Mevo provides a Software as a Service (SaaS) in an app format, helping brands and companies connect with different stakeholder groups (hereinafter the “MevoApp” or the “Service”).

The MevoApp is downloadable from the Apple App Store and Google Play. In addition to the app the Mevo SaaS solution comes with a web-based managers Admin Panel.

The Service will, subject to a subscription fee, be made available by Mevo to professional customers as a service via the internet in accordance with this Agreement.

These Terms of services (hereinafter “Agreement”) applies to purchases of the Service by Customers, and is binding for the Customer when accepted by signature or email. The Agreement is binding for Mevo when counter-signed by Mevo.

1. DEFINITIONS

The following words written with capital first letter, have a special meaning in the Agreement:

The “Agreement" means the Terms of service (this document and the documents set out in Section 2).

“Mevo” means Mevo Norway AS, a company registered with organization number 915 366 236 and business address Jernbanebrygga 63, 3724 Skien, NORWAY.

The “Customer” means the legal entity stated in the ordering form.

The “User” means all users of the Service, which is granted access to the Service.

The “Service” means the MevoApp provided by Mevo which consists of the modules and functionalities requested by the Customer, such as competitions, quizzes, surveys, videos and messages with points and incentives.

The “Services” means other Services ordered by the Customer, that is included in or as a part of the MevoApp.

 

“Confidential Information” means information that:

1. is by its nature confidential;
2. is designated in writing by Mevo as confidential;
3. the Customer knows or reasonably ought to know is confidential; or
4. Information comprised in or relating to any Intellectual Property Rights of Mevo

“Intellectual Property Rights” means all rights in and to any copyright, trademark, trading name, design, patent, know how (trade secrets) and all other rights resulting from intellectual activity in the industrial, scientific, literary or artistic field and any application or right to apply for registration of any of these rights and any right to protect or enforce any of these rights, as further specified in Section 11.

2. OBJECT OF THE AGREEMENT

 

This Agreement applies to the purchases of the Services related to the MevoApp, including all services comprised by the order form and subsequent purchases, add-ons, updates, etc.

Any trial Users are Users testing Mevo, but not paying Customers of Mevo, and are bound to the Agreement nevertheless. Mevo shall have no obligations to trial Users except those mandated by law or regulations.

Purchase of the Services is done upon acceptance (signature or email). All orders are subject to acceptance by Mevo at its discretion. The Services are delivered based on the terms and conditions in the following documents, which all are part of the Agreement:

• Terms of service
• Data processing agreement

3. THE SERVICES

 

Mevo shall, during the term of this Agreement, provide the Services and make available the documentation to the Customer subject to the terms of this Agreement.

The Customer is only entitled to use the Service as set out in this Agreement. The Services are described further at https://www.mevoapp.com. The Service is only to be used for internal business purposes of the Customer and their customers.

Mevo reserves the right to make improvements, add, modify or remove functionality, or correct any errors or defects in the Services at its sole discretion, without any obligation or liability resulting from such act or defects. Mevo will however not remove functionality which in Mevo’s reasonable opinion must be considered as core functionalities for a service such as the Service.

Mevo shall use commercially reasonable endeavours to make the Services available. Some unavailability is outside Mevo’s reasonable control, such as:

• internet access,
• problems beyond the demarcation point of the Mevo network,
• actions or inactions of the Customer, User or any third party,
• equipment, software or other technology of the Customer or any third party

In addition, the Service may be unavailable during maintenance. When Mevo is planning significant upgrades and changes in the Service, Mevo will notify the Customer in advance.

Mevo may use sub contractors to provide the Service including all support and maintenance. To the extent a sub contractor processes personal data for which the Customer is data controller, the Data processing agreement sets out requirements in this regard.

4. SUPPORT AND INCIDENT MANAGEMENT

 

Mevo will provide standard support services to the Customer as set out in this paragraph.

Mevo may suspend the provision of the support services if any amount due to be paid by the Customer under this Agreement is overdue, and Mevo has given the Customer at least 30 days written notice.

