Stready Terms of Service

Last revision: April 14, 2022

These Terms of Service (the "Agreement") have been entered into between:

  1. Stready / Goalkeeper AS (the "Provider"), a private limited liability company registered under the laws of Norway, with registration no. 921 452 314, and
  2. The subscriber as stated in the Service Order (the "Subscriber"), being a legal entity, such as a business or other legal entity that the Subscriber represents and warrants to have the authority to bind to this Agreement, 

individually referred to as a "Party", or collectively as "Parties". 

The Agreement consists of these Terms of Service as well as the Service Order. The Agreement enters into force when the Subscriber signs the Service Order. 

For the avoidance of doubt, section 3 of the Agreement constitutes the "Data Processing Agreement" between the Parties and otherwise establishes the Parties’ processing roles under applicable privacy law. 

  1. Service Description and INITIAL Term

The Service is defined in the Service Order. The Subscriber enters into a separate agreement with the Workout Trackers, in order for Provider to offer its Service. "Workout Trackers" shall in this Agreement mean providers of tracking devices and/or services for workouts, such as Garmin, Polar, etc. By using the Workout Trackers, the data from the Users' workouts are submitted to the Provider in order for the Provider to offer its Service. The Provider manages the agreement between the Subscriber and the workout tracker in line with good care and conduct. 

Further, the Service is offered on a Software as a Service basis. The Subscriber therefore acknowledges that the functionality in the Service may change. The Service is not tied to any specific version of the underlying software.

The Agreement provides the Subscriber a right to use the Service. The Agreement also includes a right for the Subscriber to allow Users to use the Service. Such Users must comply with the terms of use. The Provider does not require a separate payment from the User. 

A "User" shall mean a physical person who has been invited to the Service or otherwise approved by the Subscriber.

The Initial Term of this Agreement runs from the Effective Date as specified in the Service Order. Initial Term means the term that the Service will be available for Subscriber.

  1. Payment and Conditions

The Subscriber shall pay the agreed upon service fee ("Service Fee") in accordance with the terms specified in the Service Order. The subscription fee will be invoiced periodically as specified in the Service Order.

Payment shall be made no later than 14 days after receipt of an invoice from the Provider. Failure to submit payment within 14 days entitles the Provider to claim interest on any overdue amount in accordance with the Late Payment interest Act (“forsinkelsesrenteloven”) or other applicable law. All prices in the Agreement are excluded VAT.

The Service Fee will be adjusted at the start of every calendar year with the highest percentage of i) 4%, or ii) the increase in the retail price index (the main index) of Statistics Norway for the last calendar year. The Subscriber is not entitled to set off the subscription fee against any claim the Subscriber has towards the Provider.

  1. Processing of Personal Data
  1. Introduction

The terms “personal data”, “sensitive personal data”, “processing”, “controller”, “processor”, “data subject”,  “business“, and “service provider“ used herein shall have the meaning assigned to them in applicable data privacy legislation. For purposes of this Agreement, “personal data” shall also mean “personal information” under applicable data privacy legislation. Processing of personal data pursuant to this Agreement is subjected to applicable statutory data privacy regulation, including EU regulation 2016/679 (“GDPR”), the UK Data Protection Act 2018 and the UK General Data Protection Regulation, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (collectively, the “CCPA“), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the Utah Consumer Privacy Act.

This section fulfils the requirements for data processing agreements and shall govern the Provider’s processing of personal data on behalf of the Subscriber.

