1. Introduction 
We, VKontrol S.à r.l.-S, with our registered office at 29 Boulevard Grande Duchesse Charlotte, L-1331 Luxembourg ("VKontrol", "we", "us"), respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and store your personal data in connection with the use of our services and your rights under applicable data protection law, in particular the General Data Protection Regulation (GDPR).  

2. What Data We Collect 
When using our services, we may collect and process the following categories of personal data: 

a. Contact details (e.g., name, email address, company information) 
b. Uploaded documents (e.g., invoices) which may contain personal data 
  c. Metadata associated with your uploads (e.g., upload timestamps, file size, file type.) 

 By uploading a document, you agree to our Privacy Policy.  

3. Purpose and Legal Basis of Processing 
We process your data for the following purposes: 

a. To provide, operate, and improve our services 
  b. To ensure the functionality of document processing 
c. To comply with legal obligations 
  d. Based on your consent, where required (Article 6(1)(a) GDPR) 
e. Based on our contractual obligations to you (Article 6(1)(b) GDPR) 
  g. Based on our legitimate interests in operating and securing our business operations (Article 6(1)(f) GDPR) 

  4. Data Transfers and Use of Subprocessors 
In order to provide our services, we engage the following subprocessors: 

Amazon Web Services, Inc. (AWS) (USA): 
We use Amazon Textract for Optical Character Recognition (OCR) to extract text from uploaded documents. 

 OpenAI, Inc. (USA): 
We use language models provided by OpenAI for the extraction of key financial data points. 

 Amazon Web Services S3 Storage: 
Uploaded and processed documents are stored securely in AWS S3 storage, located within the European Union (Frankfurt Region). 

 Important: 
The use of Amazon Textract and OpenAI may involve the transfer of personal data to the United States, a country outside the European Economic Area (EEA). We have implemented Standard Contractual Clauses (SCCs) as appropriate safeguards under Article 46 GDPR.  

5. Storage Duration 
We store uploaded documents and extracted data securely in AWS S3 storage for a period of up to 8 years to comply with applicable legal retention obligations (e.g., accounting and tax laws). After the retention period expires, data will be securely deleted or anonymized.  

6. Your Rights Under the GDPR 
You have the following rights regarding your personal data: Right of Access (Art. 15 GDPR) 

a. Right to Rectification (Art. 16 GDPR) 
b. Right to Erasure ("Right to be Forgotten", Art. 17 GDPR) 
c. Right to Restriction of Processing (Art. 18 GDPR) 
  d. Right to Data Portability (Art. 20 GDPR) 
  e. Right to Object (Art. 21 GDPR) 

 To exercise any of these rights, you may contact us at: 
v.kangelidis@vkontrol.co  

7. Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection laws, you have the right to lodge a complaint with the supervisory authority: Commission Nationale pour la Protection des Données (CNPD) 
15, Boulevard du Jazz 
L-4370 Belvaux 
Luxembourg 

Email: info@cnpd.lu 
Website: https://cnpd.public.lu/  

8. Cookies 
We use only technically necessary cookies to ensure the proper operation and security of our website. 
No tracking cookies or third-party marketing cookies are set without your explicit consent. A detailed cookie notice will be displayed if non-essential cookies are introduced in the future.  

9. Changes to This Privacy Policy 
We may update this Privacy Policy from time to time. 
We will inform you about material changes by appropriate means (e.g., via the platform or by email). 

10. Governing Law Governing Law
This Privacy Policy shall be governed by the laws of the Grand Duchy of Luxembourg.