Privacy Policy

Last updated: 18. April 2024

StormGeo, which includes all entities within the group, prioritizes your privacy. Our Privacy Statement outlines how we collect, store, use, disclose, and process your personal data. It details the reasons for collecting personal data, the entities we may share it with, and the precautions we take to safeguard your data. It further clarifies your rights regarding personal data and provides contact details to exercise these rights and obtain further information about our privacy policies.

StormGeo acts as the data controller for processing your personal information, particularly through stormgeo.com. For details on the specific controlling entity within the StormGeo group, refer to the controller list linked early in this document or contact us as outlined in the "How to contact us" section.

Our Privacy Statement applies to all personal data processing activities linked to your interactions with us, whether in person, online, or offline. This includes visits to any StormGeo website, use of our services or applications, personal or online meetings with our staff, participation in our events or programs, communications via various traditional and digital channels, interactions on our social media, and any involvement in surveys or similar activities.

Note that this Privacy Statement does not cover personal data processing on behalf of our customers, such as service provision to end users. If you are an end user of a StormGeo client, consult the privacy policies of that client for more details. Always consider this Privacy Statement in conjunction with other specific notices we provide when we collect or process your personal data, as this statement supplements but does not override them. We adapt our privacy practices to local regulations in the countries we operate, and any deviations from this statement will be detailed in those specific notices.

We do not intentionally collect personal data from children under 18 through our websites or services.

1. Types of Personal Information We Collect

The terms "personal data" and "personal information" are used synonymously to describe a broad array of information, which privacy and data protection laws define differently. By "personal information," we refer to any data that identifies or can identify a living individual.

The types of personal information StormGeo collects vary based on the context of your interactions with us and may include:

Identity data such as your first and last name, username, and title.
Contact data, including your email, postal address (billing or delivery), employer or organization details, and phone number.
Recruitment data, which encompasses CVs, applications, references, interview notes, background checks, and similar information.
Profile data, which contains usernames, credentials like passwords and password hints, your purchase history, feedback, survey responses, browsing and search history, and interactions with our websites and advertisements.
Usage data detailing how you use our websites or services.
Demographic data like your location, country, and preferred language.
Payment data including details like bank account, credit card numbers, and other banking information.
Transaction data which records details about payments to and from you and the products or services you purchase.
Network and technical data such as IP addresses, login details, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform, and other technologies used to access our websites or services.
Marketing and communication data regarding your marketing preferences and communication choices.
Company or organization data that includes the name, size, location, and your role within your company or organization.
Data from call recordings or chat transcripts from sales and customer support interactions.

We may also aggregate or de-identify your personal information for statistical, analytical, or benchmarking purposes to improve user interaction with our websites and evaluate our product usage. Such de-identified data cannot be used to reveal your identity.

2. When We Collect Your Personal Information

A. Information Collected Directly:

When you interact with us through our websites, communication channels, or in person, you may provide personal information by filling out forms or during communication. This information can include details provided when you register on our websites, engage with our services, purchase products, participate in our activities, or provide feedback. We maintain a record of this correspondence.

When using our services or during employment applications, we collect information that you provide directly. For job applications, this Privacy Statement applies only during the recruitment process and not post-employment.

We collect personal information from individuals associated with our suppliers, visitors to our premises (also monitored by cameras for security), and those interacting with our social media and ads. During events, webinars, and programs, as well as in surveys or research, we collect necessary personal information. We also gather data when entering or managing a contractual relationship, or when you or your employer are linked to our business partners or customers.

If you supply personal information about others, you confirm having the authority and consent to do so.

B. Information Collected Automatically:

Our websites and services automatically collect technical data such as IP addresses, login information, browser details, and browsing activity. This includes pages visited, interactions with content, response times, and any technical issues. We also gather information through cookies and similar technologies to enhance user experience, ensure security, and support our marketing efforts. Cookies are categorized into strictly necessary, functional, performance, and target groups, with options to manage preferences directly on our websites.

C. Information from Third Parties:

We receive personal information from third parties, which we may combine with the data we already have. These third parties include customer organizations, business partners, and service providers involved in events, recruitment, payments, and analytics, among others. If you need details about these third-party sources, you can contact us as specified in our privacy documentation.

