1. Introduction
This Privacy and Cookie Policy (“Policy”) sets out the basis on which Anyscript Ltd, a limited liability company registered in the Republic of Cyprus (Reg. No. HE 370944), trading as “Balabook” (hereinafter referred to as “Balabook”, “we”, “us”, or “our”), processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Cyprus Law 125(I)/2018, and other applicable data protection laws. This Policy applies to all users of the Balabook platform, including customers, accountants, authorised users, and other individuals whose data we process in the course of delivering our services.
By accessing or using the Balabook platform or otherwise providing us with personal data, you acknowledge and agree to the terms set forth herein.
2. Data Controller and Contact Information
Balabook is the data controller in respect of personal data processed in connection with the provision of its services, except where it acts as a processor on behalf of its customers (for example, accountants using Balabook to manage end-client data).
For any queries regarding this Policy or to exercise your rights under data protection law, you may contact our Data Protection Officer at:
Email: privacy@balabook.com
Postal Address: Spyrou Kyprianou 40, Economides House, 2nd Floor, 3076 Limassol, Cyprus.
3. Categories of Personal Data Processed
Balabook may collect and process the following categories of personal data, depending on the nature of your use of our services:
- Identification and contact information, including names, business names, email addresses, postal addresses, telephone numbers, and company affiliation.
- Authentication and account data, including login credentials, user roles, and subscription history.
- Financial and transactional data, including bank account identifiers, payment records, tax identification numbers, invoice data, and information derived from third-party integrations such as GoCardless.
- Payroll-related information, including employee names, national tax identifiers, salary details (past, present, and projected), and payslip records, where customers use Balabook’s payroll functionality.
- Technical and usage data, including IP addresses, browser types, device information, session data, and other analytics gathered through cookies and tracking technologies.
- Communications data, including support queries, email correspondence, feedback, and interaction logs with our AI services or support agents.
We do not intentionally collect special categories of personal data unless explicitly required to provide a specific service and such processing is subject to appropriate safeguards.
3. Legal Basis for Processing
Balabook processes personal data on the following lawful bases:
(a) Performance of a contract: To provide you with access to the Balabook platform and associated services, including account management, billing, payroll, and integrations.
(b) Legal obligation: To comply with obligations under Cypriot or EU law, such as tax compliance, anti-money laundering, and record retention.
(c) Legitimate interests: To operate, maintain, and improve our platform, ensure security, monitor for fraudulent activity, and communicate with users in the context of our business relationship.
(d) Consent: In limited cases, where legally required (e.g., for optional marketing communications or non-essential cookies), we rely on your consent, which may be withdrawn at any time.
5. Purposes of Processing
The personal data we process is used exclusively for lawful and specific purposes, including:
- Creating and managing user accounts, including authentication and role assignment;
- Providing accounting, payroll, AI-based, and financial management services;
- Processing payments and managing subscriptions, including via GoCardless;
- Communicating with users regarding service updates, changes, or support matters;
- Facilitating lawful data processing on behalf of accountants and customers, including tax and payroll reporting obligations;
- Ensuring the security, stability, and optimisation of our systems and services;
- Enforcing our contractual terms and managing potential legal claims or disputes.
Balabook does not use AI-generated outputs for binding decision-making. Any information generated through AI-powered services is provided solely as an assistive tool. Users are responsible for independently validating and verifying all AI-generated content before relying on it.
6. Recipients of Personal Data
Personal data may be shared with the following categories of recipients, where necessary and lawful:
- Service providers acting as processors under our instructions, including providers of hosting, analytics, support, email delivery, document generation, and financial integrations (such as GoCardless);
- Sub-processors contracted under our Data Processing Agreement and listed upon request;
- Accountants, advisors, or other professionals authorised by our customers to access data;
- Public authorities or courts where required by applicable law or regulatory obligation;
- Acquirers or legal successors in the event of a merger, acquisition, or sale of assets.
All sub-processors are contractually bound to adhere to equivalent data protection obligations as those contained in this Policy.
7. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), Balabook ensures that such transfers are conducted in compliance with Chapter V of the GDPR. We rely on appropriate safeguards, including:
- Adequacy decisions issued by the European Commission;
- Standard Contractual Clauses approved by the European Commission;
- Other lawful transfer mechanisms as permitted by applicable law.
You may request further information on the specific safeguards applicable to your data by contacting privacy@balabook.com.
8. Data Retention
Balabook retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable legal and regulatory obligations. Unless otherwise mandated, data may be retained for up to seven (7) years following account closure or contract termination, particularly for tax and accounting purposes.
Data submitted through AI interactions or analytics logs may be anonymised or deleted on a shorter rolling basis, unless otherwise justified by business necessity or consent.
9. Security of Processing
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks involved. These measures include:
- Encryption of data in transit and at rest;
- Access controls and user authentication protocols;
- Periodic security assessments and patching procedures;
- Regular backups and business continuity planning;
- Confidentiality obligations and training for staff with access to personal data.
10. Data Subject Rights
In accordance with Articles 12–23 of the GDPR, you have the following rights with respect to your personal data:
- The right to access your personal data and obtain a copy thereof;
- The right to rectify inaccurate or incomplete data;
- The right to erase personal data where there is no overriding legal ground for retention;
- The right to restrict processing in specific circumstances;
- The right to object to processing based on legitimate interests;
- The right to data portability where processing is based on consent or contract and carried out by automated means;
- The right not to be subject to automated decision-making, including profiling, with legal or significant effects.
To exercise your rights, please contact us at privacy@balabook.com. We may request proof of identity before fulfilling your request. You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection at www.dataprotection.gov.cy.
11. Cookies and Tracking Technologies
Balabook uses cookies and similar technologies to operate our platform and enhance user experience. Cookies may be placed by us or by third-party service providers.
Cookies used include:
- Strictly necessary cookies, required for essential site functionality;
- Analytics cookies, used to understand user behaviour and improve performance;
- Functional cookies, used to remember user preferences;
- Advertising and tracking cookies, used for targeted marketing, only with your explicit consent and not inside the Balabook platform but only outside of our authenticated session.
You can manage or withdraw your cookie consent at any time via your browser settings or our cookie management interface.
12. Updates to this Policy
We may update this Policy from time to time to reflect changes in legal, technical, or business developments. Where changes are material, we will take reasonable steps to notify users, such as via email or platform notices. Continued use of the platform constitutes your acceptance of the revised terms.
.gif)
