Terms of Service & Data Processing Agreement

Last updated: May 10, 2026

By creating an account, accessing, or using the Easynorm platform ("Service"), you ("Customer") agree to be bound by these Terms of Service and Data Processing Agreement (together, the "Agreement").

If you do not agree to this Agreement, you must not use the Service.

1. Definitions

For the purposes of this Agreement:

• "Easynorm", "we", "us", "our": the company operating the Easynorm platform.
• "Customer", "you", "your": the legal or natural person that creates an account on the Service.
• "Service": the Easynorm web application and related services that assist in generating compliance documentation.
• "Compliance Documentation": any documents, reports, declarations, records, templates or outputs generated by the Service based on Customer inputs.
• "Customer Data": any data, content, files, or information (including personal data) that Customer or its users submit to or through the Service.
• "Personal Data": any information relating to an identified or identifiable natural person, as defined under the GDPR.
• "GDPR": Regulation (EU) 2016/679 (General Data Protection Regulation).
• "Controller", "Processor", "Data Subject", "Processing": have the meanings given in the GDPR.
• "Subscription": a paid plan or other commercial arrangement to access the Service.

Unless otherwise stated, capitalized terms used in the DPA section have the same meaning as under the GDPR.

1.1 B2B Use Only

The Service is intended exclusively for use by businesses and professionals. By entering into this Agreement, Customer confirms that it is not acting as a consumer under Czech law (Act No. 634/1992 Coll., Consumer Protection Act).

2. Scope of the Service

2.1 Purpose of the Service

Easynorm provides a platform to help Customers:

1. Assess whether certain regulations and standards may apply to their products or services.
2. Answer structured questionnaires about products or systems.
3. Generate Compliance Documentation from those answers, in line with selected regulatory frameworks and standards.

2.2 No Certification or Guarantee of Compliance

Easynorm does not:

• Certify, audit, or officially validate compliance with any law, regulation, or standard.
• Act as a notified body, conformity assessment body, or market surveillance authority.

The Service generates documents based on Customer-provided information and publicly available regulatory frameworks and standards. Final responsibility for determining and maintaining compliance remains with the Customer.

3. Customer Responsibilities

3.1 Accuracy of Inputs

Customer is solely responsible for:

• The accuracy, completeness, and timeliness of all Customer Data submitted to the Service.
• Ensuring that answers provided in the platform reflect the actual design, implementation, and operation of Customer's products or services.

3.2 Use of Outputs

Customer understands and agrees that:

• Compliance Documentation generated by the Service is guidance and support material, not legal advice or official certification.
• Customer must review, validate, and adapt the documentation as necessary before using it in dealings with regulators, customers, or other third parties.

3.3 Regulatory and Legal Obligations

Customer remains fully responsible for:

• Understanding and complying with the laws and regulations applicable to its business and products.
• Selecting the correct regulatory frameworks and standards in the Service.
• Obtaining independent legal or expert advice where necessary.

4. Assistance with Documentation Deficiencies

4.1 Identification of Deficiencies

If deficiencies are identified in Compliance Documentation generated by the Service — for example by market authorities, customers, or internal reviews — Customer must:

• Notify Easynorm without undue delay, providing relevant context and feedback.
• Provide updated and accurate information needed to correct the documentation.

4.2 Easynorm Assistance

Where deficiencies arise from how the Service generates or structures documentation, and to the extent reasonably possible:

• Easynorm will assist in updating the Compliance Documentation through the platform so that it better aligns with the requirements of the relevant market authorities, based on accurate information provided by the Customer.
• Such assistance does not constitute a guarantee that market authorities will accept the updated documentation and does not alter the allocation of responsibilities described in this Agreement.

5. Account Registration and Use

5.1 Account Creation

To use the Service, Customer must create an account and provide accurate registration information. Customer must keep login credentials confidential and is responsible for all activities under its account.

