July 4, 2025

USER, LICENSE AND SUBSCRIPTION TERMS

  1. Introduction

1.1 Cerebro 9 by Web-X ApS, CVR no. 27566898, Ørnebjergvej 18, 2600 Glostrup, Denmark (the “Provider”) offers a service that enables users to work with quotes, contracts, and other documents in an easy and smart way.

1.2 The service is marketed under the name Documendo (the “Service”) and is available online at the domain documendo.com.

1.3 Cerebro 9 is a tool designed to quickly handle product compliance within EU.

Cerebro 9 cannot replace legal advice and review.

1.4 These User, License, and Subscription Terms (the “Terms”) govern the use of Cerebro 9.

1.5 The Terms are accepted by all users upon first login/registration and are always available on Cerebro 9.dk in the most recent version.

1.6 The Provider is entitled to list the Customer on its reference list and use the Customer as a reference, including on its website, in newsletters, and other marketing materials, with proper attribution of the Customer’s name and logo.

  1. Access to Cerebro 9

2.1 Access to Cerebro 9 requires a subscription and access to supported devices.

2.1.1 The person who gains access to Cerebro 9 is referred to as the “User” in these terms.

2.1.2 The person responsible for paying for access to Cerebro 9 is referred to as the “Customer” in these terms, regardless of whether the Customer/User only has access to a free version of Cerebro 9.

2.1.3 The User is always a natural person.

2/15

2.1.4 The Customer can be either a natural person or a legal entity/public organization.

2.2 Every User and Customer must accept these terms before Cerebro 9 can be used.

2.3 Cerebro 9 may be offered in both a free and one or more paid versions.

2.4 The version the User has access to depends on the type of subscription the User has.

2.5 All access to Cerebro 9 occurs via the internet using the User’s own supported device. It is solely the User’s responsibility to ensure that they have the necessary internet access.

2.6 It is also the User’s responsibility to ensure that the necessary auxiliary programs are legally installed on the supported devices.

2.7 A User’s access (login information) is strictly personal and MUST NOT be transferred to or used by others.

2.8 If the Provider finds that someone other than the User has used the User’s login information, the Provider is entitled, without notice, to block the User’s access to Cerebro 9.

2.9 If the Customer has purchased a subscription to Cerebro 9 that entitles them to a certain number of concurrent users, the Customer is responsible for creating and deleting users. The Customer may create an unlimited number of users, but the maximum number of concurrent users allowed by the subscription must not be exceeded at any time.

2.10 Access to Cerebro 9 is available around the clock. However, the Provider’s availability guarantee only applies to access on weekdays between 08:00 and 18:00 Central European Time (CET).

3/15

2.11 The Provider guarantees that they will strive to ensure that Cerebro 9 is available every weekday between 08:00 and 18:00 Central European Time (CET). Availability is defined as the ability to access Cerebro 9 from the internet and that Cerebro 9’s functionality generally operates.

2.12 The Provider guarantees that, apart from absolutely urgent updates and maintenance work, no service will be performed on Cerebro 9 on weekdays between 08:00 and 18:00 Central European Time (CET).

2.13 The Provider is not liable for downtime caused by the Provider’s supplier’s downtime, regardless of the reason.

  1. Use of Cerebro 9

3.1 The Customer/User is only permitted to use Cerebro 9 for internal use.

3.1.1 Internal use means that a User may create documents for use by the Customer.

3.2 The use of Cerebro 9 is at the Customer’s risk and on the Customer’s own responsibility.

3.3 The Customer must ensure that the User carefully carries out the following measures for each product that is brought into compliance:

3.3.1 Making the correct legal choices within the framework provided by the document flow.

3.3.2 Entering accurate information or uploading the correct documents/reports (or ensuring that the Customer’s partners, manufacturers or other parties does so if that functionality is available).

3.3.3 Thoroughly proofreading and reviewing the finished document before it is used. The finished could be the Document of Conformaty (DoC).

4/15

3.4 If the Customer makes a claim against the Provider, the Customer must be able to document that the requirements in section 3.3 have been met.

3.5 The documents only become final when the User has entered the required information and utilized the options available within the individual documents.

3.6 The Customer/User alone is responsible for ensuring that the final document constitutes correct fulfillment of the compliance task the Customer has undertaken to fulfill using the document.

  1. Maintenance, Document Collection, and Storage in Cerebro 9

4.1 Cerebro 9 contains the types and variants of documents listed in the Cerebro 9 overview at any given time.

4.2 The document overview consists of documents provided by the Provider, such as a Document of Conformaty (DoC).

4.2.1 The Provider reserves the right to remove documents/document types if maintaining them proves time-consuming/burdensome for the Provider.

