Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /var/www/app.simple-soft.eu/20.0.4_0/custom/simplesoftwebsite/tpl/index.tpl.php on line 153
Privacy Policy Smart Bank Import Privacy Policy – Smart Bank Import

Privacy Policy

Effective date: 28 August 2025

GDPR EU-focused Minimal data retention

1. Introduction

Smart Bank Import ("we", "us", "our") respects your privacy and is committed to protecting personal data in accordance with the General Data Protection Regulation (GDPR). This Privacy Policy explains what data we collect, how we use it, with whom we share it, and your rights.

2. Scope & minimal-data approach

We operate Smart Bank Import for Dolibarr — a service that connects bank/payment accounts and imports transactions into Dolibarr to support reconciliation and bookkeeping. We follow a minimal-data principle: we only collect data strictly necessary to provide the service, billing, security, and legal compliance.

3. Data we may collect

  • Account details: name, company name, business email, contact details you provide when creating an account.
  • Billing & invoice data: billing name, company, billing address and invoice history (we do not store raw card numbers or full banking credentials).
  • Technical & usage data: IP address, browser, device type, timestamped logs for performance, security and fraud prevention.
  • Integration data: transaction metadata and account identifiers required for the Service to map data into your Dolibarr instance.

4. What we do NOT store

We do not store your full payment card details or unencrypted bank credentials. Payment card processing is handled by our payment processor (e.g., Stripe) and bank credentials are managed by secure open-banking/connectors when used — Smart Bank Import does not retain raw card numbers or full unprotected credentials on our servers.

5. Legal basis for processing

  • Contract: processing necessary to perform the subscription and deliver the Service.
  • Legal obligation: retention of invoices and accounting records as required by tax laws.
  • Legitimate interests: providing security, preventing fraud, debugging, and improving the Service (balanced against user rights).

6. Third-party processors

To operate the Service we rely on third-party providers who process data on our behalf. These include:

  • Payment processors: e.g., Stripe (card payments) — they store and process card data under their own security and compliance regimes.
  • Open-banking / bank-connect providers: PSD2-compliant providers or bank APIs used to retrieve account data (only with your authorization).
  • Hosting & infrastructure: cloud hosting and backups (we recommend EU-region hosting where possible).

We use data processing agreements and appropriate safeguards with our processors to ensure GDPR-level protection.

7. Data retention

We retain account and billing records as required by law for accounting (please consult local rules — typically up to 10 years for tax records in many EU countries). Technical logs and non-essential telemetry are kept for a short, limited window for debugging and security (configurable).

8. Security

We implement technical and organizational measures (encryption in transit, access controls, logging) to protect personal data. However, no system is impenetrable — report suspected breaches immediately to contact@simple-soft.eu.

9. International transfers

Data is primarily stored and processed within the EU where possible. If any transfer outside the EU occurs (e.g., third-party provider), we ensure appropriate safeguards (standard contractual clauses, adequacy decisions or equivalent protections).

10. Your rights (GDPR)

You have the right to: access, correct, delete, restrict processing, object to processing, and request portability of your personal data. To exercise these rights contact us at contact@simple-soft.eu. We will respond within the statutory timeframes.

11. Automated decision-making

We do not use automated decision-making or profiling that produces legal effects concerning you. Any automated processing is limited to non-decision support (e.g., anomaly detection to prevent fraud).

12. Children

The Service is intended for business users and not for children. We do not knowingly collect personal data of children.

13. Changes to this policy

We may update this Privacy Policy to reflect changes in the Service or legal requirements. We will publish the effective date at the top; for material changes we will provide notice where reasonable.

Quick summary: minimal data used for service delivery, payment handled by processors, no storage of raw card/bank credentials by Smart Bank Import, GDPR rights supported.