Terms of Service for access and use of SESAM Software as a Service (SaaS)


1.1. Purpose

This documents contains terms of service for Customers’ access to and use of SESAM Software as a Service (“Services”) provided by Bouvet Norge AS, 996 756 246 (“SESAM”). The services consist of both free- and paid subscriptions and the term “Customer” is used regardless of whether a Subscription Fee applies to a particular Customer’s account. Some sections of this document will only apply to Customers with an account with a defined Subscription Fee. Upon ordering access to the Services, and confirming acceptance of the terms of service in this document, a legally binding agreement (“Agreement”) is entered into between SESAM and the Customer. All Services, as they are available at any time, through the portal https://portal.sesam.io, are subject to the terms of this Agreement.

Upon entering into this Agreement and the registration of the Customer in SESAM’s systems, the Customer is given a right to use the Services on the terms in this Agreement. Once access to the Services has been granted, the Customer will receive an e-mail to its registered e-mail address with the necessary access and login details.

The Services consist of various sub-services, and the right to use the Services only comprise the individual sub-services which the Customer has ordered and received access to. Some of the Services are payable. The Customer’s account overview sets out active sub-services which the Customer has ordered, including which Services are payable.

Some sub-services may be subject to additional terms and/or restrictions. Such additional terms and/or restrictions are set out in the terms of use for the sub-service together with the description of the sub-service in question.

1.2. Description of the Services

The Services are standardized services and the Customer acknowledge that the functionality in the Services will change. The Customer has the right to use the Services with the functionality as provided from time to time. The Services provided is not connected to any specific version of the underlying software or any set functionality as provided at any time.


2.1. General

If the Customer is a legal person, the Customer may set up users and give these users access to the Services with different roles. Users consist of physical persons in the employment or service of the Customer.

If the Customer is a physical person, the Customer will be assigned a single user.

The Customer and the Customer’s users receive a limited, terminable, non-exclusive and non-transferable right to use the Services in accordance with the terms of this Agreement, exclusively for the Customer’s internal business purposes. This right may be conditional on the payment of the applicable subscription fee and other fees (“Subscription Fee”). Any applicable Subscription Fee is provided on the Customer’s account overview. The Payment of the Subscription Fee and the compliance with the terms of this Agreement is a precondition for the right to use the Services. SESAM may adjust the agreed Subscription Fee yearly, upon 3 months’ written notice. In case of changes in public taxes, charges or other duties or other changes in public administrative practice affects the vendor’s costs connected to the Service, the Subscription Fee may be adjusted correspondingly without prior notice.

The Customer may not allow a third party to use the Services in a service bureau or similar, or offer services dependent on the Services to a third party. However, the Customer may allow in-hire consultants or temporary employees to use the Services for Customers internal business purposes. The Customer may also use the Services to collect/deliver data from the applications and databases of the Customer’s suppliers and/or customers.

The Services depend on standard software. When purchasing access to the Services, the Customer does not purchase a copy of, or license to, the software used to deliver the Services, but consecutively pay for a subscription to access the Services. To the extent that separate license- or other terms apply for use of third party software and/ or services included in the Services, these are set out together with the description of the Services in question. Any terms for third party software and/or services take precedence over the terms of this Agreement.

2.2. The relationship between the Customer’s users and SESAM

The Customer commits to adhere to the terms of this Agreement, and to ensure that any of its users do the same. The Customer accepts the full responsibility for all activities connected to its users, and its user’s compliance with the terms of the Agreement. When the individual user accepts any terms upon logging into a Service, or on a later change of such terms, no Agreement is made between such individual user and SESAM. It is at all times the Customer who is party to any agreement with SESAM, and who has all rights and obligations set out in such agreement.

The Customer accepts that SESAM may contact the Customer, and any Customer administrators, through registered e-mail addresses and through telephone, and provide general marketing information or other information about the Services. Such information will not be sent to the Customer’s other users.

2.3. User administration

If the Customer is a physical person, the Customer will be assigned a single user.

If the Customer is a legal person, users are created and administrated by the Customer.

The log-on information of an individual user shall not be shared or used by more than one physical person, but may freely be re-assigned by the Customer’s administrator. The Customer’s administrator may also name further administrators and delete users. The Customer shall ensure that all information about users and administrators are up to date at any time.

Each user is responsible for keeping his/her username and password confidential. The Customer shall inform SESAM immediately in case of unauthorized use of a user’s log-on information. Users are authorized to provide SESAM’s support personnel with access to their accounts where such access is necessary to provide support or else performed tasks asked for by the user.