5.2 Acceptable Use

Customer agrees not to:

• Use the Service for unlawful purposes or to violate applicable laws.
• Attempt to reverse engineer, decompile, or otherwise access the Service's source code.
• Circumvent technical limitations or access the Service in a way that exceeds granted permissions.
• Upload malicious code, conduct denial-of-service attacks, or otherwise attempt to disrupt or damage the Service, Easynorm's infrastructure, or any third-party systems or services.
• Use the Service, or any outputs, data, questionnaire structures, methodologies, regulatory mappings, or other information obtained through the Service, to develop, improve, or assist any product or service that competes with Easynorm, or to provide such information to any third party for that purpose.

Easynorm may suspend or terminate access if it reasonably believes Customer is violating these rules.

6. Intellectual Property

6.1 Easynorm IP

Easynorm and/or its licensors own all rights, title, and interest in and to:

• The Service and all underlying software, models, templates, and know-how.
• The questionnaires, generic templates, and compliance frameworks provided within the Service.

No rights or licenses are granted to Customer except as expressly stated in this Agreement.

6.2 Customer Data and Documentation

Subject to Section 8 (Use of Data for Support and Improvement):

• Customer retains ownership of Customer Data.
• Customer owns the specific Compliance Documentation generated for Customer using Customer's inputs.

Customer grants Easynorm a non-exclusive, worldwide, royalty-free license to process Customer Data and generated documentation solely as necessary to provide and maintain the Service, provide support, and improve and secure the platform as described below.

7. Subscription, Fees and Termination

7.1 Fees

Where applicable, Customer agrees to pay the subscription fees or other charges specified in the chosen plan or order form.

7.2 Automatic Renewal

Unless otherwise specified, Subscriptions renew automatically at the end of each term. Easynorm will send Customer a renewal reminder at least 30 days before the renewal date. Customer may cancel the Subscription at any time before the renewal date to prevent automatic renewal, via the account interface or by written notice to info@easynorm.eu.

7.3 Termination by Customer

Customer may terminate the Agreement by:

• Canceling the Subscription via the account interface, or
• Providing written notice in accordance with Section 17 (Notices).

7.4 Termination by Easynorm

Easynorm may terminate or suspend Customer's access to the Service if:

• Customer fails to pay fees when due; or
• Customer materially breaches this Agreement and does not cure such breach within a reasonable time after notice.

In addition, Easynorm may immediately suspend or terminate Customer's access, without prior notice, without a cure period, and without any obligation to refund fees paid, if Easynorm reasonably believes Customer has:

• engaged in malicious, abusive, or unlawful activity against the Service or any third-party systems; or
• used the Service in violation of the competitive use restrictions in Section 5.2.

Easynorm reserves the right to seek any additional remedies available under applicable law, including injunctive relief, for violations of Section 5.2.

7.5 Effect of Termination

Upon termination:

• Customer's access to the Service may be disabled.
• Easynorm will retain or delete Customer Data in accordance with Section 12 (Data Retention and Deletion).

8. Use of Data for Support and Service Improvement

8.1 Use for Support and Diagnostics

Easynorm may access and process Customer Data and generated Compliance Documentation solely as necessary to:

• Investigate and resolve support requests.
• Diagnose platform deficiencies or errors in documentation generation.
• Ensure security and integrity of the Service.

8.2 Use for Platform Improvement

Easynorm may use Customer Data and generated documentation to improve the Service, including enhancing questionnaires, logic, templates, and regulatory mappings. Such use is subject to the following conditions:

• Easynorm will only derive and use anonymized and/or aggregated patterns from Customer Data. Individual Customer submissions will not be used in a form that identifies or could identify the Customer or its products.
• Individual Customer Data will not be shared with or used to benefit other Customers.
• Personal Data will not be used for improvement purposes.
• Easynorm treats all Customer Data as confidential business information and will not disclose it to third parties except as strictly necessary to provide the Service or as required by law.

Easynorm will not sell Customer Data or share it with third parties for their independent marketing purposes.

9. Warranties, Disclaimers, and No Legal Advice

9.1 Service "As Is"

The Service is provided on an "as is" and "as available" basis. Easynorm does not warrant that:

• The Service will be error-free or uninterrupted.
• Generated documentation will be complete, current, or accepted by any authority.

