Updated May 25, 2018
What is the GDPR?
The General Data Protection Regulation is Europe’s new transformative data protection law which regulates the collection, use, transfer and storage for EU individuals. The new regulations are effectively a harmonization of previous data protection laws across the European Union and are designed to provide stronger control of personal data as well as rights transparency over how your data is used. The GDPR will come into force as of the 25th of May, 2018.
The GDPR specifically applies to customer data which contains personal identifying information. Examples of personal data under the GDPR includes names, ID numbers, locations and online identifiers, such as Internet Protocol (IP) numbers, cookies and addresses.
Whilst the GDPR relates to customers in the EU, any company that does business with EU residents will be subject to GDPR.
Four core changes the GDPR introduces
- Companies must have a valid reason (a lawful basis) for why they ask for personal data and must have your consent to collect the data.
- You have more control over the data that is collected on you. For example, you have the right to know why your data is being collected, how it is being used and the length of time your data will be stored.
- Companies collecting your data are required to keep personal data secure, to have processes in place for handling personal data and for reporting data breaches.
- You must have access to information on the purpose of how your data is used and stored. (This information is available in Invoice2go's Privacy Notice). If you are located in the EU, you must be provided with a data processing agreement from a company collecting your data. Invoice2go will be sharing a pre-signed agreement with our EU customers on May 25th, 2018.
Changes to our Privacy Notice
Our Privacy Notice has been updated to ensure that it meets the new requirements for data privacy and explains in clear language what information we collect, how we use it, and the choices and controls you have in regards to this. You are able to review our Privacy Notice here on the Invoice2go website.
Is Invoice2go GDPR ready?
Invoice2go has reviewed and updated our data handling procedures as well as data policies including our Privacy Notice, and will be ready for GDPR on May 25th, 2018 when the new regulations become effective. We strongly encourage you to read through our updated Privacy Notice for more information on your personal data. We will also be sharing a link via email to our pre-signed Data Processing Agreement with EU customers on May 25th, 2018.
How does the GDPR change my data protection rights?
The GPDR significantly enhances your right to:
- View what personal details are being stored about you
- Update, correct and export your data
- Request your data be deleted under the 'right to be forgotten' regulations
- Provide consent for businesses to collect data
- Withdraw consent at any time to use of your data
What is Invoice2go doing to protect my personal data?
Invoice2go is committed to:
- Ensuring we have appropriate security measures in place to protect your personal data
- Ensuring we only request and process data that is necessary to provide our service
- Ensuring we are transparent about how we use your data
- Ensuring data storage limitations so that your data is deleted when it is no longer needed.
Further details of our commitments to processing your data can be found in our Privacy Notice and in our Data Processing Agreement which will be shared as a link in an email with EU customers on May 25th, 2018.
Why is my data being collected and how do you use my data?
We collect and use your personal data to do carry out some of the following activities:
- To provide you with access to our products and services, including access to specific app features and functionality
- To diagnose or fix technical issues and deliver customer service
- To control unauthorized use or abuse of the Service and our other products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal;
- To analyze usage trends - such as product feature usage - which allow us to improve the service and product we provide you
- To communicate directly with you. Examples we might communicate with you are to send you notification of an invoice being paid or overdue, or emails regarding a new product feature that is being rolled out in our app.
A full list of the ways we use your data can be found in section 3, "How we use the information we collect" in our Privacy Notice.
Are you changing who you share my data with?
No. The new data regulations have been introduced to provide customers with more clarity around how their data is used, and ensure that companies are appropriately collecting, using and storing your data. We have updated our Privacy Notice to meet these requirements. We will shortly be sharing a link in our Data Processing Agreement and on our website with a list of all companies that process your data. Any company that processes data on Invoice2go's behalf is required to sign a Data Processing Agreement with us to ensure they uphold the same standards we provide to you.
What kind of security measures to you use to protect my data?
We have a number of security measures in place to ensure your data is securely stored. Examples include:
Access Control - Controls to specify authorized individuals permitted to access personal data and the use of video surveillance and alarm devices with reference to access areas
System Access Control - All systems processing personal data are password protected and provides dedicated user IDs for authentication. We also log all access to systems and review those logs for security incidents.
Data Access Control - We restricted access to files and programs based on a "need-to-know-basis” and have controls in place to prevent use of unauthorized software. We also have processes in place for the safe and permanent destruction of data that are no longer required.
Organizational Requirements - We obtain commitment from our employees to maintain confidentiality and provide guidelines on data privacy and data security and management of security incidents.
Is my data or my customer's data being shared with online advertisers?
Whilst third party ad networks, social media companies, and other third party services are able to collect information about your browsing behavior through cookies, social plug-ins, or other tracking technology, Invoice2go will not share information about your business or your clients with online advertisers or third party tracking services. You are able to "opt out" the collection of any information (including browsing data) through cookies or other tracking technology by managing the settings on your browser or mobile device.
To learn more about cookies and related technologies and how you can opt-out of some of this tracking, you may wish to visit http://www.allaboutcookies.org or the Network Advertising Initiative’s online resources, at http://www.networkadvertising.org.
Does the GDPR require personal data to be stored in a specific location?
The GDPR does not place restrictions on the location or transfers of personal data. More information about how we store, process and transfer your data can be found in our Privacy Notice in Section 7 - How we store and protect our information.
Have more questions?
Feel free to submit a Support request and our Customer Support team would be happy to help with any questions you might have.