Privacy Policy

This privacy statement is about how Tjommi AS ("we", "us", "Tjommi AS") processes and collects personal information about you when you use the Tjommi service ("Tjommi", "the Service", "the App"), as well as your privacy law rights. We are responsible for processing when personal data is processed in connection with your use of Tjommi and can be reached at +45 50923333 if you have questions about this statement or your rights. To use Tjommi, you must approve an agreement on terms of use. This privacy statement is included in this agreement, and we will ask you to read through and approve what is written here before you can use Tjommi.

What information is processed?

The information we collect and the process is as follows:

  • Name
  • Your receipts, and the information on them
  • Transactions completed in the app
  • Account number
  • Card information

Tjommi also needs access to the following functions on your device, and will ask you for permission when these are needed:

  • Access to Camera Roll, Files (Folder Structure)
  • Push notifications

How the information is obtained

The personal information described above, apart from receipts and transactions, is collected when you register or update your user in Tjommi. The receipts are collected when you enter them in Tjommi. Transactions are updated when you transfer an amount through Tjommi. Card information is used exclusively for payments by our payment provider, Stripe.

Why is the information processed?

Personal information is collected and processed by us solely to provide the service.

Personnel as described above can be used when we contact companies on your behalf, and the telephone number is used for login. Receipts are processed to find information about offers, and transactions are processed for payment of Remuneration when you approve that we contact a company on your behalf, as well as when a company we contact pays you back the Difference.

In the event of an important change to Tjommi, the terms of use or this privacy statement, we may use your e-mail or telephone number to inform you of this. This is only done when this information is important for your rights or the way Tjommi is used and is directly related to this. We may also have to contact you regarding your use of Tjommi, such as if the terms of use have been violated.

We may have to process some or all of the personal data where the law or authorities pursuant to the law require that this be disclosed or processed in another way.

There are no automated decisions in the processing of personal data.

Personal data shall not be processed for any purpose other than those mentioned above.

Legal basis

According to Norwegian/Danish privacy legislation and the Privacy Regulation (GDPR), all processing and use of personal data requires a special basis. GDPR has been enforced as Norwegian law through section 1 of the Personal Data Act.

When we process data necessary to provide you with the Service, the basis for processing is to deliver on our obligation to you as described in GDPR Article 6b.

Other processing of personal data may take place when:

  • you have given your express consent to the use of personal data for a specific purpose, as described in Article 6a of the GDPR.
  • it is required by law, as described in GDPR Article 6c.

Sharing to third parties

In order to provide you with a secure service, we use the following third-party services for the following purposes:

  • Amazon AWS stands for secure storage of photos of receipts. Because we store our files through this service, this means that Amazon has access to your receipts, but will do nothing but ensure that they are stored securely.
  • Payment is processed by Stripe. Stripe will have access to your payment information and card information in order to process your payment.
  • Google processes the receipts when you demand money through Tjommi. Tjommi shares name, account number, receipt and phone number with Google through Gmail's API. You as a user have access to all this data, and have the opportunity to delete it, through your Gmail account.

Companies will have access to your personal data when we contact them on your behalf. We will not contact third parties on your behalf without your confirmation. We will only contact companies that are subject to GDPR or Norwegian/Danish privacy legislation.

Your rights

According to GDPR, which is considered Norwegian/Danish law, you have at all times to:

  • Require insight into what personal information we have stored about you and how it is processed as described in Article 15.
  • Require personal information we have stored about you corrected (see Article 16), transferred (see Article 20), restricted (see Article 18) or deleted (see Article 17).
  • Require your entire user account deleted along with all associated personal information as described in the terms of use.
  • Withdraw consent when this is the basis for the processing, and demand that personal data that is processed on the basis of the consent is deleted if there is no other basis for processing.

To ensure that your personal information does not go astray, we may need to ask you for information to verify your identity.

Should we discover that data security has failed, you will be notified shortly if we suspect that you are affected.

We are happy to answer questions and will ensure that your personal information is processed as described. If you nevertheless do not feel that we have complied with our legal obligations to you as a user of Tjommi, you have in all cases the right to lodge a complaint with the Norwegian/Danish Data Protection Authority.

Treatment abroad

All personal data processing directly connected to Tjommi takes place within the EU / EEA. This means that providers of cloud and storage services are also subject to the GDPR.

The Stripe platform, which is based in the USA, is used for payment. This means that payment information can be processed here when you pay through Tjommi. Through the Privacy Shield agreement, collaboration agreements and other privacy measures, your privacy is nevertheless safeguarded in a reassuring way. The same applies to the sharing of personal data with Google's services when you select it and when we store your user data through Amazon AWS.

Security measures

Personal data is deleted when the purpose of the processing has been completed. All personal information associated with your user account will be deleted within 30 days after you close your account with us.

We have taken technical measures to ensure that personal information is stored securely. Photos and the like are secured in Amazon S3, and access to them is timed to minimize the risk of them going astray.

Minors

Our services are not designed for use by people under the age of 16, nor should they have access. Should we discover that we have information belonging to someone under this age, it will be deleted.

Changes to the statement

We reserve the right to make changes to the privacy statement. If we make major changes to the privacy statement, we will inform you of this and, if necessary, ask you to accept the updated terms.