Compliance
GDPR Compliance
What is the GDPR?
The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects, regardless of that company’s location.
You may read the full list of GDPR regulations here: https://gdpr-info.eu/
Key issues of User Data & PII
- User consent to collect & process data
- User right to access of their data
- User right of data portability
- User right to delete/purge data/ be forgotten
- User right to restrict or object data use
Types of data that GDPR protects
- Basic identity information such as name, address and ID numbers (collected by Invoice Ninja)
- Web data such as location, IP address, cookie data and RFID tags (collected by Invoice Ninja)
- Health and genetic data (not collected by Invoice Ninja)
- Biometric data (not collected by Invoice Ninja)
- Racial or ethnic data (not collected by Invoice Ninja)
- Political opinions (not collected by Invoice Ninja)
- Sexual orientation (not collected by Invoice Ninja)
PII Data Invoice Ninja Collects
- Main Account User Name
- Main Account User Email
- Company Name (optional)
- Company Website URL (optional)
- Company ID # (optional)
- Company VAT # (optional)
- Company Phone Number (optional)
- Company Mailing Address (optional)
- Account Sub-Users Names & Emails (optional)
- Company Size (optional)
- Company Industry (optional)
- Geo location based on IP address
- Billing Information; last 4 digits of credit card & expiration date, billing address (paid accounts only)
Third Party Vendors & Data Access
GDPR Requires that Invoice Ninja disclose 3rd party vendors which interact with your data. In order to operate the Invoice Ninja system, the following parties receive partial data that you provide, as outlined in the Invoice Ninja ‘Terms of Service’:
Right to Rectification:
You May Access Your Account at any time to Remove/Rectify Data
- Main Account User Name
- Main Account User Email
- Company Name (optional)
- Company Website URL (optional)
- Company ID # (optional)
- Company VAT # (optional)
- Company Phone Number (optional)
- Company Mailing Address (optional)
- Account Sub-Users Names & Emails (optional)
- Company Size (optional)
- Company Industry (optional)
- Geo location based on IP address
- Billing Information; last 4 digits of credit card & expiration date, billing address (paid accounts only)
Right of Portability
You May Access Your Account at any time to Export Data
You are able to export your data in a variety of formats and variables*. When logged in to your account: https://app.invoiceninja.com/settings/import_export
(1) Click “Settings”
(2) Click “Import/Export
(3) Select the format in which you wish to export your data: CSV/XLS/JSON
*You are able to export ALL your data, or export data selectively:
- Clients
- Contacts
- Credits
- Tasks
- Invoices
- Quotes
- Recurring
- Payments
- Products
- Expenses
- Vendors
- Vendor Contacts
Right of Portability
You May Access Your Account at any time to Export Documents (Enterprise Plans)
If you are an “Enterprise” level account, you also have the ability to upload documents to invoices, quotations, and proposals.
You can export all your documents in a zip folder as follows:
(1) Navigate to “reports” https://app.invoiceninja.com/reports
(2) Under “Type” select “Document” & a date range according to when the documents were added.
(4) Select “ZIP – Documents” in order to download all documents in their original file type, together within a Zip folder.
(5) Click “Run” to view a list of all the documents in your account.
(6) If everything looks accurate, click “Export” and a Zip folder will download.
Right of Restriction
You May Access Your Account at any time to Erase/Delete/Purge Data
The below three methods of data purge are final, total, and irreversible.
(1) Account deletion: Login to your account, click “settings.” Next click “Account Management. Here you have the option to “Delete Company.” This will purge all account & company data.
(2) Company data purge (cancellation & deletion): If you have more than 1 company created in your account, you will need to first delete each individual company, before purging &/or deleting your main account. Login to your account, click “settings.” Next click “Account Management. Here you have the option to “Purge Data.” This will purge all account data, but your account login will remain active.
(3) Individual client data purge: If you wish to permanently remove client data from your account (all contact info, invoices, quotes, payments, proposals, and projects), this is done from within the individual client view page. Click on the dropdown menu from “Edit Client” and select “Purge Client.” All contact info, invoices, quotes, payments, proposals, projects will be permanently and irreversibly purged from your account.
Right to Object
Invoice Ninja does not use your data for any 3rd party marketing, retargeting, profiling, or similar application.
Contact
Users with questions regarding GDPR Compliance, account data use, or questions on any data use matter, should contact: compliance@invoiceninja.com or legal@invoiceninja.com