GDPR Compliance

At Bison Books Invoicing, we are committed to protecting your privacy and ensuring the security of your personal data. This GDPR Compliance page outlines how we comply with the General Data Protection Regulation (GDPR) and your rights regarding your personal data.

Under the GDPR, you have the following rights: • Right to Access: You can request a copy of your personal data that we hold. • Right to Rectification: You can request correction of inaccurate personal data. • Right to Erasure: You can request deletion of your personal data ("right to be forgotten"). • Right to Restrict Processing: You can request limitation of processing your personal data. • Right to Data Portability: You can request transfer of your data to another service. • Right to Object: You can object to processing of your personal data. • Right to Withdraw Consent: You can withdraw your consent at any time. • Right to Lodge a Complaint: You can file a complaint with a supervisory authority.

We process your personal data in accordance with GDPR principles: • Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and transparently. • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes. • Data Minimization: We only collect data that is necessary for our purposes. • Accuracy: We keep your data accurate and up to date. • Storage Limitation: We retain data only for as long as necessary. • Integrity and Confidentiality: We process data securely and protect against unauthorized access. • Accountability: We demonstrate compliance with GDPR principles.

We process your personal data based on the following legal grounds: • Contract: Processing is necessary for the performance of a contract. • Legal Obligation: Processing is necessary to comply with legal obligations. • Legitimate Interests: Processing is necessary for our legitimate interests. • Consent: Processing is based on your explicit consent. • Vital Interests: Processing is necessary to protect vital interests. • Public Task: Processing is necessary for the performance of a public task.

We implement appropriate technical and organizational measures to ensure data security: • Encryption of personal data • Regular security assessments • Access controls and authentication • Staff training on data protection • Incident response procedures • Regular backups and recovery systems • Data minimization practices • Privacy by design and default

When we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place: • Standard Contractual Clauses • Adequacy Decisions • Binding Corporate Rules • Appropriate security measures • Regular monitoring of transfers

In case of a data breach, we have procedures in place to: • Detect and report breaches • Assess the risk to individuals • Notify affected individuals • Notify relevant authorities • Document all breaches • Take remedial action • Review and improve security measures

We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with GDPR. You can contact our DPO at: Email: thebisonapp@gmail.com Address: No. 13 Asa Afariogun Street, Ajao Estate, Lagos State

To exercise your GDPR rights, you can: 1. Contact us directly through our support channels 2. Use our data request form 3. Email our Data Protection Officer 4. Call our support line We will respond to your request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

We may update this GDPR Compliance page from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Please check this page regularly to stay informed about how we protect your data.