Terms of Service
How will we process the information from the registration form and the uploaded invoices:
Information contained in the form will be used to manage inquiries submitted to us. We may also contact you to get more information, update and clarify your request or any other matter relating to our services.
The uploaded invoices will be processed to provide you structured data by our automated data-extraction tool using deep learning approach and artificial intelligence. The uploaded invoice will be retained and used for further research, development and training of the artificial intelligence and will be deleted no later than 10 years from the upload. This processing is based, in the context of GDPR regulations, on legitimate interests of Rossum. (read more about how we process uploaded data)
You can also sign up to our newsletters. In case you subscribe, we will send you from time to time an email relating to our services, offers, events and business news. You can unsubscribe any time by clicking the unsubscribe link which is included in every message. We will not disclose your information to any other organization for the marketing purposes. If you decide not to use our services or do not subscribe to our newsletters, we will delete the contact data from the form after 1 year.
If you have any questions you can contact us at firstname.lastname@example.org. You can also ask for the access to your data, portability, rectification or erasure, and limitation of processing. You can object to processing based on legitimate interests. You have the right to lodge a complaint with the Czech Data Protection Authority.
Privacy and GDPR
Rossum is here to understand data and make their processing easier and more effective. As such, Rossum is fully aware of the obligations and responsibilities connected with the processing of data regardless of their nature or type. That is why we take data protection and security very seriously. We follow EU laws and regulations, especially the General Data Protection Regulation (GDPR), which are one of the strictest in the world.
How are we dealing with data protection rules?
We are fully committed to ensure compliance with the GDPR. To re-iterate, we are processing customer-provided documents for the primary purpose of data capture, based on instructions of our customers, and for the secondary purpose of further research and development of data-extraction technology and artificial intelligence. Based on the nature of the data and the GDPR balance test, we have a full reason to believe that this processing is fully compliant with the GDPR, particularly when not concerning third-party consumer invoices.
How do we secure the data?
We know that the security of data is of paramount importance. Reflecting that we are taking all the industry-standard measures to guarantee that the data we get are safe. We are following access management and restrictions based on the need-to-know principle. All our employees and contractors are bound by the non-disclosure agreements. When we transmit data, we use encrypted communication channels (SSL/TLS encryption).
We store and process Customer data only with the three major cloud platform providers – Amazon AWS, Google Cloud and Microsoft Azure.
What do Rossum customers need to do?
There are several things that you might need to do depending on your situation and jurisdiction. Our customers are generally controllers of the data contained in the documents handed over to us. As such we recommend taking these steps:
Recommended information to be handed over to your business counterparts or customers:
We [Rossum’s customer] use Rossum Ltd. (“Rossum”) as the processor of our invoices. The invoices may be retained and used by Rossum for limited time on the basis of legitimate interests as part of a training dataset used for research, development and learning of Rossum’s artificial intelligence models employed to process the invoices.
If you want us to process documents of which you are not the owner or direct participant (e.g. invoices of third parties) make sure that you are entitled to transmit the documents to us and, if applicable, ask for the consent of the participating persons with this processing. The consent should cover the transmission of data to Rossum for the data-extraction as well as for the artificial intelligence learning purposes. Please note that a consent under the GDPR must comply with quite severe requirements (see art. 7 of the GDPR).
To avoid any doubts, this does not apply to documents containing your transactions and data (e.g. invoices received by you or issued by you).
If you are a company outside the EU, you should still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the European Union.