1. Service provider and responsible person in terms of the GDPR

Responsible provider of the BillMore application in terms of data protection law is:

S17 Software UG (haftungsbeschränkt)
Kolpingstraße 14
73433 Aalen
Register Court: HRB 735402, Ulm
VAT ID: DE313425388
CEO: Steffen Keller

Phone: +49 7361 9992490

The provider is currently not obliged to appoint a data protection officer. You can reach our contact person for data protection matters at datenschutz@billmore.de, or by mail to the above address with the address suffix "Data Protection".

2. Information on the collection of personal data

(1) In addition to our online offering, we provide you with a mobile app that you can download to your (mobile) device (iOS, Android) and a web app that you can access via your browser. Below we provide information on the collection of personal data when using our app. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behavior.

(2) When you contact us by e-mail or via a contact form, we will store your e-mail address and, if you have provided it, your name and telephone number to answer your questions. We delete the data arising in this context after storage is no longer necessary or - in the case of legal storage obligations - restrict processing.

(3) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.

(4) In addition to the purely informational use of the App, we offer various services which you can use if you are interested. For this purpose, you usually have to provide additional personal data which we use to provide the respective service and to which the aforementioned data processing principles apply/

(5) In some cases we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.

3. Your rights

(1) You have the following rights with respect to the personal data concerning you:

• Right of information,
• Right of correction or deletion,
• Right to limit processing,
• Right to object to the processing,
• Right of data transferability.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data in our company.

4. Collection of personal data when using our app

(1) When downloading the mobile app, the required information is transferred to the respective app store of your device operating system, i.e. in particular user name, e-mail address and customer number of your account, time of download, payment information and the individual device ID number. We have no influence on this data collection and are not responsible for it. We process the data only to the extent necessary for downloading the mobile app to your mobile device.

(2) When using the app, we collect the personal data described below to enable convenient use of the functions. If you would like to use our app, we collect the following data, which is technically necessary for us to offer you the functions of our app and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR):

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (concrete page)
• Access Status/HTTP Status Code
• Amount of data transferred in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.

(3) Furthermore, we require your device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile end device, e-mail address.

(4) In addition to the above-mentioned data, cookies are stored on your end device when you use our app. Cookies are small text files that are stored in the device memory of your device and assigned to the app you are using. Cookies allow certain information to flow to the party that sets the cookie (in this case: us). Cookies cannot execute programs or transfer viruses to your device. They serve to make apps more user-friendly and effective overall.

1. a) This app uses the following types of cookies, the scope and functionality of which are explained below:
• Transient cookies (see b)
• Persistent cookies (see c).
2. b) Transient cookies are automatically deleted when you close our app. This includes in particular the session cookies. These store a so-called session ID, which can be used to assign various requests to your app. This allows your device to be recognized when you use our app again. The session cookies are deleted when you log out or close the app.
3. c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can configure the settings of your operating system and app to your liking and, for example,  B. refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all features of our app.

When using the app, we use a comparable technology in its function instead of cookies.

5. Use your address book, calendar, photos and reminders

(1) When you use certain functions of our app for the first time, we will ask you in a pop-up for permission to use your camera, your photos or your address book. If you do not grant permission, we will not use these data. In this case you may not be able to use all functions of our app. You can later grant or revoke the permission in the app or operating system settings.

(2) If you allow access to this data, the app will only access your data and transfer it to our server to the extent necessary to provide the functionality. We will treat your data confidentially and delete it if you revoke the rights of use or if it is no longer required for the provision of services and if there is no legal obligation to retain it. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) GDPR.

6. Use of Google Analytics

(1) This app uses Google Analytics, a web analytics service provided by Google Ireland Ltd. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this app is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this app, Google will use this information for the purpose of evaluating your use of the app, compiling reports on app activity and providing other services relating to your use of the app and internet to the website operator.

(2) The IP address transmitted by your App within the framework of Google Analytics is not merged with other data from Google.

(3) The use of Google Analytics is voluntary and serves to improve our offers. The function can be activated or deactivated in the app's settings under "Settings - Usage data" via an opt-in switch.

