This Software as a Service Agreement ('SaaS') is a legally binding contract between you (the “User”) and Imagineit AB (the “Supplier”). The SaaS authorizes you to use the application made accessible on the domain Fakturan.nu (the “Service”). The Service is accessible through a browser and an internet connection. Read this SaaS carefully before using the Service.

By using the Service, the User acknowledges that the User has read and understood the SaaS and agrees to be bound by all of the terms and conditions stated below.

In order to gain access to the Service, the User must also approve of our Privacy Policy (“Privacy Policy”) and our Data Processing Agreement (“DPA”).


The Supplier shall deliver to the User complete Services, including the right to use the application, and if applicable and agreed between the Parties; any new versions, updates, modifications, customisations and configurations.

The Supplier continuously produces a backup of the Services and the backup is at a minimum produced daily.

The Supplier shall, during the term of this SaaS, store the User’s accounting data in accordance with all, at each time, applicable legislation and other regulations.

The Supplier shall comply with all regulations regarding personal data processed within the Service (regarding our processing of personal data, please see Section 10 and our Privacy Policy).


The User acknowledges that the Service is provided 'as is' and the Supplier has not made any representations or warranties, express or implied, regarding the Services.

This SaaS creates no obligations on the part of the Supplier other than as specifically set forth herein.

In no event shall the Supplier, its employees, licensors, affiliates or agents be liable for any lost profits or costs of procurement of substitute goods or services, property damage, loss of profits, interruption of business or for any special, indirect, incidental, economic, punitive or consequential damages, however caused, and whether arising under contract, tort, negligence, or other theory of liability, or arising out of the use of or inability to use the licensed software, even if the Supplier is advised of the possibility of such damages. This limitation includes the event of errors in the Service, the documentation provided and the use of the Service.


The User shall be responsible to ensure that the User’s use of the Services shall at all times fulfil and comply with all requirements set forth in the applicable legislation and other regulations, as amended from time to time, including especially the applicable tax laws and data protection legislation and thereto related legislative actions and regulations, as well as orders and other actions of the competent authorities, as amended from time to time.

The User is responsible for all the data added on behalf of the User to the Service and the data stored on its account, this includes the back up of any data or documentation deriving from the Service necessary for the correct fulfilment of the User’s obligations regarding accounting. The User is responsible for any added workload that may arise due to malfunction of the Service.

The User is responsible to ensure that the information provided regarding the User is correct. The responsibility includes, but is not limited to, ensuring that the billing address is correct. Any collection measures initiated due to an incorrectly provided billing address will not be withdrawn by the Supplier. If the User is not sure of the billing address provided, please contact the Supplier’s customer service.

The User is obligated to use the Service in a responsible way and in the manner intended. The User is not allowed to engage in illegal or unethical activities. The User is not allowed to copy, alter or resell the Service or any part of the software that is made available to the User by accessing the Service, without the Supplier’s written approval.


The price for the Service shall at all times be displayed inside the Service. The Supplier has the right to change the price for the Service. If a price change is initiated the User shall be notified through e-mail or the website. If the User opposes the price change the User is entitled to, with a written notice no later than 5 days after receiving the information of the price change, to terminate the Service and this SaaS with immediate effect.

Invoicing (when applicable) shall be made 6 months in advance and the payment shall be made within 30 days from the date of the invoice.

Interest for late payment shall be paid with an interest rate of 10 %.


If the User is in delay with payment for more than 24 days, the User’s access to the Service will be temporarily terminated. The User will gain new access to the Service after the Supplier has received full payment. All User data will remain in the Service, as prior to the temporary termination.


The Supplier shall have the right to audit the User’s operations in respect of its performance of its obligations under the Service as well as for development of the Service.


The Supplier has the right to access the User’s account in the Service for the following reasons: 1. to provide the User with support regarding the Service; 2. to control the User’s performance of its obligations under this SaaS, including but not limited to the User’s compliance with Section 4; and 3. to conduct market analytical studies, in order to improve the Service.