4.3 The Provider is obligated to maintain the functionality of Cerebro 9 continuously.

4.4 The Provider is only required to ensure that Cerebro 9 is compatible with the

latest versions of major browsers such as Chrome, Edge, and Safari.

4.5 The Provider updates Cerebro 9’s functionality on an ongoing basis at their discretion, but with careful consideration of the Customer’s requests for new/changed functionality.

4.6 The Provider continuously corrects inconveniences and errors in Cerebro 9 as they become aware of them. Corrections are made in conjunction with ongoing updates.

5/15

4.7 The Provider continuously updates Cerebro 9’s functionality.

4.8 Updates to Cerebro 9 that the Provider expects will significantly negatively impact the user experience/user functionality must be notified to the Customer with at least one month’s notice.

4.8.1 If the Customer cannot accept the update, they may terminate their subscription with 14 days’ notice before the update takes effect.

4.9 The Provider normally does not update Cerebro 9 on weekdays between

08:00 and 18:00, as stated in section 2.12.

4.9.1 This does not apply to updates made for compelling security reasons.

4.10 Integrations to Cerebro 9 are offered by the Provider as a service to the Customer.

4.11 The Provider may freely remove integrations to Cerebro 9, unless the integration is covered by separate subscriptions.

4.12 It is the Customer’s responsibility to acquire the necessary subscriptions, licenses, etc., to use the integrations provided by Cerebro 9.

4.13 Cerebro 9 assumes no responsibility for the usability of the integrations, as this depends on the provider with whom the integration is made.

  1. Storage and Security

5.1 Cerebro 9 is built according to well-known security standards. The Customer can request more information about Cerebro 9’s security by writing to contact@Cerebro9.com.

5.2 Cerebro 9 only uses providers that deliver a high level of security.

6/15

5.3 In Cerebro 9, the Customer can choose to store the finished documents. It is the Customer’s responsibility to assess whether the storage is secure enough to comply with the Customer’s confidentiality obligations.

5.3.1 However, the Provider automatically deletes documents stored in Cerebro 9 after one (1) month after the Customer terminates the subscription.

5.4 The Provider takes a separate backup of the Customer’s stored documents for

30 days, which can be used to recover lost documents.

5.4.1 The Provider’s assistance in recovering documents is provided based on the time spent.

5.5 If the Provider offers various security levels/features, it is up to the Customer to choose the security level that best suits the Customer’s circumstances.

5.6 The Customer is solely responsible for the use of the User’s login information, including ensuring that usage occurs from properly secured devices.

5.7 The Customer’s documents and data are stored at a data center belonging to Team Blue Danmark A/S, located at a secure location in Denmark. Further information regarding the data center can be found here.

  1. Rights to Cerebro 9 and the Documents

6.1 All rights, including copyright to Cerebro 9 and the documents, belong to the Provider in relation to the Customer/User.

6.2 The Provider assures the Customer/User that the Provider holds the necessary rights to fulfill its obligations under these terms.

6.3 The User is only entitled to use Cerebro 9/documents to the extent explicitly permitted by these terms.

7/15

6.3.1 There is no geographical restriction on where documents produced in Cerebro 9 may be used by the Customer/Customer’s client.

6.4 The Provider is entitled, but not obligated, to use technical measures to ensure compliance with these terms, including ensuring that the limits of use of the individual documents are adhered to. The Provider is also entitled to insert watermarks or other distinctive marks in the documents, identifying them as Cerebro 9 documents. This applies regardless of whether the Customer has paid to have the Customer’s or the Customer’s client’s logo or other distinctive marks added to the documents.

  1. Subscription, Changes to Terms, and Price Adjustments

7.1 Access to Cerebro 9 requires that the Customer has entered into a subscription agreement with the Provider.

7.2 The contents of the various subscription types and their prices can be found on Cerebro 9.dk.

7.3 Punch card subscription

7.3.1 A punch card system can be acquired that grants Product compliance for a specific amount of products.

7.3.2 The punch card subscription is valid for 24 months (“subscription period”) from the start date. Unused punches won’t be transferred to a new subscription period.

7.3.3 The subscription period is not automatically renewed.

7.4 Monthly Payment

7.4.1 A subscription runs for one (1) month (“subscription period”) and automatically renews thereafter. The subscription is binding for 12 months from the start date. If the Customer does not wish to renew the subscription

8/15

or wants to make changes, the termination/changes must be made with six months’ notice.

