PeppolEDGE Platform Terms and Conditions
​
Effective Date: June 1st, 2025
Last Updated: Dec 17th, 2025
​
These Terms and Conditions (the “Agreement”) are made and entered into as of the date that this Agreement is executed either online by Customer’s click-through acceptance of this Agreement or by signing a PeppolEDGE order form (the “Effective Date”), by and between internetvista SA, a Belgium company (“internetvista SA”), and Customer, the entity on whose behalf this Agreement is executed (“Customer”), provided that no other contract between internetvista SA and Customer supersedes the present Agreement.
​
Article 1 – Definitions
“Account” means a PeppolEDGE customer subscription that is allowed to use the PeppolEDGE Services.
“Customer Data” means all data that Customer, its Users or its Trading Partners may provide or otherwise submit through use of the Services, including any Personal Data that is stored with PeppolEDGE.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Price List” a list of PeppolEDGE’s prices for the Services available on internetvista SA’s website or by email request to internetvista SA, each of which may change from time to time.
“Services” means the on-premise or cloud Software-as-a-Service data exchange application and services to be provided by internetvista SA pursuant to this Agreement.
“Trading Partner” means any entity or organization with whom the Customer exchanges data utilizing PeppolEDGE.
“Users” means individual users who are authorized by Customer to use the Services and who have been supplied Account access by Customer.
​
Article 2 – The services
2.1 Provision of the Services.
Subject to the terms and conditions of this Agreement, internetvista SA will make the Services available to Customer and its Users during the term of this Agreement.
2.2 Grant of License.
internetvista SA grants to Customer a non-exclusive, non-transferable limited right to use the Software provided under this Agreement.
2.3 Support Services.
Customer may obtain support services by email at support@internetvista.com. Customer may also access the online PeppolEDGE material and the PeppolEDGE website for the purpose of consulting any available documentation and other support information.
2.4 Archiving Services.
PeppolEDGE will archive Customer Data for a period of three months or a longer period as specified by Users as part of their use of the Services.
2.5 Changes to the Services.
internetvista SA may make changes to the Services, at any time and without notice to Customer, to the extent that such changes do not materially decrease the functionality of the Services or as required to conform with any legal requirements. Without limiting the foregoing, internetvista SA may change the address of its network, i.e. renumber the network IP addresses with a 30 days’ notice to Customer.
2.6 Service Level Agreement.
internetvista SA will use commercially reasonable efforts to maintain Service availability of 99.9% measured monthly, excluding scheduled maintenance windows which will be announced at least 48 hours in advance. If monthly Service availability falls below 99.9%, Customer may be eligible for service credits equal to 10% of monthly fees for that month, provided Customer reports the issue within 30 days. Service availability calculations exclude downtime caused by Customer's acts or omissions, third-party services, internet connectivity issues, scheduled maintenance, force majeure events, or suspension due to Customer's breach of this Agreement.
Article 3 - Account Registration & Customer Verification (KYC/KYB)
3.1 Verification Requirement.
To register for and maintain an account with internetvista SA PeppolEDGE product, the Customer must provide accurate and complete information as part of the Know Your Customer (KYC) or Know Your Business (KYB) verification process, as applicable.
3.2 KYC – Individual Customers.
Individual Customers must submit valid identification documents, such as a national ID, passport, or other government-issued ID.
Proof of address may also be required.
internetvista SA reserves the right to verify the Customer’s identity at any time and may request additional documentation as necessary.
3.3 KYB – Business Customers.
Business Customers must provide documentation proving the company’s legal existence, registration, tax identification, and ownership structure, including beneficial owners.
Directors or authorized representatives may also be required to provide personal identification documents.
internetvista SA may conduct ongoing checks on the business entity and its owners to ensure compliance with legal and regulatory requirements.
3.4 Obligations & Consequences.
Customers must ensure that all submitted information is accurate, complete, and up to date.
