Accountable Privacy Policy

Impressum

Accountable SA

22 drève des Weigélias
1170 Brussels, Belgium

Board: Nicolas Quarré, Alexis Eggermont, Rory Stirling (Connect Ventures), Fred Destin (Stride)

VAT ID: BE0682763303

Phone: +32496209507
E-Mail: [email protected]

—

This privacy policy governs the collection, storage and use of personal data collected by Accountable SA, a limited liability company incorporated under the laws of Belgium, with its registered office at 22 drève des Weigélias, 1170 Brussels, (Belgium) and registered at the Crossroads Bank for Enterprises under number BE0682763303 (hereinafter referred to as “Accountable”, “We”, “us” or “our”), through Accountable’s website: www.accountable.eu (“Site”), mobile app (“Accountable App“) and the services offered by Accountable (the “Accountable Services”).

This privacy policy provides You as a User, aged 18 or over (“You”, “your” or the “User”) with details about the personal data We collect from you, how and why We use your personal data and your rights to control personal data We hold about you. Please read this privacy policy carefully. If You do not agree to this privacy policy in its entirety, You must refrain from using the Site, Accountable App and Accountable Services.

We respect your right to privacy and will only process personal information You provide to us in accordance with applicable data protection laws, and in particular with the General Data Protection Regulation (Regulation 2016/679) (“GDPR”).

This privacy policy may be modified, for example, in connection with new features of the Site, Accountable App and the Accountable Services or to comply with new legal, contractual or administrative obligations. We therefore recommend that You regularly consult this privacy policy. Important changes will be announced on the Accountable App or via e-mail. This version of the privacy policy was last updated on the date referred to above. Please regularly consult this privacy policy, to stay informed of updates to this privacy policy.

This privacy policy was last updated on [3-9-2023]. Please check back regularly to keep informed of updates to this privacy policy.

1. Who we are

Accountable acts as a data ‘controller’ under the data protection laws and as such Accountable is responsible for the collection, storage and use of your personal data.

If You have any questions about how We collect, store and use your personal data, or if You have any other privacy-related questions, please contact us by any of the following means:

e-mail: [email protected]

We do not and will not knowingly collect information from any unsupervised child under the age of 18. If You are under the age of 18, You may not use the Accountable App and the Accountable Services.

2. The personal data we collect about You

When You register, access, log-into, browse and use the Site, Accountable App and/or Accountable Accountable Services, We may collect the following information from You:

Identity data	Applicable to
Contact details (e.g. name, e-mail address, telephone number, date of birth) Account data (e.g. user name, account credentials)	All Users All Users
Service data (e.g. National Registry Number, Date of birth, address, national registry number, social insurance number)	Users that register as new self-employed workers through Accountable or create sales invoices in Accountable App

The above personal data is directly obtained from You when registering on the Accountable App or on the Site.

Professional and financial data	Applicable to
Service data (e.g. legal status, VAT or company registration number, etc.)	Users that are a client of the service, or submit their VAT statement through the Accountable App, or create sales invoices in the Accountable App
Accounting Data (e.g. professional bank details, credit card information, transaction details, bank balance, invoices, details relevant to computing accounts and taxes, etc.)	Users that create sales invoices in the Accountable App and All Users that connect their bank accounts and provide accounting and financial information
Activity type	Users that voluntarily provide information to Accountable to make use of additional services

The above personal data is directly obtained from You by entering it into the Site, Accountable App and/or Accountable Services or connect your bank account to your account of Accountable.

Publicly Available data	Applicable to
Business contact information, address, email address, phone number	All Users

The above personal data is obtained from other sources like public databases.

Other data	Applicable to
Correspondence data voluntarily provided information (i.e. requests, questions, conversations).	Users that voluntarily provide information to Accountable

The above personal data is directly obtained from You when You ask us questions, initiate a conversation with us and use third party services. We may disclose your enquiry data to one or more of those selected third party suppliers of services identified on this privacy policy for the purpose of providing and improving our Services and communicating with you.

Automated Data collection	Applicable to
The type of browser, the operating system You are using, your IP address, information related to user and web traffic	All Users
Log data	All Users
Location data	Users that voluntarily provide information to Accountable to make use of additional services

The above personal data is directly obtained from You when You use the Site, Accountable App and/or Accountable Services.

3. How and why we may store and use your information

Accountable (or third party data processors acting on our behalf) may collect, store and use your personal information listed above for the following purposes, listed below.

3.1 Legal obligation

Accountable is bound by a number of legal and regulatory obligations that require the processing of your personal data. These obligations may imply that Accountable collaborates with the relevant authorities and/or with third parties and, where appropriate, provides them with some of your data in light of:

the obligation to respond to the official requests of the various competent authorities (e.g. in the field of data protection, consumer protection, etc.), whether Belgian or foreign; and
the obligation to respond to requests from competent judicial authorities.

Accountable collects certain personal data that it obtains from You in order to comply with legal taxing obligations as mandated by You for providing You with the Accountable Services.

3.2 Use of the Application App

Accountable collects some personal data from You to make the Site, Accountable App, and Accountable Services available to You and to provide You with content which is tailored to your individual situation. Specifically, to:

assist You in the online registration process, in providing information about our services and terms of use;
the management of your User account;
provide You with the services relating to the Accountable App and/or Accountable Services that You request, in particular, to capture and assess transactions in order to manage your accounting and tax obligations as requested;
connect You with experts;
evaluate your eligibility for marketing offers, products and services; and .
answer your questions and requests and provide You with support, including when You interact with our chatbot, or request a demo/free trial.

Accountable collects certain personal data that it obtains from You for the performance of the contract with You or based on your consent. Without your personal data, We cannot provide You with our services.

3.3 Legitimate interests

Accountable also processes your personal data for the realization of its legitimate interests. To that end, Accountable strives to maintain a balance between the need to process data and respect for your rights and freedoms, including the protection of privacy.

Your data is processed for:

the retaining of evidence (archiving);
the operation, evaluation and improvement of the quality of services rendered to Users;
the management of our communications with You;
facilitate the functionality of the Accountable App and the Site;
the preparation of studies, models (risk, marketing and others) and statistics, using techniques of anonymization and/or pseudonymization of the persons concerned;
the use of cookies to improve the Accountable App and the Site (see Cookie policy);
the recognition, exercise, defense and preservation of Accountable’s rights; and
processing your requests.

We may use automated and manual (human) methods to process your personal data by using artificial intelligence (AI), e.g. Open AI API, to provide You with valuable personalized advice, recommendations and experiences.

3.4 Direct Marketing

We may use your personal data to assess Your eligibility for and offer You or promote products and services which we think may interest You; and
where You have given us your consent, to disclose your personal information to carefully chosen third parties so that they may contact You (including by SMS and e-mail) with products and services which they think may interest You.

However, We respect your right to control your personal data, and You can unsubscribe from such marketing messages at any time by using the link provided in the business message or contact us by e-mail at: [email protected].

Accountable perfectly understands that sharing access to professional bank transactions and, in some cases, bank credentials, while necessary for the performance of the services, needs to be handled with care.

Apart from a legal basis, in a true effort of transparency, We set up a strong and explicit consent management workflow, built directly in the application: during the sign-up, the User is presented with a screen that explicit what is required from him, for which purpose and what are the policies in place to protect his data.

We will not disclose, sell or rent your personal information to any third party unless You have consented to this. If You do consent but later change your mind, You may contact Us and We will cease any such activity.

4. Data Subjects rights

As a User of the Site, Accountable App and or Accountable Services, You have the following rights:

the right to access: You have the right to ask us to provide You with copies of personal data that We hold about You at any time. You have the right to access the following information:

a) For what purpose We process your personal data and what its categories are.

b) Who the recipients and processors of your personal data are.

c) How long your personal data will be saved and if this time cannot be determined, then the use criteria to determine this time.

d) Which personal data You may request removal or processing restrictions for and object to such processing.

e) About the right to file a complaint with the supervisory authority.

f) About personal data sources, unless they have been obtained from you.

g) Whether automatic decision-making or profiling takes place automatically.

If You ask for it, We will provide You with copies of your processed personal data. If You require additional copies, You may be charged for the costs incurred. If You request it in electronic form, copies will be provided in electronic form if You do not request it in another way. However, We have the right to require verification of your identity to verify that this information regarding your personal data does not reach an unauthorized person.

We will try to provide You with this information as soon as possible, depending on the range of information You require. However, within 30 days at the latest.

the right to rectification: You have the right to ask us to update and correct any out-of-date or incorrect personal information that We hold about You free of charge;
the right to withdraw your consent: where the processing is based on your consent, You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
the right to erasure: You have your right to have your personal data permanently deleted. We are not always obliged to delete your personal data at your request. This right only applies if the conditions of article 17 of the GDPR have been met;
the right to restrict processing: You have the right require us to restrict the processing of your personal data. This allows You to freeze our use of your personal data without deleting it. We are not always obliged to limit the processing of your personal data at your request. This right only applies if the conditions of article 18 of the GDPR have been met.
the right to data portability: To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, You have the right to receive your personal data from us in a structured, commonly used and machine-readable format. This allows You to easily transfer, copy or move personal data from one controller to another. However, this right does not apply where it would adversely affect the rights and freedoms of others. You also have the right to have your personal data transferred directly to another controller, if this is technically possible;
the right to object to processing: You have the right to object to the processing of your personal data. We are not always obliged to accept your objection. This right only applies if We process your personal data on grounds relating to the legitimate interests pursued by us or by a third party. We will be allowed to continue to process your personal data if We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims; and
the right to withdraw your consent: You have the right to withdraw your consent when the processing of your personal data takes place on the basis of your consent. Withdrawal of your consent does not affect the lawfulness of the processing based on consent before withdrawal.

If You wish to exercise any of the above rights, please write to us (either by post at the address specified above or by e-mail at contact us by e-mail at: [email protected]) including a supporting identity document to allows us to validate and treat your request.

The right to complain to a supervisory authority: You have the right to lodge a complaint with the competent supervisory authority.
In Belgium You can submit a complaint to the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/ Autorité de protection de des données), either by mail at the Rue de la Presse 35, 1000 Brussels or by e-mail at [email protected] or by phone at +32 2 274 48 00).
In Germany You can submit a complaint to the German Federal Commissioner for Data Protection and Freedom of Information (BfDI), either by mail at Graurheindorfer Str. 153, 53117 Bonn, Germany or by email [email protected] or by telephone: +49 (0)228 997799-0

5. How long does Accountable retain your personal data?

In accordance with the principles set out below, We will delete personal data once it is no longer required to fulfil the purposes outlined in this Privacy Policy, unless their retention would remain required for other fundamental purposes, including but not limited to complying with our legal obligations, handling claims and resolving disputes. This means We may keep different information for different periods.

If You would like to find out how long We keep your personal data for a particular purpose You can contact us by e-mail at: [email protected].

For the retention period of any cookies used on this Site We refer to our Cookie Policy, which can be accessed through the following link: here;

Cookies

For further information on the cookies used in connection with the Website, we refer to our Cookie Policy, accessible here

Adjust: Adjust is a mobile analytics service that attributes mobile downloads. Adjust uses the data collected to attribute downloads to advertising channels, track the use of the User of the Accountable App and Accountable Services.

Security

Accountable has taken appropriate technical and organisational measures to safeguard the personal information that you provide us with, against unauthorized or unlawful processing and against accidental destruction, loss or damage.