D. Retention of Personal Data:

We retain your personal data only for as long as necessary for the purposes for which they were collected or to comply with legal, regulatory, and internal policy requirements. The retention period for your data depends on the type of data and the purpose of processing. For example:

Customer Data: Retained for 7 years after the end of the customer relationship to comply with accounting legislation.
Employment Data: Retained for 5 years after the end of employment to manage any legal claims and obligations.
Marketing Data: Retained as long as you are subscribed to our newsletters or until you withdraw your consent.

When personal data are no longer needed, they are securely deleted or permanently anonymized.

3. Usage of Personal Information:

We process personal information as a controller for specific purposes, which include various operational, marketing, and business activities. Our processing activities are based on legal grounds specified under data protection laws, which include necessary processing for contractual performance, compliance with legal obligations, consent, and legitimate interests of ours or third parties. These interests are detailed in a chart outlining the types of personal information processed, the legal basis for processing, and the legitimate interests pursued.

Purpose	Type of Personal Information	Legal Basis
To register you as a new customer, user of our services, or to register your business as a supplier to us.	(a) Identity (b) Contact (c) Demographic (d) Profile	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to manage and assert the identity of our Website and Services users)
To process and deliver your order, which includes managing payments, fees, and charges, as well as collecting and recovering debts owed to us.	(a) Identity (b) Contact (c) Payment (d) Transaction	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
To inform you about changes to our terms or Privacy Policy.	(a) Identity (b) Contact	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and ensure that individuals are informed about the latest versions of documents)
To manage our relationship with you, including communication in response to your interactions with us, such as when you complete a contact form, request user support, or reach out to us through other means.	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to ensure communication with individuals)
To evaluate you or your employer as a potential supplier or service provider and take necessary steps to enter into a contract with you or your employer.	(a) Identity (b) Contact (c) Company or Organization data	(a) Performance of a contract with you (b) Necessary for our or third parties' legitimate interests (to evaluate you or your employer as a supplier/service provider and take steps necessary for entering the contract)
To fulfill contracts and agreed terms with you or your organization, including if you work for our suppliers or service providers, or if you are an authorized user of our services.	(a) Identity (b) Contact (c) Company or Organization data (d) Payment data	(a) Performance of a contract with you (b) Necessary for our or third parties' legitimate interests (to fulfill agreed contractual commitments)
To administer surveys, feedback questionnaires, assessments, and conduct product research.	(a) Identity (b) Contact (c) Profile (d) Usage or (e) Demographic (f) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our or third parties' legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To manage event registrations and attendance, including sending communications related to the events.	(a) Identity (b) Contact	(a) Performance of a contract with you (b) Necessary for our or third parties' legitimate interests (to enable individuals to attend the events and webinars for which they have registered or attend)
To deliver relevant website content and advertisements to you, and to measure or understand the effectiveness of the advertising we serve to you.	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Network and Technical	(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To enable your participation in contests, programs, and promotions.	(a) Identity (b) Contact	(a) Performance of a contract with you (b) Necessary for our or third parties' legitimate interests (to enable individuals to participate in contests, programs, and promotions)
To enhance our websites or services, marketing strategies, customer relationships, and experiences using data analytics and usage data.	(a) Network and Technical (b) Usage	(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website and Services updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about services that may be of interest, including personalized advertising and content. This involves marketing our services and tailoring our marketing activities to your or your organization's interests.	(a) Identity (b) Contact (c) Network and Technical (d) Usage (e) Profile	(a) Necessary for our legitimate interests (to develop our Services and to grow our business) (b) On the basis of your Consent
To provide you and/or your employer/organization, where applicable, with support related to our services, including training, competence records, and certificates.	(a) Identity (b) Contact (c) Network and Technical (d) Usage (e) Performance records	(a) Necessary for our legitimate interest (in providing value-add services to our customers) (b) Necessary to perform our contract with your employer or with you.
To provide you and/or your employer/organization, where applicable, with user and customer support to diagnose and resolve problems with our services, along with other customer care and support activities.	(a) Identity (b) Contact (c) Network and Technical (d) Usage (e) Performance records	(a) Necessary to perform a contract with you (e.g., any end user Terms of Use relating to one of our applications) (b) Necessary for our legitimate interest (in providing customer support to our customers)
To administer your account and/or the services we provide to your employer/organization, where applicable.	(a) Identity (b) Contact (c) Network and Technical (d) Usage (e) Performance records	(a) Necessary to perform a contract with you (e.g., any end user Terms of Use relating to one of our applications) (b) Necessary for our legitimate interest (in making accounts available to our customers)
To assess your skills, qualifications, and suitability for any job you apply for with us, to communicate with you during the recruitment process, and to maintain records of our hiring process. Please note that this Privacy Policy only governs how we handle your information during the recruitment period and ceases to apply once you become an employee (if successful). This Privacy Policy does not apply to StormGeo employees in the context of their employment.	(a) Identity (b) Contact (c) Academic and professional skills (d) Employment history (e) Title (f) Date of birth (g) Any other information you choose to provide to us in connection with your job application	(a) Necessary for our legitimate interests (in contacting you for potential job interviews and deciding whether to hire you)
To register and host you and other visitors at our premises.	(a) Identity (b) Contact	Necessary for our legitimate interests (to ensure security, health, and safety of our staff and visitors, as well as to protect confidential information)
To conduct due diligence reviews and complete tasks necessary for accounting and auditing purposes.	(a) Identity (b) Contact (c) Payment (d) Transaction (e) Usage (f) Network and Technical	(a) Necessary to comply with our legal obligations, for example in relation to the requirements of tax authorities and regulatory reporting requirements. (b) Necessary for our legitimate interests (to ensure that our practices are aligned with standards and good practices)
To pseudonymize and aggregate data sets for use in statistical and analytics purposes.	(a) Identity (b) Contact (c) Network and Technical (d) Usage (e) Demographic data	(a) Necessary for our or third parties' legitimate interests (to enable us to rely on statistical and analytics data to make informed business decision)
To administer and protect our business and websites, including activities such as troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting.	(a) Identity (b) Contact (c) Network and Technical	(a) Necessary to comply with our legal obligations in respect of data security, for example within applicable data protection laws. (b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
To promote security and prevent abuse of our websites and services, ensuring a high level of security across all services and websites and preventing fraud and misuse.	(a) Identity (b) Contact (c) Usage (d) Financial (e) Transaction (f) Network and Technical	(a) Necessary to comply with our legal obligations in respect of data security, for example within applicable data protection laws. (b) Necessary for our or third parties' legitimate interests (to achieve a high level of security, prevent abuse and fraud in use of Services and Website, and protect our rights and rights of third parties)
To process your personal information as necessary for the establishment, exercise, or defense of legal claims or rights, whether in court proceedings or in administrative or out-of-court procedures.	(a) Identity (b) Contact (c) Payment (d) Transaction (e) Usage (f) Network and Technical	(a) Necessary to comply with a legal obligation (for example to comply with requests or orders from courts as applicable) (b) Necessary for our or third parties' legitimate interests (for the purpose of establishing, exercising, and defending legal claims and/or right)
To comply with all applicable legal obligations and regulations, including processing personal information to fulfill statutory requirements such as accounting laws, tax laws, data protection laws, and others.	(a) Identity (b) Contact (c) Payment (d) Transaction (e) Usage (f) Network and Technical	(a) Necessary to comply with applicable legal obligations (e.g. accounting, tax, data protection)