9.2 No Legal or Regulatory Advice

Easynorm does not provide legal, regulatory, or professional advice. All information and documentation generated by the Service:

• Are for informational and internal use purposes only.
• Must be reviewed and validated by the Customer (and, if needed, by legal or compliance professionals).

Customer is solely responsible for decisions made based on the Service's outputs.

10. Limitation of Liability

10.1 Indirect Damages

To the maximum extent permitted by law, Easynorm will not be liable for:

• Indirect, incidental, special, consequential, or punitive damages.
• Loss of profits, revenue, business, data, or goodwill.

10.2 Liability Cap

To the maximum extent permitted by law, Easynorm's aggregate liability for all claims arising out of or in connection with this Agreement and the Service, whether in contract, tort, or otherwise, is limited to the total fees paid by Customer to Easynorm for the Service in the twelve (12) months preceding the event giving rise to the claim.

10.3 Exceptions

The above limitations do not apply where prohibited by applicable law.

11. Data Protection Roles (GDPR)

11.1 Role of the Parties

For the Processing of Personal Data in connection with the Service:

• Customer acts as Controller (or as a Processor acting on behalf of a third-party Controller).
• Easynorm acts as Processor (or sub-processor where applicable).

11.2 Subject Matter, Duration, Nature and Purpose of Processing

• Subject matter: Personal Data provided or made available by the Customer via the Service.
• Duration: For the duration of the Agreement and as long as Customer Data is stored in the Service.
• Nature of processing: Storage, access, use, adaptation, structuring, and analysis as necessary to provide, support, and improve the Service under this Agreement.
• Purpose: Provision of the Service, including generation of Compliance Documentation, support, diagnostics, and improvement as specified in this Agreement.

11.3 Types of Personal Data and Data Subjects

Personal Data may include (depending on Customer's configuration and use):

• Contact details of employees, contractors, and other stakeholders (e.g., name, email, role).
• Product-, system-, and security-related information that may be linked to individuals.
• Other data uploaded or entered by Customer that may contain Personal Data.

Data Subjects may include:

• Customer's employees and contractors.
• End-users or stakeholders of Customer's products or services.
• Other individuals whose data is included in Customer Data.

Customer is responsible for ensuring that Personal Data provided to Easynorm is limited to what is necessary for the Service.

11.4 Processing on Documented Instructions

Easynorm will process Personal Data only on documented instructions from Customer, unless required to do so by applicable law. If Easynorm is required by law to process Personal Data beyond Customer's instructions, Easynorm will inform Customer before such processing, unless the law prohibits this. Easynorm will promptly inform Customer if it considers that any instruction infringes applicable data protection law.

11.5 Confidentiality of Processing

Easynorm will ensure that all persons authorized to process Personal Data are bound by appropriate confidentiality obligations.

11.6 Audit Rights

Upon Customer's written request, Easynorm will provide information reasonably necessary to demonstrate compliance with this Section 11. Easynorm will permit and cooperate with audits or inspections conducted by Customer or a third party appointed by Customer, subject to: (i) at least 30 days' prior written notice; (ii) reasonable confidentiality obligations; (iii) audits conducted during normal business hours without undue disruption to the Service; and (iv) costs being borne by Customer unless the audit reveals material non-compliance by Easynorm.

11.7 Return and Deletion of Personal Data

Upon termination of the Agreement or upon Customer's written request, Easynorm will, at Customer's choice, delete or return all Personal Data and delete existing copies, unless retention is required by applicable law.

12. Data Retention and Deletion

12.1 Retention During Subscription

Easynorm will retain Customer Data, including Personal Data and generated documents, for as long as necessary:

• To provide the Service and fulfill contractual obligations; and
• As required by applicable law or legitimate business needs (e.g., logging, billing, security).

12.2 Deletion Upon Termination

After termination or expiration of the Agreement, Easynorm will:

• Delete or anonymize Customer Data within a reasonable period, or
• Retain specific data where required by law (e.g., billing records) for mandated retention periods.

Upon request and where technically feasible, Easynorm will provide Customer with an export of key documentation before deletion.

