Privacy policy
SimplBooks OÜ, registry code 12213296, registered address Sõpruse pst 151, Tallinn, 13417, Estonia (hereinafter ‘We’, ‘Our’, ‘Us’) operates the SimplBooks platform available at https://www.simplbooks.ee/, through which users are provided access to the accounting software that facilitates the accounting process and offers a clear overview of the company’s finances.
These Privacy Terms regulate, on the one hand, Our actions as the controller of Your personal data and, on the other hand, Our actions as the data processor in the meaning of the General Data Protection Regulation (EU) 2016/679. To the extent that the Privacy Terms regulate Our actions as the data processor, they shall constitute the contract entered into by and between the user of the platform and Us on the transfer of personal data, in the meaning of Article 28 of the General Data Protection Regulation.
We confirm that when processing any data, We comply with the requirements arising from the General Data Protection Regulation (EU) 2016/679.
In these Privacy Terms the following words and phrases are used in the meaning set out below:
‘You’ means a legal or natural person who uses Our Platform, and has agreed with the general terms and conditions of the Platform and the services provided thereon.
‘Data Subject’ means an identified or directly or indirectly identifiable natural person, whose personal data You transfer when using the software of the platform.
‘Personal Data’ means any information about the Data Subject or You, which You disclose on the platform.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Personal Data Breach’ means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
‘Service’ is the accounting software service provided to You via the SimplBooks platform.
‘Terms and Conditions’ are the general terms and conditions of the SimplBooks service, which regulate Your use of the SimplBooks platform, the software and the Services.
1. Our Actions as Your Personal Data Controller
Personal Data Collected about You
We collect and process Your Personal Data, which You have voluntarily provided Us on the platform. You understand that disclosure of any Personal Data to Us is voluntary, but should You not disclose such data, You will not be able to use the SimplBooks platform, and the Service provided thereon.
In order for You to be able to use the Service, We collect and process the following personal data about You: name, e-mail address, information about the legal person You represent, and their business (the company’s name, registry code, home country, contact information for sending invoices, country-specific taxpayer’s number), other data that You decide to disclose to the platform about Yourself or the company connected with You.
2. Purpose and Legal Basis of Collection of Personal Data
We process Your Personal Data only for purposes set forth in law or these Privacy Terms, inter alia, for the following purposes: for creating a personal user account for You, for identifying and contacting You, for the provision of the platform services, support services, for sending marketing messages, for conducting customer satisfaction surveys, as well as for performing obligations arising from law.
We process Your Personal Data on the following bases: on the basis of a contract in order to provide You the platform service, incl. to create an access to the platform; on the basis of Our legitimate interest or the legitimate interest of a third party in order to identify and investigate violations, incl. fraud committed on the platform, and for sending personalised marketing messages; on the basis of Your consent given to Us for the performance of a respective legal obligation.
Moreover, if You do not wish to receive personalised marketing messages from Us, You may prohibit Us from using Your Personal Data for this purpose, by sending Us a respective written notice to support@simplbooks.ee.
3. Transfer and Storage of Personal Data
We may transfer Your Personal Data to third persons, e.g. the auditor, a legal service provider, or any other person who provides Us services. We may also transfer Your data to other companies within Our Group. We have taken all measures at Our disposal to ensure that the above referred third parties safeguard confidentiality and security of Personal Data.
Third parties to whom We transfer Your Personal Data may be located outside the European Economic Area, in countries that have adopted different personal data protection regulations, and in respect of which the European Commission has taken no decision on the adequate level of data protection. Due to inadequate level of data protection, such countries might not ensure the same level of security of personal data (incl. protection against abuse, unauthorised access, disclosure, modification or loss) as the European Union. If Personal Data are transferred beyond the European Economic Area, We shall ensure that appropriate security measures are applied. If You wish to receive information about the applicable measures of protection, please notify Us of Your wish.
When Personal Data are transferred to the United States of America, We shall make sure that the third-party recipient of the data is certified pursuant to the EU-US Privacy Shield Program agreed by the U.S. Department of Commerce and the European Union. Additional information about the EU-US Privacy Shield Program may be found on the website of the U.S. Department of Commerce www.privacyshield.gov.
We take necessary organisational, physical, and IT-security measures to ensure that personal data disclosed on the platform are protected against any misuse, unauthorised access, disclosure, modification or loss. The servers and systems of the platform are protected against unauthorised access with firewalls, passwords, and other technical and organisational means. Access to personal data is provided only if it is required for the processing of data. All persons processing personal data are bound by a confidentiality agreement. Our employees’ access to personal data is based on the role-specific user management process, where each employee is given access only to the extent it is connected with their duties.
We store Your Personal Data for as long as this is required or permitted by law, but in any case, no longer than is reasonably needed by Us for the purposes for which Personal Data were collected or processed, such criteria may include, inter alia, storage of Personal Data until the expiry of the limitation period of any potential claims.
We apply reasonable measures in order to ensure reliability and accuracy of Personal Data.
