person being asked about must always be considered as a private person.

4.2.3. In the case of a credit report about a physical person, sole proprietor, trading company or partnership company, Creditsafe is obliged under KuL to simultaneously provide the person subject to the report with a written notice of the information, opinions and advice contained in the credit report about that person and who requested the information. The Customer shall reimburse Creditsafe for the costs of sending such information.

4.3. Norwegian credit reports

4.3.1. A credit report may only be obtained if the Customer has a legitimate need of the report. This is usually the case when the Customer if offering a credit agreement. The Customer is responsible for internal guidelines for the use of the Service and for ensuring that requirements for legitimate need are complied with.

4.3.2. In the case of a credit report about a physical person or a sole proprietor which is not included in the company register, a written notice (“gjenpartsbrev”) with the information in the credit report about the person concerned / the company and who has asked for the report is simultaneously sent. The Customer shall reimburse Creditsafe for the costs of sending such information.

5. Other International information

5.1. Parts of the Services may be subject to third party restrictions or other such obligations according to (amongst other things) the nation state of origin of the data and any applicable laws/regulations or agreements by Creditsafe and its third party supplier (“Third Party Restrictions”) and accordingly, the provision of the Services and the use by the Customer of such Services shall at all times be subject to such Third Party Restrictions. Where relevant, Creditsafe shall provide such Third Party Restrictions to the Customer and the Customer agrees to comply with the Third Party Restrictions.

6. 3D Ledger (this section only applies if the 3D Ledger service has been purchased)

6.1. If the Customer purchases and intends to use the Creditsafe service “3D Ledger”, the Customer must provide Creditsafe with information from its debtors’ ledger (“Payment Data”). This data must be transmitted to Creditsafe using the method specified by Creditsafe.

The Customer hereby grants Creditsafe a non-exclusive, non-transferrable and permanent right to include Payment Data supplied by the Customer in the products and services that Creditsafe provides to its Customers.

7. Contact person

7.1. To ensure that laws and regulations are complied with when collecting information from Creditsafe, the Customer must appoint a specific contact person. The contact person must have the requisite knowledge of the applicable laws and regulations and must be responsible for ensuring that the information is collected and managed in a lawful and proper manner and in accordance with good practice. The name of the contact person must be notified to Creditsafe by the Customers authorised signatory at the time the Agreement is entered into. If the contact person changes, Creditsafe must be informed immediately.

7.2. If the contact person has cause to suspect that there are errors in the information collected, the contact person must notify Creditsafe of this within 24 hours.

8. Processing of personal data

8.1. When terms such as “personal data”, “controller”, “representative” and “processing” appear in the Agreement, they have the same definition as in the applicable data protection legislation. “Data protection legislation” means the General Data Protection Regulation (EU) 2016/679 and any additional or subsequent data protection legislation.

8.2. For the performance of the Agreement, Creditsafe may process personal data belonging to the Customer, including names of users of the Services and contact details. Information about the processes undertaken and relevant contact details for submission of requests for change, views or complaints regarding the processing of personal data are available on the Creditsafe website.

8.3. Creditsafe is data controller of the processing of personal data when providing the Services. Creditsafe’s processing of personal data includes the receipt of, compilation and provision of data and database management related to the Services and that are necessary to perform the Services.

8.4. The Customer is the controller of the processing of personal data after the providing of the Services from Creditsafe to the Customer. The Customer’s responsibility for personal data includes the Customer’s receipt of the data and the processing that the Customer carries out within the framework of its activities.

8.5. The possibility for the Customer to register or otherwise process personal data is governed by the currently applicable data protection and credit reporting legislation. Creditsafe is entitled to assume that every transmission of personal data from Creditsafe to the Customer that is initiated by the Customer and from the Customer to Creditsafe is lawful and appropriate in relation to such legislation.

