iInvoice LogoiInvoice

GDPR Compliance

Last updated: May 9, 2025

1. Introduction

This GDPR Compliance statement explains how iInvoice ("we", "us", or "our") complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Union (EU) and European Economic Area (EEA).

2. Data Controller

iInvoice acts as a data controller for the personal information we collect and process through our Services. As a data controller, we determine the purposes and means of processing personal data.

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract: Processing necessary for the performance of a contract with you
  • Legitimate Interest: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms
  • Legal Obligation: Processing necessary to comply with our legal obligations
  • Consent: Processing based on your explicit consent

4. Your Rights Under GDPR

If you are in the EU or EEA, you have the following rights regarding your personal data:

  • Right to Access: You can request information about how we process your personal data and obtain a copy of that personal data.
  • Right to Rectification: You can request that we correct inaccurate or incomplete personal information about you.
  • Right to Erasure: You can request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You can object to our processing of your personal data in certain circumstances.
  • Right to Withdraw Consent: Where we process personal data based on consent, you have the right to withdraw that consent at any time.

5. Data Transfers Outside the EU/EEA

We may transfer your personal data to countries outside the EU/EEA. When we do so, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to protect your personal data.

6. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation. You can contact our DPO at dpo@iinvoiceapp.com.

7. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

9. How to Exercise Your Rights

To exercise any of the rights mentioned above, please contact us at privacy@iinvoiceapp.com. We will respond to your request within one month.

10. Complaints

If you are not satisfied with our response to your request or believe our processing of your personal data is not in compliance with data protection regulations, you have the right to lodge a complaint with the relevant supervisory authority in your country.