Protection of your data
This Policy explains how HD Office S.R.L. ("we", "InvoX") processes personal data of users and their contacts in the context of the InvoX application and our services.
Important
This document is provided for informational purposes and does not constitute legal advice. For situations specific to your business, please have this text validated by your advisor/lawyer.
Table of Contents
Navigate quickly to the sections that interest you
1. Who we are
Data Controller
InvoX
Our roles
For your account data, billing, activity in the application
For data you process concerning your clients and projects
2. What data we collect
Types of data processed according to your use of InvoX
Identification data
Name, first name, position, company name, CBE/VAT, address, email, phone
Account data
Identifier, language, roles/permissions, connection and activity logs
Operational data
Projects, teams, hours worked, time tracking, check-in/check-out, real-time presence
Transactional data
Quotes, invoices, opening status, dates/deadlines, payments
Communication data
PEPPOL identifiers, delivery path, email status, postal sending proofs
Technical data
IP address, device/browser type, cookies/similar technologies
Enhanced protection
We do not knowingly request or process special categories of data (health data, etc.) or data from minors. By default, we do not collect GPS coordinates unless this feature is explicitly activated.
3. Purposes and legal bases
Why and on what legal basis we process your data
Provision of InvoX services
Account creation, project management, time tracking, quotes, billing, reports
Delivery and proof of delivery of invoices
Support & Security
Customer support, operational communications and security
Legal compliance
Retention of tax documents and accounting
4. Data recipients
With whom we share your data, only when necessary
IT providers
Hosting, cloud, email, monitoring, backup
PEPPOL Network
Access Point Provider for compliant invoice delivery
Postal service providers
For registered letters
Public authorities
When required by law
What we never do
We never sell or rent your data to third parties.
5. Transfers outside EU/EEA
Protection of your data even internationally
Principle: Storage in EU/EEA
In principle, we store and process data in the European Union and European Economic Area.
Appropriate safeguards
In case of transfer to countries without adequacy decision, we apply appropriate safeguards:
7. Security
Technical and organizational protection measures
Encryption
Encryption in transit and at rest to protect your data at every step
Access control
Role-based access control to limit access to sensitive data
Monitoring
Logging and security alerts to detect suspicious activities
Backups
Regular backups and recovery tests to ensure continuity
6. Data retention
Retention periods according to data type
Account data
For proof/defense of interests
Tax documents
According to applicable tax legislation
Technical logs
Extendable in case of investigation
Time tracking/presence
Unless contrary legal requirement
Marketing
Of consent or opt-out
Secure deletion
At expiration, data is securely deleted or anonymized, in accordance with security best practices.
8. Your rights (art. 15–22 GDPR)
You have the following rights, within legal limits
Access
Access to your data
Rectification
Rectification of inaccurate data
Erasure
Erasure ("right to be forgotten")
Restriction
Restriction of processing
Portability
Data portability
Objection
Objection to processing
Withdrawal
Withdrawal of consent
Automated decision
Protection against automated decisions
How to exercise your rights
To exercise your rights, write to us at rgpd@invox.be. We will respond within legal deadlines.
Right to complaint
You also have the right to lodge a complaint with the supervisory authority of your country.
10. Minors
Special protection of minors' data
Services not intended for minors
Our services are not intended for minors. We do not knowingly collect data concerning persons under 18 years of age.
11. Policy updates
How we inform you of changes
Possible evolutions
We may update this Policy to reflect legal or operational developments.
Substantial modifications
In case of substantial modifications, we will notify you through appropriate channels (email, in-app notification, etc.).
Annex – InvoX Specificities
Document delivery and traceability
PEPPOL
We use the PEPPOL network to transmit invoices in accordance with legal requirements, with complete event traceability.
Automatic reminder
Proofs
We keep proofs of sending/receipt/opening for compliance, proof and customer support purposes, for the periods indicated in this policy.
Contact
For any question, right or request relating to data protection
Our data protection team will respond to you as soon as possible