We appreciate your visit to our website and your interest in our company and services. Please make sure you read the following privacy statement carefully before you transmit any personal information to our website. Any consent clauses are highlighted in bold face.
The responsible authority in terms of data protection is Billomat GmbH & Co. KG, Burgschmietstraße 2-4, 90419 Nürnberg, Germany (hereinafter referred to as “Billomat”).1.3
Billomat’s imprint and the contact data can be found under https://www.billomat.com/en/imprint/
Personally Identifiable Data – This kind of data can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual (e.g. names, e-mail-addresses).2.2
Pseudonymous Data – The pseudonymous data identifies a holder, that is, one or more human beings who possess but do not disclose their true names (e.g. “user5623”).2.3
IP Address – An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in the Internet. We store the IP address only, if it is necessary to provide a service or if may be legally necessary.
We will collect, process and use personally identifiable data beyond the scope already permitted by law and without your required further consent only to the extent necessary for the conclusion and execution of a contractual relationship, performing requests or for billing purposes.3.2
To protect your personally identifiable data collected and processed by us from unauthorized access and abuse, we have put a number of technical, contractual and organizational security measures in place. These security measures are monitored on a regular basis and updated according to technical progress as necessary. Our staff is well informed about privacy rules and obliged to follow them.3.3
In principle, all customer data will be encrypted prior to transfer (Secure Socket Layers (“SSL”). Passwords are stored solely in encrypted form.
We collect and process your personal data within the scope of your registration. In particular, this involves storing your name, your address details, the data regarding your chosen payment option, your email address and your password. You can voluntarily enter additional personal data when you set up an extended customer account.4.2
You agree that we are permitted to record your IP address when you register and use our service. This is done to protect you and us from possible misuse.4.3
After terminating the contract, we will delete your data at the latest within 30 days after the contract expires (this period is technically prescribed by backup procedures).4.4
Your personal data are used for the following purposes:
We pass your data on to third parties where this is necessary for invoicing purposes (e.g. carrying out transactions or posting invoices) or for other reasons to enable us to fulfil our contractual obligations to you. Should such passing on not be clear to you, we will point it out to you.5.2
The contractual passing on of data includes their transmission within the scope of interfaces (also called “API”) between our service and other service providers. You decide on passing on such data yourself by using the interfaces and entering your data, electronic passwords or access codes for the respective services. The data protection regulations of other service providers will provide information about their data processing.5.3
We may have a creditworthiness verification (credit score) of our customers carried out by recognised credit agencies upon contract conclusion or for specific reasons (e.g. non-payment) on the basis of statistical mathematical procedures.5.4
Where an additional transfer of data to third parties becomes necessary, for example due to the employment of subcontractors, we will obtain your approval or conclude an agreement concerning order data processing with such third party. This means that the subcontractors must provide evidence of compliance with the legally prescribed data standards, may only process the data for the fulfilment of our order and we retain the control over the data.5.5
If you are our customer, you declare your agreement that we use the infrastructure service of MailGun Inc., 620 Folsom St, Ste 100, San Francisco, CA 94107, USA in order to send emails to you. This company has acceded to the Safe Harbour Agreement with the EU and undertakes to comply with the European data protection standards. Data protection information from MailGun: http://www.mailgun.com/public/privacy.5.6
Under no circumstances will we pass on your personal data to third parties for advertising, marketing or other purposes without authorisation.5.7
Newsletters and emails that are not service-related and contain advertisement will only be send to you, if you have given us your prior consent. You can object to the sending of these emails at any time.
Opt-out possibilities are included in each mail.6.2
You also give us the consent to store your IP addresses as part of the sign-up process. We are legally bound to record the log-on process so as to be able to verify that logging on is done in accordance with regulations.
During every visit of our websites, information about IP address, referring URL, date/time, browser version and operating system, amount and state of transferred data is stored in the web server log files.7.2
We use the log data without any other personal or pseudonymous profiling as required by law only for the purpose of the operation, security and optimization of our service.
You can connect Billomat to your Dropbox in order to import documents as purchase invoices from Dropbox to Billomat or to export documents from Billomat to Dropbox after their completion. If you connect Billomat to Dropbox, you agree to grant Billomat full access to your Dropbox. This means, in particular, that Billomat is allowed to read your folders and files on Dropbox, and to save files in your Dropbox. We only process your documents within your Billomat account. You are free to disconnect Billomat from Dropbox at any time and, thus, to delete the saved connection data. After the termination of your Billomat account, all documents and connection data will be automatically deleted.
