Privacy Policy

Last updated: 1 January 2025  |  Version 1.0

1. Introduction

VATCompass ("we", "our", "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and share information about you when you use our website at vatcompass.com and when you purchase or use our VAT compliance screening services.

We are a data controller for the purposes of the General Data Protection Regulation (GDPR) (EU) 2016/679 and any applicable national implementing legislation. If you have questions about this policy or your data rights, contact us at privacy@vatcompass.com.

2. Data We Collect

2.1 Information you provide directly

• Contact and company details: name, company name, email address, country of establishment.
• Business information: business type, products or services sold, fulfilment method, sales volume ranges, marketplace usage, EU country presence, and compliance status (VAT registration, OSS, IOSS).
• Payment data: payment card details are processed by our payment processor (Paddle) and are not stored by VATCompass.
• Communications: emails, enquiries and support requests you send to us.

2.2 Information collected automatically

• Usage data: IP address, browser type, operating system, referring URLs, pages visited and time spent on site.
• Cookies and tracking: as described in our Cookie Policy.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract performance: to deliver the VAT compliance screening service you have purchased (Article 6(1)(b) GDPR).
• Legitimate interests: to operate, improve and secure our services, and to communicate with you about your account (Article 6(1)(f) GDPR).
• Legal obligation: to comply with applicable laws including tax, accounting and anti-money laundering regulations (Article 6(1)(c) GDPR).
• Consent: for optional analytics cookies and marketing communications, where you have given explicit consent (Article 6(1)(a) GDPR).

4. How We Use Your Data

• To prepare and deliver your VAT compliance screening report.
• To process your payment via our payment processor.
• To send you your report and any follow-up correspondence related to your order.
• To respond to your enquiries and provide customer support.
• To improve our services and website functionality.
• To comply with legal and regulatory obligations.
• With your consent, to send you relevant compliance updates or service information.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

• Paddle (Paddle.com Market Limited): our payment processor, for payment processing. Paddle acts as the merchant of record.
• Airtable: our database platform, used to store intake form submissions securely. Data is held on servers within the EU or under Standard Contractual Clauses.
• Email service providers: for delivering your report and transactional emails.
• Analytics providers: anonymised data only, where you have consented to analytics cookies.
• Legal and regulatory authorities: where required by law or court order.

All third-party processors are bound by data processing agreements and are required to handle your data in accordance with GDPR.

6. Data Retention

We retain personal data for the following periods:

• Intake form data and reports: 3 years from the date of submission, for quality assurance and potential legal purposes.
• Payment records: 7 years, in accordance with EU accounting and tax record-keeping requirements.
• Email communications: 2 years from last correspondence.
• Website analytics data: 26 months from collection, in anonymised form.

After these retention periods, data is securely deleted or anonymised.

7. Your Rights Under GDPR

You have the following rights in relation to your personal data:

• Right of access: to request a copy of the personal data we hold about you.
• Right to rectification: to ask us to correct inaccurate data.
• Right to erasure: to request deletion of your data (subject to our legal retention obligations).
• Right to restriction: to ask us to restrict processing of your data in certain circumstances.
• Right to data portability: to receive your data in a structured, machine-readable format.
• Right to object: to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: at any time, where processing is based on consent.

To exercise any of these rights, email privacy@vatcompass.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

8. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or adequacy decisions.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration or destruction. These include encrypted data transmission (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. Cookies

We use cookies and similar tracking technologies on our website. For full details, see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date. Continued use of our services after changes constitutes your acceptance of the revised policy.

12. Contact Us

For any privacy-related questions or to exercise your data rights:

• Email: privacy@vatcompass.com
• General: contact@vatcompass.com