Security

We are committed to the security of our software and your data – now and in the future.

We use industry-standard security technologies and comprehensive policies and controls to maintain a culture of security.

  • Authentication
    Authentication and access management

    Authenticate your users with single sign-on (SSO). Manage permissions directly to authorize who can access Bezala.

  • Quality Assurance
    Quality Assurance

    High quality development and quality assurance ensures that software is both secure and easy to use.

  • Data Protection
    Data protection

    We encrypt your data using industry standard protocols and process personal data requests in accordance with GDPR.

  • Data Protection
    Backups

    We have hourly data backups and daily system backups. Backup recovery is tested regularly.

Frequently Asked Questions

How is data stored in Bezala? 

Bezala is a database where expense management data is stored, managed, and archived. Data is deleted upon customer’s request and according to law.

How can we remove our data? 

Upon request Renance AFS Oy can remove your data from Bezala and from our own internal tools if no legal obligations for storage of the data for audit purposes exist.

What kind of data is involved to the service you are providing?

Personal data of clients employees (Name, Email and SSN in Finland) and their expenses. SSN is required for Finnish Income Register reports.

Do you process personal data outside of the EU/EEA?

No data is transferred outside the EU. The data on cloud in encrypted and the keys are managed with key per individual file. Cloud service provider not explicitly have access to the files.

What are the locations of your sub-processors' or affiliates' servers?

Digitalocean (Amsterdam), AWS (Amsterdam)

Do you have any certificates / audit reports (e.g. ISO 27001, ISAE 3402 Type 2 report etc.) obtained from external auditing companies?

In the process of ISO 27001, aiming to have it completed this year.

Quality Assurance with experience

Quality Assurance is present at all stages of software development. In total we execute more than 3000 tests for every update we do.

Here you can see the main parts from which our Quality Assurance process consists:

Autotests

ReviewManual
Newly developed features are covered with unit and integration tests.Requirements are reviewed with QA, Dev and Biz Teams. This helps to ensure that they meet the requirements’ quality criteria and can be fulfilled.Tests for new features are created based on test design techniques that makes coverage measurable.
If issue is found on any SDLC stage the fix will also be tested to avoid regression.Code is reviewed by other team members to ensure that it is efficient and corresponds to company’s code style policy.On new feature adding: new feature and smoke suits are run.
Automated E2E tests that cover main flows.Peer review is done by developers with 15+ years of experience.Full review of application on dependencies update.

Terms of Service


Terms of Service concern the use of Bezala, through which a legal person can offer its personnel and accountants an easy way to automatically store and access certain accounting material for the Client’s accounting purposes.

We may, at any time and for any reason make changes to the terms. We may do this for a variety of reasons including to reflect changes in or requirements of the law, new features, or changes in business practices. The most recent version can always be found via the link below.

Read the Terms of Service here.

Bezala illustration emptyspace

Privacy Policy

Use of the service


Once You have a valid and personal subscription to Bezala and commence using the service with your personal login credentials, Renance will be the data processor of your personal data processed in Bezala. Your company is the data controller of such data. The commercial agreement sets out the data processing terms for processing of your personal data by Renance.

Read the whole Privacy Policy here.

Personal data in Bezala

The Personal Data consists of contact details, bank account details, social security
number, organisational information, other data related to the Users’ use of the Service, data the Users enter in the service related to travel and expense invoices and their processing, and other data determined by the company/data controller,
which may be entered manually or imported via integrations to other services.

The categories of data subjects consist of employees and other personnel of the company that has a commercial agreement on the service.

Use of the personal data in Bezala

The Personal Data is processed so that the Controller could use the Service for processing and managing travel and expense invoices. Personal Data is processed for the duration the Agreement is valid.

The Processor is under an appropriate statutory obligation of confidentiality when it processes Personal Data.

The Processor shall ensure that Personal Data is protected by adequate technical and organizational measures.

Sharing of personal data

The executed payroll information (e.g. daily allowances, kilometre allowances and other such fees) are sent to the incomes register, which is an electronic database held by the Finnish Tax Administration. The information is reported to the incomes register within five calendar days from the payment by using by the Tax Administration’s interface.

The Tax Administration is liable for the incomes register and the functionality of the interface. The Company is only liable for reporting the information that is processed through the Service. The Company is not liable for the content of any accounting material.

The company that has made the commercial agreement may also select to share other data from the service, for example, via integrations to other services.

Use of the website

What information is gathered and why?

When you subscribe to our newsletter or otherwise provide information via our web site forms or similar functions, we may contact you regarding our company and its services and products.

We use analytics services from Google Analytics. Through these services we gather information such as your IP address and usage data regarding your visit on our websites. This information is used to develop and market our products and services. You can disable the tracking tools by installing an add-on to your web browser (for example: https://tools.google.com/dlpage/gaoptout). Please note that this opt out is specific for each browser and device.

We may also obtain information about your use of this website through “cookies” which enable us to make certain parts of the site easier to use. Cookies are small text files on your computer’s hard drive, allowing your computer to be recognized by our website. You may refuse to accept cookies and delete existing cookies using the settings on your Internet browser. If your Internet browser settings prevent the use of cookies, you may be unable to access or use fully certain parts of our website. When you enter our website, we may also collect information about your computer, IP address, operating system and browser type, for example, for statistical purposes or purposes of system administration. This information generally comprises data that does not allow individual identification of information related to a specific user.

For our customers and users of our services we may collect personal and other information that will be used to offer, operate and maintain our services and for marketing of our services.

Disclosure of information

Your personal information will not be disclosed or sold to third parties, and we store your data in locked facilities behind firewalls. Information collected through analytics services can be stored outside the European Economic Area if the analytics services provider is located outside the EEA. In these cases we take steps to ensure that your personal information is processed lawfully and in compliance with this caption.

Except for the above, we do not regularly transfer your data outside the European Economic Area.

How long do we store your information?

The personal data and other information provided by you and obtained trough usage of our services and website shall be stored as long as the person is registered our services service and for two years thereafter so that we can answer possible questions and queries regarding our services and contact the persons on us or our services and products. After this we will destroy all personal data from our systems with the exception of information obliged to store according to the law.

Links to other websites

Our websites may contain links to other websites, and content from other websites such as Facebook, Twitter, and Linkedin. The use of such content is subject to said website’s own privacy policy instead of ours.