7.4.1.1 Thus, the Customer cannot reduce the scope of their subscription unless it is done with six months’ notice.

7.5 Annual Payment

7.5.1 A subscription runs for 12 months (“subscription period”) and automatically renews thereafter. If the Customer does not wish to renew the subscription or wants to make changes, the termination/changes must be made no later than 3 months before the end of the 12-month period.

7.5.1.1 The Customer can increase but not reduce the scope of the subscription during the subscription period. Reductions in the subscription can be made at the start of a new subscription period.

7.5.1.2 The Provider sends the invoice for the new subscription period 2-3 weeks before the renewal. It is thus the Customer’s responsibility to cancel/change in time if the Customer does not wish to renew or wants to change the subscription.

7.6 The Provider is entitled to increase the price of the Customer’s subscription with at least 4 months’ notice before the start of a new subscription period.

7.7 If the Provider offers a free subscription, the Provider can change or terminate this subscription type at any time with 3 months’ notice.

7.7.1 If a paid subscription expires, the Provider will automatically switch the subscription to a free one if offered. If the Customer does not want a free subscription, they must actively close their access to Cerebro 9.

7.8 The Provider is entitled to change the Terms with at least 4 months’ notice, effective at the beginning of a new subscription period.

9/15

7.9 The Provider can only change the content of a paid subscription type or a subscription with at least 4 months’ notice, effective at the beginning of a new subscription period.

7.10 The Provider has the right to include new document types under a separate new add-on subscription. The same applies to new functionalities that were not present in Cerebro 9 when the Customer purchased the initial subscription.

  1. Liability and Compensation

8.1 The Customer understands and accepts that Cerebro 9 is an auxiliary/support tool that cannot replace legal expertise and professional advice.

8.2 The Customer is solely responsible for ensuring that the Users who use Cerebro 9 on the Customer’s behalf are qualified to do so, including performing the measures mentioned in point 3.4.

8.3 The Customer acknowledges and accepts that the Provider does not offer or provide any advice to the Customer regarding the selection and completion of documents.

8.3.1 Therefore, the Customer accepts that the Provider cannot be held liable as an advisor, including for the legal correctness of the documents offered.

8.4 The Provider cannot be held responsible for the unavailability of Cerebro 9.

8.5 The Provider can only be held liable for errors in the documents that can be attributed to a programming error or failure to comply with point 9.

8.6 The Provider’s liability under 8.5 covers only the Customer’s direct losses resulting from programming errors.

8.7 The Provider’s liability under 8.5 is, throughout the entire subscription period, limited to the greater of either the Customer’s payments to the Provider in the

10/15

12 months preceding the occurrence of the claim or DKK 50,000. However, the Provider’s liability under point 9 is limited to the proportional insurance coverage that the Provider can obtain on behalf of the Customer from its insurance company.

8.8 The limitation of the Provider’s liability does not apply in cases of future or gross negligence.

8.9 The Customer acknowledges that the price of the Customer’s subscription reflects the limitation of the Provider’s liability, including the monetary limitation, and therefore considers the limitation of liability to be reasonable.

8.10 The Customer must indemnify the Provider against all claims brought against the Provider as a result of the Customer’s use of Cerebro 9, including the Customer’s use of documents created using Cerebro 9.

  1. Processing of Personal Data

9.1 The following provisions shall apply to the Provider’s processing of the

Customer’s personal data:

9.2 Both parties must comply with the GDPR and relevant data protection legislation.

9.3 The Customer is responsible for ensuring that the processing of personal data is in accordance with the GDPR, including ensuring that there is a legal basis for the processing that Cerebro 9 is instructed to perform.

9.4 All processing of the Customer’s personal data is carried out according to the Customer’s documented instructions. The documented instructions consist partly of these Terms, allowing the Provider to perform such processing of the Customer’s personal data as is necessary to deliver the documents created by the Customer using Cerebro 9 (the purpose of the processing), and partly of any subsequent specific documented instructions provided by the Customer to the Provider.

11/15

9.5 If the Provider believes that these Terms or a specific instruction are not comprehensive for the Provider’s processing of the Customer’s personal data, or that an instruction from the Customer would violate the GDPR or other relevant data protection legislation, the Provider must immediately notify the Customer. If the Customer maintains that the instruction complies with applicable data protection legislation, the Provider may carry out the instruction without incurring liability to the Customer. The Customer must indemnify the Provider against any claims from third parties resulting from the executed instruction.

