invotek.net/legal/privacy-customer.html

Last updated 11 Nov 2024

Customer privacy notice

Welcome!

We are Invotek, a computer information services business based in the UK.

We have different notices for Invotek staff or website visitors.

This privacy notice explains what you can expect us to do with your personal data when you contact us or buy our services.

We may update this privacy notice at any time. We'll notify you of any updates via any method necessary.

Overwhelmed? We'll gladly clarify anything upon contact.

Click on a heading to expand its contents.

Contact

You're absolutely welcome to contact gdpr@invotek.net at any time to exercise your UK GDPR rights, or for any other privacy concerns.

What information we collect/use, and why

For each purpose, we've provided a bullet point list of the data we collect/use.

To provide our services

Anything uploaded to our services (files, emails etc.),
The email address used to sign up,
Any email addresses we may provide you (Invotek Mail customers),
The domains used for any services (Invotek Web or Mail customers),
Other personal data used by Stripe.
This may include your name, email address, billing address, payment and transaction info, account credit, etc.

We only have access to a very limited amount of this information. Please see their Data Processing Agreement for details:

Stripe's Data Processing Agreement

To inform you of important service updates

The email address used to sign up,
Any email addresses we may provide you (Invotek Mail customers).

To provide support, or when you contact us

The email address or Discord username used to contact us,
If you contact us via Discord, we can also see any information on your profile,
Any other information you provide when you contact us.

To prevent fraud or misuse of our services

The email address used to sign up,
Anything uploaded to our services (files, emails etc.),
Other personal data used by Stripe.
This may include your name, email address, billing address, payment and transaction info, account credit, etc.

We only have access to a very limited amount of this information. Please see their Data Processing Agreement for details:

Stripe's Data Processing Agreement

Your rights

We are required to have a "lawful basis" for the collection/usage of your personal data. The lawful bases used may affect your rights, which are set out below.

We will reply to requests without undue delay within one month. Feel free to make a request via the "Contact" heading.

More info on your data protection rights

Your right of access

You have the right to ask us for copies of your personal data, and other information, like where we got it from, or who we share it with.

There may be exceptions where you do not receive everything you ask for. Check the ICO's website (above) for a list of exceptions.

Your right to rectification

You have the right to ask us to correct/delete personal data you think is inaccurate/incomplete.

Your right to erasure

You have the right to ask us to delete your personal data.

Your right to restriction of processing

You have the right to ask us to limit how we use your personal data.

Your right to object to processing

You have the right to object to the processing of your personal data.

Your right to data portability

You have the right to ask that we transfer the personal data you gave us to another organisation, or to you.

Your right to withdraw consent

When we use consent as our lawful basis, you have the right to withdraw your consent at any time.

Our lawful bases for collection/usage of your personal data

For each purpose, we've provided information on the legal basis we use.

To provide our services

We use contract¹ as our legal basis.

To inform you of important service updates

We use contract¹ as our legal basis.

We use contract¹ because we may need to inform you of downtime, changes in pricing, etc., that may mean we can't provide our services anymore.

To provide support, or when you contact us

We use contract¹ and legitimate interests² as our legal basis.

We use contract¹ because there may be issues that significantly affects your service and thus affects us being able to carry out our contract with you.

We use legitimate interests² because we need to reply to your support queries via email/Discord, and provide you with general support/troubleshooting.

To prevent fraud or misuse of our services

We use legitimate interests² as our legal basis.

We use legitimate interests² because Stripe needs to identify and block fraudulent transactions. We also need this to manually/automatically review uploaded content to ensure compliance with the law and our Terms of Service, and prevent you from buying from us again if this is not met.

Definitions

¹ "Contract" means we have to collect/use this data to enter into, or carry out, a contract with you.

All of your data protection rights may apply, except the right to object.

² "Legitimate interests" means we're collecting/using your data because it benefits you, our organisation, or someone else, without causing an undue risk of harm to anyone.

All of your data protection rights may apply, except the right to portability.

Where we get personal data from

All of our personal data comes directly from you. We don't collect anything from third parties.

How long we keep information

For each purpose, we've provided information on how long we keep data for.

We may have to retain data longer than this if legally required (court orders, investigations etc). We'll notify you regarding this wherever possible.

To provide our services and inform you of important service updates

Kept as long as you are a customer. Deleted two months after your last service ends. We'll send you reminders 30 days, 14 days, and 3 days before deletion.

Please note: We are legally required to keep transaction information for up to 6 years.

To provide support or when you contact us

Kept as long as your query is open. Deleted one month after being resolved, to allow for any follow-up queries.

Please note: Any emails related to purchasing our services will be kept if you made a transaction in the past 120 days, so we can prove to your bank you authorised the transactions.

To prevent fraud or misuse of our services

Kept for up to 10 years, to identify and prevent you from buying our services again.

Who we share information with

We use Stripe as a data processor, which handles payment processing.

Other than this, we don't share your personal data with third parties.

At most, we share anonymised data which cannot be used to identify you in any way. We take every step possible to anonymise & generalise your data before sharing it with anyone. Our Advisory Board meets twice weekly to review our data protection practices.

Please note: We may have to share/delete any personal data we hold on you upon a valid legal request (like a court order, DMCA takedown etc).

If we encounter a personal data breach (when someone breaches our security and accesses your personal data), we'll inform you immediately through any method available.

Sharing information outside the UK

Stripe, our data processor, may share personal data outside of the UK (to the USA). This transfer complies with UK data protection law via the International Data Transfer Addendum.

We are in a Data Processing Agreement with Stripe. For more information, both of these are available on Stripe's website:

Stripe's Data Processing Agreement

Stripe's Data Transfers Addendum

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us via the "Contact" heading.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

Make a complaint

Helpline number: 0303 123 1113

The ICO's address:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Invotek is an ICO-registered business.

Registration reference ZB796944.