Data & Privacy Policy

This Data & Privacy Policy (hereinafter as “Privacy Policy”) are subject to Terms of Use. Unless specified otherwise in this Privacy Policy the terms used in this Privacy Policy shall have the same meaning as in the TOU.

Our Data & Privacy Policy describe in detail how all information about you is gathered and processed. As a User of our Service or a visitor to our website, the security of your personal data is our primary focus. To continue using our Service as a User you will need to accept our TOU, agree to our Data Protection Agreement and agree with our Privacy Policy which provide all details on how your data is gathered, processed, and protected.

Definitions

• ‘We’ is the provider and operator of the Service, registered as Invoice Generator s.r.o. , Robotnícka 8, Banská Bystrica 974 01, Company ID: 56 208 791, recorded in Business Register of the District Court Banská Bystrica.

• ‘User’ or ‘you’ means any person which signs up to Invoice Generator s.r.o. and completes the registration process or uses the Service.

• ‘Data Protection Law/s’ means applicable and binding laws to which We and User are a subject to in the cfield of personal data protection and privacy especially GDPR.

• ‘GDPR’ means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

• ‘Personal Data’ has the meaning given to that term in Data Protection Laws. It’s any information relating to a data subject by which it can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person or legal entity (where applicable).

• ‘Processing’ has the meanings given to that term in Data Protection Laws (and related terms such as ‘process’ have corresponding meanings).

This policy informs you which of your data and personal data is collected and processed when you visit our website, use our web application or any other services offered, how we use your data and personal data and what rights you have regarding the use of your personal data. This privacy also applies for the access and use of the mobile apps as well as the other available services.

1. Introduction

We collect and process some data which are necessary for a proper use of the Service. Some of these data might be personal data which could identify you as a live person and which are subject to Data Protection Legislation and GDPR.

2. What data we collect about you

We collect and process data:

• in your account that you provide to us when you sign up for the account and when you update these information from time to time such as your name, surname, email address, telephone number, e-mail address and others;

• in your profile and billing account that you provided to us about your profile and your business and company information, such as your address, business ID number, phone number and others;

• from your communications within the Service with us or with other users such as your messages, comments and other form of communication within the Service;

• from your entries to fields and forms within the Service such as search queries, forum posts, promotions, surveys and other features of the Service.

When you use the Service and its features we collect data about how you use the Service such as:

• data about your interactions with the Service and its features such as your viewed pages, content, search queries, unique numbers of applications and other interactions with the Service;

• location data from the device that you use to access the Service and we use various tools to determine your general location information and also precise location information. Location information is required to fullfill local Tax Authorities laws and Regulations and process Invoicing data correctly.

• protocols and log data about the method you use the Service such as data from the device that you use to access the Service, your IP address, device events (error reports, failures, system activities, hardware settings), applications that you use to access the Service (i.e. browser), browser language, Web storage site of a browser (including HTML 5 technology) and buffering memory applications, access time and referring URL address, hardware and software information and other similar information;

• data regarding all transactions made through the Service made through third party payment systems;

• data gathered from cookies and similar technologies (for more information see our Cookies policy below).

We also collect data about you from third parties and we may combine these data with data we have about you such as

• data from third parties services and webpages such as Facebook when you choose to use it to connect to the Service (see details below);

• data provided by users that you authorized to use the Service on your behalf;

• data from other sources that we may collect to the extent permitted by applicable law.

3. How do we process your data

We may, throughout your use of the Service, collect and process some of your data. We will obtain and process these data through technical means and processes in such a way that it will not be able under any circumstances assign them to your User account or to you. Such data are thus fully anonymous.

We generally use, process and store data including personal data that you provided to us and that we collect to:

1. identify you as a contractual party or representative of a contractual party to us;

2. enable you to access and use the Service in general or through your User account;

3. enable you to communicate with us and enable our communication with you such as sending you notifications, messages, reminders and any other form of communication within the Service and otherwise (i.e. email messages);

4. operate, protect, improve and optimize the Service, its features, its user experience, make it more personal, to provide customer support and to develop new services;

5. maintain a trusted and safe environment on the Service and to prevent any actual or potential fraud, misconduct or other harmful activity, investigation and risk assessment, enforcing all of our Terms of Use and Privacy Policy and other similar actions which we may do without notifying you;

6. send you marketing, advertising and promotional messages and information that might be interesting to you about us and our services. You may unsubscribe from these messages anytime;

7. to administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by Us or our third party business partners;

8. to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.

