Terms of Service
This page contains the Terms of Service that describe your rights and responsibilities when using the Let's Do app. If you don’t agree to be bound by these Terms, you aren’t allowed to access or use the Let's Do app.
Last updated September 17, 2021.
Let's Do (the ”App”) is a product by Andersson-Larsson Holding AB with company registration no. 559254-7078 (the “Company”, “we”, “us”, “our”). When you (the “Customer” and/or the “User”) adds Let's Do (the “App”) to your Slack workspace, you agree to the following terms (the “Terms”). If you add the App on behalf of an organization to your Slack workspace, you agree to these terms on behalf of that organization.
Processing of personal data
We process personal data in accordance with the EU General Data Protection Regulation (2016/679) (the “GDPR”).
If you remove the App integration from your Slack workspace, all the data that have been collected about your Slack workspace will be removed.
These Terms include a Data Processing Agreement (“DPA”), which regulates the Customer’s rights and obligations as a Personal Data Controller and the Company’s rights and obligations as a Personal Data Processor, when the Company Processes Personal Data on behalf of the Controller and according to the written instructions included in the DPA.
We have the right to engage Sub-processors in fulfilling our obligations under law, these Terms and in order for the App and our Website to be provided and improved. By entering into an agreement with the us, the User accepts that we engage Sub-processors as stated in the DPA.
The App is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the Company be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the App or the use or other dealings in the App.
The payment process is conducted by Paddle.com. Paddle.com is the Merchant of Record for all our orders. Paddle provides customer service inquiries related to payments. Refunds are available up until 30 days after the payment was done.
The Customer agree to the use of the Customer's logo, name, and trademark, for use in the Company’s marketing materials regarding the marketing of the App and the Website. If this is not desirable, it has to be communicated by e-mail to email@example.com.
Changes and amendments
We reserve the right to make changes and amendments to these Terms at any time. All changes and amendments to these Terms will be notified to the User who is the main contact for each workspace, that is the user who added the App to the workspace initially or the User who has setup payment details for the App. If a User does not accept the changes and/or amendments to the terms, the User may stop using the App and remove it from its Slack workspace. If a User continues to use the App 30 days after the changes and amendments have been notified, the User is considered to have accepted the changes and amendments.
These Terms shall be construed in accordance with, and governed by, Swedish law. Any dispute arising from or relating to these Terms shall be settled primarily between the Parties. If the dispute cannot be resolved through an internal settlement between the Parties, the dispute shall be finally resolved by a Swedish general court in Stockholm, unless otherwise stated in mandatory applicable law.
If you have any questions about our Terms do not hesitate to contact us at firstname.lastname@example.org.
Addendum: Data Processing Agreement
This Data Processing Agreement (”DPA”) constitutes an addendum to the general terms and conditions (“Terms”) that apply for the use of the app “Let's Do” (the “App”). The entity that chooses to use the App within its Slack Workspace is regarded as the Personal Data Controller for the Personal Data that its users shares with the App in connection with their use of the App (hereinafter referred to as "Controller"). The owner of the App, Andersson-Larsson Holding AB, is considered as the Personal Data Processor according to the GDPR, when Processing the Personal Data on behalf of the Controller and in accordance with the Controller’s instructions stated in this DPA (hereinafter referred to as "Processor").
The Processor and the Controller are herein referred to individually as a “Party” and collectively as the “Parties.
This DPA shall apply to all Processing of Personal Data carried out by the Processor on behalf of the Controller. The Processor may not Process Personal Data for other purposes than those specified in this DPA.
All references to ”Personal Data”, “Processing”, “Data Subject”, “Sub-processor”, “Personal Data Breach”, “Supervisory Authority” and any other capitalized terms not defined herein shall have the same meaning in this Agreement as stated in article 4 of the GDPR.
App: Let's Do (Slack app id #A023YL7KXSS).
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Compliance with applicable law
Both the Controller and the Processor shall each comply with their respective obligations under all applicable regulations, legal requirements and laws relating to the storage, use, security, collection, transfer, disposal, disclosure and other processing of Personal Data (“Privacy Laws”). The Processor will comply with the obligations under the GDPR and any subordinate legislation and regulation implementing the GDPR and/or SCC which may apply (collectively, with Privacy Laws, the “Data Protection Requirements”).
The controllers instructions for the processing of personal data
The Controller hereby instructs the Processor to Process the Personal Data only in accordance with the Data Protection Requirements and the instructions given herein, in order to a) fulfill contractual obligations regarding the provision of the service, b) fulfill all legal obligations and c) as further instructed by the Controller in its use of the App.
Categories of Data Subjects: Individuals who use the App, individuals that are mentioned within data submitted to the App (like users assigned to or mentioned in a to-do description).
Categories of personal data processed: first and last name, title, contact information (e-mail address, telephone number, company), timezone data and other metadata that is shared with the App when the Controller grants the App access to the Controllers Slack Workspace or individual Slack user account. E-mail address is only processed when a Data Subject signs in using Slack on the Website.
Duration of processing: The Personal data may be Processed as long as it is necessary to fulfill the purpose of the Process and the legal obligations.
Storage of personal data: The Processor is located in Sweden (EU) and may store and Process Personal Data in EU/EEA or anywhere the Processor or its Sub-processors maintains facilities, provided that the storage takes place in accordance with the GDPR.
