Last updated: April 2026
These Terms of Service govern your use of consulting services provided by UCOS Technology & Consultancy ("UCOS", "we", "us"). By engaging our services, you agree to these terms. UCOS operates from Istanbul, Turkey with operational presence in the Netherlands, EU.
UCOS provides regulatory consulting services including but not limited to: EU Authorized Representative (EU REP) services under MDR Article 11, Person Responsible for Regulatory Compliance (PRRC) under MDR Article 15, medical device regulatory compliance (EU MDR 2017/745, ISO 13485, MDSAP), cybersecurity and AI governance consulting (ISO/IEC 27001, ISO/IEC 42001, EU AI Act), quality management system implementation (ISO 9001, ISO 13485), supplier audits, and training services.
EU REP and PRRC services constitute legally binding roles under EU regulation and are not limited to advisory consulting. The distinct legal obligations and liabilities arising from these roles are addressed separately in Section 4.
All consulting engagements are scoped individually and documented in a written proposal or quotation. Services are billed in EUR via bank transfer. Payment terms are specified in each individual quotation, typically within 14 days of invoice date. Late payments may incur interest at the statutory rate.
Where UCOS acts as EU Authorized Representative under MDR Article 11, a separate written mandate shall be established between the manufacturer and UCOS. The mandate defines the scope of representation, responsibilities, and liability arrangements. EU REP services are billed annually and require a minimum 12-month commitment. Termination of the EU REP mandate requires 90 days written notice in accordance with MDR Article 12.
The EU REP mandate and all obligations arising from it shall be governed exclusively by the laws of the Netherlands, as the EU Member State where the EU REP is established. Any disputes arising from the EU REP mandate shall be resolved in the competent courts of the Netherlands.
The client warrants that all information, technical documentation, test reports, and data provided to UCOS are accurate, complete, and up to date. The client is solely responsible for the accuracy and completeness of the information provided.
The client agrees to indemnify and hold UCOS harmless from any claims, penalties, fines, or damages arising from: (a) inaccurate, incomplete, or misleading information provided by the client; (b) the client's failure to comply with its obligations under applicable regulations (including but not limited to EU MDR, IVDR, and ISO standards); (c) product defects or non-conformities that are attributable to the manufacturer's design, production, or quality management processes.
In the context of EU REP services, should UCOS incur penalties, fines, or legal costs due to the manufacturer's non-compliance with its obligations under MDR Article 10, the manufacturer shall fully reimburse UCOS for all such costs within 30 days of written notification.
All information, documents, and data shared by clients in the course of consulting engagements are treated as strictly confidential. UCOS will not disclose client information to third parties except where required by law, regulatory authorities, or Notified Bodies as part of the agreed scope of services. A separate Data Processing Agreement (DPA) may be established upon client request for engagements involving personal data processing under GDPR or KVKK.
Upon full payment, the client receives a non-exclusive, non-transferable license to use all deliverables produced by UCOS (reports, documentation, analyses) for the client's own internal business purposes. The client may not resell, sublicense, or distribute deliverables to third parties without prior written consent from UCOS. UCOS retains all intellectual property rights in its underlying methodologies, templates, frameworks, and tools. General knowledge and anonymized methodologies gained during engagements remain the property of UCOS.
UCOS consulting services are provided as professional advisory services. While we apply the highest standards of professional diligence, regulatory compliance decisions and their outcomes remain the responsibility of the client. Save for statutory liabilities under applicable EU regulations (including but not limited to joint and several liability under MDR Article 11(5) for EU REP services), total liability for any consulting engagement is limited to the fees paid for the specific engagement in question. UCOS shall not be liable for indirect, incidental, special, or consequential damages except where such exclusion is prohibited by mandatory applicable law.
Regulatory standards, laws, and guidance documents (including but not limited to EU MDR, EU AI Act, MDCG guidance, and ISO standards) are subject to change. All consulting advice, reports, and deliverables are based on the regulations and standards in effect at the date of delivery. UCOS shall not be liable for changes in regulatory requirements occurring after the delivery of services. Clients are encouraged to engage ongoing advisory support to remain current with evolving regulatory landscapes.
Neither party shall be liable for delays or failure to perform obligations due to causes beyond its reasonable control, including but not limited to: war, natural disasters, pandemics, government actions, sudden regulatory changes, sanctions, or interruptions to essential infrastructure. The affected party shall notify the other party promptly and take reasonable steps to mitigate the impact.
Except for EU REP mandates (governed exclusively by Netherlands law as specified in Section 4), these terms and all non-EU REP consulting engagements are governed by the laws of the Republic of Turkey. Any disputes arising from non-EU REP engagements shall be resolved in the courts of Istanbul, Turkey. Where mandatory provisions of EU law apply (including GDPR, MDR, or other EU regulations), such provisions shall prevail over any conflicting terms herein.
UCOS processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK). For details on how we collect, use, and protect your data, please refer to our Privacy Policy. Where our services involve processing personal data on behalf of a client, a Data Processing Agreement (DPA) shall be established as required by GDPR Article 28.
For questions about these terms, contact us at contact@getucos.com.