By creating an account with LessAdmin, you accept the terms and conditions in full. You can always delete your profile.
- Description of the service
LessAdmin is a service that offers organizations to keep records of employees and relevant employee data and documents in order to manage the staff. In addition it allows employees and organizations to handle time-off requests, time-off calendar, simple intranet documents, publish internal news, onboarding & offboarding of employees, employee benefits overview & generate human resources statistics and reports. In the marketplace organizations can market their products and services to other organizations and their employees. (the "Service")
Through the Service organizations are given the opportunity to invite their employees to register their personal data so that LessAdmin can store and share the employee’s information and documentation with the organization. The organization can further store necessary employee documentation via the Service.
To use the Service, you must register a user profile.
You manage your own personal and contact information directly in the Service. You are responsible for ensuring that all information you provide to LessAdmin is correct, accurate and complete, as well as for keeping the information up to date at all times.
Username and password associated with your account is strictly personal. You are responsible for ensuring that your passwords at no time are made available to others, and are aware that you may be held responsible for all activity associated with your account. Upon suspicion that someone else has access to your password or account, you are obliged to immediately notify LessAdmin for this.
- Responsibility for content and use
We are not responsible for the content shared or collected through the Service. You are responsible for ensuring that the content:
- Is not misleading, misleading or otherwise incorrect;
- Violates someone else's privacy or intellectual property rights;
- Seems offensive
Content that falls into any of the above categories may be removed from the Service upon prior notice. Your account may be temporarily or permanently deactivated in the event of a breach of this provision.
You are also responsible for not using the service in a way that violates the privacy of others.
- Personal data
In order to provide the service, we process various personal data:
- Employees: name, contact information, profile picture, birth and social security number, gender, nationality, emergency contact information, information necessary to process salary. Work information such as job title, starting/end dates, employment type, percentage, department, office location, manager & reporting structure, timeoff data and statistics, contractual documents and any other background information uploaded on LessAdmin.
- Organizations: name and contact information, department structure, office locations.
For data you choose to upload in the Service, we are the data processor. We only process this information in accordance with the data processor agreement entered into with you (Appendix 1).
- Changes to the Service
LessAdmin reserves the right to make regular updates of the service without prior notice. Such updates may not include all the features that were available in the previous version.
If we make changes in functionality and/or content that significantly impair the Service, this shall be treated as a change to the Agreement. Such change will be notified at least 14 days before the changes take effect.
- License to use
We own all rights to the service. This includes, but is not limited to the concept, design, trademarks, know-how, trade secrets, copyright, and other intellectual property rights.
Upon acceptance of these terms, you are given a license to use the service, limited to those features that are made available to you at any time that is required to use the Service. This license grants no right to modify, reproduce, copy or emulate the software or other parts of the service.
- Accepted use
This means, among other things, that you will not use the Service:
- In any way causing deterioration of performance or availability of service;
- In any way that is illegal, fraudulent or harmful to any of the parties;
- To remove or obtain information or data about other users without their consent;
- To transmit or post illegal, immoral, libelous, offensive, threatening, vulgar or obscene material;
- To copy, store, transmit, transmit, use, publish or redistribute material containing software viruses or other malicious data code, files, scripts or programs; or
- To attempt to gain unauthorized access to the Service.
In addition, you shall not:
- Decompile or otherwise attempt to obtain or access the source code of any software components of the Service;
- Behave in a manner which is objectionable to others;
- Act in a manner that is likely to harm LessAdmin; or
- Links to other websites
- LessAdmin subscription plans
9.1 Available Service Plans
The LessAdmin services are available under different Service Plans. Our Websites provide details of the available Service Plans, which can be categorized as one of the following:
- Paid Service Plans: Our paid Service Plans give access to all features and functionality. The Paid Service Plans are permitted for use in professional settings. The features and functionalities available depend on the plan type. Each plan has limitations on the number of employees.
- Free demo trial: The purpose of this plan is to give a demonstration of functionality and is not intended for use in a professional setting.
The Service Plans vary based on the LessAdmin Service you have chosen to subscribe to, and the content and features of a Service Plan may vary based on when you signed up. Details about the different Service Plans are available on our website.
You can manage your Service Plans from your LessAdmin user account.
