The Cards is a product developed by ICONS OF.
Visit http://www.iconsof.se to read more about us and our vision.
Partner
Copyright © 2025 TheCards.eu
Iconsof AB (Iconsof) handles large amounts of data for itself and on behalf of others. This applies, among other things, to some personal data.
This summary outlines how Iconsof acts to fulfill its obligations and to minimize the risks associated with the processing of data. It also refers to the current minimum security levels. However, Iconsof is committed to continuously improving its data security, whereby it will adapt measures to safeguard from new outside threats and utilize newly available data protection tools.
Iconsof's data security activities are based on current legislation and the company's governing documents which are determined by the Company's CEO or Board of Directors. The data security within the business, includes the following:
Iconsof maintains guidelines on how all employees should act to minimise data security threats. These guidelines are well circulated, understood and implemented by all concerned.
The basic principle of technical security measures at Iconsof is that the level of confidentiality determines the requirements of the security controls (e.g., type of authentication, cryptographic protection, etc.). The levels of confidentiality are:
In the event of a serious incident, such as an office or data centre fire, Iconsof has a data processing crisis and contingency plan in place, to minimize disruption to operations and commitments to customers.
Data is protected from all forms of unauthorized processing, such as unauthorized access, unauthorized distribution and unintentional or intentional destruction.
Each individual's access is limited to only the data and permissions needed to carry out the task and defined and set by the customer
Iconsof use services to make regular backups of data, i.e., daily.
Iconsof will, upon request, assist the Data Controller to amend/update personal data for which they are responsible.
If you have any questions, please contact us at support@thecards.eu.
This Data Processing Agreement (the DPA governs the personal data processing that results from the Customer's use of The Cards in accordance with the Agreement and is consequently an integral part of the Agreement. The Cards is a software-as-a-service (SaaS) platform for sustainability data management and collaboration. The Customer Data that the Customer enters into The Cards is stored in the services. This storage of personal information means that according to the Data Protection Regulation (2016/679) (GDPR) we are considered to process personal data on behalf of the Customer and thus constitute a processor to the Customer in its role as controller. Terms in this Processing Agreement shall be construed in accordance with the GDPR as well as applicable local adaptation and regulation regarding data protection (collectively the Data Protection Rules). The terms in the Processing Agreement shall have the meaning that appears primarily in the Data Protection Rules and otherwise in the Agreement, unless circumstances clearly dictate otherwise.
1. Responsibility and instruction
1.1 The type of data and the categories of data subjects processed under this Processing Agreement by the Processor in connection with the Processor's provision of The Cards and the purpose, nature, duration and object of the processing are described in section 5. The Customer shall ensure that the Processor does not process additional categories of data other than those specified in section 5.
1.2 The Customer is aware that The Cards is a platform that is distributed to a large number of customers and that We will therefore not necessarily be able to follow such instructions that are not a direct consequence of the Customer's need to follow the Data Protection Rules. If the Customer gives us such instructions that We do not have the possibility to follow, the Customer undertakes to stop entering and exporting all such Customer Data that is affected by the current instructions. The foregoing shall not constitute a breach of contract or the availability of The Cards.
1.3 The Customer is controller for all personal data that the Processor processes on behalf of the Customer under the Processor Agreement. The Customer is thus responsible for compliance with the applicable Data Protection Rules and undertakes to follow the guidelines for the use of The Cards that are applicable from time to time.
1.4 By entering into this Agreement, the Customer agrees to the security measures set forth in Iconsof's current Organisational and Technical measures as adequate for the Customer's intended use of The Cards.
2. The Processor's commitment
2.1 The Processor commits to:
2.2 The Processor further undertakes to always process data in accordance with the Data Protection Rules. This includes, but is not limited to, keeping a register of all categories of processes performed, providing a register extract of completed processing at the request of the Customer and informing the Customer immediately if the Processor suspects that there is a risk that the individual's freedoms and rights are being violated.
3. Sub-processors and transfer to third countries
3.1 Provided that the Processor (i) informs the Controller of its plans in reasonable time in advance, with the right for the Controller to object, the Processor has a general authorisation to hire sub-processors for the processing of data on behalf of the Customer, for which the Processor shall be fully responsible to the Customer.
3.2 Provided that the Processor (i) informs the Controller of its plans at least 30 days in advance, with the right for the Controller to object, and (ii) applies adequate and in accordance with the Data Protection Rules approved security mechanisms, the Processor may transfer Personal Data outside the EU/EEA.
