GDPR – STAX BILL’S STATEMENT OF SUPPORT
At Stax Bill, we take personal data information obligations very seriously.
Together with our Privacy Policy, this document will help you better understand the personal information we collect, why we collect it, how we use personal data and how we protect it. In full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) which came into effect on May 25, 2018, it also explains the various rights of the data subject, including the right of access and the right to erasure (aka “the right to be forgotten”).
What You Should Know
The GDPR distinguishes between a Data Controller (the legal entity that determines the purpose for which, and the manner in which, any personal data is collected) and a Data Processor (the legal entity responsible for the handling of personal data on behalf of the Data Controller). Stax Bill is a Data Processor. In most cases, Stax Bill merchants are Data Controllers and as such, are responsible for a variety of data protection policies and practices related to notice, collection, retention, access and erasure (aka the “right to be forgotten”). Stax Bill processes personal data as necessary for the purposes of the legitimate interests pursued by Stax Bill and the Data Controllers.
How Stax Bill Can Help
In keeping with our obligations as a Data Processor, Stax Billpromises to:
- Keep personal data safe, secure, and private
- Process personal data in a manner that ensures appropriate security, using lawful, fair and transparent means
- Disclose our sub-processors and responsibly monitor their GDPR compliance
- Keep all required compliance records and audit logs
- Make available tools to handle data subject requests, such as the right-to-erasure and right-to-access
- Provide timely notice of personal data breaches
The Data Processing Addendum
To satisfy the GDPR, each Data Controller must receive “sufficient guarantees” from its Data Processors that they can implement measures (technical and organizational) to meet the requirements of the GDPR. Since there are currently no codes of conduct or certifications upon which Data Controllers can rely, standard contractual clauses and data processing agreements are quickly becoming the norm.
Stax Bill’s Data Processing Addendum is available here: Download. If you are an existing Stax Bill customer or partner, our Data Processing Addendum amends your Services Agreement or Reseller Agreement, as applicable and governs the processing of any personal data which is provided or made available to us.
Sub-Processors
We use the following third party data processors when providing our Stax Bill Service and Website:
| Sub-Processor | Service | Purpose of Processing | Jurisdiction |
| Logshero LTD | Logz.io | Third Party logging for application logs | Israel |
| Twilio Inc. | SendGrid | Sending emails from Stax Bill | USA |
| Twilio Inc. | Twilio (if enabled for sending emails inside of Stax Bill) | Sending SMS from Stax Bill | USA |
| Solarwinds | AppOptics | Application performance monitoring | USA |
| Appcues Inc. | Appcues | Product tutorials and walk throughs within the Stax Bill application | USA |
| Microsoft Corporation | Azure | Image storage for invoices and hosted pages | Canada |
| Hubspot Inc. | Hubspot | Content management system for staxbill.com and Marketing platform | USA |
| Quora Inc | Quora | Advertising cookies | USA |
| Alphabet Inc. | Google Analytics | Website metrics for marketing site and application usage | USA |
| Microsoft Corporation | Bing | Advertising cookies | USA |
| Twitter Inc. | Advertising cookies | USA | |
| Facebook Inc. | Advertising cookies | USA | |
| Zendesk Inc. | Zendesk | Customer support management and Knowledgebase hosting for support.staxbill.com | USA |
Integration Partners
You also have the option to enable additional Stax Bill integrations (either built-in or through our APIs or webhooks). We do NOT directly evaluate or attest to the GDPR qualifications of our integration partners. Each merchant is responsible for evaluating any third-party before creating or enabling an integration. These include, but are not limited to:
- Avalara
- Quickbooks Online
- Salesforce
- NetSuite
- Hubsot
- Digital River
- Authorize.Net
- Stripe
- Braintree
- Paypal Payflow Pro
- First Data
- Moneris Canada / Moneris USA
- Chase Paymentech
- Vantiv
- Litle
- QuickBooks
- CyberSource
- Card Access
- WePay
Who Is Stax Bill’s Data Protection Officer (DPO)?
The DPO is Tj Carlson, VP of Revenue at Stax Bill Inc. You can contact him at [email protected].
How Can You Request Access to, Rectification of, or a Restriction on Processing of, Your Personal Information?
We recommend you first contact the Data Controller (i.e. the merchant organization to whom Stax Bill is providing the Fusebill Service).
You may request a full report on the personal information we hold for you by sending an e-mail to [email protected]. However, we may be required under our contractual and legal obligations to the Data Controller to forward your request to the Data Controller.
In the subject line, please indicate “Request for Personal Information”. In your email, please specify:
- Your full name
- Whether you are an individual or a representative of a Data Controller
- If you are an individual, the name of your Data Controller (i.e. the merchant organization to whom Stax Bill is providing the Stax Bill Service).
We will endeavor to fulfill all access requests within 30 days of our receipt.
How Can You Request Deletion of Your Personal Information?
We recommend you first contact the Data Controller (i.e. the merchant organization to whom Stax Bill is providing the Fusebill Service).
You may request deletion of personal information by sending an e-mail to [email protected]. However, we may be required under our contractual and legal obligations to the Data Controller to forward your request to the Data Controller.
In the subject line, please indicate “Request for Deletion”. In your email, please specify:
- Your full name
- Whether you are an individual or a representative of a Data Controller
- If you are an individual, the name of your Data Controller (i.e. the merchant organization to whom Stax Bill is providing the Stax Bill Service).
We will endeavor to fulfill all access requests within 30 days of our receipt.
How Can You Contact Us?
If you have any questions about this document or our Privacy Policy, please contact us directly at [email protected].
Last Updated: March 1, 2021