Privacy Policy

Effective Date: 26.02.2025

1. Introduction

Welcome to InvoicePay, an invoicing and payroll solution designed for light entrepreneurs in Finland. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and applicable EU data protection laws.

2. Data Controller

InvoicePay, located in Finland, is the data controller responsible for processing your personal data. If you have any questions or concerns regarding your personal data, you may contact us at:

support@invoicepay.fi

3. Information We Collect

We collect and process the following types of personal information:

  • Identifying Information: Name, personal identification number (hetu)
  • Contact Information: Email, phone number
  • Authentication Information: Email, password
  • Financial Information: Tax information, bank account number
  • Business Information: Customer information, billing information
  • Verification Information: Documents for verifying identity (if required)
  • Expense Information: Expense claims and related documents

4. Purpose of Processing

We process personal information for the following purposes:

  • User Identification: Name and personal identification number are needed for user identification and tax information retrieval from authorities (e.g., Tax Administration).
  • Communication: Email and phone number are used for important notifications, reports, marketing campaigns, and customer support.
  • Authentication and Security: Email and password are needed for account management and secure login.
  • Payroll Calculation: Tax information is retrieved from the Tax Administration and used only for payroll calculation.
  • Billing: Customer information is processed for correct billing and sending.
  • Payroll Payments: Bank account information is used for payroll payment to the user's account.
  • Identity Verification: If a user is required to provide identity verification or other documents, they are used only for identity verification.
  • Expense Handling: If a user reports expenses and attaches documents, the information is processed for claiming and verifying vero-free expense claims.

5. Legal Basis for Processing

The processing of personal information is based on the following legal bases:

  • Performance of Contract: Processing is necessary for the performance of our invoicing and payroll services.
  • Compliance with Laws: Compliance with Finnish and EU tax laws.
  • Legitimate Interest: Petitioning, security, and customer service.
  • Consent: Marketing communications if the user has given consent.

6. Retention of Personal Information

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, and to resolve possible disputes. Retention periods may vary depending on legal requirements.

7. Sharing and Third Parties

We may share personal information with the following parties:

  • Authorities: For compliance with Finnish and EU tax laws (e.g., Tax Administration for tax information).
  • Payment Service Providers: For payroll payment processing.
  • Service Providers: Those assisting us in providing our services (e.g., cloud storage, customer service tools).
  • Legal or Regulatory Authorities: If required by law or to protect our interests.

We do not sell or rent your personal information to third parties.

8. Security

We use appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, misuse, or alteration. These measures include encryption, access control, and secure data storage.

9. User Rights

Under GDPR, you have the following rights:

  • Access to Information: You can request access to your personal information.
  • Correction of Information: You can request correction of inaccurate or incomplete information.
  • Deletion of Information: You can request deletion of your information, unless law requires its retention.
  • Restriction of Processing: You can request restriction of processing of your information in certain situations.
  • Data Transferability: You can request transfer of your information to another service provider.
  • Withdrawal of Consent: You can withdraw consent given for marketing communications at any time.

To exercise these rights, you may contact us at [Insert Contact Information].

10. International Transfers

If we transfer your personal information outside the European Economic Area (EEA), we ensure appropriate safeguards, such as standard contractual clauses (SCC), to ensure the security of the transfer.

11. Cookies and Tracking

We may use cookies and similar tracking technologies for improving user experience and website traffic analysis. You can manage cookie settings in your browser.

12. Privacy Policy Updates

We may update this Privacy Policy from time to time. We will notify you of significant changes on our website or through other communication channels. We recommend that users review this policy regularly.

13. Contact Information

If you have any questions or concerns regarding this Privacy Policy, please contact us:

asiakaspalvelu@invoicepay.fi