Failure to provide requested information or failure to complete the KYC/KYB process may result in suspension, restriction, or termination of services.
internetvista SA reserves the right to refuse service or terminate the contract if verification cannot be successfully completed.
3.5 Ongoing Compliance.
Customers acknowledge that internetvista SA may request updates to verification information periodically, in accordance with applicable laws and regulations.
By using the services, Customers agree to comply with all applicable verification procedures, including any updates or additional requirements mandated by regulatory authorities.
3.6 Third Parties and Trading Partners.
The Customer acknowledges and agrees that, where it uses the Services to onboard, connect, or provide access to the Services to its own clients, affiliates, users, or other third parties (including Trading Partners) (collectively, “Third Parties”), it acts as the sole party responsible for the identification, verification, and ongoing due diligence of such Third Parties.
The Customer represents and warrants that it has implemented and maintains appropriate customer due diligence procedures, including Know Your Customer (KYC) and Know Your Business (KYB) measures if needed, proportionate to the nature of its activities and applicable laws, prior to granting any Third Party access to or use of the Services.
The Customer further represents and warrants that all Third Parties onboarded through the Services:
(i) Are duly identified and legally existing entities or individuals.
(ii) Conduct lawful business activities.
(iii) Comply with all applicable laws and regulations, including but not limited to electronic invoicing, eDelivery, and Peppol Network rules.
(iv) Do not use the services for any fraudulent, misleading, or unlawful purpose.
The Customer acknowledges that internetvista SA and his PeppolEDGE product act solely as a technical service provider and messaging platform and are not responsible for performing regulatory KYC, KYB, anti-money laundering (AML), or counter-terrorism financing (CTF) checks on the Customer’s Third Parties.
internetvista SA reserves the right, at its sole discretion, to request reasonable information from the Customer regarding a Third Party or to suspend or restrict access to the Services where there are reasonable grounds to believe that a Third Party may be non-compliant with this Agreement, applicable laws, or Peppol Network requirements.
The Customer shall indemnify, defend, and hold harmless internetvista SA from and against any claims, losses, damages, fines, penalties, costs, or expenses arising out of or related to the Customer’s failure to comply with its due diligence obligations under this Section or the acts or omissions of any Third Party onboarded by the Customer.
Article 4 – Price and payment
4.1 Services Charges.
Customer shall be invoiced either monthly or yearly, as set out in the applicable PeppolEDGE Price List. All payment obligations are non-cancelable and charges paid are non-refundable.
Payment of the Integration or Set-up Fee shall be due upon signature of the Agreement. All Projects must be completed within twelve (12) months of the Effective Date. If a Project is not completed within this period, it shall be deemed canceled, and all amounts paid shall be non-refundable.
Subscription Fees shall be paid in advance starting on the day of the signature of the Agreement.
Any Overage Fees incurred shall be invoiced at the end of the ongoing subscription period.
4.2 Invoice and Payment.
Customer shall pay all invoices to internetvista SA by electronic bank transfer or other electronic payment methods proposed by internetvista SA. All payments shall be made in the currency specified on the invoice, net thirty (30) days from the invoice date, without set-off or deduction.. If any amounts invoiced hereunder are not received by internetvista SA by the due date, then such amounts shall accrue interest at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.
4.3 Suspension of Services.
If any charge owing by Customer is 30 days or more overdue, internetvista SA may, without limiting its other rights and remedies hereunder, suspend the Services until all amounts owing hereunder are paid in full.
4.4 Taxes.
All invoiced amounts owed hereunder, unless stated otherwise, are exclusive of any applicable taxes, including value added or sales taxes. Customer agrees to pay all applicable taxes levied by any tax authority on the Services or Customer’s use thereof, excluding any and all taxes based on the net income of internetvista SA.
4.5 Price Changes.
internetvista SA may increase its prices, no more than once per year, based on changes in the Belgian Consumer Price Index (CPI) since the last increase, by providing at least thirty (30) days written notice of such increase.