10. Payments, cancellations, upgrades
Paid Service Plans can be purchased directly from LessAdmin in the Service.
You promise that your registration information, payment details (if you have signed up for a paid Service Plan subscription) and any other information that you submit to us are true, accurate, and complete, and you agree to keep it that way at all times. If you have provided incorrect or inaccurate information, you should return to the log-in screen or correct such information in your account settings. You promise that no other person shall be allowed to use or access your account, or in any other way make use of the rights conferred to you pursuant to the Agreement.
10.2 Payments and Subscription Periods
All Paid Service Plans are payable in advance of each Subscription Period, non-cancelable and, non-refundable.
You will be charged prior to being granted access to your Paid Service Plan. At the end of your current Subscription Period, your Paid Service Plan subscription will automatically renew and you will be charged for the next Subscription Period in accordance with your registered payment information.
If you don’t pay for your Paid Service Plan on time, LessAdmin reserves the right to suspend your account or remove Paid Service Plan features.
If you do not wish to renew your Subscription Period for a Paid Service Plan or Content Subscriptions, you must cancel your Paid Service Plan and/or Content Subscriptions before the end of your current Subscription Period. Any cancellation will become effective on the first day after the last day of your current Subscription Period. Upon cancellation, your access will be terminated. After 30 days your account data will be deleted.
10.4 Upgrades and downgrades
You may at any time upgrade or downgrade your Paid Service Plan subscription to a different Service Plan. If you have downgraded your subscription to a lower tier Service Plan, such downgrade will take effect on the day after the last day of the current Subscription Period. If you have upgraded your subscription to a higher tier Service Plan, such upgrade will take effect immediately subject to payment of the applicable upgrade fee.
Upon becoming effective, your Service Plan upgrade will apply for the duration of your current Subscription Period, and your next Subscription Period renewal will be based on terms of your upgraded Service Plan.
10.5 Price changes and new Service Plans
LessAdmin may change the price for a Paid Service Plan. If such price change applies to you it will be effective from the beginning of your next Subscription Period. Your continued use of the LessAdmin Services constitute your acceptance of the price change. If you do not agree with the price changes, you have the right to reject the change by cancelling your subscription prior to your next Subscription Period renewal.
We do not provide any refunds if the price for a Paid Service Plan drops, or if we offer subsequent promotional pricing or change the content or features of a Service Plan.
LessAdmin may decide to change or replace our Service Plans. If the Service Plan you have subscribed for is changed or replaced, your subscription will automatically be for the Service Plan that corresponds with the pricing of your original plan unless you chose to upgrade your subscription.
We may, at our own sole discretion, offer you a Trial. We reserve the right to revoke the Trial and put your account on hold in the event that we determine that you are not eligible. Separate terms and conditions, including restrictions on available features or areas of use, may apply when using a LessAdmin Service under a Trial.
For some Trials, we’ll require you to provide your payment details to start the Trial. In such cases, your Trial will automatically be converted to a paid subscription for the selected Service Plan and/or Content Subscription as of the first day after the end of your Trial period. We will use the payment details you provided when you started the Trial to charge you. If you do not want to continue using your selected Service Plan on a paid subscription basis, or a Content Subscription, you must cancel your subscription before the end of the Trial period.
- Account termination
You can terminate your user account at any time by sending an email to firstname.lastname@example.org. Already paid subscription fees will not be refunded.
We reserve the right to change the price of the Service. In the event of any price changes, we will notify you at your registered email address. Price changes for subscriptions take effect at the beginning of the next subscription period, but not with shorter notice than 30 days. By continuing to use the Service after the price change takes effect, you accept the new price.
- No guarantees
Even if we try to the best of our ability to deliver the Service, the Service is delivered "as is" without explicit or indirect guarantees of any kind, unless otherwise provided by Norwegian law. You are solely responsible for your use of the Service.