We may also process, review, scan and/or analyse your communications with us for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research and customer support purposes and other similar purposes. You consent and agree that we may process, review, scan and/or analyse your communications with us for these purposes.

4. Maintaining of your personal data

Some data you provide to us in your User account may be personal data. Personal data are provided by you freely and you are responsible to maintain them accurate, true and complete. You may review, update, or delete the personal data in your User account by logging into your User account and reviewing your account settings and profile.

If you provide personal data of other persons to us (for example your authorized personal data of users or your client data) you warrant and guarantee that you are entitled to do so and that you have legal basis for such action.

5. Sharing and Transferring of your personal data

We only share personal data with others when it is legally permitted to do so. When We share your personal data with others, it puts contractual arrangements and security mechanisms in place to protect the personal data shared and to comply with data protection, confidentiality and security standards and other obligations. 

When processing your personal data, We may need to share it with third parties, as set out in the below. This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties:

1. Third-party IT suppliers

We may share your personal data with third parties who support us in providing our Service and help provide, run, and manage our internal IT systems. Such third parties may also include, for example, providers of information technology, cloud-based software-as-a-service providers, identity management, website design, hosting and management, data analysis, data back-up, security, and storage services.

2. Payment providers and banks

We may need to share certain personal data with the payment service provider and the relevant financial institution to handle payments from you and to you. We may furthermore share data with relevant financial institutions, if we consider it strictly necessary for fraud detection and prevention purposes.

3. Auditors, lawyers, accountants and other professional advisers

We may share personal data with professional services firms who advise and assist Us in relation to the lawful and effective management of Our  organisation and in relation to any disputes We may become involved in.

4. Advertising partners

We share personal data with third party advertising partners when you use our Service. This data is used to provide you with, and measure the effectiveness of, online advertising and for other advertising related activities.

5. Third-party post/email marketing and CRM specialists

We may share personal data with specialist suppliers who assist us in managing our marketing database and sending out email marketing communications.

6. Law enforcement or other government and regulatory agencies and bodies

We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud. We may need to further disclose data to competent authorities to protect and defend our rights or properties, or the rights and properties of its business partners.

7. Other third parties

We may use service providers to process data including your personal data on its behalf. Third party service providers process personal data only according to Our instructions, under biding legal agreement, are bound by confidentiality clauses and are not allowed to use your personal data for other purposes.

We store and processes your personal data in the European Economic Area (“EEA”) using these companies:

• Amazon AWS, Germany - hosting, emailing.

• GetFinDone, Slovakia – Accounting.

Processing and storing personal data outside EEA is made in compliance with applicable Data Protection Laws in these companies:

• MailChimp, USA – E-mails, Newsletters and Info mails.

• Intercom, USA – live chat and support systems.

• Braintree, USA – Payment processes.

We also share persona data with The team.blue Group, consisting of several brands and subsidiaries, which can improve coordination and resource allocation by sharing data internally. This allows for more efficient collaboration on product, campaign, and customer service improvements. Personal data may be shared among team.blue Group companies for marketing statistics, internal administration, and reporting purposes, but only in an amount necessary for the intended use and with proper protective measures in place to prevent unauthorized access or disclosure.

Unless required by relevant Data Protection Laws We have no influence on and assumes no liability for the compliance with Data Protection Laws standards outside of our Service.

6. Period of processing of your personal data

We store and processes your personal data for the period necessary in relation to the purpose of processing as described in this Privacy Policy and local Legislation Authorities. We will process your personal data for as long as you have an active User account and automaticaly delete them 10 years after your last sign-in. We may then anonymize your information for statistical purposes.