Article 5 – Term and termination
5.1 Term.
This Agreement shall commence on the Effective Date and shall remain in full force and effect until terminated pursuant to the provisions of this Agreement.
5.2 Termination by the Customer.
The Customer may terminate the Contract at any moment by closing their account via the application available on the PeppolEDGE site (www.peppoledge.com) or by written notification to internetvista SA. The contract will terminate only at the end of the ongoing subscription period, with no reimbursement to the Customer being allowed for the period between the notification by the Customer and the date of the end of the subscription period.
5.3 Termination.
Either party may terminate this Agreement:
(i) if the other party breaches any material provision of the Agreement and does not cure such breach within 30 days after receiving written notice thereof.
(ii) at any time upon written notice to the other party if: (i) the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors; (ii) the other party ceases, or threatens to cease, to carry on its business.
(iii) at any time and for any reason by providing the other party prior written notice of such termination; provided, however, that this Agreement will then terminate at the end of the ongoing subscription period following the termination notice.
5.4 Effect of Termination.
Upon expiration or termination of this Agreement, all licenses will immediately terminate and Customer will pay all amounts due hereunder. In no event shall any termination relieve Customer of the obligation to pay any fees payable to internetvista SA for the period prior to the effective date of termination and Customer shall not be entitled to any reimbursement for any unused usage credits.
Article 6 – Intellectual property
6.1 Reservation of Rights.
The Services (including, without limitation, internetvista SA and PeppolEDGE’s website, and all tools, technology, software and know-how developed by PeppolEDGE and provided to the Customer hereunder) and all intellectual property rights therein, are and will remain the sole property of internetvista SA, and no rights are granted to Customer with respect to the Services, or the intellectual property rights therein, other than the limited license specified in Section 2.2. Customer will not access or use the Services, or the intellectual property rights therein, except as expressly permitted by this Agreement.
6.2 Restrictions.
Customer shall not:
(i) permit any third party to access or use the Services except as permitted herein,
(ii) copy or make create derivative works based on the Services,
(iii) copy, frame, mirror or otherwise distribute any part or content of the Services,
(iv) reverse engineer, disassemble, decompile, decode, adapt or otherwise attempt to derive or gain access to the source code of the Services,
(v) input, upload, transmit or otherwise provide to or through the Services, any information or materials that are unlawful or injurious, or contain, transmit or activate any viruses or other harmful code, or
(vi) access the Services in order to (i) build a competitive product or service, or (ii) copy any content, features, functions or graphics of the Services.
6.3 Suggestions.
Customer hereby grants internetvista SA a worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Services any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including Users, relating to the operation of the Services.
6.4 Customer Data.
As between the parties, Customer exclusively owns all rights, title and interest in and to all Customer Data. Customer hereby grants internetvista SA an irrevocable right and license to use the Customer Data as useful to perform its obligations and exercise its rights under this Agreement.
Article 7 – Protection of privacy and confidentiality
7.1 Protection of Customer Data.
Throughout the term of this Agreement, internetvista SA shall maintain appropriate administrative and organizational safeguards designed to protect the security, confidentiality and integrity of Customer Data. internetvista SA shall not disclose Customer Data except to provide the Services or as otherwise useful to exercise its rights and obligations under this Agreement, including to prevent or address service or technical problems, or upon Customer’s request.
7.2 Protection of Personal Data.
This Agreement incorporates the Data Protection Attachment (“DPA”), compliant with the General Data Protection Regulation of the European Union. The DPA is available from the internetvista SA Peppol EDGE product website at www.peppoledge.com and at the end of this document.
7.3 Exclusion of special categories of Personal Data.
Customer will not provide internetvista SA with access to any special categories of Personal Data, as defined under the EU Data Protection Regulations, or any health, payment card, or similar information that imposes specific data security obligations for the processing of such Personal Data.
