This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media.To find out more about the cookies we use, see our Privacy Policy.

More Info



Billit - Data Processing Agreement v2


[company name client], with registered seat at [address] and VAT number [VAT number], lawfully represented by [name of representative], acting as [role of representative] (hereinafter “Customer”)


BILLIT bvba, with registered seat at Oktrooiplein 1, bus 601, 9000 Gent and VAT number 0563.846.944, lawfully represented by [name of representative], acting as [role of representative] (hereinafter “Processor”)

[company name client] and Billit bvba will hereinafter be called “Party” or jointly “Parties”.

  1. General

1.1.        With respect to the processing of personal data by Processor on behalf of Customer related to the Agreement, Customer is the controller and Processor is the processor within the meaning of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

1.2.        This processing concerns the following types of personal data: identity information, account information, contact information, location data and financial data.

1.3.        This processing concerns the following categories of data subjects: staff members, customers, suppliers.

1.4.        This processing serves the purpose of offering a software platform intended for online administration and management of companies (for instance accounting support, drafting and archiving tenders and invoices,…), as well as the legal or judicial obligations of Processor or Customer, with the processing lasting for the duration of the Agreement or for as long as necessary out of legal or judicial obligations of Processor.

1.5.        Processor will process the personal data only on documented instructions from Customer, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by EU or Member State law to which Processor is subject. In such case, Processor will inform Customer of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.

  1. sub-processors

2.1.        Customer authorises Processor in general to engage other processors (“sub-processors”).

2.2.        If Customer objects to the addition or replacement of other processors, then each party may terminate the Agreement without recourse to a court and without compensation with effect from the date on which the addition or replacement takes effect.

  1. confidentiality

3.1.        Processor ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

  1. Security

4.1.        Processor will take all measures required pursuant to Article 32 GDPR, and will respect the conditions referred to in Articles 28.2 and 28.4 GDPR for engaging a sub-processor.

  1. compliance

5.1.        Processor will make available to Customer all information necessary to demonstrate compliance with Article 28 GDPR, and will allow for and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer. Processor will immediately inform Customer if, in its opinion, an instruction infringes the GDPR or other EU or Member State data protection provisions. An audit can be conducted if Processor has been notified about it by registered mail at least three weeks in advance, maximum twice per contract year, and on all days (between 9:00am-6:00pm) except on Saturdays, Sundays, days that are an official holiday in Belgium, and days on which Processor is collectively closed because of holiday. Audits will be performed at Customer’s expense.

5.2.        Unless explicitly otherwise agreed upon, the costs of Processor and the time spent by its staff on an audit or in assisting Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR, will be invoiced to Customer at an hourly rate of 120 euro per staff member.  

  1. information and support

6.1.        Taking into account the nature of the processing, Processor will assist Customer by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR.

6.2.        Processor will assist Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR taking into account the nature of processing and the information available to Processor.

  1. Return or removal

7.1.        At Customer’s choice, Processor will delete or return all the personal data to Customer after the end of the provision of all services relating to processing, and delete existing copies unless EU or Member State law requires further storage of the personal data.

This agreement was done at [place] on [date] in two (2) copies.











[company name client]

Billit bvba

[name of representative]

[name of representative]

[role of representative]

[role of representative]




Explanatory note

1.1. Billit acts as a processor within the meaning of the GDPR in this processing of personal data. The customer acts as controller.

1.2. Personal data are processed via the Billit platform, either that of the customer himself or that of the customer's customers. These personal data mainly relate to invoice data.

1.3. Data subjects whose personal data are processed are the customer and its employees, its customers and suppliers.

1.4. The processing of personal data is necessary for the provision of the Billit platform and for the execution of the agreement between the customer and Billit. Billit can also process personal data out of legal obligations. This processing is necessary for the duration of the agreement between the customer and Billit. Processing after the expiry of the agreement is possible if there is a legal obligation to do so, for example for statutory retention periods.

1.5. As a processor, Billit will only process personal data on the instructions of the customer.

2.1. Billit can rely on sub-processors for the processing.

2.2. However, the customer can object to the appointment of a sub-processor by terminating the agreement.

3.1. Billit ensures that the personal data remains confidential. Billit staff members are bound by a strict confidentiality duty.

4.1. The GDPR imposes a number of obligations on processors. For example, an appropriate level of data protection should be provided for, and the appointment of any sub-processors should also meet a number of conditions. Billit hereby confirms to comply with these obligations.

5.1. In order to comply with the obligations of the GDPR, Billit must keep certain information available to the customer. If the customer so wishes, an audit can be performed to verify compliance with these obligations by Billit. Billit will cooperate with such audit, at reasonable times and within reasonable delays.

5.2. Participation in an audit requires significant effort from the Billit staff members involved. This effort will therefore also be charged.

6.1. The data subject can exercise his rights under the GDPR with the controller. As a processor, Billit will assist the customer with this where necessary and possible.

6.2. A personal data breach must be reported to the supervisory authority. Billit will support the customer in this where necessary.

7.1. With the exception of data that must be retained by law, Billit will delete the personal data it received after termination of the agreement.