Privacy Policy

1. Introduction

This Privacy Policy describes how personal data is collected, used, and processed in connection with the CheckVIES - VAT number validation service, including any associated websites, applications, and APIs (the “Service”).

The Service is intended for use by legal entities and individuals acting in the course of their business or professional activities. The Service provider DEIMDAL DOO (Montenegro) acts as a data controller with respect to personal data processed under this Policy.

2. Categories of Personal Data

The Service processes the following categories of personal data:

a) Account Data (mandatory):

  • Email address (used as a unique identifier and login credential)
  • Verification data related to email confirmation (e.g., one-time codes and verification status)

b) Billing and Invoicing Data (required for paid plans only):

  • Company name
  • Company address and registration details (where applicable)
  • Full name of the individual designated for invoicing purposes

Provision of billing and invoicing data is mandatory only where the Customer subscribes to a paid plan. For free-tier usage, such data is not required.

c) Usage Data:

  • Technical and log data related to the use of the Service (e.g., API requests, timestamps, request volumes)
  • Account activity necessary for monitoring usage limits, security, and service performance

The Service is not intended for the processing of special categories of personal data.

3. Purposes and Legal Basis of Processing

Personal data is processed for the following purposes:

  • Provision of the Service (Article 6(1)(b) GDPR):

    To create and manage user accounts, authenticate access, and provide VAT validation functionality

  • Performance of contractual obligations (Article 6(1)(b) GDPR):

    To manage subscriptions, generate invoices, and process payments for paid plans

  • Compliance with legal obligations (Article 6(1)(c) GDPR):

    To retain financial and accounting records as required under applicable laws

  • Legitimate interests (Article 6(1)(f) GDPR):

    To ensure security, prevent abuse, enforce usage limits, and improve the Service

4. Email Verification

The email address provided during registration is subject to mandatory verification through a one-time code. This process is required to:

  • Confirm ownership of the email address
  • Prevent unauthorized account creation
  • Ensure the security and integrity of the Service

Unverified accounts may have restricted functionality.

5. Cookies and Similar Technologies

The Service uses cookies and similar technologies strictly to the extent necessary for the operation and delivery of the Service.

Such cookies are limited to essential purposes, including:

  • Authentication and session management
  • Security and fraud prevention
  • Maintenance of user sessions and basic functionality

The Service does not use cookies for advertising, tracking, or profiling purposes.

Where required by applicable law, appropriate measures are implemented to ensure compliance with cookie-related obligations.

6. Data Sharing and Third Parties

Personal data may be shared with third parties only where necessary, including:

  • Payment service providers for processing subscription payments
  • Hosting and infrastructure providers for operating the Service
  • Professional advisors where required (e.g., legal or accounting)
  • Public authorities where required by law

VAT validation requests are transmitted to the VAT Information Exchange System (VIES), operated by the European Commission. Such requests may include VAT numbers but do not require the transmission of personal account data.

The Service provider does not sell personal data to third parties.

7. Data Retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, including:

  • For the duration of the Customer’s account and use of the Service
  • As required to comply with legal, tax, and accounting obligations
  • As necessary to resolve disputes and enforce agreements

Billing and invoicing data may be retained for longer periods where required by applicable financial regulations.

Upon request, personal data may be deleted, subject to legal retention requirements. Where deletion is not immediately possible due to such obligations, data will be restricted from further processing.

8. Data Security

Appropriate technical and organizational measures are implemented to ensure a level of security appropriate to the risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Access to personal data is restricted to authorized personnel on a need-to-know basis.

9. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), such transfers are carried out in compliance with GDPR requirements, including the use of appropriate safeguards such as standard contractual clauses where applicable.

10. Data Subject Rights

Under GDPR, data subjects have the following rights, subject to applicable limitations:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

Requests to exercise these rights may be submitted through the contact details provided below.

11. Changes to this Policy

This Privacy Policy may be updated from time to time. Updated versions become effective upon publication or as otherwise communicated.

12. Contact

For any questions regarding this Privacy Policy or the processing of personal data, requests may be submitted to the Service provider via the designated contact channels.

CheckVIES @2026

Terms of ServicePrivacy Policy