<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2233467260228916&amp;ev=PageView&amp;noscript=1">

Privacy policy

1. Introduction

Information relating to an identified or identifiable natural person constitutes personal data. Cegal AS ("Cegal") may process such personal data as both data controller and data processor, depending on the manner and purpose for which we process the personal data. As a data processor, we process personal data pursuant to the data processor agreement entered into with the individual data controller. This privacy policy provides information about our processing as a data controller, of personal data on users of our website and contact persons at potential and existing customers, suppliers and other business partners.

As we recognize that keeping your personal information private is important to you and an ongoing responsibility for us, we reserve the right to change the contents of this Privacy Policy at any time and for any reason, without prior notice to you. We will always post the newest version of the Privacy Policy here and encourage you to read updated versions when made available. We may send periodic reminders with information regarding updates in our Privacy Policy to those who opts-in for updates of this nature.

This Privacy Policy was updated on 29 April 2022 and supersedes all previous notices or statements regarding our privacy practices.

2. Collecting and processing of personal data

The personal data we process is collected directly from you or your employer/company. Our website also processes personal data collected through use of cookies to optimize the end user experience. For more information on our use of cookies, please read our Cookie Policy.

We only process the personal data stated below, and only for the purposes described. We do not process sensitive personal data (personal data of special categories). We only use personal data for the purpose the data was collected for. If we rely on legitimate interests as the legal basis for our processing, we have concluded that those interests are not overridden by your rights and freedoms.

The personal data we process is stored on Cegal's servers and cloud-based servers. We evaluate the necessity and accuracy of the personal data on a regular basis and endeavour to ensure that incorrect and unnecessary personal data are corrected or deleted. Access to the data is restricted to personnel with appropriate authorization and a clear need to use that data.

Customer relationships and accounts, provision of services

  • If you, as a contact person for a new potential customer, contact us on your own initiative, we will process the contact information you register, such as name, company/employer name and information, job title/position, email, phone number and other information you submit to contact you
    • The legal basis for such processing is GDPR Article 6 no. 1 letter a (consent) and letter f (legitimate interest). It is voluntary for you to provide us with such personal data.
  • When you, as a contact person for your employer/company, register as a new customer in our webstore, we process your name, company/employer name and information, job title/position, email, phone number and other information you submit into forms, download etc.
    • The legal basis for this processing is GDPR Article 6 no. 1 letter b (performance of a contract), letter c (necessary for compliance with a legal obligation such as accounting, tax or product liability related obligations) and letter f (legitimate interest).
  • When performing our services, we may process personal data on employees of our customers and their suppliers and business partners. Such personal data may include name, company/employer name and information, job title/position, email, phone number and other information you submit into forms, downloads etc., username, feedback and message history, subscription information (e.g. validity period, last login time and number of active sessions), financial information, power meter data, visit to our website, whether you receive, open and read emails from us and other data necessary for maintaining the customer relationship.
    • The legal basis for such processing of personal data is GDPR Article 6 no. 1 letter b (performance of a contract), letter c (necessary for compliance with a legal obligation, such as accounting, tax or product liability related obligations) and letter f (legitimate interest).

We store the above mentioned personal data for five years or shorter if the purpose of the processing ceases to exist earlier.

Supplier and other business partner relationships

  • If you are a contact person of a potential or existing supplier or business partner of Cegal, we may process your name, company/employer name and information, job title/position, email, phone number, any customer support correspondence and other data related to the supply of products/services to negotiate and enter into supplier/collaboration/partner contracts, and to fulfil our obligations under, and manage, such contracts.
    • The legal basis for this processing is GDPR Article 6 no. 1 letter b (performance of a contract) and letter f (legitimate interest).

We store such personal data for the period of time Cegal finds for maintaining the customer relationship

Evaluation of our products, services and website

  • To evaluate and improve of our products, services and communication (blog posts, content offers, emails, etc.), we may process visit to our website and data you submit into forms, downloads etc., whether you receive, open and read emails from us, and other data we obtain through customer analysis and surveys.
    • The legal basis for this processing is GDPR Article 6 no. 1 letter a (consent) and letter f (legitimate interest).

