1. What does this policy describe?
This Privacy Policy (“Policy”)
contains information about the processing of personal data by Fakturownia Sp. z o.o. based in Warsaw, Poland (“Fakturownia”, “Website Operator”, “Controller”, “we”). The Policy sets out the types of personal data that Fakturownia collects, explains how and why Fakturownia collects and uses individual personal data, explains when and why Fakturownia will share personal data with other entities, and outlines the rights and possibilities of data subjects with regard to the processing of their personal data. The Policy also contains information on the use of cookies.
The Policy applies to you if you are:
- Website User, i.e. you are using our website available at InvoiceOcean.com or in an application dedicated to the relevant electronic device (“the Website”);
- The Client, i.e. the natural person conducting a business activity on the basis of an entry in the appropriate register of entrepreneurs, who has concluded a Services Agreement with Fakturownia, or the natural person representing the Client or authorised by the Client to log in to the Website and use the Services offered by Fakturownia, who makes his or her personal data available to us for this purpose, in particular through forms on the Website or elsewhere;
- Partner, i.e. a person participating in the Fakturownia Partner Program;
- Counterparty, i.e. you provide us with any products or services;
- Counterparty's Representative, i.e. you represent the entity providing the products or services to us;
- Candidate, i.e. you are taking part in the recruitment we are conducting;
- You are the recipient of marketing information, i.e. you have expressed a wish to receive marketing or commercial information from Fakturownia.
We process your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation – “GDPR”). This Policy implements in relation to you the information obligation under Article 13 and Article 14 of the GDPR.
2. Personal data controller
Fakturownia sp. z o. o. with its registered office in Warsaw, at ul. Juliana Smulikowskiego 6/8, 00-389 Warsaw, Poland entered in the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register under KRS number: 0000572426, REGON: 362333847, NIP: 5213704420, with the share capital of PLN 100,000.00, is the controller of your personal data if you are a Website User, Client, Partner, Recipient of marketing information, Counterparty or its Representative or Candidate. You can contact the Controller by:
- post – at Fakturownia sp. z o.o., ul. Smulikowskiego 6/8, 00-389 Warsaw, Poland;
- e-mail – at: info@invoiceocean.com
The Controller has appointed a Data Protection Officer. The Data Protection Officer can be contacted by:
- post – at Fakturownia sp. z o.o., ul. Smulikowskiego 6/8, 00-389 Warsaw, Poland;
- e-mail – at: info@invoiceocean.com
3. General information
The following terms have the following meanings:
- Policy – this Privacy Policy;
- Website Terms and Conditions – Website Terms and Conditions available at the following web address: https://invoiceocean.com/terms-of-service;
- Regulation – GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU.L No. 119, p. 1);
- Personal Data Processing Agreement / Personal Data Processing Terms and Conditions – the agreement concluded between the Client as a controller of such data and the Website Operator as a processor, concluded at the moment when the Client creates an Account on the Website. The Personal Data Processing Terms and Conditions constitute the Appendix 2 to the Website Terms and Conditions;
and all other capitalised terms not defined in this Policy shall have the meaning given to them in the Website Terms and Conditions.
4. What information are we collecting and from what sources?
If you are a Website User, we collect information provided by you when you log in (or by the Client who created your account) and recorded during your use of the Website. This includes, in particular, your email address, IP address, username, data contained in a suggestion published on the Suggestion Forum and information contained in cookies.
If you are a Client, we collect the data you provide to us when you set up an Account on the Website and use our services, including the data you submit to the Website via the API and the extensions you use. This data includes, in particular, your first name, surname, company, postal address, telephone number, email address, tax identification number, Personal ID Number and payment method data. Furthermore, we may use additional data provided by you or your device in order to provide the services and guarantee access to the offered functions of the Website within the browser and Native Application.
If you are a Partner, we collect your data which you provide to us when you issue a VAT invoice or bill which is the basis for the payment of remuneration for participation in the Partnership program. This data includes, in particular, your first name, surname, company, correspondence address, telephone number, e-mail address, tax identification number, date of birth, relevant tax office, Personal ID Number and bank account number.
