Toggle Sidebar

Last updated: 01.11.2025

PRIVACY POLICY





1. Who we are

 

Invoicebrokers (www.invoicebrokers.com) is a product of HYPHEN Digital BV, Koning Albert II laan 4, 1000 Brussels, Belgium, VAT BE1027.259.395. For the purposes of the EU General Data Protection Regulation (GDPR), HYPHEN Digital BV is the data controller of personal data processed via the Service.

Privacy/DPO contact:privacy@hyphen-digital.net


2. Scope

 

This Privacy Policy explains how we collect and process personal data when you use our website, features, and related services, communicate with us, or interact with our content. This Policy applies to individuals in the EEA/UK/Switzerland and elsewhere, subject to local law.


3. Personal data we collect

 

We may collect the following categories of personal data:

A. Identity & Contact Data


Name, email address, telephone number, postal address, country, language preference.

B. Account & Transaction Data


Account identifiers, hashed passwords, subscription tier, billing details, payments, invoices, purchase history.

C. Service & Input Data


Information you provide for comparisons (e.g., energy usage, telecom preferences), questionnaire answers, uploaded files, notes, selections.

D. Technical & Usage Data


IP address, device identifiers, browser type/version, OS, geolocation at coarse level, referral URLs, pages viewed, session duration, clickstream, diagnostic logs, crash reports.

E. Communications


Support requests, feedback, surveys, call/chat recordings (if applicable and lawful), metadata.

F. Marketing Preferences


Consents, opt-in/opt-out flags, campaign interactions.

Sensitive data: We do not intentionally collect special categories of data (e.g., health, race, political opinions). Do not submit such data. If you do, you warrant you have a lawful basis (e.g., explicit consent) and that submission is necessary.


4. Sources of Personal Data

 

  • Directly from you (forms, uploads, emails, calls).

  • Automatically from your device (cookies, SDKs, logs).

  • From third parties (identity/payment providers; data partners supplying market/price data; anti-fraud tools).


5. Purposes & Legal Bases

 

We process personal data for:

  • Provide the Service (create accounts, run comparisons, personalize outputs, fulfill requests).
    Legal basis: performance of a contract; legitimate interest.

  • Customer support & communications (respond to inquiries, service notices).
    Legal basis: legitimate interest; performance of a contract.

  • Payments & billing (process payments, manage invoices, detect fraud).
    Legal basis: performance of a contract; legal obligation; legitimate interest.

  • Analytics & improvement (diagnostics, performance, usability, model quality, safety).
    Legal basis: legitimate interest; consent where required (e.g., analytics cookies).

  • Marketing (newsletters, offers, events) subject to your preferences.
    Legal basis: consent for email/SMS marketing where required; otherwise legitimate interest (with opt-out).

  • Security & abuse prevention (detect, investigate, and prevent fraud, spam, misuse).
    Legal basis: legitimate interest; legal obligation.

  • Legal compliance (tax, accounting, law enforcement requests).
    Legal basis: legal obligation.

Legitimate interest test: Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms. You can object at any time (see Section 11).


6. Cookies & similar Technologies

 

We use cookies, pixels, local storage, and similar technologies to run the Service, remember preferences, analyze usage, and support marketing (see our Cookie Policy for details). Non-essential cookies are used only with your consent where required.


7. Sharing Your Data

 

We may share personal data with:

  • Service providers (processors): hosting, storage, security, analytics, email, communications, payment processing, customer support.

  • Third-Party Providers: suppliers or merchants you elect to engage with via the Service.

  • Affiliates: group entities for internal administration and support.

  • Professional advisors: auditors, lawyers.

  • Authorities: where required by law or to protect rights, users, or the public.
    All processors are bound by contracts requiring appropriate technical and organizational measures and processing only on our instructions.


8. International Transfers

 

Your data may be transferred to countries outside the EEA/UK that may not have equivalent data protection laws (e.g., the United States). Where we transfer personal data internationally, we implement appropriate safeguards such as European Commission Standard Contractual Clauses (SCCs), UK Addendum/IDTA, adequacy decisions, and additional protections (encryption, access controls).

9. Retention

 

We retain personal data only as long as necessary for the purposes above and to comply with legal obligations:

  • Account & profile data: life of account + 3 years after closure or last activity.

  • Contracts, billing & invoices: 7–10 years (legal/accounting).

Logs & analytics: up to 24 months (then aggregated or anonymized).
Where retention periods expire, we delete or anonymize data unless a longer period is required by law or to establish, exercise, or defend legal claims.

10. Security

 

We use appropriate organizational and technical measures to protect personal data, including encryption in transit, access controls, segregation, monitoring, vulnerability management, and incident response. No system is perfectly secure; if we become aware of a data breach affecting you, we will notify you as required by law.

11. Your Rights

 

Subject to conditions and exemptions under GDPR, you have the right to:

  • Access your personal data and obtain a copy.

  • Rectify inaccurate or incomplete data.

  • Erase data (“right to be forgotten”) in certain cases.

  • Restrict processing in certain cases.

  • Object to processing based on legitimate interests (including profiling) and to direct marketing at any time.

  • Portability: receive your data in a structured, commonly used, machine-readable format and have it transferred to another controller.

  • Withdraw consent at any time where processing is based on consent (this does not affect processing prior to withdrawal).

To exercise rights, email privacy@hyphen-digital.net. We may need to verify your identity. We aim to respond within one month (extendable in complex cases).

You also have the right to lodge a complaint with your local supervisory authority. In Belgium, this is the Data Protection Authority (APD/GBA).


12. Automated decision-Making & Profiling

 

We use automated systems and profiling to generate comparisons and recommendations. Where an automated decision produces legal or similarly significant effects, we will provide meaningful information about the logic involved and offer a means for human review, where required by law.


13. Children

 

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact privacy@hyphen-digital.net.


14. Changes to this policy

 

We may update this Policy from time to time. If we make material changes, we will provide notice (e.g., via the Service or by email). The “Last updated” date indicates when this Policy was last revised.

15. Contact

 

Controller: HYPHEN Digital BV, Koning Albert II laan 4, 1000 Brussels, Belgium
Privacy/DPO contact:privacy@hyphen-digital.net