EpicSign

    Epic Invoicing Oy

    Privacy Policy

    Combined data file description and information document in accordance with applicable personal data protection legislation, including the EU General Data Protection Regulation (GDPR).

    Data controller

    Epic Invoicing Oy
    Email: support@eemel.fi

    Name of the register

    Epic Invoicing Oy customer register.

    Purpose of the register

    Company information is processed in order to operate the invoicing software, deliver related services, and manage and develop customer relationships. Company information may also be used to identify and verify data subjects, for risk management, and to fulfil obligations based on law or instructions issued by authorities.

    Data subjects

    The data subject is a person or company that has, has had, or may have a customer relationship with the data controller, or is registered due to a statutory obligation.

    Data content of the register

    Basic user data, such as:

    • Name
    • Business ID
    • Contact persons
    • VAT registration status
    • Email addresses
    • Mobile phone numbers
    • Product in use

    Other information received in connection with the use of the service and any data required to comply with legal obligations.

    Regular disclosure of data

    Data may be disclosed to authorities to enable the exercise of statutory rights of access. Otherwise, data is only disclosed with the consent or authorisation of the data subject.

    Regular sources of personal data

    Data is collected from the data subject themselves, from associations, companies, or from authorities' information systems.

    Transfer of data outside the EU or the European Economic Area

    Data is not transferred outside the EEA, except in cases where a supplier's personnel located outside the EEA, or third parties, need the data to provide the service. When such transfers occur, we ensure that data protection complies with applicable legislation.

    Principles of register protection

    The use of the register is strictly governed by internal instructions, and user identification and access rights are carefully monitored. Data is protected using appropriate technical and organisational measures.

    Right of access and how to exercise it

    Every data subject has the right to access their own data. The right of access is free of charge if more than one year has passed since the previous request. The request must be submitted to the data controller in a personally signed or verified document, or in person.

    Correction of data and how it is carried out

    The data controller will correct incorrect, unnecessary, incomplete or outdated data without undue delay at the request of the data subject.