The support covers incident management, after the Customer has reported or Mevo has discovered incidents or problems in the Service.

Customer may request support via e-mail: support@mevo.no.

The Customer shall pay the charges for the support services as set out in the Agreement.

Mevo have no obligation to provide support services in respect of any issue caused by any factor outside the scope of the support services or Customer’s improper use of the Service.

5. CUSTOMER DATA AND PRIVACY

 

The Customer owns and is responsible for all data, information and material of any kind uploaded to the Service by the Customer or Users, including personal data.

The Customer represents and warrants that the content uploaded on or through the Service by the Customer or Users does not violate any third party's rights, including the privacy rights, publicity rights, copyrights, contract rights, intellectual property rights or any other rights. Mevo shall have no liability or responsibility for such content.

Mevo shall provide backup of the Customer's data and try to restore it after a data loss event, but is in no event responsible for the consequences if data is lost.

The Customer is data controller for all personal data Mevo processes as part of providing the Services. Mevo is a data processor, and Mevo's standard Data processing agreement is part of this Agreement.

Mevo also processes personal data about the Users for the purpose of administration, technical support and improving the Service. For further information about Mevo's processing of personal data, including the rights of the data subjects, please refer to Mevo's Privacy Policy.

6. CUSTOMER OBLIGATIONS

 

The Customer is responsible for compliance with any specific legal requirements applicable for their business and related to the use of the Service.

Customer may not distribute, sell, license, rent, lease, sub-license, assign or transfer any rights granted to Customer by this Agreement and other rights related to the Service to a third party or authorize other to utilize the Service.

The Customer shall not use the Service in a way that violates any laws, infringes on anyone's rights, is offensive, or interferes with the Service or any features in the Service, and undertakes to ensure that all Users respect the End User License Agreement. The Customer is responsible for getting necessary approval from their customers and contractors related to the activities in the Service which involves products, trademark and other proprietary rights.

Customer is responsible for any and all activities that occur under User's account. The Customer shall ensure that User identities, passwords, and equivalent obtained by the Customer in conjunction with registration are stored and used in a secure manner and cannot be accessed and used by third parties. Customer shall notify Mevo immediately of any unauthorized use or any other breach of security.

Mevo reserves the right to refuse to post or to remove and delete any information or materials, in whole or in part, if Mevo reasonably suspects it to be comprised by the prohibition above. If content is removed, Mevo will notify the Customer.

The Customer shall provide Mevo with sufficient information required for delivering the Services.

7. TECHNICAL REQUIREMENTS

 

The MevoApp is available for the latest versions of iOS and Android.

Mevo does not guarantee compatibility between the Service and other browsers, equipment, software and operating systems; nor for the availability of the MevoApp in any app store.

The MevoApp and corresponding system requirements may be updated by Mevo. Information about such changes will be given upon the Customer’s request by contacting support at support@mevo.no. The updated system requirements will be made available at https://www.mevoapp.com or upon request by contacting support at support@mevo.no. Mevo shall however notify the Customer at least 30 days in advance if Mevo will stop supporting previously supported equipment or software as stated above (and later amended).

Customer is responsible for obtaining, maintaining and updating all hardware, software and other equipment needed for the access and use of the Service, and is responsible for all charges and expenses related thereto. Customer is also responsible for any integration between Mevo and the Customer's own systems.

8. CONSIDERATION

 

The Services are offered as a subscription service, which is binding 1 year from entering the Agreement. When purchasing a subscription, Customer purchases the right to use the Services as stated in this Agreement as long as the Customer has a valid and paid subscription. The subscription fees are stated at mevoapp.com/pricing. The prices are in EUR unless other currency is specifically agreed.

The fees may be changed from time to time. The new prices will apply on subscriptions made after the changes and on renewals of subscriptions as described in Section 15.

The Service can only be used by Users for whom the Customer has a paid and valid subscription license. User accounts shall not be shared or used by more than one person.

