Terms and Conditions

1. Scope of the Agreement

These terms and conditions shall be applied to the provision and use of Custobar Oy’s (“Custobar”) cloud-based Customer Data Platform solution designed for the B2C sector (”Service”), licensed to Client, under these Terms and Conditions. These Terms and Conditions and the Service Description shall constitute a binding agreement (“Agreement”) between Custobar and the Client. By purchasing the Service from the website or accessing the Service, the Client will accept and become bound by this Agreement.

The Service displays data collected from the Client’s systems as well as data submitted by the Client’s personnel (”Client Confidential Information”).

Any additional work and implementation, development, installation, training services and other services performed to Client shall be separately agreed upon by applying these Terms and Conditions.

2. Fees and Invoicing

The Client will purchase the Service from Custobar website using a valid credit card. Any additional products or services will be purchased via Client’s Custobar account. Custobar is not directly involved in the online payment but through a third-party service provider. For this purpose, the Client shall authorize Custobar to initiate a payment or a series of payments on the Client’s behalf based on purchases made by the Client. The fees applicable to the use of the Service are set out on the Custobar website (www.custobar.com/pricing) and on the user interface of Custobar at the time of the purchase. Value added tax is added to all prices in accordance with applicable law.

Custobar has the right to change the prices applicable to the use of the Service once per year by providing the Client with a 3 months’ prior written notice. The price change does not affect the fees applicable to invoice cycles preceding the price change. In case the Client does not accept the price change, the Client has the right to terminate the Agreement by applying the notice period defined in the Section 11.

Custobar is actively developing the Service and new features may be released continuously. New features may have an additional monthly cost. Once released, these features and additional costs will be added to the Custobar price list at www.custobar.com/pricing/ or will be informed to you by support@custobar.com.

The monthly fee applicable to the use of the Service shall be charged, in accordance with Custobar price list (www.custobar.com/pricing/), from the Client’s credit card on a monthly basis for the amount of the payment and any applicable fees or charges. The monthly fee applicable to the use of the Service shall be invoiced one month in advance by Custobar starting from the day of opening the Custobar environment for the Client.

The fees relating to the implementation or startup of the Service are invoiced at the time of purchasing the Service. The Client shall be responsible for all purchases made using the Client’s credit card or from the Client’s Custobar account. Additional fees collected by the credit card provider, such as credit card fees, may be added to the payable amount. Custobar is not responsible for any insufficient funds charges, chargeback fees, or other, similar charges that might be imposed on you by your bank or our third-party service provider.

The sales data will be stored for 5 years and event data for 2 years starting from the date the data has been added to Custobar.

If there is need to store the data for a longer period of time an additional cost will be added to the licence fee, see pricing at www.custobar.com/pricing/ or contact support@custobar.com.

3. Provision of Service

Custobar shall keep the Client Confidential Information secure and confidential by applying industry-standard organizational and technical measures. Custobar shall provide the Service to the Client in accordance with the provisions of this Agreement, in a careful and professional manner.

Custobar has the right to use subcontractors. Custobar is liable of the subcontractors work as its own.

The Service Description further governs the provision of the Service.

4. Client Responsibilities

The Client shall perform its obligations hereunder diligently and professionally. The Client shall provide all requested information necessary for the provision of the Service. Such information shall be accurate and complete.

The Client shall be liable for the use and security of all usernames and passwords to the Service as well as for complying with all applicable use restrictions of such usernames and passwords.

The Client is liable for the accuracy of the data submitted to the Service and for all transactions and activity performed by Client in the Service and under the Client’s user names and passwords.

5. Intellectual Property Rights

The title and intellectual property rights to the Client Confidential Information shall belong exclusively to the Client.

The title, intellectual property rights and all other rights to the Service shall belong exclusively to Custobar, including but not excluding source and other codes, manuals, documents, training materials and other material relating to the Service. The Client shall have the limited, non-exclusive right to use the Service for the purposes of its own business operations during the term of this Agreement.

The Client and Custobar (as applicable) shall prevent the unlawful access and use of the Service.

6. Intellectual Property Rights Infringements

Custobar warrants that the Service does not infringe any intellectual property rights in force in Finland.

Custobar shall at its own expense indemnify the Client against claims presented against the Client that the Service infringes third party intellectual property rights in Finland, provided that the Client promptly notifies Custobar in writing of such presented claims and permits Custobar to, at its own expense and discretion, defend or settle the claims on behalf of the Client and gives to Custobar the available requisite information, assistance and authorizations.

In case Custobar deems that any part of the Service infringes the intellectual property rights of any third party, Custobar has the right at its own expense either:

  1. obtain a right to use the Service on behalf of Client;
  2. replace the Service with a service corresponding to the Service;
  3. modify the Service in order to eliminate the infringement.

If none of the above-mentioned alternatives is possible on reasonable terms for Custobar, the Client has to cease using the Service.

Custobar shall not be liable for claims which:

  1. are asserted by a company that exercises control over the Client or which is controlled by the Client;
  2. results from alteration of the Service by the Client or from compliance with the Client’s written instructions;
  3. results from use of the Service in combination with any product or service not supplied by Custobar; or
  4. results from the Client not complying with its obligations set out in this Section 6.

Custobar’s liability for infringement of intellectual property rights shall be limited to this Section 6.

7. Processing of Personal Data

During the course of providing the Client with the Service, Custobar may process certain personal data on behalf of the Client. Such personal data may include the following information:

  • first and last name
  • email address
  • phone number
  • postal address, postal code, country
  • delivery address
  • language
  • age
  • gender
  • name of the company the data subject represents
  • other Personal Data the Client chooses to transfer to Custobar to be processed in connection with the provision of the Service
  • commencement date of the customer relationship
  • marketing consents (email, SMS, mail)
  • last date and time of sign-up
  • purchase history
  • information on emails opened and clicked
  • information on activities taken on the website
  • information on visits to shops
  • information provided at the shops
  • participations in competitions
  • customer feedbacks
  • IP addresses
  • device types

The Client is a data controller as defined in the General Data Protection Regulation (EU) 679/2016 (” GDPR”). The Client is responsible for the lawful processing and collection of Personal Data in compliance with the GDPR and other laws, regulations and directives pertaining to the processing or collection of Personal Data. Custobar will not monitor the Clients processing or collection of Personal Data in the Service. The Client shall be responsible for having the required rights and necessary permissions from third parties to use and disclose Personal Data for the purposes set out in this Agreement. The Client shall ensure that the Client is entitled to transfer the relevant Personal Data to Custobar so that Custobar may lawfully process, use and transfer the Personal Data in accordance with this Agreement on behalf of the Client.

Custobar is a processor of Personal Data as defined in the GDPR and will process Personal Data disclosed to it by the Client, on behalf of the Client.

Each Party shall be responsible for the information security of the Partys own communications networks. Neither Party shall be responsible or liable for the information security of general communications networks, or for interferences or other disruptions, outside of the Parties influence, that may occur in general communications networks.

Custobar may not use Personal Data disclosed to it by the Client, for any other uses than for which the Personal Data was collected, in this case for the provision of the Services. Custobar shall process information disclosed to it by the Client in accordance with this Agreement and according to written instructions or guidelines given to it by the Client. Client’s instructions must be commercially reasonable, compliant with applicable data protection legislation and regulations and consistent with this Agreement. In case Custobar detects that any instruction given by the Client is non-compliant with European Union or member state law to which Custobar is subject, Custobar shall not be obliged to comply with such instruction and shall inform the Client of that legal requirement.

Custobar ensures, that it shall comply by the GDPR and other applicable data protection laws and regulations, as amended from time to time, and that it shall comply by the orders and regulations given by competent authorities (all together the “Data Protection Regulations”).

Custobar will implement all appropriate and necessary security measures to ensure, that all the Personal Data processed by Custobar pertaining to the Services, shall be accurate, adequate, relevant, kept up to date and that the Personal Data is not kept any longer than necessary.

