The categories of personal data that Billfactory needs to process and save in order to enter into agreements are:
Name
Personal identification code,
Log in information,
Adress,
Contact information such as email address and mobile number,
History (if you have been in contact with customer support)
The personal data can be used for invoice data or because we need to get in touch with you or for support purposes.
We collect information in many ways, for example by you or your company creating an account and providing us with information or by our own employees collecting the information. However, your personal data can also be collected by contacting us, for example, through our customer support.
Time period
Billfactory saves and processes personal data contained in invoice data for more than seven years in accordance with law and these are deleted no later than ten years from the time their latest salary has been paid by us. What is saved is what is needed for statutory purposes such as the documentation required for accounting.
Company accounts are saved until they are deleted by the company. It is the company that is responsible for ensuring that the information entered by the company in the account is updated.
Personal data received by customer support is deleted after one year as a general rule and they are saved as long as they are for three years from the time they are received if they do not need to be saved for identified legal grounds for a longer period than that.
If you delete your account yourself, your data will be deleted promptly and always within 2 weeks from the time you deleted the account, provided that the data is not needed for legal purposes.
If you request that your information be deleted, we will do this within 2 weeks from the time you received the request, provided that we do not have to save the data due to legal obligations incumbent upon us.
Recipients and suppliers
Billfactory shares personal information with different recipients. This can, for example, be about different suppliers of IT systems.
Billfactory also discloses your personal information to other recipients such as authorities if we are required by law or authority to disclose your personal information.
Billfactory has a Facebook page and an account on Instagram where we communicate with the visitors who choose to comment. It is completely optional to comment, follow and communicate with us there. We use these functions in order to spread information, inform about news that we intend to be interesting for our visitors and that is also part of our customer support.
The personal information collected on our Facebook page and our Instagram account is the visitor’s username if it chooses to comment (username constitutes a personal information if it consists of the visitor’s name) and if personal information is provided in the comment. However, we advise our visitors not to provide personal information in comments on these social media. We refer personal issues to our customer support.
Facebook and Instagram save and process the personal data provided in accordance with what is stated in the respective service’s privacy policy. Suppliers can also collect personal information about the visitors for their own use, through cookies, and to know what these suppliers collect, we refer to their privacy policy and the information they have on their pages about what they are processing. For more information about cookies, please read our separate section on cookies, which also shows that you can set your browser so that your computer does not receive cookies.
Transfer to third party countries
Recipients and suppliers can be established both within the EU / EEA and in third countries. Third country is not bound by GDPR. If Billfactory transfers your personal data to a third country, we verify that there is an adequate level of protection in that country or that there are sufficient guarantees that the data and your rights are protected. Sufficient guarantees may be that the transfer is governed by specific contractual clauses that protect your rights or internal rules. The contractual clauses mentioned have a content that aims to ensure that the supplier lives up to the standards that GDPR requires and ensure that the data subject’s integrity is protected.
The countries that the European Commission has decided to have an adequate level of protection can be found at:
https://ec.europa.eu/The standard contract clauses approved by the European Commission, which we use, can be found at:
http://eur-lex.europa.eu/