This privacy notice explains how Marla International LLC (“we”) processes your data. It explains what personal data we collect, how we use it, who we share it with and how long we retain it. Please read it carefully, as it specifies which rights you have and how you can exercise your rights.
There are two software applications that you can use with the service, EasyBooks and EasyInvoice. We also refer to them collectively here as “the apps”.
We take data protection and your privacy very seriously. So, we’ve decided to make a promise about for what purposes we’ll use the data you provide to the app. You consent to us processing the types of personal data set out in our privacy notice to provide the app to you.
We will only process your personal information for the purposes set out in our privacy notice. Should this change, we will ask your consent for any additional processing we need to.
We think the term process is a little misleading for what we’re doing, but the term is widely used in the EU’s General Data Protection Regulation (GDPR). In plain English, we collect and store your email address to identify you as an account holder. If you forget your password, we can email you with a link to reset it. We will also email you about your account from time to time, for example, if there’s a problem with your account.
Our role as a Data Processor is limited to storing your bookkeeping database; we do not access the data you store in our service unless you request us to do so, and only then to solve an issue you have raised via our Support Services. We would never extract or use data you have entered on the App about your customers and suppliers.
If at some point you do not want us to “process” this personal data, you can contact us via the support link on the website. You should be aware that we will not be able to provide the app to you without your permission to store your email address. You can also delete your account if you want to (see later).
Running the app
When you run the app, the following statistical data is collected to monitor what kind of devices you utilise to run the app. This is used to decide when the app should take advantage of new operating systems’ new features and when to discontinue development on older platforms.
Hardware Model and OS (iPhone, iPad, iMac, MacBook Air and so on)
Version of the app
Easy Books Online Account
To use the app, you will need to register an account using your email address. We collect the following additional data:
- Your email address
- IP Address
By supplying your email address, you give us consent to store this personal information to provide the app to you.
Our servers will send out email reminders when your service period is coming to an end so that you can continue the service if you want to. We won’t keep all your details though, a short time after your account expires, we will automatically delete your business data (if you have chosen to upload it). We will retain your account email address and information about your past purchases with us.
Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser.
We use the following cookies;
|These cookies are set by google analytics.
More about google analytics is available here.
|hjSiteLang||hotjar.com||365 days||Using the HotJar API we use this to map and enhance the user experience on the website, informing site additions/changes. More information can be found here.|
|_ga||easybooksapp.com (Provided by Google Analytics)||2 years||Used to distinguish users.|
|_gid||2 years||Used to distinguish users.|
|_gat||1 minute||Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>|
|__hs*, hubspotutk, hsPagesViewedThisSession, hsfirstvisit||hubspot.com||Decided by HubSpot|
|__hstc||13 months||The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).|
|hubspotutk||13 months||This cookie is used to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.|
We use the following Third-Party cookies;
|HubSpot||We integrate with HubSpot’s API to progress and store your information in order to deliver a targeted and tailored online experience. More information can be found here.|
|We use Facebook’s API to deliver targeted advertisements regarding the Easy Books software including promotional periods and special events. More information can be found here.|
|Google AdWords||We use Facebook’s API to deliver targeted advertisements regarding the Easy Books software including promotional periods and special events. More information can be found here.|
|Google Analytics||Using the Google Analytics’ API in order to benchmark and analyse your on-site behaviour & engagement. We use this to troubleshoot and benchmark the online experience. More information can be found here.|
|HotJar||Using the HotJar API we use this to map and enhance the user experience on the website, informing site additions/changes. More information can be found here.|
Signing in from a Device
When you open the app and sign in, we collect additional information that may contain your personal information.
Your device’s name (e.g. Fred’s iPhone)
The device’s name is used to help tell it apart from other devices linked to your account.
If you purchase a subscription via Apple’s or Google’s in-app purchase system, we collect an anonymous receipt from Apple or Google. To link the purchase to your Easy Books Online Account, you will need to have registered and signed in. This process usually happens when you first run the app, but you can register at any time, including after you have made a purchase.
