Terms and Conditions

The following terms and conditions apply when you use Peppol.com and the services described underneath.

1. SERVICE PROVIDER

1.1 Peppol.com is administered and operated by

Bizbrains A/S
CVR-no. 33510837
Havneparken 1, st.
7100 Vejle
Denmark
("Bizbrains", "us" or "we")

2. PEPPOL.COM SERVICES

2.1 On Peppol.com we provide electronic invoice services based on the PEPPOL standards as implemented by OpenPEPPOL (PEPPOL.eu). The PEPPOL standards allows for exchange and mutual recognition of electronic invoices. Invoices are distributed through PEPPOL eDelivery Network, connected to PEPPOL access points ("AP"). These are services that businesses participating in the PEPPOL eDelivery Network use to send and receive invoices. This means that if a business wants to send its customer an invoice through the PEPPOL eDelivery Network, that business must use an AP to do so. Bizbrains is a PEPPOL AP.

2.2 Bizbrains' service allows businesses to send invoices to other participants in the PEPPOL eDelivery Network, and to access information regarding other companies using the PEPPOL Network through Peppol.com, including company name, line of business as well as company registration and VAT-number. Our services are meant for and provided to non-consumers only. In the following, the services we provide you when you enter into a subscription with us are referred to as the "Services".

2.3 The Services are further described on the Peppol.com website, including the online documentation. Bizbrains has the right to change the Services and these terms and conditions from time to time without notice. Change of the Services (including adding, changing or removing any feature or functionality) does not enable you to terminate the agreement, nor to any compensation of any kind. The Services do not include payment or clearing services. Bizbrains do not know and can therefore not guarantee that the invoice recipient pays the invoice amount, how it is paid, etc.

2.4 Access to the Services require an internet connection and are accessible via common internet browsers - if part of your subscription via our API.

3. OUR SERVICES ARE SUBJECT TO THE PEPPOL COMPLIANCE POLICY

3.1 As a PEPPOL AP, our Services are subject to and in compliance with the PEPPOL Compliance Policy issued by OpenPEPPOL as amended from time to time. We do not guarantee compliance with any additional restrictions and/or criteria adopted by member states or PEPPOL authorities applicable to AP's.

3.2 Bizbrains may at any time without notice revise these terms and conditions to ensure compliance with the latest version of the PEPPOL Compliance Policy issued by OpenPEPPOL and any other rules applicable to AP's.

3.3 In case of conflict between these terms and conditions and the PEPPOL Compliance Policy issued by OpenPEPPOL, the latter applies.

4. THESE TERMS FORM YOUR SUBSCRIPTION AGREEMENT

4.1 When you subscribe to the Services, you agree to these terms and conditions which then form the subscription agreement between you and Bizbrains. We do not store a copy of the subscription agreement made with you, however these terms and conditions will always be available at our website Peppol.com.

5. PRICE AND PAYMENT

5.1 Use of the Services is subject to payment of the applicable subscription price. Subscription prices are available on Peppol.com in connection with descriptions of our Services. Subscription prices may be based on the actual volume of invoices processed or transmitted through the Services.

5.2 Payable subscriptions can be paid using debit and credit cards (VISA, Mastercard, etc.) as further specified in the ordering process. Unless otherwise agreed, subscriptions are paid monthly in advance.

5.3 As soon as you click Upgrade Subscription, provided the payment details entered are correct (for payable subscriptions), your subscription starts, and you will receive an order confirmation on the e-mail address provided during registration.

6. LICENSE

6.1 Bizbrains reserves all ownership and rights to Peppol.com, its contents and our Services. No rights to Peppol.com, its contents or our Services, are transferred to you.

6.2 When you subscribe to our Services at Peppol.com, you receive a limited, non-exclusive, revocable license to use the software which is part of your subscription in order for you to utilise the Services for its intended purpose. Whenever your subscription terminates for whatever reason, your license is automatically revoked.

7. LANGUAGE AND COMMUNICATION

7.1 You agree that these terms and conditions are drafted and apply in English, and that our communication with you is in English.

7.2 We will communicate with you by email, for instance when providing notice of maintenance, updates in our terms and conditions, etc. We will also email you whenever your invoice limit is exceeded and - if you have provided your consent hereto - remind you of the opportunity to upgrade your subscription.

