This privacy notice explains how Siglar Carbon AS, as a Controller, process personal data in our business as per Norwegian data protection legislation (only available in Norwegian), the General Data Protection Regulation (GDPR), Google's Privacy & Terms and other relevant privacy laws applicable to our business. If you have any questions about this privacy notice, feel free to contact us at:
Company name: Siglar Carbon AS Business
Address: Løkkeveien 107, 4007 Stavanger
Contact email address: contact@siglarcarbon.com
We take your privacy seriously and we have taken several steps to ensure that we provide you with clear and transparent information on how we process your data and inform you about your rights. If you feel that any information is unclear, or missing, please contact us.
Your data protection rights
Please contact us if you have any questions about or want to exercise any of your rights. You are entitled to a reply within 30 days.
How we get your personal data
We typically process personal data about: Customers, potential customers, partners, website visitors, job applicants, employees, and former employees. We process personal data when you:
It is voluntary to provide us with personal data, but if you choose not to, we may not be able to provide you with the services you request. We do not rent, buy, or sell personal data from or to others, use automated decisions or profiling in the processing of your personal data or process special category data.
Purpose, lawful basis and retention periods
We only process your personal data when we have a purpose and a lawful basis for doing so. The lawful bases we rely on are stipulated in GDPR Article 6 (1) letters:
As a rule, personal data should not be processed and kept for longer than necessary to fulfil the purpose for processing. Your personal data is only retained for as long as wehave a purpose and a lawful basis:
You can always withdraw your consent for any data processing based on consent, and you can also reach out to us if you would like us to stop processing and/or ask us to delete any of your data. We have routines in place to ensure that personal data is deleted from all relevant systems when we no longer have a purpose and/or legal basis to continue to process them.
Details on the processing of your personal data
In this section we describe in detail when and how we process your data, for what purposes and our legal grounds to do so (lawful basis). We also specify the retention periods for the processing. We process personal data when:
You communicate with us
When you contact us through our website (contact form, chat), e-mail, phone (call, text message), social media and/or give us your business card, we process personal data. Depending on where and how you contact us, this may include your name, contact details, IP address and other information you choose to send to us. We use HubSpot CRM (Customer Relationship Management) and customer support system to process personal data on potential and existing customers. The purpose is to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. The lawful basis is GDPR Article 6 (1) letter f), where the legitimate interests are to be able to respond to your inquiries and, on some occasions, to keep records in case of complaints or legal claims. Siglar Carbon AS review this on a regular basis. We will not keep your personal data for longer than necessary to fulfil the purposes for which it was collected or as required by applicable laws or regulations.
You purchase our products and services
When you purchase products and services from us, we process personal data such as your name, contact details, order, and payment details as well as purchase history. If your purchase includes digital delivery, for example over video (recorded or not), either one to one between us and you, or one to many between us and a group of people, we also process personal data such as profile picture, video (picture and sound), messages (chat) and IP address. The purpose is to be able to fulfil our obligation to deliver products and services you have requested and to manage the customer relationship. The lawful bases are GDPR article 6 (1) letter b) contractual obligation and letter c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by. We process the data for as long as we have a legal obligation as per any applicable rules and regulations we are bound by. E.g. we are required by law to store business records, which could include personal data, for accounting, tax and other business purposes. Please contact us if you would like to know what is applicable in your case.
You receive marketing as an existing customer
In accordance with the Marketing Control Act (§15), if we have an existing customer relationship with you, we can send you marketing communications. In order to understand your preferences, obtain statistics on clicks etc, we track some of your actions when reading the newsletter/e-mail. The lawful basis is GDPR article 6 (1) letter f), where the legitimate interest is to streamline our offer of relevant products and services to you and the business you represent and to provide excellent service to our customers. The purpose is to provide you with good customer service and make you aware of our range of services. The lawful basis is GDPR article 6 (1) letter f), where the legitimate interest is to offer our relevant products and services to provide excellent service to our customers. The lawful basis may also be GDPR article 6 (1) letter a), where you have given us your consent to such marketing. You can opt out of the marketing at any time by unsubscribing in any marketing email you receive. We process the data for as long as we have a customer relationship with you, or, if the processing is based on your consent, until you withdraw it. Please note that it is only personal data related to marketing efforts that will be deleted. We are still required to process data for accountancy, tax and other business purposes if you are our customer.
