GDPR Compliance

    SendPol is fully GDPR compliant and protects your data

    Last updated: October 27, 2025

    Full compliance with GDPR

    At SendPol, we take data protection very seriously. As a processor of electronic invoices and other commercial documents, we fully comply with the General Data Protection Regulation (GDPR).

    Our infrastructure, processes and security measures are designed with privacy by design and privacy by default as the starting point.

    GDPR Principles we apply

    Lawfulness and transparency

    All data processing is done on a lawful basis with full transparency about how we use your data.

    Purpose limitation

    We only process data for the specific purpose for which it was collected: sending Peppol documents.

    Data minimization

    We only collect the minimum necessary data required for our service delivery.

    Accuracy

    We ensure that personal data remains accurate and up-to-date and provide options to correct data.

    Storage limitation

    Data is not kept longer than necessary for the purposes for which it is processed.

    Integrity and confidentiality

    Appropriate technical and organizational measures protect your data against unauthorized access.

    Our technical and organizational measures

    Security

    • End-to-end encryption of all documents during transport
    • Data is stored in secure data centers within the EU
    • ISO 27001 certified infrastructure
    • Regular security audits and penetration tests
    • Multi-factor authentication for all user accounts
    • Role-based access control (RBAC) for limited access

    Data processing

    • Data Processing Agreements with all sub-processors
    • Data Protection Impact Assessments (DPIA) conducted
    • Privacy by design and privacy by default applied
    • Clear procedures for data breach notifications
    • Automated backup procedures with encryption
    • Secure deletion protocols for deleted data

    Your rights

    • Right of access: view all data we process about you
    • Right to rectification: correct inaccurate data
    • Right to erasure: have your data deleted ("right to be forgotten")
    • Right to restriction: limit the processing of your data
    • Right to object: object to certain processing

    Compliance certification and audits

    SendPol regularly undergoes external audits to ensure our GDPR compliance:

    • Annual GDPR compliance audits
    • Regular penetration tests by certified parties
    • Continuous monitoring and improvement of our procedures

    Data Protection Officer

    We have appointed a Data Protection Officer (DPO) who oversees our GDPR compliance:

    Data Protection Officer

    Email: [email protected]

    SendPol, Research Campus 18, 3500 Hasselt, Belgium

    International data transfer

    All data is processed and stored within the European Union. If in exceptional cases data is transferred outside the EU, this only happens:

    • Based on an adequacy decision of the European Commission
    • With appropriate safeguards such as Standard Contractual Clauses
    • With explicit consent from the data subject
    • For the performance of the contract with you

    Contact about GDPR

    Do you have questions about our GDPR compliance or do you want to exercise your rights? Contact us:

    For privacy-related questions: [email protected]

    To contact our DPO: [email protected]

    General questions: [email protected]