Company

We’re empowering businesses to become stronger, more adaptable, and resilient.

PRESS RELEASE
ISS-Corporate Launches New ISSB-Aligned Sustainability Reporting Solution
Solutions

Explore our suite of solutions that help businesses make informed decisions that meet the demands of the market and strengthen their organizations.

Corporate Governance

Utilize our data-driven platform to develop and manage a governance program that helps you respond to the demands of the market and your shareholders.

Executive Compensation

Take a research-backed approach to designing and monitoring executive compensation to show that your pay is aligned to performance.

Corporate Sustainability

Approach sustainability management and reporting with developed, targeted methods, and inform stakeholders and regulators of your progress.

Sustainable Finance

Get an independent, outside-in assessment of your sustainable finance offerings, ensuring they meet the highest standards demanded by the market.

Cyber Risk

Get an outside-in view of your cyber security posture so you can better identify and mitigate your cyber risk exposure.

Strategic Partnerships

Access the essential tools to inform corporate client strategies.

Resources

Explore the latest trends and practices in corporate governance, compensation, sustainability, and cyber risk.

FEATURING
A Complete ISSB-Aligned Sustainability Reporting Solution [Asia-Pacific]

  • Company

  • Solutions

    For Advisory Firms

  • Resources

    •

    Privacy Policy

    Planned effective date: 01/05/2024
    Previous policy: https://www.celsia.io/privacy-policy-pre-1may2024

    Privacy Policy for Celsia

    At Celsia, one of our main priorities is the privacy of our customers and visitors. This Privacy Policy provides you with information about how Celsia processes personal data about customers and visitors of our websites. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

    This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Celsia, and for which Celsia is the data controller. This processing of personal data is necessary for us to be able to offer our services to you as our customer. This policy is not applicable to any information collected offline or via channels other than this website, the Celsia app or the Celsia ESG Portal.

    Who Is Responsible for Processing Personal Data

    Celsia AS (“Celsia“, “we” “us“) with business registration number 926 626 264, and registered business address at Sørkedalsveien 8A, 0369 OSLO, is the data controller for the processing of personal data set out in this privacy policy.

    If you have any questions or complaints about how we process personal data, you can contact us by email at: contact@celsia.io. For exercising your rights as a data subject under the General Data Protection Regulation, please find additional information below in the relevant section.

    Who We Process Personal Data About

    This Privacy Policy is aimed at the processing of personal data about the following persons:

    • Contact persons at our business customers
    • Contact persons at our suppliers and partners
    • Visitors to our website https://www.celsia.io/no

    Purposes, Categories of Personal Data and Legal Basis

    When you contact us

    When you contact us through our website, e-mail, or phone, we process your contact information and any other personal data we may receive through your inquiry or attachments to your inquiry. The purpose of this it to communicate with you, either directly or through one of our partners, including for customer service purposes.

    The legal ground for processing is Celsia’s legitimate interest in responding to inquiries, cf. GDPR article 6 no. 1 f). This information is deleted twelve months after the inquiry is resolved, or if you are an existing customer of Celsia, until the inquiry is no longer relevant for the customer relationship.

    Certain personal data may be stored longer if legally obliged to according to Norwegian law such as for bookkeeping or accounting purposes, cf. GDPR article 6 no. 1 c) or if necessary in order to defend against legal claims, cf. GDPR article 6 no. 1 f).

    When you register for a Celsia account

    When you register for a Celsia account, we process your name and your contact information, including company name, company address and telephone number. The purpose of this is to set up and manage your Celsia account.

    The legal ground for processing is fulfilment of Celsia’s agreement with the customer, cf. GDPR article 6 no. 1 b). The personal data processed for this purpose is deleted twelve months after the customer close their Celsia account.

    Certain personal data may be stored longer if legally obliged to according to Norwegian law such as for bookkeeping or accounting purposes, cf. GDPR article 6 no. 1 c) or if necessary in order to defend against legal claims, cf. GDPR article 6 no. 1 f).

    Marketing services and newsletters

    When you subscribe to our newsletter, we process your contact information. The purpose of this is to share marketing material with contacts that voluntarily has subscribed to the services.

    The legal ground for processing personal data for this purpose is the subscriber’s consent, cf. GDPR article 6 no. 1 a). Your contact information will be deleted when you unsubscribe to our newsletter.