Article 8 – Representation and warranties
8.1 Customer Representation and Warranties.
Customer represents, warrants and agrees that:
(i) it has the full power and authority to enter into this Agreement;
(ii) it has all rights and licenses necessary to transmit all Customer Data via the Services;
(iii) it is and will be responsible for its Users’ compliance with the terms of this Agreement;
(iv) it will use the Services only in accordance with this Agreement, and applicable laws and government regulations; and
(v) it will not do anything that could reduce the performance of the Services to the detriment of internetvista SA, other customers of internetvista SA or any third party.
8.2 internetvista SA Representation and Warranties.
internetvista SA represents and warrants that (i) it has the full power and authority to enter into this Agreement; and (ii) the Services shall perform materially in accordance with the documentation provided. As Customer’s sole and exclusive remedy for breach of the performance warranty in this Section 7.2 (ii), internetvista SA shall take commercially reasonable steps to repair or replace any material nonconformance in the Services.
8.3 Warranty Disclaimer.
Except as expressly provided herein, the Services are provided on an “as is” basis without warranty of any kind, whether expressed, implied, statutory or otherwise, and each party specifically disclaims all implied warranties, including. without limitation, any implied warranties of merchantability, non-infringement, and fitness for a particular purpose, to the maximum extent permitted by applicable law. internetvista SA does not warrant that the Services will satisfy customer’s requirements or (without prejudice to the limited warranty above) that it is without defect or error or that customer’s access thereto will be uninterrupted.
8.4 Third-Party Products and Services.
internetvista SA shall have no liability or responsibility for any third-party services or products, even if such products or services were recommended by internetvista SA. Without limiting the foregoing, internetvista SA is not responsible or liable for failures of the Internet generally or private networks (VAN’s).
8.5 Trading Partners.
internetvista SA has no control over and is not responsible for any acts or omissions of any of Customer’s Trading Partners. Customer acknowledges and agrees that it is responsible to enter into its own contracts with its Trading Partners and to enforce those agreements in the event of any breach by such Trading Partners.
8.6 Customer Instructions.
internetvista SA shall have no liability for any loss, damage, costs, expenses or other claims for compensation arising from any information or instructions supplied by Customer which are incomplete, incorrect, inaccurate, illegible, out of sequence or in the wrong form, or arising from their late arrival or non-arrival, or any other fault of the Customer. Furthermore, internetvista SA shall not be liable for any loss or damage whatsoever arising out of or in connection with any breach of this Agreement by Customer or any other act, misrepresentation, error or omission made by or on behalf of Customer.
8.7 Third-Party Services.
If Customer renders services to its clients using the PeppolEDGE Services, then internetvista SA shall only be liable to Customer in accordance with this Agreement and internetvista SA shall have no liability or responsibility to such clients of Customer.
8.8 Limitation of Liability.
In no event will internetvista SA be liable under or in connection with this Agreement under any legal or equitable theory, including breach of contract, tort (including negligence), strict liability, and otherwise, for any: (a) consequential, incidental, indirect, exemplary, special, enhanced, or punitive damages; (b) increased costs, diminution in value or lost business, production, revenues, or profits; (c) loss of goodwill or reputation; (d) use, inability to use, loss, interruption, delay or recovery of any data, or breach of data or system security; or (e) cost of replacement goods or services. The aggregate liability of internetvista SA to the Customer under this Agreement shall not exceed the total amount paid and payable by Customer to internetvista SA under this Agreement in the 12-month period preceding the commencement of the event that created the liability.
Article 9 - General
9.1 Notices.
A notice required or permitted to be given by either party to the other under this Agreement shall be in writing and may be served personally or by first class prepaid recorded delivery or registered post or e-mail to the addressee. Except as otherwise specified by a party in writing, notices shall be sent to internetvista SA at the postal address or e-mail address shown on internetvista SA’s website or to the Customer at the postal address or e-mail address specified by the Customer when ordering the Services.