This SaaS enters into force upon acceptance from the User and remains in force until further notice. Either Party shall have the right to terminate the SaaS as a providing a one (1) months' notice thereof to the other Party. The User may terminate the SaaS according to the above by contacting the Supplier by phone or in writing (by mail or e-mail). Furthermore, termination may also be conducted through the User’s account settings. Failure of payment is not considered as a termination of the SaaS. The Supplier may terminate the SaaS and discontinue the Service with immediate effect if:

  1. the User is in delay with payment, if the User should become the subject of proceedings under any bankruptcy or insolvency law or otherwise can be assumed to not fulfill its payment obligations;
  2. the User is in material breach of this SaaS;
  3. the Supplier suspects that the User is engaged in illegal or unethical activities; or
  4. the Service is no longer compatible with the current legislation or an authority decision.

By termination of the SaaS, any period of an invoice not utilized by the User will be credited, provided that the invoice in question has not already been paid. In such case, the SaaS will be terminated only after the period already paid for has expired. In case a reminder has been sent and/or a collection measure has been initiated regarding an overdue invoice, the User is obliged to pay the invoice and the extra costs and charges related hereto, regardless of the termination.

Payment made prior to the cancelation will not be redeemed.


The intellectual property right, including but not limited to source code and design, (“IPR”) in and to the Services and the modifications thereof belong to the Supplier.

The IPR to Users' data and other information and materials provided to the Supplier and/or stored in the Services by the User or a third party on its behalf, as well as all data, calculations, reports and other documents generated by the Service or by the User/third party using the Services and all modifications thereof, belong to the User.

The Supplier grants to the User a non-exclusive, limited and revocable right to use the Services.

The Supplier has the right to modify or delete data which the Supplier considers to be harmful to the Services, or data which is considered illegal according to Swedish law.


When the User uses the Services the Supplier processes the User’s personal data. The Supplier may process the personal data only in accordance with the Privacy Policy.

If the Supplier processes personal data regarding the User’s invoice recipients, for which the User is to be considered a personal data controller, the Parties have entered into a separate DPA hereof.


Neither Party shall be liable to the other for any delay or non-performance of its obligations hereunder in the event and to the extent that such delay or non-performance is due to an event of Force Majeure.

Events of Force Majeure are events beyond the reasonable control of the Party which occur after the Effective Date of this SaaS and which were not reasonably foreseeable at the time of signing of this SaaS and whose effects are not capable of being overcome without unreasonable expense and/or loss of time to the Party concerned. Events of Force Majeure shall include (without being limited to) war, acts of government, natural disasters, fire and explosions. Labour disputes affecting a party or its subcontractor shall not be considered as an event of Force Majeure.

If an event of Force Majeure results in delay or non-performance of the Party for a period of thirty (30) days or longer, the other Party shall in its sole discretion have the right to terminate this SaaS in its entirety or partially forthwith and without liability towards the Party in delay except for the Services already delivered in accordance with this SaaS.


This Saas shall be governed by and construed in accordance with Swedish law.

Any dispute, controversy or claim arising out of or in connection with this SaaS, or breach, termination or invalidity thereof, shall be settled by Swedish Public Courts with Örebro District Court as first court of instance.



By using our Service (as defined in our Software as a Service Agreement), the User accepts our Privacy Policy and our processing of the User’s personal data. The User also accepts that we use electronic communication channels to send information to him/her. It is important that the User reads and understands our Privacy Policy before using our Service.


2.1 Account settings

When the User registers on Fakturan.nu, we collect personal data. The data which can be submitted and, in certain situations, must be submitted is the User’s company name, personal/registration number, VAT registration number, postal address, billing address, telephone number, mobile telephone number, business description, e-mail address, website, fax number, IP address. These data may be considered as personal data.

2.2 Payment details

In order for the User to be able to make transactions and use our Service, we collect information regarding their payment details.

2.3 The User’s customer data

In our Service, the User collects data regarding the User’s customers. We are not responsible for this data or the processing of it (please, see our Data Processing Agreement).

The User is responsible for deleting personal data regarding the User’s customers which are no longer relevant to store in the system.

2.4 Cookies

In our Service we use cookies. Cookies are used to keep the User logged into the service (so-called session cookie), for “remember-me” functionality and for visitor and user statistics.


In order to fulfill our obligations under the agreement and to supply the Service to the User, it is necessary for us to collect and process information and data regarding the User and the User’s company. An exception to this is when you have not entered into an agreement with us, but instead have contacted us regarding administrative matters or for customer service/support. In such situations, the processing of your personal data is based on our legitimate interest to supply those services.

