Privacy Policy
In accordance with the applicable legislation on the processing of personal data, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR), we hereby inform you:
DEFINITIONS:
SERVICE – INVOICEXPRESS LDA
- Service Provider/INVOICEXPRESS, LDA., a private limited company with registered offices at Avenida Duque D’Ávila, n.º 46, 3.º A, 1050-083 Lisboa, registered with the Lisbon Commercial Registry under the single registration and legal person number 508.025.338.
- USER – Natural or legal person who acquires/uses the Service
REGARDING USER DATA:
- Invoicexpress Lda, as the creator and provider of the SERVICE, guarantees that the USER’s personal data is collected for the purpose of being included in the Invoicexpress customer database for the purposes of commercial customer management, billing, marketing of products and services, customer contact, promotion, advertising and for statistical purposes.
- When the USER joins the SERVICE, he/she accepts and acknowledges that he/she will have to provide his/her personal data strictly necessary for the provision of the SERVICE; such data will be used exclusively for the aforementioned purposes.
- Under no circumstances will the USER’s personal data be disclosed or provided to third parties without the USER’s express consent, except in the cases provided for in the following point.
- Invoicexpress Lda will provide the USER’s account data to the competent authorities if this is required by law or if it is notified or judicially summoned to do so. Invoicexpress may also communicate your data to third parties in the event of non-compliance with the terms and conditions of use of the SERVICE, in order to exercise Invoicexpress’ rights in terms of civil, administrative or criminal liability.
- At any time, users may exercise their rights of access, rectification, deletion, limitation and/or portability by sending a written communication, accompanied by a document proving their identity and/or the data to be rectified, if applicable, to the following e-mail address: support@invoicexpress.com.
- Opposition to the processing of data referred to herein, which is communicated to Invoicexpress after the start of the processing, will only take effect from the date of receipt of such communication, without affecting the legitimacy of the processing carried out until then. Such opposition may mean that the SERVICE cannot be provided.
- With regard to exercising the right to data portability, please note that, under the terms of the applicable legislation, this only applies to data collected on the basis of your consent.
REGARDING THE DATA THAT THE USER PLACES ON INVOICEXPRESS:
- The USER, as the person responsible for processing the data that he/she places in the software for the use of the SERVICE, expressly declares and guarantees that: (a) The conditions of legitimacy laid down by law for the processing of data for which it is responsible have been met. (b) You will provide Invoicexpress with the necessary instructions for processing the data. (c) Only communicate to Invoicexpress the personal data strictly necessary for the performance of the services contracted with Invoicexpress. (d) Adopts the necessary technical and organizational measures to ensure that the data communicated to Invoicexpress is up-to-date and accurate. (e) Adopt the appropriate technical and organizational measures to guarantee the confidentiality and security of the personal data communicated to Invoicexpress, in order to prevent and avoid their accidental or unlawful destruction, alteration, accidental loss, unauthorized disclosure or access, in particular when they are transmitted over a network, and against any form of unlawful processing, in accordance with the categories of data processed. (f) It has implemented the appropriate procedures to satisfy the rights of data subjects. (g) It has implemented the appropriate procedures to comply with the obligations to notify the supervisory authority and data subjects in the event of a data breach.
- Invoicexpress, as provider of the SERVICE and subcontractor in the processing of personal data, guarantees to the USER that: (a) It shall process the data communicated to it by the USER only in accordance with the instructions transmitted by the USER, in accordance with the purposes for which the data was collected, and only to ensure compliance with the obligations assumed for the provision of the SERVICE and the execution of the operations provided for; (b) adopt the necessary and appropriate technical and organizational measures to ensure the confidentiality and security of the data and prevent their accidental or unlawful destruction, alteration, accidental loss, unauthorized disclosure or access, in particular where the processing involves their transmission over a network, and against any form of unlawful processing; (c) Keep a record of the data processing carried out on behalf of the USER, which shall contain at least the name and contact details of the USER, other subcontractors and, where applicable, the data protection officer and a description of the data processing carried out; (d) It shall limit access by its employees to the personal data communicated by the USER, and this shall only be granted to the extent that it is necessary for the performance of the respective duties entrusted to them within the scope of the provision of the services; (e) Ensure that employees who are given access to personal data are bound by confidentiality obligations in relation to such data and that they refrain from using it for any other purpose, for their own benefit or for the benefit of others; (g) Provide the USER with the necessary information to demonstrate compliance with its obligations as a processor of personal data.
- It is the USER’s responsibility to inform the data subjects, at the time of collection, of the purpose of the processing of this data and its communication to Invoicexpress, and, if necessary, to obtain consent for its processing.
- Invoicexpress undertakes to assist the USER, as far as possible, to enable the USER to satisfy the rights of the data subjects.
- In the event that data subjects submit requests to Invoicexpress for access, rectification, opposition, deletion or portability of their personal data, Invoicexpress undertakes to forward such requests to the USER as soon as possible to the e-mail address provided in the USER’s account details.
- Invoicexpress undertakes not to transfer the personal data to which it has access to third parties, not even for the purpose of storing it, except for the communication that is necessary from time to time in order to keep the systems (both hardware and software) secure, and always by signing an agreement that ensures that the third party complies with its obligations as a subcontractor.
- The USER should note that Invoicexpress uses suppliers located in the United States of America, so the data uploaded through the SERVICE may be processed in that country. Invoicexpress, when contracting these suppliers to carry out specific data processing operations on behalf of the USER, imposes on them the same data protection obligations as those set out in this privacy policy, in particular the obligation to provide sufficient guarantees that appropriate technical and organizational measures are in place so that the processing complies with the requirements of the GDPR.
- In any case, whenever Invoicexpress intends to subcontract third parties, or change the subcontracted third parties, it undertakes to inform the CLIENT of this fact. The information to be provided must include the identification of the third party, the data to be communicated to the third party and the security measures adopted to guarantee the security of the data.
- Invoicexpress undertakes to notify the USER, without undue delay after becoming aware of it, of any breach of personal data.
- Said communication must be accompanied by the relevant documentation enabling the USER, if necessary, to notify the competent supervisory authority.
- The USER shall be responsible for notifying the competent supervisory authority in the event of a breach of security.
- Invoicexpress undertakes to maintain complete and total secrecy and confidentiality with regard to the personal data it processes in the context of the provision of the SERVICE to the USER and to which it may have access during the execution of the provision of the SERVICE. Invoicexpress undertakes not to disclose, publish or disseminate said information by any means, either directly or through third parties, without the prior written consent of the USER.
- The USER undertakes to respect the confidential nature of the methods and procedures used by Invoicexpress in the provision of the SERVICE and assumes responsibility for the fulfillment of this obligation by its employees. The duty of confidentiality will not apply to information that is accessible to the general public.
- At the end of the provision of the SERVICE, Invoicexpress undertakes to return or destroy, as communicated by the USER, the personal data in its possession, regardless of the format in which they are stored, except for the minimum essential data that must be kept for the fulfillment of its legal obligations.
- Right to complain to the Control Authority. You have the right to complain to the supervisory authority in Portugal, the National Data Protection Commission, if you believe that InvoiceXpress is not complying with its legal obligations.
- External service providers. InvoiceXpress works with external service providers located in the European Union and the United Kingdom and, as such, your data may be processed outside the EU/EEA. By using these suppliers for the specific execution of the processing of some data, InvoiceXpress guarantees that these third parties are committed to the same data protection obligations as those set out in this privacy policy, in particular the obligation to provide sufficient guarantees with regard to the execution of appropriate technical and organizational measures so that the processing of data complies with the GDPR.
- Questions. Any doubts or questions regarding this privacy policy can be sent to privacidade@invoicexpress.com.
- InvoiceXpress may periodically update this Privacy Policy, as well as any other specific data protection and privacy statement. When making changes to this Privacy Policy, a new update date will be added. Date last updated: 30/06/2022