Fines up to €20,000,000 or 4% of global turnover

Help center

Frequently asked questions

Everything about EU representation, pricing, onboarding and how we keep your data safe.

About EU representatives

  • A natural or legal person established in the EU who acts on behalf of a non-EU controller or processor. They serve as the contact point for supervisory authorities and data subjects.

  • Any non-EU organisation that processes the personal data of people in the EU, unless the processing is occasional, does not involve large-scale sensitive data, and is unlikely to result in risk. The occasional-processing exception is narrow.

  • GDPR fines reach up to €20M or 4% of global annual turnover. A missing representative falls in the lower tier (up to €10M or 2%), but it rarely appears alone. It is usually cited alongside other, higher-tier findings.

  • No. The representative must be established in the EU, so a company based outside the EU cannot designate itself.

  • If your company has no establishment in the EU but offers goods or services to people in the EU, or monitors their behaviour, Article 27 GDPR requires you to appoint an EU representative. The exemption is narrow: processing must be occasional, low risk and exclude special categories of data. Most companies with real EU traffic or customers do need one. The free compliance checker gives you a clear answer in about a minute.

  • Look for a provider with a physical address in an EU member state, a named individual who actually receives and handles correspondence, clear DSAR handling, and EU based data hosting. Avoid anonymous mailbox services: regulators and data subjects must be able to reach a real contact. Usantis provides all of this under Article 27, with setup in minutes.

Pricing & billing

  • Prices are net and we do not add VAT or sales tax. EU business customers with a valid VAT-ID account for VAT themselves under the reverse-charge mechanism; any other local taxes are the responsibility of the customer.

  • Yes, with a 15% discount. $1,010/year for Standard and $2,030/year for Premium, paid upfront, with a pro-rata refund if you cancel mid-term.

  • Credit card, SEPA Direct Debit, Apple Pay and Google Pay. Bank transfer is available for larger annual plans.

  • Yes, a 14-day money-back guarantee. If Usantis is not the right fit, tell us within 14 days for a full refund.

Onboarding

  • About five to ten minutes for most companies. Add a little time if you are in a high-risk industry that requires extra identity verification.

  • Only if you are in a regulated industry (for example financial services, gambling, adult content, or crypto). Most companies just complete a quick identity verification through our regulated verification provider.

  • Yes, a power of attorney that designates Usantis as your EU representative. It is signed digitally during onboarding and takes about a minute.

  • Yes, on Premium. In your dashboard, open your mandate, enter the hostname you want (for example privacy.yourcompany.com), and add one CNAME record at your domain provider pointing that hostname at our servers, with any proxy or CDN option switched off. Click verify, and once the DNS check passes we activate the domain and provision the security certificate automatically, usually within one business day. Your usantis.com address keeps working alongside it.

DSARs & authority inquiries

  • It lands in your dashboard immediately and we email you. As the data controller, you respond to the requester directly. We track the 30-day Article 12 deadline, send you reminders, and follow up if it stays open, so you do not miss it.

  • The moment a request arrives through your hosted page it appears in your dashboard and we email you. Under Article 12 GDPR you have 30 days to respond. We track that clock: a reminder when it arrives, again a few days in, and as the deadline nears. When you have replied to the requester directly, you mark it answered in one click. If a request is still open after a week, we flag it and follow up with you, so a deadline never passes unnoticed.

  • Premium customers get priority handling and a hand-off to external counsel. Standard customers receive template responses and our guidance.

  • We never refuse a request, that would be legally problematic. We process it and recommend upgrading to Premium for unlimited handling. Standard includes a fair-use limit of 10 requests per rolling 12 months.

Technical & security

  • On Hetzner Cloud in Falkenstein, Germany, with daily encrypted backups to Helsinki, Finland. Nothing leaves the EU.

  • Personal data is field-level encrypted, every mutation is written to an append-only audit log with a cryptographic hash chain, and multi-factor authentication is available (and required on Premium).

  • Yes. Every requirement we ask of our customers, we apply to ourselves. Our privacy policy and DPA are linked in the footer.

Still have a question?

We usually reply within one business day.

Talk to us