Privacy Policy (GDPR)
Last updated: 1 January 2025
1. Data Controller
The controller of your personal data is Bomberace s.r.o., registered office Zahradní 582, 742 13 Studénka, Czech Republic, Company ID (IČO): 11696338, VAT ID (DIČ): CZ11696338 (hereinafter "the Controller").
2. Data We Process
- Identification and contact details (name, e-mail address)
- Login credentials (hashed password)
- Document metadata you enter yourself (date, amount, category)
- Technical access logs (IP address, browser type, login timestamps)
3. Purpose and Legal Basis
We process your data for the purpose of providing the document management service, on the basis of contract performance (Art. 6(1)(b) GDPR). Technical logs are processed on the basis of our legitimate interest in system security (Art. 6(1)(f) GDPR).
4. Retention Period
Data is retained for the duration of your account and for any further period required by law (in particular, accounting and tax records for 10 years).
5. Third-Party Transfers
Your documents are stored exclusively in your own Microsoft OneDrive account. We do not sell or share your personal data with third parties for marketing purposes.
6. Your Rights
You have the right to access, rectify, erase, restrict processing, and port your data. To exercise your rights, send an e-mail to gdpr@receiptorex.com. You also have the right to lodge a complaint with the Czech Data Protection Authority (ÚOOÚ).
7. Contact
For any questions, contact us at info@receiptorex.com or at the Controller's registered address.