If you are a Counterparty, we collect your data which you provide to us at the time of conclusion of the agreement, settlement of mutual services, as well as during other conversations, email exchanges and meetings. This data includes, in particular, your first name, surname, company, postal address, telephone number, e-mail address, tax identification number, Personal ID Number and bank account number.
If you are a Counterparty's Representative, we collect your data provided to us in the documents you send us, during conversations, email exchanges and meetings. This may include, in particular, your name, contact details, position and data concerning the entity you represent. Your data may also be passed on to us by the entity you represent both before, during and after you cease to work with us.
If you are a Candidate, we collect your data provided to us in the documents you send us, in particular your CV, during interviews, meetings and exchanges of correspondence. This may include, in particular, your name, contact details, experience, employment history, education. In particular, we may collect your data through recruitment portals and employment agencies.
If you are the Recipient of marketing information, we collect your data provided to us when you set up an Account on the Website or fill in our newsletter sign-up form. This data is the email address and telephone number to which we send marketing or commercial information.
5. Identification of the purpose and legal basis of the data processing
If you are a Website User, we process your data:
- in order to enable the Website Operator to provide electronic services via the Website to the extent that it makes the content or functionalities contained on the Website available to the Website Users (Article 6(1)(b) GDPR);
- in order to ensure the functioning of the Website, where the processing is necessary for the Controller's legitimate interest in using cookies necessary to ensure and maintain the correct functioning of the Website (Article 6(1)(f) GDPR);
- for analytical, statistical and marketing purposes, where the data processed from cookies is used to analyse the activity of Website Users, as well as their preferences, in order to improve the functionality and services provided, and to improve the functionality of the Website, on the basis of consent granted by the Website User (Article 6(1)(a) GDPR);
- in order to comply with legal obligations, in particular obligations arising from the need to handle breaches of personal data protection and to handle requests for the fulfilment of requests from data subjects (Article 6(1)(c) GDPR – fulfilment of a legal obligation incumbent on the controller);
- for the possible establishment, investigation or defence against claims, i.e. when the processing is necessary for the legitimate interest of the Website Operator in protecting its rights (Article 6(1)(f) GDPR).
If you are a Client, we process your data for the following purposes:
- to receive and respond to an enquiry (Article 6(1)(f) GDPR; legitimate interest – to provide contact and to fulfil enquiries);
- to conclude and execute the agreement between the Website Operator and you concerning the provision of services falling within the scope of a specific product or service offered by the Website, including the handling of the complaints process (Article 6(1)(b) GDPR – conclusion or execution of an agreement);
- to comply with legal obligations, in particular obligations under accounting and tax law (Article 6(1)(c) of the DPA – fulfilment of a legal obligation incumbent on the controller);
- to provide the contact or data needed for the performance of the Agreement with our Counterparties (providing additional services or integrations), Counterparty Representatives and Partners (Article 6(1)(f) GDPR – legitimate interest – to provide contact with the persons performing the Agreement or order);
- to investigate, establish possible claims or to defend against claims, including, for example, taking action in connection with the debt collection process (Article 6(1)(f) GDPR).
If you are a Partner, we process your data for the following purposes:
- to conclude and execute a public promise made by the Website Operator concerning the Partnership program operating on the Website (Article 6(1)(b) GDPR – conclusion or execution of an agreement);
- to comply with legal obligations, including obligations under accounting and tax law (Article 6(1)(c) of the DPA – fulfilment of a legal obligation incumbent on the controller);
- to handle the complaints process (Article 6(1)(b) GDPR);
- to ensure contact with our Counterparties, Counterparty’s Representatives and Clients (Article 6(1)(f) GDPR – legitimate interest – to ensure contact with those executing the Agreement or order).
If you are a Counterparty, we process your data:
- to receive and respond to an enquiry (Article 6(1)(f) GDPR; legitimate interest - to provide contact and to fulfil enquiries);
- to conclude and execute the agreement between the Website Operator and you concerning the provision of services by you or the Website Operator (Art. 6(1)(b) GDPR – conclusion or execution of the agreement);
- to comply with legal obligations, including obligations under accounting and tax law, as well as obligations arising from the need to handle breaches of personal data protection and to handle requests for the fulfilment of requests from data subjects (Article 6(1)(c) of the DPA – fulfilment of a legal obligation incumbent on the controller);
- to investigate, establish possible claims or to defend against claims, including, for example, taking action in connection with debt collection process (Article 6(1)(f) GDPR – implementation of the controller's legitimate interest).
