Planned effective date: 01/05/2024
Previous policy: https://www.celsia.io/privacy-policy-pre-1may2024
‍

PRIVACY POLICY FOR CELSIA

At Celsia, one of our main priorities is the privacy of our customers and visitors. This Privacy Policy provides you with information about how Celsia processes personal data about customers and visitors of our websites. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.
‍
This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Celsia, and for which Celsia is the data controller. This processing of personal data is necessary for us to be able to offer our services to you as our customer. This policy is not applicable to any information collected offline or via channels other than this website, the Celsia app or the Celsia ESG Portal.

WHO IS RESPONSIBLE FOR PROCESSING PERSONAL DATA

Celsia AS ("Celsia", "we" "us") with business registration number 926 626 264, and registered business address at Sørkedalsveien 8A, 0369 OSLO, is the data controller for the processing of personal data set out in this privacy policy.
‍
If you have any questions or complaints about how we process personal data, you can contact us by email at: contact@celsia.io. For exercising your rights as a data subject under the General Data Protection Regulation, please find additional information below in the relevant section.

WHO WE PROCESS PERSONAL DATA ABOUT

This Privacy Policy is aimed at the processing of personal data about the following persons:

• Contact persons at our business customers
• Contact persons at our suppliers and partners
• Visitors to our website https://www.celsia.io/no

PURPOSES, CATEGORIES OF PERSONAL DATA AND LEGAL BASIS

When you contact us

When you contact us through our website, e-mail, or phone, we process your contact information and any other personal data we may receive through your inquiry or attachments to your inquiry. The purpose of this it to communicate with you, either directly or through one of our partners, including for customer service purposes.
‍
The legal ground for processing is Celsia's legitimate interest in responding to inquiries, cf. GDPR article 6 no. 1 f). This information is deleted twelve months after the inquiry is resolved, or if you are an existing customer of Celsia, until the inquiry is no longer relevant for the customer relationship.
‍
Certain personal data may be stored longer if legally obliged to according to Norwegian law such as for bookkeeping or accounting purposes, cf. GDPR article 6 no. 1 c) or if necessary in order to defend against legal claims, cf. GDPR article 6 no. 1 f).

When you register for a Celsia account

When you register for a Celsia account, we process your name and your contact information, including company name, company address and telephone number. The purpose of this is to set up and manage your Celsia account.

The legal ground for processing is fulfilment of Celsia's agreement with the customer, cf. GDPR article 6 no. 1 b). The personal data processed for this purpose is deleted twelve months after the customer close their Celsia account.

Certain personal data may be stored longer if legally obliged to according to Norwegian law such as for bookkeeping or accounting purposes, cf. GDPR article 6 no. 1 c) or if necessary in order to defend against legal claims, cf. GDPR article 6 no. 1 f).

Marketing services and newsletters

When you subscribe to our newsletter, we process your contact information. The purpose of this is to share marketing material with contacts that voluntarily has subscribed to the services.

The legal ground for processing personal data for this purpose is the subscriber's consent, cf. GDPR article 6 no. 1 a). Your contact information will be deleted when you unsubscribe to our newsletter.

Cookies and web beacons

Celsia uses 'cookies' to provide, operate and maintain our websites. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information. For more general information on cookies, please read "What Are Cookies".

The legal ground for processing personal data stored in cookies or web beacons is the website user's active consent in our "cookie-banner" that pops up when you are visiting our website, cf. GDPR article 6 no. 1 a).

Log files

Celsia follows a standard procedure of using log files. These files log visitors when they visit websites as part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

WHO WE SHARE PERSONAL DATA WITH

Celsia may in some cases disclose personal data to others to the extent necessary for the administration of our operations and to carry out our business and deliver our services.

Celsia may e.g., share your personal data with our supplier of IT systems and technical support, CRM systems and supplier contact forms on our website. These actors process personal data as data processors, and their processing is subject to a data processing agreement with us as a data controller. The suppliers are required to act on documented instructions from Celsia and cannot use personal data for their own purposes.

In addition, we may in some cases disclose your personal data to other companies who will be responsible for how they process your personal data. For example, we may disclose your personal data to partners who handle payment services and public authorities if this is required by law or by a legally enforceable judgment or order.

We take appropriate technical and organizational security measures in accordance with applicable data protection legislation to ensure that your personal data is handled in a secure manner when transferring or sharing personal data with a third party.

You may find a more detailed description of the suppliers currently in use by Celsia in the table below.

TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EU/EØS

As a general rule, we process your personal data within the EU/EEA. If the personal data is processed outside the EU/EEA, there is either a decision from the European Commission that the third country in question guarantees an adequate level of protection, or we ensure that appropriate safeguards are in place to ensure that your rights under the GDPR are safeguarded. Examples of such appropriate safeguards are that the data transfer is subject to the European Commission's standard contracts or that the relevant third party follows approved standards of conduct.

If you would like more information about what safeguards Celsia has in place, please contact Celsia via the contact details set out at the beginning of this Privacy Policy.

CCPA PRIVACY RIGHTS (DO NOT SELL MY PERSONAL INFORMATION)

Under the CCPA, among other rights, California consumers have the right to: Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers. Request that a business delete any personal data about the consumer that a business has collected. Request that a business that sells a consumer's personal data, not sell the consumer's personal data. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

YOUR RIGHTS UNDER THE GDPR

Celsia has implemented relevant and appropriate technical and organizational security measures to protect your data and safeguard your rights. Below you may find an overview of your rights under the GDPR:

• The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions. If you make a request, we have one month to respond to you.

If you would like to exercise any of these rights, please contact us on contact@celsia.io.

You may also lodge a complaint about our processing of personal data with the Norwegian Data Protection Authority (Datatilsynet) on either email (postkasse@datatilsynet.no) or by mail (Datatilsynet Postboks 458 sentrum, 0105 Oslo, Norway).

CHILDREN'S INFORMATION

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. Celsia does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

LINKS TO OTHER WEBSITES

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, you will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

CELSIA ESG PORTAL INFORMATION SHARING

We understand the importance of privacy within our closed Celsia ESG Portal and strive to maintain a secure environment for our members. By participating in the ESG Portal, you acknowledge and agree that information shared within this channel will be available to the entire closed community. This means that any content, messages, or personal information you choose to share in the ESG Portal may be accessed, viewed, and used by other members of the Portal.

We encourage all Portal members to exercise caution and discretion when sharing any sensitive or personal information in the ESG Portal. While we implement reasonable security measures to protect the confidentiality of the Celsia ESG Portal, we cannot guarantee absolute security or prevent unauthorized access by other Portal members.

It is important to note that this clause specifically applies to the Celsia ESG Portal and does not extend to any other private communication channels or the Celsia app.

CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.