English

Privacy statement

v.4 June 2024

Privacy policy - Bill Kill

This privacy policy describes how Bill Kill AS collects and uses personal data. The data controller for the personal data we process is Bill Kill AS (917461732) by our CEO. If you have any questions about our processing of your personal data, you can contact us at:

Postal address:    Postbox 1314 Vika
                                      0112 Oslo

E-mail:                       support@billkill.no

 

1. WHAT TYPES OF PERSONAL DATA DO WE PROCESS

Information you provide to Bill Kill AS, such as:

  • Name
  • Birth and social security number
  • Bank card and bank account number and other payment information
  • E-mail address
  • Mobile phone number
  • Postal address
Information about your use of the App, such as:
  • Hvor ofte du bruker Appen, og når du logger deg på
  • Valg du foretar deg ved bruk av Appen
  • Hvor mange fakturaer du har betalt
  • Hvem og når du betaler til
  • IP-adresse
  • Transaksjonsprosess ifbm. med fakturabetaling og betaling av abonnement

Information that is processed in connection with orders you place with us, and inquiries of various kinds, either from you to Bill Kill AS or vice versa. Information we retrieve from financial institutions, which is necessary to complete payments you make to Bill Kill AS, such as access to card information from the cards you have entered, information regarding your eInvoices and information from Gjeldsregisteret.com.  Bill Kill AS does not process personal information about children under the age of 15. Nor does the company engage in marketing aimed at children under the age of 15.


2. PURPOSE AND LEGAL BASIS FOR PROCESSING

Establishment of a customer relationship and customer follow-up:

The basis for processing is to fulfil a contract with the data subject, GDPR art. 6 no. 1 letter b. 

Perform the services/functionality in the App, as described in the terms of use:

The basis for processing is to fulfil a contract with the data subject, GDPR art. 6 no. 1 letter b. 

To fulfil payment/invoicing as described in the terms of use:

The legal basis is the performance of a contract with the data subject, GDPR art. 6 no. 1 letter b.
Processing of personal data for payment and invoicing purposes may also be based on GDPR Art. 6(1)(c) of the GDPR, in order to fulfil the requirements of Section 13 of the Bookkeeping Act.

Marketing:

The legal basis for processing is to safeguard legitimate interests, if we collect personal data about you as a result of you having an existing customer relationship with us, cf. GDPR art. 6(1)(f) of the GDPR. We may contact you with information about similar products and services, as long as you have not opted out of such communications. 
The basis for processing in other cases is your consent, cf. Article 6(1)(a) of the GDPR.

Further development of the service/system development and improvement of the customer experience:

The basis for processing is to safeguard legitimate interests, cf. GDPR art. 6 no. 1 letter f. We have a legitimate interest in offering our customers the best possible service. 

Prepare anonymised/aggregated statistics about Users' finances, payment habits, consumption patterns, etc. We cannot link the information to individual users when they are analysed:

The basis for processing is to safeguard legitimate interests, cf. GDPR art. 6(1)(f) of the GDPR. We have a legitimate interest in familiarising ourselves with how our customers use our services and what we can do to improve the services. 

Customer contact for existing customers, including users of the App:

Customer contact for existing customers, including users of the App The legal basis for processing is GDPR art. 6 no. 1 letter a and f. 
If you contact us, this implies consent for us to process the personal data necessary to fulfil your request. If we contact you unsolicited, we have a legitimate interest in processing personal data in order to provide customer service to our existing customers. We have a legitimate interest in communicating with you, if you request this, and to handle any issues that arise as a result of this contact. 

Enquiries from people who are not existing customers:

The basis for processing is GDPR art. 6(1)(a) and (f) of the GDPR. When you contact us with a customer enquiry, for example if your school or institution uses the contact form on our website or email support@billkill.no, you consent to the processing of the personal data stated in the enquiry. We also have a legitimate interest in processing personal data in order to provide customer service to interested parties and handle any enquiries. 


3. WHERE IS THE PERSONAL DATA COLLECTED FROM

The personal data we process about you is collected from a number of sources; from you, from your bank connections and from other financial institutions. 

