Privacy Policy

Processing of personal data (privacy policy) for Tollit

In connection with the services we provide and our business operations, Tollit will process personal data. All our processing of personal data is carried out in accordance with the applicable privacy regulations at all times, including the Personal Data Act and the General Data Protection Regulation (GDPR).

This statement describes the basis for Tollit's processing of personal data, as well as the basis for the processing and the rights of the data subjects (i.e., the persons to whom the data relates) when processing personal data. The statement applies to users of Tollit's solutions and to suppliers and partners of Tollit who have not received information about the processing in any other way.

Below is an overview of our processing of personal data in connection with our business, as well as the basis for the processing and the rights of the data subjects (i.e., the persons to whom the data relates) when processing personal data. The information here applies to individuals who are not employed in our business.

If you have any questions or would like to know more about our processing of personal data, you can contact us – see contact information at the bottom of this page.

Data Controller

Tollit is the data controller for all processing discussed below. Contact information for Tollit can be found at the bottom of this statement.

Our processing as a data controller of personal data is based on the business we conduct and the purpose of our business, see more below about the purpose of processing personal data.

Below are the cases where personal data is normally processed, where Tollit is the data controller for the personal data. If Tollit is a data processor, i.e., processes personal data on behalf of another data controller, it is the data controller who will provide information about the processing. For partners, such as the online store you shop at, the payment provider, or the shipping provider, information about the processing of personal data by them will be provided in connection with the services they provide.

We may also process personal data in other ways than those mentioned below, but then we will inform the data subjects in other ways than through this privacy statement.

Personal data processed by Tollit

Tollit processes personal data about individuals who are in contact with us, either as customers, suppliers, or in other contexts to the extent that such processing is necessary for the purpose of the contact with us.

Below, we have listed the personal data we process, the purpose of the processing, how long we process the personal data, the basis for the processing, whether the data is disclosed and/or transferred to countries outside the EEA area.

Processing of personal data about users of Tollit

As a user of Tollit, you must register an account where your name and contact details will be recorded. We will also obtain information from our partners in connection with your use of the service. Personal data processed about users includes:

• Full name
• Address
• Email address
• Phone number
• Password
• Behavioral patterns and security logging in the app
• Goods and price of goods from the online store you use
• National identity number (11 digits) needed for customs declaration
• Information from the shipping provider, such as tracking number, shipping price, and shipping conditions.

In addition, the payment provider will process personal data related to payment for products, but the payment provider is then the data controller for that processing. Information about the processing of personal data from the shipping provider will be provided when choosing a shipping provider.

The personal data is processed to give you access to Tollit and its services. The data will also be processed in connection with logging in the app and to provide you with information about the service.

The processing of personal data is based on fulfilling the agreement with you as a user of Tollit, see the General Data Protection Regulation Article 6(1)(b). When contacting authorities, processing will take place under Article 6(1)(c).

To provide you with information not related to the specific shipment will be processed under the General Data Protection Regulation Article 6(1)(f). We consider that we have a legitimate interest in sending you information.

Personal data about users is stored until there is no legal basis. If you have not used your account for two years, the account will be deleted. For data you accumulate in your account, this will be deleted after three years.

Note that information that is necessary for Tollit or that Tollit must retain due to legal requirements, will only be deleted when permitted by the laws and regulations.

Contact persons at existing and potential suppliers and partners

Tollit processes personal data about contact persons to manage our relationship with suppliers, prepare services, and evaluate the use of services.

The processing is based on Article 6(1)(f). We also store and disclose data where we have a legal obligation to do so, for example, under accounting and tax legislation.

In many cases, it will be necessary for us to obtain personal data to enter into agreements. If we do not receive the information we need, we will not be able to enter into agreements.

It is voluntary for contact persons whether they wish to provide us with personal data. The source of such information will mainly be the contact person's employer.

Tollit will store the information until the supplier relationship ends or until the contact person ceases to be a contact person.

Contact with others

Tollit will process personal data about those who contact us to respond to and document the communication.

The processing of data is based on Article 6(1)(f). We have assessed that it is in our legitimate interest to have contact with the outside world.

It is voluntary to provide us with personal data, but it will be necessary for us to respond to inquiries.

We process the information until we expect that there will be no further follow-up of the contact, normally for two years.

Use of websites

To obtain information about the use of our websites, we use cookies and possibly other technology.

We process personal data collected on our websites on the basis of Article 6(1)(f). We protect the privacy of visitors by only using the information for statistics.

We use the information collected to improve the customer experience and to offer functionality in the services.

Personal data is also used to improve our websites and to compile statistics. We try to do this with anonymous data.

Disclosure and transfer of personal data

Tollit does not pass on your personal data to others unless there is a legal basis for such disclosure.

Tollit uses data processors to process personal data on our behalf. We have entered into agreements to ensure information security.

All processing takes place within the EEA. For any transfers outside, we use EU standard contractual clauses.

Personal data may be disclosed to public authorities if required under applicable laws.

Processing and storage time (deletion)

Tollit stores personal data for as long as is necessary for the purpose it was collected.

Instead of deleting, it may in some cases be appropriate to anonymize the data.

Your rights when we process personal data about you

Right to access, rectification, and erasure

You have the right to request access, rectification, or erasure of the personal data we process.

To exercise your rights, you must contact us. We will respond within 30 days.

We will accommodate requests to delete data unless we are legally required to store it.

We may ask for identity confirmation before allowing you to exercise your rights.

Right to object to processing

You also have the right to have the processing restricted in certain cases, such as if:

• You contest the accuracy of the personal data.
• The processing is unlawful and you oppose erasure.
• Tollit no longer needs the data, but they are required for legal claims.
• You have objected to processing pursuant to Article 21(1) of the GDPR.

The right to data portability

For data provided to Tollit based on consent or contract, you can request data portability in a machine-readable format.

Automated decision-making, including profiling

No automated decisions as mentioned in the GDPR Article 22(1) and (4) will be made.

The right to lodge a complaint with a supervisory authority

If you believe our processing violates privacy legislation, you can complain to the Norwegian Data Protection Authority.

Visit www.datatilsynet.no for more information.

Changes

If there is a change in our processing or regulations, we will update this information.

Cookies

We use cookies to improve the user experience on our websites and app.

You can prevent cookies in your browser, but some features may not work optimally.

We also collect info about your IP, browser type, and visit time for trends analysis.

What types of cookies do we use?

Cookies on our website can be divided into four categories: Essential, Performance, and Functionality.

• Essential cookies: Crucial for operation and logins.
• Performance cookies: Analyze use and monitor performance.
• Functionality cookies: Remember your preferences.

Technology used

Used for analysis of use and registration of usage patterns.

Change browser settings

You can change your settings to limit cookies.