1. Introduction and responsibility for the processing of your personal data
Billit is the data controller for the processing of personal data that occurs as a result of our customers entering into agreements with us to use our services.
We are also the data controller for the processing that occurs when you visit our website, sign up for our newsletters or other mailings, register an account on Billit, or when you contact our support or us in any other way.
All references in this privacy policy to "you", "your" or "yours" shall be deemed to constitute a reference to you who have either entered into an agreement with Billit (to the extent you operate a sole proprietorship), are a direct user of Billit's services, are a representative of one of Billit's corporate customers, or are a visitor to our website. For the avoidance of doubt, our services are directed at businesses and not at consumers. All references in this privacy policy to "we", "us" and "our" shall be deemed to constitute a reference to Billit. You can find our contact details at the end of this privacy policy.
We respect your privacy and are committed to protecting your personal data. This privacy policy contains information about the processing of personal data for which Billit is the data controller and describes, among other things, for what purposes we process your personal data, with whom we share them, and what rights you have in relation to your personal data.
2. Parties and responsibility for the processing of your personal data
Billit is responsible for the processing of personal data described in this privacy policy. In connection with the use of our services, there may also be additional data controllers responsible for other processing of personal data. The responsible party depends on whether the processing of personal data concerns users of our services, our customers' employees, or their customers.
a) Users of our services
Billit is the data controller for the processing of personal data that occurs when you use Billit or contact us and enter into an agreement with Billit.
b) Our customers' employees and customers' own customers
For the processing of personal data relating to our customers' employees or customers' own customers, the customer is responsible for the processing of personal data as the data controller. Billit acts in this case as a data processor and enters into an agreement with the customer that regulates how Billit shall process such personal data on the customer's behalf. This processing of personal data is therefore not covered by this privacy policy.
However, Billit does process personal data relating to our customers' representatives, employees, consultants, customers, suppliers, as well as customers' and suppliers' employees if an agreement for a free pricing plan has been terminated between Billit and the customer. Billit processes these personal data for a maximum of 120 days after the agreement has ended. You can read more about this processing under section 3.1.
3. What categories of personal data do we process, for what purpose, and on what legal basis do we base our processing of personal data?
Billit processes the following categories of personal data in the manner and for the purposes described in the tables below.
For each purpose, Billit must base its processing on a legal basis. A legal basis can, for example, be:
1. Your consent to the specific processing
2. That the processing is necessary for the performance of a contract to which you are a party, or
3. Through a balancing of interests where Billit or a third party has a legitimate interest that outweighs your interest in your personal data not being processed. The tables below show the legal basis on which Billit bases its processing for the respective purpose and for how long we will process your personal data.
3.1 Billit's processing of personal data
Categories of personal data:
IP address.
Contact details (name, address, phone number and email).
Personal identification number (in cases where it also constitutes a company registration number).
VAT registration number (in cases where your company is operated as a sole proprietorship).
Payment information.
Where applicable, financial history.
Legal basis: Balancing of interests.
The processing is necessary to safeguard Billit's legitimate interest in providing its services to its customers.
Retention period: For this purpose, Billit will process your personal data from the time the purchase has been completed and for the period necessary to establish, assert or defend legal claims (normally no longer than 10 years from the time the data was registered). Personal data that is part of accounting information and that is covered by the applicable Bookkeeping Act is retained until the end of the seventh year after the end of the calendar year in which the financial year ended.
Provision of services
Purpose of processing: To enable Billit to provide its services to you.
Processing activities carried out:
Handling of payment.
Use of the personal data collected to create and administer your user account, which enables you to access the services.
Creation of login functionality and verification of you as a user upon login.
Management of user and customer settings.
Categories of personal data:
Contact details (name, address, phone number and email).
Images you upload.
Date and time stamps for uploading images to our services.
User details for your account.
Company registration number (in cases where this consists of a personal identification number).
VAT registration number (in cases where your company is operated as a sole proprietorship).
Tax calculation information.
Accounting events.
Legal basis: Balancing of interests.
