⬅ Tillbaka

Privacy Policy for TonTid

Last updated: April 9, 2026

This Privacy Policy describes how personal data is collected, used, stored, and protected when using TonTid ("the Service"). It also explains your rights under the General Data Protection Regulation (GDPR).

1. Data Controller and Contact Information

Data Controller:

Rytmus AB

Organization number: 556464-8979

Address: Box 213, 101 24 Stockholm, Sweden

Processor (Service Provider):

Syncoria

Organization number: 820825-7132

Address: Mangårdsvägen 9 Lgh 1401, Sweden

Syncoria processes personal data on behalf of Rytmus AB in accordance with a data processing agreement.

Contact:

For questions regarding this Privacy Policy or data processing, please contact:

Email: peter.nydahl@gmail.com

2. Scope of This Policy

This Privacy Policy applies to TonTid, a booking and resource management system used within educational organizations.

3. Categories of Personal Data Collected

We collect and process the following categories of personal data:

3.1 Personal Data provided by users

  • Name
  • Email address (typically school email)
  • User ID
  • Profile image (if provided via Google account)

3.2 Automatically collected data (Usage Data)

  • IP address
  • Device information
  • Browser type and version
  • Log data (access times, usage patterns)

3.3 Booking-related data

  • Booking times
  • Resources (rooms, equipment)
  • User associated with bookings

4. Legal Basis for Processing (GDPR Article 6)

We process personal data based on the following legal grounds:

4.1 Performance of a contract (Article 6(1)(b))

Primary legal basis for:

  • User authentication (Google OAuth 2.0)
  • Account management
  • Booking functionality
  • Resource administration

Processing is necessary for the Service to function.

4.2 Legal obligation (Article 6(1)(c))

  • Compliance with accounting or legal requirements
  • Handling security incidents

4.3 Legitimate interests (Article 6(1)(f))

  • Improving the Service
  • Ensuring system security
  • Analyzing usage trends

We ensure that such interests do not override your fundamental rights.

4.4 Consent (Article 6(1)(a))

TonTid does not rely on consent for core functionality. Consent may be used only if optional features are introduced in the future.

5. How We Use Personal Data

We use personal data to:

  • Provide and operate the Service
  • Authenticate users via Google OAuth
  • Manage bookings and resources
  • Provide support and respond to requests
  • Maintain security and prevent misuse
  • Improve system functionality

6. Data Sharing and Processors

We share personal data only when necessary.

6.1 Hosting provider

Inleed

  • Role: Data processor (hosting infrastructure)
  • Processes data for storage and system operation
  • Located within the EU

6.2 Authentication provider

Google (Google LLC)

  • Role: Independent data controller for Google accounts
  • Provides OAuth 2.0 authentication
  • Processes name, email, and metadata

Important: Use of Google login may involve transfer of metadata (e.g., IP address) to the United States.

6.3 Other service providers

We may use additional processors for:

  • Analytics
  • Email delivery
  • Infrastructure

All processors are bound by data processing agreements.

7. International Data Transfers

Personal data is primarily stored within the EU/EEA.

If data is transferred outside the EU/EEA (e.g., via Google services), we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Technical safeguards (encryption, access control)

8. Data Retention

We retain personal data only as long as necessary:

  • User accounts: Duration of account + up to 24 months
  • Booking data: Up to 12 months after booking
  • Logs and security data: Up to 6 months
  • Support data: Up to 24 months

Data may be retained longer if required by law.

After retention periods, data is deleted or anonymized.

9. Data Deletion

Users can request deletion of their personal data.

Data is deleted by:

  • Removing it from active systems
  • Retaining limited backup copies temporarily

Certain data may be retained if required by law.

10. User Rights under GDPR

You have the following rights:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent (where applicable)

Requests are handled within 30 days.

Data may be provided in machine-readable format (e.g., CSV or JSON).

11. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.

In Sweden, this is:

Integritetsskyddsmyndigheten (IMY)

12. Security Measures

We implement appropriate technical and organizational measures:

  • HTTPS (TLS encryption)
  • Google OAuth authentication
  • Role-based access control
  • Restricted administrative access
  • Secure EU-based hosting
  • Backup and recovery procedures

13. Data Breach Procedures

In the event of a personal data breach:

  • The incident is reported without undue delay
  • The data controller is notified
  • Affected users are informed when required by law

14. Cookies and Tracking

TonTid does not use cookies for:

  • Analytics
  • Marketing
  • Tracking

Only necessary authentication mechanisms are used.

15. Children's Data

The Service is not intended for users under 16.

If such data is identified, it will be deleted.

16. Changes to This Policy

We may update this Privacy Policy.

Users will be notified via:

  • The Service
  • Email (if applicable)

17. Contact Us

For questions or requests contact Syncoria:

Email: peter.nydahl@gmail.com