Draft — pending legal review
Privacy Policy
- Effective:
- [EFFECTIVE_DATE]
- Last updated:
- [LAST_UPDATED_DATE]
This policy explains the proposed handling of personal data by Invex and remains subject to legal and operational review.
1. Who is responsible
[LEGAL_ENTITY_NAME], at [REGISTERED_ADDRESS], is the proposed data controller or data fiduciary for account and service-administration data. For business data entered by an enterprise, roles depend on the applicable agreement and law.
2. Information collected
- Account and profile data, including names, business role and contact details.
- Enterprise, customer, invoice, payment and expense data entered by authorised users.
- Authentication, access-control, security-event and fraud-prevention data.
- Payment and subscription metadata supplied by billing providers; Invex need not store full card details.
- Device, browser, IP, diagnostic, log and enabled analytics data.
- Cookie and preference data described in the Cookie Policy.
3. Purposes and legal grounds
Data may be processed to provide accounts and requested features, administer subscriptions, secure and support the service, communicate service information, meet legal obligations, and improve reliability. The applicable basis may include contract, legal obligation, legitimate interest, or consent where required.
Invoice and customer business data is not described by this template as being used for advertising or model training.
4. Sharing and service providers
Data may be shared with authorised enterprise users, hosting, authentication, communications, billing, support, security and analytics providers, professional advisers, or authorities where legally required. Approved subprocessors must be governed by appropriate contractual and security obligations.
5. Cross-border processing
Hosting locations, transfer destinations and the approved transfer mechanism are [CROSS_BORDER_PROCESSING_DETAILS]. These details must be completed before final publication.
6. Retention and security
Data is retained for [RETENTION_PERIODS] according to account needs, contractual commitments, legal requirements, dispute handling and secure backup cycles. Invex applies access controls, encryption where appropriate, monitoring, backups and development practices proportionate to the service; no method is completely secure.
7. Individual rights and choices
- Request access to applicable personal data.
- Request correction of inaccurate or incomplete data.
- Request deletion where legally available.
- Withdraw consent without affecting earlier lawful processing.
- Object, restrict processing, or request portability where applicable.
- Raise a grievance with Invex and, where available, a regulator.
8. Requests and grievance process
Send privacy requests to [PRIVACY_EMAIL]. The proposed grievance officer is [GRIEVANCE_OFFICER_NAME], reachable at [GRIEVANCE_EMAIL]. Responses are targeted within [RESPONSE_TIME], subject to identity verification and applicable law.
9. Children’s data
Invex is intended for business users and is not directed to children. Enterprises must not submit children’s personal data unless lawful, necessary, and expressly supported by an approved agreement.
10. Updates and contact
Material policy changes will be communicated through an appropriate service or contact channel before they take effect when required.
Contact [LEGAL_ENTITY_NAME] at [REGISTERED_ADDRESS]. General support: [SUPPORT_EMAIL]. Privacy enquiries: [PRIVACY_EMAIL].