- Limitation of liability
***To the maximum extent permitted by law, in no event will LessAdmin, its officers, shareholders, employees, agents, directors, subsidiaries, affiliates, successors, assigns, suppliers, or licensors be liable for (1) any indirect, special, incidental, punitive, exemplary, or consequential damages; or (2) any loss of use, data, business, or profits (whether direct or indirect), in all cases arising out of the use or inability to use the LessAdmin service, Third Party Applications, or Third Party Application content, regardless of legal theory, without regard to whether LessAdmin has been made aware of the possibility of those damages, and even if a remedy fails of its essential purpose. LessAdmin’s aggregate liability for all claims arising under or in connection with this Agreement shall be limited to the amounts paid by you to LessAdmin under this Agreement during the twelve months immediately preceding the last event giving rise to liability.
Nothing in the Agreement removes or limits LessAdmin’s liability for fraud, fraudulent misrepresentation, death or personal injury caused by its negligence, and, if required by applicable law, gross negligence.***
To the fullest extent permitted by applicable law, you agree to indemnify and hold harmless LessAdmin and its parent company and affiliates, and their directors, officers, managers, employees, donors, agents, and licensors, from and against any claims and all losses, expenses, damages and costs, including reasonable attorneys’ fees, resulting from: (1) Your breach of the Agreement; (2) any User Content; (3) any activity in that You or anyone using your account engages on or through the LessAdmin Service; and (4) Your violation of any law or the rights of a third party. We reserve the right to take over the exclusive defense of any claim for which we are entitled to indemnification under these Terms. In such an event, you shall provide us with such cooperation as is reasonably requested by us.
- The whole agreement
These terms, as well as the annexes, constitute the entire agreement between you and us, and supersede any previous agreements.
This Agreement is governed by and shall be construed in accordance with Norwegian law. The parties shall seek to resolve any disagreement or dispute concerning the Agreement amicably. Oslo District Court is the venue for disputes that cannot be resolved amicably.
Less Company AS
Org. no. 924 912 103
0690 OSLO, NORWAY
Appendix 1: Data Processing Agreement
between the user of the Service (the " Controller") and Less Company AS (the " Processor").
The purpose of the Processing Agreement is to regulate rights and obligations pursuant to applicable Data Protection Legislation relating to the processing of Personal Data which the Controller provides to the Processor as part of the provision of the Services. The Processing Agreement shall ensure that Personal Data is not used unlawfully and does not come into the possession of any unauthorized party.
In the event of a conflict between the Agreement and the Processing Agreement, the Processing Agreement takes precedence with regard to matters specifically related to the processing of personal data.
"Data Protection Legislation" refers to EU Regulation 2016/679 ("GDPR" and any at any time applicable national legislation related to privacy, including legislation that implements or supplements the GDPR.
"Personal Data" means any information relating to an identified or identifiable natural person (the "Data Subject")
"Third-countries" means countries outside the EU/EEA.
"Sub-processors" means subcontractors engaged by the Data Processor to process Personal Data under this Processing Agreement.
For privacy terms not defined in this Processing Agreement, the definitions in Article 4 of the GDPR apply.
- the obligations of the controller
The Controller determines the purposes and means of the processing of Personal Data. The Controller shall comply with its obligations pursuant to Data Protection Legislation, including responsibility to ensure necessary legal basis for collecting, processing and transfer of Personal Data.
- Scope of processing
The Processor, its Sub-processors, and other persons acting under the authority of the Processor who has access to the Personal Data shall process the Personal Data only on behalf of the Controller and in compliance with its lawful instructions and in accordance with the Processing Agreement, unless otherwise stipulated in applicable statutory laws.
The Processor must immediately notify the Controller if the Processor believes that an instruction is in violation of the Data Protection Legislation.
The Processor shall keep a protocol of all processing activities on behalf of the Controller in accordance with GDPR Article 30.
- Services, processing, personal data and data subjects
The nature and purpose of the processing is to store information and documentation that the Controller uploads in the Service, so that i) the organizations that need the said information and documentation can retrieve it where the Controller agrees to it, or ii) the organization can upload and store necessary information in the Service.
The processing applies to name, birth number, address and other information about the Controller or others which appears from the documentation the Processor uploads in the Service.
The Processor, its Sub-processors, and other persons acting under the authority of the Processor who has access to the Personal Data are subject to a duty of confidentiality and shall observe professional secrecy in regard to the processing of Personal Data and security documentation pursuant to applicable Data Protection Legislation.
The Controller is subject to a duty of confidentiality regarding any documentation and information, received by the Processor, related to the Processor's and its Sub-processors' implemented technical and organisational security measures.
