Tibber Group is a digital electricity supplier. We offer our customers to buy their electricity from us, always from renewable energy sources. We also offer our customers to buy smart devices and tools for smart energy usage at home; consumption at the right time to a good price. This is all managed with the Tibber-app, an online mobile application where our customers can understand their consumption habits and connect devices and third party applications for smart energy usage.
Tibber operates in different local markets (countries) and each local Tibber company is responsible for electricity contracts, web store activities and local marketing activities for all Tibber offers. Each Tibber company is also the Controller of personal data processings that relate to those relations.
Tibber AS (“TAS”) is the parent company of the Tibber Group. This Privacy notice is for the processings where TAS is Controller. Please read this notice carefully. It explains the types of information we may collect about you, the purposes for and methods by which we collect it, and the lawful basis on which we do so, as well as information about your rights and how to contact us.
This privacy notice explains what categories of personal data we may process for different purposes. A more detailed description of the categories can be found here.
Controller
TAS is the controller and responsible for the processing of personal data according to this privacy notice.
Full name of legal entity and contact information for TAS are as follows:
Company name: Tibber AS Company address: Hafstadvegen 38, 6800 Førde Company registration number: 916 276 338 (Norway) E-mail: hello@tibber.com
Purposes for processing your personal data
TO MAKE YOUR VISIT TO OUR DIGITAL CHANNELS RELEVANT FOR YOU
When you use any of our digital tools, e.g. webpage, app (see privacy notice for the app) or pages on social media, we will process personal data that you share with us in order to make your visit to our digital channels relevant for you.
PROVIDE THE TIBBER-APP, OUR ONLINE MOBILE APPLICATION WITH ASSOCIATED SERVICES
This service has a separate privacy notice [Privacy notice for Tibber mobile application] that describes the purposes. It is available in the different languages where we have our products and services available. This notice will also be presented in your device before you choose to download the Tibber-app.
PROVIDE TIBBER-OWNED HARDWARE
We develop and produce devices that you can install in your household for more detailed analysis, effective steering, etc. Through these devices we may process personal data, both such data you provide when installing the device (e.g open an account) and data we collect when you activate the device and use the service. A specific privacy notice for a specific product may be provided together with the product that will complement this notice.
Categories of personal data: (For description of categories, and examples, read here)
These may be specified with each device but the most common are:
Identification information
Contact information
Sensor data
Household information
Technical data
Legal basis: Performance of a contract where the processing is necessary for our delivery of the service; Legitimate interests when we process data for a better understanding of customer benefits, usage, product development, etc. The processing of your personal data is necessary to manage, protect and develop our hardware in a sustainable manner. Since the processing is neither sensitive nor are there known indications of overriding interests of customers, we consider it to be necessary and proportionate in relation to the purpose.
Retention time: As long as you use the product and/or have an ongoing contract with us for the purpose of delivery according to contract. Anonymized data that is processed for purposes based on the legal basis legitimate interests, will be processed for the time being.
Sharing and transfer of data: We may share the personal data to other Tibber companies where delivery and management of the product/services is performed.
PROVIDE POSSIBILITY TO REGISTER INTEREST
We have an ambition to make our offer available to new markets. If you want us to contact you when we have news about, or come to, your country, you can register your interest.
Categories of personal data:
Contact information (e-mail)
Legal basis: Consent
Retention time: As long as the purpose is applicable or until you withdraw your consent.
Sharing and transfer of data: We may share the personal data to other Tibber companies where communication for this purpose is performed. We may also share the data to suppliers of communication tools.
TO CONDUCT MARKET SURVEYS
We may do market surveys when we explore new markets.
Categories of personal data: (For description of categories, and examples, read here)
Identification information
Contact information
Household information
Demographic information
Communication
Legal basis: Legitimate interests; us being able to do surveys. Since the processing is neither sensitive nor are there known indications of overriding interests of customers, we consider it to be necessary and proportionate in relation to the purpose.
Retention time: The data will be stored for a few months from the end of the survey, for the purpose of summarizing data and to follow-up with participants (if needed). Anonymized and aggregated data, no longer possible to associate to a specific person, will be stored for the time being.
Sharing and transfer of data: We may share the personal data to other Tibber companies where survey operations are performed. We may also use third party suppliers of survey tools.
MAINTAIN, PROTECT AND DEVELOP OUR IT-SYSTEMS (INCLUDING OWN-DEVELOPED HARDWARE AND SOFTWARE SERVICES)
We at Tibber work actively with our IT-systems and associated services to improve them; this includes user friendly interface, functionality, resilience, protection and availability. For this purpose we may troubleshoot, update, log, develop and test our systems. We will, as far as possible, use aggregated and/or pseudonymised data for these purposes
In the early research and development phase of our hard- or software products, we may use aggregated anonymised data. If we like to use your data in a manner that makes it able to associate with you in the research and development phase, or if the processing will mean a profound profiling, we will ask you in advance for your consent.
In addition, we may process your personal data when we train our employees or to conduct in-depth interviews with you as users to understand the needs and challenges our customers face.
We also work actively and continuously with information security in order to maintain a high level of protection for your personal data. In this work, we may process your personal data for, among other things, checks of various kinds (e.g. unauthorized access to personal data). Within the framework of security measures, we can also take measures to protect against money laundering, corruption and the like.
