Produkter
Penneo Sign
Validator
Hvorfor Penneo
Integrasjoner
Løsninger

Bruksområder

Digital signering
Dokumenthåndtering
Fyll ut og signer PDF-skjemaer
Automatisering av signeringsprosesser
Samsvar med eIDAS

Bransjer

Revisjon og regnskap
Bank og finans
Advokattjenester
Eiendom
Administrasjon og HR
Priser
Ressurser
Ressurssenter
Trust Center
Produktoppdateringer
SIGN Hjelpsenter
KYC Hjelpsenter
System status
Slik fungerer det
BOOK ET MØTE
NO
DA
EN
FR
NL
Produkter
Penneo Sign
Validator
Hvorfor Penneo
Integrasjoner
Løsninger
Revisjon og regnskap
Bank og finans
Advokatydelser
Eiendom
Administrasjon og HR
Bruksområder
Digital signering
Dokumenthåndtering
Fyll ut og signer PDF-skjemaer
Automatisering av signeringsprosesser
Samsvar med eIDAS
Priser
Ressurser
Ressurssenter
Trust Center
Produktoppdateringer
SIGN Hjelpsenter
KYC Hjelpsenter
System status
BOOK ET MØTE
GRATIS PRØVEPERIODE

END USER LICENSE AGREEMENT (EULA) FOR THE USE OF PENNEO’S SIGNING SERVICES

Version 2.1. Updated 2025.12.10

Between:

Penneo A/S
Company Reg. no. 35633766
Gærtorvet 1-5, DK-1799 København V
(Hereinafter referred as “Penneo”)

&


End User
(Hereinafter referred as “End User”)

Penneo and the End User hereinafter individually referred to as “Party” and collectively as the “Parties”. 

1. DEFINITIONS

1.1. “End User” refers to any individual that signs a document using the Penneo Signing Services through Penneo Sign and/or Penneo Collect.

1.2. “Platform” refers to Penneo’s digital signature platform provided by Penneo to the Customer to facilitate the signature process, including document upload, configuring signing order and Identification methods, requesting signatures from signers accordingly.

1.3. “Signing Services” refer to services provided to the End User, including the (i) document signing process , (ii) the issuance of certificates for Electronic signatures, and (iii) optional archiving.

1.4. “Customer” refers to the legal entity, who has entered into an agreement with Penneo and has requested the End User’s signature using the Platform.

1.5. “eIDAS” refers to Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market, as amended by Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024.

1.6. “Electronic signature” refers to data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the End User to sign. The Identification method used will determine the level of signature: Qualified Electronic Signature (QES), Advanced Electronic Signature (AdES) or Simple Electronic Signature (SES).

1.7. “Electronic seal” refers to data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity.

1.8. “Archive” refers to the End User’s personal storage space on the Platform for managing documents signed using the Platform. If the End User uses an Identification method that supports the creation of a personal archive and it is enabled by the Customer, the End User has the option to create a personal archive.

2. PURPOSE AND DURATIONN

2.1. Purpose. The EULA grants the End User the right to use the Signing Services for applying their Electronic signature to documents sent by the Customer through the Platform.

2.2. Duration. This EULA is effective upon the End User’s access to the Signing Services. The EULA remains in effect until the signed document is finalized and made available to the Customer. If an Archive is created, the terms of this EULA governing the Archive remain in effect until the End User deletes the Archive.

3. PROCESSING OF PERSONAL DATA

3.1. Purpose of processing. Penneo processes the End User’s personal data, listed in 3.5., to provide the Signing Services and associated support services. Penneo does not sell any personal data collected. 

3.2. Legal basis. The processing of personal data for the document signing process, End User support and optional archiving is based on performance of contract (herein the EULA), as defined in art. 6.1. (b) of the General Data Protection Regulation (“GDPR”). -The processing of data for the issuance of certificates for Electronic signatures is the necessity to comply with a legal obligation (herein eIDAS), as defined in art. 6.1. (c) of the GDPR. 

3.3. Penneo as Data Processor. For the document signing process  and End User support, the Customer is the Data Controller, and Penneo is the Data Processor, processing data only as per the instructions of the Data Controller. All personal data requests for the document signing process should go to the Data Controller.

3.4. Penneo as Data Controller. For the purposes below, Penneo acts as a Data Controller, further details on this processing are available at https://penneo.com/privacy-policy/

  • 3.4.1. Penneo Certificates. To issue a certificate for electronic signature, Penneo, in its capacity as Trust Service Provider, to (i) verify the identity of the natural person to whom the certificate is issued, (ii) issue, manage and revoke the certificate and (iii) maintain a certificate database.
  • 3.4.2. Archive. To provide the End User an Archive, within the Platform to store and access documents signed through Penneo Sign and/or Penneo Collect when applicable, based on the Identification method used for signing and Customer settings.
  • 3.4.3. Support. When the End User submits a support ticket, for the personal data provided to deliver those support services.

