Terms of Service

These Terms of Service (the "Agreement") constitute a legally binding contract between the Provider — the entity operating the QReportly platform ("QReportly", the "Platform", or the "Provider") — and the legal entity that creates an account, purchases a subscription, or otherwise uses the services (the "Client", the "User", or the "Enrolled Legal Entity").

By accessing the Platform, creating an administrator account, completing checkout, activating a workspace, or continuing to use the services, the Client confirms that it has read, understood, and fully accepted this Agreement, as well as the Privacy Policy and Cookie Policy published on the website.

If the Client representative does not have authority to bind the legal entity or does not accept the terms below, access to the Platform must be discontinued immediately. The Provider reserves the right to refuse, suspend, or close any account that does not meet legal or contractual requirements.

For the purposes of this Agreement, the terms below have the following meanings, whether used in singular or plural form:

QReportly provides access to a secure SaaS digital infrastructure designed for the implementation and operation of internal channels for reporting breaches of law, in accordance with Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law, as well as the applicable national transposition laws in the Member States where the Client operates or is registered.

The services provided are strictly technical and operational in nature. The Platform enables the Client to receive reports, communicate securely with reporters, manage procedural deadlines, generate the official register, export compliance documentation, and administer organizational settings. The Provider does not deliver legal advisory services, compliance audits, representation before authorities, or substantive legal assessment of reports.

The contractual relationship between the Provider and the Client does not replace the Client's legal obligations toward employees, reporters, supervisory authorities, or other third parties. The Client remains solely responsible for ensuring that its organization complies with all mandatory requirements of applicable law.

The Platform services are intended exclusively for legal entities and their representatives who are duly authorized to enter into contracts on behalf of the organization. Users creating accounts represent and warrant that they hold such authority.

The Client is responsible for the accuracy of registration data, maintaining access credential confidentiality, managing internal user permissions, and all activity conducted within its workspace. Any unauthorized access must be reported to the Provider without undue delay.

The Provider may request additional documents or information to verify the identity of the Client or its representatives. Failure to provide reasonably requested information may result in access suspension.

The User — the Enrolled Legal Entity — is directly, exclusively, and fully responsible for selecting the pricing plan that corresponds to the actual size of its organization, measured by workforce headcount (or by eligibility criteria set out in the pricing schedule published on the Platform).

Declaring a lower workforce than the actual one, intentionally or through gross negligence omitting relevant information, using a plan that is undersized in relation to organizational reality, or otherwise providing inaccurate commercial data constitutes a material contractual breach. In such cases, the Provider is entitled, without prior notice and without compensation, to apply one or more of the following measures: (i) immediate suspension of account and service access; (ii) automatic termination of the Agreement; (iii) declaration of absolute legal nullity of the Compliance Certificate generated on PDF reports during the period of pricing non-compliance; (iv) recovery of due price differences, contractual penalties, and any investigation costs.

The Client acknowledges that the validity of compliance documents exported from the Platform is conditional upon up-to-date subscription payment and alignment between the purchased plan and the actual size of the organization. Any use of certifications issued under non-compliant conditions is at the Client's sole risk.

The Provider grants the Client a non-exclusive, non-transferable, revocable license, limited to the subscription term, to access and use the Platform solely for the purpose set out in this Agreement.

The Platform is provided "as is" and "as available," with commercially reasonable efforts to maintain availability and security. The Provider does not guarantee uninterrupted operation, complete absence of errors, compatibility with every Client IT system, or automatic fulfillment of all legal obligations applicable to the Client.

Updates, scheduled maintenance, infrastructure migrations, or remediation of security incidents may result in temporary interruptions. The Provider will use commercially reasonable efforts to provide prior notice of planned interruptions.

QReportly provides only the technological tool for managing internal reporting channels. The Provider does NOT offer legal advice, legal opinions, compliance audit services, or assurance of the Client's fulfillment of statutory obligations.

