Privacy Policy

This privacy policy provides information on how personal data is processed in Tidypay AS.

1. Purpose of Processing Personal Data

The purpose of processing personal data is to reach existing and potential customers in order to offer our services. Personal data processed may include names, phone numbers, addresses, and email addresses, primarily connected to the legal entities that the data subjects are acting for.

The legal basis for processing personal data is our legitimate interests, as per Article 6 (1) f) of the GDPR.

2. Processing Personal Data to Offer Our Services

We process personal data to provide our services, manage orders, and facilitate the onboarding process for our merchant partners. This includes processing data necessary for card processing software, point of sale software, and ecommerce solutions.

3. Cookies

We use cookies on our website tidypay.no. For further information, please see our cookie policy.

For the partner portal at app.tidypay.com, we only use functional cookies required to provide the service, hence no cookie banner is displayed.

4. Security

We have implemented appropriate technical and organizational measures to ensure that personal data is processed with a level of security appropriate to the risk, ensuring confidentiality, availability, and integrity of the personal data.

5. Recipients of Personal Data and Use of Subcontractors

We do not disclose or share your personal data with third parties except where it is necessary for fulfilling our legal obligations.

For some administrative purposes, we use subcontractors (processors). We have ensured that the processing is in accordance with GDPR requirements by entering into data processing agreements with these data processors. These agreements ensure that personal data is not used for any other purpose. We will disclose the subcontractors upon request.

We do not process personal data outside the EU/EEA.

6. The Data Subject’s Rights

As a data subject, you may require:

• Deletion, Correction, and Access: The data subject has the right to request a copy of personal data, request access to and rectification, or, under certain circumstances, erasure of personal data.
• Restriction: The data subject has the right to demand restriction of processing concerning personal data, under certain circumstances. For instance, restrictions may be demanded while we investigate potential objections regarding our use of personal data.
• Data Portability: In certain cases, the data subject has the right to data portability, meaning you can demand the extradition of your personal data in a structured, applicable, and machine-readable format to transfer the information to another controller. The right to data portability is only applicable for information retrieved by consent or necessary for the performance of a contract.
• Objection: The data subject has the right to object to the processing of personal data based on GDPR Article 6(1) points (e) or (f), including profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
• Objection Against Direct Marketing: The data subject is entitled to object to processing for direct marketing purposes, which includes profiling related to such direct marketing.
• Withdrawal of Consent: If consent is the legal basis for processing your personal data, you may withdraw your consent at any time by contacting us.
• Complaint to a Supervisory Authority: The data subject is entitled to complain to the Norwegian Data Protection Authority regarding Tidypay’s processing of your personal data. We would appreciate it if you contacted us in advance.

If you wish to enforce these rights, please contact: info@tidypay.no

7. Storage Time

We store personal data as long as it is necessary for the purpose of the processing. We will not store your personal data beyond this period unless there is another legal basis for the processing. Tidypay may store data directly connected to the merchant onboarding process for up to 90 days after the completion of onboarding. Data needed to facilitate the processing of payments may be stored for as long as it is necessary and required to continue facilitating the payment processing.

8. Contact Information of the Data Controller

If you have any questions about how we process your personal data, please contact: info@tidypay.no

9. Newsletter

When you sign up for the Tidypay AS newsletter, we only collect your email address and will only use this to send out the newsletter. Your email address will not be passed on to any third party, and you can unsubscribe from this list at any time. The email tool we use for sending is called MailChimp.

10. Permissions (for Mobile Applications)

• Camera: Permission is required to use the phone’s camera hardware. It is necessary for the basic function of the application and will not be used for any other purpose.
• Read Phone State: This permission is necessary for adjusting Bluetooth connections to devices and will not be used for any other purpose.
• Write External Storage: Permission for writing data to external memory.

11. Legal Warning

All personal data in question cannot be shared with third parties and companies. It is not stored in any way and is not used for purposes other than application functions.

12. HTTPS and Secure Transfer

Our website uses encryption with HTTPS. This ensures secure data communication between our server and your computer. It includes a digital certificate proving that the site and its sender are genuine