8. LIABILITY

8.1 The Services are provided as-is and as available from time to time. We will do our best to limit any errors, failures, non-availability of our Services, and to announce service windows reasonably in advance. However, we do not accept any responsibility for any loss incurred as a result of downtime, maintenance or other non-availability of our Services or parts thereof.

8.2 We accept no responsibility for any loss incurred by

  • faulty invoices as a result of your or any third party's misconfiguration of the API, including faulty invoices related to the file format on which PEPPOL invoices are based according to the API;
  • errors in the content of an invoice;
  • internet connection issues; or
  • any corruption of invoices during transmission.

8.3 Bizbrains is under no circumstances responsible for your (or any third party's) indirect losses, including loss of data and loss of turnover, revenue, profit, business or reputation/goodwill.

8.4 Any claim arising out of these terms and conditions or by using Peppol.com and our Services shall not exceed an amount corresponding to the aggregate amount paid by you to Bizbrains within the last 3 months before the time of the event laying ground for the claim, however, if your subscription is free, the claim cannot exceed DKK 1,000 (one thousand).

9. PROCESSING OF PERSONAL DATA

9.1 Bizbrains as data processor

9.1.1 To the extent you transmit personal data to us when using our Services, e.g. send an invoice with the name of a contact person, you are considered data controller and we data processor since we process the personal data on your behalf and for your purposes.

9.1.2 You agree to the terms of our Data Processing Addendum in Annex 1 below according to which we will process the personal data transmitted by you.

9.1.3 You warrant that all personal data you transmit to us in respect of 9.1 above is obtained, processed and transmitted in accordance with applicable data protection law, namely Regulation (EU) 2016/679 of 27 April 2016 ("GDPR").

9.1.4 It is not allowed to include special categories of personal data or personal data containing national identification numbers (e.g. the Danish CPR-number) in the invoices you send, except where strictly necessary to, for instance, satisfy applicable law. The Services are not designed to, nor intended to, process such categories of personal data, nor any other particularly sensitive or confidential information.

9.2 Bizbrains as data controller

9.2.1 For our processing of your personal data as data controller, please see our privacy policy.

10. TERMINATION

10.1 Your subscription automatically renews each month, unless terminated.

10.2 You may at any time terminate your subscription with 15 days' notice.
If you are in material breach of these terms and conditions, Bizbrains may terminate your subscription without notice and without any obligation to repay already payed amounts. Material breach includes - but is not limited to - the following circumstances:

  1. using the Service for illegal purposes;
  2. using the Service for acts or purposes that infringe third-party rights;
  3. transmitting or distributing spam (unsolicited electronic marketing) or contributing thereto;
  4. propagating viruses or other harmful software code;
  5. conduct contrary to good practice on the Internet; and
  6. late payment or non-payment.

11. CHOICE OF LAW AND VENUE

11.1 These terms and conditions are governed by and should be construed in accordance to Danish law, except the Danish rules in choice of law and CISG.

11.2 We strive to solve all disputes arising out of these terms and conditions and use of our Services through a constructive dialogue with you.

11.3 If the dispute cannot be solved amicably, it must be solved with the ordinary courts of Denmark with the Court of Kolding as first instance.

ANNEX 1: DATA PROCESSING ADDENDUM

The following apply to the extent we process personal data on behalf of you or the organization that you represent. Data Processor shall mean Bizbrains A/S and Data Controller shall mean you or the organization that you represent.

1. DATA PROCESSING AND OBLIGATIONS OF THE DATA PROCESSOR

1.1 Data Processor shall process personal data on behalf of Data Controller in relation to delivering the Services under these terms and conditions.

1.2 Personal data being processed by the Data Processor relates to persons to receive the invoices sent/received through the Services and includes in particular ordinary non-sensitive personal data, including name, contact information, information in the invoice such as amount payable, date of purchase and goods/services purchased, and to a limited extent personal identification numbers.

