4.3. Customers’ customer data Holvi processes customers’ customer data to allow Holvi customers to send invoices and expense invites. Holvi stores this data for customers’ bookkeeping purposes in basis of a contract with the customer. Customer may also make payments through their Holvi account. Holvi has a legal obligation to save the third party data when customer makes payments. This data is retained in Holvi for legitimate interest of preventing fraud for 5 years after the end of customer relationship. When customer uses ‘Invite User’ function, the customer is responsible for obtaining the consent from the receiver of the invite before sending the invite. Holvi customers have a possibility to create customer relationship lists of their own customers. This customer’s customer data is only stored in Holvi database until the customer chooses to delete the list. All transactional data is part of customer bookkeeping records that will be retained for above mentioned period. When a user makes a payment in a webshop, the user will become a customer of Holvi for this payment. For this scenario, data processing is described above in “Using Holvi for One-Time Payments”.
4.4. Customer Support In Holvi customer support, the data is collected and used to solve issues and questions customers might have about Holvi service. The questions and issues customers send through email, website, Facebook messenger or by calling are saved for product development and customer success quality purposes. Every issue is given a unique number and the issues are connected to a possible customer account. Customer support data is retained and processed in legitimate business interest of Holvi to develop the product, to help customers and to give information on Holvi product and services. Customer support data will be deleted five years after the end of the customer relationship with other customer data. Holvi Customer Support may use customer email or phone number to contact customer for legal questions, service related queries and to offer help with onboarding issues. Holvi will never ask customer to give their passwords through email or phone. 4.5. Blog Updates The Holvi Blog enables users to get notifications in their email when a new blog text is published. To get these updates, user is asked to input their email and order the updates email. On basis of user consent, Holvi collects and stores information through the blog update to optimize the sending and the content of future newsletters. User can at any time withdraw their consent and cancel the updates email. After withdrawing their consent on receiving the email, Holvi will mark the consent withdrawn and user will no longer receive the updates. 4.6. Tips & Tricks This newsletter is sent for Holvi customers that have given their consent during onboarding. The newsletter contains tips & tricks on use of Holvi product, entrepreneurship and other issues that might interest our customers. On basis of customer consent, Holvi collects and stores information through the newsletters to optimise the sending and the content of future newsletters. Customer can at any time withdraw their consent and cancel the newsletter. After withdrawing their consent on receiving newsletter, Holvi will mark the consent withdrawn and customer will no longer receive the newsletter. 4.7. Inbound marketing Holvi will always ask data subject’s consent to send any marketing messages. On basis of user consent, Holvi collects and stores information through the messages to optimize the sending and the content of future marketing. User can at any time withdraw their consent and cancel the newsletter. After withdrawing their consent on receiving any marketing, Holvi will mark the consent withdrawn and user will no longer receive any messages.
Customer rights as a data subject 8.1. The right to be informed Holvi will always inform customer about the purposes and the lawful basis of processing their information, as well as the retention period of processing information. Holvi will inform the customer about the sources from which Holvi obtains customer personal data, and the recipients of customer data. If customer data is processed based on consent, customer has a right to withdraw their consent of sharing data at any time. Customer also has a right to lodge a complaint with a supervisory authority. 8.2. The right to access Customer has right to access to their information that is stored in Holvi database. Customer is able to see their basic information in their account. Customer is also able to submit a request to Holvi DPO and get a copy of their personal information. If the customer asks for a large amount of data, Holvi may ask the customer to specify their request. Holvi will comply with customer request without delay within one month and free of charge, unless if the request is repetitive, unfound, or excessive, Holvi might have to ask customer for a reasonable administrative fee and/or extend the period of compliance for two months. 8.3. The right to data portability Customer has a right to data portability, which means that customer may ask Holvi to move, copy or transfer their data from Holvi IT environment to another in a structured, commonly used and machine readable form. Holvi will respond to customer request without delay within one month, unless the request is complex or Holvi has received an extensive number of requests. In this case, Holvi will inform customer of a reason why the request must be extended by two months. 8.4. The right to rectification If customer finds their information in Holvi as inaccurate or incomplete, customer has a right to get their data rectified. Customer can either log into their Holvi account to review and modify their data or if customer is unable to modify data theirself, they can request the rectification through a dedicated platform or by contacting Holvi support. Holvi will respond to customer within a month, and inform the third parties of the rectification where possible. 8.5. The right to be forgotten / the right to erasure Customer has a right to be forgotten, which means that customer is able to ask a deletion and removal of all personal data Holvi has on customer, if Holvi has no compelling reason for continued processing or storage, Holvi will delete customer data. Retention periods by applicable law might be a compelling reason for Holvi to keep customer data for longer, or a legitimate interest that overrides customer’s interest of data erasure. Holvi will respond to customer request within a month. 8.6. The right to restrict processing In cases the customer is not entitled to get their data erased, the customer is still able to restrict the processing of the data. Customer has a right to restrict the processing of personal data, if 1) the accuracy of the data is contested; 2) customer thinks the processing is unlawful and the requests restriction; 3) Holvi no longer needs the data for the original purpose, but customer data is still required to establish, exercise or defend legal rights; or 4) if the verification of overriding basis is pending, in the context of an erasure request. 8.7. The right to object processing Customer has a right to object to processing of their personal data on grounds relating to their particular situation. If Holvi processes customer data for legitimate interests, Holvi will stop processing the information after customer’s request, unless Holvi can show a compelling legitimate grounds for the processing. If Holvi processes customer data on the basis of customer consent, Holvi will stop processing customer data as soon as receiving customer objection. 8.8. Rights related to automated decision making including profiling Customer has rights related to automated individual decision-making - making a decision solely by automated means without any human involvement; and profiling. Holvi may use profiling to send the customer messages and marketing that is relevant to them. Holvi will inform customer separately if it uses automated decision making, and will give customer ways to request human intervention or challenge a decision. 8.9. Using your rights Customers and other website users may use all of their rights through Holvi’s dedicated data privacy platform by filling an online form and sending it to Holvi. We will get back to you as soon as possible, but not later than within a month. Please fill in the form here.
Data Processing Agreement 9.1. Scope Holvi processes customers’ customer data on behalf of the Holvi user when making available certain related value added services such as invoicing, reporting, web shop platform and credit and savings products, which may be provided by Holvi or third party service providers. 9.2. Parties For the use of value added services Holvi acts as a data processor and the customer will act as a data controller. 9.3. Basis for processing Holvi will only process personal data in line with GDPR, other laws and the agreement between Holvi and the customer. 9.4. Categories of personal data processed Personal data categories processed on behalf of the customer are PII, contact information and financial information. 9.5. Security and confidentiality Holvians processing customer data are under a duty of confidence when processing the data, and Holvi has taken appropriate measures to ensure the security of processing. 9.6. Third parties To provide payment services and other value added services for customers, Holvi may engage sub-processors that will provide the same level of safeguards as Holvi acting as a main processor. Third parties that the data may be shared with are listed below. 9.7. Co-operation Holvi will assist the customer by taking appropriate technical and organisational measures to ensure fulfilment of the controller's obligation to reply to requests by data subjects exercising their rights, and in relation to the security of processing, the notification of personal data breaches and data protection impact assessments. 9.8. Other provisions If the customer chooses so, customer is able to delete, upload or transfer all personal data that is processed by Holvi. Holvi will maintain data that it processes as a controller and the data that EU or Member State law requires to be stored. Holvi will make available to the customer all information necessary to demonstrate compliance with customer obligations and allow and cooperate fully with audits, including inspections, conducted by the controller or another person authorised to this end by the controller. Controller will bury the costs of these acts.