The controllers obligations
The Controller is obliged to comply with its data security, personal data protection and any other obligations stated in the applicable Data Protection Requirements for the Controller with regard to the Processing of Personal Data. The Controller hereby confirms that the Controller:
- Processes Personal Data in accordance with the requirements of the Data Protection Requirements;
- has an established procedure for the exercise of the rights of the Data Subjects whose Personal Data is Processed by the Processor on behalf of the Controller;
- has the legal basis according to the applicable Data Protection Requirements to Process and disclose the Personal Data in question to the Processor, including to any Sub-processor that Processes Personal Data on behalf of the Processor;
- is solely responsible for the accuracy, integrity, content, reliability and legality of the Personal Data provided to the Processor;
- agrees that the Processor’s implementation of technical and organizational security measures is sufficient to protect the privacy and Personal Data of Data Subjects;
The processors obligations
The PROCESSOR shall:
- at the Controller's request correct, delete or transmit incorrect, incomplete or outdated Personal Data without undue delay.
- ensure the confidentiality, integrity and accessibility of the Personal Data, and ensures that its personnel who are authorized to Process Personal Data under this DPA have undertaken an obligation to observe confidentiality of the Personal Data.
- implement systematic, organizational and technical measures to ensure an appropriate level of security, taking into account the latest technology and implementation costs in relation to the risk involved in the Processing and the type of Personal Data to be protected.
- The Processor may not, without the prior written consent of the Controller, respond directly to requests from other Data Subjects, disclose or otherwise make the Personal Data available to third parties, unless otherwise provided by GDPR, applicable law, governmental or judicial decisions. The Processor shall, to the extent practicable and lawful, notify the Controller of requests for disclosure of Personal Data obtained from a Data Subject and requests from authorities for disclosure of Personal Data. The Processor shall notify the Controller if the Controller becomes aware of any notice, investigation or inquiry by a Supervisory Authority with respect to Personal Data, unless otherwise prohibited.
The Processor shall assist the Controller with appropriate technical and organizational measures, as far as possible taking into account the nature of the treatment and the information available to the Processor, in order for the Controller to fulfill its obligations under the GDPR regarding requests from Data Subjects, respond to the request for exercise of the Data Subject's rights and general data protection pursuant to Articles 32-36 of the GDPR.
The Processor shall enable the Controller to comply with all legal obligations regarding information to be provided to relevant data protection authorities and Data Subjects in Personal Data Breaches.
Sub-processor and transfer of personal data
The Processor has the right to engage Sub-processors to fulfill the obligations under the agreement between the Parties. The Controller agrees to the Sub-processors listed below. If the Processor intends to change, remove or add a Sub-processor, the Controller must be informed of this in advance and given the opportunity to object to the changes. The Controller has the right to terminate the agreement, if the Controller does not approve a certain Sub-processor or a certain type of treatment.
- Salesforce (Heroku), application platform. Database storage: EU. DPA.
The transfer of Personal Data to a Sub-processor is made at the Processor's risk and does not entail any change in the division of responsibilities that applies between Processor and Controller. If the Sub-processor does not fulfill its obligations regarding data protection, the Processor shall be fully responsible to the Controller for the performance of the Sub-processor's obligations.
The Processor shall enter into a legally binding data processor agreement with the Sub-processors, regarding the Sub-processors Processing of the Personal Data. Such agreement shall ensure that the Sub-processor agree to responsibilities and obligations that at least correspond to the obligations and conditions of the Processor that are set forth in this DPA.
Notwithstanding the above clause, if Personal Data is transferred by the Processor to a Sub-processor outside the EU/EEA, the Processor shall be obligated to enter into a supplementary agreement containing the SCC with the Sub-processor, before any Personal Data is transferred to such Sub-processor.
The Processor undertakes to take the technical and organizational measures required under the GDPR to ensure a level of security appropriate to the risk, in particular in relation to risks of unauthorized access, destruction or alteration of the Personal Data covered by the Processing.
The Processor undertakes not to disclose to third parties such information as the Processor has been informed of as a Processor from the Controller. The Processor shall ensure that all employees, consultants and others involved in the Processing of Personal Data are bound by confidentiality and that they are informed of how the Personal Data may be Processed in accordance with instructions from the Controller.
The Controller has the right to carry out an audit of the Processor 's compliance with the terms of this DPA, to verify that the Processor fulfills its obligations. The Processor has the right to request that such audit shall be performed by a neutral third party working under confidentiality.
The Processor undertakes to provide all information required to prove compliance with the obligations under the DPA and to participate in any audit and to provide the assistance needed to carry out such audit.
Personal data breaches
In the case of a Personal Data Breach, which includes Personal Data Processed by the Processor on behalf of the Controller, the Processor shall immediately take appropriate measures to mitigate its potential negative effects and prevent it from being repeated. The Processor shall notify the Controller of any Personal Data Breach without undue delay and in any event within 72 hours of becoming aware of a Personal Data Breach. The Processor shall also assist the Controller in complying with the terms of Articles 33-34 of the GDPR.
Agreement period and termination
This DPA is valid from the day the Controller approves the Terms and is valid as long as the User have granted the App access to the Controller’s Slack Workspace. When the Controller removes the App from the Controller’s Slack Workspace, the Processor shall cease the Processing of Personal Data and, in accordance with Controller 's instructions, delete or return all data containing Personal Data to the Controller and delete all existing copies within thirty (30) days, unless Processing of Personal Data is required according to applicable legislation.
The Processor may retain Personal Data after the Controller has removed the App from the Controller’s Slack Workspace to the extent required by applicable law, with the same type of technical and organizational security measures as described in this DPA.
This DPA shall be interpreted in accordance with Swedish law. Any disputes regarding the interpretation or application of these contractual terms shall be settled primarily between the Parties. If the dispute cannot be resolved through an internal settlement between the Parties, the dispute shall be finally resolved by a Swedish general court in Stockholm, unless otherwise stated in mandatory applicable law.