 

9. INVOICING

 

The first subscription invoice is issued when you receive your login credentials for the Mevo Admin Panel. That is when our obligations as your software provider start. That is also when you can start familiarizing yourself with the system and prepare for your first campaigns.

If you received your login credentials before the 10th of the month, your subscription starts that same month.

Annual plan subscriptions are invoiced annually for 12 months.

Monthly subscriptions are invoiced quarterly with due dates set to the first day of each quarter.

Any initial fees for Success Packages or consultancy hours will be invoiced upon signature/acceptance.

10. CONFIDENTIALITY

 

Neither party may use, disclose or make available to any third party the other party’s Confidential Information, unless such use or disclosure is done in accordance with the terms of this Agreement.

Each party must hold the other party’s Confidential Information secure and in confidence, except to the extent that such Confidential Information:

1. is required to be disclosed according to the requirements of any law, judicial or legislative body or government agency; or
2. was approved for release in writing by the other party, but only to the extent of and subject to such conditions as may be imposed in such written authorization.

This clause will survive termination of this Agreement.

Mevo is allowed to name Customer as a client for reference purposes in its marketing efforts, and may strictly for the purpose thereof use Customer's tradenames and logos.

11. INTELLECTUAL PROPERTY RIGHTS

 

All Intellectual Property Rights over and in respect of the Service are owned by Mevo.

The Customer is granted a limited, revocable, non-exclusive and non-transferable right to use the Service in accordance with this Agreement solely for Customer's own internal business purposes.

The Customer thus has no right to e.g. sell, lend, sub-license, distribute in any way (free of charge or for consideration), create derivative works of, copy, frame, access or try to get access to the source code of, mirror or reverse engineer any part or feature of the Services, including all underlying intellectual property rights and/or knowhow. Further the Customer may not in any way modify, decompile, disassemble or reverse engineer the Services. The list is non-exhaustive.

12. WARRANTY AND LIABLITY

The Service is delivered “as is”. Mevo does not guarantee compliance with any applicable law for the Customer’s use of the Service, any contests or prices, or that the Service is able to fulfil the Customer’s purposes.

The Services incudes certain third party services. You acknowledge that additional terms and conditions may apply for these third party services, even if such terms and conditions are not part of this Agreement, and Mevo has no responsibilities related to such third party services.

To the extent permitted by Norwegian law and applicable data protection laws, Mevo will in no event be liable for any direct or indirect damages, such as business interruption, loss of data or information of any kind, caused by the Customer’s actions.

Mevo’s sole and aggregate liability under or in connection with the Agreement shall be limited to EUR 10 000.

13. INDEMNIFICATION

 

The Customer must indemnify, defend and hold Mevo harmless from any claims (including third party claims), demands, actions, suits, expenses (including attorney’s fees) and damages (including indirect or consequential loss) resulting in any way from:

1. Customer’s and Customer’s employee’s use or reliance on the Service,
2. any breach of the terms of this Agreement by the Customer or any Customer employee, and
3. any other act of Customer.

This clause will survive termination of this Agreement.

14. TERM AND TERMINATION

 

Customer has accepted this Agreement through the ordering process of the Services, cf. Section 2. The Agreement is binding to both parties when Mevo has accepted the order.

The subscription period is stated under Section 8 in this Agreement. The subscription period will be automatically renewed 30 days prior to the following Quarter for monthly subscribers.

Annual subscriptions will be automatically renewed annually.

Termination of the subscription must be done at least 30 days prior to the renewal date with written notice of termination. For monthly subscribers, this means at least 30 days prior to the next quarterly payment. For annual subscribers, this means at least 30 days prior to the due date for the next annual payment.

If the Customer is in breach of this Agreement and has not corrected such breach to Mevo’s reasonable satisfaction within 7 days of Mevo’s notice of the same or the Customer becomes insolvent, or institutes (or there is instituted against it) proceedings in bankruptcy, insolvency, reorganization or dissolution, or makes an assignment for the benefit of creditors, Mevo may terminate the Agreement immediately for cause.

