What information is processed?
The information we collect and the process is as follows:
- Your receipts, and the information on them
- Shipping confirmation, and the information on them
- Transactions completed in the app
- Account number
- Card information
Tjommi also needs access to the following functions on your device, and will ask you for permission when these are needed:
- Access to Camera Roll, Files (Folder Structure)
- Push notifications
If you log in to Tjommi with your Google / Outlook profile, you give Tjommi access to the following data that you have already shared with Google / Outlook:
- Your E-mail
- Your email profile, including emails and settings
- Personal data that you have shared with Google / Outlook
How the information is obtained
The personal information described above, apart from receipts and transactions, is collected when you register or update your user in Tjommi. If you sign in with Google / Outlook, information is obtained from the Google / Outlook user you sign up with. The receipts can also be collected when you enter them in Tjommi. Transactions are updated when you transfer an amount through Tjommi.
Card information is used exclusively for payments by our payment provider, Stripe.
Why is the information processed?
Personal information is collected and processed by us solely to provide the service.
Personnel as described above can be used when we contact companies on your behalf. If you give Tjommi access to e-mail, this can be used to discover receipts. Receipts are processed to find information about offers, and transactions are processed for payment of Remuneration when you approve that we contact a company on your behalf, as well as when a company we contact pays you back the Difference.
We may have to process some or all of the personal data where the law or authorities pursuant to the law require that this be disclosed or processed in another way.
Personal data shall not be processed for any purpose other than those mentioned above.
According to Norwegian/Danish privacy legislation and the Privacy Regulation (GDPR), all processing and use of personal data requires a special basis. GDPR has been enforced as Norwegian law through section 1 of the Personal Data Act.
When we process data necessary to provide you with the Service, the basis for processing is to deliver on our obligation to you as described in GDPR Article 6b.
Other processing of personal data may take place when:
- you have given your express consent to the use of personal data for a specific purpose, as described in Article 6a of the GDPR.
- it is required by law, as described in GDPR Article 6c.
Sharing to third parties
In order to provide you with a secure service, we use the following third-party services for the following purposes:
- Amazon AWS stands for secure storage of photos of receipts. Because we store our files through this service, this means that Amazon has access to your receipts, but will do nothing but ensure that they are stored securely.
- Payment is processed by Stripe. Stripe will have access to your payment information and card information in order to process your payment.
- Google / Outlook processes the receipts when you demand money through Tjommi. Tjommi shares name, account number, receipt and phone number with Google / Outlook through their API. You as a user have access to all this data, and have the opportunity to delete it, through your Gmail / Outlook account.
Companies will have access to your personal data when we contact them on your behalf. We will not contact third parties on your behalf without your confirmation. We will only contact companies that are subject to GDPR or Norwegian/Danish privacy legislation.
According to GDPR, which is considered Norwegian/Danish law, you have at all times to:
- Require insight into what personal information we have stored about you and how it is processed as described in Article 15.
- Require personal information we have stored about you corrected (see Article 16), transferred (see Article 20), restricted (see Article 18) or deleted (see Article 17).
- Withdraw consent when this is the basis for the processing, and demand that personal data that is processed on the basis of the consent is deleted if there is no other basis for processing.
To ensure that your personal information does not go astray, we may need to ask you for information to verify your identity.
Should we discover that data security has failed, you will be notified shortly if we suspect that you are affected.
We are happy to answer questions and will ensure that your personal information is processed as described. If you nevertheless do not feel that we have complied with our legal obligations to you as a user of Tjommi, you have in all cases the right to lodge a complaint with the Norwegian/Danish Data Protection Authority.
All personal data processing directly connected to Tjommi takes place within the EU / EEA. This means that providers of cloud and storage services are also subject to the GDPR.
The Stripe platform, which is based in the USA, is used for payment. This means that payment information can be processed here when you pay through Tjommi. Through the Privacy Shield agreement, collaboration agreements and other privacy measures, your privacy is nevertheless safeguarded in a reassuring way. The same applies to the sharing of personal data with Google's services when you select it and when we store your user data through Amazon AWS.The same applies to the sharing of personal data with Google's services when you select it and when we store your user data through Amazon AWS.
Personal data is deleted when the purpose of the processing has been completed. All personal information associated with your user account will be deleted within 30 days after you close your account with us.
We have taken technical measures to ensure that personal information is stored securely. Photos and the like are secured in Amazon S3, and access to them is timed to minimize the risk of them going astray.
Our services are not designed for use by people under the age of 16, nor should they have access. Should we discover that we have information belonging to someone under this age, it will be deleted.
Changes to the statement
We reserve the right to make changes to the privacy statement. If we make major changes to the privacy statement, we will inform you of this and, if necessary, ask you to accept the updated terms.