Terms of use

These terms of use apply to all offers, agreements and services of ManagementSysteem.nl relating to our online platform for information security and compliance (ISMS / GRC). The platform is a no-code register and table builder with which you manage, among other things, ISO 27001, NEN 7510, BIO/ENSIA, GDPR, ISO 9001 and comparable standards frameworks. Please read these terms carefully before using the service.

Last updated: June 2026

1. Definitions

In these terms of use, the following terms have the meaning set out alongside them, in both the singular and the plural.

• ManagementSysteem.nl: the provider of the service, established at Euclideslaan 55, 3584 BM Utrecht, the Netherlands, registered with the Chamber of Commerce under number 99739704. In these terms also referred to as "we", "us" or "our".
• Customer: the natural person or legal entity that enters into an agreement with ManagementSysteem.nl or uses the service. In these terms also referred to as "you" or "your".
• Business customer: a customer acting in the course of a profession or business.
• Consumer: a customer who is a natural person and is not acting in the course of a profession or business.
• Service: the online platform offered by ManagementSysteem.nl as software-as-a-service (SaaS), including all functionality, registers, tables and associated support.
• Account: the personal access to the service secured by login credentials.
• User: a person linked to the customer's account who uses the service on behalf of the customer.
• Customer data: all data and content that the customer or its users enter, store or process within the service, including registers, risks, documents, evidence and tasks.
• Agreement: the agreement between ManagementSysteem.nl and the customer under which the service is provided, including these terms of use and, where applicable, the data processing agreement.
• Data processing agreement: the agreement referred to in Article 28 of the GDPR, which governs the processing of personal data on behalf of the customer.
• Website: the website of ManagementSysteem.nl and all subpages connected to it.
• In writing: communication by letter and, treated as equivalent to it, electronic communication such as email, a message via our contact form and a notification within the service.

2. Applicability of these terms

These terms of use apply to all quotations, offers, agreements and (legal) acts between ManagementSysteem.nl and the customer relating to the service, whether they are concluded in writing, electronically or verbally.

The applicability of any purchasing or other conditions of the customer is expressly rejected. Deviations from these terms are valid only if they have been agreed in writing between the parties.

These terms are drawn up for business customers. Where a consumer enters into an agreement, the provisions of these terms apply only insofar as they do not conflict with mandatory consumer law. Article 16 contains additional rules that apply specifically to consumers and that prevail over the other provisions in the event of conflict.

If one or more provisions of these terms are void or annulled, the remaining provisions remain in full force. In that case the parties will consult with each other to replace the void or annulled provision with a valid provision that reflects the intent of the original provision as closely as possible.

In the event of any conflict between these terms of use and the data processing agreement, the data processing agreement prevails insofar as it concerns the processing of personal data.

3. The service and the right of use

For the duration of the agreement, ManagementSysteem.nl grants the customer a non-exclusive, non-transferable and non-sublicensable right to use the service for its own internal business operations in the area of information security and compliance. This right of use is limited to the agreed number of users.

The service is offered as software-as-a-service. This means that the software is hosted and managed by ManagementSysteem.nl and is accessible via the internet. The customer does not receive a copy of the software and obtains no rights other than the right of use described in these terms.

Within the agreed number of users, the customer may also grant access as a user to persons from group or affiliated companies and to external auditors or advisers, insofar as this is necessary for managing its standards frameworks or for an audit. Each user added in this way counts towards the user-based price, and the customer remains responsible for the actions of these users and for their compliance with these terms.

The customer may not copy, decompile, reverse engineer, modify, make available to third parties (other than as provided above) or use the service, or parts of it, in any way that is not in accordance with the agreement or applicable law.

The service is multi-tenant by design: multiple customers use the same technical infrastructure, with each customer's data logically separated and accessible only to that customer and its users.

4. Account, registration and acceptable use

To use the service, the customer must create an account. The customer warrants that the information provided at registration is accurate, complete and up to date, and keeps this information current for the duration of the agreement.

The customer is responsible for the careful management of the login credentials and for all actions carried out through its account and those of its users. The customer takes appropriate measures to prevent unauthorised access and notifies ManagementSysteem.nl as soon as possible if it suspects misuse.

The customer warrants that it and its users will use the service in accordance with the agreement and applicable laws and regulations. In particular, it is not permitted to:

• use the service for unlawful purposes or in a manner that may cause harm to ManagementSysteem.nl, other customers or third parties;
• infringe the intellectual property rights or other rights of ManagementSysteem.nl or third parties;
• circumvent, test or breach the security of the service without prior written permission;
• distribute malware, viruses or other harmful code via the service;
• place such a load on the service that the availability for other customers is jeopardised.

In the event of a serious or repeated breach of acceptable use, ManagementSysteem.nl is entitled to suspend access to the service in whole or in part, without prejudice to its other rights. Where the nature of the breach reasonably allows, ManagementSysteem.nl first notifies the customer of the breach and offers a reasonable period to remedy it.

5. Subscription, prices and payment

The service is offered on a subscription basis, with the price calculated per user. The applicable rates and subscription types can be found on our pricing page. All prices stated are exclusive of VAT, unless expressly indicated otherwise.

Invoicing takes place in advance for the agreed period, based on the number of users linked to the account. Unless agreed otherwise, a payment term of fourteen days from the invoice date applies.

If the customer changes the number of users during an ongoing period, this is settled in accordance with the method stated on the pricing page.

In the event of late payment, the customer is in default by operation of law. In that case ManagementSysteem.nl is entitled to:

• charge the statutory commercial interest referred to in Article 6:119a of the Dutch Civil Code on the outstanding amount (for consumers, the statutory interest referred to in Article 6:119 of the Dutch Civil Code applies instead);
• charge the reasonable costs of obtaining payment out of court referred to in Article 6:96 of the Dutch Civil Code;
• suspend access to the service after the customer has been notified of the payment arrears and has been given a reasonable period to pay.

For consumers, the statutory rules of Article 6:96 of the Dutch Civil Code and the Dutch Decree on compensation for extrajudicial collection costs (Wik) apply to extrajudicial collection costs: such costs are only payable after the consumer has received, following default, a cost-free reminder with a payment term of at least fourteen days, and are limited to the statutory maximum amounts.

Suspension of the service does not release the customer from its payment obligations. During a suspension the customer data is retained but is not accessible to the customer. The export window and deletion described in Article 6 only start upon actual termination of the agreement, not upon suspension.

Fees already paid for the current period are non-refundable upon termination, subject to mandatory law and subject to the provisions of Article 13 on material changes. Where ManagementSysteem.nl dissolves the agreement due to a failure attributable to the customer, the fees for the remaining term of the current contract period become immediately due; fees already paid are not refunded in that case.

6. Term, renewal and cancellation

The agreement is entered into for the period indicated for the subscription. Unless agreed otherwise, the agreement is automatically renewed at the end of the initial period for a further period of the same length.

Both parties may cancel the agreement with effect from the end of the current period, observing a reasonable notice period of at least one month, unless agreed otherwise in writing. Cancellation takes place in writing, for example via our contact form or via the functionality provided for this purpose within the service. For consumers, after the first automatic renewal the cancellation regime set out in Article 16 applies.

ManagementSysteem.nl may dissolve or suspend the agreement in whole or in part in the event of a serious failure by the customer. Other than in the cases mentioned below, this requires that the customer has been given written notice of default, with a reasonable period to remedy, and that the customer fails to remedy the failure within that period. A notice of default is not required where remedy is permanently impossible or where the customer is declared bankrupt, applies for a suspension of payments or ceases its business; in those cases ManagementSysteem.nl may dissolve or suspend with immediate effect and without notice of default.

Upon termination of the agreement, the right of use lapses. For a reasonable period after termination, ManagementSysteem.nl gives the customer the opportunity to export its customer data. After that period has expired, the customer data is deleted, except insofar as a statutory retention obligation requires otherwise. During a suspension this export window does not start; it only begins at the moment of actual termination.

7. Availability, maintenance and support

ManagementSysteem.nl makes reasonable efforts to keep the service available and functioning properly. ManagementSysteem.nl does not, however, guarantee uninterrupted or error-free availability of the service.

The service and the website are hosted within the European Union, in the Netherlands. ManagementSysteem.nl takes appropriate technical and organisational measures to support the continuity and security of the service.

ManagementSysteem.nl is entitled to take the service out of use temporarily, in whole or in part, for maintenance, adjustments or improvements. We aim to carry out planned maintenance outside office hours as far as possible and, where reasonable, to announce it in advance. In the event of urgent security or maintenance work, maintenance may take place without prior notice.

Support is available for questions about the use of the service and for reporting issues. The customer can reach support via our contact form. ManagementSysteem.nl makes reasonable efforts to respond to requests within a reasonable period.

8. Intellectual property

All intellectual property rights in the service, the software, the website, the underlying source code, the design, documentation and all other materials developed or made available by ManagementSysteem.nl rest exclusively with ManagementSysteem.nl or its licensors.