The Subscriber will act as controller or a business, as applicable, for

  1. any personal data provided directly to the Subscriber from the data subject,
  2. for any personal data disclosed to the Subscriber from the Provider upon the data subjects’ request, and
  3. for any personal data which the Subscriber submits to the Service. The Provider will act as data processor or service provider, as applicable, for such data, subjected to the restrictions and limitations of this section 3.
  1. Subscriber obligations

The Subscriber agrees and warrants that:

  1. The Subscriber shall instruct the Provider to process personal data to provide the Service, and that the Subscriber is responsible for the accuracy, integrity, content and legality of the personal data, including transfers and instructions.
  2. Where applicable, that the processing of personal data is covered by an applicable permit, and/or has been notified to the applicable regulatory authorities, and that the Subscriber’s processing of personal data is not in violation of applicable laws and/or regulations, including, but not limited to, the GDPR; the UK Data Protection Act 2018 and the UK General Data Protection Regulation; the CCPA; the Virginia Consumer Data Protection Act; the Colorado Privacy Act; and the Utah Consumer Privacy Act.
  3. The Subscriber as controller of the processing is the Party responsible to notify applicable regulatory authorities and/or data subjects in case of a data breach, pursuant to applicable statutory data protection regulation.
  4. The Subscriber, by way of its risk assessment, has verified that the Services’ security measures are appropriate and proportionate to the applicable processing.
  5. The Provider has provided sufficient guarantees in terms of logical, technical and organizational security measures.
  6. If required by applicable law, the Subscriber has the right to terminate the Agreement if the Provider no longer meets the requirements of applicable laws and/or regulations.

The Provider may only process personal data on behalf of the Subscriber during the term of the Agreement, or as otherwise permitted for processors or service providers under applicable law.

Provider is not liable for Subscriber’s relationship with Users and how Subscriber interacts with them, including Subscriber’s collection, use, and disclosure of personal data. If applicable law requires, Subscriber must provide and make available a legally compliant privacy policy, cookie statement and any other required notices or consent tools. Subscriber must obtain from Users any and all necessary consents and provide any and all necessary disclosures required by applicable law in order for Provider to process the personal data as contemplated hereunder. It is Subscriber's responsibility to consult with a legal advisor to make sure that Subscriber’s use of the Services is compliant with all applicable laws. Provider will not provide Subscriber with any legal advice regarding the Services or Users. 

  1. Purpose, subject matter and duration

The processing of personal data by the Provider on behalf of the Subscriber shall only cover the categories of personal data that are implied under the Agreement and as facilitated for by the Service, for the purposes specified below and only to the extent necessary to fulfil such purposes.

The Provider will process personal data for the purposes of

  1. Providing the Service
  2. Improving, or otherwise modifying, the Service
  3. Providing the Subscriber with requested support, training and assistance
  4. Performing the Providers obligations towards the Subscriber, its Users and the data subjects
  5. Exercising and enforcing the Provider’s rights according to the Agreement

The Provider shall anonymize and aggregate data when required to improve the Service pursuant to ii).

Section 3 of the Agreement is valid for as long as the Provider processes personal data on behalf of the Subscriber. 

  1. Categories of data subjects and personal data

The Service will process personal data on two categories of data subjects. These are i) Subscriber’s personnel who uses the Services, mainly Users and administrators and ii) participants, jointly referred to as the data subjects.

For category i) the purpose is to enable usage, communications, invoicing, support and such that are needed to deliver the service to the subscriber. We process names, phone numbers and email addresses, as well as their current position. For category ii) the purpose is to deliver the core functionality of the service. The Service may receive and process data from sign up forms such as names, email addresses and phone numbers. Furthermore, the Service accepts personal data from multiple work out trackers with varying message formats and content.  While the service technically receives workout records including workout duration, energy consumption, distance, elevation gain, location, time of workout, device name and type, max speed, max and min heart rate,  steps, activity type, and max cadence, personal data that is not necessary to deliver the Service for the Subscriber is routinely discarded and not object to further processing or storage.

The Provider does not intend to process sensitive or special categories of personal data. Without limiting any other provision contained herein, if the Subscriber and/or Users choose to submit special categories of personal data to the Service, then the Subscriber and/or User shall collect all consents and provide all notices required by applicable law.

