Your privacy is important to Webservices Engineering GmbH. Below we inform you about what we collect and how we use, disclose, transfer and store your information.
Regarding the terminology, and in particular the terms “personal data”, “processing”, “controller”, “processor” and “consent”, we refer to the legal data protection definitions of the Art. 4 GDPR.
Personal data includes, for example, the names, address, emails or user behaviour.
In general, we process personal data only if it is necessary for the provision of a functional website and the content and services provided by us, in particular pursuant to one of the legal bases mentioned in Art. 6 (1) lit b) to f) GDPR.
Your personal will be deleted or blocked as soon as the purpose of their storage ceases. Storage may be provided if it is stipulated by national or European provisions to which we are subject. In this case, a blocking or deletion of the data takes place if the storage period prescribed in the respective regulations has expired. The latter does not apply if further storage is necessary for the conclusion or the fulfillment of a contract or our legal obligations.
By using the Website and/or providing information to us, you accept and agree to the collection and use of your personal data for the purposes described.
Unless otherwise specified, any changes or modifications will be effective immediately upon posting of the revised Policy on this Site, and your continued use of the Services after such time will constitute your agreement to be bound by such modified Terms. The Terms will always show the ‘last updated’ date at the top.
2. The Controller - Our identity
The Controller within the meaning of Art. 4 (7) GDPR, is:
Webservices Engineering GmbH
Head office: Bergstraße 17, 82380 Peißenberg, Germany
E-mail: [email protected]
Our customers may submit inquiries regarding personal data protection, privacy and security matters to Andreas Philippi, by the e-mail [email protected]
3. Collection of Personal Information
If you visit our website without registering or providing us with information in any other way (“informational use”), we may only collect those personal data that are technically necessary for us to make it possible for you to view our website and to ensure stability and safety, such as:
Date and time of the request, including Time zone
The URL accessed
Access status (HTTP status)
The referrer(website from which you accessed our website)
Web browser details, including version and language
The data mentioned previously will be saved in plain-text log files on our IT infrastructure.
There will be no storage or references of these data along with other of your personal data.
We will not use the above mentioned data for marketing purposes.
The storage in our log files serves the purpose to ensure the functionality of our website as well as the safety of our IT infrastructure.
When you sign-up to online-billing-service.com, along the above mentioned technically necessary data, we may collect the following personal information provided by you:
Your business information;
Your location details;
Your contact details ( such as telephone details and email address);
Your product and service information;
Your customer information;
Your transaction and subscription information;
Your payment gateway details;
Your batch information.
The registration is necessary for the provision of certain contents and to provide the services on our website. The data provided for this purpose are only used in order to use the respective offer or services or to provide services for which you have registered. In case of important changes in our offers, services and performances, for example, in relation with the scope of the offer or with modifications that are technically necessary, we use the email address provided during the registration in order to inform you about it.
4. Processing of Personal Information
Your personal information will normally be retained in the Controller's database and may be used by the Controller as follows:
To administer our relationship with you, providing services and responding to enquiries;
To provide you with information, products or services that you may request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
To carry out our obligations arising from any contracts entered into between you and us;
To allow you to participate in interactive features of our service, when you choose to do so;
To notify you about changes to our service;
We may use your data in order to facilitate the automated collection of payments through your specified payment gateway;
We may sometimes use personal information to send you notifications about important changes related to pricing details, technical parameters, and security related details.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
5. Your rights
You have the following rights with respect to your personal data:
the right to information
the right to correction and deletion
the right to limitation and processing
the right to objection against the processing
the right to data transferability
Furthermore, you have the right to complain to a data protection supervising authority about our processing of your personal data.
If you wish to exercise one of these rights you can email us in writing at [email protected]
6. Legal basis
The legal basis for the processing is Art. 6 (1) sentence 1 lit. a) GDPR. Insofar as the registration serves to conclude or execute the contract, Art. 6 (1) sentence 1 lit. b) GDPR is an additional legal basis.
You can revoke your consent at any time. The legality of the already completed data processing remains unaffected by the revocation.
The data is deleted as soon as they are no longer necessary for their purpose of collection. This is the case when the registration on our website has been canceled or modified. You have the possibility to cancel the registration at any time. You can modify your personal data at any time. A deletion will not happen if the law requires us to keep on storing your personal data. The legal storage time remains unaffected.
However, please be aware that the conclusion or execution of the contract is not possible without this data.
We only transfer personal data to third parties if it is necessary in the context of the contract execution. A further transfer of the data does not take place, except situations where you have given your express consent to such transfer. A transfer of your data to third parties without express permission, for example for the purpose of marketing or advertising, will not happen.
7. Technical measures
online-billing-service.com implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.
The Service utilizes the extensive features of the cloud environment to ensure high availability, like full redundancy, load balancing, capacity scaling, periodic data backup.
No personal data is stored permanently outside Webservices Engineering GmbH IT Infrastructure. The physical security is thereby maintained by Webservices Engineering GmbH subcontractors, see clause 9. The processed data is stored in data centers located in the European Union, owned by Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner Online GmbH and the other subcontractors comply with all GDPR requirements.