3.5. Types of personal data. The End User’s personal data processed are: 

  • 3.5.1. Required data: full name, email address, IP address.
  • 3.5.2. Optional (as determined by the Customer and Identification method): signer role, phone number, electronic ID information, National identification number.

3.6. Data retention. Penneo will retain data related to the Signing Services, such as audit trails, event logs, certificate information for a period of up to seven (7) years. Documents within the Archive will be retained until deleted by the End Users. Personal data within support services will be retained in accordance with Penneo’s Privacy Policy linked below. 

3.7. Privacy policy. By accepting this EULA, the End User confirms to have read and agreed to Penneo’s Privacy Policy available at https://penneo.com/privacy-policy/.  

3.8. Data subject’s rights. The End User shall have all rights under Chapter III of the GDPR.

4. TRUST SERVICES

4.1. EU Trusted list. Penneo is approved as a Qualified Trust Service Provider (QTSP) and is listed on the EU Trusted list.

4.2. Electronic signatures. Depending on the Identification method selected by the End User from the options made available by the Customer to verify their identity, the End User’s Electronic signature will be one of the following electronic signatures, based on eIDAS definitions: 

  • 4.2.1. Qualified Electronic Signature (QES). For supported Identification methods, Penneo issues a qualified Certificate in the End User’s name for the creation of a QES. Only identification methods specifically labeled as «QES» are qualified electronic signatures. By completing the signature process, the End User expressly requests the issuance of a digital certificate in their name for the sole purpose of creating the specific Electronic Signature. 

    When the End User chooses itsme®, Penneo facilitates the creation of a Qualified Electronic Signature through itsme®’s qualified signature service, using the End User’s certificate issued via itsme®. The policy documents of the itsme® Trust Service apply.
  • 4.2.2. Advanced Electronic Signature (AdES). For other Identification methods using electronic ID information, Penneo issues a certificate in the End User’s name for the creation of an AdES.
  • 4.2.3. Simple Electronic Signature (SES). When the End User chooses an Identification method that cannot be uniquely linked to the End User’s identity, Penneo does not issue a digital certificate for End User, and facilitates the creation of a SES.

4.3. Format. Electronic Signatures and Seals are produced in accordance with European Telecommunications Standards Institute (ETSI) standards, using the XAdES (XML Advanced Electronic Signatures) format for signatures and PAdES (PDF Advanced Electronic Signature) format for the QSeal.

4.4. Qualified Electronic Seal (QSeal). Penneo’s QSeal is applied to every document processed via the Platform.

4.5. Qualified Electronic Timestamp. Penneo applies a Qualified Timestamp to every document alongside the QSeal. When the End User signs a document using an Advanced (AdES) or Qualified (QES) Electronic Signature, Penneo also applies a Qualified Timestamp to the End User’s signature.

4.6. Trust Service Documentation. For detailed information, the End User may visit https://eutl.penneo.com/  to review all relevant compliance documentation, certificates, certificate revocation lists and policies for the qualified trust services operated by Penneo. 

4.7. Audits. Penneo’s compliance as a qualified trust service provider under the eIDAS regulation is verified on an ongoing basis by an independent audit, by an accredited conformity assessment body (CAB). Additionally, Penneo engages an external auditor to conduct audits of Penneo’s Information Security and Privacy Management System, following ISO 27001 and ISO 27701 standards. 

5. RIGHT TO USE AND INTELLECTUAL PROPERTY RIGHTS

5.1. Right to use. Upon the acceptance of the EULA, Penneo grants the End-User a limited, non-exclusive, non-transferable, and conditional right to access and use the Signing Services via the Platform. The Signing Services are LICENSED, NOT SOLD, and this right is provided solely for the intended purpose of signing documents as described in this EULA.

5.2. Intellectual property rights. Penneo retains all intellectual property rights on the Platform. The End User shall respect all intellectual property rights associated with the Platform.

5.3. Restrictions. The End User is prohibited from engaging in any misleading, unethical, fraudulent or illegal activities in connection to the Signing Services or using the Platform to store or transmit any material containing illegal or unethical content. 

5.4. Document ownership. The Customer and the End User are responsible for the content, management, and ownership of the documents processed through the Platform. Penneo is not responsible for the contents of documents or their delivery to the appropriate recipients after the signing process is completed.

6. MAINTENANCE AND SECURITY MEASURES 

6.1. Service status. Penneo maintains a public status page at https://status.penneo.com where the End User can monitor the Platform’s operational status  Penneo commits to maintain an uptime of at least 99.9% on a monthly basis. 

