Effective May 25, 2018 What is the GDPR?

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects, regardless of that company’s location.

You may read the full list of GDPR regulations here: https://gdpr-info.eu/

Key issues of User Data & PII

  • User consent to collect & process data
  • User right to access of their data
  • User right of data portability
  • User right to delete/purge data/ be forgotten
  • User right to restrict or object data use

Types of data that GDPR protects

  • Basic identity information such as name, address and ID numbers (collected by Invoice Ninja)
  • Web data such as location, IP address, cookie data and RFID tags (collected by Invoice Ninja)
  • Health and genetic data (not collected by Invoice Ninja)
  • Biometric data (not collected by Invoice Ninja)
  • Racial or ethnic data (not collected by Invoice Ninja)
  • Political opinions (not collected by Invoice Ninja)
  • Sexual orientation (not collected by Invoice Ninja)

PII Data Invoice Ninja Collects

  • Main Account User Name
  • Main Account User Email
  • Company Name (optional)
  • Company Website URL (optional)
  • Company ID # (optional)
  • Company VAT # (optional)
  • Company Phone Number (optional)
  • Company Mailing Address (optional)
  • Account Sub-Users Names & Emails (optional)
  • Company Size (optional)
  • Company Industry (optional)
  • Geo location based on IP address
  • Billing Information; last 4 digits of credit card & expiration date, billing address (paid accounts only)

Third Party Vendors & Data Access

Like the Data Protection Directive that is presently in effect, GDPR includes provisions on international data transfer mechanisms. In order to comply with these provisions we have certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, a mechanism that had been approved for cross border transfer of personal data under the Directive and expected to apply under GDPR as well.

GDPR Requires that Invoice Ninja disclose 3rd party vendors which interact with your data. In order to operate the Invoice Ninja system, the following parties receive partial data that you provide, as outlined in the Invoice Ninja ‘Terms of Service’: 

Right to Rectification:

You May Access Your Account at any time to Remove/Rectify Data

  • Main Account User Name
  • Main Account User Email
  • Company Name (optional)
  • Company Website URL (optional)
  • Company ID # (optional)
  • Company VAT # (optional)
  • Company Phone Number (optional)
  • Company Mailing Address (optional)
  • Account Sub-Users Names & Emails (optional)
  • Company Size (optional)
  • Company Industry (optional)
  • Geo location based on IP address
  • Billing Information; last 4 digits of credit card & expiration date, billing address (paid accounts only) 

Right of Portability

You May Access Your Account at any time to Export Data

You are able to export your data in a variety of formats and variables*. When logged in to your account: https://app.invoiceninja.com/settings/import_export

(1) Click “Settings”

(2) Click “Import/Export

(3) Select the format in which you wish to export your data: CSV/XLS/JSON

*You are able to export ALL your data, or export data selectively:

  • Clients
  • Contacts
  • Credits
  • Tasks
  • Invoices
  • Quotes
  • Recurring
  • Payments
  • Products
  • Expenses
  • Vendors
  • Vendor Contacts

Right of Portability

You May Access Your Account at any time to Export Documents (Enterprise Plans)

If you are an “Enterprise” level account, you also have the ability to upload documents to invoices, quotations, and proposals.

You can export all your documents in a zip folder as follows:

(1) Navigate to “reports” https://app.invoiceninja.com/reports

(2) Under “Type” select “Document” & a date range according to when the documents were added.

(4) Select “ZIP – Documents” in order to download all documents in their original file type, together within a Zip folder.

(5) Click “Run” to view a list of all the documents in your account.

(6) If everything looks accurate, click “Export” and a Zip folder will download. 

Right of Restriction

You May Access Your Account at any time to Erase/Delete/Purge Data

The below three methods of data purge are final, total, and irreversible.

(1) Account deletion: Login to your account, click “settings.” Next click “Account Management. Here you have the option to “Delete Company.” This will purge all account & company data. 

(2) Company data purge (cancellation & deletion): If you have more than 1 company created in your account, you will need to first delete each individual company, before purging &/or deleting your main account.  Login to your account, click “settings.” Next click “Account Management. Here you have the option to “Purge Data.” This will purge all account data, but your account login will remain active.

(3) Individual client data purge: If you wish to permanently remove client data from your account (all contact info, invoices, quotes, payments, proposals, and projects), this is done from within the individual client view page. Click on the dropdown menu from “Edit Client” and select “Purge Client.” All contact info, invoices, quotes, payments, proposals, projects will be permanently and irreversibly purged from your account.

Right to Object

Invoice Ninja does not use your data for any 3rd party marketing, retargeting, profiling, or similar application.

Contact

Users with questions regarding GDPR Compliance, account data use, or questions on any data use matter, should contact: [email protected] or [email protected]