This Policy is incorporated into and is subject to, the MRPeasy Terms and Conditions. Capitalized terms used but not defined in this Policy have the meaning given to them in the MRPeasy Terms and Conditions.
“Customer” means a customer of MRPeasy, usually a legal person.
“Customer Data “means personal data, reports, addresses, and other files, folders, or documents in electronic form that a User of the Service stores within the Service.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to log in.
“Restricted Area” means the area of the service that can be accessed only by the Customers after logging in.
“User” also “End-user” means an employee or representative of a Customer, who primarily uses the restricted areas for the purpose of accessing the Service.
“Visitor” means an individual other than a User, who uses the public area but has no access to the restricted area.
“Processing of personal data” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Controller” means the natural or legal person, public authority, agency, or other body which determines how and for what purpose the data is processed.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“GDPR” means the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679.
Security of processing
We apply necessary, and appropriate to the risk, organizational, physical, and technological measures to protect personal data. These measures include but are not limited to, rules and procedures for employees, for managing data and IT infrastructure, internal and external networks, and protecting all the equipment and the building of MRPeasy.
MRPeasy has provided relevant training to all employees processing personal data.
Data controller, data processor and collection of data
MRPeasy does not collect or determine the use of any Personal Data contained on the Customer account and we do not determine the purposes or the means of collecting such Personal Data. MRPeasy also does not determine the use of such Personal Data. Considering this MRPeasy is not a data controller in terms of the GDPR and does not have the associated responsibilities under the GDPR. The Controller for Customer data is the Customer.
Only the persons authorized by MRPeasy have the right to view personal data. These persons never edit such data.
Lawful basis of processing
MRPeasy processes personal data to ensure the performance of a contract, to comply with legal obligations, out of legitimate interest, or based on data subject’s consent.
– We process personal data to ensure the performance of a contract is used when we have concluded a contract and the contractual aim is not achievable without processing personal data.
– Legal obligations of processing include all personal data processing under relevant laws and regulations for example Employment Contracts Law.
– We process personal data on grounds of legitimate interest to improve the quality of our services and for the purpose of business development. To ensure that our legitimate interest doesn’t breach your fundamental freedoms and rights we have conducted a three-part balance test to guarantee that the processing is purposeful, required, and proportional to the stated purpose.
– When processing personal data with consent as a lawful basis we only process specifically what you have consented to. You can take back consent at any given time by using an unsubscribe link at any message or filling the contact form at the Contact page.
The Information We Collect on the Service
We collect different types of information from or through the Service.
1. User-provided Information
When you use the Service, as a User or as a Visitor, you provide, and we collect Personal Data. Examples of Personal Data that we could ask include name, email address, mailing address, mobile phone number, and a credit card or other billing information. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Data in various ways on the Service. For example, when you register for an Account, use the Service, post Customer Data, or send us customer service-related requests.
2. Information Collected by Customers
A Customer or User may store or upload into the Service Customer Data. MRPeasy has no direct relationship with the individuals whose Personal Data it hosts as part of Customer Data. Each Customer is responsible for providing notice to its customers and third persons concerning the purpose for which Customer collects their Personal Data and how this Personal Data is processed in or through the Service as part of Customer Data.
3. “Automatically Collected” Information
When a User or Visitor uses the Service, we automatically record certain information from the User’s or Visitor’s device by using cookies. This automatically collected information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User or Visitor views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. This information is gathered from all Users and Visitors.
MRPeasy does not transfer or make available Customer’s Personal Data stored in connection with the Services with the exception on third party subcontractors used by MRPeasy for provision of this service – such as servers’ hosting in a datacenter. We ensure that all our processors process personal data in accordance with our instructions, applicable law, and employing all appropriate organizational and technological security measures.
The Service may contain features or links to web sites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it unless otherwise required by law.
We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
– the contents of closed accounts are deleted within 1 day [MT1] of the date of closure.
– system backups are kept for 2 months.
– billing information is retained for a period of 7 years in accordance with the Accounting Act.
– information on legal transactions between Customer and MRPeasy is retained for a period of 10 years from the inception in accordance with the limitation period set for civil claims in the general part of the Civil Code Act.
Cookies and Tracking Software
1. What is in a cookie?
A cookie is a simple text file that is stored on your computer or mobile device by a website’s server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or what is in your shopping basket.
We use “cookies” and other types of tracking software in order to personalize your visit to our Site and enhance your experience by gaining a better understanding of your interests and customizing our pages for you.
We may use the information provided by cookies to analyze trends, administer the Site, or for research and marketing purposes to help us better serve you. No information which personally identifies you will be collected through the cookies.
3. What cookies do we use and what for?
The Identity cookie allows you to sign-in to the MRPeasy account. If you ticked ‘Remember Me on this computer’ when signing in, the cookie will remain on your computer for up to 24 hours duration of which you’ll remain signed in to MRPeasy website. If you didn’t tick the ‘Remember Me’ option the cookie will be removed when the browser session is closed.
Google Analytics and Google Adwords
We use Google Analytics and Ads applications to evaluate the use of those services and compile a report for us provided by Google Inc.
Can I stop my machine from receiving cookies?
You can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to turn off all cookies. The website www.allaboutcookies.org (run by the Interactive Marketing Bureau) contains step-by-step guidance on how cookies can be switched off by users.
You, the data subject, have the right to receive information from the Controller (see chapter 3 in the current policy for who is Controller) regarding the processing of your personal data. You can enquire if and what data we process about you and can obtain a copy of that data by submitting a request via the contact form at the Contact page.
MRPeasy has a legal obligation to make sure that a person requesting information about themselves is indeed the person who has the right to receive the data. For this reason, the requesters may have to prove their identity for the right to request the data.
You have the right to restrict processing or ask us to delete your personal data.
Where feasible you have a right to data portability.
If you have the right to lodge a complaint to the Data Protection Inspectorate regarding the processing of personal data.
If you have any issues, concerns, or suggestions pertaining to the processing of personal data, contact the controller using the contact form at the Contact page.
Non-Disclosure Agreement (NDA)
Sometimes organizations using our service request that we sign a non-disclosure agreement (NDA).
Companies are often advised to use NDAs to preserve their claim of intellectual property rights and to maintain the confidentiality of their business processes.
MRPeasy will handle all your information with the utmost discretion, and respect the confidentiality of all information received at all times.
Download the non-disclosure agreement (NDA) from here.
Fill out the form with your contact information, sign, scan it, and send it to the email address provided.