Privacy Policy
Version: 27 October 2021
Version 1.0
General Confidentiality Acknowledgement
SIA NUMBERO APP (hereinafter—the “Company” or “we”) fully understands the importance of protecting the confidentiality and privacy of information flow, therefore personal data protection is one of the main priorities of the Company. This Privacy Policy sets out the key aspects of respecting the confidentiality of information and the lawful processing of personal data in the generation of invoices, delivery notes and other comparable accounting documents and their management services, as well as the overall operation of the Website (hereinafter in the Policy document referred to as the “Services”). We undertake to process personal data only as set forth in this Privacy Policy.
The operator of the website https://numbero.app (hereinafter—the Website) and, accordingly, the controller of personal data processing is the Company, which in its activities undertakes to comply with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and other laws and regulations if they are applicable to data processing. For the purposes of the General Data Protection Regulation, we, as a personal data controller, only intervene with regard to information provided by our customers that meets the definition of “personal data” in the Regulation. With regard to the business partners of Users registered on the Website (our customers) whose data the User uses in the course of providing our services, we act as a “processor” within the meaning of this term, in accordance with Article 4 (8) of the General Data Protection Regulation. This means that it is the User of the Website, as the controller of personal data, who is responsible for the lawfulness of the processing of personal data of his/her partners (or his/her customers). It also means that any person whose rights or interests in the processing of personal data are infringed is advised to apply directly to the personal data controller who uses our service and who independently assumes responsibility for the lawful processing of personal data. In turn, our liability as processors is limited to data security measures and responsibility towards the controller in the event of a security incident.
Information subject to processing
The Privacy Policy applies to all information submitted and processed using the Company’s services that is reasonably subject to confidentiality requirements or is considered personal data of a natural person (hereinafter—personal data). The processing of personal data does not take place (unless the use of cookies is taken into account) in cases where you use services we offer that do not require you to register a user profile or provide us with any personally identifiable information, such as browsing of information regarding the invoices and other accounting documents preparation options, service prices and other freely available information on our website.
In order to access the full range of services offered on our website, you must become a registered user, so the Privacy Policy applies to registered users who voluntarily provide their personal data information to the extent requested on the Website. In case of User registration, we need a minimum of information, which can be identified by data types as:
The information you voluntarily provide when registering for the Company’s service, where we ask you to create a User profile and provide a minimum amount of personal data (for example, name and surname, e-mail address, proof of legal age, etc.). In cases where a legal person registers as a User, then, according to the definitions of the General Data Protection Regulation, a legal person is not a subject of personal data. In addition, in the course of providing the Services, we also request credit card or other payment account information that we store in a secure manner that is not accessible to third parties.
Information from publicly available databases.
Credit institution account details. Information required to process your payments, such as a payment card number. Payment data is processed (to include storing) by the international payment platform Paysera (link to the privacy policy here—https://www.paysera.com/v2/en/legal/privacy-policy-2020 ).
Cookies. When you browse our website, one or more cookies are sent to your computer or other device that you are using to browse. A cookie is a small text file with configuration information that is stored on your computer or portable device. It identifies your browser and helps the Website to “remember” your actions and settings of the current user’s session. The purpose of using cookies is to improve the quality of our services, including maintaining user preferences, generating recommendations and following user trends. Our Website uses functional cookies and analytical cookies. Functional cookies are required for certain pages of the website to function, such as authentication cookies. Analytical cookies are used only for internal research and service improvement. The information associated with cookies is not used to personally identify you.
Audit record information (protocol data). When you access our Website Services, our servers automatically record the information that your browser sends us. These server audit logs may include information such as your browser’s request to open a website, Internet Protocol address, browser type, browser language, device screen resolution, date, time and place of visit, or other similar protocol data. This data is deleted after one month.
Communication with the Website User. Your e-mails or other communications to the Company are stored in order to work with your requests, respond to them, thus improving the quality of our services.
Additional information provided on a voluntary basis that is of a survey nature, such as gender, hobbies, or other data that you provide voluntarily but which is not directly necessary for receiving the services, and does not affect service availability, but may be used in accordance with Privacy Policy, such as statistics or for the purpose of improving services, as well as for the purpose of potentially organising competitions or lotteries for discounts on service fees.
This Privacy Policy applies only to services provided by the Company that use the data of natural persons or representatives involved in the interests of a legal person who are natural persons. We have no reasonable ability to influence the privacy practices of other websites that may contain links from the Website we maintain. Therefore, please be aware that other sites may place their own cookies on your computer, collect data or request personal information from you. We have no control over these processes.
The Website is not intended for children and children are not entitled to use the Company’s services. Protecting children’s privacy is very important, so we do not collect or store personal data from people we know to be under the age of 18. If, after registration, we become aware that a user is under the age of 18, we will take steps to delete the personal data submitted by that user from our databases and prevent that user from using the Website and receiving services.
Purposes of personal data processing
The Company processes personal data only for the purposes specified in this Privacy Policy and they are:
Implementation of website user and Company agreements
Provision of services offered by the Company;
Research and analysis of information system audit records in order to maintain the website, protect, and improve our services;
Providing the technological requirements for our website and services;
Protection of the rights, interests or property of website users and the Company;
Planning and development of innovative services.
