Version 2.0, 2024-04-30
Welcome to Briox Finland AB (hereafter "Briox", "we", "us" or "our") personal data processing information. Your privacy is important to us, so we want this page to help you make an informed decision about your relationship with us.
There are three particularly important points we would like to highlight about this document before we go into further detail:
Briox Finland AB, 2440382-4, Teknikvägen 12, 02150 Espoo, is a provider of software for, among other things, bookkeeping, invoicing, orders and archives, hereinafter referred to as the "Services".
Briox is the data controller for the processing of the personal data that you share with us when
The data controller for the processing of personal data in the Services is the "Customer", which is the registered company at Briox, which may be accountants, auditors, small and medium-sized companies and associations. If you are a user (either an employee or contractor of the Customer) and have your own login details for the Services, you are referred to below as a "User". A User also includes the role of "System Administrator", who is the Customer's representative in the Services and is responsible for setting up users and other system administrators, assigning rights and giving instructions to Briox regarding the processing of data, including personal data in the Services.
Briox is the data processor for the processing of your personal data in the Services and is therefore responsible for the organisational and technical security measures described on Briox's website under GDPR and in the general terms and conditions and in the data processing agreement.
The personal data processed varies depending on the type of company you are. Company data may become personal data for a Customer who is a sole proprietorship or a student using Briox programmes during their education. When you order the Services, we collect your contact details and company details. All users have registered contact details, login details and online identifications with us to use the Services.
When registering for our webinars, we need the participant's email address. If you have a question or contact us about any other matter, the amount and type of personal data may vary depending on the communication channel used. Categories of personal data are usually contact details, online identifiers, company details and the case itself as unstructured material, which includes the personal data you have chosen to share with us. A detailed list of what personal data occurs within the different categories, at what times and what legal basis the processing is based on can be found in Annex 1.
Briox collects personal data about you as a user and Customer in order to provide the Services, fulfil our contractual obligations to you, and give you the best possible experience of both the Services and our website.
Personal data is needed to identify you, administer your account, for statistical purposes and for direct marketing (which you can unsubscribe from). The personal data collected when ordering the Services is needed to process the order, invoice and send you login details.
All users' personal data is needed to provide you with access to the Services, to enable you to use the Services, to create a processing history for you as a customer, to identify you and to know which users and customers are using the Services. By using the Services, you authorise Briox to access your camera phone and image gallery to enable you to upload your images to the Services. When you contact us via any of Briox's communication channels, information about you is used to handle the case, to contact you and to help improve our service by saving the case for recurring questions. If you visit the Briox website, you consent to cookies for processing your data.
In the use of certain programmes or functions in the programmes, we may share personal data with subcontractors/sub-processors to Briox both within and outside the EU/EEA. A full overview of recipients and locations for the respective processing of personal data in the Services is available in Appendix 2.
The suppliers have corresponding obligations regarding the processing of personal data that you as a customer have agreed with us and are stated in the Data Processing Agreement. Your data as a customer may be combined with a third party's register to collect more information about you as a customer. For example, data is retrieved from national authorities for company registers. In the event that you as a customer use electronic invoices in the Services, personal data is disclosed to Briox's subcontractor of the service regarding e-invoices. We may need to share personal data with other companies within the group in order to provide the Services and fulfil our obligations to you. We share personal data about users and customers between the companies within the group when you have a case with us, if the information is needed to help you. If you choose to activate an external integration to the account in the Services, we will share the personal data required by that integration partner, which will then take place at your request.
Briox saves personal data about you as a customer if there is a customer relationship or if it is necessary to fulfil the purposes described in this policy. Upon termination of the agreement, Briox will delete or anonymise your data 30 days after termination, unless other national or European law, court or authority says otherwise. Some data is anonymised for statistical purposes.
Your data may be retained based on a legitimate interest if there are security or economic reasons. The data is also stored based on a legitimate interest, where Briox has a legitimate interest in being able to defend legal claims in the event of problems arising.
The length of time your personal data is stored therefore varies depending on the purpose for which it was collected. Data in the Services can be deleted by the system administrator, but in cases where there is no technical function for deletion, such as a series of receipts, your system administrator will need to contact us. Data collected when you contact us will be stored for as long as you are a customer of ours to fulfil our commitment.
Anyone whose personal data is processed has a number of rights under the GDPR. As a Data Controller, Briox has a responsibility to have procedures in place to deal with requests to exercise these rights when someone requests it. Your rights in relation to your personal data are as follows:
Right to information - You have the right to be informed when your personal data is being processed. We do this by providing you with this information and by answering your questions.
Right of access - You have the right to obtain confirmation that we are processing your personal data and to request a copy of your personal data if you want to know what information we hold about you.
Right to rectification - You have the right to have inaccurate personal data rectified. In addition, you have the right to supplement with missing data that is relevant to the purpose of the personal data processing.
Right to erasure - You have the right to have your personal data erased in certain cases. However, this right does not apply if the processing is necessary, for example, to comply with a legal obligation that requires processing, to establish, exercise or defend legal claims, or if the data remain necessary for legitimate interests.
