If you are a job applicant, read our Privacy Notice for Job Applicants.

Fonoa Technologies Limited, 6th Floor, South Bank House,
Barrow Street, Dublin 4, D04TR29, Ireland (further: “Fonoa”, “company”, “we”, “us”, or “our”) respects and protects the privacy and personal data of users of our services, business partners and any other persons whose personal data we might collect and process during our everyday business activities.

This Privacy Notice explains who we are, the purpose and basis for that processing, whether you have to provide the data to us, how long we store your data, whether we share your personal data with anybody or intend to transfer it to another country, how we secure your personal data and which rights you have regarding the processing of your data, as provided under the European Union’s General Data Protection Regulation (GDPR). GDPR is in force since 25 May 2018.

This Privacy Notice applies to all personal data which we collect, use or in any other way process if you are a user of our services, visitor of our website or if you otherwise communicate. For the purpose of this Privacy Notice, and in accordance with the GDPR:

• “personal data” means any information relating to a natural person which is identified or can be identified, directly or indirectly;
• “processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This Privacy Notice is layered so that you can easily find the information you need by selecting a section which you are interested in. It has been drafted in various languages so that you can understand it more easily. However, in case of any inconsistencies between different languages, the English version will prevail.

Who are we?

Fonoa provides a one stop shop for tax automation worldwide, all from one platform in dozens of countries around the world.

Within the meaning of the GDPR, we act as the controller for the processing of your personal data specified in this Privacy Notice. You can contact us by using our contact details:

Fonoa Technologies Limited

6th Floor, South Bank House, Barrow Street,

Dublin D04 TR29, Ireland

E: gdpr@fonoa.com

When and why do we collect your personal data?

1. Users of our services

If you are a user of our services, we collect and process your personal data in order to provide the service to you. The scope of personal data that we process is strictly limited to personal data necessary to serve your needs (for example, to process your transactions and communications with us) or to meet legal and regulatory requirements (in particular where we are required to collect or deliver certain information to tax authorities).

Depending on particular industries and requirements of each specific market, your information which we process may be collected either from platform providers which you collaborate with in providing services to end customers or directly from you, when you input it into our system.

We may also use your personal data to send you news and other relevant information about our service or in order to improve the quality of the service, to solve problems detected within the service and to develop better features.

Issuing invoices to end customers

Also, depending on the country and industry where we provide our service, there is a possibility that end customers of our users can request to issue them a special invoice addressed to a company or other business entity. The personal data of end customers which they themselves provide to us by directly filling out the relevant form will only be used for the purpose of issuing such invoices and delivering them to end customers.

2. Visitors to our website

We may collect your personal data if you are a visitor to our website. While this information does not in principle reveal your specific identity (your name or contact details), it may include personally identifiable information, which is primarily needed to maintain the security and operation of our website and for our internal analytics and reporting purposes.

Additionally, we also process your personal data if you contact us through the contact form available on our website or if you send us a direct message by other means.

Direct inquiries

Through our website, you can also get in touch with us and send us a query you might have with regard to our services. For this purpose, a contact form is available. In order to reply to your query, we collect personal data which you decide to disclose.

Similarly, we collect the personal data which you send when directly contacting us by other means, e.g. by sending us an e-mail.

Cookies

Like many businesses, we may also collect information through cookies and similar technologies, which help us to improve our website, to better understand our visitors and their behaviour. Cookies are small text files placed on a visitor’s device to collect internet log information. They are widely used by website owners in order to make their websites work, or work more efficiently, as well as to provide reporting information. For more information, please see our Cookies Policy, which includes details on how to control or opt out of these technologies.

3. Users of our dashboard

If you are registering as a user of the Fonoa Dashboard (for example, to access Lookup Lite), we need to collect some information about you so that we can create your account. We need this information to:

be able to identify users accessing our products through the Fonoa Dashboard; keep track of your usage of products made available to the customer on whose behalf you are accessing the Fonoa Dashboard, as it may affect the relevant subscription and pricing plan; meet our standard security procedures. ‍

4. Newsletters

When you subscribe to our newsletter you will provide certain personal data which will only be used for that specific purpose. If you were a previous user of our services or have shown interest in our services or starting a career in Fonoa, we may send you a newsletter as well.

5. Social media

We have an official account on Facebook, LinkedIn, Twitter and Crunchbase. This means we will have access to some of your personal data if you are our social media contact, but this is limited to such data which you decide to make available by sending us a message or otherwise connecting with us. We use your personal data collected through our social media accounts, for example, to solve your requests when you send us a direct message or to notify you about recent developments regarding our business activities.