3.3 By entering into this Agreement, the Customer approves the sub-processors stated in section 5.
4. Miscellaneous
4.1 The provisions of the Agreement shall also apply to this Processor Agreement. In the event of a conflict between the Agreement and this Processor Agreement, the Processor Agreement shall prevail.
5. Instruction
5.1 This section 5 constitutes the Customer's initial instructions to the Processor and may, subject to section 1.2, be supplemented at a later date.
5.2 Categories of data subjects. Anyone who may be a user, customer, supplier, visitor to for example website, contacts, or may be mentioned in the services.
5.3 Purpose, nature and object of processing, and Categories personal data. Taking into account the Processor's main function and purpose of providing The Cards and thereby constituting processor specifically for the storage of user and sustainability data the categories of personal data include all categories of data that may occur in the context of sustainability and running a SaaS services.
5.4 Storage. The Processor stores data as long as necessary, but for the longest during two years after cancellation of an agreement.
5.5 Sub-processors. As of the conclusion of this Agreement, the Processor has the following sub-processors, which may, however, be amended in accordance with Section 3:
Information in order: Subprocessor, Description, Location, Information
Microsoft
Cloud Hosting Provider
USA
Cloud Data Integrity and Compliance | Microsoft Trust Center
Service Trust Portal Home Page (microsoft.com)
Kinde
Identity management
Australia
Our privacy policy - Kinde docs
Stripe
Payment
USA
Courier
User notifications
USA
https://www.courier.com/privacy/
Marketing
USA
https://policies.google.com/privacy
Marketing
USA
If you have any questions, please contact us at support@thecards.eu.
These terms and conditions (Terms and Conditions) apply to all use of the The Cards (The Cards) web-based function to manage sustainability data from ICONSOF AB (ICONSOF,We, Us or the Processor) by you such as customer (Customer,You or Controller) or your employees. Customer can only be a legal entity and business. Privat individuals are not permitted to use The Cards. All terms or conditions that you as a Customer have sent to Us that are incompatible with, other than or supplement these Terms and Conditions, are hereby rejected unless otherwise specifically agreed.
1. Activation of The Cards and conclusion of Agreement
1.1 An Agreement has been concluded between Us and the Customer when the Customer, via www.thecards.eu (the Website) has registered its information and confirmed these Terms and Conditions. By becoming a user of The Cards you have accepted our terms of use.
1.2 In connection with the activation of The Cards, an account is opened for the Customer in which the Customer undertakes to fill in correct and complete information in accordance with what is then requested. The Customer hereby confirms that if the Customer's information is deficient in any respect, Our ability to provide The Cards may be limited.
1.3 The Customer is solely responsible for ensuring that the Customer's confidential account and login information is handled securely and is only made available to those who need it. Consequently, the Customer confirms that We do not take any responsibility for any damage incurred due to the Customer's confidential account or login information being used incorrectly. However, each Party undertakes to notify the other Party without delay in the event of discovery of or suspected unauthorized use of The Cards.
2. License and provision
2.1 By activating The Cards, the Customer is granted, during the period for which the Customer has paid in advance, a non-exclusive license to The Cards in accordance with these Terms and Conditions and the special restrictions set out in section 4.
2.2 The Cards is provided around the clock, all year round, with the exception of such planned maintenance work of which We notify the Customer on the Website in advance. We strive to have an availability, exception of planned maintenance, of over 98% during a month. If The Cards during a calendar month is available less than 98% of the foregoing, the Customer shall have the right to request a free extension of the current contract period corresponding to the time that The Cards has not been available.
2.3 The Cards support is available in English and Swedish via e-mail support@thecards.eu with an ambition to response within 3 business days, unless otherwise is separately agreed.
2.4 The Cards is provided in its existing condition, whereby We do not make any other commitments or guarantees regarding functionality, services levels, quality and its fitness for a particular purpose than what is expressly stated in these Terms and Conditions or otherwise in writing directly to the relevant Customer. In addition to this, The Cards may be developed, adapted and changed during the agreement period, and possibly supplemented with other offers. If such changes can be assumed to entail significant negative consequences for the Customer, we undertake to notify the Customer of these in advance, whereby the Customer shall have the right to terminate The Cards in writing, taking into account the 30-day notice period. If the Customer has not invoked this right before the day when the notified change takes effect, this right to early termination ceases.
