Data Privacy Policy Finmatics Software

General

We offer the Finmatics-Software to our customers (in particular tax consultants, accountants, companies with their own accounting department, hereinafter referred to as "Customers") in order to help digitize and automate their accounting processes. This involves the processing of data required  for accounting (invoice data of invoice addressees and issuers, "Business Partners") from documents provided by the Customers.

Our Customers allow their employees or clients to access the Finmatics Software using a user name and password to further process such documents ("Software User").

In the context of providing the Finmatics Software to Customers, we act primarily as a Processor of our Customers in accordance with Article 28 GDPR and conclude corresponding agreements with our Customers. For more detailed information on data processing of Software Users and Business Partners’ personal data, we therefore refer to the respective information provided by our Customers to those parties in accordance with Articles 13 and 14 GDPR.

Our controllership under data protection law in the context of the Finmatics Software is therefore limited to the following processing activities:

Chat Assistant

In order to be able to answer questions from Software Users about the functionalities of the Finmatics Software even more efficiently, Finmatics provides a chatbot, currently based in particular on the information provided at https://support.finmatics.com/, free of charge as a support aid for Software Users ("Chat Assistant"). When using the Chat Assistant, no personal data is in principle requested or processed by it.
However, the Chat Assistant is linked to the user ID of the respective Software User in order to remember previous questions from a Software User for the future and to be able to provide them with information on queries regarding the Finmatics-Software more quickly.
Data processing in the context of the Chat Assistant is carried out on the basis of Article 6 (1) lit b GDPR (contract fulfillment). The personal data processed in the context of the Chat Assistant is stored for the duration of the active Software User account.

Document (in particular invoices, "Documents") processing within our Finmatics Software is based on ML models ("Models"). The Finmatics-Software can, among other things:

• read/extract relevant data from Documents,

• Automatically separate and classify Documents,

• generate / predict booking lines from the Documents and

• check accounting records for tax criteria and accuracy.
  
  

The Finmatics-Software can do this with a very high probability of accuracy because it has been trained accordingly with training data (historical booking data of the Customer or Software User feedback). If individual booking lines were incorrectly predicted in the Finmatics Software, these can be corrected manually by Software Users. By correcting these booking lines, the Finmatics-Software learns the correct (or corrected) booking line and can take them into account in future document processing.

The Models running in the background of the Finmatics Software do not generally require any personal data for their training. In individual cases, however, it cannot be ruled out that limited personal data of Business Partners (in particular company, contact data and other invoice data, provided they are natural persons) may be extracted from the provided Documents.

This personal data is processed on the basis of our legitimate interest in accordance with Articles 6 (1) lit f GDPR to be able to provide the Finmatics-Software to our Customers in an appropriately functional manner.

The Finmatics-Software, including the Models, is operated in the data centers of Hetzner Germany and Microsoft Azure in Europe. We have concluded corresponding confidentiality and data protection agreements with these processors. It is ensured that no personal data or data subject to confidentiality obligations is disclosed to other Customers or processed for other purposes.

At the end of the contractual relationship or at the instruction of a Customer, the Documents of the respective Customer can be removed from the Finmatics-Software. With the exception of backups and backup copies, personal data is therefore stored for no longer than the duration of the contractual relationship with the respective Customer.

To whom is personal data passed on?

Personal data is transmitted by us to the following recipients in the course of processing for the above-mentioned purposes and, if necessary, due to legal or official obligations:

• To our affiliated companies

• Service providers (especially IT service providers)

• In case of cause to legal representatives, notaries, courts and administrative authorities

• To banks and insurance companies if necessary
  
  

Insofar as personal data is processed by our service providers (processors), we ensure that they only process this data within the scope of our contract and for the respective purposes mentioned above.

Transfer to third countries

If the above-mentioned recipients of personal data are located outside the EEA and the EU Commission has not determined that the country in question has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses or otherwise in accordance with Articles 46, 47 or 49 GDPR.
 

What rights do data subjects have in relation to data processing?

Right to information

If we process your personal data, you have the right to information about the processing purposes, the categories of data processed, the recipients of this data, the storage period, the rights to which you are entitled, the origin of the data and the existence of automated decision-making.

Rectification and erasure

You are entitled to request the rectification of incorrect or incomplete personal data concerning you. You are entitled to request the erasure of personal data concerning you, provided that the processing of the personal data is not lawful and there are no legal obligations on our part to prevent erasure.

Restriction of processing

You are entitled to request the restriction of the processing of your personal data in certain cases.

Data portability

You are entitled to request the transfer of the personal data you have provided to us in a structured, commonly used and machine-readable format. You have the right to have the personal data transmitted directly from us to a controller, insofar as this is technically feasible.

Right to object

You have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation. If you object, we will no longer process personal data concerning you unless we can prove that our reasons for processing outweigh your interests. You can object to the use of your data for advertising purposes at any time; in this case, we will stop processing your data for advertising purposes.

Withdrawal of consent

You have the right to withdraw the consent to processing of your personal data at any time. This does not affect the legality of the data processing carried out up to this point in time.

Complaint

If you believe that the processing of your personal data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna (www.dsb.gv.at).