| GDPR Summary | Request Data | DPA | Subprocessors | Security |
|---|
GDPR Summary
The security of your data is important to us. This page lists out our ongoing efforts to maintain compliance with the EU's and UK's General Data Protection Regulation (GDPR).
TA Developer Pty Ltd (referred to in this document as “we”, “us”, or “our”) is the company behind the BillBjorn and Scan2Invoice brands.
Manage Your Privacy
- Submit a Data Request
- Data Processing Agreement (DPA)
- Security Policies
- Subprocessor List
- Privacy Policy
Privacy and Security Contact
Bjorn Krollner
TA Developer Pty Ltd
6 Cape Martin Lane, Varsity Lakes QLD 4227, Australia
privacy@billbjorn.com
Data Protection and Digital Services Act Representatives
If you are located in the EU/EEA, the United Kingdom, or Switzerland, we have appointed Data Protection Representative Limited (“DataRep”) as our local representative for the purposes of the EU and UK GDPR and the EU Digital Services Act (DSA).
GDPR Representative (Article 27 EU/UK GDPR)
For matters relating to our processing of personal data under the GDPR, you may contact our appointed representative, DataRep, by:
- sending an email to DataRep at datarequest@datarep.com quoting
<BillBjorn>in the subject line, - contacting us on our online webform at www.datarep.com/data-request, or
- mailing your inquiry to DataRep at the most convenient of the addresses in the GDPR Representative Contact Details (PDF).
DSA Legal Representative (Article 13 EU DSA)
For matters relating to our compliance with the EU Digital Services Act, you may contact our appointed legal representative, DataRep, by:
- sending an email to DataRep at digitalrequest@datarep.com quoting
<BillBjorn>in the subject line, - contacting us on our online webform at www.datarep.com/data-request, or
- mailing your inquiry to DataRep at the most convenient of the addresses in the DSA Representative Contact Details (PDF).
Important: Requests sent to DataRep are received on our behalf and then forwarded to us so we can respond directly. Using DataRep does not limit your ability to contact us directly or to exercise your rights with your local supervisory authority.
Lawful Bases for Processing
- Contract (Art. 6(1)(b) GDPR) for creating and administering BillBjorn accounts, processing documents you upload, and providing customer support.
- Legitimate Interests (Art. 6(1)(f) GDPR) for improving the service, preventing abuse, and maintaining audit logs. We balance these interests against the rights of data subjects and provide opt-outs where required.
- Legal Obligations (Art. 6(1)(c) GDPR) when we must retain billing records or respond to law-enforcement requests. Where we rely on consent (for example, optional marketing emails), it is collected explicitly and can be withdrawn at any time via email preferences.
Data Retention
- Active customer data remains in our systems for the duration of the subscription.
- Upon account closure we delete customer content within 90 days, with encrypted backups overwritten during the following 180-day rotation cycle.
- Billing and compliance records may be retained for up to 7 years to meet Australian tax and corporate obligations. You can request deletion earlier via the data request workflow. We will confirm when deletion is complete or explain any statutory exceptions.
International Data Transfers
BillBjorn is hosted on Google Cloud Platform in the United States (us-central1). When personal data leaves the EEA or UK we rely on the Standard Contractual Clauses (2021/914/EU) together with the UK International Data Transfer Addendum, as set out in our Data Processing Agreement. Equivalent safeguards are in place for FastSpring, Elastic Cloud, and the limited Amazon Web Services components we use. We monitor regulatory developments and will adjust these safeguards if adequacy decisions or alternative mechanisms become available.
Questions or Complaints
If you have any questions about this notice, contact our Data Protection contact at privacy@billbjorn.com. EU/UK residents also have the right to lodge a complaint with their local data protection authority—for example, the Irish Data Protection Commission (www.dataprotection.ie) or the UK Information Commissioner’s Office (www.ico.org.uk). We encourage you to contact us first so we can address your concerns quickly.
Frequently asked questions
Please review our frequently asked questions below. This information is not legal advice. Compliance remains the responsibility of the customer, and we recommend consulting your legal counsel for guidance. While TA Developer Pty Ltd aims to support your compliance efforts, we do not provide legal guarantees.
What personal data does TA Developer Pty Ltd collect through BillBjorn?
TA Developer Pty Ltd collects only the personal data necessary to provide its services, such as user contact information, login credentials, and data extracted from uploaded invoices and receipts.
How does TA Developer Pty Ltd ensure the security of my personal data?
TA Developer Pty Ltd employs industry-standard encryption, secure servers, and access controls to protect all personal data processed through BillBjorn from unauthorized access, loss, or misuse.
Is TA Developer Pty Ltd GDPR compliant?
Yes, TA Developer Pty Ltd complies with the GDPR by implementing appropriate technical and organizational measures, maintaining transparency, and honoring data subject rights.
Where is my data stored when using TA Developer Pty Ltd's BillBjorn service?
All data processed by TA Developer Pty Ltd through BillBjorn is securely hosted on Google Cloud servers in the us-central1 (Iowa, USA) region.
Does TA Developer Pty Ltd share my data with third parties?
TA Developer Pty Ltd does not sell or share personal data with third parties for marketing. Data may be shared with trusted subprocessors only as necessary to provide the service, and all subprocessors are bound by strict data protection agreements.
Can I access, correct, or delete my personal data with TA Developer Pty Ltd?
Yes, under GDPR, users have the right to access, correct, or request deletion of their personal data. TA Developer Pty Ltd provides mechanisms for users to manage their data or submit requests directly.
What is TA Developer Pty Ltd's data retention policy?
TA Developer Pty Ltd retains personal data only as long as necessary for the purpose it was collected, in line with GDPR requirements. Users may also request earlier deletion of their data.
How does TA Developer Pty Ltd handle data breaches?
In the event of a personal data breach, TA Developer Pty Ltd will notify affected individuals and relevant authorities within the timeframes required by GDPR and take immediate steps to mitigate the risk.
How can I contact TA Developer Pty Ltd regarding data protection concerns?
You can contact TA Developer Pty Ltd’s Data Protection Officer at the contact details provided in the privacy policy for any GDPR-related inquiries or concerns.