Effective Date: 06.05.2026
Last Updated: 06.05.2026
Version: 1.0
INTRODUCTION
Billingo Technologies Closed Company Limited by Shares (hereinafter: "Data Controller", "Service Provider", or "Billingo") provides a cloud-based Software-as-a-Service (SaaS) invoicing and business management platform. We are committed to maintaining the highest standards of data protection and privacy.
This Privacy Policy (the "Policy") outlines how we collect, use, store, and protect personal data within the Billingo Dubai ecosystem. This document is designed to ensure compliance with the EU General Data Protection Regulation (GDPR) and the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL).
1. DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)
The entity responsible for the processing of your personal data is
Name: Billingo Technologies CPLC
Registered Office: 1133 Budapest, Árboc utca 6. I. emelet, Hungary
Company Registration Number: 01-10-140802
Email: info@billingo.com
Data Protection Officer (DPO)
Name: Dr. Zalán Gyetvai Attorney-at-Law
DPO Email: adatvedelem@billingo.com
2. LEGAL FRAMEWORK AND GUIDING PRINCIPLES
Billingo Technologies CPLC operates under a dual-compliance framework, aligning its operations with both the GDPR (due to its European headquarters) and the UAE PDPL (due to its service provision in the UAE).
In accordance with Article 5 of the GDPR and the core provisions of the UAE PDPL, we adhere to the following principles:
Lawfulness, Fairness, and Transparency: Data is processed legally and transparently.
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
Data Minimization: We only process data that is strictly necessary for the service.
Accuracy: We take every reasonable step to ensure data is accurate and up to date.
Storage Limitation: Data is kept in a form which permits identification for no longer than is necessary.
Integrity and Confidentiality: We utilize robust technical and organizational measures to ensure security against unauthorized processing, loss, or destruction.
Accountability: The Data Controller is responsible for, and must be able to demonstrate compliance with, all the above.
3. LEGAL BASIS FOR PROCESSING
We process data based on the following legal grounds:
Performance of a Contract: To provide the SaaS license, manage accounts, and deliver customer support.
Legal Obligation: To comply with tax, accounting, and anti-money laundering regulations (e.g., UAE Federal Decree-Law on Tax Procedures).
Legitimate Interest: To ensure platform security, prevent fraud, and improve service functionality.
Consent: For marketing communications (newsletters) or specific analytical cookies.
4. DATA INFRASTRUCTURE AND GLOBAL TRANSFERS (AWS INDIA)
To ensure high availability, low latency, and regional performance for our Middle Eastern users, Billingo Technologies CPLC utilizes the Amazon Web Services (AWS) cloud infrastructure.
Data Processor: Amazon Web Services EMEA SARL ("AWS").
Data Storage Locations: Asia Pacific (Mumbai) Region (ap-south-1).
International Transfer Mechanism: Since data is transferred from the EU/UAE to India, Billingo Technologies CPLC implements the Standard Contractual Clauses (SCCs) approved by the European Commission.
Supplementary Measures: All data is protected by AES-256 encryption at rest and TLS 1.2+ encryption in transit. Billingo Technologies CPLC maintains exclusive control over encryption keys (Bring Your Own Key/Client-Side Encryption where applicable).
5. THIRD-PARTY SERVICE PROVIDERS
We engage reputable third-party sub-processors to facilitate specific functions:
Payment Processing: Stripe (Processing payment data in compliance with PCI-DSS standards). Stripe acts as an independent or joint controller for fraud prevention and financial compliance.
Communication & Support: Tools used for transactional emails and customer service ticketing.
Analytics: Aggregated and anonymized usage data to monitor system health.
All third-party providers are vetted for GDPR/UAE PDPL compliance and are bound by Data Processing Agreements (DPAs).
6. DATA SECURITY MEASURES
Billingo Technologies CPLC employs a "Security-by-Design" and "Security-by-Default" approach:
Access Control: Strict Identity and Access Management (IAM) based on the "Principle of Least Privilege."
Multi-Factor Authentication (MFA): Mandatory for administrative access.
Vulnerability Management: Regular penetration testing and automated security scans.
Incident Response: A formalized breach notification protocol to inform the UAE Data Office and/or the NAIH (Hungary) within 72 hours of discovery, where required.
7. DATA RETENTION PERIODS
Account Data: Retained for the duration of the active subscription.
Accounting & Tax Documents: Under UAE Tax Law, records must be maintained for 7 years. Under Hungarian Accounting Law, certain documents must be kept for 13 years.
Deleted Accounts: Upon a permanent deletion request, all personal data is purged from active databases within 30 days, subject to statutory retention requirements.
8. DATA SUBJECT RIGHTS
Under international standards, you hold the following rights:
Right to Access: Obtain a copy of your personal data and information about its processing.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of data where it is no longer necessary or the legal basis has expired.
Right to Portability: Receive your data in a structured, machine-readable format (e.g., JSON/CSV).
Right to Restrict Processing: Limit how we use your data during disputes.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
9. REMEDIES AND SUPERVISORY AUTHORITIES
If you believe your data protection rights have been violated, we encourage you to contact our DPO first at adatvedelem@billingo.com
You also have the right to lodge a complaint with the competent authorities:
UAE Data Office: The federal regulator for data protection in the United Arab Emirates.
NAIH (Hungary): National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – www.naih.hu).
Judicial Redress: You may also seek a remedy through the competent courts in Budapest, Hungary, or your place of residence in the UAE.
***
Billingo Technologies CPLC