Custobar ensures:

  • that it shall implement and maintain appropriate technical and organizational security measures to protect the Personal Data within its area of responsibility, in order to safeguard the Personal Data against unauthorized or unlawful processing or access and against accidental loss, destruction or damage, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing carried out by Custobar hereunder as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Such measures shall include, where appropriate and relevant for each processing action:

    • the pseudonymisation and encryption of Personal Data;
    • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and Service;
    • the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
    • a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

    • that it will at the request of the Client and taking into account the nature of the processing and the information available to Custobar, without undue delay, provide the Client with commercially reasonable assistance in ensuring compliance with the Client’s obligations, such as individuals requests relating to exercising their rights as foreseen in applicable data protection laws, e.g. the right of access, and/or provide the Client with assistance pertaining to the Client’s compliance with orders and notifications given by competent supervisory authorities as well as Client’s obligations relating to Data Security Breaches and performance of security and data protection impact assessments. In case such assistance requires extensive measures from Custobar, the Client shall pay additional reasonable remuneration to Custobar for handling such assistance requests

  • that the persons processing Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality

  • that it will without undue delay inform the Client of all inquiries made by a data subject, Data Protection Supervisor or other competent authorities, pertaining to the Personal Data disclosed by the Client.

  • the ongoing confidentiality, integrity, availability, resilience and restoration of all processing systems and services in which Personal Data is stored or processed

  • the pseudonymisation and encryption of Personal Data and communications containing Personal Data, when it is appropriate and necessary to maintain the integrity and confidentiality of Personal Data.

The Client shall have the right to audit the facilities and processing activities of Custobar under this Agreement to examine the level of protection and security provided for Personal Data processed under this Agreement and to assess the compliance of Custobar and its subcontractors with this Agreement. If Custobar’s employees or other representatives participate in such audits at the request of the Client, the Client shall compensate Custobar for the expenses caused by such participation. Otherwise each Party shall bear its own costs for any such audit. Where an audit may lead to the disclosure of business or trade secrets of Custobar or threaten intellectual property rights of Custobar, the Client shall employ an independent expert to carry out the audit, and the expert shall agree to be bound by confidentiality to Custobar’s benefit.

Custobar shall have a general authorization to subcontract its data processing operations to a sub-processor, but only by way of a written agreement with the sub-processor, which imposes obligations on the sub-processor no less onerous than as are imposed on Custobar herein. Custobar shall notify the Client of any additional sub-processor(s) in advance. If the Client reasonably objects to such additional sub-processor(s), the Client may inform Custobar in writing of the reasons for such objection, after which the Parties shall aim to resolve such situation via negotiation.

Custobar may not have Personal Data processed or accessible by its sub-processors outside of EU or European Economic Area (“EEA”) without separate consent of the Client. In case the processing is subject to any Data Protection Regulations and Personal Data is transferred from the EEA to a sub-processor for processing in any country outside the EEA that is not recognized by the European Commission as providing an adequate level of protection for personal data, Custobar undertakes to provide for appropriate safeguards by any appropriate safeguard as foreseen under GDPR.

The Client hereby agrees and acknowledges that the information on the recipients of e-mails, which is viewed as Personal Data, may be processed by Custobar’s sub-processor Sendgrid Twilio outside the EEA. For such data to be transferred and processed outside of EEA by Sendgrid Twilio , it is required that Custobar on behalf of the Client, signs the Standard Contractual Clauses (Processors) with said sub-processor as defined in the decision C(2010)593 of the European Commission on standard contractual clauses for the transfer of Personal Data to processors established in third countries, and its appendices. The Client is a Data Exporter and sub-processor a Data Importer, as defined in the clauses. The signed Standard Contractual Clauses will supersede any prior agreements between the Client, Custobar and sub-processor that are in conflict with the Standard Contractual Clauses. The signing of the Standard Contractual Clauses does not relieve Custobar of its obligations and duties towards the sub-processor outside of the EU or EEA. If such sub-processor would be to establish a server room in the EU or EEA, the process of the transferring of e-mails will be relocated to such server room located in the EU area. Custobar will make all technical and organizational measures to safeguard the Personal Data, as required by law or as agreed upon.

