Question 1

What is an EU representative under Article 27 GDPR?

Accepted Answer

A natural or legal person established in the EU who acts on behalf of a non-EU controller or processor. They serve as the contact point for supervisory authorities and data subjects.

Question 2

Who needs one?

Accepted Answer

Any non-EU organisation that processes the personal data of people in the EU — unless the processing is occasional, doesn’t involve large-scale sensitive data, and is unlikely to result in risk. The occasional-processing exception is narrow.

Question 3

What are the penalties for not having one?

Accepted Answer

GDPR fines reach up to €20M or 4% of global annual turnover. A missing representative specifically falls in the lower tier (up to €10M or 2%), but it rarely appears alone — it is usually cited alongside other, higher-tier findings.

Question 4

Can I be my own representative?

Accepted Answer

No. The representative must be established in the EU, so a company based outside the EU cannot designate itself.

Question 5

Do you charge VAT?

Accepted Answer

Where applicable. Stripe Tax calculates it automatically from your billing details; EU B2B customers with a valid VAT-ID use the reverse-charge mechanism.

Question 6

Can I pay annually?

Accepted Answer

Yes, with a 15% discount — €1,010/year for Standard and €2,030/year for Premium, paid upfront, with a pro-rata refund if you cancel mid-term.

Question 7

What payment methods do you accept?

Accepted Answer

Credit card, SEPA Direct Debit, Apple Pay and Google Pay. Bank transfer is available for larger annual plans.

Question 8

Is there a money-back guarantee?

Accepted Answer

Yes — a 14-day money-back guarantee. If Usantis is not the right fit, tell us within 14 days for a full refund.

Question 9

How long does setup take?

Accepted Answer

About five to ten minutes for most companies. Add a little time if you are in a high-risk industry that requires extra identity verification.

Question 10

Do I need to provide a business license?

Accepted Answer

Only if you are in a regulated industry (for example financial services, gambling, adult content, or crypto). Most companies just complete a standard sanctions screening.

Question 11

Do I need to sign anything?

Accepted Answer

Yes — a power of attorney that designates Usantis as your EU representative. It is signed digitally during onboarding and takes about a minute.

Question 12

What happens when someone submits a request?

Accepted Answer

We verify their identity, translate the message if needed, and forward it to you within 24 hours. You then have up to 30 days to respond; we track the deadline and send reminders.

Question 13

What if a data protection authority contacts us?

Accepted Answer

Premium customers get priority handling and a hand-off to external counsel. Standard customers receive template responses and our guidance.

Question 14

What if I exceed my DSAR limit on Standard?

Accepted Answer

We never refuse a request — that would be legally problematic. We process it and recommend upgrading to Premium for unlimited handling. Standard includes a fair-use limit of 10 requests per rolling 12 months.

Question 15

Where is my data stored?

Accepted Answer

On Hetzner Cloud in Falkenstein, Germany, with daily encrypted backups to Helsinki, Finland. Nothing leaves the EU.

Question 16

How is my data protected?

Accepted Answer

Personal data is field-level encrypted, every mutation is written to an append-only audit log with a cryptographic hash chain, and multi-factor authentication is available (and required on Premium).

Question 17

Is the platform itself GDPR-compliant?

Accepted Answer

Yes. Every requirement we ask of our customers, we apply to ourselves. Our privacy policy and DPA are linked in the footer.

Question 18

Are you a law firm?

Accepted Answer

No. We are a compliance service operator. We work with external privacy counsel for legal escalations, but we do not provide legal advice ourselves.

Question 19

Does an EU representative replace my DPO?

Accepted Answer

No — they are separate roles. A DPO advises on and monitors compliance; an EU representative is your external EU contact point. You may need one, the other, or both.

Question 20

What happens if you go out of business?

Accepted Answer

Our terms include a 60-day notice period and a data-export service, and we maintain a backup representation arrangement with a separate legal entity for continuity.

Frequently asked questions

About EU representatives

Pricing & billing

Onboarding

DSARs & authority inquiries

Technical & security

Legal & compliance