Here we describe how we in Tibber process your personal data when you work for an organization that we purchase from, sell to or that we have a business collaboration with.
Controller and contact details
Tibber AS, Hafstadvegen 38, 6800 Førde, reg.no: 916 276 338 (Norway) E-mail: hello@tibber.com
Categories of personal information
Depending on the purpose, we may process the following personal information.
| Category of personal data | Example of personal information |
|---|---|
| Contact | e-mail, phone number |
| Identification | first name, last name, address |
| Organizational | company you work for, positon, role |
| Competence | work experience, CV |
| Communication | information you provide in communication with us |
For what purposes do we process your personal information
To handle interests from or to procure a new supplier or partner
We collect information about you as the contact person for the company that contacts us with an interest to become a partner or that we want to start a procurement process with, and then also when we continue with the procurement. We may process identification, contact, organizational and competence information.
Legal basis: Legitimate interests. We have an interest to procure new suppliers and the processing is necessary for this purpose.
Retention time: During the procurement process.
To manage the supplier/partner relationship
We process your personal information when we manage the supplier/partner relationship, for example to register the company and your contact details in our databases, administrate invoices and financial settlements, contract management (e.g. follow up on compliance with the agreement, code of conduct, etc.). We will process identification, contact and organizational information for this purpose.
Legal basis: Contractual obligation: in the case when we need to process personal data to be able to perform according to the contract. For example, if we need to provide access to a supplier. Legitimate interests: we have an interest in managing the business relationship with suppliers and business partners, and in following up and evaluating our supplier and partner agreements, and the processing is necessary for this purpose.
Retention time: During the period when you are a contact person for the supplier/partner.
To manage orders of products and services
We process your personal information when we order a product or a service from the company you work for. We also process information when we receive an order from and deliver to the company you work for. It may be for order confirmations, delivery process and associated complaints. We will process identification, contact, organization and communication information.
Legal basis: Contractual obligation: in the case when we need to process personal data to be able to perform according to the contract. For example, if we need to ensure delivery to a specific person. Legitimate interests. We have an interest in managing our orders from you as a supplier or your orders if you are a partner. The processing is necessary for this purpose.
Retention time: During the period necessary to handle the order.
To handle and meet legal claims
We will process personal information to handle and meet any legal claims. It can be a dispute or legal process to which we are a party. We may process all information listed in the table above for this purpose.
Legal basis: Legitimate interests. We have an interest to handle and meet legal claims and the processing is necessary for this purpose.
Retention time: Relevant personal data is stored as long as necessary to fulfill this purpose, including a sufficient period after the closure of a legal process.
To comply with legal obligations
We may use your Information for the purpose of complying with our legal obligations, including accounting rules, responding to Individual Rights Requests and responding to requests from regulators, judicial authorities and law enforcement or governmental bodies. We may process all information listed in the table above for this purpose.
Legal basis: Compliance with a legal obligation
Retention time: According to the time required by the legal obligation.
How we collect the personal information
We may collect the personal information from different sources:
Directly from you - when you provide us with the information, for example in communication with us
From your organization - information provided by the organization you work for when we procure a service or make an order
Third persons - information provided by a third person that recommend us to contact you and your company
Public sources - we may use public records or published contact details (LinkedIn for example) to reach out to you.
Tibber group - we collaborate within the Tibber group and may share information between Tibber companies for a procurement purpose etc.
Where do we process your data?
We strive to process your personal data within the EU/EEA but in a few cases some of our suppliers may process personal data in third countries (mainly the US or the UK). If so, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Transfer of personal data will be done to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
In other circumstances we will use the Standard Contractual Clauses approved by the European Commission to give personal data the same protection it has in Europe.
We require all third parties we use as data processors to respect the security of your personal data and to treat it in accordance with the law. Tibber does not allow our third-party service providers to use personal data for their own purposes and only permits them to process personal data for specified purposes and in accordance with our instructions. Processors can also be affiliates in the Tibber Group. Sometimes we may transfer your personal data to third parties that themselves process them as Controllers, e.g. transfer to authorities.
How we share information
We may have to share your personal information with other recipients.
Service providers - examples are ERP system, contract management platforms and IT-service providers to Tibber. These companies will be data processors to us and may only process the information on our behalf.
Your organization - we may share your personal information with the organizations you work for.
Tibber companies - we collaborate within the Tibber group and may share information between the different companies for business purposes.
External partners - when we see possibilities to common benefits between us and partners, we may share information to investigate such opportunities.
Other recipients - we may share your personal information with third parties if it is necessary, for example to fulfill a legal obligation, meet a claim, sell or merge business, etc. Recipients for these purposes may be external advisers, law enforcement agencies, possible investors, etc.
Rights related to personal data
When we are processing your personal data, you have some rights. You can read more about your rights and how you do when you want to exercise any of your rights here.
This Privacy notice was updated July 2024.