1.3 Pursuant to the GDPR the Data Controller has the following obligations and rights:

  1. Data Controller is responsible for ensuring that the processing of personal data takes place in accordance with applicable data protection laws and this Data Processing Addendum.
  2. Data Controller has the obligation to make decisions about the purposes and the means by which the processing of personal data takes place.
  3. Data Controller shall ensure that the processing of personal data, which Data Processor is instructed to carry out, is legal, including that the processing is based on a legal basis pursuant to applicable data protection laws.

1.4 In pursuance of GDPR Data Processor shall comply with all requirements incumbent on Data Processor as set out in the GDPR:

  1. Data Processor shall process personal data on behalf of the Data Controller and may only process personal data on documented instructions from Data Controller unless required to do so by the European Union or member state law to which Data processor is subject. In that case Data Processor must notify Data Controller of such legal requirement before the processing unless the relevant laws prohibits such notification on important grounds of public interests.
  2. Data Processor must immediately notify Data Controller if, in Data Processor's opinion, an instruction from Data Controller is contrary to the applicable data protection legislation in force from time to time. In such cases the parties shall in good faith aspire to find a solution in accordance with applicable data protection laws.
  3. Data Processor must ensure that the persons it has authorised to process personal data on behalf of the Data Controller under this Data Processing Addendum ("Data Processing Addendum") have either committed themselves to confidentiality or are subject to a proper statutory duty of confidentiality.
  4. Data Processor shall take all measures required pursuant to Article 32 of the GDPR in relation to security of the processing.
  5. Taking into account the nature of the processing, Data Processor shall assist Data Controller by appropriate technical and organisational measures with the fulfilment of Data Controller's obligation to respond to requests for exercising the data subject's rights laid down in the GDPR.
  6. Taking into account the nature of processing and the information available to Data Processor, Data Processor warrants that it will assist Data Controller in ensuring compliance with any of Data Controller's obligations pursuant to the GDPR, including Article 32 (Security of processing), Article 33-34 (Notification and communication of a personal data breach), and potential obligations under Article 35 and Article 36 (Data protection impact assessment and Prior consultation) of the GDPR.
  7. The parties agree that at the termination of the data processing, Data Processor shall, at the choice of Data Controller, either (i) return all data processed to Data Controller, or (ii) delete all data processed and any copies thereof, unless European Union and/or member state law requires storage of such personal data.
  8. Data Processor shall, upon request from Data Controller, provide access to all necessary information in order for Data Controller to ensure compliance with the obligations laid down in the GDPR. Data Processor shall also allow for, and contribute to, supervisions and audits, including inspections, conducted by Data Controller or an auditor mandated by Data Controller.

2. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY

By signing this Data Processing Addendum, Data Controller accepts that Data Processor may transfer personal data to a country outside the EEA. Data Processor will be required to ensure that such transfer is at all times lawful, including that there is an adequate level of protection pursuant to the GDPR prior to the transfer of personal data to a country outside the EEA. The same obligation applies in relation to Data Processor's use of sub-processors in third countries, cf. clause 3 in this Data Processing Addendum.

3. SUB-PROCESSING

3.1 By signing this Data Processing Addendum, Data Controller authorises the Data Processor to engage sub-processors to assist with the performances of the Data Processor. At the time of signing this Data Processing Addendum, Stripe (located in the US) and Mentor IT (Lindevej 8, DK-6710 Esbjerg V, Denmark) are engaged as sub-processors.

3.2 In case of replacements or engagements of new sub-processors, Data Processor shall, where possible, notify Data Controller no less than fourteen (14) calendar days prior to the change. If Data Controller wishes to object against the change, Data Controller shall state so within five (5) calendar days after receiving the notification of the Data Processor. The objection of the Data Controller must be well-founded. Absence of any objections from Data Controller shall be deemed a consent to the sub-processing.

3.3 Data Processor warrants and ensure that the sub-processing is lawful and that any and all sub-processors undertake and are subject to the same terms and obligations as Data Processor as set out in this Data Processing Addendum. Should the sub-processors not comply with their obligations, Data Processor shall remain responsible towards Data Controller for all acts and omissions of its sub-processors.

4. LIABILITY

4.1 Data Processor's total liability towards Data Controller arising from breach of this Data Processing Addendum cannot exceed the amounts specified under section 8.4 of the terms and conditions.