  1. The Providers obligations as the data processor

The Provider shall process personal data only in accordance with the Agreement or pursuant to written instructions from the Subscriber. The Provider shall immediately inform the Subscriber if, in its opinion, an instruction infringes applicable laws and/or regulations. Upon reasonable written request of Subscriber, the Provider shall, not more than once per calendar year, make available to Subscriber all information in Provider’s possession necessary to demonstrate compliance with applicable data privacy law.

The Provider shall ensure that persons authorized to process the personal are subject to confidentiality obligations. 

The Provider shall by appropriate technical and organizational measures, insofar as this is possible, reasonably assist the Subscriber for its:

  1. compliance with applicable law;
  2. obligation to respond to requests regarding the data subjects’ rights;
  3. obligation to conduct data protection impact assessments;
  4. obligation to conduct prior consultations with applicable data protection authorities; and
  5. to allow for and contribute to audits, including inspections, conducted by the Subscriber or another auditor mandated by the Subscriber, and provide a report of such audit to Subscriber upon request.

The Provider shall be entitled to charge the Subscriber for its costs related to such requests.

The Provider shall have and be able to document appropriate technical and organizational measures to protect data from loss, misuse and unauthorized alteration or disclosure, in accordance with applicable statutory data protection regulation. The documentation may be made available to the Subscriber upon request. Furthermore, the Provider shall control access to data on a need-to-know basis and ensure strong authentication for systems allowing access to data. Where data is in transit the Provider shall ensure suitable security measures, such as encryption and integrity protection. The Provider shall ensure procedures are in place for deleting personal data that are no longer relevant for providing the Service.

In case of a personal data breach, the Provider shall notify the Subscriber in accordance with applicable data privacy law. Unless prohibited by law, the Provider shall promptly notify the Subscriber of any request for the disclosure of or access to data by government authorities. The Provider will disclose the Subscriber’s data to government authorities solely when necessary to comply with legally binding requests.

The Provider shall notify the Subscriber of any request received directly from a data subject without responding to that request, unless the Provider has otherwise been authorized to do so in writing, or is obligated to comply pursuant to applicable law.

  1. Use of Subcontractors

The Provider may use sub-processors in its processing of personal data on behalf of the Subscriber. The Subscriber accepts the Provider’s use of the following sub-processors:

  • Google Cloud Platform (Google LLC) (Cloud provider)
  • Make (Celonis, Inc) (automation platform)
  • MongoDB (MongoDB Inc) (Database provider)

Sub-processors Google Cloud Platform (Google LLC) utilises designated EU-based facilities as their main location for storage and processing of personal data.

The Provider shall, by written agreement with its sub-processors, ensure that any processing of personal data carried out by a sub-processor is governed by substantially the same obligations and limitations as those imposed on the Provider pursuant to section 3 of this Agreement. To the extent a written agreement between the Provider and a sub-processor designates the Provider as a controller, the Subscriber grants the Provider power of attorney to act as a controller on behalf of the Subscriber within that written agreement. The power of attorney shall be limited by the provisions of the Agreement and Subscriber’s documented instructions.

Use of the sub-processors specified above does not entail transfer of personal data originating from the EEA or United Kingdom to a third country outside the EU/EEA. If the Provider plans to change an existing or add a new sub-processor, it shall notify the Subscriber in writing two weeks prior to any processing by the new sub-processor. The Subscriber is entitled to object to the change of sub-contractors by providing written notification within two weeks from receipt of the written notification. Should the subscriber object to the change, the Agreement shall automatically terminate one week after the Provider received written notification of the termination. To the extent the Subscriber does not terminate the Agreement, the change of sub-processors shall be deemed as accepted.

The Subscriber may subscribe to notifications of new sub-processors by filling out this form.

  1. Use of Third Party Data Providers

The Service permits integration with third party services which allows the Subscriber to submit, or make available, data subjects’ personal data directly and automatically from the third party service to the Service. Such submission of, or grant of access to, personal data shall be considered to be based on the candidates’ consent. Personal data submitted to the Service through a third party shall be subject to the same rights and obligations as specified in this Agreement.

