Security

Bezala is a database where expense management data is stored, managed, and archived. Data is deleted upon customer’s request and according to law.

Upon request Renance AFS Oy can remove your data from Bezala and from our own internal tools if no legal obligations for storage of the data for audit purposes exist.

Personal data of clients employees (Name, Email and SSN in Finland) and their expenses. SSN is required for Finnish Income Register reports.

No data is transferred outside the EU. The data on cloud in encrypted and the keys are managed with key per individual file. Cloud service provider not explicitly have access to the files.

Digitalocean (Amsterdam), AWS (Amsterdam)

In the process of ISO 27001, aiming to have it completed this year.

The Personal Data consists of contact details, bank account details, social security
number, organisational information, other data related to the Users’ use of the Service, data the Users enter in the service related to travel and expense invoices and their processing, and other data determined by the company/data controller,
which may be entered manually or imported via integrations to other services.

The categories of data subjects consist of employees and other personnel of the company that has a commercial agreement on the service.

The Personal Data is processed so that the Controller could use the Service for processing and managing travel and expense invoices. Personal Data is processed for the duration the Agreement is valid.

The Processor is under an appropriate statutory obligation of confidentiality when it processes Personal Data.

The Processor shall ensure that Personal Data is protected by adequate technical and organizational measures.

The executed payroll information (e.g. daily allowances, kilometre allowances and other such fees) are sent to the incomes register, which is an electronic database held by the Finnish Tax Administration. The information is reported to the incomes register within five calendar days from the payment by using by the Tax Administration’s interface.

The Tax Administration is liable for the incomes register and the functionality of the interface. The Company is only liable for reporting the information that is processed through the Service. The Company is not liable for the content of any accounting material.

The company that has made the commercial agreement may also select to share other data from the service, for example, via integrations to other services.

When you subscribe to our newsletter or otherwise provide information via our web site forms or similar functions, we may contact you regarding our company and its services and products.

We use analytics services from Google Analytics. Through these services we gather information such as your IP address and usage data regarding your visit on our websites. This information is used to develop and market our products and services. You can disable the tracking tools by installing an add-on to your web browser (for example: https://tools.google.com/dlpage/gaoptout). Please note that this opt out is specific for each browser and device.

We may also obtain information about your use of this website through “cookies” which enable us to make certain parts of the site easier to use. Cookies are small text files on your computer’s hard drive, allowing your computer to be recognized by our website. You may refuse to accept cookies and delete existing cookies using the settings on your Internet browser. If your Internet browser settings prevent the use of cookies, you may be unable to access or use fully certain parts of our website. When you enter our website, we may also collect information about your computer, IP address, operating system and browser type, for example, for statistical purposes or purposes of system administration. This information generally comprises data that does not allow individual identification of information related to a specific user.

For our customers and users of our services we may collect personal and other information that will be used to offer, operate and maintain our services and for marketing of our services.

Your personal information will not be disclosed or sold to third parties, and we store your data in locked facilities behind firewalls. Information collected through analytics services can be stored outside the European Economic Area if the analytics services provider is located outside the EEA. In these cases we take steps to ensure that your personal information is processed lawfully and in compliance with this caption.

Except for the above, we do not regularly transfer your data outside the European Economic Area.

The personal data and other information provided by you and obtained trough usage of our services and website shall be stored as long as the person is registered our services service and for two years thereafter so that we can answer possible questions and queries regarding our services and contact the persons on us or our services and products. After this we will destroy all personal data from our systems with the exception of information obliged to store according to the law.

Our websites may contain links to other websites, and content from other websites such as Facebook, Twitter, and Linkedin. The use of such content is subject to said website’s own privacy policy instead of ours.