2.4. Requirements for use of the Services

The Customer and any of its users shall not transfer viruses, malware or any other harmful code to the Services or use the Services in a manner which gives a risk for such transfer. The Services shall not be used for any illegal or otherwise unauthorized purpose. The Customer is responsible for complying with the Norwegian, EU and United States of America export restrictions and -regulations when the Services are used outside of Norway, including assuring that the Services are not used in jurisdictions where such use would be contrary to such export restrictions and -regulations.


The Services will be delivered through the technical environment selected by SESAM at any time, at the time of signature the technical environment is Microsoft Azure. The Customer will be given minimum three moths’ notice in case of significant changes to the technical environment. SESAM reserve the right to change the technical environment, but will in such event notify the Customer, in order to allow the Customer to evaluate the technical and legal effects of such change.

For Azure, separate terms of service apply from Microsoft: https://azure.microsoft.com/en-us/support/legal/subscription-agreement/?country=no&language=en and "Online Services Terms". These terms apply as amended and updated by Microsoft at any time. SESAM has no responsibility for error and defects in such services.

To the extent technical requirements apply to the Customer’s IT systems for the use of the various Services, e.g. requirements for bandwidth and/or hardware, this shall be set out together with the description of the Services in question.


4.1. Quality of Service

SESAM warrants that the Services will perform substantially as described in applicable documentation of Services. The Services will be subject to continual improvement.

If the Services does not function as described in applicable documentation of Services, SESAM will correct verified errors in the services at SESAMS’s own expense. SESAM may choose to replace the Services or functionality therein instead of performing a correction. If SESAM does not solve the verified errors according to the time-limits set out together with the description of the Services in question or does not replace the Service within a reasonable time, the Customer may cancel their subscription to that particular service. The Customer may not set forth any other claims due to defects or errors in the Services.

Links to websites not owned or controlled by SESAM which are available in the Services, related web pages or the documentation are provided without any responsibility or liability for SESAM. SESAM is not responsible for the content and/or information on such websites. In the same manner, SESAM is not responsible for defects and errors arising from the Customer’s own applications, databases or other systems.

4.2. Service Level Agreements (SLA) targets, penalties

The provisions in this section apply only to the Customers who pay a Subscription Fee.

SESAM’s Service availability targets, SLA penalties, and fixed maintenance periods are set out together with the description of the Services in question.

SESAM may, from time to time, require additional maintenance periods beyond what is set out above, for example for major upgrades. Such maintenance periods will be notified to the Customer at least 48 hours in advance, and any unavailability does not count towards the calculation of Service availability targets.

4.3. Notification of errors

If the Customer experiences that the Services in whole or in part are unavailable, or have reduced performance, the Customer shall report the error via https://support.sesam.io. In order to ensure that SESAM gets necessary information to identify and correct the error, the Customer shall, together with the notification of error, provide accurate information about the error, including a description of how the error occurred, how many users are affected, and which dataflows and/or systems are affected.

4.4. Support

The provisions in this section apply only to the Customers who pay a Subscription Fee.

SESAM will provide basic technical support to the Customer. This entails technical assistance, but SESAM does not warrant that any solution will be found for any problems or requests. The administration and configuration of the Services for the Customer is not covered by the support, and may be provided according to separate agreement. This may include assistance connected to integrated applications/databases.

The Customer may contact SESAM support on business days (Monday to Friday except Christmas Eve, New Year’s Eve and other Norwegian public holidays) between 08:00 and 16:00 hours Central European Time, or on specified times determined by SESAM. Any contact with SESAM support shall take place via https://support.sesam.io.

Support is provided in accordance with the following guidelines:

• A Customer with more than three users shall designate a contact person for support, which will act as the Customer’s point of contact with SESAM. Accordingly, the contact person shall provide first line support, and forward detailed information to SESAM’s personnel.

• Support requests shall regard the Services, when used in a manner recommended by SESAM. Support shall not cover repair of information, data-correction in a database or problems caused by the Customer. Neither shall the support cover any matter outside of the Services as covered by the Customer’s subscription.

• SESAM will recommend trainings or consulting services if the support request takes the form of being general training or education.

• Support does not include any form of consulting services.


5.1. Rights to data

The Customer retains all rights to data which the Customer stores or transfers in connection with the use of the Services.

Upon termination of all Services or individual Services, SESAM may agree to assist in transferring the data to a designated and usable format. Such a service should be ordered at least 30 days before the end of the subscription in question in order to ensure that the Customer can receive the data before deletion. Such assistance is invoiced by SESAM according to the at any time applicable fee schedule and terms for consultancy services. On termination of the subscription of the Service subscription, or subscription for an individual service, all Customer data will be deleted by SESAM.

