In this article
1. The relevance of data protection in the context of using Banana Accounting.
It is highly likely that the vast majority of Banana Accounting users are subject to regulations that protect the privacy and fundamental rights of individuals whose personal data is being processed. The General Data Protection Regulation (GDPR) of the European Union or the Swiss Federal Data Protection Act (LPD) are examples of such regulations that safeguard privacy.
To the extent that accounting data concerns an identified or identifiable natural person, they should be considered as personal data, and their processing is therefore subject to data protection regulations. Consequently, Banana Accounting users must ensure that the processing of data carried out through Banana Accounting complies with the applicable data protection regulations (GDPR and/or LPD and/or other data protection regulations)
It should also be noted here that generally, the maintenance of accounting records is prescribed by law, so it is reasonable to assume that in the majority of cases, it is legitimate and justified to collect the necessary information for accounting purposes, even when this information constitutes personal data, and to make such information available to auditors and tax authorities.
In this context, Banana Accounting is a software which provides some features to help users manage data protection correctly and comply with applicable data protection regulations. However, Banana Accounting cannot be certified as a tool compliant with data protection regulations because compliance is solely determined by the user's usage of the software and its features.
It is, therefore, the sole responsibility of the user to ensure that the use of Banana Accounting complies with the applicable data protection regulations. In this context, Banana.ch SA has no role, either as a data controller or as a data processor.
Below, we provide you with some features that Banana Accounting offers to users and that can help users correctly apply data protection regulations.
2. What information to collect and save
Banana Accounting, as Excel and other software, allows users to manage collections of data of any kind and input any type of information.
Banana Accounting does not have direct features for automatic data collection and gives users complete freedom to decide what data to collect and save. It is the user's responsibility to determine if the type of data is personal or particularly sensitive and which data should and can be collected, entered into the software, processed, and stored. It is the user's responsibility to ensure that such data processing is carried out appropriately and in compliance with regulations.
If personal data is collected and processed in large quantities and/or of a particularly sensitive nature and/or related to an industry subject to specific regulations, or if there are any doubts of any kind, it is advisable to carefully assess whether Banana Accounting meets specific data protection needs and regulations.
3. How and where data is stored
In Banana Accounting, all accounting data is saved in a single archive. Typically, one file is used for each accounting year.
Banana Accounting does not provide a cloud system but allows users to choose where to store the accounting file generated by the software. It is possible to store the files on a local computer, on removable devices, on a network server, or in a cloud system accessible to the user, such as OneDrive, Dropbox, iCloud, Google Drive, etc.
Access and the ability to copy and transfer files generated by Banana Accounting are managed by the user and depend on how file access has been defined within the user's operating system or cloud system. It is the user's responsibility to ensure that data is stored appropriately and that the file is accessible only to authorized personnel.
Banana Accounting does not include a system that limits access to data. Anyone in possession of the file can easily access its contents. It is the user's responsibility to define appropriate technical and organizational measures to prevent potential access by unauthorized individuals.
Banana Accounting allows for limiting access to the file with a password. However, the data contained in the file is not encrypted. If the nature of the data requires special protection, it is necessary for the user to use software to encrypt the file with the necessary level of security.
When Banana Accounting saves data, the software creates a copy of the previous archive and generates a temporary archive for modified but unsaved data. These data contain copies of accounting data and may therefore also include personal data. If you remove data from a computer, it is essential to ensure that the associated archives are also deleted. The same principle applies when exporting data to other formats (e.g., PDF).
In order to keep accounting data separate, it is necessary to generate copies of the accounting files.
If backup systems are used, it should be noted that any copies of the accounting files will also be present in the backups.
4. How long to retain the data
The retention period for accounting data depends on the regulations applicable to the user.
To limit access to old data, it is, for example, possible to save them on external data storage media, disconnected from computers. This also serves as an effective measure against cyberattacks.
In order to delete data that is no longer needed, you can erase the accounting archive.
By opening the file in Banana Accounting, you can proceed to delete information stored in the software. However, it is necessary to consider the following:
- Often, the regulations applicable to accounting require that accounting data should not be modified retrospectively. Deleting or correcting accounting data from previous years, even if they are incorrect, could therefore violate applicable rules.
- When starting a new fiscal year, it is recommended to remove accounts from the chart of accounts that contain personal data and are no longer in use.
- Inaccurate information should be corrected at the appropriate time.
- Banana Accounting does not keep track of deleted data and changes made. Therefore, it is the responsibility of the user, if necessary, to keep copies of deleted or modified files or to track the changes made.
5. Rights of interested parties
The data protection regulations require that the data controller must provide certain rights to individuals whose data is processed. Banana Accounting provides some features that can help fulfill these obligations, for example:
- Right of access.
Data subjects have the right to access their personal data and obtain information on how this personal data is being processed. Banana Accounting provides a search functionality in accounting files that allows users to locate the requested data. - Right to rectification.
When personal data is incorrect, it must be amended.
Banana Accounting allows for data modification. However, it is essential to ensure that any modification does not contradict the prohibition on altering accounting data mentioned earlier. - Right to delete.
The interested party has the right to request the erasure of their personal data. Banana Accounting allows for data deletion. However, it is essential to ensure that any deletion is not in conflict with (i) the prohibition on altering accounting data mentioned earlier and (ii) legal obligations that require data retention. Often, data protection regulations also stipulate that the data controller may refuse to erase data if there is a legitimate justification for data retention - Right to data portability.
The interested party can demand from the data controller the delivery of their personal data provided to the controller, in a commonly used electronic format. Banana Accounting provides various methods for exporting data.
The information contained in this page is not exhaustive and should be understood as a general input on data protection matters. In order to ensure compliance with applicable data protection regulations when using Banana Accounting, we recommend that users consult their legal advisors, local authorities responsible for privacy protection, and/or refer to the numerous publicly available resources online.
We are, however, always available for further information or clarifications regarding the features provided by Banana Accounting