If you purchase directly from us by entering your contact and credit card details, we will store additional information about the sale, linking it to your license file(s):
- Your name
- Your company name
We do not store your credit card information; FastSpring, our trusted payment company, stores this.
We will use your information to contact you if it affects your service from us. For example, if we need to upgrade the service and it’s not possible to do this in the normal overnight period, we might consider it important enough to inform you via email or other means.
We may also use your contact details to email you about any changes we’ve made to the app. You can unsubscribe from our emails by clicking a link at the bottom of an email, or from your account page. If you unsubscribe, we will still send account-related information such as password reset emails (if you ask for them). If you want to delete your account, see later.
Lawful Basis for Data Processing
We process your personal data for purposes of entering into and providing the services under our contract. We also process some of your personal information with your consent. Where we use consent, this will be explicitly given and can be removed at any time. We may need to process some of your personal data to protect our legitimate interest.
We use a third party called Tender to manage our support system. If you request support, your email address and anything you write will be stored in their system. By default, all support requests are private. But if we think others would benefit from your support request, we’ll ask your permission to make it public. Your email address always remains private, but you can decide if you want to allow us to make it public.
We use Apple, Google and FastSpring to handle payments. We don’t receive credit card information ourselves. However we are able to sign in to FastSpring’s website portal to view your payment history and manage your subscription.
Retention of Data
If you delete an individual business from your account page, the app will request confirmation, and if this is given by the client, the relevant data is deleted immediately from our servers. Any devices connected via our sync service (a component of the app which allows multiple client devices to access files), will receive a message saying the business is no longer available.
If your account lapses due to non-payment of a subscription, or your free trial of the software expires, after 7 days, all data will be deleted immediately and cannot be recovered. If you are using the new EasyInvoice system on an Android device or the web app or version 5.0 or later on your iOS device, then your information will be deleted from the app in 7 days. We will retain your data for an additional 23 days, just in case you did this or your subscription expired by mistake. For clarity, your data will be permanently from our system in 30 days from non-payment of a subscription, or the date that your free trial of the software expires.
For those customers using sync, if you have uploaded attachments, these are archived into a single file. You will receive an email with details about how you can obtain your archive. This is stored on our servers for a period of 90 days and then deleted. If you want to keep a copy of the files you attached to your accounts, you should download the archive within this period as we cannot retrieve your data afterwards.
For those customers using sync, we store backup copies of your business data for disaster recovery purposes. Old copies of the data are deleted as soon as a new one is available. We keep the backups for a week, so if you delete a business, there may be small fragments of your data in our backup for up to a week after you delete it. After that, your business data is no longer retained anywhere.
For customers who do not routinely use sync, we may occasionally sync your business data for security of your data, under the conditions mentioned in the ‘Privacy Note’ section
Deleting Your Account
If you have no purchase history with us, you can delete your account completely from the Settings tab on your account page. Sign in at sync.easybooksapp.com.
If you have made purchases, FastSpring, Apple or Google will retain information about your purchases. You can still delete your account from our system, but this is handled differently to preserve some purchase information.
If you delete your account, we remove your account information, for example, your IP address, name, business. Purchase history information is retained.
In this section, we have summarised the individuals’ rights under The European Union’s General Data Protection Regulation (GDPR). Some of the rights are complex, and not all the details are included in this document. You should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your rights under GDPR are;
Right to Access
You have the right to confirm if we do or do not process your personal data, where we do this, access to the data.
Right to Rectification
You have the right to have your data modified/ changed to ensure the data being processed is kept up to date.
Right to Erasure
You have the right to be forgotten/ erasure, which allows you as a data subject to inform us that you no longer want us to store or process your data.
This request may be declined for a number of reasons, which are not limited to; having a lawful basis for processing your information, or us needing the information for compliance with legal or contractual obligations.
Right to Restrict Processing
You have the right to stop the processing of your personal information. Please be aware you must provide us with a legitimate reason for us to stop processing your information. Any request made that doesn’t conform to the GDPR will be rejected.
