Privacy Policy for Gjesp

1. Introduction

LIMOLI AS (org.nr. 930299049), located at Bjarne Haugens gate 31, 1475 Finstadjordet, Norway ("we", "us", or "our"), operates the Gjesp mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our App, in accordance with the General Data Protection Regulation (GDPR) and Norwegian data protection laws.

By using Gjesp, you agree to the collection and use of information as described in this Privacy Policy.

2. Data Controller

LIMOLI AS is the data controller responsible for your personal data. If you have questions about this Privacy Policy or our data practices, please contact us at:

• Email: support@gjesp.com
• Address: Bjarne Haugens gate 31, 1475 Finstadjordet, Norway
• Organization number: 930299049

3. Personal Data We Collect

3.1 Account Information

When you register for Gjesp via Vipps, we receive and store the following personal data from Vipps (standard package):

• Full name
• Email address
• Phone number
• Address

3.2 Business Information

If you register as an event organizer, we verify your identity against the Bronnøysund Register Centre (BRREG) using your organization number (orgnr.) to confirm your association with the business.

3.3 Payment Information

Payment transactions are processed by Stripe. We do not store your payment card details. We only store transaction references to match payments with your account and for accounting purposes.

3.4 User-Generated Content

You may upload images related to events or business logos. These media files are stored on our behalf by Bunny.net, with the primary data server located in Stockholm, Sweden, and replication in Frankfurt, Germany (both within the EU/EEA).

3.5 Usage Data

We track certain user actions within the App, such as viewing events, marking events as favorites, and similar interactions. This data is used to provide aggregated and anonymized statistics to event organizers and to improve the App experience.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

• To create and manage your account
• To verify your identity and business association (for event organizers)
• To process subscription payments via Stripe
• To enable you to create, publish, and manage events
• To send push notifications regarding the status of your submitted events (approval or rejection)
• To provide aggregated, anonymized statistics to event organizers
• To improve and develop the App
• To comply with legal obligations

5. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Contract: Processing is necessary to provide you with the services you have requested (Article 6(1)(b)).
• Legitimate interests: We may process data for analytics and service improvement where it does not override your rights (Article 6(1)(f)).
• Legal obligation: We may process data to comply with accounting, tax, or other legal requirements (Article 6(1)(c)).
• Consent: Where required, we obtain your consent for specific processing activities (Article 6(1)(a)).

6. Data Sharing and Third Parties

We share your personal data with the following categories of recipients:

• Vipps: For authentication and login services.
• Stripe: For payment processing. Stripe acts as an independent data controller for payment data.
• Bunny.net: For media file storage (images). Data is stored within the EU/EEA.
• Event Organizers: Receive only aggregated, anonymized statistics about event engagement. They cannot identify individual users.

We do not sell your personal data to third parties.

7. International Data Transfers

Your personal data is stored and processed within the EU/EEA. Our media storage provider (Bunny.net) operates servers in Stockholm (Sweden) and Frankfurt (Germany). If any data transfer outside the EU/EEA becomes necessary, we will ensure appropriate safeguards are in place in accordance with GDPR.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. When you delete your account:

• Personal data (name, email, phone number, address) is deleted immediately.
• Minimal references to payment transactions are retained for accounting and legal compliance purposes.
• Aggregated, anonymized statistical data (which cannot identify you) may be retained.

9. Your Rights Under GDPR

As a data subject, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request correction of inaccurate or incomplete data.
• Right to erasure: You can request deletion of your personal data (subject to legal retention requirements).
• Right to restriction: You can request that we limit how we use your data.
• Right to data portability: You can request your data in a structured, machine-readable format.
• Right to object: You can object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, please contact us at support@gjesp.com. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes secure data transmission, access controls, and regular security assessments.

11. Age Restrictions

Gjesp requires users to be at least 15 years old to create an account. This requirement is enforced through Vipps, which does not allow login for users under 15 years of age.

12. Push Notifications

We send push notifications solely for the purpose of informing you about the status of events you have submitted (whether they have been approved or rejected). You can disable push notifications in your device settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new Privacy Policy in the App and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

14. Supervisory Authority

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet):

• Website: www.datatilsynet.no
• Email: postkasse@datatilsynet.no
• Address: Postboks 458 Sentrum, 0105 Oslo, Norway

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: