Terms of use for artificial intelligence and data security

I. Introductory provisions

1. These AI Terms are issued by ATLAS consulting spol. s r.o., with its registered office at Výstavní 292/13, Ostrava – Moravská Ostrava, 702 00, IČO: 46578706, registered in the Commercial Register kept by the Regional Court in Ostrava, file No. C 3293 (hereinafter the "Provider").

2. These AI Terms govern the rights and obligations between the Provider and the User of the Provider’s products and services (hereinafter the "User") when using the artificial-intelligence functions integrated into the Provider’s products and services (hereinafter the "Services").

3. An integral part of these AI Terms are the provisions on the protection of personal data, information security and liability for the use of artificial-intelligence outputs.

4. The general terms of use of the Provider’s software products are governed by the General Commercial and Licence Terms, and the User declares that they have read them and will comply with them.

II. Definitions

For the purposes of these AI Terms, the following terms have the following meaning:

• a) Artificial intelligence (AI) – a system or software using machine-learning techniques, neural networks, natural language processing (NLP) or other methods of computational analysis for the purpose of generating, evaluating or recommending information.
• b) AI functions – specific components of the Service that use artificial intelligence to automatically process data or generate outputs.
• c) User Data – any data, documents, texts, files, information or other content entered by the User into the Service.
• d) AI Outputs – content, recommendations, predictions, suggestions or other processing results created by means of the AI functions.
• e) Subcontractor – a natural or legal person that provides the Provider with technical or operational support in delivering the Service, in particular hosting, cloud or infrastructure services.

III. Scope and purpose of using the AI functions

1. The AI functions are provided in order to make the User’s work more efficient, support the User’s decision-making processes and automate repetitive tasks.

2. The User acknowledges that the AI functions are of a supporting nature and do not replace the professional judgement or advice of a qualified person, in particular in the areas of law, public administration or the management of business corporations.

3. The AI Outputs are of a merely recommending and informative nature; their use in practice is entirely the User’s responsibility.

4. The Provider is not liable for decisions, conclusions or actions taken by the User on the basis of the AI Outputs.

5. For the automatic processing of data, the Provider uses AI language models, in particular from OpenAI, which are governed by the OpenAI Terms of Use. The User declares that they have read these terms and that the User’s active use of the Service is otherwise governed by them.

IV. Data protection and processing

1. The Provider processes User Data in accordance with the law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Czech Act No. 110/2019 Coll., on the processing of personal data, and Regulation (EU) 2024/1689 of the European Parliament and of the Council (the AI Act).

2. User Data is processed solely for the purpose of providing the Services and is not used to train or improve AI models outside the Provider’s environment without the User’s prior express consent.

3. The Provider does not sell, rent or otherwise disseminate User Data to third parties, with the exception of necessary subcontractors who are contractually bound by confidentiality and a corresponding level of security under Art. 28 GDPR.

4. The User retains all rights to the data entered and to the AI Outputs, unless the contract provides otherwise.

5. The Provider retains User Data only for the period strictly necessary to provide the Service or for the period arising from legal obligations.

6. A description of the specific data-protection measures is further set out in the Product Compatibility Statement, which is an integral part of these AI Terms, and the User declares that they have read it and will comply with it.

7. The Provider declares that it has concluded a Data Processing Agreement with OpenAI.

V. Data security

1. The Provider adopts and maintains technical and organizational measures corresponding to the risks associated with data processing, in particular:

• a) encryption of data in transit and at rest,
• b) multi-level authentication of access,
• c) management of access rights under the need-to-know principle,
• d) regular security audits and vulnerability tests,
• e) the use of systems for the detection and prevention of cyber attacks (IDS/IPS),
• f) backup and recovery of data under an internal business-continuity plan.

2. The Provider keeps records of access and activities in the system for the purposes of auditing and protecting data integrity.

3. In the event that a security incident is detected, the Provider will inform the User without delay and adopt reasonable remedial measures.

4. Data is stored in encrypted form on two geographically separate storage facilities: an encrypted AES-256 database on the Provider’s own storage (Ostrava location) and an encrypted AWS cloud database on the S3 storage of the operator Amazon (Frankfurt location). The conditions for operating the Amazon storage are governed by the AWS Service Terms document, and the User declares that they have read them and will comply with them.

VI. Intellectual property

1. All rights to the software, models, algorithms, databases, code and know-how forming the AI functions belong to the Provider or to third parties that have granted it the relevant authorizations.

2. The User is not entitled to interfere with the operation of the AI functions, to reverse-engineer them or to use them outside the scope of the agreed licence.

3. The User is entitled to use the AI Outputs for their internal purposes or purposes arising from the nature of the Service, whereby the responsibility for their interpretation and use lies solely with the User.

VII. Principles of use, security notice and legal compliance

1. The Provider develops and operates the AI functions in accordance with the principles of:

• a) transparency and explainability of algorithms,
• b) fair and non-discriminatory data processing,
• c) protection of human dignity and privacy,
• d) minimization of the risks of erroneous automation,
• e) compliance with the requirements of Regulation (EU) 2024/1689 of the European Parliament and of the Council (the AI Act).

2. The User undertakes to use the AI functions solely in a manner that does not conflict with the law or ethical principles.

3. In order to achieve the highest level of data protection, it is necessary for the User to observe the following security measures when using the AI:

• a) Avoid entering personal data (e.g. names, birth numbers, addresses, e-mails, IP addresses, dates of birth, etc.) unless it is necessary and expressly permitted.
• b) Avoid entering sensitive information (e.g. personal data under the GDPR, trade secrets, internal or confidential information, health data, financial information or access credentials, documents with classified content or legal strategies, etc.).
• c) Do not disclose internal information (the AI does not serve for internal communication or the transfer of internal data between employees or clients).
• d) Do not use it for decision-making with legal impact (the AI Outputs are of a recommending and supporting nature and do not replace professional, legal or administrative decisions).
• e) Protect access credentials (access credentials, login, API keys, tokens).
• f) Use strong passwords and multi-factor authentication where available.
• g) Maintain the anonymity of input data (where it is necessary to analyse a real document, it is recommended to anonymize it beforehand, i.e. to remove personal and sensitive data).
• h) Check the outputs (the results generated by the AI must always be verified by human review, especially if they are to be used externally, published or inserted into official documents).
• i) Do not use the AI to generate harmful content (it is prohibited to use the AI to create or disseminate content that is unlawful, defamatory, hateful, infringes copyright or the rights of third parties, or serves for manipulation, phishing or other cyber attacks).
• j) Observe the principles of cyber security (the AI is a tool integrated within the Service that is subject to the Provider’s security rules; use is possible solely through official channels and secure access).
• k) Maintain professional and ethical communication (content created using the AI should be in line with the code of ethics and the reputational principles of the User’s organization).
• l) Regularly undergo training on the safe use of AI.
• m) Monitor internal notices about new security measures.
• n) Report any suspicious system behaviour to the IT department or the security administrator.
• o) Observe the "Zero Trust" principle (do not trust unverified outputs or sources).
• p) Recommendations when working with documents: before uploading a file, make sure it does not contain personal or confidential information; use test or fictitious data for demonstrations or for testing functions; store AI outputs only in the secured storage of the User’s organization; if sharing of an output is required, it must always be reviewed and approved by a responsible person of the User.

4. The User acknowledges that the AI and its functions are a tool based on machine learning and that its responses may change.

VIII. Liability

1. The User is responsible for the content and accuracy of all data entered into the Service and for the legal consequences and the manner of use of the AI Outputs.

2. The Provider is not liable for decisions made by the User solely on the basis of the AI responses.

3. The Provider is liable only for damage caused by its demonstrable intentional breach of obligations in ensuring the security or protection of data.

4. The Provider is not liable for indirect, consequential or lost-profit damage arising in connection with the use of the AI functions.

IX. Changes to the Terms

1. The Provider is entitled to unilaterally amend these AI Terms, in particular due to a change in the law, technical development or security standards.

2. The change will be published on the Provider’s website, where the User will have the opportunity to read the new version of the Terms.

3. By continuing to use the Service after the change takes effect, the User expresses agreement with the new wording.

X. Final provisions

1. These AI Terms take effect on 1. 11. 2025.

2. Legal relations not governed by these Terms are governed by the applicable law of the Czech Republic.

3. In the event of a conflict between these AI Terms and the Provider’s General Commercial and Licence Terms, these provisions take precedence with respect to matters concerning the AI functions and data security.

4. Contact address for all questions related to these Terms: ATLAS consulting spol. s r.o. – security and data protection department, e-mail: klientske.centrum@atlasgroup.cz, tel.: +420 596 613 333.

Annexes to these AI Terms: Data Security in CODEXIS, Data Security DATIFY, Data Security Onepost, AI Documentation.

Effective from 21. 10. 2025.