    Cookies and web beacons

    Celsia uses ‘cookies’ to provide, operate and maintain our websites. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information. For more general information on cookies, please read “What Are Cookies”.

    The legal ground for processing personal data stored in cookies or web beacons is the website user’s active consent in our “cookie-banner” that pops up when you are visiting our website, cf. GDPR article 6 no. 1 a).

    Log files

    Celsia follows a standard procedure of using log files. These files log visitors when they visit websites as part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

    Who We Share Personal Data With

    Celsia may in some cases disclose personal data to others to the extent necessary for the administration of our operations and to carry out our business and deliver our services.

    Celsia may e.g., share your personal data with our supplier of IT systems and technical support, CRM systems and supplier contact forms on our website. These actors process personal data as data processors, and their processing is subject to a data processing agreement with us as a data controller. The suppliers are required to act on documented instructions from Celsia and cannot use personal data for their own purposes.

    In addition, we may in some cases disclose your personal data to other companies who will be responsible for how they process your personal data. For example, we may disclose your personal data to partners who handle payment services and public authorities if this is required by law or by a legally enforceable judgment or order.

    We take appropriate technical and organizational security measures in accordance with applicable data protection legislation to ensure that your personal data is handled in a secure manner when transferring or sharing personal data with a third party.

    You may find a more detailed description of the suppliers currently in use by Celsia in the table below.

    Company Name Role Description of Service
    Nhost AB Data processor Cloud services, including storage and processing of data
    Freshworks Inc. Data processor Customer support chat
    Vercel Inc. Data processor Hosting (frontend web application)
    Mixpanel Inc. Data processor Product and usage analytics
    Bettermode Inc. Data processor Provides the customer community platform which is integrated through Celsia ESG Portal
    HubSpot Inc. Data processor Customer relationship management, powering the contact form on our website and used throughout the sales process
    Gong.io Inc. Data processor Conversation intelligence software used in sales meetings
    Google LLC Data processor Provides corporate email, file storage services, and customer communications system. Used if you are in contact with support or sales through email or online meetings

    Transfer of Personal Data to Countries Outside the EU/EØs

    As a general rule, we process your personal data within the EU/EEA. If the personal data is processed outside the EU/EEA, there is either a decision from the European Commission that the third country in question guarantees an adequate level of protection, or we ensure that appropriate safeguards are in place to ensure that your rights under the GDPR are safeguarded. Examples of such appropriate safeguards are that the data transfer is subject to the European Commission’s standard contracts or that the relevant third party follows approved standards of conduct.

    If you would like more information about what safeguards Celsia has in place, please contact Celsia via the contact details set out at the beginning of this Privacy Policy.

    CCPA Privacy Rights (Do Not Sell My Personal Information)

    Under the CCPA, among other rights, California consumers have the right to: Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers. Request that a business delete any personal data about the consumer that a business has collected. Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data. If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

    Your Rights Under the GDPR

    Celsia has implemented relevant and appropriate technical and organizational security measures to protect your data and safeguard your rights. Below you may find an overview of your rights under the GDPR:

    • The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
    • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
    • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
    • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
    • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
    • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions. If you make a request, we have one month to respond to you.

    If you would like to exercise any of these rights, please contact us on contact@celsia.io.

    You may also lodge a complaint about our processing of personal data with the Norwegian Data Protection Authority (Datatilsynet) on either email (postkasse@datatilsynet.no) or by mail (Datatilsynet Postboks 458 sentrum, 0105 Oslo, Norway).

    Children’s Information

    Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. Celsia does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

    Links to Other Websites

    Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, you will be directed to that third party’s site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

    Celsia Esg Portal Information Sharing

    We understand the importance of privacy within our closed Celsia ESG Portal and strive to maintain a secure environment for our members. By participating in the ESG Portal, you acknowledge and agree that information shared within this channel will be available to the entire closed community. This means that any content, messages, or personal information you choose to share in the ESG Portal may be accessed, viewed, and used by other members of the Portal.

    We encourage all Portal members to exercise caution and discretion when sharing any sensitive or personal information in the ESG Portal. While we implement reasonable security measures to protect the confidentiality of the Celsia ESG Portal, we cannot guarantee absolute security or prevent unauthorized access by other Portal members.

    It is important to note that this clause specifically applies to the Celsia ESG Portal and does not extend to any other private communication channels or the Celsia app.

    Changes to This Privacy Policy

    We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.