Privacy Policy

Privacy Policy of Invoicery UK

The privacy of our employees and our customers has always been important to us. We want you as a registered user to feel that your personal information is handled safely. The aim of this document is to inform you about how we collect and process your personal data, for what purposes we collect data, and for how long data is saved. We also want to inform you about your rights and how to exercise them.

Personal data controller

Invoicery (hereinafter “Invoicery”, “we”), UK corporate identity number, 11154985 is the controller of the personal data processed within the company. Invoicery determines the purpose of the processing and the way in which processing is conducted.

Contact information of the personal data controller and the data protection officer can be found at the end of this privacy policy.

What is personal data, and what does the processing of personal data imply?

Personal data refers to any information that directly or indirectly relates to a living individual. Examples of personal data are names, social security numbers, email addresses, phone numbers, pictures and IP numbers. Processing of personal data refers to any operations performed on personal data, such as collection, registration, storage, transfer and deletion.

What personal data do we process?

Invoicery processes many different personal data, the type of which depends on the nature of our relationship.

Umbrella workers:

If you are an umbrella worker or employee with Invoicery, i. e. if you are using our services for invoicing without having your own company, or you are an employee or worker through one of our business to business clients, we process the personal data that is traditionally processed in the context of employment. This includes, for example, name, NI number, address, email address, phone number, bank details, expense receipts, training certificates and correspondence. The processing is necessary in order to enable us to employ or payroll you and exercise our legal obligations as an employer, in order to fulfil the contract with the end customer who made use of your services, in order to manage client support matters regarding you and your customer (customer service), in order to fulfil our legal obligations towards different authorities and in order to market our services to you.

Customers and suppliers:

If you are our customer because one of our umbrella workers has performed a task for you, or if you are one of our suppliers, we will, for example, process your name, social security number, address, email address, telephone number and correspondence. We process these personal data in order to fulfil our contract with you, in order to fulfil our legal obligations, and in order to be able to assert our legal interests and the legal interests of our umbrella workers and employees.

How and from which sources is the data collected?

We collect data when you register on our website and create an invoice. We collect the information that you enter into the system yourself or on any requested forms or documents. That can be, for example, your name, social security number, address, email address and professional title. If you are working through one of our contract customers, we may collect the corresponding information directly from the customer. As our employment or worker relationship continues, additional information about you will be generated in our system, such as your salary specifications, your employment number and your control details. We also collect information about you when you contact us regarding matters relating to your work with us, such as your correspondence, sick notes, training certificates, etc.

In addition to the information you provide us with, or that we collect when you use our services or communicate with us, we may also collect information from a so-called third party. The data we collect from third parties are, for example, credit information from credit rating agencies and address data from public records.

We also collect your information by using cookies on our websites.

What do we use the data for?

A corresponding current legislation, a so-called legal basis, is required in order to allow us to process your personal information. For our processing of personal data to be legal, at least one of the following requirements needs to be met:

The processing is necessary in order for us to fulfil the contract we have entered into with you.

The processing is necessary in order for us to fulfil a legal obligation.

The processing is necessary to meet the legitimate interests of Invoicery, and your interest in privacy protection does not override ours (a so-called “balance of interests”).

Please find below a summary of the purposes for which we process your personal data, as well as the legal basis for processing.

Purpose

To offer our services to enable individuals to invoice without having their own company.

Categories of personal data

Name, social security number, address, email address, telephone number, employment number, bank details, job title, credit information, training certificates, certificate of eligibility, salary details, allowances/expenses, pension information, insurance information, sick leave, working hours, correspondence, photo and other information that are traditionally relevant in an employer-employee relationship.

Examples of processing

Identification.

Credit information to investigate whether we can grant the worker and/or the customer credit by paying out salaries in advance.

Verification of professional qualifications and ensuring that there is adequate insurance coverage.

Payment and administration of salary, allowances, compensation for expenses, distraint.

Legal basis: Compliance with contractual and legal obligations.

Processing is necessary for us to be able to enter into and fulfil our contract with the worker and manage the administration related thereto. In addition, the processing is necessary for us to fulfil our legal obligations as an employer (where applicable) towards the worker and third parties.

Purpose

To be able to fulfil the contract with our customer regarding the task that the worker carries out.

Categories of personal data

Name, address, email address, telephone number, social security number, organisation number, correspondence, invoice information, contract information, property name.

