Privacy policy Tibber AS

Tibber Group is a digital electricity supplier. We offer our customers to buy their electricity from us, always from renewable energy sources. We also offer our customers to buy smart devices and tools for smart energy usage at home; consumption at the right time to a good price. This is all managed with the Tibber-app, an online mobile application where our customers can understand their consumption habits and connect devices and third party applications for smart energy usage.

Tibber operates in different local markets (countries) and each local Tibber company is responsible for electricity contracts, web store activities and local marketing activities for all Tibber offers. Each Tibber company is also the Controller of personal data processings that relate to those relations.

Tibber AS (“TAS”) is the parent company of the Tibber Group. This Privacy policy is for the processings where TAS is Controller. Please read this policy carefully. It explains the types of Information we may collect about you, the purposes for and methods by which we collect it, and the lawful basis on which we do so, as well as information about your rights and how to contact us.

This privacy policy explains what categories of personal data we may process for different purposes. A more detailed description of the categories can be found here.

Controller

TAS is the controller and responsible for the processing of personal data according to this privacy policy. 

Full name of legal entity and contact information for TAS are as follows:

Company name: Tibber AS Company address: Hafstadvegen 23, 6800 Førde Company registration number: 916 276 338 (Norway) E-mail: hello@tibber.com

Purposes for processing your personal data

PROVIDE THE TIBBER-APP, OUR ONLINE MOBILE APPLICATION WITH ASSOCIATED SERVICES

This service has a separate privacy policy [Privacy policy for Tibber mobile application] that describes the purposes. It is available in the different languages where we have our products and services available. This policy will also be presented in your device before you choose to download the Tibber-app.

PROVIDE TIBBER-OWNED HARDWARE

We develop and produce devices that you can install in your household for more detailed analysis, effective steering, etc. Through these devices we may process personal data, both such data you provide when installing the device (e.g open an account) and data we collect when you activate the device and use the service. A specific privacy policy for a specific product may be provided together with the product that will complement this policy.

Categories of personal data: (For description of categories, and examples, read here)

These may be specified with each device but the most common are:

  • Identification information

  • Contact information

  • Sensor data

  • Household information

  • Technical data

Legal basis: Performance of a contract where the processing is necessary for our delivery of the service; Legitimate interests when we process data for a better understanding of customer benefits, usage, product development, etc. 

Retention time: As long as you use the product and/or have an ongoing contract with us for the purpose of delivery according to contract. Anonymized data that is processed for purposes based on the legal basis legitimate interests, will be processed for the time being.

Sharing and transfer of data: We may share the personal data to other Tibber companies where delivery and management of the product/services is performed. 

PROVIDE POSSIBILITY TO REGISTER INTEREST

We have an ambition to make our offer available to new markets. If you want us to contact you when we have news about, or come to, your country, you can register your interest.

Categories of personal data:

  • Contact information (e-mail)

Legal basis: Consent

Retention time: As long as the purpose is applicable or until you withdraw your consent. 

Sharing and transfer of data: We may share the personal data to other Tibber companies where communication for this purpose is performed. We may also share the data to suppliers of communication tools.

TO CONDUCT MARKET SURVEYS

We may do market surveys when we explore new markets.

Categories of personal data: (For description of categories, and examples, read here)

  • Identification information

  • Contact information

  • Household information

  • Demographic information

  • Communication

Legal basis: Legitimate interests; us being able to do surveys.

Retention time: The data will be stored for a few months from the end of the survey, for the purpose of summarizing data and to follow-up with participants (if needed). Anonymized and aggregated data, no longer possible to associate to a specific person, will be stored for the time being. 

Sharing and transfer of data: We may share the personal data to other Tibber companies where survey operations are performed. We may also use third party suppliers of survey tools.

TO MANAGE REQUESTS FROM YOU

If you contact us with questions or thoughts, not being an existing customer of Tibber, we will process your personal data to be able to receive your message and communicate with you.

Categories of personal data: (For description of categories, and examples, read here)

  • Identification information

  • Contact information

  • Communication

Legal basis: Legitimate interests; to be able to receive messages from and communicate with you.

Retention time: Personal data for this purpose is stored for the necessary time to manage the request. 

Sharing and transfer of data: We may share the personal data to other Tibber companies where request operations are performed. If we need to use a partner in order to give you a good reply, we will not share personal data with the partner unless it is of necessity to answer your question. In those cases we will limit the sharing of data to what is only necessary. We may also use third party suppliers of communication tools.

TO MAKE YOUR VISIT TO OUR DIGITAL CHANNELS RELEVANT FOR YOU

When you use any of our digital tools, e.g. webpage, app or pages on social media, we will process personal data that you share with us in order to make your visit to our digital channels relevant for you. Read here about processings when you visit our digital channels.

MAINTAIN, PROTECT AND DEVELOP OUR IT-SYSTEMS (INCLUDING OWN-DEVELOPED HARDWARE AND SOFTWARE SERVICES)

We at Tibber work actively with our IT-systems and associated services to improve them; this includes user friendly interface, functionality, resilience, protection and availability. For this purpose we may troubleshoot, update, log, develop and test our systems. In the early research and development phase of our hard- or software products, we may use aggregated anonymised data. If we like to use your data in a manner that makes it able to associate with you in the research and development phase, or if the processing will mean a profond profiling, we will ask you in advance for your consent.