Termination of this Agreement, for any reason, means that

• all licenses granted under this agreement shall immediately terminate (however, the duty to pay for the licenses is dependent on the reason for the termination).
• Mevo may in its discretion destroy or otherwise dispose of any of the Customer data in its possession within 30 days after the termination has taken effect
• Any rights, remedies, obligations or liabilities accrued before the date of termination shall not be affected. For the avoidance of doubt; License fees paid in advance will not be refunded

15. AMENDMENTS

 

Mevo reserves the right to amend and change the Agreement with effect from the Customer's next subscription period by giving notice at least 30 days' prior to the end of the current subscription period. If the change is due to a legal obligation, the legal obligation might imply a shorter notice period which shall be the applicable notice period, and the change will take effect according to this notice period regardless of the amount of time remaining in the current subscription period for the specific Customer.

Notice shall be given by email to the email address in the order form (or subsequently updated e- mail address) and shall be considered given the day the email is sent. Mevo may instead choose to send the notification by ordinary mail to the address in the order form (or subsequently updated address).

16. GOVERNING LAW AND DISPUTES

 

This Agreement shall be governed by and interpreted in accordance with Norwegian law.

Disputes arising in connection with or as a result of this Agreement shall be settled by court proceedings unless the parties agree otherwise. Any court proceedings shall be brought before Oslo District Court.

If any part of this Agreement is found to be invalid due to mandatory statutory law or a final legal judgment, it shall only affect those parts found to be invalid. The remaining parts of the Agreement will still be enforceable.

 

Data Processing Agreement

1. BACKGROUND AND PURPOSE

 

This Data processing agreement ("DPA") forms part of the Terms for service ("Principal Agreement") between: Mevo Norway AS ("Data Processor") and the Customer ("Data Controller").

For the purposes of fulfilling the Principal Agreement and delivering the MevoApp (“the Service”), the Data Processor will process certain Personal Data on behalf of the Data Controller.

The DPA is intended to ensure that personal data is processed in accordance with all applicable requirements for the processing of personal data as provided for in the Privacy Regulations, the Personal Data Act and related regulations, including the General Data Protection Regulation (“GDPR”), collectively referred to as (“the Applicable Privacy Regulations”).

This DPA sets forth the terms and conditions pursuant to which the Data Processor shall process Personal Data on behalf of the Data Controller under the Principal Agreement.

2. DEFINITIONS

 

In this DPA, the following terms shall have the meanings set out below:

• "Data Protection Laws" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country, such as the Norwegian Personal Data Act (LOV-2018-06-15-38) and Personal Data Regulations;
• "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
• "GDPR" means EU General Data Protection Regulation 2016/679;
• "Personal Data" means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.;
• "Sub processor" means a third party subcontractor engaged by the Data Processor which, will process Personal Data on behalf of the Data Controller; and
• “Users” have the same meaning as in the Principal Agreement.

The terms in this DPA have the same meaning as the Personal Data Act and GDPR, and their cognate terms shall be construed accordingly.

3. PROCESSING OF PERSONAL DATA

The Data Processor will process the following types of Personal Data on behalf of the Data Controller:

Name, telephone number, email address, work place, occupation, profile photos and other photos uploaded by the Users of the Service, prize related information, level and training expertise related to activities in the MevoApp, purchase, billing information, IP address and user generated information related to the use of the Service.

The Personal Data is connected to the following categories of data subjects:

• The employees or representatives of the Data Controller.

• The customers, their employees or representatives, of the Data Controller.

• The Users.

The Data Processor shall only Process Personal Data for the following purposes:

• To fulfill the obligations under the Principal Agreement.

• To deliver the Service to the Data Controller and the Users.

The processing involves:

• Collecting and storage of data from the Users.

The Data Processor shall not process Personal Data in any other manner than what is agreed in this DPA and on documented instructions from the Data Controller. This includes that the Data Processor is not allowed to process Personal Data for other purposes than as stated above or its own purposes or to disclose data to third parties.