The processing is necessary to safeguard Billit's legitimate interest in providing its services to its customers.
Retention period: For this purpose, Billit will process your personal data from the time the purchase has been completed and for the period necessary to establish, assert or defend legal claims (normally no longer than 10 years from the time the data was registered). Personal data that is part of accounting information and that is covered by the applicable Bookkeeping Act is retained until the end of the seventh year after the end of the calendar year in which the financial year ended.
Storage of customer data after termination of agreement
Purpose of processing: To enable Billit to provide good customer service and maintain goodwill for the purpose of marketing our existing and potential future services by making it easier for customers to subscribe to a new pricing package/plan.
Processing activities carried out:
Storage of personal data that Billit's former customers, as data controllers, have collected.
Categories of personal data:
Contact details (name, address, phone number, email, IP address and user agent).
Employment details (e.g., employee number, department affiliation, position and length of employment).
Personal identification number and coordination number.
Information about financial circumstances (e.g., bank account details, information about salary and other benefits, insurance details, vehicle details, bank account numbers).
Salary details (payroll lists).
Legal basis: Balancing of interests.
The processing is necessary to safeguard Billit's legitimate interest in providing good customer service and maintaining goodwill for the purpose of marketing our existing and future services.
Retention period: For this purpose, Billit will process your personal data for a maximum of 120 days after the agreement between the customer and Billit has ended.
Service and product development
Purpose of processing: To analyse and improve our products and services.
Processing activities carried out:
Adapting services to become more user-friendly (for example, changing the user interface to simplify the information flow or to highlight features frequently used by users in our digital channels).
Developing documentation to develop and improve our range of services.
Developing documentation to improve IT systems with the aim of generally enhancing security for our corporate customers and users.
Analysis of the data we collect for the purpose. Based on the data we collect, analyses are then carried out at an aggregated level, without any connection to you as an individual. The insights from the analysis form the basis for improving our services.
Categories of personal data:
Correspondence and feedback regarding our services.
Purchase and user-generated data.
Technical data relating to devices used and their settings (for example, language settings, IP address, browser settings, time zone, operating system, screen resolution and platform).
Information about how you have interacted with us, i.e., how you have used the service, login, where and for how long different pages have been visited, response times, upload or download errors.
Legal basis: Balancing of interests, consent.
The processing is necessary to safeguard our legitimate interest in evaluating, developing and improving our services, products and systems.
To the extent we use cookies or similar technologies to collect personal data, we obtain your consent for such processing.
Retention period: For this purpose, we will process your personal data for 3 years after collection.
To the extent we use cookies, pixels or similar technologies, this data is stored in accordance with the deadlines set out in our Cookie Policy.
Marketing, newsletters and other mailings
Purpose of processing: To market our services and products and send newsletters, other mailings and invitations from Billit.
Processing activities carried out:
Creating targeted offers, discounts and inspirational mailings.
Analysing the information we collect for the purpose to categorise you in an appropriate target group that forms the basis for targeted offers and discounts as well as other customised communication.
Categories of personal data:
Contact details (name, address, phone number and email).
Age.
Purchase and user-generated data.
Company involvement.
Your assigned customer segment and/or appropriate target group.
User and behavioural data obtained through cookies or similar technologies.
Legal basis: Balancing of interests, consent.
The processing is necessary to safeguard our legitimate interest in marketing our services.
For processing consisting of profiling for the purpose of tailoring marketing based on what we believe you are interested in, this is based on whether you have given your consent or not. You can object to this at any time.
Retention period: For this purpose, we will process your personal data for 3 years after the agreement term with Billit's corporate customer, or with you directly, has expired. In the event that you actively close your account with Billit, we will process your personal data for up to 3 months after such deregistration. You can withdraw your consent at any time.
To the extent we use cookies, pixels or similar technologies, this data is stored in accordance with the deadlines set out in our Cookie Policy.
Maintaining and improving Billit
Purpose of processing: Maintain, facilitate and improve the functions and user experience on Billit and support our work in detecting and counteracting deficiencies, incidents and other violations.
Process information generated by you when visiting Billit and for marketing purposes.
We will analyse the way you use Billit to understand your preferences, improve our range of products and how we communicate with you.
Processing activities carried out:
Collection of statistics and visitor traffic on our website.
Collection of technical information when visiting our website.
Analysis of your use of our website.
Creation of personal profiles.
Categories of personal data:
IP addresses
Other technical information generated when visiting our website, such as what type of device is used, what browser is used, history of visited websites including the time of the visit (information from the browser used, time zone for the location from which you visited our website, and other information regarding web traffic).
Legal basis: Consent, balancing of interests.
We collect and process your personal data through the use of cookies or other similar technology based on your consent, except for such use that is strictly necessary for the basic functions of our website. We also ask for your consent to send direct marketing to you. You can withdraw your consent at any time by unsubscribing from our newsletters and other mailings via so-called "opt-out" or by contacting us. Such unsubscription can be done by using the unsubscription link included in our mailings.
The processing is necessary to safeguard Billit's legitimate interest in collecting information to maintain the functionality and security of our website.
For more information on how we use cookies and other similar technology, please read our Cookie Policy.
Retention period: We store personal data about how visitors interact with our website for a period of no more than 6 months. You can always withdraw your consent by contacting us.
Personal data collected to carry out analyses may also be converted into aggregated data (and thus anonymised) at an earlier stage, in connection with our creation of statistics.
4. From where do we obtain your personal data?
Billit processes personal data obtained from the following sources:
Personal data obtained directly from you when you register and log in to Billit.
Personal data that we obtain from our customers in connection with storage of customer data after the agreement between the customer and Billit has expired.
Personal data that you provide to us in connection with customer service matters; and
Your contact details that we obtain from third parties (for example, the Companies Registration Office). For detailed information regarding which third party the contact details have been obtained from, please contact us using the contact details at the end of this privacy policy.
5. What happens if you do not provide us with your personal data?
In order for us to fulfil the purposes set out in section 3, you need to provide us with certain personal data. If you do not provide us with your personal data, it may result in us being unable to provide the services to you and that we cannot fulfil our contractual obligations in relation to you. We will inform you of which personal data we need in order for us to provide the services to you.
6. With whom do we share your personal data?
To fulfil the purposes set out above in section 3, Billit will share your personal data with the categories of recipients listed below. Access to your personal data is limited to persons who need such access for the purposes described in section 3 above. When we share your personal data, we ensure that the recipient processes them in accordance with the information in this privacy policy. When we share personal data with data processors, they may only process the transferred data on our behalf and in accordance with our explicit instructions. We only transfer your personal data to such data processors for purposes compatible with the purposes for which we collected the data, and we ensure through written agreements with our data processors that they undertake to comply with our security requirements and restrictions as well as requirements regarding the international transfer of personal data. For detailed information regarding which third parties we share your personal data with, please contact us using the contact details at the end of this privacy policy.
Your personal data will be shared with the following recipients:
Group companies of Billit, Decoos Holding AB
Suppliers of IT systems, servers and other software companies that we have engaged to enable the delivery of our services;
Payment service providers (Stripe, Klarna, PayPal) and other providers of financial services.
Swedish and foreign authorities and courts;
When you choose to receive marketing communications from us (including newsletters), we use Mailchimp to send such marketing communications to you. Read more about Mailchimp's Privacy Policy (https://mailchimp.com/gdpr/) for more information about Mailchimp's use of your personal information. You can read more about our use of analytical technologies in section 7 below and in our Cookie Policy.
7. Use of tracking technology and profiling
In accordance with what is described in connection with the processing activities above, we use tracking technologies such as Google Analytics, Meta Pixel and similar tools for several of our processing activities. Such tracking technologies enable, among other things, tracking of your activities when you use Billit. These tools will be used to improve the functions and user experience on Billit. They are based on unique identification of your browser and internet device. For more information on how we use cookies and other similar technologies, see our Cookie Policy.
8. Will we transfer your personal data outside the EU/EEA?
Billit may transfer your personal data to countries outside the EU/EEA. If this occurs, we will ensure that a legal basis exists for the transfer and that appropriate safeguards are taken to protect the personal data. If we transfer personal data to a recipient established in a country that has not been granted an adequate level of protection by the European Commission, we will enter into an agreement with the recipient based on the European Commission's standard contractual clauses for the transfer of personal data to a country outside the EU/EEA. Depending on the recipient country, we will also take supplementary safeguards for the transfer when required by law or practice.
Via the following link you will find information about the countries outside the EU/EEA that the European Commission has decided meet an adequate level of protection for the permitted transfer of personal data:
<a href="https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en">https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en</a>
Via the following link you will find the standard contractual clauses that the European Commission has decided ensure that appropriate safeguards are taken by the recipient of personal data after transfer from the EU/EEA:
<a href="https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en">https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en</a>
For information on whether we have transferred your personal data to a country outside the EU/EEA, which countries we have transferred your personal data to, and what safeguards have been taken for the transfer, please contact us using the contact details at the end of this privacy policy.
9. What rights do you have?
Below is a summary of the rights you have under European data protection legislation. It costs you nothing to exercise these rights and you can exercise them by contacting us (see contact information at the end of this privacy policy). Do not hesitate to contact us if you have any questions regarding your rights.
Please note that Billit will always make an assessment of a request to exercise a right to determine whether the request is justified. Not all rights listed below are absolute, and exceptions may apply.
Right of access. You have the right to obtain confirmation as to whether we process personal data relating to you. If so, you also have the right to access these personal data through a so-called data extract, as well as additional information about the current processing, such as for which purpose or purposes the processing takes place, the categories of personal data concerned, and to which recipients the personal data have been disclosed.
Right to rectification. You have the right to have your personal data rectified and/or completed without undue delay if they are inaccurate and/or incomplete.
Right to erasure. You have the right to request that Billit erase your personal data without undue delay in the following situations:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
Our processing of personal data is based on your consent and you withdraw your consent to the processing, and there is no other legal basis for the processing;
You object to processing we carry out based on a balancing of interests, and your objection outweighs our or another's legitimate interest in the processing;
The personal data have been processed unlawfully; or
The personal data must be erased to comply with a legal obligation.
Right to restriction of processing. You have the right to request restriction of the processing of your personal data in the following situations:
The accuracy of the personal data is being verified;
The processing is unlawful and you oppose the erasure of personal data and instead request restriction of the processing;
Billit no longer needs the personal data for the purposes for which they were collected, while you need the personal data to establish, assert or defend legal claims; or
You have objected to processing we carry out based on a balancing of interests and are awaiting verification of whether your objection outweighs our or another's legitimate interest in continuing the processing.
Right to data portability. If Billit processes your personal data based on an agreement with you or based on your consent, you have the right to receive the personal data you have provided to Billit and that relate to you in an electronic format. You have the right to have the data in question transferred from Billit directly to another data controller, where this is technically feasible. Please note that this right to so-called data portability does not cover such data that is processed manually by Billit.
Right to object. You have the right to object to such processing of your personal data that is based on Billit's or another's legitimate interest. If this occurs, we must, in order to continue the processing, be able to demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms.
Right to withdraw your consent.
If Billit's processing of your personal data is based on your consent, you always have the right to withdraw your consent at any time. A withdrawal of your consent does not affect the lawfulness of the processing that took place based on the consent before it was withdrawn.
Right to object to direct marketing. You have the right to object at any time to such processing of your personal data that takes place for direct marketing purposes. If you do so, Billit will not continue to process your personal data for such purposes.
10. Complaints to the supervisory authority
In Sweden, the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) is the authority responsible for monitoring the application of applicable data protection legislation. If you believe that we process your personal data incorrectly, we encourage you to first contact us so that we have the opportunity to review your concerns. However, you can always submit your complaint to the Swedish Authority for Privacy Protection.
11. How can you contact us?
You can get in touch with us if you use the contact form by <a href="https://www.billit.dk/contact.php">clicking here</a>.