Measures currently in place include:

Sensitive payment data is stored on protected servers located in Germany and backups are encrypted with GPG. Access to this data is limited to 2 trusted system administrators and their access to this data is continuously monitored. Trusted system administrators access the production system by authenticating via SSH, using a private key protected by a passphrase.
Customers access their information via the Accountable mobile application. The application allows customers to consult their bank statements and connects to the backend application over HTTPS.

Data breaches are detected by an array of potential triggers:

Customer complaint, as described in the previous chapter.
Abnormal activity, identified by log monitoring solutions

In case of breach, all credentials are revoked and renewed, including:

mobile application authentication tokens
database authentication credentials
system administrator authentication credentials
backup encryption keys if required

6. Who has access to your personal data?

Third parties potentially accessing your personal can only access the information they have been specifically authorized for by Accountable. This ensures limited and targeted data exposure to authorized parties. Access rights are tailored to restrict data availability to relevant and authorized individuals or entities.

Cloud Infrastructure provider

We utilize cloud infrastructure services from reputable providers to securely store and manage your data.

We make use of Amazon Web Services (AWS) to manage and host the Accountable App.
We make use of WPEngine to host the Site.

Marketing and Analytics

We engage marketing and analytics service providers to optimize our marketing efforts and gain insights into User interactions. These providers help us analyze data trends and improve our services:

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of the Site, Accountable App and Accountable Services.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Site. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Sites available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

Amplitude is a web analytics service offered by Amplitude that tracks website traffic. Amplitude uses the data collected to track the use of the User of the Site, Accountable App and Accountable Services.
Branch is a web analytic services that tracks website traffic. Branch uses the data collected to track the use of the User of the Site, Accountable App and Accountable Services.

Social Media

We make use of social media plugins to direct You to our social media channels and to allow You to interact with our content. These social media channels include Facebook, Instagram and LinkedIn. In the event You click such link, such social media service provider may collect personal data about You and may link this information to your existing profile on such social media.

We are not responsible for the use of your personal data by such social media service provider. In such case, the social media service provider will act as controller. For your information only, Wehave included the relevant links to these social media privacy policies (which may be changed from time to time by the relevant service provider):

–           Facebook: http://facebook.com/about/privacy;
–           Instagram: https://help.instagram.com/155833707900388; and
–           LinkedIn: http://linkedin.com/legal/privacy-policy.

Other sub processors

Sub-processor	Data processed	Purpose	Country	Note
Klarna	Bank transactions, bank account balances and bank account details	Bank API aggregator	Sweden	You can ask our support if your bank account is connected through Klarna
FinAPI	Bank transactions, bank account balances and bank account details	Bank API aggregator	Germany	You can ask our support if your bank account is connected through FinAPI
Ibanity	Bank transactions, bank account balances and bank account details	Bank API aggregator	Belgium	You can ask our support if your bank account is connected through Ibanity
Tink	Bank transactions, bank account balances and bank account details	Bank API aggregator	Sweden	You can ask our support if your bank account is connected through tink
Intercom	Conversations with support	Support services	Ireland
OpenAI	Expense and invoice documents (PDF and images), AI assistant queries, context for the AI assistant queries, PDF credit card statements	Extraction of text and structured data from documents, Large language model processing	United States
Anthropic	AI assistant queries, context for the AI assistant queries	Large language model processing	United States

Other third parties

(sub)contractors for assisting us in fulfilling the purposes listed above;
our accountants, auditors, lawyers or similar advisers when We ask them to provide us with professional advice; and
the competent authorities, judicial, police or administrative authorities if We are under a duty to disclose or share your personal data in order to comply with any legal obligation, a binding decision of an administrative authority or a court order.

7. International transfers

In the event your personal data collected is transferred to, stored and processed in any other country outside the European Economic Area (EEA) in which Accountable, sub-processors, sub-contractors or agents (may) maintain facilities, appropriate measures will be taken, including:

an adequacy decision by the European Commission (if any); or
a data transfer agreement, which shall contain the standard contractual clauses, as referred to in the ‘European Commission decision of 5 February 2010 (Decision 2010/87/EC).