2.5 What is stated in sections 2.2 and 2.4 shall be the Customer's complete and only remedy under these Terms and Conditions regarding availability and functionality regarding The Cards.
2.6 The Customer undertakes to follow the from time to time applicable guidelines for the use of The Cards, and in this respect has a strict responsibility for all of the Customer's users of The Cards. This includes, but is not limited to, not use the Service in any way that overloads, infects with virus or otherwise damages The Cards or that causes or enables unauthorized access to The Cards or any information contained in The Cards.
3. Price and payment
3.1 The Customer must pay the license fee for each level specified on the Website in connection with the activation of The Cards. The license fee is paid in advance monthly or annually by paying an invoice. An administration fee of 50 SEK (approximately $10) will be added to invoices issued with a 30-day payment term. In the event of late payment compared with the due date stated on the invoice, statutory default interest is paid. If the Customer is in arrears with payment for more than one week and We have requested payment of the amount due in writing, We have the right to suspend the continued provision of The Cards until the Customer has paid outstanding amounts due.
3.2 We have the right, but no obligation, to increase the license fee at any time with 30 days notice prior to the next billing period.
4. Intellectual property rights
4.1 The Customer are hereby informed that The Cards contains intellectual property rights that We or third parties own. Nothing in the Agreement or these Terms and Conditions shall mean that such intellectual property rights are transferred to the Customer or that the Customer otherwise acquires the right to use such intellectual property rights in any way beyond what is expressly stated in these Terms and Conditions.
4.2 The license to The Cards which is stated in section 2.1 is conditional on the Customer not (with the exception of Customer Data (as defined below) copying, making available (by subletting, transfer or otherwise), carrying out so-called reverse engineering or perform any other action that would allow copying of all or part of The Cards, its concept.
5. Liability and limitation of liability
5.1 We are not responsible under any circumstances for (i) damages due to content or data uploaded to The Cards from others than ourselves, or (ii) indirect damages such as no profit, reduced sales or no benefit from The Cards. Our total liability for The Cards in respect of one or more claims shall in no case exceed an amount corresponding to the Customer's total payment made for The Cards during the calendar year preceding any damage.
6. Personal data and Customer data
6.1 We protect the Customer's integrity and our goal is to always protect the personal data we process to the best of our ability. Personal data management within the framework of The Cards is regulated in the data processing agreement in Appendix 1 to these Terms and Conditions.
6.2 All information that the Customer and/or a user of The Cards (regardless of whether the information constitutes Personal Data or not) constitutes Customer Data. We do not claim any right to any Customer Data and the Customer is consequently solely and completely responsible for Customer Data and the consequences of using Customer Data.
7. Confidentiality and the right to publish the Customer's name
7.1 Each Party undertakes not to disclose to third parties without the other Party's written consent the information marked CONFIDENTIAL or otherwise use such information for any purpose other than the Party's fulfilment of its obligations under these Terms and Conditions. The obligation of confidentiality does not apply to information that a Party can show has become known to him/her in any other way than through these Terms and Conditions or that is generally known. The obligation of confidentiality also does not apply when a Party is obliged by law, other statute, or official decision to disclose information.
7.2 Neither Party has the right to issue any press release or other public statement related to this Agreement without the other Party's prior written consent. Nor, neither Party shall publish the other Party's name and logo on its website during the term of the agreement, without the other Party's prior written consent.
8. Agreement period and early termination
8.1 The Agreement applies from the date on which the Parties have entered into the Agreement in accordance with section 2.1 and shall apply until the end of the payment period. The agreement shall be automatically extended by the same period as previously paid period unless the Party has terminated the agreement in writing to support@thecards.eu no later than 30 days before the end of each agreement period.
8.2 Either Party has the right to terminate the Agreement in writing immediately if (i) the other Party commits a material breach of agreement and does not remedy such breach of agreement within 30 (thirty) days from having received notice of the breach of agreement in writing, or (ii) the other Party is declared bankrupt, becomes the subject of corporate reorganization, applies for composition, suspends payments, enters into liquidation or is otherwise considered insolvent. Notice of termination shall be given without unreasonable delay after the circumstance constituting grounds for termination became known to the Party.