What information do we collect about you?

1. Users of our services

We collect your personal data required to provide you our services (such as information needed to set up your user account) and information provided in the course of your use of our service. The personal data we collect may be categorized as follows:

1. personal contact details, such as your name, address, phone number and e-mail;
2. any contact details which may be required to access our service, such as your login name and password;
3. the details of the service you provide to your end customers, so that it can be specified on the invoice which we issue for you;
4. your tax number;
5. the relevant payment or banking information;
6. any information which may be required under applicable law regarding issuing of invoices and delivery of relevant information to tax or other authorities;
7. any other information which may be necessary to perform our services (such as fiscal certificates or login credentials to access tax authority portals).

Issuing invoices to end customers

If you are a customer of our users and request us to issue a special invoice for business purposes, we collect your personal data required for this purpose i.e. name, address and relevant tax number and information relating to the service provided to you.

The scope of personal data we process results from your local invoicing legislation and the nature of the service provided by our users to you as the end customer.

Processing of personal data in this manner only occurs where the relevant information relates to the end customer as an individual (where details of an end customers’ company or other business entity coincide with their personal details).

2. Visitors to our website

If you are visiting our website, it is usually the case that we are not aware of your specific identity. We only collect information of a technical nature, which your browser will automatically transfer to our server while you are browsing through our website.

The data which we collect in this process includes the following:

1. date and time of access;
2. the part of our website which you accessed;
3. information on the browser and operating system used;
4. where applicable, information on any errors which occur (where requested content cannot be displayed);
5. the last website you accessed which redirected you to our website.

Direct inquiries

Further, if you send us a query through our contact form or by directly contacting us by other means, we will collect your name, e-mail address and personal data which you disclose in the message you send us.

Cookies

For more information, please see our Cookies Policy, which includes details on which information we collect and how to control or opt out of these technologies.

3. Users of our dashboard

If you wish to create an account to access our products through the Fonoa Dashboard (such as Lookup Lite), you will be asked to provide your name, e-mail address which you will use as your username and information on your corporate affiliation (i.e., our customer on whose behalf you will be using our products).

You will also be asked to set up a password to access your account. Please make sure to use your password in accordance with any applicable terms of service. In particular, do not disclose your password to anyone else and notify us immediately if you become aware of unauthorised use of your account.

4. Newsletters

When you subscribe to our newsletter, we only collect your personal contact details necessary for this purpose, such as your name and e-mail.

5. Social media

If you are one of our social media contacts, we collect and process personal information which you publish or otherwise make available to us through these accounts such as your first and last name, comments, likes or other reactions and membership in certain groups.

If you send us a direct message through one of our social media accounts, we will collect your contact details (such as your first and last name) and other personal data which you disclose in the message you send us.

What is the legal basis?

1. Users of our services

If you are a user of our services, your personal data is necessary so that we can provide the service to you.

The scope of personal data which we process results from:

1. your local invoicing legislation which may specify certain types of information as mandatory for invoices; and
2. the nature of the service you provide to your end customers, so that they can be identified in the invoice.

Different jurisdictions may have different rules on invoicing and accounting, which results in different obligations towards tax authorities and, in some cases, the applicable data retention periods if we are required to archive your invoices for a certain period of time. Therefore, this necessarily affects the scope of our processing of your personal data.

We undertake our best efforts to ensure that the scope of processing is limited to what is necessary for the performance of the contract between you as user and Fonoa as your service provider. In this sense, you are required to provide us the requested information if you would like to use our invoicing service.

In addition, in some countries, where due to local invoicing legislation and the nature of our service we are required to retain your invoices for a prescribed period of time, such processing is necessary for compliance with legal obligations.

Occasionally, we may also contact you with information about our service or process personal data in order to improve the quality of the service, to solve problems detected within the service and to develop better features. We base this processing on our legitimate interest to keep you informed about our service and to regularly improve it.

Issuing invoices to end customers

If you are a customer of our users and request us to issue a special invoice for business purposes, we collect and process the personal data which is required under applicable law in order to issue you an invoice. In addition, such processing of your personal data is also based on your consent.

2. Visitors to our website

The information we collect about you while you are browsing through our website is processed for the purpose of our legitimate interests, i.e. providing a website for information and use, its maintenance and improvement.

However, we rely on your consent when we store analytics and customization cookies, which help us understand how our website is being used or how affective our marketing campaigns are or to help us customize our website for you.

We also rely on your consent for processing of the personal data you disclose through our contact form or by directly contacting us by other means.