You receive marketing as a user of our website
Based on a consent given on our website we process personal information in relation to distribution of marketing e-mails and newsletter. [for å ivareta krav I markedsføringsloven, sett inn kort om antatt hyppighet for utsendelse og grovt om type produkter som markedsføres] The purpose is to offer our relevant products and services and keep you updated on relevant news related to our services.
In order to understand your preferences, obtain statistics on clicks etc, we track some of your actions when reading the newsletter and marketing e-mails. The lawful basis is GDPR article 6 (1) letter f), where the legitimate interest is to streamline our offer of relevant products and services to you and the business you represent and to provide excellent service to our customers. The purpose is to provide you with offers and relevant news related to our services. The lawful basis is GDPR article 6 (1) letter a) consent. In order to understand your preferences, obtain statistics on clicks, etc., we track some of your actions when reading the [newsletter/e-mail]. The lawful basis is GDPR article 6 (1) letter f), where the legitimate interest is to streamline our offer of relevant products and services to you and the business you represent and to provide excellent service to our customers." You can opt out of the marketing e-mails or newsletters at any time by unsubscribing in any email you receive. We process the data for as long as we have your consent, until you withdraw it. Please note that it is only personal data related to marketing efforts that will be deleted. Below, we list whom we share your personal data with, if any, and describe our procedures for transfer of personal data to jurisdictions outside EU/EEA.
You access web applications on our website
When accessing web applications on our website we need personal data like name, email address, phone number and company name in order to register for access to the application and receive log in information and support. The lawful basis for this processing is GDPR Art. 6 (1) letter b) as it will be necessary for the performance of the application to which you will have agreed on our terms and conditions. We process the data for as long as you use our web applications or for such extended time it may be necessary to keep data for support or your continued service. Siglar Carbon AS review this on a regular basis. Please contact us if you would like to know what is applicable in your case.
You apply for a job or work at our company
When applying for a job with us, we process personal data such as your name, contact details, CVs, references, and other relevant information. The purpose is to be able to assess your application. The lawful basis is GDPR Art. 6 (1) letter b) necessary for the performance of a contract, and possibly GDPR Article 9 (2) b) and h) if your application contains special categories of personal data. For employees, we process personal data as mentioned above, in addition to other general employment data (for payroll, insurance, sick leaves etc.). The purpose is to be able to manage the employment relationship. The lawful basis for this is GDPR Art. 6 (1) letter b) contract, and possibly Article 9 (2) (b) and (h) for special categories of personal data, as well as GDPR Art. 6 (1) letter c) legal obligation related to labour laws. As a rule, employee information is deleted when the employment relationship ends. However, some extraordinary reasons, such as a dismissal or dismissal dispute, may make it necessary to keep employment data for a longer time. Job applicants can ask us to retain their data for other applications in the future, otherwise the information is deleted when a candidate has been selected, at the latest at our next GDPR audit day.
You subscribe to our email newsletter
We regularly send out email newsletters which sometimes contain information about our products and services. When you become a subscriber, we process personal data such as your name, email address and IP address. The purpose is to share updates, articles, discounts, promotions, and other useful content. The lawful basis is GDPR Art. 6 (1) letter a) consent and you can easily unsubscribe at any time by clicking the "unsubscribe" link in any such newsletter. Our email service provider has integrated analytics showing email opens and clicks. This functionality is native in our system and cannot be disabled. If you do not want your data to be analysed in this way, please do not subscribe to our newsletter. We use this data to analyse the performance of our newsletters and to tailor our content to you. The lawful basis is GDPR Art. 6 (1) letter f), where the legitimate interest of Siglar Carbon AS is to be able to offer you electronic newsletters and to continuously improve our products and services. We process the data for as long as you subscribe, after which it will be deleted upon your request.
