Privacy Policy

The privacy policy is valid for Cegal, Cetegra Workspace and Cetegra Docs

1. Introduction

Information relating to an identified or identifiable natural person constitutes personal data. Cegal AS (“Cegal”) may process such personal data as both data controller and data processor, depending on the manner and purpose for which we process the personal data. As a data processor, we process personal data pursuant to the data processor agreement entered into with the individual data controller. This privacy policy provides information about our processing as a data controller, of personal data on users of our website and contact persons at potential and existing customers, suppliers and other business partners.

As we recognize that keeping your personal information private is important to you and an ongoing responsibility for us, we reserve the right to change the contents of this Privacy Policy at any time and for any reason, without prior notice to you. We will always post the newest version of the Privacy Policy here and encourage you to read updated versions when made available. We may send periodic reminders with information regarding updates in our Privacy Policy to those who opt-in for updates of this nature.

This Privacy Policy was updated on 29 April 2022 and supersedes all previous notices or statements regarding our privacy practices.

2. Collecting and processing of personal data

The personal data we process is collected directly from you or your employer/company. Our website also processes personal data collected through the use of cookies to optimize the end-user experience. For more information on our use of cookies, please read our Cookie Policy.

We only process the personal data stated below, and only for the purposes described. We do not process sensitive personal data (personal data of special categories). Personal data will only be used for the purpose described. If we rely on legitimate interests as the legal basis for our processing, we have concluded that those interests are not overridden by your rights and freedoms.

The personal data we process is stored on Cegal’s servers and cloud-based servers. We evaluate the necessity and accuracy of personal data regularly and endeavor to ensure that incorrect and unnecessary personal data are corrected or deleted. Access to the data is restricted to personnel with appropriate authorization and a clear need to use that data.

Customer relationships and accounts, provision of services

If you, as a contact person for a new potential customer, contact us on your initiative, we will process the contact information you register, such as name, company/employer name and information, job title/position, email, phone number and other information you submit to contact you
- The legal basis for such processing is GDPR Article 6 no. 1 letter a (consent) and letter f (legitimate interest). It is voluntary for you to provide us with such personal data.
When you, as a contact person for your employer/company, register as a new customer in our web store, we process your name, company/employer name and information, job title/position, email, phone number and other information you submit into forms, download etc.
- The legal basis for this processing is GDPR Article 6 no. 1 letter b (performance of a contract), letter c (necessary for compliance with a legal obligation such as accounting, tax or product liability related obligations) and letter f (legitimate interest).
When performing our services, we may process personal data on employees of our customers and their suppliers and business partners. Such personal data may include name, company/employer name and information, job title/position, email, phone number and other information you submit into forms, downloads etc., username, feedback and message history, subscription information (e.g. validity period, last login time and the number of active sessions), financial information, power meter data, visits to our website, whether you receive, open and read emails from us and other data necessary for maintaining the customer relationship.
- The legal basis for such processing of personal data is GDPR Article 6 no. 1 letter b (performance of a contract), letter c (necessary for compliance with a legal obligation, such as accounting, tax or product liability related obligations) and letter f (legitimate interest).

We store the above-mentioned personal data for five years or shorter if the purpose of the processing ceases to exist earlier.

Supplier and other business partner relationships

If you are a contact person of a potential or existing supplier or business partner of Cegal, we may process your name, company/employer name and information, job title/position, email, phone number, any customer support correspondence and other data related to the supply of products/services to negotiate and enter into supplier/collaboration/partner contracts, and to fulfill our obligations under, and manage, such contracts.
- The legal basis for this processing is GDPR Article 6 no. 1 letter b (performance of a contract) and letter f (legitimate interest).

We store such personal data for the period Cegal finds for maintaining the customer relationship

Evaluation of our products, services and website

To evaluate and improve our products, services and communication (blog posts, content offers, emails, etc.), we may process visits to our website and data you submit into forms, downloads etc., whether you receive, open and read emails from us, and other data we obtain through customer analysis and surveys.
- The legal basis for this processing is GDPR Article 6 no. 1 letter a (consent) and letter f (legitimate interest).

We store such personal data for five years or shorter if the purpose of the processing ceases to exist earlier.