Right to Object
On occasion, we may send you marketing emails to make you aware of new products that we believe can benefit you, the data subject. As you have the right to object, you can click the unsubscribe link on all of our emails to inform us that you no longer want to receive marketing emails from us.
Right to Data Portability
The right to data portability will allow you, as the data subject, to have your personal information securely transferred to another organisation for processing. We place this reasonability on you that data subject. When you make this request, we will export all information about you and securely transfer it to you. You, the data subject, will be able to give this information to your chosen organisation.
Right to not be subject to Profiling and Automated decision making
Where decisions are made through automated means, or a profile is created using data collected about you, you have the right to request human intervention.
Right to Complain
As a data subject, you have the right to complain to the supervisory authority regarding the processing of your personal data. If you are unhappy with the way that we handled your Personal Information, you can make a complaint to the Information Commissioners Office (ICO) which is the UK authority responsible for data protection. Contact details are available online, or alternatively please contact firstname.lastname@example.org.
We promise never to sell or otherwise distribute your data,(including email addresses), to any third party, except to technical partners as necessary to provide the service.
You authorise the engagement of Amazon Web Services, Inc. (“Infrastructure Provider”) to provide underlying infrastructure services in the provision of the software. The Infrastructure Provider’s role includes storage of Customer Personal Data.
Data you enter into the software, such as your customer and supplier names and addresses, are stored in a separate database per user. This database is stored by Infrastructure Provider and encrypted while at rest. Decryption keys are managed by Infrastructure Provider and stored in a different location. You acknowledge your role as Data Controller, and ours as Data Processor.
Servers are housed in Amazon’s secure data centres in the United States of America and in the UK, and are managed by us. We secure all communications to and from the app using TLS 1.2, and we reject any connections that are not encrypted. This keeps your information confidential between your device and our servers, and ensures that your data is safe from eavesdropping while transiting the Internet.
We will implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Security Measures include measures to encrypt personal data; to ensure ongoing confidentiality, integrity, availability and resilience of our systems.
We will take appropriate steps to provide compliance with the Security Measures by our employees and contractors to the extent possible to their scope of access, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality. Our staff connect to the servers for monitoring and maintenance. While connected, we also use encrypted connections. Also, all our servers are encrypted and complex passwords and industry standard security measures to prevent unauthorised access, in case they are stolen.
For information about Amazon’s GDPR Data Processing Addendum, please click here.
To process credit card and PayPal payments, we use FastSpring, a well-known and respected payment gateway. All data passed between your device and FastSpring is encrypted, so your credit card details are safe. We don’t store any information about the method of payment you use.
When you have paid for your use of the service, FastSpring alone stores Personal Data such as your name, address, phone number and credit card number. We do not have access to this data, only what you have paid for and when.
We will never pass on your details to anyone else without your permission unless required by a court order.
We do transfer personal data to third parties outside of the European Economic Area (EEA). We take steps to ensure that where your information is transferred outside of the EEA by our service providers and hosting providers, appropriate measures and controls are in place to protect information following applicable data protection laws and regulations.
For example, we may share information with affiliates based outside the EEA for the purposes foreseen by this Privacy Notice. We carry out due diligence to ensure these organisations are subject to data protection policies designed to protect data under EU data protection laws. In each case, such transfers are made in accordance with the requirements of Regulations (EU) 2016/679 (the General Data Protection Regulations or “GDPR”) and may be based on the use of the European Commission’s Standard Model Clauses for transfers of personal data outside the EEA
All Information that is being transferred within the EEA will follow our strict Information Transfer Policy.
We utilise the following third-parties;
|Amazon Web Services||Cloud Computing Services||Application data stored|
|Apple||App Store||Software applications|
|FastSpring||Payment Service||Purchase history|
|App Store||Software applications|
|Digital 22||Marketing||Cookie data|
|Tender||Application Support||Support data|
|Atlassian||Application Support||Support data|
Review of This Policy
We keep this Policy under regular review. This Policy was last updated on November 23, 2020. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.