9.2 Severability.
If any provision of this Agreement is held by any court or other competent authority to be invalid or unenforceable in whole or in part, the validity of the other provisions of this Agreement and the remainder of the provision in question shall not be affected.
9.3 Assignment.
The rights and obligations of the Customer under the Contract are personal to the Customer and the Customer undertakes that it shall not, without the prior written consent of internetvista SA, assign, lease, charge, sub-license, or otherwise transfer such rights and obligations in whole or in part. internetvista SA reserves the right to sub-contract any of the work required to fulfill its obligations hereunder to a third party and/or to assign or transfer the Contract or part thereof to a third party.
9.4 Force Majeure.
In no event shall internetvista SA be liable to Customer, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement, if and to the extent such failure or delay is caused by any circumstances beyond internetvista SA’s reasonable control, including but not limited to acts of God, flood, fire, earthquake, explosion, war, Internet outage, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.
9.5 Amendment and Modification; Waiver.
No amendment to or modification of this Agreement is effective unless it is in writing and signed by an authorized representative of each party. No waiver by any party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any rights, remedy, power or privilege arising from this Agreement will operate or be construed as a waiver thereof and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
9.6 Public Announcements.
internetvista SA may use the Customer’s name or logo in press releases, product brochures, web sites and financial reports to indicate that the Customer is a customer of internetvista SA except on request of the Customer.
9.7 Independent Contractors.
The parties are independent contractors. Nothing contained herein or done pursuant to this Agreement shall constitute either party the agent of the other party for any purpose or in any sense whatsoever, or constitute the parties as partners or joint venturers. Neither party has any authority whatsoever to bind the other party or make any representations on behalf of the other party.
9.8 How to contact us.
If you have questions about these Terms and Conditions or about how we operate, feel free to reach out at: info@peppoledge.com.
9.9 English Language Controls.
These Terms are made available in English. In case of translation, the English version shall prevail.
9.10 Governing Law.
The Agreement and the rights and obligations of the parties shall be governed by and construed in accordance with Belgian law. Any dispute arising out of or in relation with this Agreement shall be finally settled under the CEPANI Rules of Arbitration by one arbitrator appointed in accordance with those Rules. The seat of the arbitration shall be Nivelles, Belgium. The arbitration shall be conducted in French or English.
The person clicking-through or signing this Agreement represents and warrants that such individual is authorized to accept this Agreement on behalf of the Customer. Such individual indemnifies, defends and holds internetvista SA harmless in the event that Customer did not so authorize.​​
PeppolEDGE Platform
Data Processing Attachment (DPA)
Effective Date: June 1st, 2025
Last Updated: Sept 19th, 2025
​
This Data Processing Attachment forms part of the general Terms and Conditions between internetvista SA as data processor and Customer as data controller, governing the processing of Personal Data under the PeppolEDGE Services in accordance with the General Data Protection Regulation (GDPR).
​
1. Definitions
Personal Data, Data Subject, Processing, Controller, and Processor have the meanings assigned to them in the General Data Protection Regulation. The Services refer to the PeppolEDGE messaging and data exchange services as defined in the Agreement, and GDPR means the EU General Data Protection Regulation 2016/679.
​
2. Processing Details
The subject matter of this data processing arrangement is the provision of electronic document exchange services through internetvista SA's messaging platform. Processing will continue for the duration of the Agreement plus any applicable data retention periods as specified herein or required by law.
The nature and purpose of processing includes electronic message transmission and delivery between trading partners, message archiving and storage according to Customer specifications, facilitation of business-to-business communication workflows, and provision of technical support and service maintenance activities.
Categories of Personal Data processed may include email addresses and sender or recipient contact information, message metadata such as timestamps and delivery status indicators, user account information and authentication credentials, and technical logs containing IP addresses and system access information.
Categories of Data Subjects whose Personal Data may be processed include Customer's employees and authorized system users, trading partners and their designated representatives, and third parties who may be referenced within exchanged business documents.