5.2. Security

SESAM will have in place administrative, physical and technical security measures including backup solutions according to corresponding standards

• SESAM has established an information security governance system where systems, routines and processes are based on guidelines in ISO 27001 and 27018

• A yearly third party audit can upon request be carried out in accordance with ISO 27001

• A confidential summary report of the audit shall be produced, and made available to the Customer upon request

• The summary report shall enable the Customer to assess whether the security level in SESAM’s services are according to the Agreement and the Customer’s requirements

5.3. Processing of personal data

The Services may entail processing of the Customer’s personal data, e.g. storage on SESAM’s servers, cf. section 3 above.

The Customer is the controller, and agrees and warrants that:

• The Customer owns or otherwise has the right to transfer the personal data to the Service for processing, and that the Customer is responsible for the accuracy, integrity, contents, and legality of the personal data, including transfer and instructions;

• Where applicable, that the processing of personal data is covered by an applicable permit, and/or has been notified to the applicable regulatory authorities and/or users, and that the processing of personal data is not in violation of applicable law;

• It is the Customer’s obligation, in accordance with the Personal Data Act, to notify the applicable regulatory authorities and/or users in case of breach or the unauthorized transfer of special categories of personal data;

• The Customer, by way of its risk assessment, has verified that SESAM’s security measures are effective and appropriate for the processing in question;

• SESAM has provided sufficient guarantees in terms of logical, technical physical and organizational security measures.

This section 5.3 fulfils the requirements for a data processing agreement and governs SESAM’s processing of personal data on behalf of Customer, and SESAM’s obligation to have in place required information security measures. SESAM may only process personal data on behalf of the Customer during the term of the Agreement, or if there exists another legal basis for processing.

The terms “personal data”, “sensitive personal data”, “processing”, “controller”, “processor”, “data subject” etc. used in section 5.3 shall have the meaning assigned to them in applicable legislation.

5.3.1. Purpose, subject matter and duration

The processing of personal data by SESAM on behalf of the Customer shall only cover categories of personal data that are implied under the Agreement for the purpose of entering into the Agreement, management and/or follow-up of the Agreement and providing the Services, and only to the extent necessary to fulfil such purposes.

5.3.2. SESAM’s obligation as the data processor

• SESAM shall processes personal data only in accordance with the Agreement.

• SESAM shall ensure persons authorised to process the personal data are subject to confidentiality obligations.

• SESAM shall reasonably assist the Customer by appropriate technical and organisational measures, insofar as this is possible, for the Customer’s compliance with the law regarding processing of personal data and fulfilment of the Customer’s obligation to respond to requests for exercising the data subject's rights. If such assistance results in additional costs or expenses for SESAM, then SESAM shall be entitled to charge for such assistance on a time and material basis.

• SESAM shall have implemented and documented appropriate technical and organisational security measures to protect data from loss, misuse and unauthorized alternation or disclosure. The documentation shall be shown to the Customer upon the Customer’s request.

• In case of personal data breach, or security incidents with potential impact on personal data, SESAM shall notify the Customer promptly after becoming aware of the breach or the Incident.

• Unless prohibited by law, SESAM shall promptly notify the Customer of any request for the disclosure of or access to the data by authorities. SESAM will disclose the Customer’s data to governmental authorities or police only to comply with legally binding requests.

• SESAM shall notify the Customer of any request received directly from a data subject without responding to that request, unless SESAM has been otherwise authorized to do so in writing or obliged by applicable law.

5.3.3. Use of a subcontractors

Everyone who, on behalf of SESAM, performs assignments where the processing of the personal data in question is included, shall be made aware of SESAM’s contractual and regulatory commitments, and abide with the terms of these.

SESAM shall provide a list of relevant Contractors used for processing data. This list will only contain relevant Contractors directly executing Service related to processing of personal data.

The Customer acknowledges that the Customer is aware of the necessary details related to the technical platform, cf. section 3 above, and subcontractors involved in that regard.

5.3.4. Transfer of personal data abroad

SESAM shall not, without the ensuring necessary data processing arrangements for such transfer or access, transfer personal data outside the European Economic Area (EEA) or give anyone outside the European Economic Area (EEA) access to the personal data. The Customer acknowledges that the Customer’s cooperation may be requires allowing for such transfer.

