1.1. We, InvoiceToo Ltd, 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX (the “Company“), e-mail address: [support@InvoiceToo.com] (the „E-Mail Address“), process your personal data as part of your use of our products (“Products”) or platform (“Platform” and, together with the Products, “Services”). We deal with your personal data in a confidential and responsible way. The processing of your personal data takes place in compliance with the General Data Protection Regulation („GDPR“) and the Austrian data protection act in its current form.
1.3. For some of our Products we will only process data pursuant to purposes and means you determine. In these cases, we will provide you with separate data processing agreements.
1.4. The controller for the processing of your personal data within the meaning of the GDPR is the Company. You can contact us via mail under the address shown below or via e-mail using the E-Mail Address.
27 Old Gloucester Street, London, United Kingdom, WC1N 3AX
2. Data We Process
2.1. General: We process such personal data that you as a user of the Services make available to us, for example upon registration or when using the Services (the „Data“).
2.2. Website Use: If you visit our website, we process only personal data that your browser communicates to our server. We collect the following data, which is necessary for us in order to display the website correctly and guarantee the necessary stability and security:
· date and time stamp, time difference to GMT;
· requested site, site from which the request was sent, transmitted data volume;
· access status/HTTP status code;
· browser, operating system, interface, language and version of the browser software.
2.3. Registration Data: Upon registration we collect and process the following information:
· registration details: date of registration, password;
· personal information: full name; email address; address, zip code, city, region, country;
· company information (optional): company name, website, tax ID;
· payment information:
o credit card type, last four digits, expiration date;
o PayPal email address;
o date of payment, invoice ID, currency, amount;
o monthly or annual payment.
2.4. Product Use Data: Data processed when using the Services is processed by us only as a processor, not as a controller. Please see the separate data processing agreement for details.
3. Why We Process Your Data
3.1. Purpose: The processing of Data pursues the following purposes (“Purposes”):
· provide and improve the Services;
· customer relations management, including newsletters;
· security and stability of the Services.
3.2. Lawfulness of Processing: The lawfulness of processing (Art. 6 GDPR) stems from:
· 3.2.1. your consent, where we have asked your explicit consent (para.1 subpara. a GDPR); and
· 3.2.2. the necessity for the performance of contract fulfillment, as your data is needed for a satisfactory use of the Services (para 1 subpara. b GDPR); and
· 3.2.3. the necessity for the purposes of the legitimate interests pursued by the Company or by a third party (para 1 subpara. f GDPR).
3.3. Legitimate Interests: The legitimate interests pursuant 4.2.3 are to monitor, analyze and improve the Services, to support you with any to protect the security, integrity, performance and functionality of the Services, and to provide you with advertisements.
4. How We Use And Transfer Your Personal Data
4.1. Use: We use Data that you, as user of the product, have provided us with, only for the Purposes.
4.2. Transfer: We transmit Data to third parties only, if this is (i) necessary for the Purposes, e.g. when we use service providers, (ii) due to a request from a national authority, (iii) due to a court ruling, or (iv) if you have consented beforehand.
4.3. Service Providers:
· 4.3.1. For some parts of our Services, we use third party providers to process data for us, such as
o Zendesk, Inc.; or
· 4.3.2. When using some of the service providers, Data is transferred to recipients in third countries namely the USA. All service providers are part of the EU-US Privacy Shield or otherwise adhere to sufficient data protection standards.
5. Storage And Data Safety
5.1. Storage Period: We store your Data as long as you are a registered user of the Product. Beyond that, we only store Data, if it is legally necessary (because of warranty, limitation or retention periods) or otherwise required.
5.2. Deletion: Data will be deleted if you (a) revoke your consent to the storage (b) Data is not needed to fulfill the user contract concerning the Product anymore, or (c) the storage is or becomes legally impermissible. A deletion request does not affect Data, if the storage is legally necessary, for example for accounting purposes.
5.3. Safety Measures: To avoid unauthorized access to Data and generally secure the Data, we apply the following safety measures: encrypted transmission, encrypted storage, an authorization concept, a data backup concept, and physical safety measures for servers. Those safety measures are constantly revised to comply with the latest technological developments.
6. Information About Rights
6.1. Exercise of Rights: To exercise the rights defined in Section 7.2 to 7.8, please send a request via e-mail to the E-Mail Address or via mail to the postal address depicted in Section 1.4.
6.2. Revocation of Consent: You can revoke the consent for future data processing at any time. However, this does not affect the lawfulness of Data processing based on the consent before the revocation.
6.3. Right of Access: You have the right to obtain (i) confirmation as to whether or not your Data is being processed by us and, if so, (ii) more specific information on the Data. The more specific information concerns, among others, processing purposes, categories of Data, potential recipients or the duration of storage.
6.4. Right to Rectification: You have the right to obtain from us the rectification of inaccurate Data concerning you. In case the Data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification.
6.5. Right to Erasure: Should you decide that you do not want us to process your data any further, please send a request via e-mail to the E-Mail Address or via mail to the postal address depicted in Section 1.4. We will erase your Data immediately and inform you of this process. Should mandatory provisions of law prevent such erasure, we will inform you without undue delay thereof.
6.6. Right to Restriction of Processing: You have the right to obtain from us a restriction of processing of your Data in the following cases:
· 6.6.1. You make an inquiry pursuant para. 7.4, if you so request;
· 6.6.2. you are of the opinion, that the processing of your Data is unlawful, but are opposed to an erasure of Data;
· 6.6.3. you still require the Data for the establishment, exercise or defense of legal claims; or
· 6.6.4. you have objected to the processing pursuant para. 7.8.
6.7. Right to Data Portability: You have the right to (i) receive your Data in a structured, commonly used and machine-readable format and (ii) transmit those Data to another controller without hindrance from us.
6.8. Right to Object: You have the right to object at any time to the processing of Data.
6.9. Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (in Austria: Datenschutzbehörde), if you think that the processing of Data infringes applicable law, especially the GDPR.
7.1. What are Cookies? The Website uses 'cookies' ? small text files that are placed on the user's computer, smartphone and/or stored by the browser. If the respective server of our Website is again accessed by the user of the Website/Product, the user’s browser sends the afore received cookie back to the server. The server can evaluate the information received in this manner in various ways. Cookies can, for example, be used in order to manage advertisements on the Website or to facilitate navigation on a webpage.
7.2. Disabling of Cookies: The user can disable the installation of cookies by entering the corresponding settings in his/her browser software (e.g. in Internet Explorer, Mozilla Firefox, Opera, or Safari). However, in this case the user may jeopardize his/her use of the complete range of functions on the Website.
8. Analytics Services
8.1. Google Analytics:
· 8.1.2. Plug-in: You can prevent the collection of data through the cookie concerning your use of the website (incl. your IP-address) as well as its processing of this data by Google, by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
· 8.1.3. Purpose: On behalf of the Website operator, Google will use this information in order to evaluate your use of the Website, compose reports on the website activities, and provide further services to the operator related to the website and internet usage. We use Google Analytics to analyze and be able to constantly improve the use of our Website. Through the statistics we are able to improve our services and make them more interesting for users. In those special cases in which personal data is transmitted to the USA, Google is certified via EU-US privacy shield. The basis for the processing is Art 6 para 1 subpara f GDPA.
· 8.1.4. Information on Third-Party Provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,
Fax: +353 (1) 436 1001;
overview on data protection: https://support.google.com/analytics/answer/6004245?hl=en;