1. Data Controller Responsible for the Data
Invosy OÜ
Registry code: 16340821
City Center district, Harju County
Aia Street 4–16
0111 Tallinn
Estonia
Phone
Email klienditeenindus@invosy.com
2. Person Responsible for the Register
Weckström Jörgen
Email klienditeenindus@invosy.com
3. Name of the Register
Invosy Customer and User Register
4. Registered Individuals
The following individuals may be included in the register:
– Owners and employees of companies using Invosy software
– Website visitors
– Recipients of newsletters and marketing communications
– Partners and service providers
– Potential clients and business contacts
5. Purpose and Legal Basis for Processing Personal Data
Personal data is processed for the following purposes:
– Providing software services and managing user accounts
– Customer service and client communication
– Billing and contract management
– Marketing communication and newsletters based on consent
– Analysis of website usage and development of services
– Ensuring service security and preventing fraud
The legal bases for the processing of personal data are:
– Performance of a contract or preparation for entering into a contract
– Legal obligations arising from the law (for example, accounting requirements)
– Legitimate interest for developing services and ensuring security
– Data subject’s consent in the case of marketing and newsletters
6. Types of Data Being Processed
The following data may be stored in the register:
– Contact information: name, email address, phone number, company name, job title
– User account data: email address, password hash, and user account settings
– Billing information: invoices, payments, contracts, and payment history
– Communication data: customer service inquiries, messages, and support requests
– Usage data: logs, system usage information, and activity history
– Technical data: IP address, browser, device, and operating system
– Analytical data regarding website usage
7. Sources of Data
Personal data is mainly obtained from the following sources:
– Directly from the data subject when using the service or filling out forms on the website
– From communications arising during the customer relationship
– Automatically through the use of the service and the website
– From partners or public registers to the extent permitted by law
8. Regular Disclosure of Data and Data Processors
Personal data may be disclosed to the following parties for the purpose of providing the service:
– To government authorities, if required by la
– To IT and cloud service providers
– To hosting service providers
– To payment and accounting service providers
– To email and analytics platforms
– To other contractual partners necessary for providing the service
Personal data is not sold or disclosed to third parties for marketing purposes without the data subject’s consent.
9. Transfer of Data Outside the European Union
Data is primarily stored within the territory of the European Union or the European Economic Area.
If data is transferred outside the European Union or the European Economic Area, safeguards approved by the European Commission are used, such as standard contractual clauses or other appropriate legal mechanisms.
10. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes of processing or to comply with legal obligations.
Examples of data retention periods include:
– Accounting data: 6 years in accordance with the law
– Customer data: up to 2 years after the end of the customer relationship
– Marketing data: until consent is withdrawn
– Analytical data: according to the retention periods of the cookies and analytics tools used
After the retention period ends, the data is securely deleted or anonymized.
11. Principles for Protecting the Register
Technical and organizational security measures are used to protect personal data, including:
– Firewalls and encryption
– Secure authentication and access control
– Restricting access to data only to authorized personnel
– Regular system updates and security audits
– Logging and security monitoring
12. Data Subject Rights
The data subject has the following rights:
– To receive information about the processing of their personal data
– To access their personal data
– To request the correction of inaccurate or incomplete data
– To request the deletion of data if there is no legal basis for processing
– To restrict the processing of their data
– To object to the processing of their data
– To receive their data in a structured and machine-readable format (data portability)
– To withdraw their consent for marketing or other activities based on consent
– To file a complaint with the competent data protection authority
13. Submission of Requests
A data subject may exercise their rights by contacting us via email at klienditeenindus@invosy.com
Requests are reviewed and generally responded to within 30 days in accordance with applicable data protection regulations.