4. Your Rights Regarding Collection of Personal Data
In connection with the collection of Personal Data You have the right:
- to apply for access to the Personal Data collected about You, and request a copy of Your Personal Data;
- to apply for rectification, updating or erasure of Your Personal Data;
- in cases set forth by law, to apply for restriction of the processing, collection and use of Personal Data;
- to contact the Data Protection Inspectorate if Your rights have been breached.
5. Cookies
On Our platform We use cookies and other similar technologies in order to improve the functionality of Our platform, and the quality of services offered thereon.
A cookie is essentially a text file that is stored in Your computer, smartphone or other equipment. A cookie is a small text file saved into Your equipment for collecting useful information and for remembering You.
On the platform We use temporary, i.e. session cookies, which are deleted when You leave the platform or shut Your web browser. We use session cookies for ensuring certain functionalities of the platform (e.g. for logging in).
You may block the use of cookies, restrict their use, or remove cookies from Your web browser at any time. However, You should take into account that as cookies are essential for ensuring full and smooth functioning of Our platform, any restriction of their use could affect the usability or functioning of the platform.
Additional information about the use of cookies, and about disabling cookies can be found on the website www.allaboutcookies.org.
Our Actions as Your Personal Data Processor
In order to provide You the Service, We may need to process Personal Data of Data Subjects in Your name, but We shall do it only within the scope and in the manner needed to perform the duties You have assigned to Us. The Service that We provide to You is described in more detail in Our Terms and Conditions of the Service.
These Privacy Terms establish the terms and conditions applicable to the processing of Personal Data of Data Subjects in order to ensure that the processing of Personal Data is in compliance with the provisions of the legislation governing data privacy, and that the rights of Data Subjects are protected in this process.
6. Processing Activities
We warrant that We do not process any Personal Data of Data Subjects disclosed to Us for any purposes (incl. commercial or personal purposes) other than for providing You the Service.
We commit Ourselves under these Terms to ensure that all Our employees or third persons who We use to provide You the Service satisfy the requirements established by the legislation governing data protection, incl. comply with the confidentiality obligation. Furthermore, We shall notify You forthwith if We cannot ensure such compliance for any reason whatsoever.
We shall also notify You promptly of any of the following:
- Legally binding requests of law enforcement authorities for the disclosure of Personal Data, unless We are prohibited from disclosing the fact under e.g. from criminal law, the purpose of which is to protect confidentiality of investigative activities;
- Accidental or unauthorised access;
- Requests submitted by a Data Subject.
7. Transfer of Personal Data
By agreeing with these Privacy Terms, You give Us Your authorisation for transferring Personal Data of Data Subjects in accordance with the provisions set out in these Privacy Terms.
Involvement of new Personal Data recipient is only permitted with Your prior consent. When Personal Data are transferred to a third party, We shall conclude with that third party an agreement with essentially similar content, to ensure appropriate processing of Personal Data. If such third party who processes the Personal Data fails to observe the requirements set out by the legislation governing data protection, or does not fulfil the agreement concluded with Us, We shall be liable to You for the performance of the requirements and obligations set forth by the legislation governing data protection.
8. Applied Safety Measures
We warrant that We have taken all appropriate technical and organisational measures to ensure that the processing complies with the requirements set forth by the legislation governing data protection, and that rights of data subjects are protected. We shall make every effort to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data.
In order to guarantee the same, We have implemented the measures set out in these Privacy Terms.
At Your request We shall make available to You any information necessary to demonstrate the application of the respective technical and organisational measures. We shall, inter alia, offer You a possibility of arranging audits, which are necessary to verify the application of such measures. Any expenses connected with the above, incl. with the arrangement of the audit, shall be borne by You, and We shall have the right to demand that You compensate Us for any direct and indirect costs resulting from the performance of such obligations.
9. Personal Data Breach
In the event of any Personal Data breach, We shall notify You thereof without undue delay, and shall cooperate with You in any way necessary. In doing so, We shall notify You of any Personal Data breaches in the following manner:
- We shall describe the nature of the Personal Data breach, and, if possible, identify the approximate number of Data Subjects affected, as well as the categories and the approximate number of the respective personal data entries;
- Provide the name and contact details of the contact person from whom more information can be obtained;
- Describe the potential consequences of the Personal Data breach;
- Describe the measures taken or proposed to be taken by the Us to address the Personal Data breach, including, where appropriate, measures to mitigate its potential adverse effects;
- Describe the possible measures that We can apply to mitigate the potential negative effects of the Personal Data breach.
10. Liability
We are not liable for any damages caused by You upon the fulfilment of these Terms, if such damages have occurred as a result of Your wrongful conduct in processing of Personal Data.
11. Miscellaneous Provisions
The data transfer contract terminates automatically, when the contract We have concluded with You for the provision of the Service terminates. The Parties agree that upon the termination of the contract We shall return to You all Personal Data that You have provide Us, as well as any copies made of them.
Should You have any questions concerning processing of Personal Data, You are kindly asked to contact Us at support@simplbooks.ee.
Last changed: 29.04.2019