Purpose

Type of Personal Information

Legal Basis

To register you as a new customer, user of our services, or to register your business as a supplier to us.

(a) Identity

(b) Contact

(d) Profile

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to manage and assert the identity of our Website and Services users)

To process and deliver your order, which includes managing payments, fees, and charges, as well as collecting and recovering debts owed to us.

(a) Identity

(b) Contact

(d) Transaction

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To inform you about changes to our terms or Privacy Policy.

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and ensure that individuals are informed about the latest versions of documents)

To manage our relationship with you, including communication in response to your interactions with us, such as when you complete a contact form, request user support, or reach out to us through other means.

(a) Identity

(b) Contact

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

To evaluate you or your employer as a potential supplier or service provider and take necessary steps to enter into a contract with you or your employer.

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary for our or third parties' legitimate interests (to evaluate you or your employer as a supplier/service provider and take steps necessary for entering the contract)

To fulfill contracts and agreed terms with you or your organization, including if you work for our suppliers or service providers, or if you are an authorized user of our services.

(a) Identity

(b) Contact

(d) Payment data

(a) Performance of a contract with you

(b) Necessary for our or third parties' legitimate interests (to fulfill agreed contractual commitments)

To administer surveys, feedback questionnaires, assessments, and conduct product research.

(a) Identity

(b) Contact

(d) Usage or

(e) Demographic

(f) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our or third parties' legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To manage event registrations and attendance, including sending communications related to the events.