We will terminate your personal data associated with your User account after 10 years of inactivity or when your Agreement with us has been terminated and when you request a permanent deletion of your User account.

Deleted data will be removed from Our servers, its back-ups and all third party companies listed in paragraph „Transferring of your personal data“ of Privacy Policy.

Even if you ask us to destroy your personal data We may be required to process some of your personal data to comply with legal obligations, i.e. to maintain accounting records and other obligations. We will process personal data for this purpose for a period required by applicable laws.

Where we process your personal data based on your consent you may at any time withdraw your consent to the processing of your personal data. We will process personal data for this purpose until you withdraw your consent.

Where you are entitled to object to our processing of your personal data (i.e. direct marketing) we will process personal data for this purpose until you object to such processing (by unsubscribing from our emails).

7. Data storage and security

Our’s servers are operated by Amazon Ireland with their AWS service which ensures fast and robust data protection on par with current data protection legislative requirements. All the data you provide to the our mobile app is encrypted according to the security standard TLS (Transport Layer Security). You can recognize the secure TLS connection from the “s” after the “http” in the URL shown in your browser (i.e. https://..), or from the lock symbol depicted in the browser tab. All of your data, including their transmission between your device and the Our servers, will be protected by standard security measures with the use of 256-bit SSL encryption.

We also take technical and organizational suitable security measures, in order to protect your data against random or deliberate manipulations, partial or complete losses, destruction and/or against unauthorized access. In order to avoid loss of data, we run a mirrored database setup which means that your data is always stored in two separate locations.

The personal data that we collect is stored in a secure environment within the EEA in compliance with Privacy Shield rules and treated confidentially. Access to this data is limited to selected employees and partially to our subcontractors. We adhere to Data Protection Laws at all times.

We do our utmost to secure your data in the best possible way but we cannot guarantee the safety of your data when transferred over the Internet. When data is transferred over the Internet, there is a certain risk that others can access the data illicitly.

8. Cookies Policy and Analytic tools

Internet cookies are small text files that are placed on a user's computer or device when they visit a website. These files contain information about the user's activity on the website, such as the pages they have visited and the actions they have taken. Cookies are used by websites for a variety of purposes, such as:

• Remembering user preferences, such as language or currency settings

• Tracking user behavior for analytics purposes

• Enabling personalized advertising

• Storing login credentials for future visits

You can find more information on how we store and use Cookies in our Cookie policy.

9. The right for information, correction, blocking and deletion

Subject to the material and territorial scope of the GDPR and Data Protection Laws in EEA you may have these rights granted you by the relevant Data Protection Laws.

You always have the right to access and review the personal data we process about you. You can request an overview of your personal data processed by us by emailing us. You can also request copies of your personal data held by us in writing or (if applicable) in in a structured, commonly used and machine-readable format (data portability right) in accordance with the relevant Data Protection Laws. We will provide you or your designated controller with a copy of the personal data held by us as soon as practicable, and in any event not more than 30 days after receiving a valid request in writing.

You may also request the rectification, erasure and restriction of processing of your personal data and object to processing of your personal data in accordance with the relevant data protection legislation. We will notify you within 30 days of your valid request about the relevant action taken.

You are entitled to access, see and challenge personal data third parties provide to us in accordance with the relevant Data Protection Laws.

Where we process your personal data based on your consent you may at any time withdraw your consent to the processing of your personal data. Withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

You are entitled to object to processing of your personal data for the purpose of direct marketing. You can exercise this right by unsubscribing from our newsletter and informational emails within the body of the email.

You are entitled to lodge a complaint with a supervisory authority in accordance with the relevant Data Protection Laws.

There may be a reasonable charge to process your requests under this section unless expressly stated otherwise in relevant Data Protection Laws.

We will notify you by e-mail whenever there are any changes made to the Privacy Policy or General Terms and Agreements.

We may request proof of identification to verify your requests under this section.

For information about your personal data, to exercise your right as well as for further questions about the use of your personal data please send an email to support@invoice-maker.app

Many of your rights described above can be exercised manually in your User account settings.

This Privacy Policy is effective from 16/05/2024