For registered users of invoicing services at Peppol.com
When you register as a user at Peppol.com, Bizbrains A/S, CVR-no. 33510837, Havneparken 1, 7100 Vejle ("Bizbrains", "we" or "us") process your personal data as data controller for the purpose of:
When you use our services, we may collect aggregate data from the invoices you send and receive, for instance the invoice amount and combined invoice volume for the purpose of:
Legal basis for processing
Recipients of personal data
For handling payments, we transmit your payment information to our payment service provider, Stripe Inc., who, among other, is PCI DSS Level 1-certified and processes your payment information with a high level of security, including AES-256 encryption and storage separation.
When registering you on the PEPPOL network, we transmit your name, contact information as well as your unique identifier to the publicly available PEPPOL Directory, for other PEPPOL participants to find you through the PEPPOL Directory.
During your use of Peppol.com, we may also disclose your company and/or VAT registration ID's to publicly available online company registers, in particular to the VAT Information Exchange System (VIES) through https://ec.europa.eu/taxation_customs/vies/ if you are located within the EEA, or to other publicly available registers if you are located outside the EEA.
Storage period
We store your personal data until you delete your account after which your personal data is deleted, although with the below mentioned exceptions.
After deletion of your account, we may store material to the extent necessary to observe the requirements in the Danish Bookkeeping Act (namely accounting records until 5 years after expiry of the financial year), and the Danish Anti-Money Laundering Act, (namely identification information including if relevant Danish CPR-numbers for up to 5 years). In addition, we may store your personal data relevant to establish, exercise or defend a legal claim between you and us depending on when the claim lapses due to relevant statute of limitations.
Your rights
You have the right to request from us access to and rectification or erasure of your personal data, restriction of processing or to object to processing, including an absolute right to object to processing for the purpose of direct marketing, as well as the right to data portability where applicable.
If you wish to exercise your abovementioned rights, please contact support AT peppol DOT com.
You may at any time lodge a complaint about our processing of your personal data with your local data protection supervisory authority (in Denmark: the Danish Data Protection Agency at www.datatilsynet.dk, tel. +45 33193200, e-mail: dt AT datatilsynet DOT dk).