InvoiceNow

GDPR Compliance

Last Updated: April 11, 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. At Invoice Now, we are committed to ensuring that our services comply with GDPR requirements and that we protect the privacy rights of our users.

2. Our Commitment to GDPR Compliance

Invoice Now is dedicated to GDPR compliance across our services. We have implemented technical and organizational measures to ensure that data protection is integrated into our business activities. This includes:

  • Conducting regular data protection impact assessments
  • Implementing privacy by design and default in our services
  • Maintaining records of our data processing activities
  • Training our staff on data protection and privacy matters
  • Appointing a Data Protection Officer to oversee our compliance efforts

3. Legal Basis for Processing

Under GDPR, we process personal data on the following legal bases:

  • Contractual Necessity: Processing necessary for the performance of our contract with you
  • Legitimate Interests: Processing necessary for our legitimate interests, provided these interests don't override your fundamental rights and freedoms
  • Legal Obligation: Processing necessary for compliance with a legal obligation
  • Consent: Processing based on your specific, informed, and unambiguous consent

4. Your Rights Under GDPR

The GDPR provides you with several rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you
  • Right to Rectification: You can request that we correct any inaccurate or incomplete personal data
  • Right to Erasure: You can request that we delete your personal data in certain circumstances
  • Right to Restrict Processing: You can request that we limit how we use your personal data
  • Right to Data Portability: You can request a copy of your personal data in a machine-readable format
  • Right to Object: You can object to our processing of your personal data in certain circumstances
  • Rights Related to Automated Decision Making: You can request human intervention in automated decisions that significantly affect you

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided below.

5. Data Processing Information

Invoice Now processes the following categories of personal data:

  • Account Information: Name, email address, password (encrypted), and account preferences
  • Business Information: Company name, address, VAT/tax ID numbers, and business contact details
  • Client Information: Client names, addresses, contact details, and payment information
  • Invoice and Financial Data: Invoice details, payment records, and transaction history
  • Usage Data: Information about how you use our services, including IP address, browser type, and device information

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Different types of personal data may be kept for different periods:

  • Account Information: Retained while your account is active and for a period after account closure to comply with legal obligations
  • Business and Client Information: Retained as long as necessary for business and legal purposes
  • Financial Data: Retained for the period required by applicable tax and accounting laws (typically 7-10 years)
  • Usage Data: Retained for a shorter period (typically 12-24 months) for analytics and service improvement

7. International Data Transfers

Invoice Now may transfer personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your data:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules for transfers within a corporate group
  • Compliance with approved certification mechanisms or codes of conduct
  • Transfers to countries with an adequacy decision from the European Commission

8. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data during transmission and at rest
  • Regular testing and evaluation of security measures
  • Ability to restore access to personal data in the event of a technical incident
  • Regular security audits and vulnerability assessments
  • Access controls and authentication procedures

9. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

10. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing our GDPR compliance. You can contact our DPO with any questions, concerns, or requests regarding your personal data:

Email: dpo@goinvoicenow.com
Postal Address:
Data Protection Officer
Invoice Now
123 Business Street
Anytown, ST 12345
United States

11. Supervisory Authority

If you are located in the European Union or EEA and believe that we have not adequately resolved your data protection concerns, you have the right to lodge a complaint with your local data protection authority.

12. Changes to This GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time. We will notify you of any changes by posting the new statement on this page and updating the "Last Updated" date.

13. Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact us at:

Email: privacy@goinvoicenow.com
Invoice Now
123 Business Street
Anytown, ST 12345
United States