Substantive assessment of reports, legal qualification of reported facts, decision to initiate or discontinue investigations, appointment of the Designated Person, communication with authorities, and compliance with mandatory response deadlines — including acknowledgment of receipt within a maximum of 7 (seven) calendar days and communication of outcome within a maximum of 3 (three) calendar months, with possible extensions as permitted by law — remain exclusively the responsibility of the Client and its appointed Designated Person.

To the fullest extent permitted by applicable law, the Provider, its administrators, collaborators, subcontractors, and infrastructure providers shall not be liable for: (a) fines, administrative penalties, corrective measures, or sanctions imposed on the Client by state authorities, audit bodies, labor inspections, data protection authorities, or other competent institutions; (b) direct or indirect loss arising from improper use of the Platform; (c) the content of reports, messages, or files submitted by reporters; (d) the Client's internal decisions regarding case handling; (e) loss of profit, loss of opportunity, reputational harm, or other consequential damages.

The Provider's total aggregate liability toward the Client, for any cause and regardless of theory of liability (contract, tort, or otherwise), is limited to the amount actually paid by the Client to the Provider in the 12 (twelve) months preceding the event giving rise to the claim. If no amount has been paid, the liability cap is zero.

The limitation and exclusion clauses in this section survive termination of the Agreement and apply to the extent permitted by mandatory applicable law.

The Client undertakes to use the Platform in accordance with law, this Agreement, and Provider policies, exclusively for implementing an internal reporting channel.

All intellectual property rights in the Platform, including source code, design, trademarks, documentation, and know-how, belong exclusively to the Provider or its licensors. No ownership rights are transferred to the Client under this Agreement.

Data entered by the Client into the Platform and report content remain under the Client's responsibility as Data Controller within the meaning of Regulation (EU) 2016/679 (GDPR), subject to the Provider's Processor role as detailed in the Privacy Policy.

The Client grants the Provider a limited license to process data strictly for service delivery, maintenance, security, technical support, and legal compliance.

The User may change pricing plans (upgrade) directly from the Platform settings panel as the organization grows or when headcount exceeds the limits of the current plan. Downgrades may be restricted if existing data or configuration exceed the limits of the lower plan.

Subscription payment is recurring and prepaid through the integrated payment processor (Stripe). The Client authorizes charging of the registered payment method at each billing cycle, according to the prices displayed at the time of purchase or plan update.

Failure to pay at maturity may lead to access suspension after a reasonable grace period. The Provider may apply late interest and recovery costs within legal limits.

For telephone assistance regarding subscriptions, plan configuration, or commercial matters, the Client may contact the Provider at +40 764 381 795 during the intervals communicated on the Platform.

The Provider may suspend or terminate the Client's access, in whole or in part, with or without prior notice, in case of: breach of this Agreement; provision of false data; non-payment; abusive use; security risk; legal requirement; or order from a competent authority.

The Client may terminate the subscription in accordance with the procedure available in the settings panel or by written request. Termination does not release the Client from payment obligations for the current billing period or liability for prior use.

Upon termination, access to services ceases on the effective date of termination or expiry. The Provider may retain or delete data in accordance with the Privacy Policy and legal obligations. Clauses that by nature must survive — including limitation of liability, intellectual property, and applicable law — remain in force.

The Provider may update this Agreement to reflect legal changes, technical developments, commercial adjustments, or security requirements. The updated version will be published on the Platform with the effective date indicated.

Continued use of the services after the effective date constitutes acceptance of the amendments. If the Client does not accept the amendments, the sole remedy is to discontinue use and terminate the subscription before the effective date.

This Agreement is governed by the law applicable in the jurisdiction where the Provider conducts its principal Platform operations, excluding conflict-of-laws rules that would refer to another legal system.

The parties shall make good-faith efforts to resolve any dispute amicably. If no resolution is reached, disputes shall be settled by the competent courts at the Provider's registered office, except where mandatory law applicable to the Client provides otherwise.

No provision of this Agreement limits consumer rights that may exceptionally benefit from mandatory local protections; however, the services are intended for B2B use by legal entities.