EU Compliance

Section 01

Regulatory Overview

Torsido Technologies complies with key EU digital and data regulations. The following frameworks apply to our operations:

General Data Protection RegulationGDPR

Personal data processing, lawful basis, data subject rights, and international transfers.

ePrivacy DirectiveePD

Electronic communications, cookies, and consent for tracking and marketing.

Digital Services ActDSA

Content moderation, transparency, and intermediary liability for online platforms.

Network and Information Security 2NIS2

Cybersecurity and incident reporting obligations for essential and important entities.

EU Artificial Intelligence ActAI Act

Risk-based rules for AI systems; we assess our use of AI against applicable provisions.

Web Accessibility DirectiveWAD

Accessibility of public-sector and certain private websites and mobile apps.

Section 02

GDPR Compliance Posture

We maintain a documented GDPR compliance programme. Key elements include:

Requirement	Status	Notes
Lawful basis & purpose limitation	Yes	Documented in our Privacy Policy
Data subject rights (access, rectification, erasure, etc.)	Yes	Process and response within 30 days
Data Processing Agreements with processors	Yes	Standard contractual clauses where applicable
Records of processing activities	Yes	Maintained and reviewed periodically
Data breach notification procedures	Yes	72-hour notification to supervisory authority

CNIL Supervision

As a French-established controller, our main data protection supervisory authority is the Commission nationale de l'informatique et des libertés (CNIL). We cooperate with the CNIL and respond to any guidance or inquiries in accordance with applicable law.

Section 03

ePrivacy & Cookies

Our use of cookies and similar technologies aligns with the ePrivacy Directive and CNIL guidelines:

Strictly necessary cookies are used without consent where essential for the service
Analytics, functional, and marketing cookies are deployed only after your explicit consent
You can withdraw or modify consent at any time via our Cookie Management page
We do not use cookies for purposes beyond those disclosed in our cookie policy

For full details and to manage your preferences, see our Manage Cookies page.

Section 04

Digital Services Act

Under the Digital Services Act (Regulation (EU) 2022/2065), Torsido Technologies operates primarily as a service provider that does not fall within the scope of hosting, intermediary, or platform obligations in the sense of the DSA. Our corporate website and client-facing platforms are used to present our services and communicate with clients; we do not offer hosting of third-party content or operate as an online platform in the DSA sense. Where our activities may touch on in-scope services in the future, we will assess and implement the relevant transparency and procedural requirements.

Section 05

NIS2

The NIS2 Directive (EU 2022/2555) imposes cybersecurity and incident reporting obligations on essential and important entities. Torsido Technologies evaluates its classification under national transposition and applies appropriate technical and organisational measures to manage risk and protect network and information systems. We maintain incident detection and response procedures and will report significant incidents to the competent authority in accordance with applicable national law.

Section 06

EU AI Act Readiness

The EU Artificial Intelligence Act establishes a risk-based framework for AI systems. Our current use of AI is assessed as follows:

Use Case	Risk Tier	Status
Internal productivity tools (e.g. code assistance, drafting)	Limited / minimal	Compliant
Client deliverables involving AI (e.g. chatbots, automation)	Varies	Under assessment
Prohibited AI practices (e.g. social scoring, real-time biometric ID in public)	N/A	Not applicable

Ongoing Assessment

As the AI Act is phased in and guidance is published, we will continue to map our AI use cases to the regulation and implement any required conformity or documentation steps. High-risk AI systems, if deployed, will be brought into compliance with the applicable provisions and timelines.

Section 07

Accessibility (WCAG)

We aim to make our website and digital services accessible in line with the Web Content Accessibility Guidelines (WCAG) 2.1 and the EU Web Accessibility Directive where it applies. This includes appropriate structure, contrast, keyboard navigation, and compatibility with assistive technologies. We regularly review our content and design and welcome feedback on accessibility at legal@torsido.com.

Section 08

Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we rely on adequacy decisions by the European Commission, Standard Contractual Clauses (SCCs), or other transfer mechanisms permitted under GDPR Chapter V. Sub-processors that process data outside the EEA are bound by appropriate safeguards. Further details are set out in our Privacy Policy (Data Sharing & Third-Party Transfers).

Section 09

Regulatory Contacts

For questions about our EU compliance posture or to contact our legal and compliance team:

Regulatory & Legal Contact

We respond to regulatory and legal enquiries in a timely manner. For data protection matters, you may also contact the CNIL. For cybersecurity and NIS2-related topics, the competent national authority and ENISA may be relevant.

legal@torsido.com CNIL ENISA