To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. We use Secure Socket Layer (SSL) technology to transfer data between you and the application, using the user interface or API service.
For data in transit, the Service uses only encrypted transport protocols between devices and data centers and within data centers themselves.
All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.
Whenever personal data is accessed by authorized personnel the access is only possible over an encrypted connection.
Webservices Engineering GmbH will at all times keep you informed about changes to the processes to protect data privacy and security, including practices and policies. You may at any time request information on where and how data is stored, secured and used.
7.5 The ability to intervene
Webservices Engineering GmbH enables your rights of access, rectification and deletion to be managed by you, using the user interface of the Application or the API service. You can also do batch actions, that means you can delete multiple records, you can import the files with multiple records and you can also change multiple records.
Technically speaking, the staff of Webservices Engineering GmbH has the possibility to use the application on behalf of a certain user through the 'switch user'. This action can be done after prior confirmation from the client (verbal or written).
The overall responsibility for data security lies with Webservices Engineering GmbH Data Security Officer, who educates and updates all personnel on the data security.
Webservices Engineering GmbH uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made.
System performance and availability is monitored from both internal and external monitoring services.
7.7. Personal Data breach notification
In the event that your data is compromised, Webservices Engineering GmbH will notify you and competent Supervisory Authority(ies) within 72 hours by e-mail with information about the extent of the breach, affected data, any impact on the Webservices Engineering GmbH action plan for measures to secure the data and limit any possible detrimental effect on the data subjects.
"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transferred, stored or otherwise processed in connection with the provision of the Service.
See Webservices Engineering GmbH Declaration at https://online-billing-service.com/cookies for information on the cookies we use.
9. Do we disclose any information to third-parties?
Webservices Engineering GmbH does not sell, trade or otherwise transfer to third-parties any personally identifiable information.
Some trusted partners may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential.
We may also release your information in the following situations:
is appropriate to comply with the law
when we are requested to do so by competent bodies of the state
enforce our site policies
or protect our or others’ rights, property or safety
9.1 Subcontractors/trusted third-parties
In order to offer the services available through the online-billing-service.com site, we collaborate with various subcontractors and reliable partners. From the data provided below, it can be noted that personal data is transferred only to some of them:
Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen, Germany - which provides us cloud services and infrastructure. We store and transfer here data, including personal data.
Tawk.to inc., 187 East Warm Springs Rd, SB119 Las Vegas, NV, 89119, USA - It offers a chat app via tawk.to. The EU-US Privacy Shield certification for this subcontractor can be viewed https://www.privacyshield.gov/participant?id=a2zt00000008SblAAE&status=Active
AppSignal, B.V., Herengracht 504, Amsterdam 1017CB, Netherlands - which provides cloud parameter monitoring and error analysis services. We do not transfer personal data to this partner.
Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA - it provides Google Analytics service. We do not transfer personal data to this partner. Even the visitor's IP address is anonymized before the transfer. The EU-US Privacy Shield certification for this subcontractor can be found here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
SolarWinds Worldwide, LLC, 7171 Southwest Parkway, Bldg 400, Austin, Texas 78735, USA - which provides us log management services through papertrailapp.com. The data transferred to this partner may also contain personal data in an unstructured format, but after a period of 3 days it is deleted from the partner's databases and archived and encrypted using Amazon S3 services with data centers located in Europe. The EU-US Privacy Shield certification for this subcontractor can be found here: https://www.privacyshield.gov/participant?id=a2zt00000008R6bAAE&status=Active
Amazon Web Services, P.O. Box 81226, Seattle, WA 98108, USA - which provides storage services through Amazon S3 and Amazon Cloudfront. The EU-US Privacy Shield certification for this subcontractor can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA - which provides online payment services. The EU-US Privacy Shield certification for this subcontractor can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active
All our subcontractors process personal data must be GDPR compliant. We will monitor maintaining the standards of GDPR by subcontractors and sub-process to ensure data protection requirements. All subcontractors in the United States of America (USA) are certified by EU-US Privacy Shield.
Changes concerning the addition or replacement of subcontractors or partners handling personal data will be announced by updating this document. You have any time the possibility to object to such changes or to terminate the contract with Webservices Engineering GmbH.
9.2 Legally required disclosure
Webservices Engineering GmbH will not disclose the customer’s data to law enforcement except when instructed by you or where it is required by law. Webservices Engineering GmbH strives to limit the disclosure. Webservices Engineering GmbH will only release specific data mandated by the relevant legal demand.
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked websites. Nonetheless, we seek to protect the integrity of our website and welcome any feedback about these websites.
11. Where do we store the information?
11.1 Personal data location
All data is stored in databases and file repositories hosted in Germany, by Hetzner Online GmbH Industriestr. 25, 91710 Gunzenhausen. In the event that we delegate data processing activities to subcontractors in the United States (USA), these subcontractors must be certified according to the EU-US Privacy Shield.
