Terms of Service

Privacy Policy

Last updated: 5 June 2026

This privacy policy explains how TilBedriften AS collects, uses, stores, and protects personal data when you use our websites and contact us.

This policy applies to tomycompany.com, tilbedriften.no, and mapped, translated, or related versions of the same website operated by TilBedriften AS. The English brand is ToMyCompany and the Norwegian brand is TilBedriften.

Who we are

The data controller is:

TilBedriften AS
Organisation number: 929 583 272
Registered business address: Rosenkrantzgata 61, 3018 Drammen, Norway
Postal address: Buskerudveien 109, 3027 Drammen, Norway

You can contact us through the contact form on our website at https://tomycompany.com/#contact. If you are already a customer, you may also contact us through the communication channel agreed for your project or service.

What personal data we collect

We may collect personal data when you visit our website, contact us, sign up for updates, book a meeting, or use services provided by us.

This may include:

• name and contact details, such as email address and phone number if provided
• company name, role, project details, service requests, and message content
• newsletter signup information and consent status
• meeting, booking, course, support, or project information if those features are used
• technical information such as IP address, browser type, device information, pages visited, cookie preferences, and website interaction data
• customer and service-delivery information needed to provide websites, Smartsite solutions, design, content, analytics, marketing, IT guidance, automation, Customer Relationship Management (CRM), newsletters, courses, support, or related digital services

We only collect information that is relevant for the purpose it is collected for.

How we use personal data

We use personal data to:

• respond to enquiries and contact form submissions
• provide information about our services
• send newsletters or updates when you have signed up for them
• book, prepare, and follow up meetings
• deliver customer projects, support, courses, Smartsite services, websites, and related digital services
• manage customer relationships, communication, tasks, and project follow-up
• improve our website, content, services, security, and user experience
• measure website performance and understand which content is useful
• carry out analytics, marketing, and campaign measurement where permitted
• protect our website and systems from spam, misuse, and security risks
• comply with legal obligations, including accounting, tax, and business record requirements

Legal basis for processing

Where the General Data Protection Regulation (GDPR) applies, we process personal data based on one or more of the following legal bases:

• Consent — for newsletters, optional cookies, and certain marketing activities
• Contract or pre-contractual steps — when you ask about our services, request an offer, book a meeting, or become a customer
• Legitimate interests — to respond to enquiries, operate and secure the website, improve our services, and manage ordinary business communication
• Legal obligation — when we must keep records for accounting, tax, corporate, or compliance reasons

You may withdraw consent at any time, for example by unsubscribing from newsletters or changing cookie preferences.

Contact forms and communication

When you submit a contact form, we collect the information you provide, such as your name, email address, subject, and message. We use this information to respond to your enquiry and follow up where relevant.

Contact form submissions and related communication may be stored in our website, email system, CRM, project management tools, or other systems used to handle customer communication and service delivery.

Newsletter and marketing communication

If you sign up for a newsletter or updates, we use your contact details to send relevant content, updates, offers, or information from TilBedriften / ToMyCompany.

You can unsubscribe at any time using the unsubscribe link in the email, where available, or by contacting us through the website.

Cookies and similar technologies

Our website uses cookies and similar technologies. These may include:

• Functional cookies — needed for the website to work properly
• Preference cookies — used to remember your choices
• Statistics cookies — used to understand website usage and improve performance
• Marketing cookies — used for advertising, retargeting, or campaign measurement where permitted

Non-essential cookies are only used where consent is required. You can manage or withdraw cookie consent through the cookie banner or consent settings on the website.

Analytics and marketing tools

We may use analytics and marketing tools to understand how visitors use our website, improve content, and measure campaigns. These tools may process technical and usage data such as IP address, device information, browser information, pages visited, and website interactions.

The specific tools used may change over time. Where consent is required, analytics and marketing tools should only be activated after you have given the relevant consent through the cookie banner or consent settings.

Service providers and data processors

We may use trusted service providers to operate the website and deliver our services. These may include providers for:

• website hosting and security
• email, newsletters, and communication
• forms, booking, meetings, courses, support, and customer follow-up
• CRM, project management, automation, and productivity tools
• analytics, marketing, and campaign measurement
• payment, accounting, administration, and legal compliance where relevant
• IT operations, backups, maintenance, and technical support

Service providers may only process personal data for the purposes we use them for and according to applicable data protection requirements.

International visitors and transfers

TilBedriften AS is a Norwegian company. We may serve customers and website visitors from Norway, the European Economic Area (EEA), and other countries.

We primarily aim to use providers within Norway, the European Union, or the EEA where practical. Some providers or technical systems may process data outside the EEA. When this happens, we aim to use appropriate safeguards, such as European Union Standard Contractual Clauses or other lawful transfer mechanisms where required.

How long we keep personal data

We keep personal data only for as long as necessary for the purpose it was collected, unless we are required to keep it longer by law.

Typical retention examples:

• contact enquiries are kept for as long as needed to respond and follow up
• customer and project communication may be kept for the duration of the customer relationship and for a reasonable period afterwards
• newsletter data is kept until you unsubscribe or request deletion, unless another legal basis applies
• accounting and business records are kept as required by law
• cookie and analytics data is kept according to the settings of the relevant tools and consent systems

Your rights

If GDPR applies to you, you may have the right to:

• request access to your personal data
• request correction of inaccurate personal data
• request deletion of personal data
• request restriction of processing
• object to certain processing
• withdraw consent where processing is based on consent
• request data portability where applicable
• lodge a complaint with a supervisory authority

In Norway, the supervisory authority is Datatilsynet: https://www.datatilsynet.no/.

To exercise your rights, contact us through the website contact form or by post using the address listed above.

Security

We use reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, and destruction.

No website, online service, or communication method can be guaranteed to be completely secure, but we work to keep our systems and routines appropriate for the data we process.

Children

Our website and services are intended for businesses and adults. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us.

Customer services and data processing on behalf of customers

When we provide websites, Smartsite solutions, CRM, newsletters, automation, courses, support, analytics, marketing, or other digital services to customers, we may process personal data on behalf of those customers.

In those cases, the customer may be the data controller and TilBedriften AS may act as a data processor. Separate agreements, data processing agreements, project terms, or service terms may apply.

Changes to this policy

We may update this privacy policy from time to time. The latest version will be available on this page.

This privacy policy is intended to provide practical information about how we handle personal data. It is not a substitute for legal advice. We recommend reviewing privacy and cookie practices regularly as services, tools, and legal requirements change.