(4) The app uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded and the personal data is deleted immediately.

5) We use Google Analytics to analyze the use of our App and to improve it regularly. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored at Google, the level of protection can be increased by agreeing on order processing contracts with standard data protection clauses in accordance with Art. 46 Para. 2 Letter. c) GDPR. We have concluded a corresponding contract with Google. The legal basis for the use of Google Analytics is your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR.

(6) Third Party Information: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms and Conditions of Use: http://www.google.com/analytics/terms/de.html, Privacy Policy: http://www.google.com/intl/de/analytics/learn/privacy.html, and the Privacy Policy: http://www.google.de/intl/de/policies/privacy.

(8) The stored usage transactions will be deleted by Google after 12 months at the latest.

7. Storage of data and documents

(1) If you use the version Cloud Invoicing (incl. trial version), all data you enter, in particular address data of third parties (e.g. address, telephone number, fax number, company data, order data, contract data, etc.) will be deleted. of your customer) will be stored in a database controlled by us at the provider MongoDB (see clause 10).

Documents created with the application (e.g. invoices, quotations, delivery bills, etc.) and images (e.g. your company logo) are encrypted and stored on Google Firebase (Google cloud platform) servers.

(2) Information provided by the third party provider Google: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: https://firebase.google.com/terms, overview of data protection: https://firebase.google.com/terms/data-processing-terms, as well as the Google privacy policy: http://www.google.de/intl/de/policies/privacy, Google-Firebase privacy agreement: https://firebase.google.com/terms/data-processing-terms?hl=de. We use Google Firebase to ensure reliable availability of your created documents and availability by way of fulfilling the contractual service owed. For the exceptional cases in which personal data is transferred to the USA to Google LLC with its registered office in California, USA, and, if necessary, US authorities can access the data stored at Google, the level of protection can be increased by agreeing on contract processing contracts with standard data protection clauses in accordance with Art. 46, Paragraph 2, Letter. c) GDPR. We have concluded a corresponding contract with Google. The legal basis for processing using Google-Firebase is Art. 6 para. 1 sentence 1 lit. b) GDPR, as well as Art. 49 para. 1 sentence 1 lit. b) GDPR. The use of Google Firebase is necessary for the performance of the contract for the reliable provision of the online services.

(3) As far as we act in connection with the services to be rendered by us in the sense of commissioned data processing according to article 28 EU-DSVGO, i.e. we process personal data, for which you are responsible in the sense of data protection law, on your behalf and in accordance with your instructions, the legal regulations for commissioned data processing apply between S17 Software and you. In this respect, reference is made to the conditions of a contract for the processing of personal data to be agreed upon separately between S17 Software and the customer.

(4) If you use the no longer offered to new customers version Offline Invoicing, all data entered by you, in particular address data of third parties (e.g. address telephone number, fax number, company-related data, order data, contract data of your customer) and documents created with it are only stored locally on the device memory. If you create complete backups with all data stored on the device by the App using the integrated backup function, these backups are individually encrypted and can only be restored with the App if you know the password you have assigned to the backup file. The encrypted backup is stored by us on servers of Amazon Web Services (see item 11) or within the framework of Google Firebase (Google Cloud Platform). We have concluded corresponding contract processing agreements with the service providers. The data is stored exclusively on servers within the EU. A user account (see clause 9) is required to store the backup.

8. Automated sending of e-mails

We use the service provider Mailgun Technologies Inc. to send our automatically generated information e-mails, such as account confirmation or to reset the corresponding password. In this respect, the e-mail address you provide in the context of user account management, as well as possibly your name, will be passed on to the provider by way of order data processing.