9.6 Both parties must implement appropriate technical and organizational measures that meet the requirements of Article 32 of the GDPR to ensure the protection of data subjects’ rights. Additionally, upon request from the Customer, the Provider shall assist the Customer in demonstrating compliance with applicable data protection legislation, including verifying that the aforementioned technical and organizational security measures have been implemented.

9.7 The Provider ensures that persons authorized to process personal data have committed to confidentiality or are under an appropriate statutory duty of confidentiality, and that this can be demonstrated to the Customer.

9.8 The Provider must meet the conditions set out in Article 28(2) and (4) of the GDPR to use another data processor (a sub-processor).

9.9 The Provider has the Customer’s general consent to use sub-processors, provided that the Provider, upon planned changes regarding the addition or replacement, gives the Customer at least 60 days’ notice before the change takes effect, so the Customer can object to the change. If the Provider does not receive objections from the Customer within 30 days of receiving notification, the Provider is entitled to implement the change. The Provider ensures that the sub-processor complies with the requirements of Article 28 of the GDPR and commits to entering into a sub-processor agreement with the sub-processor, which imposes at least the same obligations as the Provider

12/15

has undertaken in these Terms. The Provider is otherwise responsible for the fulfillment of data protection obligations by sub-processors towards the Customer.

9.10 Where possible, the Provider shall include the Customer as a third-party beneficiary in the sub-processor agreement in the event of the Provider’s bankruptcy, so the Customer can assume the Provider’s rights and enforce them against the sub-processors.

9.11 The Provider may not transfer the Customer’s personal data to countries outside the EU/EEA without the Customer’s prior written consent. By accepting these Terms, the Customer consents to the use of the following subcontractors outside the EU/EEA:

Name Address Location of Description of
Processing Processing
None

9.12 The Provider shall, considering the nature of the processing, assist the Customer as much as possible by appropriate technical and organizational measures in fulfilling the Customer’s obligation to respond to requests for the exercise of data subject rights as set out in Chapter III of the GDPR. The Provider’s assistance is provided based on time spent.

9.12.1 Additionally, the Provider shall assist the Customer in ensuring compliance with the obligations under Articles 32-36 of the GDPR, taking into account the nature of the processing and the information available to the Provider.

9.12.2 The Provider shall make available to the Customer all information necessary to demonstrate compliance with the requirements set out in Article 28 of the GDPR and shall allow for and contribute to audits, including inspections, conducted by the Customer or another auditor authorized by the Customer.

13/15

9.12.3 The Provider must comply with Article 33 of the GDPR and, without undue delay, notify the Customer upon becoming aware of a personal data breach. The notification to the Customer must occur, if possible, no later than 48 hours after the Provider becomes aware of the breach. The notification must at least meet the requirements for notification set out in Article 33(3)(a), (c), and (d). These obligations apply regardless of whether the Provider is responsible for the data breach. If the Provider or its sub-processors are not responsible for the breach, the Provider’s assistance is provided based on time spent.

9.13 It is the Customer’s responsibility to instruct the Provider on the deletion of the Customer’s personal data stored in Cerebro 9 if the Customer requires the Provider’s assistance for this.

9.14 All matters regarding breach, liability, and compensation are regulated in clause 8 of these Terms.

9.15 Both parties must maintain the records of processing activities mentioned in Article 30 of the GDPR. If there are changes in the categories of personal data or categories of data subjects that the Provider processes on behalf of the Customer, the Customer must promptly notify the Provider:

Types of personal data Categories of data subjects
Name Employees/Users
Address
Email
Job Title
Phone Number
Name Customers partner /
Job title manufacturer / Test
Email laboratories

9.16 The provider use the following sub-processors:

14/15

Sub-processor Description of use
Team Blue Denmark subbrand Hosting
Dinero Billing

9.17 As security measures the provider has installed firewall, antivirus software, and automatic updates for the Windows platform are activated. All devices are properly protected against unauthorized access through the use of passwords. The premises where work is conducted are properly locked.

  1. Provider’s use of data

10.1 The provider is entitled to use all data generated by the customer’s use of Cerebro 9 to improve Cerebro 9 and to develop new functionalities and services.

10.2 The right under 10.1 does not include the use of personal data but only system-generated data, including the extent and timing of the customer’s use of Cerebro 9.

10.3 The customer agrees that the provider may i) use the generated Documents of Conformaty (DoC) in a searchable public database and ii) display uploaded testreports/documents for a product to other customers and iii) use the system generated compliance results for a product to other customers.

  1. Version

11.1 These terms were last updated on 4 July 2025.