Privacy & Security Policy

This Privacy & Security Policy describes Our policies and procedures on the collection, use and disclosure of processing and protection of Your personal data when You use this website & associated applications in the domain “dddinvoices.com”. The use of this website by the user implies their acceptance of this Privacy & Security Policy.

We use Your Personal data to provide and improve the Service. By using the Service and providing the data or documents into the Service, You agree to the collection and use of data, information & documents in accordance with this Privacy & Security Policy.

Interpretation & Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Data privacy & Security in general

DDD Invoices implements essential safeguards to ensure the protection, integrity, and privacy of data, concerning the processing of personal data and its free circulation, as well as other relevant legislation. All servers and data storage are located inside the EU.

Personal data essential for the administration and upkeep of certain services, which this Privacy & Security Policy oversees, are collected and processed through registration forms on this website, usage of available APIs, or through email communication.

DDD Invoices guarantees that the data & documents generated in the DDD Invoices services by its users, and the data associated with them will be stored & will be processed only for the purpose of providing the Service.

The User holds ownership of the data & documents mentioned in this section and is thus responsible for adhering to the legal requirements related to it, as well as any outcomes resulting from the data & documents processing that DDD Invoices performs as a Service Provider based on the agreed services.

DDD Invoices guarantees that its actions will seek the protection of the rights of the interested party. DDD Invoices, as the entity responsible for processing, commits to using the personal data only for carrying out the services and objectives agreed upon.

Additionally, DDD Invoices pledges to maintain confidentiality concerning these data, even after the termination of the contractual relationship.

In the case of an audit, DDD Invoices will provide the controller with all necessary information to demonstrate adherence to the obligations and to facilitate and support the conduct of audits, including inspections, by the controller or an auditor designated by the controller.

The audit will focus solely on aspects of the services provided to the controller, covering any type of data and files, measures to ensure the confidentiality of information, data, records, procedural manuals, quality, service levels, etc. For such audits, the controller is required to inform the processor at least three months prior to the intended audit date, with the exact dates to be mutually agreed upon. In this situation, DDD Invoices may transfer the related costs to the controller, which must be prepaid.

If any shortcomings are identified during an audit or inspection, DDD Invoices commits to correcting them within the timeframe set by the controller.

The User have the right to access, correct, object to, and erase their data, along with any other rights conferred by data protection laws, which they can exercise before the controller.

The DDD Invoices will retain personal data accessed during the provision of services, along with any related documents, only for the duration of the service provision or as long as required by law.

After completing the data processing on behalf of the controller, DDD Invoices will either return or destroy the personal data, unless retention of the data is mandated by European Union or Member State law applicable to the processor.

Collecting and Using Your Personal Data

Personal Data

While using Our Service, like creating or modifying an account, registering to use our Service, purchasing products, requesting information, communicating with customer service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but are not limited to:

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser

We use both Session and Persistent Cookies for the purposes set out below:

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain our Service, including to monitor the usage of our Service.

To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.

To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

To provide You with news and general information about our Service and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.

To manage Your requests: To attend and manage Your requests to Us.

For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

Similarly, your data may be processed based on the legitimate interest in promoting our services and enhancing our brand visibility through marketing efforts, as long as this interest does not override your interests or fundamental rights and freedoms that necessitate the protection of personal data.

The Company may share Personal Data for the following purposes:

Coordination with external Services: DDD Invoices might process user data to enable connections to applications that integrate with the service, including the automated and/or direct transfer of documents from the platform to third-party applications.

For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.

With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy & Security Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.

Furthermore, access to these personal data will be granted exclusively to third parties with whom DDD Invoices has a legal or contractual obligation to share such information. This includes entities such as the Ombudsman and the judiciary, specifically judges and courts involved in proceedings related to the complaints filed.

With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Under no circumstances will DDD Invoices use the personal data of individuals for purposes that are either different from or incompatible with those specified above. The company commits to upholding professional confidentiality and implementing the necessary technical and organizational measures to protect the information supplied by its users.

Security of the Service

Access to our application servers is exclusively through HTTPS. We employ standard encryption techniques to protect data as it moves to and from the application servers.

DDD Invoices employs contemporary web frameworks and adheres to their recommended security practices. We actively monitor for vulnerabilities and promptly apply security patches to all systems we utilize.

We provide SAML SSO authentication for users and we support multiple users with different roles to restrict access to sensitive data.

Utilizing data platforms like Contabo & Dediserve enhances security measures which significantly mitigate common network security threats within the infrastructure which include:

Data retention (data stored)

We secure our data through multiple methods. We store our data on multiple secured data centers, with the majority of data being stored on the infrastructure of the Contabo and Dediserve provider, who offer, apart from their own protection mechanisms, physical security also ISO 27001, ISO 9001 or local equivalent protection measurements. For more information about that visit: https://www.dediserve.com/terms-of-service and https://contabo.com/en/legal/terms-and-conditions.

All data centers are located in the EU.

The most important financial data fields are encrypted (for example, the balance on our service's account) or some specific data that would be needed. In addition to that, unauthorized DDD Invoices employees do not have any physical access to our production environment.

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy & Security Policy or legally required. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Data

Our service uses only HTTPS, for which we use the latest TLS 1.2 and TLS 1.3 protocols with at least AES-256 encryption and sometimes higher. That means that transmission over the Internet between us and other parties, is always encrypted on the highest possible level.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy & Security Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy & Security Policy

We may update Our Privacy & Security Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Responsible Disclosure

This marks the completion of the revised privacy policy for DDD Invoices d.o.o., based in Ljubljana, Slovenia, tailored to align with the company’s activities, registered office, and compliance requirements under relevant EU and Slovenian regulations. We value the contributions of security researchers who engage in responsible disclosure. If you identify a security vulnerability, please reach out to us at [email protected] with the details.

We prioritize these reports highly and will respond promptly. Rest assured, we do not pursue legal action against individuals who report security issues to DDD Invoices in good faith and refrain from exploiting those vulnerabilities maliciously.

This completes the privacy policy modification for DDD Invoices d.o.o., tailored to the specifics of the company's registered office, activities, and compliance requirements under the relevant EU and Slovenian regulations.