8.6. Any request for information or submission of complaints from a registered or competent authority related to the processing under the control of the Customer and submitted to Creditsafe must be referred to and handled by the Customer, provided this is permitted by the applicable data protection legislation. On the other hand, any request for information or submission of complaints from a registered or competent authority related to the processing under the control of Creditsafe and submitted to the Customer must be referred to and handled by Creditsafe, provided this is permitted by the applicable data protection legislation.

8.7. In the event that the Customer discovers that personal data in the Services is incorrect or misleading, this must be notified within 24 hours to Creditsafe at the address or email provided on the Creditsafe website.

8.8. The Customer is responsible for ensuring that staff who are given access to Personal data via Creditsafe will process the Personal data in accordance with applicable legislation.

8.9. For Services that involve Creditsafe receiving and processing personal data on instruction of the Customer and which are not used to perform the Services, a special personal data processing

agreement shall be entered into, if necessary, on terms as provided by Creditsafe.

9. Account and password

9.1. The Customer gains access to the Services using a password-protected account for each authorised user. The password and other login details must comply with the standards and requirements notified by Creditsafe from time to time.

9.2. The Customer is responsible for ensuring that all login details and passwords are not spread or made available to others. Login details, including passwords, must not be distributed or made available to unauthorised persons. If login details are written down, they must be stored in a secure place.

9.3. Creditsafe is entitled to assume that every transaction carried out using valid login details is performed with authority by the Customer or its users and is entitled to charge for such use, unless and from the time at which the Customer informs Creditsafe that the login details may have been compromised. In the latter case, Creditsafe shall deactivate all login details that may be compromised and assign new login details.

9.4. If there are personnel changes at the Customer or the Customer makes other changes that affect the access and authority to the account, the Customer must inform Creditsafe immediately.

10. Creditsafe’s rights

10.1. The Services and all intellectual property rights, including but not limited to copyrights, trademarks, patents or patentable inventions, database rights and all other rights, including company secrets (“Intellectual Property Rights”), in or related to the Services, are the property of Creditsafe or Creditsafe’s licensor. This Agreement does not signify any transfer of Intellectual Property Rights of any kind.

10.2. Under this Agreement, the Customer only obtains the right to use the Services in accordance with the Agreement. The Customer obtains no other rights at all to Creditsafe’s or Creditsafe’s licensor’s Intellectual Property Rights.

10.3. The Customer is expressly prohibited, itself or through by entrusting another party, to adapt, change, modify, improve or otherwise encroach on any part of the Services without the prior written consent of Creditsafe. Moreover, the Customer is expressly prohibited from taking any measures to damage the Services or other Customers’ access to the Services, e.g. by trying to introduce damaging code into the Services or by making unreasonably large numbers of requests to the Services in order to make them slow or difficult to access (known as denial of service attacks or distributed denial of service attacks). Creditsafe is entitled to undertake measures to track its information in order to ensure that it is used in a contractual manner.

10.4. Creditsafe has the right to assign or pledge Creditsafe’s rights and obligations under the Agreement.

11. Restriction of liability

11.1. Creditsafe’s objective is always to provide high-quality information. Because of the nature of the Services and third party information, the Services are provided without any form of guarantee regarding their content or quality of the information, whether express or implied. The Services contain material that has been compiled from sources which Creditsafe has deemed to be reliable at the time the material was compiled. However, Creditsafe cannot guarantee at any given time the reliability of the sources or the reliability and completeness of the information, and it is not possible to exclude the possibility that there may be errors or omissions in the material. The Services also contain models and techniques based on statistical analyses, probability and foreseeable behaviours that contain several potential sources of error outside Creditsafe’s control.

11.2. Creditsafe’s information included in the Services is not intended to represent the sole basis for the Customer’s business decision. It is the Customer’s responsibility to make an overall assessment of the basis that the Customer itself deems to be sufficient for its business decision. On this basis, Creditsafe accepts no liability of any kind for the economic result of the use of the Services or for any loss incurred due to the Customer’s reliance on and/or use of the Services.