Processor agreement

Processor agreement of Ublion Public Cloud Services Version 1.2 (January 2020)

Ublion is a brand of

ORG 62009036
TAX NL854592696

We are fully committed to ensuring compliance with the GDPR. To re-iterate, we are processing customer-provided documents for the primary purpose of data capture, based on instructions of our customers, and for the secondary purpose of further research and development of data-extraction technology and artificial intelligence. Based on the nature of the data and the GDPR balance test, we have a full reason to believe that this processing is fully compliant with the GDPR, particularly when not concerning third-party consumer invoices.

Our customers are generally controllers of the data contained in the documents handed over to us. As such we recommend taking these steps:

Make sure your Terms of Service or Privacy Policy properly communicate to your customers, business partners and/or employees that you are using Ublion services (and any other similar services) and how Ublion’s processing works (including artificial intelligence learning). Being transparent is one of the most important data protection principles. We recommend you ensure your policies are up to date and clear to your readers.
We recommend that you hand over the following information to your business counterparts or customers:

We [Ublion’s customer] use Ublion. (“Ublion”) as the processor of our invoices. The invoices may be retained and used by Ublion for a limited time on the basis of legitimate interests as part of a training dataset used for research, development, and learning of Ublion’s artificial intelligence models employed to process the invoices.
If you want us to process documents of which you are not the owner or direct participant (e.g. invoices of third parties) make sure that you are entitled to transmit the documents to us and, if applicable, ask for the consent of the participating persons with this processing. The consent should cover the transmission of data to Ublion for the data-extraction as well as for artificial intelligence learning purposes. Please note that consent under the GDPR must comply with quite severe requirements (see art. 7 of the GDPR).

To avoid any doubts, this does not apply to documents containing your transactions and data (e.g. invoices received by you or issued by you).

If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes the personal data of individuals in the European Union.

If you have any questions about this Privacy Policy, our privacy practices, and GDPR compliance, please contact our Data Protection Officer, [email protected]