The Parties acknowledge that the European Commission intends to publish a set of new Standard Contract Clauses by the end of year 2020 (“New SCC”). The Parties acknowledge and agree that once the New SCCs have been adopted, Custobar shall sign them with Sendgrid Twilio and the New SCCs will supersede any prior agreements between the Client, Custobar and said sub-processor that are in conflict with the New SCCs. The Parties also acknowledge and agree that this section shall be amended accordingly after the New SCCs have been adopted.

For the sake of clarity, it is noted that Custobar will be solely responsible for its subcontractors’ actions, and eventual negligence, in relation to the Client.

Custobar shall, without undue delay after having become aware of it, inform the Client in writing about any data breaches relating to Personal Data and any other events where the security of Personal Data processed on behalf of the Client has been or may have been compromised (Data Security Breach). Per request of the Client, Custobar shall provide the Client with all relevant information pertaining to such Data Security Breach. Custobar shall also inform the Client of the measures taken to address the Data Security Breach.

Custobar shall document all Data Security Breaches, and store all facts, effects and measures taken due to, and pertaining to, each Data Security Breach. The documentation shall make it possible for the Client to confirm that the Data Protection Regulations have been followed.

At the sole discretion of the Client, Custobar shall either return to the Client or delete all Personal Data it has processed on behalf of the Client, within a reasonable time after the end of the customer relationship, except to the extent that Custobar is under a statutory obligation to continue storing such Personal Data.

8. Confidentiality

The parties shall keep the confidential information of the other party or Custobar confidential and shall not disclose it to a third party without the prior written consent of the other party or Custobar, as applicable.

The confidentiality obligation shall, however, not apply to information that the receiving party has independently developed or legitimately received from a third party or was in the possession of the receiving party prior to receipt from the disclosing party or is part of the public domain. Any knowhow, ideas, technologies or procedures arising from the performance of the obligations set out herein shall not be considered confidential information.

The parties shall ensure that their employees and representatives comply with the confidentiality obligations set out above. In addition, the Client shall ensure that its employees having access to the Service are bound by similar confidentiality obligations as set out herein.

9. Damages and Limitation of Liability

In case a party has breached the provisions of this Agreement and has not remedied such breach in 30 days from receiving a notice thereof, the party shall be liable for the direct damages incurred by the other party as a result of such contract breach.

The total maximum liability of Custobar for any direct damages that arise from the use of the Service shall be limited to the amounts charged from Client for the use of the Service during a period of 6 months. These limitations of liability shall not apply in cases of intentional misconduct or gross negligence.

A party or Custobar (as applicable) shall not be liable for the following damages and claims:

a) damages that arise from the other party’s breach of its obligations set out herein;

b) indirect damages incurred by the other party or a third party such as loss of profit, expected savings or loss, alternation or destruction of information.

Custobar shall not be liable for any direct or indirect damages resulting from the use by Client of third-party services.

The liability of Custobar hereunder shall be limited to this Section 9.

10. Reference Rights

Custobar has the right to use the Client’s name and logo as a customer reference.

11. Term and termination

The Agreement is valid until further notice. The client can terminate this Agreement by canceling the subscription through the Client’s Custobar account. The termination will come to effect at the end of the current billing period.

Custobar may terminate this Agreement with immediate effect, in case the Client’s credit card payment has not been successful.

A party may terminate this Agreement with immediate effect if the other party is dissolved or liquidated, is declared bankrupt or otherwise becomes the subject to other insolvency proceedings.

Custobar is not in any circumstances liable to return any fees already paid for the Service by Client.

12. Applicable law and dispute resolution

The Agreement shall be governed by and construed in accordance with the laws of Finland. Any dispute, controversy or claim arising out of or relation to this Contract, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one. The seat shall be Helsinki, Finland and the language English.

