The security of your data is important to us. This page lists out our ongoing efforts to maintain compliance with the EU’s General Data Protection Regulation (GDPR).
Bjoern Krollner
In order to provide its services, TA Developer Pty Ltd t/a BillBjorn may engage third parties or other members of the TA Developer Pty Ltd t/a BillBjorn corporate group (affiliates) to carry out data-processing activities that involve access to customer data. These organizations, called “subprocessors,” are identified below with their locations and the types of services they provide to TA Developer Pty Ltd t/a BillBjorn.
| Name | Country | Description | Type of Service | Mandatory |
| Amazon Web Services | United States | Cloud infrastructure service provider | Cloud Infrastructure | Required |
| Google Cloud Platform | United States | Cloud infrastructure service provider | Cloud Infrastructure | Required |
| FastSpring | United States | Payment processing, subscription management and tax collection | Payment Processor | Required |
| FreshDesk | United States | Helpdesk system for providing customer support and a self service knowledge base | Help Desk Software | Required |
| Zapier | United States | Business automation platform | Automation Software | Optional |
| Drip | United States | Transactional email processing | Email Software | Required |
| Google Analytics | United States | A web analytics service offered by Google | Analytics Software | Optional |
| Google Tag Manager | United States | A tag management system offered by Google | Tag Management System | Optional |
| Google Ads | United States | Advertising software offered by Google | Advertising Software | Optional |
| ComplyDog | Germany | Manage DPAs, data subject requests, and GDPR compliance. | Compliance Portal Service | Required |
| Intuit | United States | QuickBooks Online cloud based accounting software | Accounting Software | Optional |
| Xero | New Zealand | Cloud based accounting software | Accounting Software | Optional |
| MYOB | Australia | Cloud based accounting software | Accounting Software | Optional |
| Sage | United Kingdom | Cloud based accounting software | Accounting Software | Optional |
| FreshBooks | Canada | Cloud based accounting software | Accounting Software | Optional |
| Google Fonts | United States | Fonts | Font Hosting | Required |
Please see our frequently asked questions below. Please keep in mind that this is not legal advice and we recommend consulting with your internal compliance team or privacy attorney for guidance on compliance matters. TA Developer Pty Ltd t/a BillBjorn is committed to helping our customers comply with applicable laws, but we cannot guarantee that your use of our products will be fully compliant. As always, we recommend seeking professional legal counsel for any specific questions or concerns.
| Should I get consent from a customer to collect their personal data? | While it is always good practice to receive explicit consent from your customer, certain laws and regulations (such as the GDPR) require consent prior to collecting personal data of certain individuals (such as those in the EU). It is also important to note that under GDPR, consent is one of a number of legitimate interests for processing data. Others include the need to process for the performance of a contract, the need to process in order to comply with a legal obligation, and the need to process in order to protect the vital interests of the data subject or another natural person. Full details can be found in Article 6 of GDPR. |
| Can I modify a customer’s personal data? | Yes, you can modify all data to correct personal data as required by GDPR when you receive a Subject Access Request, or for other reasons. Simply contact us and we will work with you to make the adjustments. |
| Can I delete personal data? | Yes, you can delete any data, including data that contains personal data, as required by GDPR. You can also remove all other requested customer data by sending us a data request. |
| Is personal data permanently deleted when I remove it? | A deleted data or person is initially flagged for deletion, and may be recovered by our team upon request. After 90 days, the deletion becomes permanent and unrecoverable. |
| How long is personal data retained in TA Developer Pty Ltd t/a BillBjorn if I don’t delete it? | TA Developer Pty Ltd t/a BillBjorn’s philosophy is that customers own and control all the data they collect. Any retention period required by law or your company policy is controlled by you. You should ensure that all people and personal data are deleted prior to stopping your usage of TA Developer Pty Ltd t/a BillBjorn, especially if required by policy, law, or regulation. |
| Does my data get included in backups, and if so, for how long? | Yes. TA Developer Pty Ltd t/a BillBjorn backs up all customer data, and retains the backups for 90 days. After 90 days, the backup is deleted. |
| Can I delete customer’s personal data from TA Developer Pty Ltd t/a BillBjorn backups? | No. The backup dataset contains all customer data, and is used for disaster recovery purposes only. This is required for legal and compliance reasons related to availability obligations. Any personal data in these backups will be permanently deleted after 90 days. |
| If my data centre is located in the EU, does TA Developer Pty Ltd t/a BillBjorn transfer my personal data outside the EU at any point? | Our data centers are with Amazon Web Services in the United States. However, data transfer is covered by the EU-US Privacy Shield framework, of which we are a member, and allowed by GDPR as providing adequate safeguards. |
| Does TA Developer Pty Ltd t/a BillBjorn ensure that my data is accessed only by employees with reasonable justification for doing so? | As required by GDPR, only qualified TA Developer Pty Ltd t/a BillBjorn employees with a specific need are permitted to access your account. The typical reason for accessing your account would be upon your specific request for support. |
| Does TA Developer Pty Ltd t/a BillBjorn use sub-processors that process my data? | TA Developer Pty Ltd t/a BillBjorn presently uses sub-processors to provide the service. As required by GDPR, TA Developer Pty Ltd t/a BillBjorn maintains a list of those sub-processors here. |
| If a data breach occurs with the TA Developer Pty Ltd t/a BillBjorn platform that affects my data, how and when will I be notified? | If a confirmed data breach occurs that is caused by TA Developer Pty Ltd t/a BillBjorn’s actions or inactions, we will, without undue delay, notify the account owner. Information about the breach will be released as it becomes available, as allowed by GDPR. The account owner will be the main point of contact for all notifications, and will be kept aware of the investigation and remediation efforts as they progress. |
| How can I comply with a Subject Access Request and portability as required by GDPR? | As you know about the data you are collecting, you are responsible for handling any Subject Access Request (SAR). TA Developer Pty Ltd t/a BillBjorn only provides the platform and wouldn’t know the details about your customizations, properties, or your customers. A SAR means that a customer is asking about information being collected about him or her. If you collected personal data of an EU citizen or a person residing in the EU, you may have a legal obligation to respond to a SAR. Data may be downloaded in industry-standard formats for data portability to comply with GDPR. If TA Developer Pty Ltd t/a BillBjorn receives a SAR, it will do its best to contact the owner. It may not always be possible to know what who the rightful owner is. |
| How do I comply with a Subject Access Request to “be forgotten?” | Similar to the above, you know what data you have. If you collected personal data of an EU citizen or a person residing in the EU, you may have a legal obligation to respond and comply with a request to delete all identifiable data. As previously stated, you have the ability to delete a customer's data. |
| How does TA Developer Pty Ltd t/a BillBjorn comply with its GDPR obligations to return or destroy all EU personal data? | TA Developer Pty Ltd t/a BillBjorn provide easy ways to download all your data in industry-standard formats. And, as previously described, you may easily delete data, and entire histories for a customer. |
| How does TA Developer Pty Ltd t/a BillBjorn comply with its GDPR obligations to encrypt personal data? | All data stored in our primary databases and backups are encrypted using an industry standard strong cipher. All data transmitted to the TA Developer Pty Ltd t/a BillBjorn platform are encrypted using the industry standard TLS protocol. |
| How can I ensure my customers that TA Developer Pty Ltd t/a BillBjorn security meets applicable law and the GDPR (Article 32)? | TA Developer Pty Ltd t/a BillBjorn is committed to safeguarding your data. We use sophisticated controls during processing to maintain the confidentiality, integrity, availability, and resilience of your data. Our Security page outlines the details of our application security, network security, policies, and more. As related to Article 28 in the GDPR, TA Developer Pty Ltd t/a BillBjorn will only process personal data according to your instructions. In other words, the commands you use in the product are the “instructions,” and TA Developer Pty Ltd t/a BillBjorn does not use personal data for any other means. In addition, it does not transfer personal data to a third party without your consent. If personal data is transferred from the EU to a third country, then adequate safeguards will apply to the transfer (such as the EU-US Privacy Shield Framework). TA Developer Pty Ltd t/a BillBjorn has developed recovery procedures to minimize downtime related to a disaster, with the ability to restore access to personal data in a timely manner in the event of a physical or technical incident. We regularly test, assess and evaluate the effectiveness of our technical and organizational measures to ensure the security of the processing. |