At ExpenseBit, we are dedicated to the values of transparency and fairness. We strive to guard our users' personal data with care. We are fully committed to processing personal data only in compliance with the EU General Data Protection Regulation (GDPR) as well as with relevant national laws.
We do not sell user data to third parties. Nor do we use this data for advertising purposes.
4. Principles of processing personal data
In all our personal data processing activities we follow these principles:
We care about Your privacy and protection of personal data. Therefore we process Your personal data in a fair and transparent manner and only when we are allowed to do so according to the law.
We collect Your personal data for specified, explicit and legitimate purposes. We will not further process Your personal data in a manner that is incompatible with the initial purposes. When processing Your personal data for a purpose other than the initial purpose, we rely on the legal bases originating from the law or we ask for Your approval to process your personal data for other purposes.
We use best practices to ensure that personal data processed by us is adequate, relevant and limited to what is necessary in relation to the purposes for which personal data are processed. We aim to not process any redundant personal data.
Our aim is to ensure that personal data is accurate and kept up to date where necessary. We will take every reasonable step to ensure that inaccurate personal data will be erased or corrected without delay. If the personal data should prove to be false, we also give you the possibility to correct and/or delete it.
We keep your personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. We process personal data as long as it is required by applicable laws, binding contracts or binding legal obligations.
Integrity and confidentiality
We process your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing. We will take all reasonable measures in its power against accidental data loss, destruction or damage. We use different technical and organizational measures to enhance security when processing personal data.
Unless permitted or required by law, we will not disclose any personal data to third parties without prior written consent.
Data protection by design and by default
We take into account the principles of data protection by design and by default when designing our products and services.
Non-transfer to third countries
We do not transfer any personal data to third countries.
5. What personal data do we collect and where do we get it?
We only collect and process the personal data that You have provided to us. You provide us Your data when You have registered to use our App, signed up for e-mail alerts, subscribed to receive information, complete our survey, approach us for technical support or customer service, use our website or online services.
The types of personal data you provide may include Your name, email address, phone number (which may include mobile phone number), IP address and postal address.
6. Why we collect Your data
We collect Your data in order to provide You with our services and access to our site. We use Your data to communicate with You, respond to Your requests and to gain information about users' preferences in order to improve our services.
7. What is the legal basis for processing Your personal data?
We rely on different legal bases for the processing of Your data:
We rely on this legal basis to send you marketing materials, such as newsletters and offers.
We rely on this legal basis to create a contractual relationship with You, or to fulfil an agreement that has been signed.
We rely on this legal basis to comply with legal obligations, for example a court order that would require us to process personal data for a particular purpose.
We rely on this legal basis to protect Your vital interests or those of other persons for example when a user is hospitalised in a life-threatening situation and processing the users’ information is essential to helping the user.
We rely on this legal basis to carry out interests such as the management of the company and the general realisation of its business activities, as well as the discovery of unlawful activities and fraud.
8. Your rights
You have the right to know if we process any data related to You and if so, which data about you we process. You have the right to know who and for what purpose have access to Your data.
You have the right to ask us to supply you with the information about how we process your data.
You have the right to request us to provide you with the data we have about you. We shall act promptly on that request, as much as possible, but in any case, no later than one month. We shall provide Your data for You in a common format in a clear manner for free. If for compelling reasons, we are not able to provide You with Your data, we will inform You of the reasons. Most commonly, the reason is that the data is anonymized and could not be attributed to any specific user. However, other reasons could occur. If our reasoning is not convincing for You, You have the right to submit a complaint to Data Protection Inspectorate (Andmekaitseinspektsioon).
You have the right to transmit all data about You to other service providers, including our competitors. Moreover, You have the right to request us to transmit this data to the other service provider directly.
You have the right to withdraw Your consent for processing Your data at any time. You can withdraw Your consent by using the manage privacy section.
You have the right to object to processing of Your data. Unless there are compelling reasons, we shall comply with Your request. Such reasons can include legal obligations, public security and public health, right of freedom of expression and information, for example. There could be other reasons as well. If You are not convinced by our reasoning, You have the right to submit a complaint to Data Protection Inspectorate (Andmekaitseinspektsioon).
If You find any errors, inaccuracies or if Your information has changed (for example, if You change Your email address), please do let us know. We shall update and correct the information as soon as possible.
Your data will be stored only for as long as necessary to provide You with our services or for as long as required by law. You have the right to ask us to erase any of Your data and unless there are compelling reasons (of which we will inform You), we will erase Your data. Those compelling reasons may arise from law, public policy, public health, among others. If You are not convinced by our reasoning, You have the right to submit a complaint to Data Protection Inspectorate (Andmekaitseinspektsioon, https://www.aki.ee/en).
9. How we use “cookies”
We may automatically collect personal data through “cookies,” which are text files placed on your device’s hard drive when you visit our services. Cookies may enhance your online experience by saving your preferences while you are visiting a particular site.
We also may use “flash cookies,” also called “local shared objects.” Like other cookies, flash cookies are files stored on your device, but flash cookies can store information that is more complex than simple text. These cookies can be helpful to us in storing your preferences regarding feature settings, and personalizing your experience. In some cases local shared objects also are used to prevent fraud. Unlike “regular” cookies, browsers generally cannot be used to manage cookie placement. To learn more about managing flash cookies, you may wish to consult Adobe’s website and change the privacy settings they make available to users who wish to manage flash cookies. Like regular cookies, flash cookies improve your experience with our site, so disabling them may limit or eliminate features we make available to you.
10. Web Beacons and Log Files
We may use “web beacons” (also known as Internet tags, pixel tags, tracking pixels, and clear GIFs) on pages of our website based on your explicit consent. These web beacons allow third parties to collect personal data such as the IP address of the device, the URL of the web page, the time the page was viewed, the type of browser used, and any additional information in cookies that may have been set by the third party. The information is typically collected in log files, which generally track traffic on our websites. Purposes for this information collection may include managing our online advertising, including by determining which ads brought users to our websites. The information also is used for analytical purposes and to manage technical issues that may arise. We do not attempt to identify individual users through this information.
11. How we safeguard your data?
We maintain appropriate organisational, technical and physical measures to protect your personal data from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use and other unlawful forms of processing. For example we transmit your data securely via SSL (TLS 1.2) which makes your data secure. We also use organizational measures such as limitation of access.
11. Implementing provision