You attend our events.
When you attend our events that are free of charge, we process personal data such as your name, contact details and, sometimes, dietary and/or access requirements. For paid events, we also collect order and payment information. For online events, such as webinars, we process personal data such as your name, email address and IP address. The purpose is to be able to process your registration and attendance, and, if applicable, your payment. The lawful basis is GDPR Art. 6 (1) letter a) consent, or, for paid events, letter b) contract and letter c) legal obligation related to accounting, tax and other business rules and regulations we are required to abide by. If we collect any information about dietary and/or access requirements, we also need your consent under GDPR Article 9 (2) (a). We may also use your data to send you an evaluation of the event you attended, or to invite you to other relevant events we think you might be interested in. The lawful basis is GDPR Art. 6 (1) letter f), where our legitimate interest is to analyse and run our business effectively and to provide you with good customer service. If you do not wish to receive such messages, you will have an easy way to opt out, e.g. through an unsubscribe link in our emails.
You respond to our evaluations or surveys
Responding to our evaluations and surveys are voluntary. We process personal data such as your name, contact details and other information you choose to share with us. Some evaluations or surveys may be anonymous, and in such cases, we do not process any personal data The purpose is to gather your feedback so that we can continuously improve our products and services, as well as provide you with better customer service in the future. The lawful basis is GDPR Art. 6 (1) letter f), where our legitimate interest is to enhance products and service. We review this data regularly and delete personal data as appropriate when they are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
You supply services to or collaborate with us
When you enter into an agreement with us either as a vendor, partner, or data processor, we process personal data such as your name, contact details and correspondence. The purpose is to be able to enter into this agreement and to respond to your inquiries and the lawful basis is GDPR Art. 6 (1) letter f) the legitimate interest of Siglar Carbon AS to contact and correspond with these companies or persons. We review this data regularly and delete personal data as appropriate when they are no longer necessary in relation to the purposes for which they were collected or otherwise processed. We process other communication data as per the first paragraph in this chapter, please see above.
You use our website
When you use our website, we may process personal data such as IP address and other technical data collected via cookies and analytics tools. The purpose is to run our website and business effectively, promote our products and services and to respond to any inquiries from website visitors. The lawful basis for processing personal data through cookies that are strictly necessary, is GDPR Art. 6 (1) letter f), where our legitimate interest is to analyse user traffic and run our website effectively. Read more in our Cookie notice.
Whom we share your personal data with
To run our business efficiently and securely, we sometimes will have to share your personal data with other parties such as:
We require that all such recipients secure data in accordance with good information security. * We use data processors for:
To protect our business, we don't publish further details (like names) of our data processors. If you'd like to know more about our processing and whom we share your personal data with, please contact us.
Transfer of personal data outside the EU/EEA
In some cases, your personal data will be transferred outside the EU/EEA, e.g. where we use data processors to manage cloud storage, email services, web hosting, newsletters and CRM. We only use data processors we trust, that are well known and that we have a data processing agreement/addendum with. We check whether a country outside the EU/EEA offers an adequate level of data protection (has obtained an EU “adequacy decision”). If this is not the case, that other necessary safeguards are in place, especially the EU Standard Contractual Clauses (“SCC”, also called Model Clauses). If you would like to know where your data is processed, which safeguards we have for this and what other measures we have taken to protect your data, please contact us.
Information security
We take information security seriously and we will always do our utmost to safeguard your personal data in the best possible way. For example, we use strong passwords, data encryption, access control and two-factor authentication to secure our data and prevent unauthorized persons from accessing, altering, deleting, or in any way affecting the data we store, including your personal data. We only allow others to access and/or process your personal data in accordance with our instructions, and only when strictly necessary (e.g. when we require IT support). We have implemented a policy for technical and organisational measures and a routine for managing data breaches. If we experience a personal data breach, i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, and it poses a medium to high risk for the people affected, we will notify Datatilsynet within 72 hours. If the risk is deemed high for the people affected, we will also notify them directly, if possible.
This privacy notice was last updated 16.04.2024.