Privacy Policy

  1. GENERAL

    1. This privacy notice (“Notice”) explains the principles on how we process, including collect, use, store and disclose personal data when: (i) you visit or otherwise interact with the website www.fitek.com (“Website”); (ii) the legal entity you work for or represent wishes to conclude or has concluded a contract with us, including registered an account for you; (iii) you receive newsletter and/or receive other direct marketing; (iv) you communicate with us through e-mail, Website or other communication channels; or (v) you request a demo; or (v) you take any other actions on our Website or the Service, which entail us receiving and processing your personal data.

    2. We provide an invoice management platform for businesses (“Services”). Your privacy is important to us and therefore, it is our policy to respect your privacy and take appropriate measures to protect your personal data.

    3. We process your personal data as described in this Notice and in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (2016/679) (“GDPR”) and other data protection legislation, as applicable towards the controller stated in Section 2 of this Notice.

    4. In case you disclose any personal data regarding any third person(s) (e.g., your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Notice.

  2. CONTROLLER

    1. For the personal data processing purposes set out in Section 4 of this Notice, the controller of your personal data is the entity with whom you interact with. The contact details of the controllers are the following:

      1. Fitek Holding OÜ, address Masti tn 12-10, Tallinn 11911, Harju maakond, Estonia;

      2. Fitek OÜ, address Tartu mnt 43, Tallinn 10128, Harju maakond, Estonia;

      3. Fitek SIA, address Dēļu iela 4, Rīga, Latvia;

      4. Fitek, UAB, address Vilniaus r. sav., Avižienių sen., Užubalių k., Senasis Ukmergės kel. 2-1, Lithuania;

      5. Fitek sp. z.o.o., address Aleje Jerozolimskie 123A, 02-017 Warsaw, Poland;

      6. Fitek s.r.o., address Nádražná 1958, Ivanka pri Dunaji 900 28, Slovakia;

      7. Onea BV, address Kortrijksesteenweg 1146, 9051 Gent, Belgium.

    2. In case of personal data protection related inquiries please contact us by writing to info@fitek.com

  3. CATEGORIES AND SOURCES OF PERSONAL DATA

    1. Personal data is any information that can be used to directly or indirectly uniquely identify you as a private individual. We may obtain and process the following categories of personal data:

      1. For concluding and managing contractual relationship with the legal entity you work for or represent and/or for creating an account we may process the following personal data: name, personal identification code, (corporate) e-mail address, phone number, legal entity’s information (e.g., legal entity’s name, registry code), your job title (“Main Data”);

      2. If you communicate with us through e-mail, Website or other communication channel, we may process the following personal data: name, (corporate) e-mail address, phone number, date, time, contents of your message (“Communication Data”);

      3. For conducting marketing, including when requested, providing demo, we may process the following personal data: name, (corporate) e-mail address, phone number, the legal entity’s information, job title. Additionally, we may supplement the personal data that you have provided to us directly with information that has been obtained from publicly available resources (i.e. LinkedIn, country specific commercial registrars) (“Marketing Data”);

      4. When you visit the Website, our servers may automatically log the following standard data provided by your web browser or device, which may include your personal data: your device’s Internet Protocol (IP) address, your browser type and version, the webpages you visit on our Website and the time spent on each page, the time and date of your visit, your device’s system activity and hardware settings (“Log Data”);

      5. We may also collect the following data, which may include your personal data, about the device you’re using to access our Website: device type, operating system, unique device identifiers, device settings, browser type, hardware model, Internet service provider and/or mobile carrier, system configuration information and geo-location data (“Device Data”);

      6. When you use the Services, we may process the following data, which may include your personal data: user ID, user role, action made, attributes to that action, error logs (“Usage Data”).

      7. We use cookies to understand how you use the Website. Cookies are small text files placed on your computer or mobile device when you visit the Website, and they may collect your personal data. Please refer to our Cookie Notice for more information.

    2. We may obtain your personal data directly from you, including when you visit the Website or use the Services, the legal entity you represent or work for or other resources (e.g., from country specific commercial registrars).

    3. If you do not provide the required information, we may not be able to provide our Services, contact you or fill any other purposes provided in Section 4 of this Notice.

  4. LEGAL BASES AND PURPOSES OF PROCESSING PERSONAL DATA

    1. The legal basis for processing your personal data depends on the objective and context in which we collect personal data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal basis for processing:

    Processing purpose Legal basis Personal data category used for the processing purpose
    Handling pre-contractual negotiations and communications and concluding the contract, including creating an account, providing a demo Our legitimate interest in taking and implementing pre-contractual measures of the potential contract to be concluded between the legal entity you represent or work for and us Main Data, Communication Data
    Performing the contract and managing contractual relationship, including but not limited to providing the Services, managing your account, providing customer support, monitoring the fulfilment of the contract Our legitimate interest in performing the contract concluded between the legal entity you represent or work for and us
    Responding to your enquiries and requests, including but not limited to providing information about our Services Our legitimate interest in taking and implementing pre-contractual measures of the potential contract to be concluded between the legal entity you represent or work for and us or our legitimate interest in performing the contract concluded between the legal entity you work for or represent and us
    Sending information about our Services’ updates, including new features and other news Our legitimate interest in providing information about the Services’ updates Main Data
    Providing a demo Our legitimate interest in taking and implementing pre-contractual measures of the potential contract to be concluded between the legal entity you represent or work for and us Marketing Data
    Conducting direct marketing to a legal person regarding our Services, features, offers, promotions, news and events Our legitimate interest in providing information and offers about our Services
    Sending our existing clients’ information about our other products and services that we think they might be interested in based on the products and services they have previously sourced from us Our legitimate interest in providing information on our products and services similar to which the legal entity you represent or work for has already previously sourced from us
    Measuring the effectiveness of marketing tools Our legitimate interest in improving the efficiency of marketing tools
    Making available the basic functions of the Website and the Services and administering it, including gathering information about visitor’s navigation Our legitimate interest in providing the Website and the Services and understanding the use patterns to be able to improve the Website and the Services and enhance the user experience Log Data, Device Data, Usage Data
    Diagnosing and repairing problems with the Website and the Services Our legitimate interest in (i) providing data security and preventing fraudulent actions related to the Website and the Services; (ii) ensuring the functioning of the Website and the Services
    Analysing use of the Website and Services Our legitimate interest in (i) analysing the use of the Website and Services to understand the suitability to the user; (ii) improving, upgrading and enhancing the operation of the Website and Services; (iii) developing new features and functionalities
    Storing information containing personal data in our backup systems Our legitimate interest in ensuring the continuity and security of data processing operations All data categories
    Complying with legal or regulatory obligations or requests Performance of legal obligations
    Establishing, exercising, or defending legal claims, whether in court proceedings or in an administrative or out-of-court procedure in relation to our, our clients’ or employees’ rights Our legitimate interest in managing legal claims, facilitating effective establishment, exercise, or defence of legal claims
    Arranging the sale or merger of our company and providing information for conducting the legal or other audit and the data exchange thereof Our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful merger, acquisition or restructuring of the company

  5. RECIPIENTS OF PERSONAL DATA AND DATA TRANSFERS

    1. We may disclose your personal data to separate controllers, who themselves determine the purposes of the processing of personal data or processors, who process your personal data on our behalf. These data recipients belong to the following categories:

    Category Purpose and legal basis of disclosure

    Public sector authorities, supervisory and law enforcement authorities

    To fulfil our statutory obligation, a court order, to establish, exercise or defend our legal rights or in other cases where this is necessary to prevent and deter unlawful acts. For example: Estonian Police and Border Guard Board, Estonian Data Protection Inspectorate.

    The legal basis is performance of our legal obligations or our legitimate interest in facilitating effective establishment, exercise, or defence of legal claims.

    Professional advisors

    To ensure our proper economic activity and to establish, exercise or defend our legal rights. For example: auditors, legal advisors.

    The legal basis is seeking legal advice and managing legal claims, facilitating effective establishment, exercise, or defence of legal claims.