All data is automatically replicated in real time to secondary hot failover databases and file repositories or using automatic multi-replication mechanisms within Multi-Master database clusters with a minimum of 3 instances.
Data stored in file systems or by using Amazon S3 compatible storage services are, also, available in multiple copies, which are automatically made at least one time daily.
Databases are continuously backed up with a retention period of at least 7 days. Backups are stored on physical devices, other than those on which database instances run.
11.2 Installation of software on customer’s systems
No installation of software is required to use the service. The service provided by Webservices Engineering GmbH is accessible through a standard web browser, automatically using an encrypted https-connection for all communications between your browser and Webservices Engineering GmbH IT Infrastructure to protect any data from being intercepted during network transfers.
12. Access, data portability, migration and transfer assistance
You may at any time obtain confirmation from Webservices Engineering GmbH as to whether or not personal data concerning you are being processed.
You may at any time order a complete data copy, which you may transfer to another controller of data. You can issue a request for a complete data copy from the user interface, your data will be automatically delivered by Webservices Engineering GmbH as a ZIP archive, containing one or more XML files. Logical relations between data sets will be preserved as unique identifiers.
13. Request for rectification, restriction or erasure of the personal data
You may at any time obtain, without undue delay, rectification of inaccurate personal data concerning you, as of clause 7.5.
13.2 Restriction of processing personal data
You may at any time request Webservices Engineering GmbH to restrict the processing of personal data when one of the following applies:
if you contest the accuracy of the personal data. The restriction will apply for a limited period within which Webservices Engineering GmbH will verify the accuracy of the personal data
if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
if Webservices Engineering GmbH no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims.
You may, without undue delay, request the erasure of personal data concerning you and Webservices Engineering GmbH shall erase the personal data without undue delay when one of the following applies:
if the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed
if you withdraw your consent on which the processing is based and where there is no other legal basis for the processing
if the personal data has been unlawfully processed
if the personal data has to be erased for compliance with a legal obligation in EU or national law.
Deleting all data associated with your account can be requested by clicking on "Delete Account" from your account details page.
14. Data retention
14.1 Data retention policy
Account data will be retained (due to tax regulations) for up to ten full fiscal years from your cancellation of your service account.
Data entered by you, configuration data and system generated data will be erased when you close, terminate or cancel the service account with a deletion request. To prevent accidentally or unlawful deletions of your data, a human operator will request additional confirmation before the actual deletion of the data will be triggered.
If you close your service account without a deletion request, the data you enter as well as the configuration data, settings and data generated by the system will be retained for up to one year to allow your account to be reactivated later if you decide to do it.
If you close your account without requesting deletion, the data you enter as well as configuration data, settings data and system-generated data will be retained up to one year to allow your account to be reactivated later if you decide to reactivate it.
If your account has been deactivated for non-payment, the data entered by you as well as the configuration data, those regarding the settings and the data generated by the system will be retained for up to one year to allow your account to be reactivated later if you decide to pay the amounts outstanding and reactivate it.
If you have a Free account, the data you enter as well as the configuration data, the settings and data generated by the system will be automatically deleted after a period of five years of inactivity. So if you don't interact with our service for five years in a row and you have a free account, it will be deleted.
14.2 Data restitution and/or deletion
No data except Account Data will be retained after the termination of the contract apart from any invoicing data, if in the contractual relationship were invoices issued to you. Don’t close or delete the account before downloading your data copy, because in this case Webservices Engineering GmbH will not be able to deliver data copy.
15. Account history
Webservices Engineering GmbH uses multiple tools and functions to generate and store history on your account.
You can request the complete history or for a certain period of time of the main actions of your account in tabular format by email at [email protected]
You can also request statements from the detailed logs for a specified period for the purpose of investigation or audit. For preprocessing data necessary for creating these statements, we apply a fee of 100 Euro per working hour.
Webservices Engineering GmbH will cooperate with you in order to ensure compliance with applicable data protection provisions, to enable you to effectively guarantee the exercise of data subjects’ rights (You have the following rights with respect to your personal data: right of access and information, to correction and deletion, blocking, to objection against the processing), to manage incidents including forensic analysis in case of security breach.
17. Terms of service
Please also visit our Terms of Service section establishing the use, disclaimers, and limitations of liability governing the use of our website at https://sandbox.online-billing-service.com/terms-and-conditions .
18. Data processing agreement
Because it is possible for you to manage personal data by using the services of online-billing-service.com , it is necessary to consent to the processing of personal data.
A template for data processing agreement can be downloaded here in PDF format: https://sandbox.online-billing-service.com/data-processing-agreement.pdf . In this agreement you have the role of operator, and Webservices Engineering GmbH has the role of processor.
You can also view, download and accept a personalized agreement with your data and your company after you login in the application, by accessing the link: https://sandbox.online-billing-service.com/account/prepare_agreement/gdpr-dpa
You expressly declare that you understand and accept this data processing agreement.
19. Your consent