We store such personal data for five years or shorter if the purpose of the processing ceases to exist earlier.

Marketing, newsletters and events/webinars

  • To provide information related to our products and services, for example by newsletters and direct marketing, we process personal data such as name, email address, phone number, IP address, company/employer name and information, job title/position.
    • If you download content (e.g. an e-book, guide or similar) that indicates an interest in other relevant content you may receive a follow-up email with tips, such as blog posts or other content offers.
    • If you consistently show interest in Cegal's content and services indicating a strong interest in our services, we may call you or send an email in order to discuss a possible business opportunity.
    • The legal basis for such processing is Article 6 no. 1 letter a (consent), and letter f (legitimate interest) for targeted advertising for existing customers pursuant to the Marketing Act § 15 third paragraph. It is voluntary for you to provide us with personal data for marketing purposes.
  • If you sign up for our events and webinars, we will process your name, company/employer name and information, job title/position, email, and other data you submit, to provide information about the event/webinar you have registered for.
    • The legal basis for such processing is GDPR Article 6 no. 1 letter a (consent) and letter f (legitimate interest). It is voluntary for you to provide us with such personal data.

We store such personal data for five years or shorter if the purpose of the processing ceases to exist earlier.

You can opt-out of receiving marketing communications at any time.

3. Sharing of personal data

Personal data will only be shared with other third parties when it is necessary to provide our services. We occasionally use third parties to work on our behalf as data processors, and we will share only the necessary information in these circumstances in accordance with written data processing agreements entered into with each such party. We will not disclose your data to any third parties for the purpose of marketing or such third parties’ own purposes.

4. Transfer of personal data

Personal data may be transferred outside the EEA to our service providers.

For transfers to other entities in the Cegal group, we have adopted the EU Standard Contractual Clauses (SCC) incorporated in the GDPR for the purpose of authorizing global transfers. This allows us to transfer personal data outside of the EEA, based on our internal practices, while protecting the privacy of data subject in accordance with the requirements of the GDPR.

Other transfers of personal data outside EEA are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or by using a valid transfer basis such as the EU Standard Contractual Clauses. If necessary, we will implement appropriate safeguards to ensure that the personal data has the same level of protection as in the EEA.

5. Security of the processing

Securing the integrity and confidentiality of personal data is important to Cegal. All non-personal and personal data is stored on secure servers by Cegal and HubSpot. We have taken adequate technical, physical and administrative measures to keep your personal data safe and to secure it against accidental loss, unauthorized access or disclosure, misuse or alteration by third parties, and other unlawful forms of processing and alteration or access, such as by encryption, access controls and firewalls.

In case of any data breaches, we will notify the Data Protection Authority and you to the extent required under the GDPR.

6. Your rights

Under applicable data protection laws, you have numerous rights related to the personal data. You have the right to:

  • Access the processed personal data;
  • require rectification of inaccurate personal data;
  • obtain the erasure of personal data (however, please note that certain personal data is strictly necessary in order to achieve the purposes defined in this Privacy Policy and may also be required to be retained by applicable laws, thus, you may not delete such personal data);
  • obtain restriction of processing;
  • receive the personal data, which you have provided to Cegal, in a structured, commonly used and machine-readable format and have the right to transmit those data to another
  • controller without hindrance from Cegal;
  • object to the processing of your data where Cegal is relying on its legitimate interests as the legal ground for processing (e-g., you may object to your personal data being used for marketing purposes at any time);
  • ask Cegal to restrict processing personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override Cegal's legitimate grounds for processing data; and
  • the right to withdraw any consent you have given.

You may exercise these rights by sending a written request to dpo@cegal.com.

If you believe that Cegal has not complied with applicable data protection laws when processing your personal data, you can lodge a complaint with a supervisory authority. In Norway, the relevant supervisory authority is Datatilsynet.

Data Protection Officer

Cegal is headquartered in Sandnes, Norway. We have appointed a global data protection officer (DPO) that you can contact if you have any questions or complaints concerning Cegal’s personal data practices or policies. The DPO’s contact information is:

Cegal AS
Vestre Svanholmen 4
4313 Sandnes, Norway
Attn: Data Protection Officer
dpo@cegal.com