    Service providers, contractors

    To help us in providing the Services, including the Website. For example: IT-service provider, marketing service provider.

    The legal basis is our legitimate interest in providing the Website and the Services and ensuring our proper economic activity.

    Resellers

    To distribute or provide our Services to (potential) clients.

    The legal basis is our legitimate interest in providing our Services to additional clients.

    Group Entities

    To utilize common technical infrastructure and perform internal administrative tasks.

    The legal basis is our legitimate interest in utilizing common technical infrastructure and performing internal administrative tasks.

    Our legal successors and/or potential acquirers of the company

    If necessary and required for successful transfer of our business or for the purposes of merger and/or acquisition, the personal data may be disclosed to the specified acquirers or legal successors and their representatives and/or financial and legal advisors.

    The legal basis is our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful merger, acquisition or restructuring of the company.

    1. For service providers located outside the European Union or the European Economic Area (“EU/EEA”), we use safeguards (e.g., standard contractual clauses approved by the European Commission) to ensure that a level of protection of personal data comparable to that applicable in the EU/EEA is applied to your personal data. We monitor the compliance of our service providers with the above requirements. Upon your request we will make available further information on the safeguards applied.

  6. PERSONAL DATA RETENTION PERIOD

    1. We retain your personal data as long as reasonably necessary to attain the objectives stated in Section 4 of this Notice, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining personal data, we take into account the need to resolve disputes and enforce the contract between us or anonymize your personal data and retain this anonymized information indefinitely.

    2. Following the retention period or if we no longer need the respective personal data for the purposes specified in Section 4 of the Notice, we shall destroy the respective personal data within a reasonable time, unless the retention of personal data is required to perform duties or fulfil requirements arising from the legislation or to protect against ongoing or threatened disputes.

  7. YOUR RIGHTS AS A DATA SUBJECT

    1. You may, at any time, exercise the following rights with respect to our processing of your personal data:

      1. Right to access: you have the right to request access, including receive a copy, of your personal data. This includes the right to be informed on whether we process your personal data, what personal data categories are being processed by us, and the purpose of the data processing;

      2. Right to rectification: you have the right to request that we correct any of your personal data if you believe that we are processing inaccurate or incomplete personal data;

      3. Right to object: you are entitled to object to certain processing of your personal data, for example when we process your personal data based on our legitimate interest or for direct marketing purposes;

      4. Right to restriction: you have the right to request that we restrict the processing of your personal data, for example if you wish to dispute the accuracy of certain personal data we are processing or if we no longer need the personal data for the purposes of the processing, but you require the personal data to establish, exercise or defend legal claims;

      5. Right to erasure: you have the right to request that we erase your personal data for example if the personal data is no longer necessary for the purposes for which it was collected or if you consider that the processing is unlawful;

        • Should you wish to delete your account, for example if there is a change in the person who represents the company, please contact us and we will assign the company’s account to a new representative and delete your personal data according to our retention periods;

      6. Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format if the processing is carried out by automated means and is based on your consent or a mutual contractual relationship. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;

      7. Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time. The withdrawal of your consent does not affect the lawfulness of the processing of personal data prior to the withdrawal;

      8. Right to contact the supervisory authority: If you are not satisfied with our response to your request in relation to your personal data processing or you believe we are processing your personal data not in accordance with the legislation, you can submit your claim to the data protection authority, e.g., in Estonia to the Estonian Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon) at info@aki.ee or www.aki.ee

    2. To exercise the above rights, please contact us as specified in Section 2 of this Notice. Please note that you should supply us with adequate information for us to respond to your requests concerning the rights. Prior answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request.

  8. LINKS TO OTHER WEBSITES

    1. Our Website may link to external sites that are not operated by us. Therefore, this Notice does not apply to data processing conducted by such third parties. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices. To find out more about how such third parties process your personal data, please refer to the respective privacy notices on the other websites you visit.

  9. CHANGES TO THIS NOTICE

    1. This Notice may be amended or modified from time to time to reflect the changes in the way we process personal data, and in such case, the most recent version of the Notice will be published on this webpage. Please check back periodically, and especially before you provide any new personal data.