3.3. Usage Data

3.3.1. Usage Data is certain data that is generated by usage of the Software that Visma may use to protect Data and the Software, provide, market, develop and maintain the Software and related products and services as specified below. The Customer hereby grants Visma a right to use any Usage Data that may be owned by the Customer as specified in this section 3.3. Usage Data is:

  • Technical information and traffic data, such as the type of operating system, browser type, keyboard language and IP address;
  • Aggregated customer- or user- generated data such as session durations, number of sent invoices, accounting years created, password resets, and similar;
  • Non-aggregated customer- or user- generated data such as the context and content of support tickets, chatboxes, security logs, and similar, and;
  • Limited production data, such as images, files or databases from Customer Data in certain circumstances, and subject to strict safeguards- please see 3.3.3.

Visma may also use relevant information from public or commercially available sources and combine such information with Usage Data, such as to provide lookup-functionality against business registers.

3.3.2. Personal Data: Where Usage Data contains Personal Data, such as an email or IP-address, or information about the Customer, such as customer name or organisation number, Visma is the Data Controller based on legitimate interest, and shall implement technical and organisational security measures to achieve a level of security appropriate to the risk represented by the processing:

  • Visma renders such data anonymous through certain technical processes before processing it for the below purposes, so that the data is no longer Personal Data and the Customer (or other entities, e.g. customer of customer) can no longer be identified.
  • Where anonymisation is not possible due to technical limitations, such that there is a significant risk of re-identification, or not feasible with regards to the purpose of processing as specified in 3.3.4., Visma shall implement additional appropriate security measures. (Please see 3.3.3 for examples.)
  • Usage Data is not used for any purpose that by law would require consent from the individual Data Subject.
  • The Customer and/ or Data Subject has the right to extensive information about to this data and how Visma processes it, including the right to object to such processing:

For more information about how Visma processes Usage Data, please see:


3.3.3. Limited production data is limited in each case in terms of scope, access and time, and subject to appropriate security measures.Limited production data is only used for the following purposes, as defined in 3.3.4:

  • Service and user experience improvement
  • Development and testing
  • Statistics and research
  • Security and related purposes

For example, Visma may use anonymised payment records from a certain market segment to develop or improve automated functionality, such as predictive fields or accounting automation, or use non- anonymised scanned invoice image files to develop or improve optical character recognition algorithms to better recognise particular invoice formats or languages.

Please see https://www.visma.com/trust-centre/security/vasp-vcdm/design-and-development/data-protection-and-privacy/ for additional examples and explanations of how Visma uses data in order to further improve and develop services and functionality.

The Customer may reserve against the use of limited production data for these purposes by sending an email to trust@visma.com.

3.3.4. Visma processes Usage Data solely for the following purposes:

  1. Software and user experience improvement, for example by analysing aggregate usage patterns, enabling individual user preferences or as outlined for limited production data above.
  2. Marketing and displaying relevant information, for example for complimentary or value-adding Software, for not providing marketing for Software the Customer has already subscribed to, and providing relevant market updates or information.
  3. Security and related purposes, for example by analysing session and login data (including in real-time), incident records and similar in order to prevent, investigate and document security issues and incidents (such as Breach, fraud and various forms of hacking), and improve the security of the Software.
  4. Statistics and research, for example with regards to the amount of invoices going through our systems, including using aggregated and anonymous statistics in general marketing, and as value-adding Software or services, such as in-app market statistics relevant for the Customer.
  5. Compliance. Visma may use and analyse Usage Data for compliance purposes against the TOS, for example logging when a Customer accepts the TOS.
  6. Development and testing, for example by analysing aggregate usage patterns, providing data for developing new technologies (such as outlined for limited production data above), improve user experience, load testing new or updated Software, or technology feasibility.

Visma may share Usage Data with other companies in the Visma group of companies and Partners, subject to the same terms and limitations as set forth herein.