You can connect Billomat to Google Drive in order to import documents as purchase invoices from Google Drive to Billomat or to export documents from Billomat to Google Drive after their completion. If you connect Billomat to Google Drive, you agree to grant Billomat reading access (scope: https://www.googleapis.com/auth/drive.readonly) to your Google Drive. This means, in particular, that Billomat is allowed to read your folders and files on Google Drive when reading in documents as purchase invoices. In addition, we require writing access (scope: https://www.googleapis.com/auth/drive.file) to Google Drive in case you want Billomat to export documents to Google Drive. We only process your documents within your Billomat account. You are free to disconnect Billomat from Google Drive at any time and, thus, to delete the saved connection data. After the termination of your Billomat account, all documents and connection data will be automatically deleted.
On our website billomat.com (which means not within our billing service) we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States . Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage. The IP-address, that your Browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.10.2
IP-anonymisation is activated on this website, so your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-anonymisation is active on this website.10.3
Facebook – Our online presence is using social plugins (“plugins”) from the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugins can be recognized by one of the Facebook logos. If you open a website that is part of our online presence, and which contains one of these plugins, your browser establishes a direct connection to the Facebook servers. The plugin’s content will be directly transmitted from Facebook to your browser which includes it in the website subsequently. For further information on the purpose and scope of the data collection, the subsequent processing and use of the data by Facebook as well as the corresponding rights and configuration options to protect your privacy, please consult Facebook’s data protection information: http://www.facebook.com/policy.php11.3
Twitter – Furthermore, we are using the so called Twitter “widgets” on our websites. By accessing these websites, a connection to the Twitter servers will be established. The Twitter servers are located in the US. When accessing a website with one of these Twitter “widgets”, Twitter receives information about your page view. This information generally includes your IP address, the browser type, the operating system and the address of the website, on which the “widget” can be found. Through the Twitter “widget”, a cookie will be stored in the browser of your terminal device. In regard to this cookie, Twitter can identify, in theory, which other websites you accessed, provided that a Twitter “widget” has also been implemented on these websites. According to its own statement, Twitter may use these data to make recommendations for matching users, provided you have a Twitter account. Twitter begins to delete the data after a period of maximum 10 days, according to its own information. The deletion will be completed after one week at the latest. If you have a Twitter account, you can proceed to further settings regarding the data processing in your account settings, if required. You will find further information regarding Twitter’s data protection notice here: http://twitter.com/privacy11.4
LinkedIn – In addition, we also use the plugins from the social network LinkedIn, which is operated by LinkedIn Inc. For further information on the purpose and scope of the data collection, the subsequent processing and use of the data by LinkedIn as well as the corresponding rights and configuration options to protect your privacy, please consult the LinkedIn’s data protection notice. If you are a LinkedIn member and you don’t want LinkedIn to collect data about you throughout our websites in order to link them to your membership data on LinkedIn, please log out from LinkedIn first, before you visit our websites.
On our website billomat.com (which means not within our billing service) we use the following statistics and analytics services:12.2
Google AdWords – We use Google AdWords Remarketing and its conversion tracking tool in order to measure the conversion of our Google AdWords ads. The cookie will be set if you click a Googe AdWords ad. These cookies will be stored for 30 days. They tell us and Google only that the ad was clicked and that it led you to our website. It will not collect any personally identifiable information on you. If you want to opt out from Googles Ad tracking, you may use your browser settings or the opt-out options provided by Google: http://www.google.com/policies/technologies/ads/12.3
Bing ads – Our online services also use the conversion tracking by Mircosoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). During the process, a cookie will be installed on your computer by Microsoft Bing Ads, provided you have accessed our website through a Microsoft Bing ad. This way, Microsoft Bing and we can trace back if somebody clicked on the ad, has been redirected to our website and reached a landing page (conversion page) beforehand. We can only retrace the total amount of users, who clicked on a Bing ad and who were redirected to the conversion page. No personal information about the user’s identity will be communicated. If you don’t want to participate in the tracking process, you can refuse the required installation of cookies, for example, in your browser settings, which generally deactivate the automatic installation of cookies. For further information, please read the Microsoft data protection notice.
In compliance with legal requirements we will at any time provide you with information on your personally identifiable data stored by us, free of charge and without undue delay.13.2
Upon considerable amendments and if your consent is needed, we will contact you.