Categories of personal data:
All personal data listed under each purpose above.
Legal basis: Legitimate interests. The processing of your personal data is necessary to manage, protect and develop our systems and services in a sustainable manner. Since the processing is neither sensitive nor are there known indications of overriding interests of customers, we consider it to be necessary and proportionate in relation to the purpose. Consent if needed for special occasions in the research and development phase.
Retention time: Personal data in log files related to troubleshooting is stored for required time from closure of troubleshooting, depending on the type of problem. Anonymized and aggregated data, no longer possible to associate to a specific person, will be stored for the time being. For processings that are based on consent, as long as the purpose exists and we have a consent from you.
Sharing and transfer of data: We may share the personal data to other Tibber companies, where operations related to purposes are performed, and with trusted consultant partners or system providers.
HANDLE AND MEET LEGAL CLAIMS
TAS will do processings to handle and meet any legal claims. It can be a dispute or legal process to which we are a party.
Categories of personal data:
All personal data listed under each purpose above, relevant for the dispute or legal process.
Legal basis: Legitimate interests. The processing of your personal data is necessary to respond to legal claims. Since the processing is neither sensitive nor are there known indications of overriding interests of customers, we consider it to be necessary and proportionate in relation to the purpose.
Retention time: Relevant personal data is stored as long as necessary to fulfill this purpose, including a sufficient period after the closure of a legal process.
Sharing and Transfer of data: The personal data may be shared with or transferred to other Tibber companies, external advisers or consultants (e.g. lawyer) and judicial bodies.
TO COMPLY WITH LEGAL OBLIGATIONS
We may use your Information for the purpose of complying with our legal obligations, including accounting rules, responding to Individual Rights Requests and responding to requests from regulators, judicial authorities and law enforcement or governmental bodies.
Categories of personal data:
All personal data listed under each purpose above that is required according to the legal obligation.
Legal basis: Compliance with a legal obligation
Retention time: According to the time required by the legal obligation.
Sharing and Transfer of data: The personal data may be shared with or transferred to other Tibber companies, external adviser or consultant (e.g. lawyer), supplier of service for fulfilment of obligation (e.g. accounting firm), judicial bodies, authorities and similar. In some cases will the personal data be transferred to another Controller (e.g. authority).
SELL OR BUY A BUSINESS
Tibber may need to share or transfer personal data with other Controllers in such a case if Tibber (i) is evaluated for new investments, (ii) investigates to sell, transfer or merge businesses, (iii) prepare acquisitions where the selling part needs information about us as the purchasing company.
Categories of personal data:
All personal data listed under each purpose above, relevant for the purpose
Legal basis: Legitimate interests We consider that our interest in enabling an acquisition or restructuring process outweighs your interest in the protection of your personal data. The processing is necessary and proportionate to the purpose.
Retention time: Relevant personal data is stored as long as necessary to fulfill this purpose
Sharing and Transfer of data: The personal data may be shared with investors and/or other Controllers being part of a possible transaction; and their representative, for example lawyer, transaction consultant, bank. The provided personal data shall continuously in a transaction process be minimized and protected by relevant measures, e.g. contractual agreements between the parties.
Where do we process your data?
TAS, and all affiliates, strives to process your personal data within the EU and the European Economic Area (EEA), and our central IT-system uses for example cloud services with the EU/EEA. We always strive to process your personal data within the EU/EEA but in a few cases some of our suppliers may process personal data in third countries (mainly the US or Great Britain). If so, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Transfer of personal data will only be done to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where certain service providers are used, Tibber will use the Standard Contractual Clauses approved by the European Commission which give personal data the same protection it has in Europe.
TAS requires in general all third parties we use as Processor to respect the security of your personal data and to treat it in accordance with the law. Tibber does not allow our third-party service providers to use personal data for their own purposes and only permits them to process personal data for specified purposes and in accordance with our instructions. Processors can also be affiliates in the Tibber Group, as we have an organization that works across borders; these sharings of data are also regulated accordingly. Sometimes we may transfer your personal data to third parties that themselves process them as Controllers, e.g. transfer to authorities.
Rights related to personal data
When we are processing your personal data, you have some rights. You have, for example, the right to have access to your personal data or the right to have your personal data corrected. Here you can read more about your rights and how you do when you want to exercise any of your rights.
Amendment of the Privacy notice
We continually strive to improve and develop our services and reserves therefore the right to make changes in this notice. We will notify you of any substantial change and amendment of this privacy notice in a manner appropriate to the circumstances, e.g. through the app or by other means of contact. Less substantial changes will be published where this privacy notice can be found. Date for the latest updates is shown at the end of this notice and protocol of changes can be read here.
Contact us
Tibber AS, Hafstadvegen 38, 6800 Førde, Norway E-mail: hello@tibber.com
Tibber AS is the parent company of the Tibber Group, with the following affiliates:
Tibber Norge AS (Norway)
Tibber AB (Sweden)
Tibber Oy (Finland)
Tibber Deutschland GmbH (Deutschland)
Tibber Netherlands BV (Netherlands)
Tibber Danmark A/S
This Privacy notice was updated in November 2023.
We hope you enjoy Tibber!