The Customer acknowledges that the Customer is aware of the necessary details related to the technical platform, cf. section 3 above, any any transfer of personal data abroad in that regard.

5.3.5. Deletion of data

All data received from the Customer, as data controller, must be deleted by SESAM without undue delay upon termination or expiry of the Agreement or cancellation of a Service, or upon expiry of mandatory retention period. No data will be returned to the Customer.


For Services included in this Agreement, the Customer may have pay a Subscription Fee to SESAM as set out together with the description of the Services in question.


The provisions in this section apply only to the Customers who pay a Subscription Fee.

SESAM shall, to the extent required by applicable audit standards or applicable governmental requirements/legislation, allow the Customer’s internal or external auditors to observe SESAM’s delivery of the Services with related Customer data and any documentation for the Services for the Customer. The Customer shall give reasonable notice before such audits, at least 20 calendar days, and the audit shall be carried out during normal business hours. The Customer acknowledges that scope of audit shall be limited to SESAM’s own delivery of Service, as well as applicable documentation.

The Customers may not utilize auditors who are in direct competition with SESAM. The auditor(s) shall sign a confidentiality statement. The Customer shall adhere to SESAM’s applicable regulations when access is given to SESAM’s facilities.

Any costs which SESAM may have in relation to the audit, control and any possible further quality assurance that the Customer may require, will be invoiced to the Customer in accordance with SESAM’s applicable rates.


SESAM reserves the right to change the terms of this Agreement upon at least 30 days’ notice.

Reference is made to SESAM’s limited opportunity to change the terms in sections 5.2 and 5.3 regarding the processing of data. SESAM may not change section 5.1. to the detriment of the Customer.


The provisions in this section apply only to the Customers who pay a Subscription Fee.

SESAM shall defend the Customer against claims or law suits set forth by third parties claiming that the Customer's use of the Services infringes that third party’s registered Norwegian or EU patents, copyright or other intellectual property rights. In the event of such claims the Customer shall immediately inform SESAM in writing.

SESAM shall, to the extent SESAM is responsible for the infringement, hold the Customer harmless against all costs, damages, expenses or losses which the Customer is ordered to pay by a court or agrees to pay in a settlement, including attorney fees. This is subject to the full co-operation of the Customer with SESAM and that SESAM is in full control of the legal process and negotiations for a settlement. SESAM may at its own discretion (i) modify the Services so that there is no longer any infringement of third party rights, (ii) replace the Services with functionally equivalent services, (iii) provide a right for the Customer's continued use of the Services, or (iv) terminate the Customer's access to the Products and Services against a refund of any fees paid for the subscription after the date of termination. The Customer may not set forth any other claims as a result of infringement of third party rights.

The previous right to be held harmless does not apply if the Services have been used in violation of these terms and conditions or if the claim arises out of any modification, integration or customization of the Services not performed by SESAM.

The Customer shall defend SESAM against any claims or lawsuits in which a third-party claim that the Customer's data or use of the Services in combination with the Customer’s own applications, databases or other systems, is inconsistent with or infringes a third party's patent, copyright or other intellectual property rights. SESAM shall immediately notify the Customer in writing in the event of such claims. The Customer shall hold SESAM harmless against all costs, damages, expenses or losses that SESAM is sentenced to pay by a court or agrees to in a settlement, including attorney fees, provided that SESAM cooperates with the Customer at the Customer’s own expense and that SESAM provides the Customer with full control over the legal process and settlement, and that the settlement releases SESAM from all liability.


10.1. Limitation of liability

If SESAM is held responsible for paying damages to the Customer as a consequence of breaches of any of the obligations under this Agreement, such damages may in no event include compensation for indirect loss or damages of any kind which may arise as a result of, or in connection with, such breach. Indirect loss includes, but is not limited to, loss of profit of any kind, losses as a consequence of disrupted operations, loss of data, lost savings, losses due to deprivation and claims from third parties (except as set out in section 9 above). SESAM’S liability under this Agreement is therefore limited to direct loss, unless otherwise set out in mandatory applicable law, for example damages due to gross negligence or intent. Any refunds or compensation for direct loss and costs during any 12-month period shall not exceed an amount equivalent to 6 month’s Subscription Fee’s ex. VAT for the Services during the same period.

If standardized sanctions are agreed, these standardized sanctions shall be the sole and exclusive remedy for the matter and no other claims may be made based on the same situation.

