This policy explains how MyCompanyDesk protects data, keeps access controlled, and ensures that billing and rental records remain secure.
We design our platform around clear access controls, strong auditing, and data minimization.
We collect only what we need to operate the platform. No unnecessary data gathering.
Role-based permissions keep sensitive data restricted to authorized team members only.
Clear documentation and export options at all times. You always know how your data is used.
The controller responsible for processing your personal data under the General Data Protection Regulation (GDPR) is:
Domain: MyCompanyDesk
Operated by: Sil van Rijnberk
Contact: support@mycompanydesk.com | +31 6 401 196 17
Supervisory authority: Autoriteit Persoonsgegevens (Dutch Data Protection Authority), www.autoriteitpersoonsgegevens.nl
We only process personal data when there is a lawful basis to do so.
Name, username, email address, and company information needed to provide the service.
Invoices, assets, rental contracts, and VAT data you input into the platform.
Logins, device information, and feature usage analytics to improve the service.
Billing information processed through our trusted payment providers.
Under Article 6 of the GDPR, we process your personal data based on the following legal grounds.
Processing necessary for providing the MyCompanyDesk service you signed up for (Art. 6(1)(b) GDPR) — including account management, invoicing, and data storage.
Processing required by law (Art. 6(1)(c) GDPR), such as the Dutch fiscal retention obligation (Art. 52 AWR — 7-year retention of financial records) and tax reporting.
Processing based on our legitimate interest (Art. 6(1)(f) GDPR), such as platform security, fraud prevention, and service improvement — balanced against your rights and freedoms.
Where we rely on your consent (Art. 6(1)(a) GDPR), such as for optional analytics cookies, you may withdraw consent at any time without affecting prior processing.
Provide, operate, and improve the MyCompanyDesk services.
Authenticate users and secure accounts.
Process payments and issue invoices or receipts.
Send updates, service notices, and support responses.
Comply with legal and regulatory obligations.
To help our users understand how their customers interact with invoices and documents, MyCompanyDesk uses the following tracking technologies. These are applied on behalf of our users (who act as data controllers for their own customers).
Invoice emails may contain a small transparent image (tracking pixel). When the email is opened and the image is loaded, an “email opened” event is recorded, including a privacy-preserving hash of the recipient’s IP address, the date/time, and user-agent information.
Downloaded invoice PDFs may contain an embedded tracking image. When the PDF is opened in a viewer that loads remote resources, a “PDF opened” event is recorded with the same privacy-preserving data as email tracking.
When customers view invoices through the customer portal, actions such as viewing, downloading, copying payment details, and confirming payment are recorded to provide the invoice sender with delivery and engagement insights.
All tracking data is stored with privacy-preserving measures: IP addresses are hashed (only the first 8 characters of a SHA-256 hash are retained), user-agent strings are truncated, and events are only accessible to the invoice sender. Tracking data is subject to our standard data retention policies.
Administrative, technical, and physical safeguards protect your information. Access to production data is restricted.
Essential cookies keep sessions secure. Analytics help us understand usage patterns and improve workflows.
We work with vetted providers for hosting, email, and payments, bound by confidentiality agreements.
Standard contractual clauses ensure data protection when processed outside your region.
You have control over your personal data.
Access and receive a copy of your personal data.
Request correction of inaccurate or incomplete data.
Request deletion of your data, subject to legal obligations.
Object to or restrict certain processing activities.
Data portability where applicable.
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing (Art. 7(3) GDPR).
You have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) at autoriteitpersoonsgegevens.nl.
We retain personal data only as long as necessary to provide the service, meet legal requirements, resolve disputes, and enforce agreements. You can request deletion at any time.
If a personal data breach occurs, we will notify the Autoriteit Persoonsgegevens within 72 hours of becoming aware (Art. 33 GDPR). If the breach is likely to result in a high risk to your rights, we will also notify you without undue delay (Art. 34 GDPR). Our response plan includes containment, investigation, remediation, and communication.
MyCompanyDesk is a business tool and is not intended for use by individuals under the age of 16 (in accordance with Article 8 GDPR and the Dutch UAVG). We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.
MyCompanyDesk does not use automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22 GDPR). Any analytics we perform are for service improvement only and do not affect your rights or access to the platform.
Contact us at support@mycompanydesk.com for any privacy-related questions. We may update this Privacy Policy from time to time — the latest version will always be available here.