Last updated: 27 August 2025
Applies to: eorinumber.eu and any sub‑pages (the “Website”)
1) Who we are (Data Controller)
Controller: EORI Number EU
Email: info@eorinumber.eu
2) What data we collect
We only collect data that is necessary for the purposes below. Categories include:
A. Identity & contact data (company name, legal form, registry number, VAT number, registered address, principal place of business, representative’s name/title, email, phone).
B. Application & supporting documents required for EORI registration (power of attorney/authorization, company registry extract, incorporation documents, specimen signatures, where applicable scan of signatory ID page to validate authority, correspondence with customs).
C. Transaction & payment data (order details, invoice details, payment method token/ID from our payment processor—no full card numbers are stored on our servers).
D. Technical & usage data (IP address, device/browser, log data, cookie/consent preferences, pages visited, referral URLs). See the Cookie Notice below.
E. Communications (emails, chat messages, support requests, status updates/notifications about your application).
We do not intentionally collect special category data (GDPR Art. 9) nor data about children. Please do not submit such data.
3) Purposes and lawful bases
| Purpose | Examples of processing | Legal basis (GDPR) |
|---|---|---|
| Provide and manage the EORI application service | Collect company details, prepare forms, submit to customs, receive/forward decisions | Performance of a contract Art. 6(1)(b) |
| Compliance with legal obligations | Record‑keeping, invoicing, responding to authorities, anti‑fraud checks | Legal obligation Art. 6(1)(c) |
| Verify authority & identity of signatory | Validate POA, check registry extract, confirm signatory powers | Legitimate interests Art. 6(1)(f) (fraud prevention, service integrity) and/or legal obligation |
| Customer support & service communications | Status emails, reminders, responses to queries | Performance of a contract Art. 6(1)(b) |
| Analytics & site performance | Aggregate usage stats, improve UX, debug | Consent Art. 6(1)(a) for non‑essential cookies; legitimate interests Art. 6(1)(f) for strictly necessary technical logs |
| Marketing (limited, B2B) | Product updates, new features, surveys | Consent Art. 6(1)(a) or legitimate interests Art. 6(1)(f) where permitted (with opt‑out) |
You may withdraw consent at any time via our cookie banner/preferences or by contacting us.
4) How we share data (recipients)
We share personal data only as needed:
- EU customs authorities (competent authority in the Member State of filing) for the purpose of obtaining an EORI number.
- Payment service providers to process payments securely.
- Hosting, CRM, email and support vendors (infrastructure, ticketing, email delivery).
- Professional advisers (lawyers, accountants) where necessary.
- Regulators or law enforcement where required by law or to defend legal claims.
We do not sell personal data.
5) International transfers
Some vendors may be located outside the EEA/UK. Where we transfer personal data internationally, we rely on:
- Adequacy decisions (Art. 45 GDPR), or
- Standard Contractual Clauses (SCCs) (Art. 46 GDPR), plus additional safeguards where appropriate.
You can contact us for a copy of the relevant transfer mechanism applicable to your data.
6) Retention
We keep personal data only as long as necessary for the purposes above and to comply with legal and tax obligations. Typical retention periods:
- EORI application records (including POA and filings): up to 6–10 years from completion, depending on statutory limitation periods and audit requirements.
- Customer account and billing data: 7 years (typical tax/accounting period).
- Support communications: 3 years from last interaction.
- Analytics cookies/identifiers: per cookie lifespan (see Cookie Declaration) or until you withdraw consent.
We will securely delete or anonymize data when no longer required.
7) Your rights
Subject to conditions under GDPR, you have the right to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.
To exercise rights, contact us at info@eorinumber.eu.
8) Security
We implement technical and organizational measures appropriate to the risks, such as encryption in transit, access controls, least‑privilege principles, audit logging, and vendor due diligence. No method of transmission or storage is 100% secure; we work to protect your data but cannot guarantee absolute security.
9) Cookie Notice & Consent
We use cookies and similar technologies to run our site, measure performance, and—where consented—support analytics/marketing. Non‑essential cookies are used only with your consent.
- Consent Management Platform (CMP): We use Cookiebot by Usercentrics to display the banner, collect/store consent, and block non‑essential scripts until consent is given (supports Google Consent Mode v2).
- Manage cookies: You can change your choices anytime via the link “Manage cookies” in the site footer or by reopening the banner.
- Cookie Declaration: A live, auto‑generated list of cookies in use (purpose, provider, lifespan) is available on our Cookie Declaration page.
For more information, see our separate Cookie Policy (or Cookie Declaration) page.
10) Children’s data
Our services are intended for businesses and adult representatives. We do not knowingly collect data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps.
11) Third‑party links
Our Website may link to third‑party sites or services. Their privacy practices are governed by their own policies; please review them.
12) Automated decision‑making
We do not engage in automated decision‑making that produces legal or similarly significant effects on individuals within the meaning of GDPR Art. 22.
13) Changes to this Policy
We may update this Policy from time to time. The “Last updated” date at the top indicates the latest revision. Significant changes will be announced on the Website and, where appropriate, by email.
14) Contact us
For questions, requests, or complaints about this Policy or our data practices:
Email: info@eorinumber.eu
If we are unable to resolve your concern, you have the right to contact your local data protection authority.