9. Miscellaneous
9.1 The Parties are in all respects independent businesses who conduct business on their own behalf and at their own risk. Unless otherwise expressly agreed, neither Party is entitled to enter into an agreement in the name of the other Party or on behalf of the other Party or in any other way to impose any obligations on the other Party.
9.2 All amendments and additions to the Agreement and these Terms and Conditions shall be in writing and duly signed by each Party.
9.3 The Customer does not have the right to transfer its rights or obligations under these Terms and Conditions or the Agreement without Our prior written consent.
9.4 If a Party's fulfilment of its obligations under the Agreement or these Terms and Conditions is prevented due to a circumstance which the Party could not control, this shall constitute a ground for exemption which entails exemption from damages and other sanctions.
9.5 Should a competent court, authority or arbitral tribunal find that any provision of these Terms and Conditions is invalid or unenforceable, the provision in question and all other provisions shall be valid and enforceable to the extent permitted by applicable law, and the Parties shall negotiate loyally with each other in order to agree on the necessary changes to these Terms and Conditions in order to maintain the structure, purpose and spirit of these Terms and Conditions.
9.6 Upon termination of these Terms and Conditions or the Agreement, for whatever reason, this clause 9.6 and the following provisions shall remain binding on the Parties: Intellectual property rights, Liability and limitation of liability, Confidentiality, and Applicable law and dispute resolution.
10. Applicable law and dispute resolution
10.1 Swedish law shall apply to these Terms and Conditions. Disputes in connection with these Terms and Conditions shall be settled and must be decided in a general court with the court's decision as the first and only instance. Court hearings must be held in the Gothenburg District Court.
10.2 We retain the right to bring an action for non-payment by the Customer in a general court, and in the first instance before the Gothenburg District Court.
If you have any questions, please contact us at support@thecards.eu.
We value your privacy and are committed to protecting your personal information. This privacy policy describes how we collect, use, store, and share your personal information when you use our website, participate in our events, sign up for our newsletter, purchase our products or services, or interact with us in any other way.
We may collect and process the following types of information:
We process your personal information to:
We may share your information with our partners, suppliers, and other third parties that we engage to fulfill our services. We ensure that these parties comply with appropriate data protection laws.
You have the right to request access to, correction, deletion, or restriction of your personal information. Contact us at support@thecards.eu to exercise these rights.
We take appropriate security measures to protect your personal information against unauthorized access and use.
The personal data is processed by us by virtue of a weighing of interests. We have a strong interest in being able to maintain business contacts with other companies and organisations and we only process your personal data in your role as a representative or contact person for such companies or organisations. We are also subject to legal obligations under e.g. accounting laws and we will then process your personal data in order to comply with such legal obligations.
If we have a supplier or business partner in a country outside the EU/EEA, your personal data may be transferred to a country which does not have an equivalent level of protection pertaining to personal data. We will take appropriate security measures in order to protect your personal data in conjunction with such transfer. You can request further information at any time in respect of such transfers and the protective measures employed by us. or business partner in a country outside the EU/EEA, your personal data may be transferred to a country which does not have an equivalent level of protection pertaining to personal data. We will take appropriate security measures in order to protect your personal data in conjunction with such transfer. You can request further information at any time in respect of such transfers and the protective measures employed by us.
We retain personal data during the period in which a business relationship exists with the company or organisation which you represent or during such time as is otherwise necessary in order to fulfil the purpose of the processing or during such time as there is an obligation to retain the data according to law, ordinance or decision by a public authority. You can deregister from your subscription in respect of new and updates at any time and your information will then not be retained for this purpose.
You are entitled to request information concerning what personal data that we process about you and how it is used. You can also request that personal data concerning you is rectified if it proves to be incorrect. In accordance with applicable legislation, you can also request that your personal data should be deleted or that the processing of your personal data should be limited, and you also have a right to object to the processing of your personal data and to request that your personal data is transferred in electronic format.
If you want to exercise any of your rights or if you have any questions regarding our processing of personal data, you can contact us, see the contact information below. If you have any complaints regarding the processing of your personal data, you can also address such complaints to the Swedish Authority for Privacy Protection (Sw. Integritetsskyddsmyndigheten).
We may update this policy from time to time. We recommend that you regularly check this page to keep yourself informed of any changes.
If you have any questions or concerns regarding this privacy policy, please contact us at support@thecards.eu.
The Cards is a product developed by ICONS OF.
Visit http://www.iconsof.se to read more about us and our vision.