If you are a resident of the UK, the European Economic Area or a European Union member state then the
following paragraphs will apply. We comply with the GDPR and other applicable data protection legislation.
Our GDPR representative who has been appointed in accordance with Article 27 of the GDPR is Hubdoc Limited.
Our GDPR representative is entitled to represent us and act on our behalf with respect to data subjects who
are resident in the UK, the European Economic Area or a European Union member state.
Our GDPR representative can be contacted at firstname.lastname@example.org
We will only process personal data:
- to perform a contract with you, or
- where we have legitimate interests to process the personal data and they’re not overridden by your
- in accordance with a legal obligation, or
- where we have your consent.
With respect to your personal data, you have the right to:
- request that your personal data will not be processed;
- ask for a copy of any personal data that we have about you;
- request a correction of any errors in or update of the personal data that we have about you;
- request that your personal data will not be used to contact you for direct marketing purposes;
- request that your personal data will not be used for profiling purposes;
- request that your personal data will not be used to contact you at all;
- request that your personal data be transferred or exported to another organisation, or deleted from our
- at any time, withdraw any permission you have given us to process your personal data
All requests or notifications in respect of your above rights may be sent to us in writing at the contact
details listed below. We will endeavour to comply with such requests as soon as possible but in any event we
will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of
the complexity or number of your requests).
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will
report this to the UK’s Information Commissioner’s Office (ICO). If a breach is likely to result in a risk to
your data rights and freedoms, we will notify you as soon as possible.
From time to time we will transfer personal data to our sub-processors which will include Amazon Web Services
(“AWS”), Salesforce and other service and technology providers. If we do supply your personal information to
a third party we will take steps to ensure that your privacy rights are protected and that third party
complies with the terms of this notice (see below for more information relating to AWS and Salesforce). A full list of our sub-processors can be found
As part of the services offered to you the information you provide to us will be transferred to, and stored
at, countries outside of the UK, European Union or European Economic Area (referred to as the "EU"). By way
of example, this may happen if any of our servers are from time to time located in a country outside of the
EU or one of our service providers is located in a country outside of the EU (currently our server
infrastructure is located in the United States, please see the next paragraph for more information). If we
transfer your information outside of the EU in this way, we will take steps with the aim of ensuring that
Our server infrastructure is provided by Amazon Web Services and is currently based in the United States
(although servers may from time to time be based in other countries). Please note that Amazon Web Services
transfer and store data outside of the EU in accordance with EU law by operating in accordance with ‘model
clauses’ approved by the EU’s Article 29 Working Party. More information can be found at the following link:
Data may also be transferred and processed by Salesforce who transfer and store data outside of the EU in
accordance with EU law by means of a Privacy Shield certification, model clauses’ approved by the EU’s
Article 29 Working Party and binding corporate rules.
If you use our Site or service while you are outside the EU, your information may be transferred outside the
EU in order to provide you with those services.
By submitting your personal information to us you agree to the transfer, storing or processing of your
information outside the EU in the manner described above.
We will retain personal data relating to our agreement with our customer (“collected customer data”) for
seven years following the end of our contract with that customer.
Any personal data which is contained in data which our customer has uploaded and we host on behalf of our
customer (“customer organization data”) will be held for seven years following the end of our contract with
our customer (unless we notify the customer of an earlier date of deletion).
Information which comprises sales and marketing leads will be held for 3 years from the last date that the
data subject submitted a form or gave consent for the collection of their data. After the three year period
has elapsed the sales lead’s data will be deleted or anonymised.
We will retain personal data relating to our suppliers (“supplier data”) for seven years following the end of
our contract with that supplier.
For any category of personal data not specifically defined in this notice, and unless otherwise specified by
applicable law or regulations, the required retention period for any personal data will be deemed to be 7
years from the date of receipt by us of that data.
The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in
the event that legal proceedings apply to the data or if there is an on-going investigation into the data).
We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure
the data we are holding is still relevant to our business and is accurate. If we discover that certain data
we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this
data as may be required.
data. A cookie helps you get the best out of the website and helps us to provide you with a more customised
service. Once you close your browser, our access to the cookie terminates. You have the ability to accept or
decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser
setting to decline cookies if you prefer. To change your browser settings you should go to your advanced
If you choose not to accept the cookies, this will not affect your access to the majority of information
available on our website but certain services may not be available.
If you have any query or complaint in relation to data protection or your data rights please contact our GDPR
representative at email@example.com
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can
contact the UK Information Commissioner’s Office by visiting http://www.ico.org.uk/
for further assistance.