Kaupapa here Tūmataitinga

Tirohanga whānui

I tuhia tēnei kaupapa here ki ngā Articles 13 me 14 o te EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") me te ture Lithuanian Law on Legal Protection of Personal Data.

Ko wai te kaiwhakahaere raraunga

Ko te kaiwhakahaere raraunga kotahi ko MB Libranet (Vilnius, Lithuania). Mō ngā pātai tūmataitinga, tuhia ki [email protected]. Kei te company information page ngā taipitopito ture katoa.

Kāore mātou i kopou i tētahi Data Protection Officer nā te mea kāore tā mātou whakahaere e tutuki ki ngā paerewa GDPR Article 37.

He aha ngā raraunga e whakahaeretia ana

Ina whakamahi koe i te FreeBillGen i freebillgen.com, ka whakahaeretia e mātou ngā kāwai raraunga whaiaro e whai ake nei, i runga i ngā lawful bases e whai ake nei:

• Account data. Tō ingoa, wāhitau īmēra, me te kupuhipa kua bcrypt-hashed (passkey public key rānei). Lawful basis: Performance of contract - Art. 6(1)(b) GDPR.
• Raraunga nama me kiritaki. Ko ngā raraunga noa kua tīpakohia e koe: ngā ingoa kiritaki, wāhitau, VAT numbers, ngā rārangi, ngā tapeke, te tūnga utu. Lawful basis: Performance of contract - Art. 6(1)(b) GDPR.
• Cookies wā mahi me te haumaru. He cookie wā mahi kua hainatia, me te cookie tohu CSRF. Lawful basis: Strictly necessary - Art. 6(1)(f), legitimate interests.
• Server logs. IP address, user-agent, me ngā metadata tono, ka pupuri mō te wā poto. Lawful basis: Legitimate interests - Art. 6(1)(f) GDPR.
• VIES audit log. Ka rongoatia ngā VAT validations. Lawful basis: Legal obligation - Art. 6(1)(c) GDPR.

Ko ētahi o ēnei raraunga ehara nāu, engari nā ō kiritaki nama (Art. 14 GDPR).

Sub-processors

E whakawhirinaki ana te FreeBillGen ki tētahi huinga sub-processors iti.

SMTP2GO (transactional email)

Ka tukuna ngā īmēra mā SMTP2GO mā tā rātou EU region (mail-eu.smtp2go.com).

Cloudflare Turnstile (bot protection)

Ka whakaaturia he Cloudflare Turnstile challenge i ngā whārangi /login me /register.

bunny.net (font CDN)

Ka utaina ngā web fonts mai i fonts.bunny.net.

European Commission VIES (VAT validation)

Ka tukuna ngā VAT validations ki ec.europa.eu.

Hosting me PDF rendering (in-house)

E rere ana te tono i runga i ngā hangahanga ake i te EU. Ka rendered ngā PDFs in-house ki mPDF.

Kāore he Google services. Kāore he Meta/Facebook pixels. Kāore he analytics SDKs.

Cookies

Ka whakaurua e te FreeBillGen ngā cookies strictly necessary anake.

Kāore he cookies tātaritanga. Kāore he cookies pānui.

Te puringa raraunga

Ka pupuri ngā raraunga pūkete me ngā raraunga nama i te wā e hāngai ana tō pūkete.

Ka pupuri ngā server logs tae atu ki te 30 rā. Ka pupuri ngā VIES audit-log mō ngā tau 10.

Ō mana i raro i te GDPR

I raro i te GDPR, kei a koe ngā mana o te access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), me te objection (Art. 21).

Kei a koe te mana ki te take whakapae ki te supervisory authority (State Data Protection Inspectorate of Lithuania, VDAI).

Tirohia te GDPR rights page.

Automated decision-making

Kāore te FreeBillGen e whakamahi i te automated decision-making, profiling rānei.

Haumarutanga raraunga

Ngā hātepe haumaru (Art. 32 GDPR):

• Ka noho ngā kupuhipa hei bcrypt hashes; e tautokona ana ngā passkeys (WebAuthn).
• 2FA TOTP optional.
• CSRF tokens i ia tono whakahuringa.
• Parameterised queries.
• HTTPS/TLS, HSTS.
• Content Security Policy.
• Audit log mō ngā mahi haumaru.
• Backups encrypted.

International transfers

Ka whakahaeretia ngā raraunga whaiaro i te EU. E rua ngā sub-processors:

• Cloudflare Turnstile - ki te US, EU-US Data Privacy Framework + SCCs.
• SMTP2GO - New Zealand (he adequacy decision).

Kāore he atu kawemai ki ngā whenua tuatoru.

Tamariki

Ehara te FreeBillGen i te taputapu mō ngā tamariki i raro i te 16 tau.

Huringa ki tēnei kaupapa here

Mēnā ka whakahōuhia, ka whakaputaina te tuhinga hou me te rā "last updated" hou.

Whakapā

Ngā pātai tūmataitinga: [email protected]. Tirohia te company information page.