This OpenPeppol Directory, and the related services under which data in the Directory are made available to certain third parties, are operated and provided jointly by OpenPeppol AISBL and the Service Providers of the Peppol Network (the ‘Operators’). Data in the OpenPeppol Directory can occasionally, and at a limited scale, contain data that would qualify as personal data under European data protection law. Specifically, categories of personal data can include identity information and contact information of persons that act on behalf of end users of the Peppol Network, as communicated to the Operators by the Service Providers. When this is the case, the Operators act as the joint data controllers in the sense of European data protection law, and the Directory is provided on the basis of the legitimate interest of the Operators in ensuring the proper functioning of the Peppol Network, as requested by the end users.

Any personal data in the Directory may only be used insofar as this is necessary to ensure the correct, effective and secure operation of the Peppol Network. Under this policy, the Operators only permit access to personal data in the Directory by persons who are contractually authorised by at least one of the Operators to use the Peppol Network. These are the only permitted recipients of personal data under this policy. Personal data in the Directory will be retained as long as the persons concerned remain registered as persons acting on behalf of end users of the Peppol Network.

In case of any questions in relation to the Directory, or to exercise their rights to access, correct or delete their personal data, or to restrict or object to future processing, data subjects may contact the Operators via info@peppol.eu. If the provided answer is not satisfactory, data subjects may choose to lodge a complaint with their local data protection authority.