Protection of your data
This Policy explains how HD Office S.R.L. ("we", "Voilo") processes personal data of users and their contacts in the context of the Voilo application and our services.
Table of Contents
Navigate quickly to the sections that interest you
1. Who we are
Data Controller
HD Office S.R.L.
Our roles
For your account data, billing, activity in the application
For data you process concerning your clients and projects
2. What data we collect
Types of data processed according to your use of Voilo
Identification data
Name, first name, position, company name, CBE/VAT, address, email, phone
Account data
Identifier, language, roles/permissions, connection and activity logs
Operational data
Projects, teams, hours worked, time tracking, check-in/check-out, real-time presence
Transactional data
Quotes, invoices, opening status, dates/deadlines, payments
Communication data
PEPPOL identifiers, delivery path, email status, postal sending proofs
Technical data
IP address, device/browser type, cookies/similar technologies
Enhanced protection
We do not knowingly request or process special categories of data (health data, etc.) or data from minors. By default, we do not collect GPS coordinates unless this feature is explicitly activated.
3. Purposes and legal bases
Why and on what legal basis we process your data
Provision of Voilo services
Account creation, project management, time tracking, quotes, billing, reports
Invoice delivery
Support & Security
Customer support, operational communications and security
Legal compliance
Retention of tax documents and accounting
4. Data recipients
With whom we share your data, only when necessary
IT providers (sub-processors)
PEPPOL Network
Access Point Provider for compliant invoice delivery
Public authorities
When required by law
What we never do
We never sell or rent your data to third parties.
5. Transfers outside EU/EEA
Transparency on where your data is stored
Principle: Primary hosting within the EU/EEA
Voilo's primary hosting (Hetzner servers in Germany) and the user database remain within the European Union. The majority of your data processing takes place within the EU/EEA.
Limited transfers to the United States
Certain sub-processors are based in the United States and may process data there for specific purposes:
Safeguards applied to these transfers
For each transfer outside the EU, we apply cumulatively the following legal and technical safeguards, in accordance with art. 44 to 49 GDPR:
7. Security
Technical and organizational protection measures
Encryption
Encryption in transit and at rest to protect your data at every step
Access control
Role-based access control to limit access to sensitive data
Monitoring
Logging and security alerts to detect suspicious activities
Backups
Regular backups and recovery tests to ensure continuity
6. Data retention
Retention periods according to data type
Account data
Kept while the account is active; deleted immediately upon closure
Fiscal documents (invoices, CN)
Voilo hosts during contract; legal retention (10 years) remains the Client's responsibility
Technical logs
Automatic rotation by our hosting providers (Supabase, Hetzner)
Time tracking/presence
Data controlled by the Client; deleted on account closure
Marketing
Of consent or opt-out at any time
Client responsibility: export before deleting
Voilo is a technical management tool. The legal retention of fiscal, accounting and any other probative data is the exclusive responsibility of the Client (or their accountant), in accordance with the Belgian VAT Code (10 years), the Code of Economic Law (7 years for accounting) and any other applicable obligation. Before deleting their account or data, the Client MUST export and archive themselves all their invoices, credit notes, quotes, payslips and any document with fiscal value. Voilo declines all liability in case of data loss following a deletion requested by the Client.
Effective account deletion
When the account is closed (voluntary action by the Client from their settings), all data is permanently and irreversibly deleted. No backup copy is kept by Voilo after deletion.
8. Your rights (art. 15–22 GDPR)
You have the following rights, within legal limits
Access
Access to your data
Rectification
Rectification of inaccurate data
Erasure
Erasure ("right to be forgotten")
Restriction
Restriction of processing
Portability
Data portability
Objection
Objection to processing
Withdrawal
Withdrawal of consent
Automated decision
Protection against automated decisions
How to exercise your rights
To exercise your rights, write to us at support@voilo.eu. We will respond within legal deadlines.
Right to complaint
You also have the right to lodge a complaint with the supervisory authority of your country.
10. Minors
Special protection of minors' data
Services not intended for minors
Our services are not intended for minors. We do not knowingly collect data concerning persons under 18 years of age.
11. Policy updates
How we inform you of changes
Possible evolutions
We may update this Policy to reflect legal or operational developments.
Substantial modifications
In case of substantial modifications, we will notify you through appropriate channels (email, in-app notification, etc.).
Annex – Voilo Specificities
Document delivery and traceability
PEPPOL
We use the PEPPOL network to transmit invoices in accordance with legal requirements, with complete event traceability.
Proofs
We keep proofs of sending/receipt/opening for compliance, proof and customer support purposes, for the periods indicated in this policy.
Contact
For any question, right or request relating to data protection
Our data protection team will respond to you as soon as possible