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary for our or third parties' legitimate interests (to enable individuals to attend the events and webinars for which they have registered or attend)

To deliver relevant website content and advertisements to you, and to measure or understand the effectiveness of the advertising we serve to you.

(a) Identity

(b) Contact

(d) Usage

(e) Marketing and Communications

(f) Network and Technical

(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To enable your participation in contests, programs, and promotions.

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary for our or third parties' legitimate interests (to enable individuals to participate in contests, programs, and promotions)

To enhance our websites or services, marketing strategies, customer relationships, and experiences using data analytics and usage data.

(a) Network and Technical

(b) Usage

(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Website and Services updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about services that may be of interest, including personalized advertising and content. This involves marketing our services and tailoring our marketing activities to your or your organization's interests.

(a) Identity

(b) Contact

(d) Usage

(e) Profile

(a) Necessary for our legitimate interests (to develop our Services and to grow our business)

(b) On the basis of your Consent

To provide you and/or your employer/organization, where applicable, with support related to our services, including training, competence records, and certificates.

(a) Identity

(b) Contact

(d) Usage

(e) Performance records

(a) Necessary for our legitimate interest (in providing value-add services to our customers)

(b) Necessary to perform our contract with your employer or with you.

To provide you and/or your employer/organization, where applicable, with user and customer support to diagnose and resolve problems with our services, along with other customer care and support activities.

(a) Identity

(b) Contact

(d) Usage

(e) Performance records

(a) Necessary to perform a contract with you (e.g., any end user Terms of Use relating to one of our applications)

(b) Necessary for our legitimate interest (in providing customer support to our customers)

To administer your account and/or the services we provide to your employer/organization, where applicable.

(a) Identity

(b) Contact

(d) Usage

(e) Performance records

(a) Necessary to perform a contract with you (e.g., any end user Terms of Use relating to one of our applications)

(b) Necessary for our legitimate interest (in making accounts available to our customers)

To assess your skills, qualifications, and suitability for any job you apply for with us, to communicate with you during the recruitment process, and to maintain records of our hiring process.

Please note that this Privacy Policy only governs how we handle your information during the recruitment period and ceases to apply once you become an employee (if successful).

This Privacy Policy does not apply to StormGeo employees in the context of their employment.

(a) Identity

(b) Contact

(d) Employment history

(e) Title

(f) Date of birth

(g) Any other information you choose to provide to us in connection with your job application

(a) Necessary for our legitimate interests (in contacting you for potential job interviews and deciding whether to hire you)

To register and host you and other visitors at our premises.

(a) Identity

(b) Contact

Necessary for our legitimate interests (to ensure security, health, and safety of our staff and visitors, as well as to protect confidential information)

To conduct due diligence reviews and complete tasks necessary for accounting and auditing purposes.

(a) Identity

(b) Contact

(d) Transaction

(e) Usage

(f) Network and Technical

(a) Necessary to comply with our legal obligations, for example in relation to the requirements of tax authorities and regulatory reporting requirements.

(b) Necessary for our legitimate interests (to ensure that our practices are aligned with standards and good practices)

To pseudonymize and aggregate data sets for use in statistical and analytics purposes.

(a) Identity

(b) Contact

(d) Usage

(e) Demographic data

(a) Necessary for our or third parties' legitimate interests (to enable us to rely on statistical and analytics data to make informed business decision)

To administer and protect our business and websites, including activities such as troubleshooting, data analysis, testing, system maintenance, support, reporting, and data hosting.

(a) Identity

(b) Contact

(a) Necessary to comply with our legal obligations in respect of data security, for example within applicable data protection laws.

(b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)

To promote security and prevent abuse of our websites and services, ensuring a high level of security across all services and websites and preventing fraud and misuse.

(a) Identity

(b) Contact

(d) Financial

(e) Transaction

(f) Network and Technical

(a) Necessary to comply with our legal obligations in respect of data security, for example within applicable data protection laws.

(b) Necessary for our or third parties' legitimate interests (to achieve a high level of security, prevent abuse and fraud in use of Services and Website, and protect our rights and rights of third parties)

To process your personal information as necessary for the establishment, exercise, or defense of legal claims or rights, whether in court proceedings or in administrative or out-of-court procedures.

(a) Identity

(b) Contact

(d) Transaction

(e) Usage

(f) Network and Technical

(a) Necessary to comply with a legal obligation (for example to comply with requests or orders from courts as applicable)

(b) Necessary for our or third parties' legitimate interests (for the purpose of establishing, exercising, and defending legal claims and/or right)

To comply with all applicable legal obligations and regulations, including processing personal information to fulfill statutory requirements such as accounting laws, tax laws, data protection laws, and others.

(a) Identity

(b) Contact

(d) Transaction

(e) Usage

(f) Network and Technical

(a) Necessary to comply with applicable legal obligations (e.g. accounting, tax, data protection)

We generally do not use consent as a legal basis for processing your personal information, except as specified in the above table. In jurisdictions outside the European Economic Area, we may rely on consent as a lawful basis for processing personal information, even if not listed as such in the table. For more details about processing based on consent in your jurisdiction, please refer to the contact information provided in the sections on 'How to Contact Us' and 'Additional Information'.

Regardless of the legal basis for marketing, you can opt out of receiving marketing communications at any time by emailing [email protected] or by using the unsubscribe options in our emails or on our websites. If you give consent for additional uses of your personal information, we will process your information in accordance with that consent.

Additionally, your employer may obtain consents from you for their purposes as a data controller.

Please be aware that if processing your personal information is necessary to enter into a contract with you, and you do not provide the required information, we may be unable to form or execute the contract.

If you have subscribed to the Services as a controller on an individual basis, we collect, use, and share your personal information on your behalf for the stated purposes, acting as the processor of your personal information.

We will not sell your personal information or share it with third parties for the purpose of advertising or marketing their products or services.

3.1 Automated Decision-Making and Profiling

At StormGeo, we may use automated decision-making processes and profiling to enhance our service offerings and decision-making processes. Here's what you need to know about these practices:

What is Automated Decision-Making? Automated decision-making refers to a decision made solely based on automated processing (including profiling) without human involvement. Our use of such technology may include analyzing personal data to make business decisions without manual review, for example, in credit scoring or employee performance evaluations.
What is Profiling? Profiling involves any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Purpose and Legal Basis: We engage in profiling and automated decision-making to fulfill contracts with our clients, comply with legal obligations, and pursue legitimate interests, such as improving our services and offerings, enhancing user experience, and for effective business management and planning. These activities are carried out under the legal bases of contractual necessity, compliance with legal obligations, and legitimate interests.
Consequences of Processing: The automated decisions might categorize individuals into groups with similar attributes and preferences. Such processes help tailor specific content, advice, and advertisements to your personal preferences and needs, which can significantly enhance your experience and the personalization of our services.
Safeguards: We understand the importance of accuracy and fairness in automated decisions. As such, you have the right to:
- Obtain human intervention in the decision-making process.
- Express your point of view.

Obtain an explanation of the decision and challenge it.
Right to Object: You have the right to object to profiling and automated decision-making that produces legal or similarly significant effects on you. If you wish to exercise this right, please contact us using the details provided in the "How to Contact Us" section of this policy.

We are committed to ensuring that our automated processes are transparent and fair. We regularly review our systems to ensure compliance with applicable data protection standards and to safeguard your rights and freedoms with respect to automated decision-making and profiling.

4. How We Share Information

We do not share your personal information except as outlined in this Privacy Statement or other applicable privacy notices. Here is how we may share your information:

With members of the StormGeo Group of Companies and its affiliates and subsidiaries to fulfill the purposes stated in this Privacy Statement.
With service providers, including suppliers, consultants, and professional advisers, who act on our behalf to carry out the processing purposes specified in this privacy statement.
With customers, when we act as a service provider processing personal information on their behalf.
With third parties whose products and services are integrated into our websites and services to provide necessary functionalities.
With third-party websites and social media networks when you directly engage with them, enabling StormGeo to advertise on these platforms.
With third parties involved in significant business transactions such as mergers or reorganizations.
With third parties when necessary to protect the vital interests of individuals.
With law enforcement and public authorities when legally required or when responding to legal processes in good faith.
With other third parties upon receiving your explicit consent. We will provide a category and a brief description of activities carried out by these third parties when seeking your consent.
With other third parties as allowed by applicable laws and regulations, including tax and data protection authorities.

We employ third-party service providers for various business functions such as order fulfillment, website management, event management, IT infrastructure, customer service, and email delivery. These providers are contractually obligated to follow our instructions for processing your personal information and to adhere to strict data retention and security measures. They are not permitted to use this information for their own purposes.