  1. Deletion of data

All personal data received from the Subscriber will be deleted in accordance with the Provider's retention policy in force at any given time. 

  1. All personal data received from the Subscriber shall be deleted or anonymized by the Provider at the latest within six months from termination, expiration or cancellation of the Agreement or upon expiration of a mandatory retention period, unless a separate legal basis for retention of the personal data exists.CCPA-Specific Provisions

  1. Definitions. For this section 3.7, the terms “aggregate consumer information”,  “business purpose”, “consumer”, “deidentified”, “personal information”, “process” (and its derivatives), “sell” (and its derivatives), “share” (and its derivatives), and “service provider” shall have the meanings ascribed to them in the CCPA.

  1. Subscriber Obligations. Subscriber shall comply with applicable CCRA requirements when processing personal information, including but not limited to ensuring that proper notices have been provided, as applicable, to consumers (i) at or prior to collection, (ii) in Subscriber’s privacy policy, (iii) in Subscriber’s notice of right to opt-out of sale or sharing and (iv) in Subscriber’s notice of any financial incentive for the collection of personal information.

  1. Provider Restrictions on Processing Personal Information. Subscriber may provide personal information to Provider for the necessary business purpose of providing the offerings specified in this Agreement in its capacity as a service provider. Provider shall not sell or share any personal information. Except as otherwise permitted by law, including permitted internal uses of personal information by service providers under the CCPA, Provider is prohibited: (a) from retaining, using, or disclosing personal information for any purpose other than for the specific purpose of providing the offerings specified in this Agreement and/or outside of its direct business relationship with Provider, including retaining, using, or disclosing the personal information for a commercial purpose other than providing such offerings; (b) further collecting, selling, or using the personal information except as necessary to provide such offerings; or (c) combining personal information processed under this Agreement with personal information received on behalf of other customers. The restrictions in this Section 3.7.3 shall not limit Provider’s ability to retain, use, disclose, or sell any anonymous data, aggregate consumer information, or personal information that has been deidentified.

  1. Disclosures to Third Parties. Subscriber acknowledges that Provider may receive and share personal information with its third-party partners and service providers to provide the offerings as set forth in the Agreement. Provider shall enter into a written agreement with such parties, which contain obligations that are at least as protective as the terms in this Section 3.7.  In the event Provider becomes legally compelled (by depositions, interrogatories, subpoenas, civil investigative demands, similar processes or otherwise) to disclose any personal information, Provider shall provide Subscriber with prompt prior written notice of such requirement so that Subscriber may seek a protective order or other appropriate remedy.

  1. Assistance with Consumer Requests. Provider shall provide assistance as may be reasonably requested by Subscriber to meet its obligations under the CCPA, including its obligations to respond to individuals’ requests to exercise their rights thereunder. If Provider receives a Subscriber request directly from any consumer whose information is processed by Subscriber pursuant to this Agreement, Provider shall promptly provide such request to Subscriber and Subscriber shall be responsible for responding to the same.
  1. Routines for Planned Maintenance

Certain types of Service maintenance may imply a stop or reduction in availability of the Service. The Provider does not warrant any particular level of Service availability, but will provide its best effort to limit the impact of any planned maintenance on the availability of the Service.

Provider shall within reasonable time notify the Subscriber of any planned maintenance that may affect Service availability.

  1. Liability for Errors

There is an error if the Users are not able to access the Service or a material function in the Service, and/or the Subscriber is not able to make use of the Service in accordance with this Agreement, and this is caused by circumstances which are the responsibility of the Provider. The Subscriber acknowledges that errors might occur from time to time and the Subscriber waives any right to claim for compensation as a result of errors in the Service, except when such errors are a result of the Providers gross negligence or intent.

When an error occurs, the Subscriber shall notify the Provider of the error and provide a description of the error situation. The Provider shall use reasonable commercial effort to correct the error within reasonable time. If requested by the Provider, the Subscriber shall provide necessary assistance to reproduce/identify the error situation.