If you are a Counterparty's Representative, we process your data in order to pursue our legitimate interests relating to the conclusion and performance of the agreement with the Counterparty you represent, the maintenance of business relations and ongoing contact, the conduct of marketing activities, as well as the assertion and defence of claims (Article 6(1)(f) GDPR – fulfilment of the controller's legitimate interests).
If you are a Candidate, we process your data:
- for the purposes related to ongoing recruitment, or for the use of submitted application documents for future recruitment, on the basis of your consent (insofar as it is a valid and effective basis for data processing) (Article 6(1)(a) of the);
- in order to comply with legal obligations (Article 6(1)(c) of the GDPR), insofar as we are obliged to request personal data from you as defined by the Labour Code;
- in order to pursue our legitimate interests, i.e. for the purposes of verifying your qualifications, including carrying out tests to assess your suitability for a specific position, as well as for internal administration purposes, ensuring security or handling possible claims (Article 6(1)(f) GDPR).
If you are the Recipient of marketing information, we process your data:
- for marketing purposes, such as carrying out promotional and image-building activities, presenting and sending information on the services offered by the Website Operator, using the communication channel of your choice (email, sms, telephone contact) on the basis of your consent (Art. 6(1)(a) GDPR – consent of the data subject).
6. Categories of recipients
When it is necessary for the purposes for which we process your personal data, we may transfer your personal data:
- to persons or companies providing services to us, including but not limited to IT, telecommunications, data security, marketing, legal, accounting, who process your personal data on our behalf;
- to entities authorised to process your personal data by law (courts, state authorities, etc.);
- to entities providing online payment services on the Website and providers of certain other services integrated with the Website;
- to companies affiliated with the Website Operator for the purposes of Client service, development and maintenance of the Website.
A list of selected recipients to whom we may transfer your personal data is available at the end of this document.
Each time, we transfer your personal data, it will be in full compliance with the generally applicable legal provisions, and we will ensure that your shared or entrusted data is only transferred to the extent necessary to fulfil the purposes of the processing.
Your personal data may be transferred to third countries, i.e., outside the EEA (European Economic Area), to the company Twilio Inc. with its registered office at 101 Spear Street, Ste 500 in San Francisco, United States of America (CA 94105), in order to enable the use of the Sendgrid mailing service provided by the aforementioned company. The legal basis for the transfer of data is the Standard Contractual Clauses adopted by the European Commission between the above-mentioned company and the Invoice House. For details of the safeguards applied, please refer to the information provided on the website https://www.twilio.com/legal/data-protection-addendum under “Schedule 3 – Cross Border Data Transfer Mechanisms”.
7. Data retention period
The period for which the Website Operator processes your personal data depends primarily on the purpose for which your data are processed. As a general rule, the Website Operator processes data for as long as they are necessary for the purpose for which the data were collected or until you withdraw the consent on the basis of which certain data were processed.
If you are a Website User, we will retain your personal data for as long as necessary to fulfil the purpose for which the data was provided to us, but no longer than until you object to the processing of your personal data for that purpose or until you withdraw the consent on the basis of which certain data was processed.
If you are a Client or Partner, we will keep your personal data for as long as necessary to fulfil the purpose for which the data was provided to us (performance of the agreement concluded with you). After this period, we will keep your data for the time resulting from legal requirements (e.g. the obligation to keep financial records for 5 years), statutes of limitation on claims (6 years, and in any case 3 years for the statute of limitation on claims arising from business activities) or necessary for the other purposes of processing indicated herein. In any case, we will process your personal data for the period necessary to fulfil the purpose and comply with all the obligations imposed on us by the agreement between you and us. Where justified, we will keep your personal data for as long as it is necessary for our legitimate interests.
If you are a Counterparty or Counterparty's Representative, we keep your data for the duration of the agreement concluded with you or the entity you represent. After this period, to the extent necessary, we keep your data for the time resulting from legal requirements (e.g. the obligation to keep financial records for 5 years), statutes of limitation on claims (3 years for the statute of limitation on claims arising from business activities) or necessary for the other purposes of data processing indicated in this document.