4.1 External Data Processors

We partner with external service providers to handle specific tasks and functions. Below is a list of these processors detailing their roles and the nature of the data they process on our behalf.

Processor Name	Service Provided	Data Processed	Purpose of Processing
AWS (Amazon Web Services)	Cloud Hosting Services	Customer data: names, contact details	To host and manage our data securely.
Salesforce	CRM System	Customer interaction data, contact details	To manage customer relationships and support services.
Google Analytics	Analytics Services	Usage data: IP addresses, user behavior metrics	To analyze website traffic and user interactions.

5. International Transfers of Your Personal Information

StormGeo operates globally, necessitating the transfer, disclosure, storage, or processing of your personal information in countries other than your own, which may have differing privacy and data protection laws. For example, your personal information may be stored in a secure cloud-based repository. We ensure that any transfer of your personal information adheres to this Privacy Statement and complies with applicable legal requirements, including those for transfers outside the country where the information was originally collected.

For transfers of personal information outside the European Economic Area (EEA), we rely on the European Commission's 2021 Standard Contractual Clauses or other relevant data transfer mechanisms. We also transfer personal information to countries that the European Commission has deemed to have an adequate level of data protection. The list of these countries is available through official resources. Additionally, for data transferred from the United Kingdom and Switzerland, we adhere to local laws such as the International Data Transfer Addendum to the EU Standard Contractual Clauses.

Within our group of companies, we use an intra-group agreement based on the European Commission's 2021 Standard Contractual Clauses, adapted as necessary to comply with local laws. This agreement is part of our commitment to implement appropriate data processing agreements and safeguards with third parties where relevant.

If you require a copy of the safeguards used for transferring personal information outside of your jurisdiction, please contact us at [email protected].

6. Retention of Your Personal Information

In instances where we act as the controller of your personal information, we retain it only as long as necessary to fulfill the purposes outlined in this statement. Once these purposes are fulfilled or the retention period expires, whichever occurs first, we will either delete your personal information using a method that ensures it cannot be recovered or retrieved, or we will anonymize it by removing identifiable data categories.

If we process your personal information based on your consent, we will cease processing once you withdraw consent or the purpose of processing is fulfilled, whichever happens first. It's important to note that withdrawing consent does not affect the lawfulness of processing based on consent prior to its withdrawal. In some instances, technical reasons may prevent the deletion of your personal information from our systems and backups. In such cases, we will implement measures to prevent further use of this information.

Please be aware that in certain situations, we are required to retain your personal information for extended periods to comply with legal and regulatory obligations, such as those related to tax and accounting. Additionally, we may retain your information for longer durations to maintain an accurate record of your interactions with us in case of complaints or challenges, or if we believe there is a potential for litigation involving your personal information or dealings.

7. Personal Information Integrity and Security

We prioritize the privacy, protection, and security of the personal information in our control or possession. We implement reasonable technical, contractual, organizational, and physical safeguards to ensure the security of your personal information. Our commitment to maintaining high standards of security is demonstrated by our ISO 9001 certification for quality management and ISO 27001 certification for Information Security Management Systems for some services. Our practices undergo annual audits conducted by both internal and external auditors to ensure compliance and effectiveness of our security measures.

8. Your Rights

Under the General Data Protection Regulation (GDPR) and similar regulations, you possess several rights regarding the processing of your personal information. These rights are subject to certain conditions and exemptions that may depend on the specific processing activity:

Right of Access: You have the right to confirm whether we hold personal information about you and to request copies of such information.
Right to Rectification: If your personal information is inaccurate or incomplete, you have the right to have it corrected.
Right to Erasure (Right to be Forgotten): You may ask us to delete your personal information when it is no longer necessary for the purposes it was collected or if you withdraw your consent (where consent is the basis of processing) and no other legal basis for processing exists.
Right to Restriction of Processing: You can request that we temporarily halt the processing of your personal information under specific circumstances, such as when you contest the accuracy of the data or the lawfulness of the processing.
Right to Data Portability: You have the right to receive your personal information, which you have provided to us, in a structured, commonly used, and machine-readable format, and you may have the right to transmit that data to another controller without hindrance from us.
Right to Object: You can object to the processing of your personal information based on our legitimate interests at any time. We must cease processing your personal information unless we demonstrate compelling, legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Right to Withdraw Consent: If we are processing your data based on your consent, you can withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
Direct Marketing Opt-Out: You can request at any time that we stop processing your personal information for direct marketing purposes.
Right to Safeguards on Data Transfers: You have the right to be informed of the appropriate safeguards we have in place for transferring your personal information outside of your jurisdiction, particularly in the context of international data transfers.
Right to not be subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to Lodge a Complaint: If you are dissatisfied with how we handle your personal information, you have the right to lodge a complaint with the competent supervisory authority or regulator.