The confidentiality obligations also apply after the termination of the Processing Agreement.
- Information security
The Processor shall implement appropriate technical and organisational measures as stipulated in Data Protection Legislation and/or measures imposed by relevant supervisory authority pursuant to Data Protection Legislation to ensure an appropriate level of security.
The Processor shall assess the appropriate level of security and take into account the risks related to the processing, including risk for accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Person Data transmitted, stored or otherwise processed.
All transmissions of Personal Data between the Processor and the Controller or between the Processor and any third party shall be done at a sufficient security level.
The Processor has in Appendix 1a given a general description of technical measures implemented to ensure an appropriate level of security.
The Processor shall provide reasonable assistance to the Controller, taking into account relevant information available to the Processor, if the Controller is obliged to perform an impact assessment and/or consult the supervisory authority in connection with the processing of Personal Data. The Controller shall bear any costs accrued by the Processor related to such assistance.
- Access to personal data and fulfilment of data subjects' rights
Unless otherwise agreed or pursuant to applicable statutory laws, the Controller is entitled to access all Personal Data being processed by the Processor on behalf of the Controller. The Controller shall bear all costs and charges relating to any such access, unless such access is available as a part of the Services.
If the Processor or Sub-Processor receives a request from the Data Subject for the processing of Personal Data, the Processor shall forward the request to the Controller, unless the Processor in accordance with applicable law or in accordance with the Controller's instructions is entitled to handle the request.
The Processor shall assist the Controller for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights stipulated in Data Protection Legislation, including the Data Subject's right to (i) rectification of its inaccurate Personal Data; (ii) erasure of its Personal Data; (iii) restrict the processing of its Personal Data; and (iv) receive its Personal Data in a structured, commonly used and machine-readable format. The Processor shall be compensated for such assistance at the Processor's then current rates, unless otherwise agreed.
- Other assistance to the controller
If the Processor or a Sub-Processor receives a request from the relevant supervisory authority for access to or information about registered Personal Data or processing activities covered by the Processing Agreement, the Processor shall notify the Controller of the request, unless the Processor itself is entitled to handle the request.
If the Controller is obliged to carry out a DPIA and/or carry out preliminary discussions with the relevant supervisory authority in connection with the processing of Personal Data under the Processing Agreement, the Processor shall assist the Controller.
- Data breach and notification
The Processor shall notify the Controller without undue delay, and at the latest within 36 hours, after becoming aware of a Personal Data breach. The Controller is responsible for notifying the Personal Data breach to relevant supervisory authority.
The notification to the Controller shall as a minimum describe (i) the nature of the Personal Data breach including where possible, the categories and approximate number of Data Subjects concerned and the categories and approximate number of Personal Data records concerned; (ii) the likely consequences, in the reasonable opinion of the Processor, of the Personal Data breach; (iii) the measures taken or proposed to be taken by the Processor to address the Personal Data breach, including, where appropriate, measures to mitigate its possible adverse effects.
In the event the Controller is obliged to communicate a Personal Data breach to the Data Subjects, the Processor shall assist the Controller, including with the provision, if available, of necessary contact information to the affected Data Subjects.
- Use of sub-processors
The Processor is granted a general authorisation to engage subcontractors ("Sub-processors") in the processing of the Personal Data, subject to the procedure for engaging Sub-processors as set out in Section 8.2 below. The Processor shall maintain an up-to-date list of the names and contact details of any Sub-processors and locations used by such Sub-processors for processing of Personal Data on behalf of the Controller, which should be made available at the Controller's request.
The Processor shall ensure that the Processor's obligations as follows from the Processing Agreement and the Data Privacy Legislation are imposed on Sub-processors. The Processor shall be fully responsible to the Controller for the Sub-processors fulfilling their obligations.
Disclosure or transfer of Personal Data to Third Countries may only occur in case of approval from the Controller as described in Section 10 above, and is subject to EUs standard contractual clauses, technical and organisational measures, or other legal basis for such transfer or disclosure.
The Processor shall assist the Controller with its risk assessment of the use of Sub-processors and/or the transfer of Personal Data to a Third Country, as well as an assessment of whether the transfer is legal, including assessing whether the Third Country ensures an adequate level of protection, if additional measures need to be implemented, as well as provide documentation that necessary additional measures can be implemented.