​
3. Processor Obligations
internetvista SA shall process Personal Data only on documented instructions from Customer as data controller, including with regard to transfers of Personal Data to third countries or international organizations, unless required to do so by applicable law to which internetvista SA is subject.
All personnel authorized to process Personal Data on behalf of internetvista SA have committed themselves to confidentiality obligations or are under an appropriate statutory obligation of confidentiality that survives termination of their engagement.
internetvista SA implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, including encryption of Personal Data in transit and at rest, implementation of access controls and user authentication systems, regular monitoring and logging of system activities, and maintenance of incident response procedures for security breaches.
internetvista SA may engage other processors to carry out specific processing activities on behalf of Customer, subject to Customer's general written authorization and the maintenance of a current list of sub-processors available upon request.
Taking into account the nature of processing and the information available to internetvista SA, internetvista SA shall assist Customer in fulfilling Customer's obligation to respond to requests from data subjects exercising their rights under the GDPR, including requests for access, rectification, erasure, or portability of their Personal Data.
Any transfers of Personal Data outside the European Economic Area will be conducted using appropriate safeguards such as adequacy decisions by the European Commission, Standard Contractual Clauses approved by the European Commission, or other legally recognized transfer mechanisms.
​
4. Controller Obligations
Customer warrants that it has established and maintains a lawful basis for all Personal Data processing conducted through the Services and has provided necessary privacy notices to data subjects whose Personal Data will be processed. Customer processing instructions are documented in this DPA and the Agreement, and any additional or alternative instructions must be provided in writing and acknowledged by internetvista SA.
Customer is responsible for ensuring that Personal Data provided to internetvista SA is accurate and, where necessary, kept up to date throughout the processing period. Customer will promptly notify internetvista SA of any changes to Personal Data that affect the processing activities described herein.
​
5. Data Retention and Deletion
Personal Data will be archived and retained for the periods specified in Customer's service configuration, with a minimum retention period of three months and maximum retention periods as configured by Customer or required by applicable law. Upon termination of the Services or upon Customer's written request, internetvista SA will delete or return all Personal Data within ninety days, except where longer retention is required by applicable law.
Personal Data contained in backup systems will be deleted according to internetvista SA's standard backup rotation cycles, which may extend for up to twelve months following the primary deletion of such data.
​
6. Data Breach Notification
In the event of a Personal Data breach affecting Customer's data, internetvista SA will notify Customer without undue delay and in any case within seventy-two hours of becoming aware of the breach. Such notification will include a description of the nature of the breach and the categories and approximate number of data subjects and Personal Data records affected, the likely consequences of the breach, and the measures taken or proposed to address the breach and mitigate its adverse effects.
internetvista SA will provide reasonable assistance to Customer in investigating Personal Data breaches and fulfilling Customer's obligations to notify supervisory authorities and affected data subjects as required by the GDPR.
​
7. Audits and Compliance
internetvista SA maintains comprehensive records of all processing activities carried out on behalf of Customer and makes such records available to Customer upon reasonable request. Customer may conduct audits of internetvista SA's compliance with this DPA annually upon thirty days' advance written notice during normal business hours, with all costs and expenses associated with such audits, including reasonable compensation for internetvista SA's time and personnel, to be borne by Customer.
As an alternative to Customer-conducted audits, internetvista SA may propose the use of independent third-party audit reports or certifications that demonstrate compliance with applicable data protection requirements. internetvista SA maintains relevant security certifications and provides copies of current certifications to Customer upon request.
​
8. Liability and Indemnification
Each party remains responsible for its own compliance with GDPR obligations as controller or processor respectively. internetvista SA's liability for damages arising from the processing of Personal Data is limited to damages caused by processing outside the scope of Customer's lawful instructions or by violation of internetvista SA's obligations as a processor under the GDPR.
The limitation of liability provisions in the Agreement apply to this DPA, except that such limitations do not apply to regulatory fines, penalties, or sanctions imposed by supervisory authorities for violations of the GDPR.