13. Security Measures

Easynorm will implement appropriate technical and organizational measures to protect Personal Data, including:

• Access controls and authentication mechanisms.
• Encryption in transit and at rest where reasonable and appropriate.
• Regular monitoring and logging of system activity.
• Procedures to detect and respond to security incidents.

Details of current security measures may be described in a separate security statement or policy referenced on the Easynorm website.

14. Sub-processors

14.1 Use of Sub-processors

Easynorm may engage third-party sub-processors to process Personal Data on its behalf in connection with the Service (e.g., hosting providers, email services, analytics).

14.2 Requirements for Sub-processors

Easynorm will:

• Enter into data processing agreements with sub-processors requiring appropriate data protection measures.
• Remain responsible for sub-processors' compliance with their data protection obligations.
• Maintain a current list of key sub-processors, available upon request at info@easynorm.eu.

15. Data Subject Rights and Requests

15.1 Customer's Responsibility

As Controller, Customer is responsible for handling requests from Data Subjects exercising their rights under the GDPR or other data protection laws.

15.2 Easynorm's Assistance

Where reasonably possible, Easynorm will:

• Assist Customer, upon request, in responding to Data Subject requests (e.g., access, rectification, deletion).
• Provide necessary information about Easynorm's Processing to allow Customer to meet its obligations.

Any such assistance may be subject to reasonable limitations and, where appropriate, additional fees.

16. Data Breach Notification

In the event of a Personal Data breach affecting the Service:

• Easynorm will notify Customer without undue delay, and in any event within 48 hours of becoming aware of the breach, providing Customer sufficient time to meet its obligations under GDPR Article 33 (72-hour notification to the supervisory authority).
• Notification will include, to the extent reasonably available: the nature of the breach and categories and approximate number of individuals and records affected; the likely consequences; and the measures taken or proposed to address the breach and mitigate its effects.
• Customer remains responsible for notifications to supervisory authorities and Data Subjects as required by applicable law, unless otherwise agreed in writing.
• Easynorm's breach notification does not constitute an acknowledgment of fault or liability.

17. International Data Transfers

Where Personal Data is transferred outside the European Economic Area (EEA):

• Easynorm will ensure such transfers comply with applicable data protection law, including Chapter V of the GDPR.
• Where required, Easynorm will rely on the European Commission's Standard Contractual Clauses (SCCs) or an applicable adequacy decision.
• A list of countries to which Personal Data may be transferred and the applicable transfer mechanisms is available upon request at info@easynorm.eu.

Customer authorizes Easynorm to make such transfers subject to the safeguards described above.

18. Changes to the Service and to this Agreement

18.1 Changes to the Service

Easynorm may update or modify the Service from time to time, including adding or removing features, provided such changes do not materially reduce the overall functionality of the Service.

18.2 Changes to this Agreement

Easynorm may revise this Agreement from time to time. The "last updated" date at the top of this page will reflect the most recent revision.

• Non-material changes (such as clarifications or changes required by law) take effect upon reasonable notice to Customer via email or in-app notification.
• Material changes — including changes to fees, data use rights, intellectual property rights, or liability — require at least 30 days' advance written notice to Customer and take effect only upon Customer's explicit acceptance. If Customer does not accept a material change, Customer may terminate the Agreement in accordance with Section 7.3 before the change's effective date, without penalty.

19. Governing Law and Jurisdiction

This Agreement and any dispute arising out of or in connection with it shall be governed by and construed in accordance with the laws of: Czechia.

The courts of Czechia shall have exclusive jurisdiction to settle any disputes arising out of or in connection with this Agreement, without prejudice to any mandatory provisions of applicable law.

20. Miscellaneous

20.1 Entire Agreement

This Agreement constitutes the entire agreement between Easynorm and Customer regarding the Service and supersedes all prior agreements or understandings.

20.2 Severability

If any provision of this Agreement is held invalid or unenforceable, the remaining provisions will remain in full force and effect.

20.3 Assignment

Customer may not assign or transfer this Agreement without Easynorm's prior written consent. Easynorm may assign this Agreement in connection with a merger, acquisition, or sale of assets.

20.4 Notices

Notices to Easynorm should be sent to:

info@easynorm.eu

Notices to Customer may be sent to the email address associated with Customer's account.