Examples of processing

Setting up and signing of service contracts.

Administration and distribution of invoices to customer for completed tasks.

Legal basis: Fulfilment of contracts.

The processing is necessary in order for us to enter into and fulfil our contractual obligations with our customer.

Purpose

To be able to fulfil our legal obligations.

Categories of personal data

Name, address, email address, social security number, employment number, salary details, allowances/expenses, pension information, insurance information, sick leave, working hours, and other information that are traditionally relevant in an employer-employee relationship.

Examples of processing

Tax accounting and reporting, employers’ fees, VAT, etc.

Reporting of working hours to HMRC.

Issuance of employer statement.

Legal basis: Legal obligation.

The processing is necessary in order for us to fulfil our legal obligations under law or other constitutional regulations, government regulations, rulings, requests or guidelines regarding e. g. accounting, tax matters and obligations linked to our responsibility as an employer.

Purpose

To be able to handle client support issues (customer service).

Categories of personal data

Name, social security number, address, email address, telephone number, correspondence, invoice information, contractual information, salary details, technical information on computer and browser etc.

Examples of processing

Communication and correspondence with workers, customers and stakeholders via phone, email, chat or social media.

Replies to enquiries, handling of complaints and disputes, counselling, technical support, etc.

Legal basis: Contract fulfilment and legitimate interest.

Processing is necessary for us to fulfil our contract with the umbrella worker and our contract with the customer. Processing is also necessary in order to protect our interests and our contractors’ interest in maintaining a good customer service.

Purpose

To be able to market our services through direct marketing and remarketing.

Categories of personal data

Name, email address, IP number, technical data on computer and browser.

Examples of processing

Distribution of direct marketing by email.

Use of cookies when visiting our website for remarketing on other websites.

Legal basis: Legitimate interest.

Processing is necessary in order to protect the legitimate interest of Invoicery in being able to market existing or new services and to inform about new events.

Who may we share your personal data with?

In some cases we may share your personal data with other legal entities.

Companies within the same corporate group as Invoicery (Frilans Finans)

As we have certain group-wide functions within our group, we may share your personal data with other companies within the group.

Other legal entities who are independent personal data controllers

We share your personal data with other independent personal data controllers, that is, with companies or authorities that independently decide on how to process the information provided to them. When personal data are shared with other independent personal data controllers, their respective privacy policies and procedures apply.

The independent personal data controllers we may share your personal data with are:

Government authorities, such as HMRC, if we are required to by law, in order to fulfil our employer responsibilities, or whenever there is suspicion of a crime.

Processing is necessary for us to fulfil our contract with the worker and our contract with the customer. Processing is also necessary in order to protect our interests and our contractors’ interest in maintaining a good customer service.

Personal Data Processors

In order to be able to offer our services and fulfil our obligations according to the contract entered into with you, we will share some of your personal data with companies that support us with marketing, IT solutions, debt collection matters, etc. These companies are personal data processors, and we sign an agreement with them to ensure that they only process your information according to our instructions and for the purpose they were collected for.

Third country suppliers

We always strive to retain the data we process within the EU/EEA region. However, some of our suppliers operate outside this area, in a so-called third country. If we transfer your personal data to third countries, we take appropriate safeguards to ensure that the level of protection is the same as within the EU/EEA region. Examples of such safeguards are an approved code of conduct in the destination country, standard contract clauses, binding internal company rules, and Privacy Shield.

How long do we keep your personal data for?

We keep your personal data for as long as it is necessary to fulfil the purpose for which the data was collected. The data we collect and which is generated when you use our services are processed for different purposes, therefore they are also kept for different time periods, depending on what they are used for, and depending on our legal obligations. They could, for example, be kept as long as is necessary for us to fulfil our employer responsibility towards you, to handle complaints from your customer, or as long as necessary in order to comply with certain statutory retention times relating to, for example, accounting.

How do we protect your personal data?

We take appropriate technical and organisational security measures to ensure that all information we process is protected from unlawful or unauthorized access, but also from loss, destruction or other damages. Only the administrators who have the authorisation to access our systems have access to your personal data, and their handling of the information is strictly regulated by internal policies.

Your rights as registered user

As a registered user, current legislation bestows you with a number of rights linked to our processing of your personal data. Below please find your rights as well as their implications. At the end of the document you can find our contact information. Please contact us if you wish to exercise your rights.