The customer obtains only the rights of use expressly granted in these terms. Nothing in the agreement constitutes a full or partial transfer of intellectual property rights to the customer.

The customer retains all rights in the customer data. The customer grants ManagementSysteem.nl a limited right to process the customer data insofar as this is necessary to provide, maintain and secure the service, in accordance with the data processing agreement.

If the customer provides suggestions, feedback or ideas about the service, ManagementSysteem.nl may use these freely for the further development of the service, without owing any compensation for this.

9. Data, privacy and the data processing agreement

In providing the service, ManagementSysteem.nl processes personal data. The way in which we handle personal data is described in our privacy policy.

For the data that the customer enters into the service (its ISMS content, which may contain personal data of its own staff or third parties), ManagementSysteem.nl acts as processor on behalf of the customer. For this data, the customer is the controller. A data processing agreement (DPA) is available for this processing and can be requested via our contact form.

For account, contract, billing, support and marketing data, ManagementSysteem.nl acts as controller. The processing of this data is set out in more detail in the privacy policy. With respect to the personal data for which ManagementSysteem.nl is the controller, ManagementSysteem.nl does not use automated decision-making or profiling with legal effects.

The customer is itself responsible for the content it enters into the service and for the lawfulness of that content. The customer warrants that it is entitled to process the relevant data and store it within the service, and that it complies with the obligations resting on it under the GDPR and other applicable legislation.

For the processing of personal data, ManagementSysteem.nl engages only sub-processors that offer appropriate safeguards, and binds each sub-processor to a data processing agreement. An up-to-date list of the engaged sub-processors is available on request via our contact form and is further governed in the data processing agreement. Intended material changes to the sub-processors are notified to the customer in advance, giving the customer a reasonable period to object; the applicable procedure is set out in the data processing agreement.

The service and the website are hosted within the European Economic Area. Should any transfer of personal data to a country outside the European Economic Area nevertheless occur in the future, such transfer is protected by an appropriate mechanism such as the standard contractual clauses (Standard Contractual Clauses) of the European Commission or a valid adequacy decision, and this is further governed in the data processing agreement.

10. Confidentiality

The parties undertake to treat all confidential information they receive from each other in the context of the agreement as confidential and not to disclose it to third parties without prior consent, except insofar as this is necessary for the performance of the agreement or follows from a statutory obligation.

Confidential information is in any case deemed to include: the customer data, non-public information about the service, the underlying technology and all information that is designated as confidential or whose confidential nature is reasonably apparent.

The confidentiality obligation remains in force after the end of the agreement. The parties oblige their staff and engaged third parties to the same confidentiality.

11. Liability and limitations

The total liability of ManagementSysteem.nl due to an attributable failure to perform the agreement, or on any other ground, is limited to compensation for direct damage, up to a maximum of the amount that the customer paid for the service in the twelve months preceding the event causing the damage.

Direct damage means exclusively: reasonable costs to establish the cause and extent of the damage, reasonable costs to prevent or limit the damage, and reasonable costs incurred to bring the performance of ManagementSysteem.nl into line with the agreement after all.

ManagementSysteem.nl is not liable for indirect damage, including consequential damage, lost profit, missed savings, damage due to business interruption and reputational damage. Loss or corruption of customer data is excluded from liability, except insofar as that loss or corruption results from ManagementSysteem.nl failing to meet the agreed security measures.

The limitations set out in this article do not affect the statutory liability of ManagementSysteem.nl under Article 82 of the GDPR or the allocation of liability set out in the data processing agreement. In the event of conflict between this article and the data processing agreement, the data processing agreement prevails insofar as it concerns liability for the processing of personal data.

The customer remains responsible at all times for the accuracy, completeness and lawfulness of the customer data and for compliance with the statutory obligations resting on it, including those in the area of information security and compliance. The service supports the customer in managing its standards frameworks, but does not replace the customer's own responsibility or a formal certification or audit.

The limitations of liability set out in this article do not apply insofar as the damage is the result of intent or wilful recklessness on the part of ManagementSysteem.nl or its managers, or insofar as limitation is not permitted under mandatory law. For consumers, the limitations apply only to the extent permitted by mandatory law.

A condition for any right to compensation to arise is that the customer reports the damage to ManagementSysteem.nl in writing as soon as possible after it arises, via our contact form.

12. Force majeure

ManagementSysteem.nl is not obliged to fulfil any obligation if it is prevented from doing so as a result of force majeure. Force majeure means any circumstance beyond the control of ManagementSysteem.nl that temporarily or permanently prevents the performance of the agreement.

Force majeure is in any case deemed to include: disruptions in telecommunications or internet connections, disruptions or outages at hosting parties or other suppliers, power failures, cyber attacks, government measures, epidemics, natural disasters, fire and strikes.

During the period of force majeure, the obligations of ManagementSysteem.nl are suspended. If the force majeure continues for longer than sixty days, both parties are entitled to dissolve the agreement in writing, without any obligation to pay compensation arising.

13. Changes to the terms and the service

ManagementSysteem.nl may adjust, expand or improve the service from time to time. We aim to preserve the core functionality of the service and take the customer's reasonable interests into account when making changes.

ManagementSysteem.nl may amend these terms of use and the rates. Material changes, including price increases, are announced to the customer in advance in an appropriate manner, for example via the website or via a notification within the service, observing a reasonable period before the change takes effect.

If the customer does not wish to accept a material change or a price increase, the customer may cancel the agreement with effect from the date on which the change takes effect. In that case, prepaid fees for the period after the effective date of the change are refunded on a pro-rata basis.

For changes other than material changes, continued use of the service after the effective date of the change is deemed acceptance of the amended terms. This does not apply to consumers: in relation to consumers, changes, other than changes that are necessary on the basis of laws or regulations, only take effect after their express acceptance, and in the event of a material change the consumer has the right to cancel the agreement free of charge with effect from the date the change takes effect.

14. Applicable law and disputes

The agreement and these terms of use are governed exclusively by Dutch law.

The parties will make efforts to resolve disputes arising from or connected with the agreement by mutual consultation. If this is not successful, disputes are submitted to the competent court in the Netherlands. For business customers, to the extent permitted by law, the District Court of Central Netherlands, Utrecht location, has exclusive jurisdiction. For consumers, the statutory rules on jurisdiction apply: the consumer may bring the dispute before the court that is competent under the law, including the court of the consumer's place of residence, and has the right, within one month after ManagementSysteem.nl invokes this choice of forum, to opt for the court that is competent under the law.

15. Contact

If you have questions about these terms of use or about the service, please contact us via our contact form. Our identity and registration details are:

• Trade name: ManagementSysteem.nl
• Address: Euclideslaan 55, 3584 BM Utrecht, the Netherlands
• Chamber of Commerce number: 99739704

For all questions, requests and reports, we refer you to our contact form. You can lodge a complaint about the processing of the personal data for which ManagementSysteem.nl is the controller (account, contract, billing, support and marketing data) with the Dutch Data Protection Authority, the Dutch supervisory authority. For the personal data that the customer enters into the service (the ISMS content), the customer is itself the controller; data subjects whose data is included in it can address the customer or the supervisory authority competent for that customer.

16. Additional provisions for consumers

This article applies only to consumers. In the event of conflict between this article and the other provisions of these terms, the provisions of this article prevail. Nothing in these terms affects the mandatory rights that a consumer has under the law; these rights apply in full.

Cancellation after automatic renewal (Dutch Wet van Dam). An agreement with a consumer that is automatically renewed or continued after the initial period may be cancelled by the consumer at any time after the end of the initial period, observing a notice period of no more than one month. The renewal for a further period of the same length and the cancellation with effect from the end of a period referred to in Article 6 therefore apply to consumers only for the initial period.

Interest and collection costs. In the event of late payment by a consumer, the statutory interest referred to in Article 6:119 of the Dutch Civil Code is due instead of the statutory commercial interest. Extrajudicial collection costs are only payable after the consumer has received, following the occurrence of default, a cost-free reminder with a payment term of at least fourteen days, and are limited to the maximum amounts of the Dutch Decree on compensation for extrajudicial collection costs.

Liability and exclusions. The limitations and exclusions of liability in Article 11, the exclusion of certain heads of damage and the period for reporting damage apply to consumers only to the extent permitted by mandatory law. Statutory liability under Article 82 of the GDPR continues to apply in full.

Changes. Changes to these terms or to the rates only take effect in relation to a consumer after the consumer's express acceptance, other than changes that are necessary on the basis of laws or regulations. In the event of a material change or price increase, the consumer may cancel the agreement free of charge with effect from the date the change takes effect, with prepaid fees being refunded on a pro-rata basis.

Competent court. The choice of forum for the District Court of Central Netherlands, Utrecht location, set out in Article 14 does not apply to consumers. The consumer may bring the dispute before the court that is competent under the law, including the court of the consumer's place of residence, and retains the right, within one month after ManagementSysteem.nl invokes a choice of forum, to opt for the court that is competent under the law.