4. THE DATA PROCESSOR’S DUTIES

 

4.1 General compliance

When processing Personal Data on behalf of the Data Controller, the Data Processor shall follow the routines and instructions stipulated in this DPA.

Data Processor shall comply with all applicable Data Protection Laws in the processing of Personal Data and shall assist the Data Controller in fulfilling its legal obligations under Applicable Data Protection Law.

4.2 Instructions from the Data Controller

The Data Processor undertakes to only process Personal Data in accordance with documented instructions communicated by the Data Controller, unless required to do so pursuant to the Applicable Data Protection Law.

If the Data Processor is of the opinion that an instruction from the Data Controller is a violation of the Applicable Privacy Regulations, the Data Processor shall immediately inform the Data Controller of his opinion and may object to the instruction.

4.3 Requests from the Data Controller

Unless otherwise agreed or pursuant to statutory regulations, the Data Controller is entitled to access all Personal Data being processed on behalf of the Data Controller. The Data Processor shall provide the necessary assistance for this.

The Data Processor shall, in accordance with the request or instruction of the Data Controller; correct, delete or return any Personal Data processed by the Data Processor on behalf of the Data Controller under this DPA. This applies unless the applicable laws requires storage of personal data.

4.4 Confidentially

The Data Processor shall ensure the confidentially of Personal Data that the Data Processor will have access to as a result of the DPA, and shall ensure that persons authorized to process the Personal Data have undertaken to keep the Personal Data confidential or subject to an appropriate statutory duty of confidentiality. This provision shall also apply after termination of the Principal Agreement.

4.5 Disclosure of Personal Data

The Data Processor may not, without prior written approval from the Data Controller, transfer or in any other way disclose Personal Data or any other information relating to the processing of Personal Data to any third party. This applies with the exception of Sub processors engaged pursuant to this DPA.

In the event the Data Processor, according to Applicable Data Protection Law, is required to disclose Personal Data that the Data Processor processes on behalf of the Controller, the Data Processor will inform the Controller thereof.

The Data Processor shall not process Personal Data outside the EU/EEA, unless otherwise stated in this DPA. If the transferring of Personal Data to a country outside the EU/EEA or to an international organization outside the EU/EEA is required according to law in an EU/EEA member state which the Data Processor is subject to or EU/EEA law, the Data Processor shall inform the Data Controller of such requirement prior to the processing, unless the law prohibits such information from being given.

5. THE DATA PROCESSOR’S USE OF SUB-PROCESSORS

 

The Data Processor may use Sub processors. The Data Processor shall ensure that the Sub processors are bound by written agreements that require them to comply with data processing obligations corresponding to those contained in this DPA. The Data Processor shall remain fully liable to the Data Controller for the performance of the Sub processor’s obligations.

In addition, the Data Processor have the right to use other Sub processors, but is obliged to inform the Data Controller of any intended changes concerning the addition or replacement of other Sub processors. The information shall be given at least eight weeks prior to the planned changes takes effect. If the Data Controller does not consent in the change, the Data Controller has the right to terminate the Principal Agreement with three month’s notice.

6. TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA

 

The Data Processor uses the following Sub processors outside the EU/EEA: Overview of the Sub processors.

Apart from this, the Data Processor may not process or use Sub processors that process Personal Data outside the EU/EEA without prior written approval from the Data Controller. The Data Processor shall ensure that there is a legal basis for the processing of Personal Data outside the EU/EEA, or facilitate the establishment of such legal basis.

7. SECURITY

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Data Processor shall in relation to the Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32 (1) of the GDPR.

In assessing the appropriate level of security, Data Processor shall take account in particular of the risks that are presented by processing, in particular from a Personal Data breach. The Data Processor shall protect the Personal Data against destruction, modification, unlawful dissemination, or unlawful access.

8. PERSONAL DATA BREACH

 

In case of a Personal Data breach involving Personal Data processed on behalf of the Data Controller, the Data Processor shall assist the Data Controller in ensuring compliance with the Data Controller’s obligations pursuant to Applicable Data Protection Law, including Article 33 in the GDPR. The Data Processor shall notify the Data Controller in writing without undue delay, but not later than 24 hours after becoming aware of such a Personal Data breach.

9. ASSISTANCE

The Data Processor is obliged to assist the Data Controller in fulfilling the obligations in Article 32 to 36 of the GDPR. To the extent the Data Controller requires additional assistance from the Data Processor, the Data Processor may offer such assistance as a separately paid service, at an hourly rate of 120 EUR. The Data Processor may also refuse, unless the Data Processor’s assistance is necessary in order to be able to fulfil the Data Controller’s obligations.

10. DOCUMENTATION AND SECURITY AUDITS

The Data Processor shall have documentation that proves that the Data Processor complies with its obligations under this DPA and the General Data Protection Regulation. The documentation shall be available for the Data Controller on request.

The Data Processor is obliged to give the Data Controller access to his written technical and organizational security measures and to provide assistance so that the Data Controller can fulfil its responsibilities pursuant to the Personal Data Act and the General Data Protection Regulation.

The Data Processor shall keep a record of the processing activities, which shall contain at least the information required under article 30 of the GDPR. The Data Controller may at any time request a copy of such protocol.

The Data Processor shall regularly conduct security audits, and shall submit the results of the audit to the Data Controller on request. The Data Controller shall be entitled to conduct audits and inspections regularly, for systems etc. covered by this DPA, in accordance with the requirements of the Personal Data Act, the Personal Data Regulations and the General Data Protection Regulation.

Audits may be carried out by a third party mandated by the Data Controller. The third party will be subject to confidentiality (including signing declarations of confidentiality). The audit does not include information concerning Data Processor’s trade secrets. This includes, but is not limited to product know-how, algorithms, software code, test results, processes, inventions, research projects etc. The Data Processor shall however provide all the information necessary to the Data Controller or an appointed third party during such audit to fulfil the minimum requirements under applicable Data Protection Laws. The Data Processor may offer assistance to the third party mandate by the Data Controller, at an hourly rate of 120 EUR.

11. FULFILLING THE RIGHTS OF THE DATA SUBJECTS

 

To the extent the Data Controller requires assistance from the Data Processor, the Data Processor may offer such assistance as a separately paid service, at an hourly rate of 120 EUR. The Data Processor may also refuse, unless the Data Processor’s assistance is necessary in order to be able to fulfil the Data Controller’s obligations.

12. THE DURATION OF THE DPA AND THE PROCESSING

 

The DPA applies as long as the Data Processor processes Personal Data on behalf of the Data Controller according to the Principal Agreement.

13. TERM AND TERMINATION

 

The DPA may be terminated in accordance with the termination clauses in the Principal Agreement. A termination of the underlying Principal Agreement also constitutes a termination of the DPA.

14. LIABILITY

 

The parties may claim damages in respect of any direct loss in relation to breaches of this DPA. The liability for damages does not extend to indirect loss, including lost profits or anticipated savings. Loss of data is considered as an indirect loss. The maximum damages that can be awarded pursuant to this DPA is limited to a sum equivalent to the maximum liability in the Principal Agreement.

This clause is not applicable in the event of liability under Articles 82 and 83 of the GDPR, and each party is liable for costs and administrative fines according to Articles 82 and 83 of the GDPR.

15. RETURN, DELETION AND/OR DESTRUCTION OF DATA UPON TERMINATION OF THE DPA

 

Upon termination of this DPA the Data Processor shall (i) cease all its processing activities and (ii) upon the Data Controller’s choice, delete and/or return all Personal Data or copies thereof which is received on behalf of the Data Controller pursuant of this DPA. The duty to delete applies as long as Applicable Data Protection Law does not require the Personal Data to be stored. The Data Processor may anonymize all Personal Data received from or on behalf of the Data Controller which is comprised by the DPA.