GDPR Compliance

Last updated: May 24, 2026

Our Commitment to GDPR

Invoice Stork is committed to protecting the privacy and data rights of all users, including those in the European Union. We comply with the General Data Protection Regulation (GDPR) requirements for data collection, processing, and storage.

Data Controller

For the purposes of GDPR, the data controller is Nearby Technologies Ltd, the company that owns and operates Invoice Stork.

Contact Information:
Nearby Technologies Ltd
Email: dpo@invoicestork.com

Your Rights Under GDPR

As an EU resident, you have the following rights:

  • Right to Access - Request a copy of your personal data
  • Right to Rectification - Correct inaccurate or incomplete data
  • Right to Erasure - Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing - Limit how we use your data
  • Right to Data Portability - Receive your data in a machine-readable format
  • Right to Object - Object to data processing for specific purposes
  • Right to Withdraw Consent - Withdraw previously given consent

Legal Basis for Processing

We process your data based on:

  • Contract fulfillment (providing our invoicing service)
  • Legal obligations (tax and compliance requirements)
  • Legitimate interests (improving our service)
  • Consent (for marketing communications)

Data Processing Agreement (DPA)

For enterprise customers requiring a Data Processing Agreement, please contact dpa@invoicestork.com. We will provide our standard DPA that includes EU Standard Contractual Clauses.

Data Protection Officer (DPO)

To exercise your GDPR rights or contact our Data Protection Officer:

Email: dpo@invoicestork.com

We respond to all requests within 30 days.

Subprocessors

We use carefully selected third-party subprocessors to provide our services, all of whom comply with GDPR requirements. These include:

  • Infrastructure hosting providers (GDPR compliant, data stored in the EU)
  • Payment processing partners (fully GDPR compliant)
  • Email and communication services (GDPR compliant)

For a complete list of subprocessors, please contact our Data Protection Officer.

International Data Transfers

When transferring data outside the EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) adopted by the European Commission.

Data Retention

We retain your personal data only as long as necessary to provide our services and comply with legal obligations (typically 7 years for tax-related data). You may request earlier deletion of your data by contacting our support team.

Security Measures

We implement industry-standard security measures including encryption, access controls, regular security audits, and employee training to protect your personal data.

Right to Lodge a Complaint

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority.