GDPR Compliance
SendPol is fully GDPR compliant and protects your data
Last updated: October 27, 2025
Full compliance with GDPR
At SendPol, we take data protection very seriously. As a processor of electronic invoices and other commercial documents, we fully comply with the General Data Protection Regulation (GDPR).
Our infrastructure, processes and security measures are designed with privacy by design and privacy by default as the starting point.
GDPR Principles we apply
Lawfulness and transparency
All data processing is done on a lawful basis with full transparency about how we use your data.
Purpose limitation
We only process data for the specific purpose for which it was collected: sending Peppol documents.
Data minimization
We only collect the minimum necessary data required for our service delivery.
Accuracy
We ensure that personal data remains accurate and up-to-date and provide options to correct data.
Storage limitation
Data is not kept longer than necessary for the purposes for which it is processed.
Integrity and confidentiality
Appropriate technical and organizational measures protect your data against unauthorized access.
Our technical and organizational measures
Security
- End-to-end encryption of all documents during transport
- Data is stored in secure data centers within the EU
- ISO 27001 certified infrastructure
- Regular security audits and penetration tests
- Multi-factor authentication for all user accounts
- Role-based access control (RBAC) for limited access
Data processing
- Data Processing Agreements with all sub-processors
- Data Protection Impact Assessments (DPIA) conducted
- Privacy by design and privacy by default applied
- Clear procedures for data breach notifications
- Automated backup procedures with encryption
- Secure deletion protocols for deleted data
Your rights
- Right of access: view all data we process about you
- Right to rectification: correct inaccurate data
- Right to erasure: have your data deleted ("right to be forgotten")
- Right to restriction: limit the processing of your data
- Right to object: object to certain processing
Compliance certification and audits
SendPol regularly undergoes external audits to ensure our GDPR compliance:
- Annual GDPR compliance audits
- Regular penetration tests by certified parties
- Continuous monitoring and improvement of our procedures
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who oversees our GDPR compliance:
International data transfer
All data is processed and stored within the European Union. If in exceptional cases data is transferred outside the EU, this only happens:
- Based on an adequacy decision of the European Commission
- With appropriate safeguards such as Standard Contractual Clauses
- With explicit consent from the data subject
- For the performance of the contract with you
Contact about GDPR
Do you have questions about our GDPR compliance or do you want to exercise your rights? Contact us:
For privacy-related questions: [email protected]
To contact our DPO: [email protected]
General questions: [email protected]