4. DISCLOSURE OF PERSONAL DATA TO OTHERS

We do not disclose your personal data to others, unless there is a legal basis for such disclosure. 
For example, we will disclose personal information to BankID, Swedbank Pay AS/AB, Wordline AS/AB, Gjeldsregisteret.com and Nets Branch Norway who provide services that are necessary to fulfil the agreement with you. 
Bill Kill AS uses data processors to collect, store or otherwise process personal data on our behalf. In such cases, we have entered into agreements to ensure information security at all stages of processing. We currently use the following data processors: 

  • Google Ireland Ltd.
    Personal data is stored in databases at Google Cloud Platform. The company uses the cloud to operate the App and process information and personal data. It has been agreed that only servers in the EU will be used. The information is therefore processed and stored in the EU. 
  • BankID/Criipto
    Payment information is processed by BankID/Criipto.
  • Eonbit AS 
    Eonbit AS provides development services for Bill Kill AS, and may have access to personal data in
    connection with troubleshooting.
  • Swedbank Pay and Worldline
    Storage of card information and initiation of payment orders

All processing of personal data takes place in the EU/EEA. If we enter into agreements with new data processors that involve the transfer of personal data outside the EU/EEA, we will ensure that the party receiving and processing the data is either in a country previously recognised as safe by the European Commission, or is subject to or has signed a data processing agreement containing standard data protection clauses adopted by the European Commission or equivalent, or is previously certified through the EU-US Privacy Shield scheme.


5. STORAGE TIME

We store and process your personal data for as long as this is necessary for the purpose that justifies the processing. This means that the duration of the processing may vary from data to data.

Personal data that we process on the basis of your consent will be deleted if you withdraw your consent. 
If you create a user with us, your personal data will be stored for as long as you retain the user. If you decide to delete/deactivate your user, we will delete the associated data.

However, we may store personal data for a longer period if it is necessary to pursue any legal claims or comply with legal obligations. Payment and invoice-related information may be stored for up to 5 years after the end of the customer relationship, in accordance with the Bookkeeping Act / Money Laundering Act. When you sign the agreement upon registration, a permanent signature track is stored with BankID/Signicat. If you are in contact with us to order a service, for example if your school or institution orders courses, presentations or other services via our contact form or our email address, and you are not a user of the App, or there is otherwise a basis for a longer storage period, the data will be stored for 12 months after the service has been performed. You can consent to a longer storage period.

Marketing-related data is stored for up to 3 years. If our legitimate interest in processing the data was the basis for the processing, the storage will, however, cease if such legitimate interest lapses, for example because you have terminated an existing customer relationship. If consent was the basis for processing, the data will be deleted when you withdraw your consent. 


6. YOUR RIGHTS WHEN WE PROCESS DATA ABOUT YOU

You have the right to demand access to, rectification or erasure of the personal data we process about you. You also have the right to demand limited processing, object to processing and demand the right to data portability. You can read more about the content of these rights on the Norwegian Data Protection Authority's website: www.datatilsynet.no.

If we transfer your personal data to countries outside the EU/EEA, you can contact us for a copy of information about the protection mechanisms for transfer or information about where information about this is available.

To exercise your rights, you must contact Bill Kill AS, using the following contact information: support@billkill.no, or by using the App.
We will respond to your enquiry as soon as possible, and at the latest within 30 days. In certain cases, this deadline may be extended for a further two months. You will be informed of any such extension no later than 30 days after we receive your enquiry together with an explanation for the delay.

We will ask you to verify your identity or to provide additional information before we allow you to exercise your rights towards us. We do this to ensure that we only give access to your personal data to you, and not someone pretending to be you.

You may at any time withdraw your consent to our processing of personal data. This can be done either through the App, or by contacting us at support@billkill.no. Withdrawing your consent will not affect the legality of the processing of personal data that occurred before you withdrew your consent.

7. COMPLAINTS

If you believe that our processing of personal data does not comply with what we have described here, or that we are otherwise in breach of data protection legislation, you can complain to the Norwegian Data Protection Authority.
You can find information on how to contact the Data Protection Authority on the Data Protection Authority's website: www.datatilsynet.no. 

8. CHANGES

If there are any changes to our services or changes to the regulations on the processing of personal data, this may result in changes to the information you have provided here.  If we have your contact details, we will make you aware of these changes. Otherwise, updated information will always be readily available on our website.

9. CONTACT

If you wish to get in touch with the Company's customer service, you can contact us directly via the app, or via our website: billkill.no.