  1. Use of the Service

The Subscriber undertakes that it will use the Service in accordance with applicable law and regulations and in accordance with the requirements in the Agreement. The Subscriber is responsible for the material and information that the Subscriber and its Users produce by using the Service.

The Subscriber will not, and will not permit any User or third parties to, directly or indirectly reverse engineer, decompile, disassemble or otherwise make any unauthorized attempt to discover or obtain the source code to any of the Provider's Services.  Any such attempt may affect the performance of the Services, of which the Provider is not liable for under such circumstances. 

Further, the Subscriber warrants to not use the Services in any illegal, infringing or harmful way by attempting to bypass any measures that the Provider may have put in place to prevent or restrict information within the Services.

  1. Termination of the Agreement
  1. Term and termination

The Agreement has an agreed upon Initial Term running from the Effective Date, as defined in the Service Order. The Agreement is automatically renewed for new periods of same duration (each a "Renewal Term"), unless the Agreement is terminated by one of the Parties.

Either Party may terminate the Agreement with effect from the expiry of the Initial Term or any Renewal Term by giving the other Party a written notification within three months before the end of the Initial Term or any Renewal Term.

Upon termination of the Agreement, the Subscriber may in writing request the Provider to hand over all personal data that the Subscriber has stored in the Service. Submission of such personal data shall be done on a suitable data medium chosen by the Provider.

  1. Early termination

Regardless of the duration of the Agreement as per Section 7.1, the Agreement may be terminated in the following situations: 

  1. A Party suffering from the other Party's material breach of contract, if such material breach has not been remedied as set out in Section 12. 
  2. The Provider reserves the right to terminate the Agreement with immediate effect if the Subscriber becomes insolvent, is taken under administration, is involved in proceedings of bankruptcy, reorganization or dissolution, or makes an assignment for the benefit of creditors.
  1. Consequences of termination

Any rights, remedies, obligations, or liabilities accrued before the date of termination shall not be affected. 

Any prepaid or remaining Service Fees as per the date of termination will not be refunded.  

  1. Intellectual Property Rights

All trademarks, graphics and logos used in connection with the Provider's performance of the Services are trademarks or registered trademarks of the Provider or its licensor. Other trademarks, graphics, logos and other Intellectual Property Rights may be the rights of other third parties. 

The Provider warrants to have the right to use the Intellectual Property Rights in connection with the Services, and to keep the Subscriber and its Users harmless of any third-party infringement related thereto. 

In the event of the Provider infringing the Intellectual Property Rights of any third-party, either allegedly or factually, the Provider reserves the right to terminate the Agreement with immediate effect. 

  1. Ownership of services

The Provider retains all rights to all elements of the Service. The Subscriber is granted a limited, revocable, non-exclusive and non-transferable right to use the Services as required in accordance with this Agreement and solely for the purpose of this Agreement. The Subscriber does not receive any license or usage rights to the Service beyond what is explicitly stated in this Agreement.

The Subscriber has no right to sell, lend, sub-license and/or distribute the Provider's Services in any way and acknowledges that any such actions or actions related thereto would represent a violation of this Agreement.

  1. Transfer of Rights

The Provider is entitled to transfer its rights and obligation pursuant to this Agreement to a third party as part of a merger or acquisition process, or as a result of other organizational changes. The Subscriber’s transfer of any rights and obligations shall be subjected to the Provider’s written authorization.

  1. Marketing

The Provider has the right to refer to the Subscriber’s use of the Service in Provider’s marketing activities. This includes use of Subscriber’s company name and logo on Provider's website, in presentations and in other marketing materials.

  1. Force Majeure

If the fulfilment of the Agreement in whole or partly is prevented or to a major degree made difficult by circumstances that are outside the Parties’ control, the Parties’ obligations shall be suspended to the extent the circumstances are relevant, and then for so long time as the circumstances last. Such circumstances include, but are not limited to, strike, lock-out, pandemics, a force majeure situation impacting sub-processors and sub-contractors and any other circumstance that according to the Norwegian law is considered force majeure. Each Party is entitled to terminate the Agreement with one month’s written notice, if the force majeure situation makes it particularly burdensome for such Party to maintain the Agreement.

  1. Breach of Agreement

There is a breach of the Agreement if one of the Parties does not meet their obligations as defined in the Agreement. 

The Party in breach of contract has the right and obligation to remedy any breach of contract within reasonable time. To the extent the Provider attempts to repair the relevant errors in the Service within reasonable time, the following shall not be deemed as breach of Provider’s obligations:

  • the Service is inaccessible;
  • the functionality of the Services is reduced; or
  • the response time of the Service is increased.

In the event a Party in material breach of this Agreement has failed to correct such material breach within thirty (30) days after receiving written notice thereof by the suffering Party, the suffering Party may terminate the Agreement with immediate effect if the material defect has not been remedied within the expiry of the thirty (30) days' period.  

  1. LIMITATION OF LIABILITY

Neither Party shall be liable to the other Party for any incidental, special, consequential, or indirect damages of any kind (including without limitation damages for interruption of business, loss of data, loss of profits or the like) regardless of the form of action, whether in contract, tort (including without limitation negligence), strict product liability, or other, even if advised of the possibility of such damages (jointly "Indirect Damages").

The total and maximum liability in each 12-month period of either Party towards the other Party under any provision of the Agreement or any transaction contemplated by the Agreement shall in no event exceed an amount equal to 50 % of the agreed Service Fee. 

The above limitations shall not apply to damages attributable to fraud, gross negligence or intentional misconduct.

  1. Suspension of the Service and Assistance

The Provider is entitled to suspend the Subscriber’s access to the Service if due payment has not been submitted within 15 days after due date. The Provider shall provide at least five days prior written notification before any suspension of the Service is implemented. The Provider may also suspend any other assistance pursuant to the Agreement or other agreement until such payment has been done.

The Provider can with immediate effect close or suspend access to the Service if the Subscriber or any of its Users abuse the Service or if the Subscriber otherwise is in material breach of its obligations pursuant to this Agreement.

  1. Third Party Services

To the extent the Service facilitates access to services provided by a third party, the Subscriber shall comply with the terms governing such third-party services. The Provider shall not be held liable for any errors, omissions, inaccuracies, etc. related to such third-party services.

  1. amendments

The Provider reserves the right to amend and change the terms of this Agreement with effect from the Customer's next Renewal Term by giving notice at least sixty (60) days prior to any changes. 

If the change in the Agreement is due to change in a legal obligation imposed by a governmental or public body, the change in the Agreement will take effect at the same time as the change in the legal obligation. 

Notice shall be given by e-mail to the e-mail address in the Service Order (or subsequently updated email address). 

If the Subscriber continues to use the change of the Agreement for a Renewal Term, this constitutes the Subscribers acceptance of the change in the Service Fee. Payment of a subsequent invoice shall be deemed as an acceptance of the Agreement. If the Subscriber fails to agree to the new Service Fee, the agreement will terminate with effect from the expiry of the then applicable Service Fee as the case may be.

  1. Confidentiality

Both Parties, its sub-processors and other persons acting under the authority of the Parties, agree to keep the terms and conditions of the Agreement confidential and not to inform any third party about its content unless required to do so by law or regulation or if mutually agreed upon in writing by the Parties.

The confidentiality obligations also apply after the termination of the Data Processing Agreement.

  1. governing law and Dispute Resolution

The Agreement shall be governed by and interpreted in accordance with Norwegian law.

Disputes arising in connection with or as a result of this Agreement shall be settled by court proceedings, unless the Parties agree otherwise. The Parties agree on Oslo city court as their legal venue.

If any part of this Agreement is found to be invalid due to mandatory statutory law or a final legal judgment, it shall only affect those parts found to be invalid. The remaining parts of the Agreement will still be enforceable.