We may request additional information to verify your identity for security purposes before responding to your requests regarding personal information.

Please note that the rights listed are not exhaustive. Additional rights may apply under local laws. Check the "Additional Information" sections for your jurisdiction for further details. The exercise of these rights may be subject to limitations under local law.

For instructions on how to exercise these rights or for more information on our privacy practices, please refer to the "How to Contact Us" section of this document.

A - Lodging Complaints with a Supervisory Authority.

Under the General Data Protection Regulation (GDPR) and applicable Norwegian data protection laws, you have the right to lodge a complaint with Datatilsynet, the supervisory authority in Norway, if you believe that the processing of your personal data infringes on these laws.

B - How to Lodge a Complaint:

Identify the Supervisory Authority: In Norway, Datatilsynet is responsible for addressing complaints related to violations of the GDPR and local data protection laws.
- Website: Datatilsynet
- Email: [email protected]
- Postal Address: Datatilsynet, P.O. Box 458 Sentrum, 0105 Oslo, Norway
For Residents in Other Countries: You should contact the data protection authority in the country where you reside or where the alleged infringement occurred. Contact details for EU national data protection authorities can be found on the European Data Protection Board's website.
Process: You can file complaints directly via email, postal mail, or through the online form provided on Datatilsynet’s website. Provide detailed information about your concerns, such as the specific personal data involved and how you believe your data protection rights have been violated.
Assistance from Us: If you need assistance with identifying details for your complaint or understanding the process further, please contact us via the details in the "How to Contact Us" section of this Privacy Policy.<

C - What to Expect:

Once a complaint is lodged, the supervisory authority will investigate the matter. The investigation process may vary by authority but generally includes an assessment of the complaint and a determination of whether there has been a breach of data protection laws. You will be kept informed of the progress and outcome of the complaint.

D - Further Legal Recourse:

If you are not satisfied with the outcome of your complaint, you may have legal recourse. This can include seeking redress through the courts. We recommend seeking legal advice if considering this step.

9. Links to Other Websites

Our websites may include links to other websites and social media services such as LinkedIn, Facebook, and Twitter, as well as features provided by third parties. If you are already using these platforms, their cookies might be set on your device when you use our websites, and they may possess information about you, which could be combined with information gathered through our websites. These features might allow for integration with or access to your social media accounts.

We do not control these external websites or social media services, nor do we manage your profiles on these services, modify your privacy settings, or set rules about how your personal information will be handled on these platforms. The control over these aspects lies with you and the social media service providers.

These websites and social media services operate independently of StormGeo and do not adhere to the same privacy practices. We are not liable for their processing of your personal information. We encourage you to review their privacy policies and notices to understand their data handling practices before engaging with any features provided on our websites.

10. How to Contact Us

You have several options to contact us regarding your personal information:

Opting out of Marketing Communications: If you wish to stop receiving marketing communications from us click on the "unsubscribe" or "Manage Preferences" link in any marketing email we send, or contact us directly at [email protected].

Exercising Your Rights: To exercise your rights specific to your jurisdiction, you can email us at [email protected] or write to us at the address provided below.

General Inquiries or Complaints: If you have questions about this Privacy Statement or our privacy practices, or if you wish to complain about how we handle your personal information, you can reach out to our Data Protection Manager. Contact details are as follows:

- Postal Address:
StormGeo AS
Attention: DPO
Universitetsgata 8
0164 Oslo
Norway

- Email:
[email protected]

These contact methods are available for your convenience and ensure that we address your concerns or queries about your personal information promptly and effectively.

11. Updates to the Global Privacy Statement

We periodically update this Privacy Statement to reflect changes in our privacy practices. All updates will be published on this website, and the "last updated" date at the top of the statement will be revised accordingly. We encourage you to review this Privacy Statement regularly to remain informed about how StormGeo is processing and protecting your personal information.