The data is used for billing of payments regarding the Service, confirmation of the User’s identity, customer analysis, marketing, other communication with the User (e.g. if an invoice overpayment has occurred), a register with information regarding those who have unsubscribed from our newsletter and to administrate the Service, as well as our internal business (including troubleshooting, data analysis, testing and statistical purposes).

We need the User data in order to comply with the relevant legislation to, for instance, prevent fraud and for risk management, to prevent abuse of the Service, take measures against money laundering and to comply with the applicable accounting legislation.


We may have to share the User data with our collaborators and subcontractors. This may only be done with the utmost care by only sharing data when absolutely necessary, e.g. to comply with the applicable legislation, help the User with the Service, make credit reports, send paper invoices, collect payments, send out reminders and take collection measures.

We may share the data necessary with national authorities if we are obliged to do so by law or if the User has agreed to it. An example of a legal obligation to provide data is for measures against money laundering and terrorist financing.

You may, as a User, choose to enter into agreements with other partners in our Service and, as a result, share data which they are entitled to provide in accordance with the applicable legislation. These agreements refer e.g. to services such as Auto Mode and collection measures.


We store the User data only for as long as it is necessary in order to fulfill our contractual obligations towards the User and for as long as there is a legal obligation to do so. Accounting must, for example, be preserved for at least seven years in accordance with Swedish law. When we store User data for other purposes than to fulfill our contractual obligation, e.g. to meet the requirements regarding measures against money laundering, accounting and regulatory capital requirements, we save the data only for as long as necessary and/or statutory.

When our obligations are fulfilled, User accounts which have been inactive for a longer period than two years will be deleted or anonymized.


  1. The right to access User data. The User may request a copy of the personal data stored and a verification of the data we have regarding the User. The copy is free to request.
  2. The right to rectification. The User has the right to request a rectification regarding wrongful or incomplete data.
  3. The right to erasure (“right to be forgotten”). The User has the right to request the erasure of the User’s data if the data is no longer necessary in relation to the purpose for which is was collected. However, if we have issued an invoice regarding the User we may not erase the data until the last invoice is at least seven years old (in order to comply with the relevant legislation).
  4. The right to restriction of use. Under certain circumstances (expressed in applicable data protection legislation), the User may request that we restrict the use of the User’s personal data.
  5. The right to data portability. In case the User wishes to have the personal data provided transmitted, for the purpose of using them elsewhere (data portability), please contact us.
  6. The right to complaints. The User has the right to lodge a complaint with the Swedish supervisory authority.


Imagineit AB, Swedish registration number 556833-9344, is responsible for the processing of the User’s personal data and responsible to ensure that such processing takes place in a safe and legal manner.

If the User has any questions regarding the processing of personal data, the User may always contact us, the contact information is available at the website.



1.1. Imagineit AB, Swedish registration number 556833-9344 (“Imagineit”) has entered into an agreement with the user (the “User”) regarding Imagineit’s supplying of services to the User (the “Main Agreement”). The User is, when using the services, to be considered a personal data controller (the “Controller”) with regards to the data the User adds to the system and Imagineit is to be considered a personal data processor (the “Processor”).

1.2. The parties have, in connection herewith, concluded this data processing agreement (this “DPA”) regarding the processing of the personal data which the Processor will process on behalf of the Controller under the Main Agreement. This DPA shall be considered a part of the Main Agreement. This DPA shall, however, prevail the Main Agreement.

1.3. This DPA, which has been drawn up to meet the requirements under Article 28 of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and national data protection legislation, shall regulate the Controllers rights and obligations as a controller and the Processor’s rights and obligations as a processor when the Processor processes personal data on behalf of the Controller.

1.4. The terms and definitions of this DPA shall be interpreted in accordance with the applicable data protection legislation.


2.1. The Processor undertakes to only process personal data in accordance with the Main Agreement, this DPA and any documented instructions from the Controller. The Controller’s initial instructions to the Processor regarding the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects are set forth in our Privacy policy.

2.2. The Controller confirms that the obligations of the Processor set out in this DPA and our Privacy Policy, except for any written instruction provided in specific cases according to clause 2.3, constitutes the full and complete instructions to be carried out by the Processor as data processor. Any changes to the Controller’s instructions shall be negotiated separately and, to be valid, documented in writing and duly signed by both parties.

2.3. The Processor shall, to the extent required under applicable data protection laws and in accordance with the Controller’s written instruction in each case, assist the Controller in fulfilling its legal obligations under such laws, including but not limited to the Controller’s obligation to respond to requests for exercising the data subject's rights to information regarding processing of their personal data.

2.4. The Processor shall immediately inform the Controller if, in its opinion, an instruction provided under this DPA infringes applicable data protection laws.

2.5. If data subjects, competent authorities or any other third parties request information from the Processor regarding the processing of personal data, the Processor shall refer such request to the Controller. The Processor may not in any way act on behalf of or as a representative of the Controller and may not, without prior instructions from the Controller, transfer or in any other way disclose personal data or any other information relating to the processing of personal data to any third party. In the event the Processor, according to applicable laws and regulations, is required to disclose personal data that the Processor processes on behalf of the Controller, the Processor shall be obliged to inform the Controller thereof immediately and request confidentiality in conjunction with the disclosure of requested information.


3.1. The Processor may engage sub-processors inside and outside of the European Union and may transfer personal data outside of EU/EES without prior written consent from the Controller. The Processor shall ensure that sub-processors are bound by written agreements that require them to comply with corresponding data processing obligations to those contained in this DPA. If personal data is transferred outside the EU/EES, the Processor shall ensure that legal grounds under applicable data privacy laws for such transfers exist, for example EU model clauses.

3.2. All sub-processors engaged by the Processor is published on the Processor’s webpage. The Processor shall, upon request, provide the Controller with any information reasonably requested by the Controller to enable the Controller to assess whether the use of the sub-processors will ensure the Controller’s compliance with this DPA and applicable data privacy legislation.


4.1. The Processor shall, in order to assist the Controller to fulfil its legal obligations including but not limited to; security measures and privacy risk assessments, be obliged to take appropriate technical and organizational measures to protect the personal data which is processed. The measures shall result in a level of security which is appropriate taking into consideration the existing technical possibilities, the costs for carrying out the measures, the particular risks associated with the processing of personal data and the sensitivity of the personal data which is processed.

4.2. The Processor shall maintain adequate security for the personal data. The Processor shall protect the personal data against destruction, modification, unlawful dissemination, or unlawful access. The personal data shall also be protected against all other forms of unlawful processing. Having regard to the state of the art and the costs of implementation and taking into account the nature, scope, context and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of individuals, the technical and organizational measures to be implemented by the Processor shall include as appropriate:

  1. the pseudonymisation and encryption of personal data;
  2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data;
  3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

4.3. The Processor shall take all necessary actions to assist and shall notify the Controller in relation to any accidental or unauthorized access to personal data or any other security incidents (personal data breach) immediately upon becoming aware of such incidents. The notification at least:

  1. describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  2. communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  3. describe the likely consequences of the personal data breach;
  4. describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

4.4. The Processor undertakes not to, without the Controller’s prior written consent disclose or otherwise make personal data processed under this DPA available to any third party, except for sub-processors engaged in accordance with this DPA.

4.5. The Processor shall be obliged to ensure that only such staff as directly requires access to personal data in order to fulfil the Processor’s obligations in accordance with this DPA have access to such information. The Processor shall ensure such staff is bound by a confidentiality obligation concerning this information to the same extent as the Processor in accordance with this DPA.


The Controller shall be entitled, in its capacity as the data controller, to take measures necessary to verify that the Processor is able to comply with its obligations under this DPA, and that the Processor has in fact undertaken the measures to ensure such compliance. The Processor undertakes to make available to the Controller all information and all assistance necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including on-site inspections, conducted by the Controller or another auditor mandated by the Controller.


6.1. Upon expiry of this DPA, the Processor shall, depending on the choice of the Controller, immediately delete or return all data containing personal data and delete all existing copies, unless the processing is required by Swedish or European law.

6.2. Upon request by the Controller, the Processor shall provide a written notice of the measures taken regarding the personal data upon the completion of the processing.

6.3 The Processor is not entitled to, after the termination of this DPA, use the personal data other than to fulfill its obligations under Swedish or European law, such as the storage of accounts.


The provisions in this DPA shall apply during such time that the Processor processes personal data in respect of which the Controller is the data controller.


8.1. The Processor shall be entitled to a reasonable compensation for the processing of personal data in order to fulfill its obligations under clause 2.3, 2.5, 4.3, 5 and 6 of this DPA.


Any disputes regarding the interpretation and application of this DPA shall be finally settled in accordance with Swedish legislation and the the Main Agreement’s provision on disputes.