- EzzyBills collects the minimal amount of personal data from You, for the sole purpose of performing document processing services to You.
- EzzyBills collects Your personal data You provided when You registered and is committed to protecting the security of Your personal information.
- EzzyBills keep a copy of all document you submitted to EzzyBills for processing, for the purpose of tax office record keeping and EzzyBills internal record keeping.
- EzzyBills periodically obtain accounting data from your nominated accounting system, authorized by You for the connection with EzzyBills. Only relevant data will be obtained for the sole purpose of perform document processing services to You.
- EzzyBills may monitor Your invoice data processing, for the sole purpose of improving invoice processing accuracy for You.
- EzzyBills will not disclose Your personal information, document and accounting information to a third party unless You have provided Your explicit consent or compelled by the court orders.
- EzzyBills does not store Your payment card information.
Privacy Statements for Google Drive Access:
- EzzyBills extracts invoice data from the files in your Good Drive folder “EzzyBillsUpload” and exports them to Your accounting package that You have authorised EzzyBills to integrate with. Other than this, EzzyBills does not share any of Your google drive files and the information contained on the files with any other third party.
Privacy Statements for Gmail Email Access:
- EzzyBills extracts invoice data from your incoming emails. It then exports invoice data and these files to the accounting application that You have authorised EzzyBills to integrate with. Other than this, EzzyBills does not share any of Your emails or information contained in the emails with any other third party.
- EzzyBills’ use of information received, and EzzyBills’ transfer of information to any other applications, from Google APIs will adhere to Google’s Limited Use Requirements.
Privacy Statements for Office365 Email Access:
- EzzyBills extracts invoice data from your incoming emails. It then exports invoice data and these files to the accounting software that You have authorised EzzyBills to integrate with. Other than this, EzzyBills does not share any of Your emails or information contained in the emails with any other third party.
In 2012, the European Commission began a process to reform Europe’s existing data protection laws by proposing a new data protection regulation to replace the current Data Protection Directive. GDPR was agreed and adopted in 2016 and will take effect on 25 May 2018.
At EzzyBills, we take our responsibilities under GDPR seriously. That’s why our security and development teams have identified and implemented necessary changes to be compliant with GDPR. We have stringent procedures to key data subject rights, such as subject access requests and the right to request deletion.
The data privacy principles that EzzyBills have adopted from the inception, as detailed on this web page above, have positioned us correctly for the introduction of any data privacy initiatives such as GDPR. Here is a summary of the key features we have, including changes we have made recently for the GDPR compliance:
- Minimal collection of private information. The primary item of information that EzzyBills collects from users is an email address. This is collected at initial user sign-up. Subsequently, document, such as bills, sale invoices and receipts, are uploaded by users to EzzyBills for data extraction and processing. The extracted data, and/or a copy of the document are exported to the user’s accounting system. EzzyBills also obtains minimum user’s data from user’s accounting system, the connection to which is authorized by the user at the initial setup.
- Compliant use of private information. User email addresses are used only for communication with the user and not distributed or used in any other way. Document files are uploaded by the user for data processing and then exported to user’s accounting systems. Document files are stored by EzzyBills for the sole purchase purpose of complying with relevant tax office requirement of record keeping and the EzzyBills’ own record keeping. Data from the user’s accounting system are obtained for the sole purpose of exporting the correct invoice data to the accounting system or alerting the user for supplier item price rise. All user data are not distributed to any third party or used in any other way.
- Compliant storage of private information. Similar to many SaaS providers, we use a top-tier, third-party data hosting provider (Microsoft Azure web services) with servers located at Hong Kong, to host our online services. A copy of the document kept in EzzyBills in Microsoft Azure cloud storage at Hong Kong. Currently Microsoft complies with EU Privacy Shield. Find out more on Micorsoft’s compliance with GDPR.
- User access to data. EzzyBills users with a valid subscription have unrestricted access to their private data, including email address and stored document copies at any time, via EzzyBills online portal. The user can access the data EzzyBills obtained from the user’s accounting system via the user’s accounting system, with EzzyBills data lagging behind for the maximum of one week.
- Right to erasure. User email address, invoice document, and the user data from the user’s accounting system can be deleted by EzzyBills upon special request from the user. This will invalidate EzzyBills’s commitment to satisfy tax office’s requirement of record keeping for the past document processed.
- Right to restrict processing. EzzyBills has user Settings. In the Settings, a user can choose not to use certain services of EzzyBills to restrict processing of relevant data. When user subscription is expired, EzzyBills stops processing user data.
- Right to data portability. EzzyBills provides methods for users to obtain past document data in a user friendly, commonly used and machine readable format. The user then can freely transmit that data to another controller.
- Right to object. An EzzyBills user has the right to object the usage of user data. The consequence of that will be notified and explained to the user.
- User contracts and terms and conditions. The terms and conditions are available above, on EzzyBills’ website. Upon special request, a written contract can be provided to the user for signing.
- Breach notification. Breach notification will be sent to the member where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. EzzyBills will notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
Please note that this Private Policy contained in this page shall be same as those contained in our Terms & Conditions. In case of unintended differences, the most stringent ones shall be applied.