Marketing, newsletters and events/webinars

To provide information related to our products and services, for example by newsletters and direct marketing, we process personal data such as name, email address, phone number, IP address, company/employer name and information, and job title/position.
- If you download content (e.g. an e-book, guide or similar) that indicates an interest in other relevant content you may receive a follow-up email with tips, such as blog posts or other content offers.
- If you consistently show interest in Cegal’s content and services indicating a strong interest in our services, we may call you or send an email to discuss a possible business opportunity.
- The legal basis for such processing is Article 6 no. 1 letter a (consent), and letter f (legitimate interest) for targeted advertising for existing customers according to the Marketing Act § 15 third paragraph. It is voluntary for you to provide us with personal data for marketing purposes.
If you sign up for our events and webinars, we will process your name, company/employer name and information, job title/position, email, and other data you submit, to provide information about the event/webinar you have registered for.
- The legal basis for such processing is GDPR Article 6 no. 1 letter a (consent) and letter f (legitimate interest). It is voluntary for you to provide us with such personal data.

We store such personal data for five years or shorter if the purpose of the processing ceases to exist earlier.

You can opt-out of receiving marketing communications at any time.

Personal data will only be shared with other third parties when it is necessary to provide our services. We occasionally use third parties to work on our behalf as data processors, and we will share only the necessary information in these circumstances following written data processing agreements entered into with each such party. We will not disclose your data to any third parties for marketing or such third parties’ purposes.

4. Transfer of personal data

Personal data may be transferred outside the EEA to our service providers.

For transfers to other entities in the Cegal group, we have adopted the EU Standard Contractual Clauses (SCC) incorporated in the GDPR to authorize global transfers. This allows us to transfer personal data outside of the EEA, based on our internal practices, while protecting the privacy of data subjects following the requirements of the GDPR.

Other transfers of personal data outside the EEA are either made to a country that is deemed to provide a sufficient level of privacy protection by the European Commission or by using a valid transfer basis such as the EU Standard Contractual Clauses. If necessary, we will implement appropriate safeguards to ensure that the personal data has the same level of protection as in the EEA.

5. Security of the processing

Securing the integrity and confidentiality of personal data is important to Cegal. All non-personal and personal data is stored on secure servers by Cegal and HubSpot. We have taken adequate technical, physical and administrative measures to keep your data safe and to secure it against accidental loss, unauthorized access or disclosure, misuse or alteration by third parties, and other unlawful forms of processing and alteration or access, such as by encryption, access controls and firewalls.

In case of any data breaches, we will notify the Data Protection Authority and you to the extent required under the GDPR.

Your rights

Under applicable data protection laws, you have numerous rights related to personal data. You have the right to:

Access the processed personal data;
require rectification of inaccurate personal data;
obtain the erasure of personal data (however, please note that certain personal data is strictly necessary to achieve the purposes defined in this Privacy Policy and may also be required to be retained by applicable laws, thus, you may not delete such personal data);
obtain restriction of processing;
receive the personal data, which you have provided to Cegal, in a structured, commonly used and machine-readable format and have the right to transmit those data to another
controller without hindrance from Cegal;
object to the processing of your data where Cegal is relying on its legitimate interests as the legal ground for processing (e-g., you may object to your data being used for marketing purposes at any time);
ask Cegal to restrict processing personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override Cegal’s legitimate grounds for processing data; and
the right to withdraw any consent you have given.

You may exercise these rights by sending a written request to dpo@cegal.com.

If you believe that Cegal has not complied with applicable data protection laws when processing your data, you can complain to a supervisory authority. In Norway, the relevant supervisory authority is Datatilsynet.

Data Protection Officer

Cegal is headquartered in Sandnes, Norway. We have appointed a global data protection officer (DPO) that you can contact if you have any questions or complaints concerning Cegal’s personal data practices or policies. The DPO’s contact information is:

Cegal AS
Vestre Svanholmen 4
4313 Sandnes, Norway
Attn: Data Protection Officer
dpo@cegal.com

Privacy Policy

1. Introduction #

2. Collecting and processing of personal data #

Customer relationships and accounts, provision of services #

Supplier and other business partner relationships #

Evaluation of our products, services and website #

Marketing, newsletters and events/webinars #

3. Sharing of personal data #

4. Transfer of personal data #

5. Security of the processing #

Data Protection Officer #