We will process your request without unnecessary delay and usually within one month. Please note that we may need additional information from you to verify your identity and make sure that the request comes from the right person.

Right of access (registry extract)

You have the right to request information about which of your personal data we process by means of a so-called registry extract. Requests for registry extracts must be made in writing, be signed by you and posted to the address indicated at the end of this document. The registry extract will be sent to the address indicated in the population registration.

Right to rectification

If the personal data linked to you are inaccurate, you have the right to request a rectification. You also have the right to have incomplete personal data completed that are relevant to the purpose of the processing. You also have the option of updating your data on our website when you are logged in.

If personal data are rectified upon your request, we will inform all parties we have provided with the data about the rectification, provided that such notification is feasible and does not cause disproportionate effort. Upon request we will disclose to you which parties we have made the data available to.

Right to erasure

You have the right to request that your personal data be erased. There are some cases in which personal data must be erased:

If the data are no longer required for the purposes for which they were collected;

If processing is based solely on consent and the consent is revoked by you;

If personal data are processed for direct marketing purposes, and you object to such processing of personal data;

If you oppose data processing that takes place with the balance of interests as a legal basis and there are no legitimate reasons that override your interest;

If personal data are processed in violation of current legislation;

If erasure is required to comply with a legal obligation;

If personal data has been collected for a child under the age of 13 who you have parent responsibility for, and the data have been collected in relation to the offer of information society services.

There may be legal obligations that prevent us from erasing certain personal data. These obligations may stem from, for example, accounting, tax or consumer law. It may also be the case that the processing is necessary for the establishment, exercise or defence of legal claims.

If personal data is erased upon your request, we will inform all parties we have provided with the data about the erasure, provided that such notification is feasible and does not cause disproportionate effort. Upon request we will disclose to you which parties we have made the data available to.

Right to restriction of processing

You may, in some cases, request that the personal data processing by us be restricted. This means that personal data are marked to be used for specific limited purposes only.

The right to restriction applies, for example, if you have requested a rectification of your personal data. In these cases, you may also request that our processing of personal data be restricted during the investigation of the accuracy of personal data. You may also exercise this right if you object to processing conducted with the legal basis provided by a balance of interests, and you want the processing to be restricted during the investigation of whose legitimate interest is overriding.

If personal data are restricted upon your request, we will inform all parties we have provided with the data about the restriction, provided that such notification is feasible and does not cause disproportionate effort. Upon request we will disclose to you which parties we have made the data available to.

Right to object

You have the right to object to us processing personal data based on the balance of interests. In case of such an objection, we may continue processing only if we can demonstrate compelling legitimate grounds for the processing of personal data which override your interests. We may also continue to process the data for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object to the processing at any time. Direct marketing refers to all types of outreach marketing measures, such as mail, e-mail and text message. If you object to direct marketing, we will discontinue processing of your personal data for that purpose.

Right to data portability

If you have provided us with personal data, you may, under certain conditions, have the right to receive and use these personal data with another personal data controller. In order for you to exercise this right to data portability, the request must relate to such data that you have provided us with, and which we process with your consent or for the fulfilment of a contract. Thus, the right to data portability does not apply to personal data processed on the grounds of a balance of interest or a legal obligation.

Complaints

If you believe that your personal data are processed in violation of current legislation, you have the right to lodge a complaint with Invoicery or the Data Protection Authority.

Changes to Privacy Policy

Invoicery reserves the right to change and update the privacy policy as necessary. The latest version of the Privacy Policy will always be published on our website. In the case of changes that are of vital importance to our processing of personal data, you as an umbrella contractor will be informed by email in good time before the update enters into force.

Cookies

A cookie is a small text file consisting of letters and numbers that is stored on your browser or device when you visit our website www.frilansfinans.se. Cookies are used to improve your user experience and to analyse the ways in which you use our service. We also use cookies to target our marketing activities.

To learn more about cookies and how we use them, you can find more information on our website www.invoicery.co.uk and on the Post and Telecom Authority website at www.pts.se.

Contact information for personal data controller and data protection officer

Personal data controller:

Invoicery
5 Upper Montagu Street, London
W1H 2AG

Corporate identity number: 11154985

Phone number: (+44)203 951 0223

E-mail address: info@invoicery.co.uk

Data protection officer:

Our data protection officer monitors that we comply with current legislation and that we process your personal data accurately. If you would like to contact our data protection officer, please email dpo@frilansfinans.se.