13. Force Majeure

Custobar shall not be liable for the failure to perform its obligations set out under this Agreement when such failure results from any cause beyond the control of Custobar.

In case providing the Service becomes impossible or is unreasonable during a period exceeding 1 month, the Client has the right to terminate the Agreement with immediate effect.

14. Claims

Any claims under the Agreement against Custobar shall be presented within six months from the breach giving rise to the claim. Any claims shall be made in writing.

15. Assignments

A party may not assign this Agreement without the prior written consent of the other party. However, the Agreement may be assigned to an affiliate of a party by written notice to the other party.

16. Miscellaneous

This Agreement represents the entire agreement between the parties with respect to the Service and supersedes all prior negotiations, understandings and agreements relating to the subject matter hereof.

If there is any discrepancy between the Agreement and its attachments, the Agreement shall prevail after which the attachments shall be applied in numerical order.

The client is added to the mailing list of Custobar when signing up for the service.

Appendix 2:

Service description


This is a service description of the Custobar cloud-based Customer Data Platform solution as well as related services (“Service”). By using the Service, the Client may browse its customer, product and sales data, inspect data of individual customers and their sales history as well as communicate to customers through different channels.

The Service includes the following components:

  1. A cloud service, which is used over the web browser
  2. Manuals and user guides
  3. Admin user support

Custobar Service Description

1.) Cloud service used over the web browser

The core service of Custobar is the cloud service which is made available via the internet for users named by the Client. The cloud service offers a user interface for viewing customer, product and sales information and a tool for communicating with customers through multiple channels. There are two different versions of Custobar, depending on whether the Client prefers only to view information or also to update its customer database through Custobar.

Custobar will be integrated to the Client’s systems so that information mentioned above will move from the Client’s system to Custobar and back, if necessary.

Custobar strives to provide the cloud service on a 24/7 basis. Custobar aims to get any disruptions solved as soon as possible.

2.) Manuals and user guides

Manuals and user guides for the use of the Service may be accessed online.

3.) Admin user support

The admin users named by the Client are provided technical support via email by Custobar. The technical support is available during weekdays (Monday to Friday) from 8:00 am until 3:00 pm CET. The solutions/answers to support questions/problems will be communicated to the Client without unreasonable delay as soon as the question/problem is solved. In addition Custobar offers optional higher SLA support services.


The API of the Service may be used by Client or trusted partner to update information to the Service. The documentation of the API is available to the Client.

Also other integrations can be implemented into the Service. Such integration work shall be agreed upon separately. Third parties may be used to perform such integration work only with the prior written consent of Custobar.

Data security

The Services are provided from a certified environment, which is protected against unauthorized access both technically (by firewalls) and physically (secure and monitored server rooms). The communications between the Client’s browser and the Service is SLL encrypted. In addition, any data transfers between third parties for the integration of Client data to the Service is performed via an encrypted connection.

The Service is secured against external attacks and the operability of the system is monitored.

The end-users of the Service are identified with a personal code. Individual end-users have limited rights to access the Client’s data and may only see a limited amount of data as per his authorization. The end-users shall keep their personal codes confidential and secure. Each end-user shall be responsible for all use and activity occurring under the end-user’s personal code, irrespective of whether the end-user was aware of such use.

Back up copying

The Service automatically creates back-up copies of the Client’s data. Such back-up copies are made once per day or, in case the Service is provider as client master, approximately once per hour.

Software updates

The monthly fee of the Service includes software updates and technical maintenance of the system.

Customer service hours

The Custobar customer service hours are from Monday to Friday from 8:00 am until 3:00 pm CET.

Technical requirements

In order to use the Service, the end user must have the following technology:

  • Computer or tablet, with a working internet connection
  • Browser

We recommend to always use the last available version of the internet browser. The Service supports the following browsers: Internet Explorer, Mozilla Firefox, Safari, Opera and Google Chrome. Old versions of the browsers might prevent the use of the Service.

Latest update: September 23, 2020.