For any use of your personal data for purposes other than those stated above, we will ask for your consent before processing the data.
The appropriate legal grounds for the processing of personal data are:
consent of the data subject (Section 6, Clause 1, Sub-clause a of the General Data Protection Regulation);
performance of a contract (Section 6, Clause 1, Sub-clause c of the General Data Protection Regulation);
compliance with a legal obligation (Section 6, Clause 1, Sub-clause f of the General Data Protection Regulation) (only with the consent of the data subject).
Principles of personal data processing
The Company strictly adheres to the following general principles of personal data processing activities:
restriction of the purpose of data processing—personal data are processed only for the above-mentioned purposes of data processing and purpose of use, or for activities which have been explicitly authorised by the data subject;
data quality and proportionality—the possibility to submit accurate personal data and, if necessary, update them in the user profile is provided (deviation from this principle is possible only with the unjustified or negligent action of the personal data subject him/herself in submitting or updating data). Personal data are requested within the required amount, they are applicable, taking into account the purpose of the processing;
Transparency—data subjects have a known and understandable opportunity to access their personal data in a user profile, which is important for data processing to happen in good faith;
Security—technical and organisational security measures are applied in the processing of data in accordance with the possible risk during the processing, including measures against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access directly or through malware;
Minimisation—data are regularly reviewed in order to delete data that are no longer needed for the purpose of processing.
Place and duration of processing personal data
The Company processes personal data lawfully on our servers in Latvia. In some cases, we plan to use servers for storing personal data also outside Latvia.
The duration of the processing of personal data depends directly on the purpose for which the data are received from the data subject. The maximum retention period for personal data is 5 years from the last time you visited your user profile. We may retain data for longer if a personal data subject’s complaint is filed and there is a possibility of litigation.
Transfer of personal data and information exchange
We may disclose non-personal aggregate statistical information to any user of the Website, such as the number of users on the Website or the number of users who have created their profile or clicked on any of the available service types on the Website Services Platform. Such information cannot identify you as an individual.
The transfer of personal data to other natural or legal persons outside the Company can only take place if we have obtained your voluntary consent.
However, we have the right to transfer personal data to third parties in order to:
ensure the fulfilment of an agreement under which the personal data used in your user profile may be fully or partially included in the accounting documents and disclosed to the recipient of the invoice,
comply with the requirements of the law, comply with imperative requests of courts or public authorities,
implement the terms and conditions of the services provided by the Company specified on the website, including investigating possible violations of these terms and agreements,
detect, prevent or otherwise deal with criminal, security, technological or certain procedural issues,
protect against the damage or threats to the rights, legal interests or property of the Company, the users of the Website to the extent required or permitted by law.
Individual personal data may be collected in the form of information that does not identify you, but which helps to improve the design of our site, process analytics data for site errors or use it for statistical analysis of marketing (for example, Google Analytics, Facebook Pixel, Bugsnag, Logrocket). For example, we may work with advertising companies to report the number of people who have visited our website, or the proportion of men and women, or the proportion of natural and legal persons who have registered User profiles in our Website. However, the information communicated does not in any way make it possible to identify specific persons.
Data security guarantees
In order to protect the information obtained on the website, prevent unauthorised access to personal data, maintain the accuracy of the data and ensure proper processing of personal data, the Company has implemented appropriate physical protection, electronic security, and data processing management procedures. At the same time, it must be noted that no security system is absolutely secure and that infringements against that system cannot be completely prevented.
Some information, such as user profile passwords, is stored encrypted in our databases. Registered users are independently responsible for ensuring the confidentiality of user profile passwords. We cannot be held responsible for access to, use or disclosure of personal data if such access is related to the theft or disclosure of a password, whether intentionally or negligently.
We cannot be held responsible for any further use of your personal data by third parties after we have legally transferred it to these third parties in accordance with the Privacy Policy. However, within reasonable limits, we require that third parties undertake to use personal data only in the provision of the relevant services or in the exercise of statutory functions and competencies.
The right to access and correct your information
Access to your personal data, which we store, is provided online by authenticating to your personal user profile. In your user profile, you are free to edit or update your personal data, change and edit the settings of the personal user profile, thus choosing the parameters for the public access of information or denial of access. This procedure ensures that personal information is kept up-to-date and, at the same time, it is protected to the extent you see fit.
If this does not affect the performance of mutual agreements, then you have the right to delete personal data, which takes place at the same time as your decision to delete a personal user profile on the Website.
Amendments to the Privacy Policy
The Company’s Privacy Policy may be subject to change, so this document may be amended accordingly. No significant changes are planned, but it cannot be ruled out that new findings may emerge in the practice or theory of personal data protection, which will inevitably affect this Privacy Policy, as well. At the same time, changes in the field of personal data protection are not expected to be significant, but even if they do occur, with utmost certainty they will not be aimed at reducing the rights of the personal data subject. Any changes to the Privacy Policy will be announced on our website.
Contact Information
If you have questions about this Privacy Policy or concerns about the security of your personal information, you can contact our specialists:
SIA NUMBERO APP
Eksporta iela 12-164, Riga, Latvia, LV-1045, tel. +371 28253335, e-mail: info@numbero.app