Tibber AS (”Tibber”) protects your personal integrity, which means that we always collect and handle personal data responsibly and with your privacy in mind. This privacy notice declares how we collect and use your personal data when you contact Tibber or purchase a product or service from us. In addition, it describes your rights and how you can enforce them. For awareness of how and why Tibber processes your personal data, it is important that you read this notice.
For the sake of clarity, we ask you who also use the Tibber app to note that processing that takes place in the app is not covered by this notice but in the privacy notice for the Tibber app.
Tibber wants to be transparent with how we handle your personal data so you can be safe with us. We never sell your personal data to other companies. Tibber is part of the Tibber Group, with operations in several European countries. Your personal data can be processed by employees in the various companies of the Tibber Group. However, we ensure that your personal data has the same protection regardless of where in the Tibber Group it is processed and that the processing is in accordance with current data regulation, internal instructions, and procedures. See our list of Tibber companies here.
The notice states which categories of personal data that we can process for different purposes. A more detailed explanation of the categories, with examples of personal data, can be found here.
GENERAL INFORMATION
The data controller processing personal data in accordance with this notice is:
Company name: Tibber AS Registration number: 916 276 338 (Norway) Email address: hello@tibber.com
If you have any questions about data processing, please feel free to contact us.
HOW WE PROCESS YOUR DATA ON OUR WEBSITE
HOSTING
The Tibber Website is hosted by an external service provider (hoster). The hosting of this website takes place in the EU/EEA. Personal data collected on this website is stored on the hoster's servers.
Categories of personal data: (For a more detailed description of the categories and examples, see here)
Data processed on the website (IP addresses, contact requests, meta and communication data, website accesses).
Legal basis: Our legitimate interest for the technically error-free provision of our services. The processing is necessary to provide you with the website. The processing of your personal data in this case is not considered as sensitive. Therefore our interests in relation to how they impact your interests are necessary and proportional to the purpose.
When we use legitimate interest as a legal basis you can contact us to get further information on the balancing test we have done in relation to our and your interests.
Data sharing: Since we use a hosting service provider, the provider receives the above-mentioned data as part of the order processing.
ACCESS TO AND STORAGE OF INFORMATION IN TERMINAL EQUIPMENT
By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of your consent. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.
MANAGE SERVER-LOGFILES
When you visit the Tibber website, it is technically necessary for data to be transmitted to our web server via your browser. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes. The log files serve to evaluate system security and stability as well as administrative purposes.
Categories of personal data: (For a more detailed description of the categories and examples, see here)
Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser used and operating system used
(Full) IP address of the requesting computer
Transmitted amount of data
Legal basis: Our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. This processing is necessary in order to evaluate system security and stability of our website. The processing of your personal data in this case is not considered sensitive. Therefore our interests in relation to how they impact your interests are necessary and proportional to the purpose.
When we use legitimate interest as a legal basis you can contact us to get further information on the balancing test we have done in relation to our and your interests.
Retention period: For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. After 7 days at the latest, the data is deleted.
MANAGE REQUESTS FROM YOU
If you contact us with questions or thoughts, not being an existing customer of Tibber, we will process your personal data to be able to receive your message and communicate with you.
Categories of personal data: (For description of categories, and examples, read here)
Identification information
Contact information
Communication
Legal basis: Legitimate interests; to be able to receive messages from and communicate with you.
Retention time: Personal data for this purpose is stored for the necessary time to manage the request.
Sharing and transfer of data: We may share the personal data to other Tibber companies where request operations are performed. If we need to use a partner in order to give you a good reply, we will not share personal data with the partner unless it is of necessity to answer your question. In those cases we will limit the sharing of data to what is only necessary. We may also use third party suppliers of communication tools.
COOKIES
The Tibber website uses so-called "cookies". Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.
We have a detailed policy that explains which cookies are set on our website and which other tools and analytics services are used. You can find this policy here.
FURTHER INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA
RETENTION AND DELETION OF PERSONAL DATA
Tibber will retain your personal data, in addition to what is explained above, only for as long as is necessary to fulfill the purposes for which the personal data was collected, including any legal, accounting or reporting requirements.
For personal data processed to comply with legal requirements, we will process the personal data until the legal requirement is met, or until the data is not required by public authorities, is not necessary for processing, or if the personal data is not necessary to safeguard our legal interests. However, in certain circumstances, Tibber may anonymize personal data (so that it can no longer be associated with the data subjects) for research or statistical purposes, including to develop and improve our services, in which case Tibber may use such information indefinitely.
For personal data processed based on your consent, we will process the personal data until you withdraw your consent or, if processing of such data is not necessary, if earlier.
EXCHANGE AND TRANSFER OF PERSONAL DATA
Tibber may need to share personal data with our processors or third parties if Tibber wishes to sell, transfer or merge parts of the business or assets. If Tibber's business changes, any acquirer may use your personal information in the same manner as set forth in this Privacy notice. This may include potential shareholders of Tibber, other Tibber group companies such as subsidiaries or holding companies, or other third parties such as payment services.
Tibber requires all third parties to respect the security of your personal information and to treat it in accordance with the law. Tibber does not allow our third party service providers to use personal data for their own purposes and only allows them to process personal data for specific purposes and in accordance with our instructions.
Tibber shares personal data within the Tibber group of companies. When this involves transferring your data outside the European Economic Area (EEA), personal data is protected by requiring all companies in the group to follow the same rules when processing personal data.
WHERE DO WE PROCESS YOUR DATA?
We almost exclusively process personal data within the EU/EEA and, for example, our central IT system only uses cloud services within the EU/EEA. We always strive for personal data to be processed in the EU/EEA, but in individual cases, some of our IT service providers may process personal data in third countries (mainly the USA or the UK). In such a case, we will ensure that the personal data is processed securely and with the same level of protection offered within the EU/EEA through any of the following measures:
The transfer of personal data will only be made to countries that have sufficient protection of personal data in accordance with a decision by the European Commission.
When special service providers are used, standard contract clauses and any additions decided by the European Commission must be used, which provide the same protection as within the EU.
WHAT ARE YOUR RIGHTS?
When we process your personal data, you have certain rights. This could be, for example, requesting an extract from the register or having your information corrected. Here we detail what rights you have and what you can do to enforce them.
If you believe that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you are a resident of an EU or EEA member state, you may do so in the state of your residence.
MODIFICATIONS OF THE POLICIES
We constantly strive to improve and develop our services and therefore reserve the right to make changes to our privacy policies and statements at any time. When we make significant changes, we will notify you in a manner that is appropriate to the circumstances. In the event of minor changes that do not have a significant impact on you, we will not notify you. The date when the latest changes were published is always shown below and you can read more about the changes made here.
We hope you like Tibber!
Version: 2023-11