Third Party Information: Mailgun Technologies, Inc, 548 Market St #43099, San Francisco, California 94104 USA, Tel. (210) 464-8320, Terms and Conditions: https://www.mailgun.com/terms/, Privacy Policy: https://www.mailgun.com/privacy-policy/, and additional information on the processing of order data by the provider https://www.mailgun.com/gdpr/. We use Mailgun in order to guarantee you reliable account management by way of fulfilling the contractually owed services. When sending e-mail via Mailgun, the EU region is used, so that messages and linked metadata remain within the EU. For the exceptional cases in which personal data is transferred to Mailgun in the USA and, if necessary, US authorities can access the data stored with the provider, we have concluded a contract for commissioned data processing with the provider on the basis of the EU standard data protection clauses in accordance with Art. 46 Para. 2 Letter. c) GDPR concluded. The legal basis for the use of Mailgun is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

9. User account

(1) If you wish to use our application, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order and for the allocation of your stored data. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to fulfil your order. For this purpose, we may forward your payment data to our bank or to the respective payment service provider. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) GDPR.

Information about your user account (e-mail address, customer name, company name, address) is stored in a database controlled by us at the provider MongoDB (see paragraph 10).

(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after two years we will restrict the processing, i.e.  h. Your data will only be used to comply with the legal obligations.

(3) To prevent unauthorized access to your personal data by third parties, especially financial data, the ordering process is encrypted using TLS technology.

10. Use of MongoDB

As a central database we use the services of MongoDB Ltd. to provide technically error-free and highly available services. The data is stored on servers at Amazon Web Services in the data center in Frankfurt near MongoDB, while the database is technically managed by MongoDB Inc.

Third party information: MongoDB Ltd. 3 Shelbourne Building, Crampton Avenue Ballsbridge, Dublin 4, Ireland. Tel. +35319014654; Terms of Use: https://www.mongodb.com/cloud-terms-and-conditions, Privacy Policy: https://www.mongodb.com/legal/privacy-policy.

For the exceptional cases in which personal data is transferred from MongoDB to third countries and, if necessary, authorities could access the data stored with the provider, we have concluded a contract for commissioned data processing with the provider to ensure the appropriate level of protection. In addition, the Provider warrants that it will enter into contracts with its subcontractors in non-European foreign countries on the basis of the EU standard data protection clauses pursuant to Art. 46 (2) Letter. c) GDPR in order to guarantee the level of protection.

The legal basis for the processing is Art. 6 para. 1 sent. 1 lit. b) GDPR and for the use of MongoDB with the involvement of subcontractors by MongoDB Art. 49 para. 1 sent. 1 lit. b) GDPR. The use of MongoDB is necessary for the performance of the contract for the reliable provision of online services.

11. Use of Amazon Web Services (AWS)

As a central server for communication between the app and the databases we use the services of Amazon Web Services EMEA SARL. For the provision of technically error-free and highly available services, the use is required. The data is stored on servers at Amazon Web Services in the data center in Frankfurt, while the server is managed by us.

Third Party Information: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg, Fax: + 352 2789 0057; Terms of Use: https://aws.amazon.com/de/agreement/, Privacy Policy: https://aws.amazon.com/de/privacy/.

For the exceptional cases in which personal data is transferred from Amazon to third countries and, if necessary, authorities could access the data stored with the provider, we have concluded a contract for commissioned data processing with the provider to ensure an appropriate level of protection. In addition, the provider assures that it will conclude contracts with its subcontractors in non-European foreign countries on the basis of the EU standard data protection clauses in accordance with Art. 46 Para. 2 Letter. c) GDPR in order to guarantee the level of protection.

The legal basis for processing is Art. 6 Para. 1 S. 1 lit. b) GDPR and for the use of Amazon AWS with the involvement of subcontractors by Amazon in accordance with Art. 49 Para. 1 S. 1 lit. b) GDPR. The use of AWS is required for the fulfilment of the contract for the provision of a secure and highly available online service.

12. Objection or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you can revoke it at any time for the future. Such revocation will affect the permissibility of processing your personal data after you have given it to us. You can manage the respective consent via the application settings and revoke your consent at any time with effect for the future.

(2) Insofar as we base the processing of your personal data on the weighing of interests (Art. 6 para. 1 lit. f) GDPR), you may object to the processing. This is the case if the processing is in particular not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. In the event of such an objection, we request that you explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising by using the settings function within the app.

Contacting us

If you have any questions about this privacy policy, you can contact us by e-mail at datenschutz@billmore.de.