​
9. Termination
Upon termination of this DPA or the Agreement, internetvista SA's authority to process Personal Data on behalf of Customer ceases immediately. internetvista SA will delete all Personal Data as instructed by Customer and provide written certification of such deletion within ninety days of termination, except where retention is required by applicable law.
​
10. Governing Law and Contact Information
This DPA is governed by Belgian law and the provisions of the GDPR, and in the event of any conflict between this DPA and the Agreement regarding the processing of Personal Data, the provisions of this DPA shall prevail.
For all data protection matters, Customer may contact internetvista SA's Data Protection Officer at info@peppoledge.com. Security incidents should be reported to info@peppoledge.com.
​
11. Changes to This DPA
We may update this DPA from time to time in response to changes in applicable data protection laws or regulations. We will notify you of any material changes by posting the updated DPA on our website and sending email notification to registered users. The effective date at the top of this policy indicates when it was last revised.
​
12. Contact Us
If you have any questions, concerns, or requests regarding this DPA, please contact us at:
​
internetvista SA
Data Protection Officer
Email: info@peppoledge.com
Website: www.peppoledge.com
​
For general support and technical questions, reach us at support@internetvista.com.
PeppolEDGE Platform Privacy Policy
Effective Date: June 1st, 2025
Last Updated: Sept 19th, 2025
​
At internetvista SA, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our PeppolEDGE messaging services or visit our website. It is designed to comply with global privacy regulations, including the General Data Protection Regulation (GDPR) and other applicable privacy laws.
Please read this policy carefully. If you have any questions, feel free to contact us at info@peppoledge.com.
​
1. Information We Collect
We collect information about you directly from you and from your use of our services, as well as automatically when you interact with our platform.
​
a) Personal Data
We collect the following personal data from you when you use our services:
Contact Information: Name, email address, phone number, company name, billing address.
Account Data: Username, password, authentication credentials, and account preferences.
Payment Information: Credit card details, billing information, and transaction records for processing subscription payments.
Business Communications: Message metadata, sender and recipient information, timestamps, and delivery status for electronic document exchange.
Support Communications: Any personal information provided in support requests, inquiries, or feedback.
b) Automatically Collected Information
We also collect information automatically when you use our services:
Device Information: IP address, browser type, operating system, device identifiers, and connection details.
Usage Data: Service features accessed, message volumes, system performance data, and user activity patterns.
Technical Logs: Server logs, security monitoring data, authentication attempts, and system access records.
Cookies and Tracking Technologies: We use cookies and similar technologies to maintain session state and collect information about your interactions with our platform.
​
c) Sensitive Data
We do not intentionally collect sensitive personal data such as health information, religious beliefs, or political opinions. Our messaging services may process business documents that contain personal data, but we act as a processor for such data under your instructions.
​
2. How We Use Your Information
We use your personal data for the following purposes:
To Provide Services: To deliver electronic messaging and document exchange services, process transactions, manage your account, and maintain message archives according to your configuration.
To Communicate: To send service-related communications including system alerts, maintenance notifications, security updates, and customer service messages.
For Security and Compliance: To verify user identity, detect and prevent fraud, maintain audit logs for compliance purposes, and ensure secure access to messaging services.
To Improve Services: To analyze platform performance, usage patterns, and system reliability to enhance our services and develop new features.
For Legal Compliance: To comply with legal obligations including record-keeping requirements and respond to regulatory or legal requests.
For Marketing: To send promotional content about new features and services where permitted by law and based on your preferences. You can opt-out of marketing communications at any time.
​
3. Legal Basis for Processing (GDPR)
If you are a resident of the European Economic Area, our legal basis for collecting and using your personal data depends on the information and the specific context in which we collect it. We rely on the following legal grounds:
Contractual Necessity: To provide the messaging services you have requested and manage your subscription.
Consent: For sending marketing communications or processing data where explicit consent is required.
