Selgitustaotlus

Tähelepanu! Tegemist on välisvõrgust saabunud kirjaga. Tundmatu saatja korral palume linke ja faile mitte avada.

Tähelepanu! Tegemist on välisvõrgust saabunud kirjaga. Tundmatu saatja korral palume linke ja faile mitte avada.

Tere!

Palun siinkohal AKI seisukohta.

Meile (SimplBooks) teadaolevad infokillud:
1) CybrAnalytiqa OÜ ettevõtte raamatupidamise jaoks on konto meie (SimplBooks) juures registreerinud TuneUp Accounting OÜ.
2) SimplBooksile on antud konto eest maksnud TuneUp ehk siis meil on kliendisuhe TuneUp Accounting OÜ-ga (kokku umbes 3 aastat ja 3 kuud).

Olen antud teemat (andmete kuuluvust) varem ka juristilt küsinud ja siis oli vastus selline, et andmed kuuluvad sellele, kes teenuse eest maksab.
Siinkohal on minu eesmärk saada selgust ja kindlust, mis seaduslikult õige ja korrektne on, et ka mitte teise osapoole (TuneUp) õiguseid riivata.

Tehniliselt on meil võimalik mõlema osapoole kokkuleppel andmebaas koos andmetega üle anda teisele osapoolele.
Miks antud juhul seda kokkulepet saavutatud ei ole või ei soovita ei oska ma kommenteerida hetkel.

Kas või kuidas VÕS või GDPR antud juhul asjasse puutuvad pole ma jõudnud veel uurida.
Kas VÕS ei kehti mitte juriidiliste isikute ja (lõpp)tarbijate vahel?
SimplBooks kasutustingimused asuvad siin:
https://www.simplbooks.ee/kasutustingimused/

Kasutustingimustega on nõustunud mõlemad osapooled kui meie (SimplBooks) keskkonnas endale kasutaja registreerisid.

Lugupidamisega

Jaanus Reismaa | CEO
SimplBooks OÜ

W: www.SimplBooks.ee
E: [email protected]
M: +372 5 108 107

Dear Jaanus,

Thank you for your response.

First of all we are going to need some additional info in order to try to help you.

Yes indeed. This is what the https://ariregister.rik.ee/ is for:-)

This means that as far as we know the data also belongs to them.

The former accounting firm (TuneUp) has no role anymore upon termination of the relationship. During the duration of the contract, they were merely a data processor. CybrAnalytiqa OU is the data controller (the entity that owns the data), while the accounting firm was merely a data processor during the duration of the contract. Their continuing access to our data is illegal.

Estonia has a robust legal framework that governs situations where clients like CybrAnalytiqa OU need to access their data following the termination of relationships with service providers (like TuneUp). When an accounting firm (TuneUp) uses cloud software to process client data and subsequently ends its relationship with the client for any reason, several Estonian laws work in concert to protect the client's right to access their accounting data.

Estonia's Personal Data Protection Act, which implements the EU GDPR, provides clear provisions regarding the obligations of data processors and the rights of data controllers.

Estonian law robustly protects our rights to retrieve our data after ending service provider relationships, especially in cloud accounting.

    Mandatory data return: Estonian law obligates accounting firms and cloud providers to return all client data.
    Digital content clarified: Recent legal updates explicitly include cloud accounting data as protected digital content, strengthening client claims.
    Powerful enforcement: The Data Protection Inspectorate can enforce compliance and clients can seek damages or court orders if access is denied.

Võlaõigusseadus (VÕS § 189(1)): Upon termination of the accounting service agreement, the client CybrAnalytiqa OU has a statutory right to demand the return of our accounting data. Without delay.

If the software provider SimplBooks refuses to grant the client access to their data, the client can file a complaint with the Estonian Data Protection Inspectorate. The Inspectorate has authority to take enforcement actions against parties that violate data protection laws.

Are you not able to contact the accountancy firm directly?

We have no obligation to do business with an accounting firm that is not complying with the law.

If we have confirmation from both sides then we could transfer the current database ownership.

Section 34 of the Personal Data Protection Act explicitly requires SimplBooks as data processor to "co-operate with the Estonian Data Protection Inspectorate", giving this authority significant enforcement power.
Would you like to try that route and see what they have to say?

May I at this point politely remind you that SimplBooks is also in breach of Article 27 of the GDPR. Another company has been fined under Art 27 a whopping €525,000 (more than half a million Euros). The company was also given 12 weeks to comply, with an additional penalty of €20,000 for every two weeks of non-compliance, up to a maximum of €120,000. GDPR penalties are additive and apply per each individual infraction, in case you wanted to know.

I fully trust you will read the law as it applies and grant us access to our account with our accounting data swiftly.

With best regards,

Anna E. Kobylinska
CEO

--
CybrAnalytiqa OÜ
Proudly incorporated in Estonia <https://www.cybr-analytiqa.com/>
VAT number: EE102449653
EORI number: EE16407369
Reg. number: 16407369
https://ariregister.rik.ee/eng/company/16407369/

CEO: Filipe Pereira Martins
CEO: Anna E. Kobylinska
____________________ <https://www.cybr-analytiqa.com/>

Jaanus Reismaa (SimplBooks) wrote on 4/30/2025 4:27 AM:

##- Palun ärge selle joone alla kirjutage -##

Dear Anna,

Thank you for bringing this case to our attention.
First of all we are going to need some additional info in order to try to help you.

As far as I can see the company account has been created by and paid for by TuneUp Accounting OÜ.
This means that as far as we know the data also belongs to them. We have consulted our legal advisor on this matter.

However the first point you mentioned sounds like a criminal act (regarding bank account). Have you turned to police in this matter yet? Or bank?

As a side note I can assure you that we have a backup copy of your data safely stored but we cannot release that as per what I said before.

Regarding ref to GDPR then if your cooperation with them has ended then you should ask them to remove any such data that goes under GDPR.

Are you not able to contact the accountancy firm directly?
If we have confirmation from both sides then we could transfer the current database ownership.

Best regards
--
Jaanus Reismaa
SimplBooks kasutajatugi
[email protected]
+372 635 0000

Filipe Martins [CybrAnalytiqa OÜ] 30. aprill 2025, kell 12:47 Dear Julia, Dear SimplBooks support, Our former accounting provider has made an attempt to fraudulently use an invalid Power of Attorney to take over our bank accounts and appears to be misusing his access to our accounting data on SimplBooks <[email protected]>. They have blocked our access to our own data and refused to release our account. Our SimplBooks account contains data that is the rightful property of CybrAnalytiqa OÜ. It contains our customers' personally identifiable data, which is protected by the EU GDPR (General Data Protection Regulation) and other applicable laws. The rogue accounting provider has no business accessing or modifying our data as our relationship has been terminated. We politely request that SimplBooks removes any and all access permissions from "TuneUp Accounting OÜ" and transfers the account to its rightful owner, CybrAnalytiqa OÜ, <[email protected]>. The last known correct state of database is April 25th, 2025. Thank you. With best regards, Anna E. Kobylinska CEO -- CybrAnalytiqa OÜ Proudly incorporated in Estonia <https://www.cybr-analytiqa.com/> VAT number: EE102449653 EORI number: EE16407369 Reg. number: 16407369 https://ariregister.rik.ee/eng/company/16407369/ CEO: Filipe Pereira Martins CEO: Anna E. Kobylinska ____________________ <https://www.cybr-analytiqa.com/>

[4ENWJM-D237Y]