Categories of personal data:

  • All personal data listed under each purpose above.

Legal basis: Legitimate interests. Consent if needed for special occasions in the research and development phase.

Retention time: Personal data in log files related to troubleshooting is stored for required time from closure of troubleshooting, depending on the type of problem. Anonymized and aggregated data, no longer possible to associate to a specific person, will be stored for the time being. For processings that are  based on consent, as long as the purpose exists and we have a consent from you.

Sharing and transfer of data: We may share the personal data to other Tibber companies, where operations related to purposes are performed, and with trusted consultant partners or system providers.

HANDLE AND MEET LEGAL CLAIMS

TAS will do processings to handle and meet any legal claims. It can be a dispute or legal process to which we are a party. 

Categories of personal data:

  • All personal data listed under each purpose above, relevant for the dispute or legal process.

Legal basis: Legitimate interests.

Retention time: Relevant personal data is stored as long as necessary to fulfill this purpose, including a sufficient period after the closure of a legal process.

Sharing and Transfer of data: The personal data may be shared with or transferred to other Tibber companies, external advisers or consultants (e.g. lawyer) and judicial bodies.

TO COMPLY WITH LEGAL OBLIGATIONS

We may use your Information for the purpose of complying with our legal obligations, including accounting rules, responding to Individual Rights Requests and responding to requests from regulators, judicial authorities and law enforcement or governmental bodies.

Categories of personal data:

  • All personal data listed under each purpose above that is required according to the legal obligation.

Legal basis: Compliance with a legal obligation

Retention time: According to the time required by the legal obligation.

Sharing and Transfer of data: The personal data may be shared with or transferred to other Tibber companies, external adviser or consultant (e.g. lawyer), supplier of service for fulfilment of obligation (e.g. accounting firm), judicial bodies, authorities and similar. In some cases will the personal data be transferred to another Controller (e.g. authority).

SELL OR BUY A BUSINESS

Tibber may need to share or transfer personal data with other Controllers in such a case if Tibber (i) is evaluated for new investments, (b) investigates to sell, transfer or merge businesses, (c) prepare acquisitions where the selling part needs information about us as the purchasing company.

Categories of personal data:

  • All personal data listed under each purpose above, relevant for the purpose

Legal basis: Legitimate interests

Sharing and Transfer of data: The personal data may be shared with investors and/or other Controllers being part of a possible transaction; and their representative, for example lawyer, transaction consultant, bank. The provided personal data shall continuously in a transaction process be minimized and protected by relevant measures, e.g. contractual agreements between the parties.

Where do we process your data?

TAS, and all affiliates, strives to process your personal data within the EU and the European Economic Area (EEA), and our central IT-system uses for example cloud services with the EU/EEA. We always strive to process your personal data within the EU/EEA but in a few cases some of our suppliers may process personal data in third countries (mainly the US or Great Britain). If so, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transfer of personal data will only be done to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

  • Where certain service providers are used, Tibber will use the Standard Contractual Clauses approved by the European Commission which give personal data the same protection it has in Europe.

TAS requires in general all third parties we use as Processor to respect the security of your personal data and to treat it in accordance with the law. Tibber does not allow our third-party service providers to use personal data for their own purposes and only permits them to process personal data for specified purposes and in accordance with our instructions. Processors can also be affiliates in the Tibber Group, as we have an organization that works across borders; these sharings of data are also regulated accordingly. Sometimes we may transfer your personal data to third parties that themselves process them as Controllers, e.g. transfer to authorities.

Rights related to personal data

When we are processing your personal data, you have some rights. You have, for example, the right to have access to your personal data or the right to have your personal data corrected. Here you can read more about your rights and how you do when you want to exercise any of your rights.

Security of data

TAS will use its reasonable efforts to ensure that recorded data, including personal data, credit card data, password and any confidential information, will not be disclosed, transferred, given to, or illegally used by unauthorised persons. In connection with this, TAS will regularly audit its system in order to prevent possible vulnerabilities and attacks. However, since the internet is not a 100% secure environment, TAS cannot, from time to time, ensure or warrant the security of information transmitted to the Tibber-app and our services. While information sent via the app and our services are encrypted, TAS advises you to be prudent with any confidential information communicated through this means.

Amendment of the Privacy Policy

We continually strive to improve and develop our services and reserves therefore the right to make changes in this policy. We will notify you of any substantial change and amendment of this privacy policy in a manner appropriate to the circumstances, e.g. through the app or by other means of contact. Less substantial changes will be published where this privacy policy can be found. Date for the latest updates is shown at the end of this policy and protocol of changes can be read here.

Contact us

Tibber AS, Hafstadvegen 23, 6800 Førde, Norway E-mail: hello@tibber.com

Tibber AS is the parent company of the Tibber Group, with the following affiliates:

  • Tibber Norge AS (Norway)

  • Tibber AB (Sweden)

  • Tibber Oy (Finland)

  • Tibber Deutschland GmbH (Deutschland)

  • Tibber Netherlands BV (Netherlands)

  • Tibber Danmark A/S

This Privacy Policy was updated and published July 1st 2021.

We hope you enjoy Tibber!