If you are a Candidate, we will retain your data until the recruitment process ends, unless you have given us permission to process it for future recruitment processes. In that case, your data will be retained for a period of 3 years. In relation to personal data processed on the basis of your consent, we will process it for no longer than until you withdraw the consent you have given.
If you are the recipient of marketing information, we will retain your data until you withdraw the consent you have given us to process it.
Where justified, we will retain your personal data for as long as it is necessary for our legitimate interests. After the expiry of the processing period, the data is irreversibly deleted or anonymised by the Website Operator.
8. Client rights in relation to the processing of personal data
In accordance with the Regulation and under the conditions set out therein, you have:
- The right to withdraw consent to the processing of personal data
If we process your personal data on the basis of your consent, you may withdraw this consent at any time. Withdrawal of consent has effect from the moment consent is withdrawn. The withdrawal of consent does not affect the lawfulness of the processing we have carried out on the basis of consent up to the moment of withdrawal.
The withdrawal of consent does not entail any negative consequences for you, but it may prevent you from continuing to use the services or functionalities offered by us, which we can legally provide only with consent. You can withdraw your consent by contacting us at: info@invoiceocean.com.
- The right to access your data and to receive a copy of your data
You have the right to obtain from us confirmation as to whether we are processing your personal data and, if so, you are entitled to obtain access to your personal data and information about the purposes of the processing, the categories of data processed, the recipients or categories of recipients of the data, the intended period of data retention or the criteria for determining it, your right to request us to rectify, erase or restrict the processing of your data and to object to such processing, your right to lodge a complaint with a supervisory authority, the source of your data (if it is not from you) and automated decision-making, including profiling. You also have the right to obtain a copy of your personal data.
If your personal data is transferred to a third country or an international organisation, you also have the right to be informed of the appropriate safeguards referred to in Article 46 of the GDPR relating to the transfer.
- The right to rectification (amendment) of your data
You have the right to request us to immediately rectify personal data concerning you that is incorrect and to complete incomplete data.
- The right to erasure
You have the right to demand that we immediately erase personal data concerning you if:
- your personal data is no longer necessary for the purposes for which the data was collected or otherwise processed;
- you have objected to our processing and there are no overriding legitimate grounds for the processing;
- you have objected to us processing your personal data for direct marketing purposes;
- your personal data is being processed unlawfully;
- your personal data must be deleted in order to comply with a legal obligation.
The right to erasure of personal data is not absolute and will not apply in the cases enumerated in Article 17(3) GDPR (e.g. to the extent that the processing is necessary for the establishment, investigation or defence of claims).
- The right to restrict processing
You have the right to request us to restrict the processing of your personal data if:
- you question the accuracy of your personal data – for a period allowing us to check the accuracy of the data;
- our processing of your personal data is unlawful and you object to the erasure of your personal data, requesting instead a restriction on its use;
- we no longer need your personal data for the purposes of the processing, but you need them to establish, assert or defend your claims;
- you have lodged an objection to the processing of your data – until it is determined whether the legitimate grounds on our side override the grounds for your objection.
- The right to data portability
You have the right to receive from us your personal data that you have provided to us and to send this data to another controller of your choice, provided that our processing of your personal data is carried out for the purpose of entering into an agreement or performing the agreement (Article 6(1)(b) GDPR) and the processing is carried out by automated means.
Insofar as this is technically possible, you also have the right to request that the personal data concerning you be sent by us directly to another controller.
- The right to object
You have the right to object at any time – on grounds relating to your particular situation – to the processing of personal data concerning you, insofar as we process it on the basis of our legitimate interest (Article 6(1)(f) GDPR). In this case, we will no longer be able to process the data unless we can demonstrate the existence of valid legitimate grounds for the processing which override your interests, rights and freedoms or grounds for the establishment, assertion or defence of claims.
- The right to object to profiling
You have the right not to be subject to a decision which is based solely on automated processing of your personal data, including profiling, and which produces legal effects or, similarly, affects you in a significant manner. We do not process your data in this manner without your consent.
- The right to lodge a complaint with a supervisory authority
Whenever you consider that our processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority, i.e. the President of the Data Protection Authority.
How can you make your request?In order to exercise the above rights, contact us by post or at the email address indicated in section 2 of the Policy.
How soon will we comply with your request?We will provide you with information about the action taken regarding your request concerning your rights without undue delay, but no later than 1 month after receipt of the request. Due to the complexity of the request or the number of requests, we may extend this period by further two months, of which you will be informed in advance.
9. Are you required to provide us with your data, and if not, what is the source of the data in the event that it does not originate from you?
Your provision of personal data is in principle voluntary, but please note that refusing to provide it may prevent us from fulfilling the purposes for which the data is collected, e.g.:
- to make it impossible or significantly more difficult to contact you or to provide you with the offer you have requested;
- to make it impossible to conclude or perform the agreement with you.
If you have not provided us with your personal data directly, it is likely to have come from the entity you represent (usually the Client) or we have received it as a result of your use of one of the integrations via the API. Your personal data may also come from publicly available sources, such as the Central Business Register and Information or the National Court Register.
11. Cookies policy and pixel tags
The Website and the Native Application use so-called cookies – i.e. small text files with information used by websites connecting to the Website User's browser. When using the Website or Native Application, the Website Operator collects and saves information from the Website User's browsers, which may contain personal data. The Website Operator obtains this information using cookies and pixel tags. Cookies make it possible to identify the software used by a Website User and to customise the Website individually for each Website User. The cookies we use are safe for the Website User's device, and in particular, it is not possible for viruses or other unwanted software or malware to enter the Website User's device through such means.. At any time, the User may block or delete cookies stored on their computer or mobile device. The method of deletion varies depending on the web browser used.
The installation of cookies is necessary:
- for the purpose of the correct provision of our services through the Website or Native Application. The cookies contain information necessary for the proper functioning of the website, in particular those requiring authorisation;
- to adapt the content of the Website to the individual preferences of the Website User, above all these files recognise the User's device in order to display the pages in accordance with the User's preferences;
- preparing statistics which help us learn about the preferences and behaviour of Website Users. Analysis of these statistics is anonymous and allows us to adapt the content and design of the site to prevailing trends; statistics are also used to assess the popularity of the website.
The following types of cookies are used on the Website and Native Application:
- session files – these are files that are stored on the Service User's terminal equipment until they leave the Website or Native Application;
- permanent – are those files that are active on the Website User's or Native Application's device until they are deleted by the User, which can be done by the User at any time. The User of the Website or Native Application has the right to make use of the options offered by each browser to view, delete and restrict and control the acceptance of cookies, as described below. For further information, you may consult the help or privacy/security settings of the browser you are using. However, deleting cookies may affect the correct operation of the Website or Native Application and their functionality;
- analytical cookies, which are cookies that enable us to better understand how the Website User interacts with the content of the Website or Native Application and to better organise their layout. Analytical cookies collect information about the Website User's use of the Website or Native Application, the type of page from which the Website User was redirected, and the number of visits and the duration of the Website User's visit to the website. This information does not record specific personal data about the Website User, but is used to compile statistics on the use of the website;
- technical – necessary for the proper functioning of the Website, i.e. temporary files storing the Client's session and enabling and improving the functioning of the Website;
- external – posted by external services used by the Website Operator, which are not under the Operator's control (e.g. social networks);
- statistical – files enabling the keeping of statistics on the Website;
- advertising – in the case of advertising campaigns, in order to tailor advertising to the Client and to remember its settings.
A list of all cookies used by InvoiceOcean.com is available below -
Click here to update cookie consent.
The automatic settings for the most frequently used browsers can be changed according to the instructions at the following addresses:
The deletion or blocking of cookies may affect the availability of the functionalities of the Website or Native Application, the correctness of the display and the loss of preferred web page settings. At the same time, the Website Operator declares that blocking or restricting the access of cookies to your device may adversely affect the functionality of the Website or Native Application.
Cookies and pixel tags may also be used by third parties (e.g. Google, Facebook) to provide their own content or advertisements on websites or portals based on records from these cookies and pixel tags.
12. Amendments to the Policy
The Policy is kept under review and updated as necessary. The current version of the Policy has been adopted and is effective from 7.04.2023.