The Processor is obliged to provide the Controller with the documentation of implemented technical and organisational measures to ensure an appropriate level of security, as well as any other information necessary to document that the Processor meets its duties after this Processing Agreement as well as Data Privacy Legislation.
The Controller and the relevant supervisory authority shall be entitled to conduct security audits, including inspections and evaluation of Personal Data being processed, the systems used for this purpose, implemented technical and organisational measures, and Sub-processors.
The Controller may appoint an external auditor to perform the security audits, which is bound by confidentiality.
The Controller shall bear any costs related to security audits initiated by the Controller.
- Term and termination
The Processing Agreement is valid for as long as the Processor processes Personal Data on behalf of the Controller.
In the event of the Processor's breach of the Processing Agreement, the Controller may (i) instruct the Processor to stop further processing of Personal Data with immediate effect; (ii) terminate the Processing Agreement with immediate effect.
- Effects of termination
The Processor shall, upon the termination of the Processing Agreement and at the choice of the Controller, delete or return all the Personal Data to the Controller, unless otherwise stipulated in applicable statutory laws.
The Processor shall document in writing to the Controller that deletion has taken place in accordance with the Processing Agreement.
- Notices and amendments
All notices relating to the Processing Agreement shall be submitted in writing to the electronic address stated.
Any modification or amendment of this Processing Agreement shall be effective only if agreed in writing and signed by both parties.
Appendix 1a to the Processing Agreement: technical and organisational measures
Physical access control
Processor will take proportionate measures to prevent unauthorised physical access to Processor's premises and facilities holding personal data. Measures shall include:
- Procedures and/or systems for access control, including security
- Door locking or other electronic access control measures
- Alarm system
- Logging of facility entries/exits
- ID, key or other access requirements
Access control to systems
Processor will take proportionate measures to prevent unauthorised access to systems holding personal data. Measures shall include:
- Password procedures (including e.g. requirements to length or special characters, forced change of password on frequent basis etc.)
- Access to systems subject to approval from HR management or IT system administrators
- Guest users or anonymous users being denied access to the systems
- Central management of system access
- Routines for locking of computer when leaving the work station, and automatic lock after five minutes
- Restriction on the use of replaceable media, such as memory sticks, CD/DVD or removable hard drives, as well as encryption requirements
Access control to data
Processor will take proportionate measures to prevent authorised users from accessing data beyond their authorised access rights, and to prevent the unauthorised access to or removal, modification or disclosure of the data. Measures shall include:
- Access on a need-to-know basis
- Differentiated access rights, defined according to duties
- Automated log of user access via IT systems
Data entry control
Processor will take proportionate measures to check and establish whether and by whom personal data has been supplied in the systems, modified or removed. Measures shall include:
- Differentiated access rights based on duties
- Automated log of user access, and frequent review of security logs to uncover and follow-up on any potential incidents
- Ensure that it is possible to verify and confirm to which third parties Personal Data may have, or has been, disclosed using electronic communication equipment
- Ensure that it is possible to verify and confirm which Personal Data has been entered in the system, changed or deleted, as well as when and by whom
Processor will take proportionate measures to prevent unauthorised access, alteration or removal of personal data during transfer of data. Measures shall include:
- Use of state of the art encryption on all electronic transfer of data
- Audit trail of all data transfers
Processor will take proportionate measures to ensure that data are protected from accidental destruction or loss. Measures shall include:
- Frequent back-up of data
- Remote storage
- Use of anti-virus/firewall protection
- Monitoring of systems in order to detect viruses etc.
- Ensure stored data cannot be corrupted by means of malfunctioning of the system
- Ensure that installed systems can be restored in the event of a malfunction
- Uninterruptible power supply
- Procedures for ensuring business continuity
Processor will take proportionate measures to ensure that data collected for different purposes are processed separately. Measures shall include:
- Restrictions on access to data stored for different purposes based on duties
- Separate IT systems
Training and awareness
Processor shall ensure that all employees are aware of routines on security and confidentiality, through:
- Regulations in employment contracts on confidentiality, security and compliance with internal routines
- Internal routines and courses on processing of personal data to create awareness