PRIVACY NOTICE – PROCESSING ON THE TIBBER WEBSITE

The Tibber Website is hosted by an external service provider (hoster). The hosting of this website takes place in the EU/EEA. Personal data collected on this website is stored on the hoster's servers. 

Categories of personal data: (For a more detailed description of the categories and examples, see here)

• Data processed on the website (IP addresses, contact requests, meta and communication data, website accesses).

Legal basis: Our legitimate interest for the technically error-free provision of our services. The processing is necessary to provide you with the website. The processing of your personal data in this case is not considered as sensitive. Therefore our interests in relation to how they impact your interests are necessary and proportional to the purpose.

When we use legitimate interest as a legal basis you can contact us to get further information on the balancing test we have done in relation to our and your interests.

Data sharing: Since we use a hosting service provider, the provider receives the above-mentioned data as part of the order processing.

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of your consent. The consent can be revoked at any time with effect for the future. 

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

When you visit the Tibber website, it is technically necessary for data to be transmitted to our web server via your browser. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes.  The log files serve to evaluate system security and stability as well as administrative purposes.

Categories of personal data: (For a more detailed description of the categories and examples, see here)

• Date and time of the request

• Name of the requested file

• Page from which the file was requested

• Access status

• Web browser used and operating system used

• (Full) IP address of the requesting computer

• Transmitted amount of data

Legal basis: Our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. This processing is necessary in order to evaluate system security and stability of our website. The processing of your personal data in this case is not considered sensitive. Therefore our interests in relation to how they impact your interests are necessary and proportional to the purpose.

When we use legitimate interest as a legal basis you can contact us to get further information on the balancing test we have done in relation to our and your interests.

Retention period: For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. After 7 days at the latest, the data is deleted.

If you contact us with questions or thoughts, not being an existing customer of Tibber, we will process your personal data to be able to receive your message and communicate with you.

Categories of personal data: (For description of categories, and examples, read here)

• Identification information

• Contact information

• Communication

Legal basis: Legitimate interests; to be able to receive messages from and communicate with you.

Retention time: Personal data for this purpose is stored for the necessary time to manage the request. 

Sharing and transfer of data: We may share the personal data to other Tibber companies where request operations are performed. If we need to use a partner in order to give you a good reply, we will not share personal data with the partner unless it is of necessity to answer your question. In those cases we will limit the sharing of data to what is only necessary. We may also use third party suppliers of communication tools.

The Tibber website uses so-called "cookies". Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser. 

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising. 

We have a detailed policy that explains which cookies are set on our website and which other tools and analytics services are used. You can find this policy here.

Tibber will retain your personal data, in addition to what is explained above, only for as long as is necessary to fulfill the purposes for which the personal data was collected, including any legal, accounting or reporting requirements. 

For personal data processed to comply with legal requirements, we will process the personal data until the legal requirement is met, or until the data is not required by public authorities, is not necessary for processing, or if the personal data is not necessary to safeguard our legal interests. However, in certain circumstances, Tibber may anonymize personal data (so that it can no longer be associated with the data subjects) for research or statistical purposes, including to develop and improve our services, in which case Tibber may use such information indefinitely.

For personal data processed based on your consent, we will process the personal data until you withdraw your consent or, if processing of such data is not necessary, if earlier.

Tibber may need to share personal data with our processors or third parties if Tibber wishes to sell, transfer or merge parts of the business or assets. If Tibber's business changes, any acquirer may use your personal information in the same manner as set forth in this Privacy notice. This may include potential shareholders of Tibber, other Tibber group companies such as subsidiaries or holding companies, or other third parties such as payment services.

Tibber requires all third parties to respect the security of your personal information and to treat it in accordance with the law. Tibber does not allow our third party service providers to use personal data for their own purposes and only allows them to process personal data for specific purposes and in accordance with our instructions.

Tibber shares personal data within the Tibber group of companies. When this involves transferring your data outside the European Economic Area (EEA), personal data is protected by requiring all companies in the group to follow the same rules when processing personal data.

We almost exclusively process personal data within the EU/EEA and, for example, our central IT system only uses cloud services within the EU/EEA. We always strive for personal data to be processed in the EU/EEA, but in individual cases, some of our IT service providers may process personal data in third countries (mainly the USA or the UK). In such a case, we will ensure that the personal data is processed securely and with the same level of protection offered within the EU/EEA through any of the following measures:

• The transfer of personal data will only be made to countries that have sufficient protection of personal data in accordance with a decision by the European Commission.

• When special service providers are used, standard contract clauses and any additions decided by the European Commission must be used, which provide the same protection as within the EU.

When we process your personal data, you have certain rights. This could be, for example, requesting an extract from the register or having your information corrected. Here we detail what rights you have and what you can do to enforce them.

If you believe that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. If you are a resident of an EU or EEA member state, you may do so in the state of your residence.

We constantly strive to improve and develop our services and therefore reserve the right to make changes to our privacy policies and statements at any time. When we make significant changes, we will notify you in a manner that is appropriate to the circumstances. In the event of minor changes that do not have a significant impact on you, we will not notify you. The date when the latest changes were published is always shown below and you can read more about the changes made here.