10.2. Force majeure

If the use and execution of the Services is wholly or partly prevented or materially impeded by circumstances beyond the parties’ control, both parties’ obligations are suspended for as long as the circumstances are relevant and as long as these circumstances lasts. Such circumstances include, but are not limited to, strikes, lockouts, and any relationship which under Norwegian law will be regarded as force majeure. Each party may, however, in accordance with section 11 of this Agreement, terminate the Agreement if the force majeure makes it particularly burdensome for that party to continue the Agreement.

In the event that law, rules or regulations applicable to the use or delivery of the Services is changed or new rules or regulations are adopted after the Services have been made available on the market and this prevents SESAM from fulfilling the Customer’s instructions regarding processing of personal data or other obligations this Agreement, and/or this requires full or partial termination of access to the Services for a limited or indefinite period of time, this shall be considered as a force majeure circumstance. SESAM is not in any way responsible for any such or other force majeure circumstance.

10.3. Circumstances for which SESAM not in any event is responsible

Even though SESAM will use appropriate care to ensure secure transmission of information between the Customer and the Services, the Customer recognizes that the Internet is an open system, and that SESAM cannot warrant that a third party cannot or will not intercept or alter data during the transmission. SESAM takes no responsibility for such unauthorized access to, use or alternation or publication or loss of data.

Neither is SESAM responsible for lack of availability of the Services when this is directly or indirectly caused by the Customer or by circumstances for which the Customer is responsible or the reconstruction of data regardless of cause.


The Customer may cancel the Services or individual sub-services and thereby cancel the entire subscription for SESAM’s Service using the Customer’s account tool with applicable notice period. The cancellation takes effect from the start of the first month after end of the notice period.

For non-paying Customers Sesam has the right to suspend or terminate access to all or any part of the Service at any time, with or without cause, with 14 days’ prior notice. In case of abuse, access to Services may be suspended or terminated without notice, effective immediately.

The provisions for the reminding of this section apply only to the Customers who pay a Subscription Fee.

If a minimum term applies for some of the Services, the termination by the Customer takes effect after the expiration of such minimum term.

If payment is not made within 30 days after the due date, SESAM may, provided that the amount outstanding is not insignificant, suspend the Customer’s access to the Services until payment is made. Suspension shall be notified in writing by SESAM, with a final and reasonable deadline for the Customer to settle the amount outstanding before suspension is made effective. SESAM may terminate the Customer’s accounts for the Services if payment is not made to SESAM within 14 days after such suspension is made effective. The Customer shall pay delayed interest in accordance with applicable law for all Subscription Fees that are not settled before their due date. SESAM may make renewal of the Customer’s subscription conditional on a shorter payment due date or increased invoice frequency after one case of delayed payment.SESAM may terminate the Customer’s subscription with 7 days’ notice if the Customer is in breach of any of his obligations under this Agreement, or if it becomes apparent that the Customer will materially breach this Agreement in the future. SESAM may with 6 days’ notice to the Customer also suspend the Customer’s subscription to the Services if the Agreement is breached by the Customer. Such suspension may be in effect until the matter has been resolved.

SESAM reserves the right to terminate any service in its entirety, or its availability in any market, with 6 months’ notice before such termination takes effect or in case of force majeure with such notice which is reasonable under the circumstances.

When the Services, hereunder users, are terminated, all data and copies of such data will be deleted from SESAMs servers upon the termination taking effect. The Customer will get access to his data as set out in section 5.1.

The limitation period for any claims arising in connection with this Agreement or breach of this Agreement is one year after the termination of the agreement. Claims forwarded after the limitation period is out of date and hence have no validity.


Without obtaining SESAM’s prior written permission, the Customer is not entitled to transfer all or part of the right to use the Services to another entity (either through mergers, de-mergers, bankruptcy, change of ownership or control or to affiliates or otherwise). SESAM may fully or partially transfer its rights and obligations under the Agreement to subsidiaries or other companies within the same group, hereunder use these as sub-contractors, provided that this is done in a manner assuring compliance with the obligations under the Personal Data Act from the Customer’s perspective.


This Agreement, and disputes arising as a consequence of this Agreement, shall be regulated by, and interpreted in accordance with, Norwegian law.


Disputes regarding the effects, contents or implementation of this Agreement shall be resolved by negotiations. If such negotiations fail, either party may request that the case is brought before a Norwegian court. If the parties so agree, the case shall be decided by arbitration after Norwegian Act of 14. May 2004 no. 25 on arbitration. If the parties require confidential treatment of the arbitration proceedings, hereunder the arbitration court’s verdict, this shall be agreed between the parties in writing together with the arbitration agreement.

The agreed legal venue shall be the location where SESAM has its registered address when the case is made before the court or arbitration court.