Privacy policy

Last updated:

BG Image

HSIB AB – MASTER TERMS OF BUSINESS & PRIVACY GOVERNANCE

Version: 2.0
Effective Date: February 16, 2026
Entity: HSIB AB, Umeå, Sweden.

SECTION A: GENERAL TERMS OF ENGAGEMENT

1. PREAMBLE AND DEFINITIONS

1.1. Scope. These General Terms ("Terms") govern all services provided by HSIB AB ("The Consultant," "We," "Us") to the Client ("You"). By engaging our services, booking a diagnostic, or utilizing our digital infrastructure, you agree to be bound by these Terms.

1.2. Definitions.

  • "Deliverables" means the specific documents, audits, classifications (e.g., AI Act Risk Assessment), or training modules produced by HSIB AB.

  • "Legal Engineering" refers to the Consultant’s proprietary methodology of translating regulatory texts into technical operational frameworks.

  • "Intellectual Property" means all patents, rights to inventions, copyright, trademarks, and trade secrets in the Consultant’s methodology.

2. NATURE OF SERVICES & REGULATORY STATUS

2.1. Consultancy Status.
HSIB AB operates as a specialized Regulatory Architecture & Safety Consultancy. We are not a law firm (Advokatbyrå) and our consultants do not act as Members of the Swedish Bar Association (Sveriges Advokatsamfund). Consequently, the statutory attorney-client privilege (advokatsekretess) does not apply, although we maintain strict contractual confidentiality.

2.2. Advisory Nature.
All advice, including but not limited to GDPR Architectures, AI Act Classifications, and HAVS (Vibration) Assessments, constitutes technical and strategic recommendations. These recommendations are based on the current enforcement posture of authorities such as IMY (Swedish Authority for Privacy Protection) and Arbetsmiljöverket (Work Environment Authority).

3. CLIENT OBLIGATIONS

3.1. Accuracy of Information.
The Consultant’s "Legal Engineering" process relies on data provided by the Client. The Client warrants that all information submitted via our Diagnostic Forms or interviews is accurate, complete, and up-to-date. HSIB AB accepts no liability for errors resulting from incorrect data inputs regarding the Client's technical stack or industrial machinery.

3.2. Implementation.
The Client acknowledges that regulatory compliance is an ongoing operational duty. HSIB AB provides the framework; the Client is responsible for the execution and day-to-day maintenance of said framework.

4. FEES AND PAYMENT

4.1. Invoicing.
Unless otherwise agreed in a Statement of Work (SOW), services are billed upon delivery of the Draft Deliverables. Payment terms are 30 days net.
4.2. Late Payment.
Interest on overdue payments shall be charged in accordance with the Swedish Interest Act (Räntelagen).

SECTION B: LIMITATION OF LIABILITY (The "Shield")

5. NO GUARANTEE OF REGULATORY OUTCOME

5.1. Regulatory Subjectivity.
Regulatory audits (e.g., by the EU Commission or Swedish Authorities) are subject to the interpretation of individual inspectors. HSIB AB does not guarantee that the Client will pass any specific external audit or certification. Our services represent a "Best Practice Defense" based on current engineering standards.

6. FINANCIAL LIABILITY CAP

6.1. Limitation.
To the maximum extent permitted by Swedish Law, HSIB AB’s total aggregate liability for any claim, loss, or damage arising out of or in connection with an engagement shall be strictly limited to 100% of the fees paid by the Client for the specific Service Module giving rise to the claim.

6.2. Exclusion of Indirect Damages.
HSIB AB shall explicitly not be liable for:

  • (a) Loss of profits, business, or revenue.

  • (b) Administrative fines (Sanktionsavgifter) imposed under the GDPR, AI Act, or AFS.

  • (c) Reputational damage or loss of goodwill.

  • (d) Damages resulting from third-party software (e.g., cloud failures).

6.3. Force Majeure.
Neither party shall be liable for failure to perform obligations due to causes beyond reasonable control (e.g., new contradictory EU legislation, acts of war, pandemics, or infrastructure failure).

SECTION C: INTELLECTUAL PROPERTY & DATA SOVEREIGNTY

7. PROPRIETARY RIGHTS

7.1. HSIB Methodologies.
HSIB AB retains full ownership of all templates, "Legal Engineering" frameworks, diagnostic algorithms, and educational course materials used to provide the Services.
7.2. Client License.
Upon full payment, the Client is granted a perpetual, non-exclusive, worldwide license to use the Deliverables for internal business compliance purposes. The Client may not resell, sub-license, or white-label HSIB AB’s frameworks.

8. CONFIDENTIALITY

8.1. Mutual Non-Disclosure.
Both parties agree to treat all non-public information—including the Client’s trade secrets (e.g., AI algorithms, machinery specs) and the Consultant’s methodologies—as strictly confidential.
8.2. Duration.
Confidentiality obligations survive the termination of this agreement by a period of five (5) years.

SECTION D: PRIVACY & DATA GOVERNANCE (GDPR)

9. PRIVACY POLICY

9.1. Controller Identity.
HSIB AB (Org. nr: [Insert Number]), located in Umeå, Sweden, is the Data Controller for client data collected via this website and during engagements.

9.2. Data Sovereignty Commitment.
We distinguish ourselves through a Sovereign Data Architecture. Unlike US-centric law firms, HSIB AB prioritizes infrastructure that keeps data within the EU/EEA to minimize CLOUD Act risks.

9.3. Categories of Data Processed.

  • Professional Identity Data: Name, Title, Employer.

  • Regulatory Diagnostic Data: Information regarding your AI risk classification, industrial safety gaps, and cybersecurity posture.

  • Communication Data: Metadata from emails and scheduling tools.

9.4. Sub-Processors & Transfer Mechanisms.
We utilize a strictly vetted stack of vendors. By using our services, you consent to processing by:

  • Simply.com (Denmark/EU): Hosting of Email (IMAP/SMTP) and DNS. Legal Basis: Contractual Performance.

  • Framer B.V. (Netherlands/EU): Hosting of Website Frontend. Legal Basis: Legitimate Interest.

  • Calendly LLC (USA): Scheduling. Data transfer protected by Standard Contractual Clauses (SCCs) and TIA.

  • Tally (Belgium/EU): Diagnostic Forms. Hosted strictly within the EU.

9.5. Data Retention.

  • Liability Period: Client deliverables are archived for 10 years to defend against professional liability claims (Swedish Statute of Limitations).

  • Inquiries: Unconverted leads are anonymized after 12 months.

9.6. Security Measures.
We employ Zero Trust access controls, Multi-Factor Authentication (MFA), and end-to-end encryption for all client deliverables.

10. GOVERNING LAW

10.1. Jurisdiction.
These Terms shall be governed by and construed in accordance with the substantive laws of Sweden.
10.2. Dispute Resolution.
Any dispute, controversy, or claim arising out of or in connection with this contract shall be settled by the District Court of Umeå (Umeå tingsrätt) as the court of first instance.