Right to restriction of processing - You have the right to request that the processing of personal data be restricted in certain cases, for example if you contest the accuracy of the data, if the processing is unlawful, if the data is no longer needed for the purposes but you need it to establish, exercise or defend legal claims. The right also applies pending verification of which party's grounds prevail, if you have objected to processing (see below).
Right to object - You have the right to object to personal data processing that we carry out as part of our legitimate interest. If you object to such processing, we may only continue to process the data if we demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.
Right to data portability - Where we process personal data based on your consent or to fulfil a contract, you have the right to obtain and use your personal data elsewhere.
Right to object to automated decision-making - You have the right, in certain cases, not to be subject to automated decision-making that produces legal effects or similarly significantly affects you. Briox does not currently have any processing operations that fall under this right.
Right to withdraw consent - Where the processing of your personal data is based on your consent, you have the right to withdraw that consent. We will then cease to process the personal data processed based on your consent. Briox uses consent for non-essential cookies on the website and to enable you to upload your images in the Briox Scanner App via access to your camera phone and image gallery.
Right to lodge a complaint - You have the right to lodge a complaint with the national supervisory authority, which is the supervisory authority for our personal data processing. We hope that you will contact us first, so that we have a chance to try to rectify any problems. Please contact us at: info@briox.fi.
If you have any questions about this policy and the processing of your personal data, or wish to delete or amend incorrect data, you can contact us by sending an email to info@briox.fi.
Fulfil customer agreement
Purpose: To draw up and conclude contracts for the services offered and make them available to you as a customer.To invoice you.To document and follow up the contractual relationship and invoicing.To communicate with you.
Personal data: First and last name, email address, company name, business ID, phone number, address details, country, login details, customer number, images, correspondence between us, technical information about how you have interacted via email and web, IP address and browser settings.
Legal basis: The processing is necessary to fulfil Briox's need to perform the agreed service, manage the customer relationship and improve the customer offering.
Retention time: Personal data is stored for the duration of the contract and 30 days after the end of the customer relationship.
Recipients: Data processors and sub-processors for the management of our systems. Authorities to which Briox is obliged to disclose personal data, either on an ongoing basis or upon request, such as the Tax Agency.
Customer contacts potential and existing customers
Purpose:To develop and maintain business relationships with new and existing customers.To handle enquiries, such as questions about our services/products.
Personal data:First and last name, email address, company name, business ID, phone number, address details, professional title, correspondence between us, technical information about how you have interacted via email and web as well as IP address, browser settings and timestamp.
Legal basis: We process the data based on a balance of interests and Briox's legitimate interest in providing events and webinars to inform and promote our business. If you want to know more about how we made this balance of interests, please contact us.
Retention time: Personal data is stored for the duration of the business relationship, but personal data that is no longer relevant is deleted frequently or when you indicate that you do not wish to be contacted or otherwise want your data deleted. Personal data in customer relationships is stored for the duration of the contract and 30 days after the end of the customer relationship.
Recipients: Data processors and sub-processors for managing our systems.
Organising events, webinars and training
Purpose: To receive registrations, plan and organise events, webinars and training
Personal data: First and last name, e-mail address, company name, telephone, occupational title.
Legal basis: We process the data based on a balance of interests and Briox's legitimate interest in providing events and webinars to inform and promote our business.
We process photographs and films to inform and promote our business on our website, in printed products and in social media. We process the data based on a balance of interests and Briox's legitimate interest in marketing its business. If you want to know more about how we have made this balance of interests, you can contact us.
Retention time: Personal data is stored from the time you register until the event, seminar or training has been completed. Personal data that is no longer relevant is deleted frequently or when you indicate that you do not wish to be contacted or otherwise want your data deleted. Films and/or photographs may be processed for a period of three (3) years after the event or seminar.
Recipients: Data processors and sub-processors for managing our systems.
Management of accounting and taxes
Purpose:To manage financial transactions in bookkeeping and accounting, for example, administering invoices, payments and accounting for taxes.
Personal data:First and last name, e-mail address, address, company name, telephone number and billing details.
Legal basis: The processing is necessary to fulfil the requirements of the Accounting Act and the Value Added Tax Act. We process personal data on the basis of a legal obligation.
Retention time: The personal data is stored for 7 years after the data was created or for as long as there is an obligation to keep records.
Recipients: Data processors and sub-processors for the management of our systems. Authorities to which Briox is obliged to disclose personal data, either on an ongoing basis or upon request, such as the Swedish Tax Agency.
Establishing, asserting and exercising/defending ourselves against legal claims
Purpose:To establish, enforce and exercise/defend ourselves against legal claims.
Personal data:First and last name, e-mail address, address, company name, telephone number and billing details.
Legal basis: We process the data based on a balance of interests and Briox's legitimate interest in being able to establish, assert and exercise legal claims. If you want to know more about how we made this balance of interests, please contact us.
Retention time: Personal data is stored for as long as necessary to fulfil our interest in establishing, exercising and enforcing legal claims, for example under statutory limitation periods.
Recipients: Data processors and sub-processors for the management of our systems. Authorities that Briox is obliged to disclose personal data to, either on an ongoing basis or upon request, such as the Police and other law enforcement authorities.
Subcontractors/sub-processors for the processing of personal data