UBLKIT logo

Privacy Notice

How we handle your data at UBLKIT

1. Who we are & roles

UBLKIT BV (Belgium) provides online tools and desktop/pro services for UBL/XML and PDF handling.

  • Controller for account/billing/support data (e.g., name, email, billing info).
  • Processor for uploaded content (invoices, PDFs, UBL/XML) when you use Pro/Desktop; you remain controller for that content. For free tools, we process files only to convert/view them and do not repurpose the data.

2. What data we process

  • Account & billing: name, email, login credentials, billing data.
  • Uploaded content: invoices, PDFs, UBL/XML (may contain personal data of customers/suppliers).
  • Usage & technical: logs, device info, IPs for security/performance.
  • Cookies: essential cookies; analytics/marketing only with consent.

3. Why we process (lawful bases)

  • Performance of contract (account management, paid services, conversion flow).
  • Legitimate interests (security, fraud prevention, service improvement) balancing your rights.
  • Consent (non-essential cookies/marketing; you can withdraw via cookie banner or contact).
  • Legal obligation (invoicing, bookkeeping duties).

4. How we use content

Uploaded files are processed only to generate the requested format (UBL/XML <→ PDF) or to view them. Originals are not altered. No secondary use or data mining of your content.

5. Retention

  • Free tools: stored only for conversion; auto-deleted after a short period (max 90 days) or sooner based on storage limits; you can delete earlier.
  • Pro/Desktop: kept for the duration of the contract; deleted on cancellation/termination, except where law requires longer retention (e.g., invoices).
  • Logs/technical: short retention for security/performance (typically ≤ 90 days unless needed for investigations).

6. Sharing & transfers

  • Trusted subprocessors (e.g., hosting, email delivery, payment processing, optional analytics) under data protection agreements.
  • Primary storage in the EU/EEA. If data is transferred outside the EU/EEA, we use safeguards such as Standard Contractual Clauses.
  • No sale of personal data.

7. Security

  • HTTPS in transit; hashed passwords; access control on storage; non-guessable identifiers.
  • Least-privilege access for staff; monitoring to detect abuse.

8. Your rights (GDPR)

You can exercise: access, rectification, erasure, restriction, portability, objection (including to profiling/marketing), and withdraw consent (for consent-based processing). You may also lodge a complaint with the Belgian Data Protection Authority or your local authority.

Contact: privacy@ublkit.com (or use our support channels). We will respond within statutory timelines.

9. Cookies & profiling

Essential cookies run for service continuity. Analytics/marketing cookies run only with prior consent; you can withdraw via the cookie banner or browser settings. We do not perform automated decision-making with legal effects; limited profiling may occur for analytics/marketing if you consent.

10. Data breaches

We will assess and mitigate incidents. Where a personal data breach poses risk, we will notify the relevant supervisory authority within 72 hours and impacted users when required (GDPR Arts. 33/34).

11. Children

Services are not directed to children under applicable digital consent age. For paid services, parental/guardian consent is required where law mandates. If we learn we processed children’s data without proper consent, we will delete it.

12. Changes

Material changes to this notice will be communicated (e.g., email or in-app/banner). Continued use after notification signifies acceptance; if you disagree, stop using the services and request deletion where applicable.

13. Contact & DPA

Questions or rights requests: privacy@ublkit.com. Supervisory authority: Belgian Data Protection Authority (contact details available at https://www.dataprotectionauthority.be/).