Legal Obligation: To comply with applicable laws including data retention and audit requirements.
Legitimate Interests: To improve our services, prevent fraud, secure our platform, and maintain business operations.
​
4. Your Privacy Rights
​
a) Rights Under GDPR
You have the following rights:
Right to Access: You can request access to the personal data we hold about you and receive information about how we process it.
Right to Rectification: You can ask us to correct inaccurate or incomplete information in your account or records.
Right to Erasure: You can request the deletion of your personal data where we no longer need it for our legitimate purposes.
Right to Restrict Processing: You can request to limit how we use your data in certain circumstances.
Right to Data Portability: You can request a copy of your data in a structured, machine-readable format for transfer to another service.
Right to Object: You can object to the processing of your data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: If we rely on your consent to process your personal data, you can withdraw your consent at any time.
To exercise your rights, please contact us at info@peppoledge.com with your request and account information for verification.
​
b) Rights Under Other Privacy Laws
We respect privacy rights under applicable laws in other jurisdictions where you may be located. Contact us to learn about specific rights available to you based on your location.
​
5. Data Sharing and Disclosure
We may share your personal data in the following ways:
Service Providers: We share your data with trusted third-party vendors who perform services on our behalf including cloud infrastructure providers, payment processors, and security monitoring services.
Trading Partners: When you exchange messages through our platform, we share necessary routing and delivery information to complete message transmission as you have instructed.
Legal Compliance: We may disclose your information if required by law, regulation, court order, or legal process.
Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred to a new entity with equivalent privacy protections.
Consent: We will share your personal data with third parties when you provide explicit consent for specific purposes.
We never sell your personal data to third parties or use it for advertising purposes unrelated to our messaging services.
​
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by applicable law:
Message Archives: We retain message data according to your configured retention settings with a minimum period of three months.
Account Information: We keep business contact and billing information for the duration of your subscription plus seven years for accounting and legal compliance.
Technical Logs: System logs and security monitoring data are retained for twelve months to support troubleshooting and security analysis.
Backup Data: Information in backup systems is deleted according to our standard rotation cycles, typically within twelve months of primary deletion.
​
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction:
Technical Safeguards: Encryption for data in transit and at rest, access controls with multi-factor authentication, regular security monitoring, and vulnerability assessments.
Organizational Measures: Staff training on privacy and security, need-to-know access principles, incident response procedures, and regular audits of data protection practices.
While we strive to protect your information using industry-standard security measures, no system can guarantee complete security. If you believe your personal data has been compromised, please contact us immediately at info@peppoledge.com.
​
8. Cross-Border Data Transfers
Our primary data processing occurs within the European Economic Area to ensure GDPR protection standards. When transfers outside the EEA are necessary for service delivery, we use Standard Contractual Clauses approved by the European Commission or rely on adequacy decisions to maintain equivalent protection levels.
​
9. Children's Privacy
Our services are intended for business use and are not directed to individuals under the age of 16. We do not knowingly collect or solicit personal data from children. If we learn that we have collected personal data from a child, we will delete that information as quickly as possible.
​
10. Cookies and Tracking Technologies
Our website and platform use cookies and similar technologies for:
Essential Functions: Session management, user authentication, and security features necessary for service operation.
Analytics: Understanding usage patterns and service performance to improve our platform capabilities.
Preferences: Remembering your settings and configuration choices for a better user experience.
You can control cookie settings through your browser preferences, though disabling essential cookies may affect platform functionality and service access.
​
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time in response to changes in legal, technical, or business developments. We will notify you of any material changes by posting the updated policy on our website and sending email notification to registered users. The effective date at the top of this policy indicates when it was last revised.
Continued use of our services after policy updates constitutes acceptance of the revised terms.
​
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
internetvista SA
Data Protection Officer
Email: info@peppoledge.com
Website: www.peppoledge.com
For general support and technical questions, reach us at support@internetvista.com.
You also have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your privacy concerns appropriately.