6.2. Security measures. Penneo implements and maintains appropriate technical and organisational security measures to ensure the integrity, confidentiality, and availability of the service. Penneo’s Information Security and Privacy Management System is subject to regular independent audits to ensure compliance with industry best practices. 

7. LIABILITY AND LIMITATION OF LIABILITY

7.1. Liability. As a Trust Service Provider, Penneo is liable for damages caused intentionally or negligently to any natural or legal person due to a failure to comply with its obligations under the eIDAS Regulation. Penneo is liable for damages in accordance with the general rules of damages of Danish law. Penneo’s product liability is limited to the amount paid out under its liability insurance in force at any time.

7.2. Limitation of use of services. The End User is informed of the limitations on the use of Signing Services Penneo provides, and Penneo shall not be liable for the damages resulting from: 

  • 7.2.1. The content, legality, accuracy, or enforceability of any document signed through the Platform. The Customer and the End User are  solely responsible for the substance of their documents. Any dispute related to a signed document, including its validity or a signatory’s authority, must be resolved exclusively between the signing parties.
  • 7.2.2. Any misuse of the Signing Services or any misunderstanding of the Signing Services described under Section 4 of this EULA, including the selection of an inappropriate signature level for a given document, or any unauthorized access or data loss resulting from the End User’s failure to maintain the security of their authentication credentials (for example, electronic ID information).
  • 7.2.3. Any temporary unavailability of the Signing Services caused by: (a) A Force Majeure event, defined as circumstances beyond Penneo’s reasonable control, such as acts of God, natural disasters, war, terrorism, strikes, or major failures of public telecommunications or power infrastructure; or (b) Any other cause not attributable to Penneo’s gross negligence.
  • 7.2.4. The non-performance or failure of any independent third-party service outside of Penneo’s reasonable control. This includes, but is not limited to, failures by vendors, suppliers, public authorities, or third-party identification service providers (e.g., MitID, BankID) selected by the End User.

7.3. Limitation of liability. To the fullest extent permitted by applicable law: (a) Penneo will not be liable for any indirect, incidental, consequential, or punitive damages (including any damages arising from loss of use, loss of data, lost profits, business interruption, or costs of procuring substitute software or services) arising out of the use of Signing Services; and (b) subject to Section 7.1 and Section 7.2, Penneo’s total liability arising out of the use of Signing Services and this EULA shall not exceed the total fees paid by the Customer to Penneo during the twelve (12) months immediately preceding the event giving rise to the claim. This Section does not limit Penneo’s liability for: (i) death or personal injury resulting from the negligence of a party; (ii) gross negligence, willful misconduct or violation of applicable law; or (iii) fraud or fraudulent statements made by a party to the other party.

8. DUTY OF CONFIDENTIALITY 

8.1. Definition. Confidential information means any information disclosed by one Party (“the Disclosing Party”) to the other Party (“the Receiving Party”) under or in connection to the EULA that should be reasonably considered to be confidential due to its nature and the circumstances of disclosure (hereinafter referred to as “Confidential Information”). 

8.2. Duty of confidentiality. The Receiving Party may only use Confidential Information in accordance with the EULA and may not disclose such information to third parties, both during and after the term of the EULA, unless authorised in writing by the Disclosing Party. 

8.3. Exclusion. The duty of confidentiality does not apply to information that (a) was already known to the Receiving Party prior to the EULA  (b) becomes publicly available through no fault of the Receiving Party, (c) is received from a third party without breach of confidentiality obligations, or (d) is required to be disclosed by law, by court order or by order of a public authority.

9. DISPUTES

9.1. Contact. The End User may contact Penneo via:.

9.2. Data protection complaint. The End User may direct any complaints relating to the processing of personal data to Penneo using the contact information in 9.1. If a complaint cannot be resolved after contacting Penneo, the End User may direct the complaint to the relevant data protection authority in accordance with applicable data protection laws.

9.3. Applicable law. The EULA, and any dispute arising from the EULA, shall be governed in accordance with Danish law.

9.4. Jurisdiction. In the event of a dispute arising from the EULA, the Parties shall first attempt to resolve the matter through good-faith negotiations. If an amicable resolution cannot be reached, the dispute may be submitted to the City Court of Copenhagen, which shall have jurisdiction as the court of first instance. 

10. OTHER PROVISIONS

10.1. Enforceability. If any provision of the EULA is found to be illegal, invalid, or unenforceable, it shall be enforced to the fullest extent permitted by law to reflect the original intent of the Parties. The invalidity of any provision will not affect the validity or enforceability of the remaining provisions. 

10.2. Survival of provisions. Any provision of the EULA intended to survive termination, in whole or in part, shall remain valid, binding and enforceable on the Parties beyond the termination of the EULA.