This policy was last updated as at May 8th, 2019
The short version
We only collect the information you choose to give us, and we process it with your consent, or on another legal basis; we only require the minimum amount of personal information that is necessary to fulfill the purpose of your interaction with us; we don’t sell it to third parties; and we only use it as this Privacy Statement describes. If you’re visiting us from the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), please see our global privacy practices below and we are compliant with the General Data Protection Regulation (GDPR). No matter where you are, where you live, or what your citizenship is, we provide a high standard of privacy protection to all our users around the world, regardless of their country of origin or location.
Of course, the short version doesn’t tell you everything, so please read on for more details!
D-EFFCON Privacy Statement
What information we collect and why
Categories of personal information
“User Personal Information” is any personal information about one of our users which could, alone or together with other information, personally identify them. Information such as a user name and password, an email address, a real name, and a photograph are examples of “User Personal Information.” User Personal Information includes Personal Data as defined in the General Data Protection Regulation.
“Technical Information” may include information we collect from website browsers, such as web server logs, or other log information, such as User session or activity logs. Technical Information may be connected to User Personal Information such as a username or an email address, or to other potentially personally-identifying information like Internet Protocol (IP) addresses.
User Personal Information does not include aggregated, non-personally identifying information. We may use aggregated, non-personally identifying information to operate, analyze, improve, and optimize our website and service.
Information from users with accounts
If you create an account, we require some basic information at the time of account creation. You will create your own user name and password, and we will ask you for a valid email address, your first name and last name. You may also have the option to give us more information if you want to, and this may include “User Personal Information.”
Information from website browsers
If you’re just browsing the website, we collect the same basic information that most websites collect. We use common internet technologies, such as cookies and web server logs, to collect Technical Information. This is stuff we collect from everybody, whether they have an account or not.
The information we collect about all visitors to our website includes the visitor’s browser type, language preference, referring site, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.
Information we collect from third parties
From time to time, D-EFFCON receives personal information about individuals from third parties. This may happen if you receive information about Invoice Away from one of our referral partners.
Why we collect this information
- We need your User Personal Information to create your account, and to provide the services you request and/or to respond to support requests.
- We use your User Personal Information, specifically your email address, to identify you on Invoice Away.
- We will use your email address to communicate with you, only if you have registered as a user with us or sent us a message via our contact form or email.
- We collect Technical Information to better understand how our website visitors use Invoice Away, and to monitor and protect the security of the website.
- We collect personal information from third parties for the purposes for which it was authorized to be collected. For example, you may authorize D-EFFCON to contact you for marketing purposes via a third party’s platform. If we need to use your personal information for other purposes, we will ask your permission first.
- We use your User Personal Information and Technical Information for internal purposes, such as to maintain logs for security reasons, for training purposes, and for legal documentation and compliance.
- We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have in your user profile.
Our legal basis for processing information
Under certain international laws (including GDPR), D-EFFCON is required to notify you about the legal basis on which we process User Personal Information. D-EFFCON processes User Personal Information on the following legal bases:
- When you create an Invoice Away account, you provide your first name, last name, and an email address. We require those data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract. We also process your name and email address on other bases. D-EFFCON does not collect or process a credit card number, but our third-party payment processor does.
- Generally, the remainder of the processing of personal information we perform is necessary for the purposes of our legitimate interests. For example, for legal compliance purposes or to maintain ongoing confidentiality, integrity, availability and resilience of Invoice Away’s systems, website, and service, we must keep logs of Technical Information; and, in order to respond to legal process, we are required to keep records of users who have sent and received DMCA takedown notices.
- If you would like to request erasure of data we process on the basis of consent or object to our processing of personal information, please contact us at firstname.lastname@example.org
What information Invoice Away does not collect
We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health information, or religious information. Although Invoice Away does not request or intentionally collect any sensitive personal information, we realize that you might store this kind of information in your account. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.
If you’re a child under the age of 13, you may not have an account on Invoice Away. D-EFFCON does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will unfortunately have to close your account.
Please see our Terms of Service for information about account termination. Other countries may have different minimum age limits, and if you are below the minimum age for providing consent for data collection in your country, you may not use Invoice Away without obtaining your parents’ or legal guardians’ consent.
How we share the information we collect
We do share User Personal Information with your permission, so we can perform services you have requested or communicate on your behalf.
We do not share, sell, rent, or trade User Personal Information with third parties for their commercial purposes, except where you have specifically told us to.
We do not host advertising on Invoice Away. We may occasionally embed content from third party sites, such as YouTube, and that content may include ads. While we try to minimize the amount of ads our embedded content contains, we can’t always control what third parties show.
We do not disclose User Personal Information outside D-EFFCON, except where required by law enforcement.
We do share User Personal Information with a limited number of third party vendors who process it on our behalf to provide or improve our service, and who have agreed to privacy restrictions similar to our own Privacy Statement by signing data protection agreements. Our vendors perform services such as payment processing, customer support ticketing, network data transmission, and other similar services.
We may share User Personal Information if we are involved in a merger, sale, or acquisition. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we have made in our Privacy Statement or in our Terms of Service.
How you can access and control the information we collect
If you’re already a Invoice Away user, you may access, update, or alter your basic user profile information by editing your user profile or contacting us at email@example.com.
If D-EFFCON processes information about you and you do not have an account, such as information D-EFFCON receives from third parties, then you may access, update, alter, delete, or object to the processing of your personal information by contacting us at firstname.lastname@example.org.
Data retention and deletion of data
Generally, D-EFFCON will retain User Personal Information for as long as your account is active or as needed to provide you services.
We may retain certain User Personal Information indefinitely, unless you request its deletion. For example, we don’t automatically delete inactive user accounts, so unless you request us to delete your account, we will retain your account information indefinitely.
We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days. You may contact us at email@example.com to request the erasure of the data we process on the basis of consent within 30 days.
Tracking and analytics
We use a number of third party analytics and service providers to help us evaluate our users’ use of Invoice Away; compile statistical reports on activity; and improve our content and website performance. We only use these third party analytics providers on certain areas of our website, and all of them have signed data protection agreements with us that limit the type of personal information they can collect and the purpose for which they can process the information. In addition, we use our own internal analytics software to provide features and improve our content and performance.
Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. D-EFFCON responds to browser DNT signals and follows the W3C standard for responding to DNT signals. If you have not enabled DNT on a browser that supports it, cookies on some parts of our website will track your online browsing activity on other online services over time, though we do not permit third parties other than our analytics and service providers to track Invoice Away users’ activity over time on Invoice Away.
How D-EFFCON secures your information
D-EFFCON takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.
In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected users without undue delay.
D-EFFCON’s global privacy practices
We store and process the information that we collect in Australia in accordance with this Privacy Statement (our subprocessors may store and process data outside of Australia). However, we understand that we have users from different countries and regions with different privacy expectations, and we try to meet those needs even when Australia does not have the same privacy framework as other countries’.
We work to provide a high standard of privacy protection — as described in this Privacy Statement — to all our users around the world, regardless of their country of origin or location.
Cross-border data transfers
For cross-border data transfers from the EU, the European Economic Area (EEA), and UK, D-EFFCON adheres to the Privacy Shield Framework.
How we, and others, communicate with you
We will use your email address to communicate with you, only if you have registered as a user with us or sent us a message via our contact form or email.
D-EFFCON may occasionally send notification emails about new features, requests for feedback, important policy changes, or offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There’s an unsubscribe link located at the bottom of each of the marketing emails we send you. Please note that you can not opt out of receiving important communications from us, such as emails from our Support team or system emails.
Our emails might contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.
If you have concerns about the way D-EFFCON is handling your User Personal Information, please let us know immediately. We want to help. You may contact us by sending us a message at firstname.lastname@example.org. We will respond promptly — within 45 days at the latest.
Under certain limited circumstances, EU, EEA, and UK individuals may invoke binding Privacy Shield arbitration as a last resort if all other forms of dispute resolution have been unsuccessful. To learn more about this method of resolution and its availability to you, please read more about Privacy Shield. Arbitration is not mandatory; it is a tool you can use if you choose to.
Changes to our Privacy Statement