However, depending on the nature of a query, other legal bases might also apply e.g. processing of the information may also be needed prior to entering into a contract with you.

3. Users of our dashboard

When you create an account to access our products available through the Fonoa Dashboard (for example, Lookup Lite), we collect limited information about you. This is necessary to provide the agreed service to our customer, on whose behalf you are accessing the Fonoa Dashboard.

We consider that Fonoa has a legitimate interest in processing this information, as we need to be able to identify those accessing and using the Fonoa Dashboard and to track usage in order to apply the correct subscription and pricing plan. Collecting such data is also necessary to meet standard security procedures and ensure reliability and operability of our services.

4. Newsletter

When you subscribe to our newsletter, the basis for the processing is your consent.

However, we may also send you a newsletter if you were a previous user of our services or if you have shown interest in our services or starting a career in Fonoa. In that case, the processing is based on our legitimate interest.

You may withdraw your consent or object to the processing based on our legitimate interest at any time by simply unsubscribing at the bottom of the newsletter e-mail or by sending us an e-mail to gdpr@fonoa.com.

5. Social media

If your personal data is public or sent to us directly through social media accounts, you consent to our processing of your personal data for the purpose of connecting with us or responding to a request or query. You may withdraw consent at any time by contacting us or using the options available in your social media account, as applicable.

How long do we keep your personal data?

How long we keep the information we collect about you depends on the type of information. In principle, we will only keep your personal information while it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law.

For example, if you are a user of our invoicing service, we store your personal data needed to set up your account with Fonoa and use our services for as long as you have an active account, unless you otherwise instruct us to destroy it. However, the issued invoices are stored for up to 18 months only, unless in your jurisdiction the nature of our service and the local invoicing legislation require us to retain it for a longer period. If you have an obligation under your local laws or regulation to store the issued invoices, we strongly encourage you to take steps to download and secure their archival for your own compliance needs. Although we do store them for a limited period, such storage may not meet the specific legal requirements applicable to you.

Upon deactivation of your account with Fonoa, except as otherwise agreed or unless required under the law of your jurisdiction, all of your personal data will be deleted. Please refer to Terms of Service applicable to you to confirm how and within which period you can request a back-up of the issued invoices.

Do we share your personal data with anyone?

We do not sell your personal data to third parties in any circumstances whatsoever.

However, we may share your personal data with our reliable partners in the following cases:

1. sub-contractors who assist us in providing our services (e.g. software developers, who also maintain our invoicing software and who assist us in resolving queries we may receive from you);
2. providers of cloud computing services, which we need to collaborate with in order to store and be able to access the collected data;
3. platform providers which you collaborate with in providing services to end customers;
4. when we use the services of providers of various information society services, e.g. tools for communication and project management.

In certain circumstances, we also share your personal data with public authorities. For example, if you are a user of our invoicing service, we deliver the invoices to the relevant tax authorities. It is also possible that public authorities (e.g. courts) will require us to disclose personal data. In such a case, we will have a legal obligation to do so, but any such disclosure will be limited to the data which must be disclosed in order to comply.

Besides that, we may share your personal data with other third parties as necessary to enforce our Terms of Service, user agreements or other policies. Such disclosure may be carried out to enforce a legal claim or resolve a dispute regarding the use of our services, as well as to protect Fonoa’s other rights and properties.

Transfer of personal data outside the EU/EEA

We do not usually share your personal data with any third parties located outside the EU/EEA. However, some of our service providers might operate in countries outside this territory. When such service providers provide services to us, we may need to transfer some personal data outside the EU/EEA. Nevertheless, in these cases, our service providers have committed themselves to safeguards that are required by European data protection laws to provide adequate level of data protection (such as, for example, by applying standard contractual clauses for processors in third countries).

How do we protect your personal data?

We use a variety of technical and organizational measures to protect your personal data from unauthorized access or disclosure, alteration, loss, theft and any other breach. These measures, among others, include:

we do not store any hard copies of documents with your personal data in our offices or any other premises; all communication is using HTTPS with TLS/SSL certificate; we are always working on solution hardening through code reviews, pen-tests conducted according to PCI DSS methodology and compliance checks; our product is screened for common vulnerabilities; appropriate certificates and/or credentials are used for secure and confidential API integration; our team monitors our servers, applications and all API connections in real-time and any irregularity would be immediately detected and handled. Also, your information can only be accessed by our employees who need it to do their job or by our reliable partners who provide certain IT services to us (e.g. software maintenance and providers of cloud computing services). In each of those cases, we make sure that persons who have access to or otherwise process your personal data are subject to confidentiality obligations and process your personal data strictly in accordance with our instructions.

We are very proud to announce that we are ISO 27001 and ISO 27017 certified.

What are your rights?

Under the GDPR you, as an individual, have certain rights, depending on our reason for processing of your personal data:

1. Your right of access

You have the right to request from us a confirmation whether we process any of your data, and where that is the case, you can access that data and the information regarding the purpose of the processing, the categories of personal data concerned and rest of the information concerning that processing. Based on this right, you have the right to ask us for copies of your personal data.

2. Your right to rectification

If you notice that we have some incomplete or incorrect data, you can request from us to complete or correct it. This right always applies.

However, if you are a user of our invoicing service, in some countries you may be able to login to your account and complete/correct it yourself. If this option is available, we strongly advise you to keep your personal data accurate at all times. However, if this option is not available in your country, you can request from us to complete or correct it by contacting us. You can find our contact details in the section “How can you contact us” below.

3. Your right to erasure

Under certain circumstances you have the right to ask us to erase your personal data. For example, if you think that we no longer need your data for the original reason we collected or used it for, or you initially consented to us using your data, but have now withdrawn your consent, or you have objected to the use of your data for direct marketing purposes, or if you think that we have a legal obligation to erase your data.

However, please bear in mind that this is not an absolute right and that sometimes we will not be able to comply with your request. For example, if we have an overriding legitimate interest for the processing or where due to legal obligations, we must keep your data for a certain period.

4. Your right to restriction of processing

Under certain circumstances, if you are concerned about the accuracy of the data or how it is being used you have the right to ask us to restrict the processing of your information.

5. Your right to object to processing

You have a right to object to the processing of your personal data which is based on our legitimate interest (for example, such as the processing for the purpose of promotion or sales, or for statistical purposes).

6. Your right to data portability

When the processing is based on your consent or required for the performance of a contract and when the processing is automated you have the right to ask that we transfer your data to another organization in a structured, commonly used and machine-readable format.

This only applies to the personal data you directly provided to us.

7. Your right to withdraw consent at any time

If the processing of personal data is based on your consent, you may at any time withdraw your consent and, in that case, we will no longer process your personal data for this purpose. However, withdrawal of consent will not affect the legality of the consent-based processing prior to its withdrawal.

8. Your right to file a complaint to a supervisory authority

Lastly, if you think that the processing of personal data carried out by us is not compliant with GDPR, you have the right to file a complaint to the competent supervisory authority – in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

In Ireland, the supervisory authority is the Irish Data Protection Commission, whose website may be found at https://www.dataprotection.ie.

However, without prejudice to your right to file a complaint to a supervisory authority, in case you are unsatisfied with our processing, we encourage you to first contact us to see if we may mutually resolve the issue. You can find our contact details in the section “How can you contact us?”

How can you contact us?

If you have any questions regarding this Privacy Notice or if you wish to exercise one of your GDPR rights stated above in section “What are your rights?”, feel free to contact us by sending an e-mail to: gdpr@fonoa.com or by post to:

Fonoa Technologies Limited

Ground Floor, 71 Lower Baggot Street, Co. Dublin

Dublin, D02 P593, Ireland

When you contact us to exercise one of your GDPR rights, we might ask for additional information from you for the purpose of a reliable identification. If we cannot reliably identify you, please bear in mind that we can decline any request you make.

We will try to provide you the information you request within fifteen days of the receipt of your request.

Please note that this Privacy Notice primarily covers data processing in cases where we act as data controllers. Due to the nature of our services, we also act as data processors for third-parties (our clients) as data controllers. In such cases, we are generally required to refrain from addressing your privacy requests except as instructed by the data controllers. Nevertheless, should you direct your query to us, we will immediately notify your data controller and provide all necessary assistance in responding.

Governing law and jurisdiction

To the extent permitted by GDPR, Irish law applies to this Privacy Notice and all related matters. You agree to exclusive jurisdiction of Irish courts for any disputes which may arise regarding our use of your personal data.

Changes to privacy policy

Fonoa Technologies Ltd. reserves the right to change or update this Privacy Notice at any time and, in particular, when we find it appropriate or necessary to remain complaint with relevant laws.

If there is a substantive change to the Privacy Notice, we will notify you of it by various means - for example, by using a banner, pop-up or push notification or send you an e-mail, so you can review it and decide whether you perhaps want to object to it.

Also, if we want to further process your data for a different purpose and the processing is based on your consent, we will first notify you and ask for your consent again for that new purpose.

Last updated and effective as of: 18 February 2021